Since it's the signature (not a key), this is only vulnerable to freeze/rewind attacks. i.e. Only matching file/signature pairs can be replaced on the wire. It's not possible to replace the contents arbitrarily.
Since it's the signature (not a key), this is only vulnerable to freeze/rewind attacks. i.e. Only matching file/signature pairs can be replaced on the wire. It's not possible to replace the contents arbitrarily.