DarkArc
commented
5 months ago Provided I'm understanding correctly, I suspect it would be sufficient to include the signature following the IFC table of contents.
This is the strategy employed by JWTs and it's (or rather would be) trivially ignoble by implementations/tools that don't check/write signatures as they simply wouldn't care about the extra bytes (e.g., https://jwt.io/introduction).
It is possible that we may want to embed sign IFCs rather than catalog sign. This way the digital signature is carried directly in the IFC. We may need to adjust the IFC format to support this.
This requires investigation on the hard requirements on embedded signing.