On Sun, 26 Jan 2003, James Mastros wrote: > just define a new packfile section, SIGNATURE, that is defined to be a > cryptographic signature of all sections previous to it in the file.
I'm battling with this in another file format at the moment; if possible can we please *not* have it sensitive to its own location in the file? For example, an auto-dearchive zip-file has its index at the end of the file, so that the code can go at the front. It would be nice if the whole archive could be signed, rather than just the dearchiving code. My suggestion: make the signature define which other parts of the file it applies to, say with a list of region boundaries as byte addresses in the file; that way signature manipulation remains fairly simple, and it's not too hard to check that a given section is spanned by a signature. And you could have multiple signatures applying to different parts of the file (one to the zip archive, another to the unarchiver). And how is this going to interact with "-T" or whatever we're going to use? Under my suggested scheme, the data would be untainted if it's covered by a verified signature, and tainted if not. -Martin
