[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
"do hash" unnecessary?
At the IETF meeting today there was some discussion of a way to eliminate
the "do hash" operator, which is defined in section 6.2 of the structure
spec. The purpose of "do hash" is to tell the verifier to save a hash
of the previous object in the sequence, typically a cert or pubkey,
so that the object can be referred to by hash later in the sequence.
I wonder if this is really necessary. How hard would it be for the
verifier to hash everything it sees in the sequence? How long are
sequences likely to be? I wouldn't think they will be that long, at
least not for the kinds of applications people have talked about. So
the load on the verifier to hash everything and save the hash would
not seem excessive.
Also, wouldn't it be the case that _most_ keys and certs in the sequence
need to be hashed anyway? The fact that they are present almost guarantees
that they are referred to in other objects, generally by hash. So it
would seem that in practice there will be a "do hash" directive after
almost all keys and certs, making it largely redundant.