Thanks for the proposal. You've obviously spent some time writing it up.
However, I'm not entirely sold on the idea being worth the effort. The
point of the currently-supported approach is that one can and should
communicate checksums by a different (and hopefully more reliable) means
than what's used for the checksummed data. That advantage is lost if
checksums are communicated as part of the data. The proposed passphrases
attempt to work around this, but if they're evanescent (as in the
proposal) then they're unsuitable for archival data, and if they're
permanent they take on the role of the checksums so we're no better off
than before.
