I have completed a major round of editorial updates to the Widget
Signature editors draft.
http://dev.w3.org/2006/waf/widgets-digsig/
This is intended to be our public working draft for Monday, so please
review the changes. Thanks to all who commented. This does not include
changes for issues that might require more discussion.
The document date and type (working draft vs editors draft) should be
changed upon final publication.
Changes to note (and please review)
1. Added new section, "Conventions".
Note that I attempted to give examples of the formats rather than
describe the formatting, since the formatting is based on a style
sheet that might change.
2. Added reference for OCSP ( RFC 2560 ) and removed reference for
X509 v3, referring to RFC 5280 instead. Reference RFC 5280 at first
reference of CRL
http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/
0980.html
3. Generally changed "widget archive" to "widget package"
4. Completed changes agreed in
http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/
0969.html
see [1] below
5. Completed changes agreed in
http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/
0970.html
see [2] below
6. Completed changes agreed in
http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/
0972.html
see [3] below
7. Completed changes agreed in
http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/
0973.html
see [4] below
8. Replaced two lower case "must" with "MUST"
9. Removed trust anchor text in 7.3:
"The set of acceptable trust anchors, and policy decisions based on
the signer's identity are established through a security-critical out-
of-band mechanism."
http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/
0982.html
regards, Frederick
Frederick Hirsch
Nokia
[1] added
<p>Numerical order is the order based on the numeric portion of the
signature file name. Thus the highest numbered distributor signature
would be validated first.</p>
to section 4, #6
---
replace
<p>The ordering by
<span>file name</span> can be used to allow consistent
processing and possible
optimization.
in section 4 #6 with
"Ordering of widget signature files by the numeric portion of the file
name can be used to allow consistent processing and possible
optimization."
===
[2]
1. Section 1: "... with XML signatures that each cryptographically
include all of the non-signature ..."
should become (missing "s")
"... with XML signatures that each cryptographically includes all of
the non-signature ..."
2. Unify "case sensitive" phrase. There are now both "case-
sensitive" and "case sensitive" present in the text.
ok, lets go with "case-sensitive" since Websters has that.
a) Replace "root of the archive" with "root of the widget"
"root of the widget package", as you corrected in later email
ok
6. Section 4, item 5: ".. treat this as.." -> what is "this"? I
suggest to change the text to "... treat this widget package as ..."
7. Section 4, item 6: "Validate the signature files in the
signatures list" -> "signatures" looks weird, the cause is <var> vs.
<code> in HTML.
8. Section 5.3.1: "A file entry whose file name that does not match
the" -> "that" should be removed
10. Section 7.2: The time SHOULD reflect the time that signature
generation completes. -> The time SHOULD reflect the time when
signature generation completed.
11. Section 7.3: If present then user agents MUST perform Basic ->
If present, the user agents MUST perform Basic
user agent..
12. Section 9.2.1: The time SHOULD reflect the time that signature
generation completes. -> The time SHOULD reflect the time when
signature generation completed.
====
[3]
<p>These signatures <em class="ct">MUST</em> be sorted numerically
based on the numeric
portion of the name. </p>
to
Within a widget package these signature files MUST be ordered based
on the numeric portion of the signature file name."
====
[4]
"The RECOMMENDED version of the certificate format is X.509 version 3
[X509v3]. Implementations MUST be prepared to accept X.509 v3
certificates [X509v3], [RFC5280]. "
could become
"The RECOMMENDED version of the certificate format is X.509 version 3
as specified in [RFC5280]. Implementations MUST be prepared to accept
X.509 v3 certificates [RFC5280]."
removed X509 v3 reference.
====
