Daniel Kahn Gillmor <d...@fifthhorseman.net> writes: > When i make cryptographic signatures, i consider it important that those > signatures can be successfully interpreted in a context-independent > manner. That is, if the same signature was presented in a new place, it > should not change its interpretation. The data being signed needs to > contain its own context explicitly and unambiguously. For example, i > would not sign an e-mail if the entire body was: "Yes, I think this is a > good idea." because the message could be trivially replayed in some > other e-mail conversation to imply my agreement with an idea that i > might not actually agree to.
Just as a data point, whenever I tag a Git repository corresponding to a package upload to Debian, I include the entire *.changes file as the body of the signed tag message. I picked up this habit from Sam Hartman, and I'm quite fond of it. Not only does it achieve that context independence that you refer to, it also ties the repository tag together with the checksums of the exact packages that I built and uploaded to Debian based on that repository state. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
