[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [office] RE: Directories in Zip packages
Rob asked: >But what about A/B/D/ ? It contains only the empty subdirectory A/B/C/E/. >So it is not empty, but it only contains empty things. So is it signed? No, unless the presence of emtpy directories has some impact on the content or appearance of the document. The principle is "What You See Is What You Sign". So if changing or removing the directory makes no difference in what is seen, it doesn't matter if you sign it. The container for the files should really be an independent thing, and what we're signing are the files themselves. That's for document signing. If we're trying to sign something to ensure that it hasn't been tampered with, then we'd just sign the whole archive as a blob, and the signature would then be external to the archive - could be that both of them are stored in another archive. I think there's less customer need for this mode, and when we get back to encryption, we can provide for this.