Re: Proposal: Signatures in SRI.

On 10 June 2017 at 06:04, Jeffrey Yasskin <> wrote:
> I'm certainly not a cryptography expert, but I read in
>, "Note that single-pass
> verification is not possible with most uses of signatures, no matter
> which signature algorithm is chosen.  This is because most of the
> time, one can't process the message until the signature is validated,
> which needs a pass on the entire message."

The draft I cited includes a method for signing partial messages.  The
trade-off is that it's trivially vulnerable to truncation attacks,
much in the same way that HTTP responses over TLS can be cut off.

So both things are true.  Generally, you want a signature over a thing
to be completely verified before you use it in *any* way, so what RFC
8032 says is entirely appropriate.

Received on Saturday, 10 June 2017 14:48:30 UTC