Determining valid and proper byte ranges, regarding checksums and possibly other unsigned (VIDA) records.

[named-dodo]

When signing a VIDA record, the easiest byte range would include the entire file except for the signature itself.
However, there are cases where this leads to issues.

For example, the PNG file format has a CRC32 checksum at the end of each segment.
This includes the VIDA segment, meaning that after signing, you either have an invalid checksum or update the checksum and invalidate the signature.
To combat this, you need to exclude the checksum from the digest that the VIDA record uses.

There are multiple reasons why a certain part of the file should be excluded from the digest:

• Checksums which change from inserting the signature.
• Other VIDA records that rely on the current record. (and thus change the moment you sign this one)
• Other security mechanisms that don't allow VIDA records to be added afterwards. (which thus requires VIDA to be added first)
• Volatile data segments? (if any, i don't know if this even exists.)

This data will need to be constructed for each file format we support.
Additionally, we need to figure out how to report to end users if something is wrong with any of this.