The verification process of digital signatures for file sets using the Digital Signature Catalog (DSC) has some disadvantages:

• • Only filesets that already have an entry in the DSC can be checked. For new filesets, new versions (updates) of filesets, and especially custom filesets, the DSC must be updated before installation, or Trusted Installation must be temporarily deactivated.
  • The fileset bos.dsc containing the DSC cannot be checked using the same procedure because the DSC of an older version of bos.dsc cannot contain an entry for a newer version created in the future.
  • A separate independent method is implemented for the fileset bos.dsc.
  • The DSC approach doesn’t trust one or more certificates, for which any file sets signed with these certificates can then be installed. Instead, it only trusts file sets or file set versions that have an entry in the DSC.
  • It is therefore not possible to trust a manufacturer’s certificate and allow the installation of filesets that can be verified with this certificate.

Note: In our opinion, the points mentioned are disadvantages.

These disadvantages are overcome with the new procedure, which allows a Digital Signature Block (DSB) in each fileset. The new procedure is described in the following chapters.