By verifying the previousCommit and when applying a Commit, we can check that the signer was looking at the same state as before. But we don't know if the new state matches correctly. What if the Commit was wrongly applied? We could introduce a checksum, or stateHash, which contrary to the signature does not hash the Commit but hashes the Resource.
I'm not entirely sure if this is worth the hassle, though. It does make it less likely to expose issues if a client and server have disagreement on how a Commit should be applied.
By verifying the
previousCommitand when applying a Commit, we can check that the signer was looking at the same state as before. But we don't know if the new state matches correctly. What if the Commit was wrongly applied? We could introduce achecksum, orstateHash, which contrary to the signature does not hash the Commit but hashes the Resource.I'm not entirely sure if this is worth the hassle, though. It does make it less likely to expose issues if a client and server have disagreement on how a Commit should be applied.