>From Steven Hazel <sah at thalassocracy.org> >I'm pretty sure that right now the CHK hash is generated based on the >entire payload. So long as we're doing that, it doesn't make any >sense whatsoever to generate the encryption key based on just the data >part. > >But you have a point that it would be nice to have *both* the hash and >the encryption key generated based only on the data part, and that the >only thing this messes up is control documents, since they put their >data in the metadata part.
It's also a problem that if you insert a file with incorrect metadata (a wrong content-type or something) if you or anyone else attempts to insert the correct version, it will collide with the older one, until somebody alters the data so as to have a different hash. That seems like it would be a big hassle, and it could also be used to at least inconvenience people attempting to insert a specific file. -- Benjamin Coates _______________________________________________ Devl mailing list Devl at freenetproject.org http://lists.freenetproject.org/mailman/listinfo/devl
