> On Jul 29, 2018, at 2:03 PM, Evan Hunt <e...@isc.org> wrote: > > On Sun, Jul 29, 2018 at 10:55:31AM +0200, Ondřej Surý wrote: >> You need to know the hash is valid before you start the download. >> Therefore the hash has to be signed. > > Before you *start* the download? Or before you use what you downloaded?
I may be wrong, but I think Ondrej may have been referencing the idea of using BitTorrent where you request the data by its hash value... DW
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop