Benjamin Coates <coates at windmail.net> writes: > >From Steven Hazel <sah at thalassocracy.org> > > >I'm pretty sure that right now the CHK hash is generated based on the > >entire payload. So long as we're doing that, it doesn't make any > >sense whatsoever to generate the encryption key based on just the data > >part. > > > >But you have a point that it would be nice to have *both* the hash and > >the encryption key generated based only on the data part, and that the > >only thing this messes up is control documents, since they put their > >data in the metadata part. > > It's also a problem that if you insert a file with incorrect > metadata (a wrong content-type or something) if you or anyone else > attempts to insert the correct version, it will collide with the > older one, until somebody alters the data so as to have a different > hash. That seems like it would be a big hassle, and it could also > be used to at least inconvenience people attempting to insert a > specific file.
You have a very good point. -S _______________________________________________ Devl mailing list Devl at freenetproject.org http://lists.freenetproject.org/mailman/listinfo/devl
