I have updated the latest Widget Signature editors draft section 4 (locating and processing digital signatures) to no longer require the first signature to be processed.

http://dev.w3.org/2006/waf/widgets-digsig/#locating-signatures

The language is now (numbering ok in draft):

Process the digital signatures in the signatures list in descending order, with distributor signatures first.

The decision of which (if any) distributor signatures are to be validated and whether the author signature is validated is out of scope of this specification. This may be determined by the Security Policy used by the user agent.

The ordering by widget file name can be used to allow consistent processing and possible optimization.

Every signature that is validated MUST be validated according to Signature Validation defined in this specification.
Please indicate any comment or correction.

The latest draft also changes all usage of "widget user agent" to "user agent".

regards, Frederick

Frederick Hirsch
Nokia


On Mar 16, 2009, at 4:46 PM, ext Priestley, Mark, VF-Group wrote:

[mp] My view is that whether zero, one or more signatures is processed
is up to the widget user agents security policy therefore we don't need
to say anything about which signatures (if any) must be processed. The
purpose of sorting the distributor signatures into ascending order is to
allow some optimisation of signature processing under certain
conditions. Maybe good to further clarify - I can try and come up with
something if you'd like (and of course if you agree)?





Reply via email to