Hi Frederick,
On 3/17/09 1:01 PM, Frederick Hirsch wrote:
The latest draft includes the revised text from Thomas. Marcos, are you suggesting we add something more? It sounds like what you are saying here, is that it should be a valid widget file. Isn't that part of P&C checking? I'm not sure what it means to check that the paths are "as secure as possible."
You might want to check the following section of the P&C [1] and see if it is usable in dig sigs. Given that the paths in the <reference> elements MUST be zip-relative-paths, the rules for checking the validity of those paths may apply to the Widgets Dig Sig spec.
[1] http://dev.w3.org/2006/waf/widgets/#zip-relative-paths
