I think the current text is clearer since it make clear which
direction to process the list, which would be ambiguous otherwise.
regards, Frederick
Frederick Hirsch
Nokia
On Mar 19, 2009, at 9:40 AM, ext Priestley, Mark, VF-Group wrote:
Hi Frederick,
Small comment. I would change the sentence:
"Process the digital signatures in the signatures list in descending
order, with distributor signatures first."
to
"Process the digital signatures in the signatures list in list order
starting with the first file-entry." or something similar
(They should already be in descending order, with distributor
signatures first, as list has been sorted in previous steps.)
Thanks,
Mark
From: public-webapps-requ...@w3.org [mailto:public-webapps-requ...@w3.org
] On Behalf Of Frederick Hirsch
Sent: 18 March 2009 21:07
To: WebApps WG
Cc: Frederick Hirsch
Subject: [widget-digsig] changed widget signature files processing
rule in section 4
I have updated the latest Widget Signature editors draft section 4
(locating and processing digital signatures) to no longer require
the first signature to be processed.
http://dev.w3.org/2006/waf/widgets-digsig/#locating-signatures
The language is now (numbering ok in draft):
•
Process the digital signatures in the signatures list in descending
order, with distributor signatures first.
The decision of which (if any) distributor signatures are to be
validated and whether the author signature is validated is out
of scope of this specification. This may be determined by the
Security Policy used by the user agent.
The ordering by widget file name can be used to allow consistent
processing and possible optimization.
• Every signature that is validated MUST be validated according to
Signature Validation defined in this specification.
Please indicate any comment or correction.
The latest draft also changes all usage of "widget user agent" to
"user agent".
regards, Frederick
Frederick Hirsch
Nokia
On Mar 16, 2009, at 4:46 PM, ext Priestley, Mark, VF-Group wrote:
[mp] My view is that whether zero, one or more signatures is
processed
is up to the widget user agents security policy therefore we don't
need
to say anything about which signatures (if any) must be processed.
The
purpose of sorting the distributor signatures into ascending order
is to
allow some optimisation of signature processing under certain
conditions. Maybe good to further clarify - I can try and come up
with
something if you'd like (and of course if you agree)?