diff --git a/lib/base.js b/lib/base.js
index 0ea802d..1fa6c40 100644
--- a/lib/base.js
+++ b/lib/base.js
@@ -109,7 +109,7 @@
 
   Verifier = (function() {
     function Verifier(_arg, sig_eng, base) {
-      this.armored = _arg.armored, this.id = _arg.id, this.short_id = _arg.short_id, this.skip_ids = _arg.skip_ids, this.make_ids = _arg.make_ids, this.strict = _arg.strict, this.now = _arg.now, this.critical_clock_skew_secs = _arg.critical_clock_skew_secs, this.skip_clock_skew_check = _arg.skip_clock_skew_check, this.inner = _arg.inner, this.outer = _arg.outer, this.expansions = _arg.expansions, this.assert_pgp_hash = _arg.assert_pgp_hash;
+      this.armored = _arg.armored, this.id = _arg.id, this.short_id = _arg.short_id, this.skip_ids = _arg.skip_ids, this.make_ids = _arg.make_ids, this.strict = _arg.strict, this.now = _arg.now, this.critical_clock_skew_secs = _arg.critical_clock_skew_secs, this.skip_clock_skew_check = _arg.skip_clock_skew_check, this.inner = _arg.inner, this.outer = _arg.outer, this.expansions = _arg.expansions, this.assert_pgp_hash = _arg.assert_pgp_hash, this.strict_packet_hash = _arg.strict_packet_hash;
       this.sig_eng = sig_eng;
       this.base = base;
     }
@@ -479,7 +479,8 @@
             })(),
             lineno: 217
           }), {
-            assert_pgp_hash: _this.assert_pgp_hash
+            assert_pgp_hash: _this.assert_pgp_hash,
+            strict_packet_hash: _this.strict_packet_hash
           });
           __iced_deferrals._fulfill();
         });
diff --git a/src/base.iced b/src/base.iced
index 21fce2b..91aad6d 100644
--- a/src/base.iced
+++ b/src/base.iced
@@ -76,7 +76,7 @@ compare_hash_buf_to_str = (b, s) ->
 
 class Verifier
 
-  constructor : ({@armored, @id, @short_id, @skip_ids, @make_ids, @strict, @now, @critical_clock_skew_secs, @skip_clock_skew_check, @inner, @outer, @expansions, @assert_pgp_hash}, @sig_eng, @base) ->
+  constructor : ({@armored, @id, @short_id, @skip_ids, @make_ids, @strict, @now, @critical_clock_skew_secs, @skip_clock_skew_check, @inner, @outer, @expansions, @assert_pgp_hash, @strict_packet_hash}, @sig_eng, @base) ->
 
   #---------------
 
@@ -215,7 +215,7 @@ class Verifier
 
   _parse_and_process : ({armored}, cb) ->
     err = null
-    await @sig_eng.unbox armored, defer(err, payload, body), { @assert_pgp_hash }
+    await @sig_eng.unbox armored, defer(err, payload, body), { @assert_pgp_hash, @strict_packet_hash }
     if not err? and not @skip_ids
       await @_check_ids body, defer err
     if not err? and @make_ids
@@ -583,7 +583,7 @@ class Base
     out = null
     opts = { version : constants.versions.sig_v2 }
     await @_v_generate opts, esc defer()
-    await @generate_json opts, esc defer s, o, expansions
+    await @generate_json opts, esc(defer(s, o, expansions))
     inner = { str : s, obj : o }
     await @generate_outer { inner }, esc defer outer
     await @sig_eng.box outer, esc(defer({pgp, raw, armored})), { dohash }
diff --git a/test/files/team.iced b/test/files/team.iced
index 8e1bcfc..dce5e36 100644
--- a/test/files/team.iced
+++ b/test/files/team.iced
@@ -15,10 +15,10 @@ test_klass = ({T,arg, klass, keys}, cb) ->
     await KeyManager.generate {}, esc defer arg.kms.signing
     arg.kms.generation = 10
   obj = new klass arg
-  await obj.generate_v2 esc defer out
+  await obj.generate_v2 esc(defer(out)), {dohash:true}
   typ = out.inner.obj.body.type
   obj2 = alloc typ, arg
-  varg = { armored : out.armored, skip_ids : true, make_ids : true, inner : out.inner.str }
+  varg = { armored : out.armored, skip_ids : true, make_ids : true, inner : out.inner.str, strict_packet_hash : true }
   await obj2.verify_v2 varg, esc defer()
   T.waypoint "checked #{typ} #{if keys then 'with' else 'without'} keys"
   cb null
@@ -48,10 +48,10 @@ exports.test_key_section_bad_and_good = (T,cb) ->
 
   verify_from_arg = ({arg}, cb) ->
     obj = new team.RotateKey arg
-    await obj.generate_v2 esc defer out
+    await obj.generate_v2 esc(defer(out)), {dohash:true}
     typ = out.inner.obj.body.type
     obj2 = alloc typ, arg
-    varg = { armored : out.armored, skip_ids : true, make_ids : true, inner : out.inner.str }
+    varg = { armored : out.armored, skip_ids : true, make_ids : true, inner : out.inner.str, strict_packet_hash : true }
     await obj2.verify_v2 varg, defer err
     cb err
   await verify_from_arg { arg }, defer err
@@ -99,10 +99,10 @@ round_trip_with_corrupted_reverse_sig = ({T, corrupt}, cb) ->
     x.reverse_sig = armored
     cb null
 
-  await obj.generate_v2 esc defer out
+  await obj.generate_v2 esc(defer(out)), {dohash:true}
   typ = out.inner.obj.body.type
   obj2 = alloc typ, arg
-  varg = { armored : out.armored, skip_ids : true, make_ids : true, inner : out.inner.str }
+  varg = { armored : out.armored, skip_ids : true, make_ids : true, inner : out.inner.str, strict_packet_hash : true }
   await obj2.verify_v2 varg, defer err
   if corrupt
     T.assert err?, "got an error back"
diff --git a/test/files/wot.iced b/test/files/wot.iced
index 0e400fc..d9e563d 100644
--- a/test/files/wot.iced
+++ b/test/files/wot.iced
@@ -40,14 +40,14 @@ exports.wot_vouch_happy = (T,cb) ->
         "darn rootin tootin"
       ]
   obj = new wot.Vouch me
-  await obj.generate_v2 esc defer out
+  await obj.generate_v2 esc(defer(out)), {dohash:true}
   hsh = out.inner.obj.body.wot_vouch
   T.assert hsh?, "hash was there"
   T.equal hsh.length, 64, "64-byte hex string"
   T.assert out.expansions[hsh]?.obj?, "expansion was there"
 
   verifier = alloc out.inner.obj.body.type, me
-  varg = { armored : out.armored, skip_ids : true, make_ids : true, inner : out.inner.str, expansions : out.expansions}
+  varg = { armored : out.armored, skip_ids : true, make_ids : true, inner : out.inner.str, expansions : out.expansions, strict_packet_hash:true}
   await verifier.verify_v2 varg, esc defer()
 
   me.wot =
@@ -55,21 +55,21 @@ exports.wot_vouch_happy = (T,cb) ->
       sig_id : new_sig_id()
       reaction : "accept"
   obj = new wot.React me
-  await obj.generate_v2 esc defer out
+  await obj.generate_v2 esc(defer(out)), {dohash:true}
   verifier = alloc out.inner.obj.body.type, me
-  varg = { armored : out.armored, skip_ids : true, make_ids : true, inner : out.inner.str, expansions : out.expansions}
+  varg = { armored : out.armored, skip_ids : true, make_ids : true, inner : out.inner.str, expansions : out.expansions, strict_packet_hash:true}
   await verifier.verify_v2 varg, esc defer()
 
   # try to revoke both with and without a replacement...
   me.revoke = { sig_ids : [ new_sig_id() ]}
   obj = new wot.Vouch me
-  await obj.generate_v2 esc defer out
+  await obj.generate_v2 esc(defer(out)), {dohash:true}
   outer = unpack out.outer
   T.equal outer[4], constants.sig_types_v2.wot.vouch_with_revoke, "revoke picked up"
 
   me.wot = null
   obj = new wot.Vouch me
-  await obj.generate_v2 esc defer out
+  await obj.generate_v2 esc(defer(out)), {dohash:true}
   outer = unpack out.outer
   T.equal outer[4], constants.sig_types_v2.wot.vouch_with_revoke, "revoke picked up"