I have updated the Editors Draft of Widgets Digital Signatures with
the revised abstract and the URI for RSA-SHA256.
regards, Frederick
Frederick Hirsch
Nokia
On Dec 17, 2008, at 7:19 PM, Frederick Hirsch wrote:
Suggested changes to widgets signature Abstract:
Change
"Prior to instantiation, a widget user agent can use the digital
signature to verify the authenticity and data integrity of the files
in a widget resource. In the rare case where a widget damages the
end-user's device, the digital signature may provide a user with
legal recourse to prove that a widget resource was signed by a
particular author or publisher."
to
"Prior to instantiation, a widget user agent can use the digital
signature to verify the integrity of the widget resource, and
validate the source of the resource, such as the author or
publisher. This document summarizes how XML Signature and X.509
Certificate technologies may be used for integrity and source
authentication of a widget resource, and notes compliance
requirements on both widget resources and widget user agents."
I would argue that legal issues related to a widget damaging a
device are not central to this specification and need not be
mentioned in the abstract, but that the purpose of the document
should be. (Moreover a signature would only service as one aspect of
a dispute resolution process).
regards, Frederick
Frederick Hirsch
Nokia
