Debating composefs

I am specifically referring to signature checks. There is a school of thought (not related to the composefs work, recently I had to object to a proposal to remove/deprecate kernel signature support for fs-verity) that says it's enough to verify a verity roothash signature in userspace, and then later pass the verity object to the kernel for opening and using. To me this seems like a textbook case of toctou waiting to happen...