sections
Additional minor editorial update
regards, Frederick
Frederick Hirsch
Nokia
On Dec 16, 2008, at 5:43 AM, ext Thomas Roessler wrote:
I suggest to remove the editorial note currently present in section
8 of the Editor's Draft.
Instead, add the following to the Security
Frederick Hirsch
Nokia
I have updated the Editors Draft of Widgets Digital Signatures with
the revised abstract and the URI for RSA-SHA256.
regards, Frederick
Frederick Hirsch
Nokia
On Dec 17, 2008, at 7:19 PM, Frederick Hirsch wrote:
Suggested changes to widgets signature Abstract:
Change
Prior
not change the XML Signature
namespace.
regards, Frederick
Frederick Hirsch
Nokia
[1] http://dev.w3.org/2006/waf/widgets-digsig/
to earlier nonce information.
That is all for now, though I may have missed something.
regards, Frederick
Frederick Hirsch
Nokia
[1] http://dev.w3.org/2006/waf/widgets-reqs/
Mark
Some more discussion inline, thanks for taking the time to review.
Do you mind updating the draft with the items we agree?
regards, Frederick
Frederick Hirsch
Nokia
On Jan 7, 2009, at 11:03 AM, ext Priestley, Mark, VF-Group wrote:
Hi Frederick,
Thanks for your comments. As someone
list.
Note that this document is subject to change, based on discussion in
XML Security WG
This should close XML Security WG ACTION-129
Thank you
regards, Frederick
Frederick Hirsch
Nokia
[1] http://www.w3.org/2008/xmlsec/Drafts/xmldsig-properties/Overview.html
using separate
libraries?)
regards, Frederick
Frederick Hirsch
Nokia
[1] http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/0038.html
, and decisions
related to algorithms.
regards, Frederick
Frederick Hirsch
Nokia
[1] http://dev.w3.org/2006/waf/widgets-digsig/
[2] http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/0042.html
[3] http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/0040.html
Begin forwarded message:
From: Frederick Hirsch frederick.hir...@nokia.com
Date: January 16, 2009 12:04:43 PM EST
To: XMLSec WG Public List public-xml...@w3.org
Cc: Frederick Hirsch frederick.hir...@nokia.com
Subject: updated Widgets Signature and properties
I've updated the Widgets
, Frederick
Frederick Hirsch
Nokia
On Jan 19, 2009, at 7:48 AM, ext Marcos Caceres wrote:
Hi Frederick,
I've updated the requirements document wrt the suggestions you have
made.
However, I have not yet included the new requirements as I need to
consider
them a bit more before I do so
additional thoughts on these
requirements.
regards, Frederick
Frederick Hirsch
Nokia
On Feb 4, 2009, at 3:49 PM, ext Thomas Roessler wrote:
On 4 Feb 2009, at 21:45, Arthur Barstow wrote:
* Is supporting OCSP and CRL a MUST for v1?
Just for clarity, there are two possible requirements around
of possible signature usage/role types and/or
signers to be handled, will rules be expressed in terms of usage/role
(e.g. distributor) and what else? The model is not clear to me.
regards, Frederick
Frederick Hirsch
Nokia
On Feb 6, 2009, at 10:51 AM, ext Priestley, Mark, VF-Group wrote:
Hi
1.1 and Properties to be published
as First Public Working Draft very soon, barring any last minute
difficulties.
regards, Frederick
Frederick Hirsch
Nokia
On Feb 17, 2009, at 6:01 AM, ext Priestley, Mark, VF-Group wrote:
Hi Frederick,
Just thought I'd try and help with the generation
since we are discussing this item on the mailing list.
Thanks
regards, Frederick
Frederick Hirsch
Nokia
for signatures to be added or removed and
hence a secure channel for widget delivery might be preferable.
regards, Frederick
Frederick Hirsch
Nokia
On Feb 6, 2009, at 10:51 AM, ext Priestley, Mark, VF-Group wrote:
Hi Marcos,
More responses to your comments below (marked [mp]). Still need
believe that is specific to Widget Signature.
regards, Frederick
Frederick Hirsch
Nokia
On Feb 13, 2009, at 8:26 AM, ext Marcos Caceres wrote:
2009/2/12 Priestley, Mark, VF-Group mark.priest...@vodafone.com:
[mp] As a general comment, I think this is a pretty difficult
problem
Thomas
Thanks for the careful review.
comments inline
regards, Frederick
Frederick Hirsch
Nokia
On Feb 25, 2009, at 7:06 AM, ext Thomas Roessler wrote:
In reviewing the latest draft, a couple of comments.
Widgets 1.0: Digital Signatures
Editor's Draft 23 February 2009
http
this could be conveyed out of band and it
might not always be appropriate to include in every signature.
Thoughts on this one?
regards, Frederick
Frederick Hirsch
Nokia
On Feb 25, 2009, at 9:23 AM, ext Thomas Roessler wrote:
I propose that we add te following text in the beginning of 6.2
and calculate the
reference hashes once, eliminating that overhead if it were a concern.
regards, Frederick
Frederick Hirsch
Nokia
On Feb 27, 2009, at 6:48 AM, ext Marcos Caceres wrote:
Hi Frederick, Mark,
I have a concern wrt the author signature. It seems that both the
author signature
/Public/public-webapps/2009JanMar/0548.html
Remaining to do item is to add additional signature properties
including signature id, expires/timestamp.
regards, Frederick
Frederick Hirsch
Nokia
for ID based references
+ Timestamp and serial number, expiration
As you note the issue of second hash algorithm might be more difficult
and may also depend on XML Signature 1.1 decisions, so that has not
also been addressed.
Thanks
regards, Frederick
Frederick Hirsch
Nokia
On Feb 25, 2009
. signature01.xml to
signature09.xml.
---
Does this make sense?
regards, Frederick
Frederick Hirsch
Nokia
On Mar 5, 2009, at 9:15 AM, ext timeless wrote:
http://dev.w3.org/2006/waf/widgets-digsig/#locating-signatures
4.3
If the signatures list is not empty, sort the list of signatures
I updated the style for code items in the Digital Signature
specification to brown.
Does this work better? It does not conflict with other color uses as
far as I can tell.
Please look at
http://dev.w3.org/2006/waf/widgets-digsig/ (refresh)
regards, Frederick
Frederick Hirsch
Nokia
yes that has been the case ever since I've started working on this.
Perhaps there is a W3C standard stylesheet we should be using. I'm not
sure why the spec defines its own styles
regards, Frederick
Frederick Hirsch
Nokia
On Mar 5, 2009, at 11:45 AM, Kapyaho Jere (Nokia-D-MSW/Tampere
are possible changes related to Thomas's comments re ID
reference language and additional properties.
regards, Frederick
Frederick Hirsch
Nokia
[1] http://dev.w3.org/2006/waf/widgets-digsig/
how about simple italics for code?
I'll also look into reducing body text
regards, Frederick
Frederick Hirsch
Nokia
On Mar 5, 2009, at 11:59 AM, Hirsch Frederick (Nokia-CIC/Boston) wrote:
yes that has been the case ever since I've started working on this.
Perhaps there is a W3C standard
I updated section 4 to correspond to this:
If the signatures list is not empty, sort the list of signatures by
the file name field in ascending numerical order (e.g.signature1.xml
followed by signature2.xml followed by signature3.xml etc).
regards, Frederick
Frederick Hirsch
Nokia
.
January 2008./dd
Unless I hear otherwise by Monday, I will make this change to the
editors draft. If you agree with the change please let me know.
Thanks
regards, Frederick
Frederick Hirsch
Nokia
[1] http://dev.w3.org/2006/waf/widgets-digsig/
On Mar 12, 2009, at 9:43 AM, Kapyaho Jere (Nokia-D
-zero-range
to hex? That would match the RFC approach...
regards, Frederick
Frederick Hirsch
Nokia
On Mar 12, 2009, at 12:06 PM, ext Marcin Hanclik wrote:
Hi Frederick,
One line of the ABNF quoted below could be adjusted to match
RFC5234: 3.4. Value Range Alternatives: %c##-##.
non-zero
Backus-Naur FormABNF/abbr/cite/a. D. Crocker
and P. Overell.
January 2008./dd
Unless I hear otherwise by Monday, I will make this change to the
editors draft. If you agree with the change please let me know.
Thanks
regards, Frederick
Frederick Hirsch
Nokia
[1] http://dev.w3.org/2006/waf
-as elements c-nl
; continues if next line starts
; with white space
Thanks.
Kind regards,
Marcin
From: Frederick Hirsch [frederick.hir...@nokia.com]
Sent: Thursday, March 12, 2009 10:15 PM
. May 2001.http://www.w3.org/TR/2001/REC-xmlschema-2-20010502/
regards, Frederick
Frederick Hirsch
Nokia
[1] http://dev.w3.org/2006/waf/widgets-digsig/
[2] http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/0547.html
Mark
Thanks for your review, I have some comments inline. Thomas, can you
please review my proposed change to the security considerations text
Mark mentioned?
Thanks
regards, Frederick
Frederick Hirsch
Nokia
On Mar 12, 2009, at 12:53 PM, ext Priestley, Mark, VF-Group wrote:
Hi
-
SHA-256 and RSA-SHA-256.
c) I suggest removing the restatement of algorithm requirements in
section 7.1 , specifically remove #5a and #5b.
Are there any other changes needed that we are aware of?
Thanks
regards, Frederick
Frederick Hirsch
Nokia
[1] http://dev.w3.org/2006/waf/widgets-digsig/
://dev.w3.org/2006/waf/widgets/#zip-relative-paths
regards, Frederick
Frederick Hirsch
Nokia
, Frederick
Frederick Hirsch
Nokia
[1] http://dev.w3.org/2006/waf/widgets-digsig/
On Mar 17, 2009, at 8:15 AM, ext Marcos Caceres wrote:
Hi Frederick,
On 3/17/09 1:01 PM, Frederick Hirsch wrote:
The latest draft includes the revised text from Thomas.
Marcos, are you suggesting we add
of the recommended key length
Does this change make sense? Do you have any suggestion or comment?
Thanks for the careful review of the draft.
regards, Frederick
Frederick Hirsch
Nokia
[1] http://dev.w3.org/2006/waf/widgets-digsig/
[mp] While this is better I think it misses the fact that we are
strongly
additional comment or corrections. Thanks
Marcos for suggestions to this wording.
(Also removed Inc from Nokia in title page)
regards, Frederick
Frederick Hirsch
Nokia
[1] http://dev.w3.org/2006/waf/widgets-digsig/
or correction.
The latest draft also changes all usage of widget user agent to
user agent.
regards, Frederick
Frederick Hirsch
Nokia
On Mar 16, 2009, at 4:46 PM, ext Priestley, Mark, VF-Group wrote:
[mp] My view is that whether zero, one or more signatures is processed
is up to the widget user
of XML SIgnature 1.1.
regards, Frederick
Frederick Hirsch
Nokia
[1] http://dev.w3.org/2006/waf/widgets-digsig/#algorithms
length defined for each algorithm but can defer for now.
Will this change of sentence work ?
Thanks
regards, Frederick
Frederick Hirsch
Nokia
(for some reason this message of yours did not reach my personal
inbox, but it was on the list)
Hi Frederick, I agree with all of your changes
earlier that we would add this material.
4. Changed Security Policy to lowercase as appropriate.
This should complete all my editorial actions before publication.
Please review and let me know of any corrections or noted omissions.
regards, Frederick
Frederick Hirsch
Nokia
[1] http://dev.w3.org
Completed additional changes to Editorial note in section 6, added
links to XML Security WG home page, list of comments on FPWD and
mailto link for comments on XML Signature 1.1.
Also fixed editorial nit, final set to a final set
regards, Frederick
Frederick Hirsch
Nokia
On Mar 19, 2009
Marcos
I checked in another revision to fix the broken link in 7. 2 (last
sentence included s in span) and to fix various validation errors.
The latest revision looks ok to me now, version 1.85 of
Overview.src.html, version 1.93 of Overview.html
regards, Frederick
Frederick Hirsch
I fixed one additional ordered list nit in widgets signature, so it
validates correctly.
When published the document date will need to be updated to the
publication date.
regards, Frederick
Frederick Hirsch
Nokia
the
same signing key are from the same party .
regards, Frederick
Frederick Hirsch
Nokia
On Mar 26, 2009, at 12:14 PM, ext Hillebrand, Rainer wrote:
Hi Marcos!
I agree with your suggestions.
Best Regards,
Rainer
---
Sent from my mobile device
I think the draft provides enough assurance for the intended level of
use. If you want higher levels of assurance more will be required, but
I don't believe we have a requirement here for that.
regards, Frederick
Frederick Hirsch
Nokia
On Mar 26, 2009, at 12:20 PM, ext Hillebrand, Rainer
as policy and other such
important considerations, which we have not detailed in the
specification.
regards, Frederick
Frederick Hirsch
Nokia
On Mar 26, 2009, at 5:06 PM, ext Marcin Hanclik wrote:
Hi,
I support this view.
In the whole design of various widget signatures it seems
Marcin
[removed cross-posting, since my posting would fail anyway]
comments inline
regards, Frederick
Frederick Hirsch
Nokia
On Mar 27, 2009, at 5:27 AM, ext Marcin Hanclik wrote:
Hi Marcos,
These are my further comments to the DigSig spec:
1. There is no section about typographic
Marcin
Thanks, for the careful review. some comment inline
[removed cross post, fails anyway]
regards, Frederick
Frederick Hirsch
Nokia
On Mar 26, 2009, at 2:04 PM, ext Marcin Hanclik wrote:
Hi Marcos, All,
Please find below my - mostly editorial - comments to the latest
digsig
...
also, ok with your proposed change
Within a widget package these signature files MUST be ordered based on
the numeric portion of the signature file name.
regards, Frederick
Frederick Hirsch
Nokia
On Mar 27, 2009, at 9:41 AM, ext Marcin Hanclik wrote:
Hi Frederick,
Thanks for your review
No I agree, we are trying to stay away from legal statements , that
requires much more.
regards, Frederick
Frederick Hirsch
Nokia
On Mar 27, 2009, at 10:40 AM, ext Marcin Hanclik wrote:
Hi Frederick,
re author, would the term creator in the sentence from Thomas
help,
this probably
comments inline, thanks for reviewing this
regards, Frederick
Frederick Hirsch
Nokia
On Mar 27, 2009, at 1:26 PM, ext Hillebrand, Rainer wrote:
Dear Marcos,
I hope to have less critical comments than in my last feedback email.
1. Section 7.1: change The ds:SignatureMethod algorithm used
I think we should remove it.
Also, I revised the e.g. as follows
... undesireable and security relevant effects, such as overwriting of
startup or system files.
regards, Frederick
Frederick Hirsch
Nokia
On Mar 27, 2009, at 2:00 PM, ext Hillebrand, Rainer wrote:
Dear Frederick,
I
. Removed trust anchor text in 7.3:
The set of acceptable trust anchors, and policy decisions based on
the signer's identity are established through a security-critical out-
of-band mechanism.
http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/0982.html
regards, Frederick
Frederick
be required in Widget Signature.
Please share this additional information in your organization and
indicate if it would cause any change in position regarding the
mandatory to implement algorithms.
Thank you
regards, Frederick
Frederick Hirsch, Nokia
Chair XML Security WG
[1] http://lists.w3
+1
I do not understand the attack, but can envision cases where
precluding access could cause problems. Examples might be user see
what is signed or access to signature properties.
Is this an access control issue rather than a general specification
rule?
regards, Frederick
Frederick
[Widgts-DigSig] specification, in which case
the user agent MUST make signature documents available to the
implementation of the [Widgets-DigSig] specification.
This message should complete ACTION-329 which should be closed.
regards, Frederick
Frederick Hirsch
Nokia
if there is no need for the Created property in the Widgets Signature
spec I suggest we remove it, though keep what we have in the Signature
Properties specification.
regards, Frederick
Frederick Hirsch
Nokia
On Apr 15, 2009, at 5:45 AM, ext Priestley, Mark, VF-Group wrote:
Dear All
of Signature Properties, thus
remove section 9 from widget signature
http://dev.w3.org/2006/waf/widgets-digsig/#sigproperties
any other comments received that we might have missed?
regards, Frederick
Frederick Hirsch
Nokia
On Apr 22, 2009, at 7:36 AM, Barstow Art (Nokia-CIC/Boston) wrote
I agree that the sentence should be dropped.
I'll take an editorial pass today to remove that sentence, address the
agreed changes on Mark's editorial comments and to remove the Created
material.
Thanks for noting this one.
regards, Frederick
Frederick Hirsch
Nokia
On Apr 22, 2009
don't think we can always expect creation of a physical file for
processing. Suggest not making any change here.
regards, Frederick
Frederick Hirsch
Nokia
On Apr 22, 2009, at 6:45 AM, ext Marcos Caceres wrote:
On Tue, Apr 21, 2009 at 11:14 PM, Frederick Hirsch
frederick.hir...@nokia.com wrote
in general.
regards, Frederick
Frederick Hirsch
Nokia
and also to see if any new mistakes have been introduced.
regards, Frederick
Frederick Hirsch
Nokia
On Apr 22, 2009, at 5:53 PM, ext Priestley, Mark, VF-Group wrote:
Thanks Frederick and Marcos - responses inline.
Only a couple of questions left :)
Regards,
Mark
-Original Message-
From
I've added this to the Widgets Signature specification.
regards, Frederick
Frederick Hirsch
Nokia
On Apr 23, 2009, at 3:18 AM, ext Priestley, Mark, VF-Group wrote:
Thanks Frederick!
-Original Message-
From: Frederick Hirsch [mailto:frederick.hir...@nokia.com]
Sent: 22 April 2009
I agree . Also to be clear Mark, I believe you are saying VF supports
a MUST in the XML Signature 1.1 specification.
regards, Frederick
Frederick Hirsch
Nokia
On Apr 23, 2009, at 8:15 AM, ext David Rogers wrote:
Marcos,
Surely the logic should support algorithm evolution in that way
Added FIPS-186-3 reference
http://dev.w3.org/2006/waf/widgets-digsig/
Note that we will need to update the Signature Properties reference,
when that specification is published with this specification.
regards, Frederick
Frederick Hirsch
Nokia
issues with these
changes or any other corrections by tomorrow morning Eastern time.
Thank you
regards, Frederick
Frederick Hirsch
Nokia
[1]
http://dev.w3.org/2006/waf/widgets-digsig/#naming-convention-for-an-author-signature
and
http://dev.w3.org/2006/waf/widgets-digsig/#naming-convention
+1
I don't see the need for that paragraph.
regards, Frederick
Frederick Hirsch
Nokia
On Apr 29, 2009, at 6:36 AM, ext Thomas Roessler wrote:
Hi Frederick,
Some tiny editorial changes
I think we should add the following sub-section to the Status of
This Document:
[[
h3 class=no-num
comments inline, including proposals. thanks for the review
regards, Frederick
Frederick Hirsch
Nokia
On Apr 29, 2009, at 4:01 AM, ext Marcos Caceres wrote:
Hi Frederick,
Some tiny editorial changes
I think we should add the following sub-section to the Status of
This Document
I assume this issue is closed with no need to add this text, given the
subsequent thread. If this is incorrect please note that on the list.
Thanks
regards, Frederick
Frederick Hirsch
Nokia
On May 5, 2009, at 6:33 AM, Barstow Art (Nokia-CIC/Boston) wrote:
On May 4, 2009, at 10:13 AM
XML Signature 1.1 notes that the order of certificates in X.509Data is
not specified.
http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-11/Overview.htm#sec-X509Data
Is this really expected to be an issue, with long cert chains?
regards, Frederick
Frederick Hirsch
Nokia
On Jun 4, 2009
Thanks for the review Josh. These all look editorial to me and I
assume we can handle them during CR.
regards, Frederick
Frederick Hirsch
Nokia
On Jun 4, 2009, at 9:30 AM, ext timeless wrote:
Hi, apologies for the late comments.
I hope all of my comments are of an editorial nature
XML Signature 1.1 should be referenced. It defines the URI for the
algorithms, context for use in XML Signature, and references etc.
regards, Frederick
Frederick Hirsch
Nokia
On Jun 8, 2009, at 8:30 AM, ext Marcin Hanclik wrote:
Hi Marcos,
Also, DSA-SHA-1, RSA-SHA-256, and ECDSA-SHA
call to freeze the spec but I
guess not... )
regards, Frederick
Frederick Hirsch
Nokia
On Jun 8, 2009, at 7:07 AM, ext Marcos Caceres wrote:
On Thu, Jun 4, 2009 at 2:27 PM, Priestley, Mark,
VF-Groupmark.priest...@vodafone.com wrote:
Hi Art, All,
Vodafone has some late comments which
copying this message with the XML Security WG.
Thanks
regards, Frederick
Frederick Hirsch, Nokia
Chair XML Security WG
[1] http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-11/Overview.htm#sec-Schema
[2] http://www.w3.org/2007/xmlsec/Drafts/xmldsig-rngschema/
On Jun 25, 2009, at 7:13 AM, ext Kai
adhere to HTTP redirect semantics. as an editors note.
25 Editorial: Section 6.1
some of the spacing between items seems to need additional space
26 Editorial: Section 7.3
Replace progresing with progressing
regards, Frederick
Frederick Hirsch
Nokia
policy
3. if policy disallows then the browser does not allow the content to
be used.
In any case, doesn't this open an attack to get the content by
sniffing the wire for the response content, regardless of the header?
regards, Frederick
Frederick Hirsch
Nokia
[1] http://arunranga.com
So the issue is not confidentiality, it is inappropriate script
execution. Got it.
Thanks Anne
regards, Frederick
Frederick Hirsch
Nokia
On Jul 1, 2009, at 5:34 AM, ext Anne van Kesteren wrote:
I might not have time to address your larger set of questions before I
leave on vacation
.
if this is correct, aren't these fundamentally different?
regards, Frederick
Frederick Hirsch
Nokia
On Aug 27, 2009, at 2:06 PM, ext Marcin Hanclik wrote:
Hi All,
Here are a couple of the Last Call comments to WARP LCWD [1].
They were already partially presented in my emails [2] and [3
isn't the mere knowledge of the level of activity on a device a
possible privacy concern, and couldn't the pattern of activity offer a
traffic analysis type opportunity?
regards, Frederick
Frederick Hirsch
Nokia
On Sep 17, 2009, at 1:35 PM, ext Jeremy Orlow wrote:
On Thu, Sep 17, 2009
Christian
You are correct, thank you for catching this error.
I have updated the editors draft accordingly.
http://dev.w3.org/2006/waf/widgets-digsig/#example
regards, Frederick
Frederick Hirsch
Nokia
On Oct 6, 2009, at 9:44 AM, ext Breitschwerdt, Christian, VF-Group
wrote:
Hi Marcos
in the widget package,
syntax correctness, presence of required property elements, and use
of Role attribute for author and distributor signatures.
2. Signature value verification when specific algorithms are used for
a given input.
regards, Frederick
Frederick Hirsch
Nokia
On Oct 8
WG from
everyone who can help the DAP WG and I'd like to make sure that
somehow we have this discussion during TPAC.
Thus Agenda topic for joint DAP/Webapps-Widget is Security
Considerations, including HTML5.
regards, Frederick
Frederick Hirsch, Nokia
Co-Chair, W3C DAP Working Group
David
Would it be possible for you to summarize what you think the issue is,
as far as architecture and technical disparities, as a first step?
regards, Frederick
Frederick Hirsch
Nokia
On Oct 29, 2009, at 11:54 AM, ext David Rogers wrote:
Hi,
As discussed on the webapps call
as
an integral part of API development, while also developing policy
mechanisms, thus I do not think the view you mention is widely held.
regards, Frederick
Frederick Hirsch
Nokia
On Nov 10, 2009, at 8:47 PM, ext Maciej Stachowiak wrote:
On Nov 10, 2009, at 3:09 AM, Robin Berjon wrote:
On Nov 10
directories are for or where to
navigate). Arbitrary directory navigation for writing files is not a
good idea.
More importantly we have to be careful with analogies.
regards, Frederick
Frederick Hirsch
Nokia
On Nov 18, 2009, at 3:14 PM, ext Jonas Sicking wrote:
On Wed, Nov 18, 2009 at 5:27
.
Do we need to go into more detail on these two (as examples)?
regards, Frederick
Frederick Hirsch
Nokia
On Nov 20, 2009, at 9:15 AM, ext Jeremy Orlow wrote:
These are reasons, but I think the greatest cause of our concern is
that we have not seen any examples of how policies can provide
detail on the use cases or
additional use cases?
regards, Frederick
Frederick Hirsch
Nokia
On Nov 20, 2009, at 10:12 AM, ext Marcin Hanclik wrote:
Hi,
Reliably identified Websites can send and receive SMS except to
premium rate numbers.
There seems to be no worldwide pattern to recognize
+1, duplicating material is a recipe for disaster.
regards, Frederick
Frederick Hirsch
Nokia
On Dec 2, 2009, at 8:22 AM, ext Robin Berjon wrote:
On Dec 1, 2009, at 22:22 , Marcin Hanclik wrote:
Can you please update this to just be a delta?
As far as I know W3C specs, delta documents
that Signature Properties is about to enter Last Call.
regards, Frederick
Frederick Hirsch
Nokia
[1] http://www.w3.org/2005/10/Process-20051014/tr.html#cfi
On Jan 7, 2010, at 2:17 PM, Barstow Art (Nokia-CIC/Boston) wrote:
The XML Security WG is considering changing the syntax of the Profile
to date.
This should not break any implementations but make it easier to find
and work with the schema.
Comments/corrections welcome.
Thanks
regards, Frederick
Frederick Hirsch
Nokia
Begin forwarded message:
From: Hirsch Frederick (Nokia-CIC/Boston) frederick.hir...@nokia.com
Date
-20/
* XML Signature 2.0: http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-20/
regards, Frederick
Frederick Hirsch, Nokia
Chair XML Security WG
On Feb 10, 2010, at 6:48 AM, Barstow Art (Nokia-CIC/Boston) wrote:
Last week the XML Security WG published LCWDs of two specs the Widget
Digital
lines):
Reference URI=config.xml
Reference URI=#prop
--
regards, Frederick
Frederick Hirsch
Nokia
[1] http://www.w3.org/TR/widgets-digsig/
] DigestMethod Algorithm=http://www.w3.org/2001/04/
xmlenc#sha256/
[s10] DigestValuedGhpcyBpcyBub3QgYSBzaWduYXR1cmUK.../DigestValue
[s11] /Reference
http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-11/Overview.htm#sec-o-Simple
regards, Frederick
Frederick Hirsch
Nokia
On Mar 29, 2010, at 4:16 PM
, Frederick
Frederick Hirsch
Nokia
On Apr 7, 2010, at 6:04 AM, ext Thomas Roessler wrote:
kue...@trustable.de wrote:
from the implementors perspective these modifications don't
introduce too much trouble. But I'm a little bit concerned about
the explicit ban of canonicalizations for 'external
]? These are intended to improve
simplicity, usability, streamability, reduced attack surface etc. Your
comments would be very welcome!
regards, Frederick
Frederick Hirsch
Nokia
[1] http://www.w3.org/TR/2010/WD-xml-c14n2-20100304/
[2] http://www.w3.org/TR/2010/WD-xmldsig-core2-20100304
Frederick Hirsch
Nokia
On Apr 7, 2010, at 9:19 AM, Hirsch Frederick (Nokia-CIC/Boston) wrote:
Thanks Andreas
Yes it seems counter-intuitive not to canonicalize XML, but it is
really only needed once the XML has been parsed, and avoiding
canonicalization saves resources.
Are you aware of the XML
; and References for [XMLDSIG11], [XMLSecAlgs],
[XMLDSIG-Properties].
regards, Frederick
Frederick Hirsch
Nokia
[1] http://lists.w3.org/Archives/Public/public-webapps/2010AprJun/0051.html
1 - 100 of 111 matches
Mail list logo