Re: [Rpm-maint] [rpm-software-management/rpm] RFE: sign the signature header contents too (Issue #2224)

Neal H. Walfield Thu, 05 Dec 2024 02:11:57 -0800

> but the hash algorithm is (or at least can be) specific to each signature.


Yes.  But for a given signature, choose one hash and use that everywhere.  
Otherwise the security is reduced to the minimum of the hash functions that you 
use.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/2224#issuecomment-2519845460
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/issues/2224/2519845...@github.com>

_______________________________________________
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
https://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] RFE: sign the signature header contents too (Issue #2224)

Reply via email to