Signing a file given its hash only

[Chris DeYoung]

>     Artifacts that must be signed are produced on M which is capable of
>     calculating hashes (e.g. SHA-256 hashes). H has the ability to read
>     these hashes but cannot access the artifacts.

How does H know that the hash is valid? H could just sign the hash if it 
trusts what M generates, but it isn't obvious to me how that's more 
secure than just having M sign it.

-C