Dear Marcos Caceres ,
The XML Security Working Group has reviewed the comments you sent [1] on
the Last Call Working Draft [2] of the XML Signature Syntax and Processing
Version 1.1 published on 3 Mar 2011. Thank you for having taken the time to
review the document and to send us comments!
The
Dear Tab Atkins Jr. ,
The Device APIs Working Group has reviewed the comments you sent [1] on the
Last Call Working Draft [2] of the Ambient Light Events published on 13 Dec
2012. Thank you for having taken the time to review the document and to
send us comments!
The Working Group's response to
versions.
This Working Group’s deliverables must address issues of accessibility,
internationalization, mobility,security and privacy.
]]
Discussed at 4 Sep teleconference [2]
regards, Frederick
Frederick Hirsch, Nokia
Chair DAP
@fjhirsch
[1] http://www.w3.org/2011/07/DeviceAPICharter
[2
cases
going forward? This might be useful before considering venue for the work and
detailed issues. (Is there a public web page with information on current
implementations?)
thanks
regards, Frederick
Frederick Hirsch
www.fjhirsch.com
@fjhirsch
> On Apr 1, 2015, at 5:22 AM, Nilsson,
no objection, the referenced document is a Recommendation, isn't it?
http://www.w3.org/TR/widgets-digsig/
regards, Frederick
Frederick Hirsch
Chair XML Security WG
fjhirsch.com
@fjhirsch
> On May 8, 2015, at 7:14 AM, Arthur Barstow wrote:
>
> [ + Marcos and Frederick ]
he spec's contents and the specification may be updated.
If you have any comments or concerns about this CfC, please reply to this
e-mail by 14 October at the latest. Positive response is preferred and
encouraged, even a +1 will do Silence will be considered as agreement with the
proposa
+1 to FPWD of FindText API
> On Oct 7, 2015, at 11:38 AM, Robert Sanderson wrote:
>
> +1 to FPWD
>
> On Wed, Oct 7, 2015 at 8:34 AM, Ivan Herman wrote:
> I am happy to have this documents published as FPWD.
>
> Ivan
>
>
> > On 06 Oct 2015, at 22:32 , F
6, 2015, at 4:32 PM, Frederick Hirsch wrote:
>
> This is a call for consensus (CfC) to publish a First Public Working Draft
> (FPWD) of FindText API; deadline 14 October (1 week)
>
> This FindText API is joint deliverable of the WebApps WG and Web Annotation
> WG (listed as
, 2015 (2 weeks) to this CfC.
Thanks
regards, Frederick
Frederick Hirsch
Chair, W3C Device APIs WG (DAP)
www.fjhirsch.com
@fjhirsch
[1] http://www.w3.org/2009/dap/#webintents
[2] http://w3c.github.io/dap-charter/DeviceAPICharter.html
[3] http://www.w3.org/2015/10/webplatform-charter.html
Frederick Hirsch
Nokia
On Apr 29, 2010, at 12:17 PM, ext Marcos Caceres wrote:
I have fund a number of issues with the dig sig spec:
1. The conformance model is all screwy: it mixes conformance criteria
for too many products (including ones on which were it makes no sense,
like signature documents
looks like the same net effect on
implementations.
Thanks
regards, Frederick
Frederick Hirsch
Nokia
Andreas
Thanks, good catch.
regards, Frederick
Frederick Hirsch
Nokia
On May 5, 2010, at 11:41 AM, ext Andreas Kuehne wrote:
Hi all,
just a minor comment found by build a test case :
Section 7.1. Common Constraints for Signature Generation and
Validation
1. [...]
2
in the proposed editors draft [1] this is section 10.2 item #3
I suggest we change 3a from "The URI attribute ..." to be "For
references that are not same-document references, the URI attribute..."
regards, Frederick
Frederick Hirsch
Nokia
On May 5, 2010, at 11:41 AM
battery
- isBeingCharged: true if the current power source is a battery and is
being charged
What do you think?
This seems clearer and more straightforward.
regards, Frederick
Frederick Hirsch
Nokia
On May 11, 2010, at 10:47 AM, ext Max Froumentin wrote:
On 10/05/2010 17:36, timeless
ture, which includes updating the link, date, title etc.
http://www.w3.org/TR/xmldsig-core/
regards, Frederick
Frederick Hirsch
Nokia
[1] http://www.w3.org/TR/widgets-reqs/#r11.-
[2] http://www.w3.org/TR/widgets-reqs/#normative
sections
Additional minor editorial update
regards, Frederick
Frederick Hirsch
Nokia
On Dec 16, 2008, at 5:43 AM, ext Thomas Roessler wrote:
I suggest to remove the editorial note currently present in section
8 of the Editor's Draft.
Instead, add the following to the Sec
ion
process).
regards, Frederick
Frederick Hirsch
Nokia
I have updated the Editors Draft of Widgets Digital Signatures with
the revised abstract and the URI for RSA-SHA256.
regards, Frederick
Frederick Hirsch
Nokia
On Dec 17, 2008, at 7:19 PM, Frederick Hirsch wrote:
Suggested changes to widgets signature Abstract:
Change
"Pri
change the XML Signature
namespace.
regards, Frederick
Frederick Hirsch
Nokia
[1] http://dev.w3.org/2006/waf/widgets-digsig/
signature.
Note that a nonce and timestamp, as used for replay attack mitigation,
may not be suitable since the client may never have installed the
widget previously and not have access to earlier nonce information.
That is all for now, though I may have missed something.
regards, Frederick
Frederick Hirsch
Nokia
[1] http://dev.w3.org/2006/waf/widgets-reqs/
Mark
Some more discussion inline, thanks for taking the time to review.
Do you mind updating the draft with the items we agree?
regards, Frederick
Frederick Hirsch
Nokia
On Jan 7, 2009, at 11:03 AM, ext Priestley, Mark, VF-Group wrote:
Hi Frederick,
Thanks for your comments. As someone
list.
Note that this document is subject to change, based on discussion in
XML Security WG
This should close XML Security WG ACTION-129
Thank you
regards, Frederick
Frederick Hirsch
Nokia
[1] http://www.w3.org/2008/xmlsec/Drafts/xmldsig-properties/Overview.html
separate
libraries?)
regards, Frederick
Frederick Hirsch
Nokia
[1] http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/0038.html
Based on web applications discussion on teleconference replaced role
property with usage property, updated draft.
regards, Frederick
Frederick Hirsch
Nokia
On Jan 8, 2009, at 8:45 AM, Frederick Hirsch wrote:
I have updated the Signature Properties editors draft [1] as follows
(see
o add the proposed changes for (2) and (4) in [1] tomorrow,
unless I hear objection by tomorrow morning, so as to get a more
complete draft, which I will expect will still require additional
review.
regards, Frederick
Frederick Hirsch
Nokia
[1] plan to add proposed items (2) and (4) in
that was
raised on today's Web Applications teleconference.
I have a comment below from Brian LaMacchia, a member of the XML
Security WG, that notes the issue.
Much thanks Brian for noting this issue and expressing it clearly.
regards, Frederick
Frederick Hirsch
Nokia
[1] http://d
fyi
please note the added security considerations re DSA, including note
regarding requirement for DSA
http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-11/Overview.htm#sec-SignatureAlg
regards, Frederick
Frederick Hirsch
Nokia
Begin forwarded message:
Resent-From: public-xml...@w3.org
, and decisions
related to algorithms.
regards, Frederick
Frederick Hirsch
Nokia
[1] http://dev.w3.org/2006/waf/widgets-digsig/
[2] http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/0042.html
[3] http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/0040.html
Begin forwarded message:
From: Frederick Hirsch
Date: January 16, 2009 12:04:43 PM EST
To: XMLSec WG Public List
Cc: Frederick Hirsch
Subject: updated Widgets Signature and properties
I've updated the Widgets Signature [1] and Signature Properties [2]
drafts based on feedback durin
, Frederick
Frederick Hirsch
Nokia
On Jan 19, 2009, at 7:48 AM, ext Marcos Caceres wrote:
Hi Frederick,
I've updated the requirements document wrt the suggestions you have
made.
However, I have not yet included the new requirements as I need to
consider
them a bit more before I
additional thoughts on these
requirements.
regards, Frederick
Frederick Hirsch
Nokia
On Feb 4, 2009, at 3:49 PM, ext Thomas Roessler wrote:
On 4 Feb 2009, at 21:45, Arthur Barstow wrote:
* Is supporting OCSP and CRL a MUST for v1?
Just for clarity, there are two possible requirements around
ure for a variety of possible signature usage/role types and/or
signers to be handled, will rules be expressed in terms of usage/role
(e.g. distributor) and what else? The model is not clear to me.
regards, Frederick
Frederick Hirsch
Nokia
On Feb 6, 2009, at 10:51 AM, ext Priestley, Mark, VF
rm certificate chain validation and
other checks related to the signature key information, without
necessarily validating the referenced widget content at that time.
Risks associated with separating time of verification and validation
steps may need consideration."
regards, Frederick
F
ature 1.1 and Properties to be published
as First Public Working Draft very soon, barring any last minute
difficulties.
regards, Frederick
Frederick Hirsch
Nokia
On Feb 17, 2009, at 6:01 AM, ext Priestley, Mark, VF-Group wrote:
Hi Frederick,
Just thought I'd try and help with the
ument since we are discussing this item on the mailing list.
Thanks
regards, Frederick
Frederick Hirsch
Nokia
sible for signatures to be added or removed and
hence a secure channel for widget delivery might be preferable."
regards, Frederick
Frederick Hirsch
Nokia
On Feb 6, 2009, at 10:51 AM, ext Priestley, Mark, VF-Group wrote:
Hi Marcos,
More responses to your comments below (marked [m
x27;t believe that is specific to Widget Signature.
regards, Frederick
Frederick Hirsch
Nokia
On Feb 13, 2009, at 8:26 AM, ext Marcos Caceres wrote:
2009/2/12 Priestley, Mark, VF-Group :
[mp] As a general comment, I think this is a pretty difficult
problem to address in a secure manner
Thomas
Thanks for the careful review.
comments inline
regards, Frederick
Frederick Hirsch
Nokia
On Feb 25, 2009, at 7:06 AM, ext Thomas Roessler wrote:
In reviewing the latest draft, a couple of comments.
Widgets 1.0: Digital Signatures
Editor's Draft 23 February 2009
this could be conveyed out of band and it
might not always be appropriate to include in every signature.
Thoughts on this one?
regards, Frederick
Frederick Hirsch
Nokia
On Feb 25, 2009, at 9:23 AM, ext Thomas Roessler wrote:
I propose that we add te following text in the beginning o
ok thanks, good to be clear. I'll go ahead and make the change.
regards, Frederick
Frederick Hirsch
Nokia
On Feb 25, 2009, at 5:59 PM, ext Thomas Roessler wrote:
I was not suggesting that we should mandate X509Data (or anything like
it).
The point I was getting at was, that along wit
and calculate the
reference hashes once, eliminating that overhead if it were a concern.
regards, Frederick
Frederick Hirsch
Nokia
On Feb 27, 2009, at 6:48 AM, ext Marcos Caceres wrote:
Hi Frederick, Mark,
I have a concern wrt the author signature. It seems that both the
author signature and
obviously I meant every non-signature file etc
regards, Frederick
Frederick Hirsch
Nokia
On Feb 27, 2009, at 8:18 AM, Hirsch Frederick (Nokia-CIC/Boston) wrote:
Marcos
Yes, logically there would be two self contained signatures with
references to every file in the package.
Again Policy
/Public/public-webapps/2009JanMar/0548.html
Remaining to do item is to add additional signature properties
including signature id, expires/timestamp.
regards, Frederick
Frederick Hirsch
Nokia
ID based references
+ Timestamp and serial number, expiration
As you note the issue of second hash algorithm might be more difficult
and may also depend on XML Signature 1.1 decisions, so that has not
also been addressed.
Thanks
regards, Frederick
Frederick Hirsch
Nokia
On Feb 25, 2009
range from 01 to 09, e.g. signature01.xml to
signature09.xml.
---
Does this make sense?
regards, Frederick
Frederick Hirsch
Nokia
On Mar 5, 2009, at 9:15 AM, ext timeless wrote:
http://dev.w3.org/2006/waf/widgets-digsig/#locating-signatures
4.3
If the signatures list is not emp
I updated the style for items in the Digital Signature
specification to brown.
Does this work better? It does not conflict with other color uses as
far as I can tell.
Please look at
http://dev.w3.org/2006/waf/widgets-digsig/ (refresh)
regards, Frederick
Frederick Hirsch
Nokia
On
yes that has been the case ever since I've started working on this.
Perhaps there is a W3C standard stylesheet we should be using. I'm not
sure why the spec defines its own styles
regards, Frederick
Frederick Hirsch
Nokia
On Mar 5, 2009, at 11:45 AM, Kapyaho Jere (Nokia-D-M
t)
Still to do are possible changes related to Thomas's comments re ID
reference language and additional properties.
regards, Frederick
Frederick Hirsch
Nokia
[1] http://dev.w3.org/2006/waf/widgets-digsig/
how about simple italics for code?
I'll also look into reducing body text
regards, Frederick
Frederick Hirsch
Nokia
On Mar 5, 2009, at 11:59 AM, Hirsch Frederick (Nokia-CIC/Boston) wrote:
yes that has been the case ever since I've started working on this.
Perhaps there is a W3
will be
implementation dependent.
regards, Frederick
Frederick Hirsch
Nokia
On Mar 5, 2009, at 12:03 PM, ext timeless wrote:
On Mar 5, 2009, at 9:15 AM, I wrote:
The proposal is to only allow [1-9][0-9]*, which should solve this.
On Thu, Mar 5, 2009 at 5:59 PM, Frederick Hirsch
wrote
y style to not be quite so
large.
Please indicate any comment or corrections on the list.
Thanks
regards, Frederick
Frederick Hirsch
Nokia
I updated section 4 to correspond to this:
"If the signatures list is not empty, sort the list of signatures by
the file name field in ascending numerical order (e.g.signature1.xml
followed by signature2.xml followed by signature3.xml etc)."
regards, Frederick
Frederick Hi
ces section, with source Jere noted:
[ABNF]
RFC 5234, http://www.ietf.org/rfc/
rfc5234.txt">Augmented BNF
for Syntax Specifications: ABNF. D. Crocker
and P. Overell.
January 2008.
Unless I hear otherwise by Monday, I will make this change to the
editors
-zero-range
to hex? That would match the RFC approach...
regards, Frederick
Frederick Hirsch
Nokia
On Mar 12, 2009, at 12:06 PM, ext Marcin Hanclik wrote:
Hi Frederick,
One line of the ABNF quoted below could be adjusted to match
RFC5234: "3.4. Value Range Alternatives: %c##-##".
with "ABNF" in the third bullet
4) Add reference to ABNF in references section, with source Jere
noted:
[ABNF]
RFC 5234, http://www.ietf.org/rfc/
rfc5234.txt">Augmented BNF
for Syntax Specifications: ABNF. D. Crocker
and P. Overell.
January 2008.
Unless I hear otherwise by Monday, I will make this change to the
editors draft. If you agree with the change please let me know.
Thanks
regards, Frederick
Frederick Hirsch
Nokia
[1] http://dev.w3.org/2006/waf/widgets-digsig/
rulename defined-as elements c-nl
; continues if next line starts
; with white space
Thanks.
Kind regards,
Marcin
________
From: Frederick Hirsch [frederick.hir...@nokia.com]
Sent: Thursday, March 12, 2009 10:15 PM
Frederick
Frederick Hirsch
Nokia
[1] http://dev.w3.org/2006/waf/widgets-digsig/
[2] http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/0547.html
Mark
Thanks for your review, I have some comments inline. Thomas, can you
please review my proposed change to the security considerations text
Mark mentioned?
Thanks
regards, Frederick
Frederick Hirsch
Nokia
On Mar 12, 2009, at 12:53 PM, ext Priestley, Mark, VF-Group wrote:
Hi
RSA-SHA-1, DSA-
SHA-256 and RSA-SHA-256."
c) I suggest removing the restatement of algorithm requirements in
section 7.1 , specifically remove #5a and #5b.
Are there any other changes needed that we are aware of?
Thanks
regards, Frederick
Frederick Hirsch
Nokia
[1] http://dev.w3.
said specification; that is, one that only implements signatures.
It should be possible to build a user agent that only processes
signatures and is unaware any other of the widget 1.0 specifications.
[Comment] by "application" do you mean "widget user agent"?
as above.
--
Marcos Caceres
http://datadriven.com.au
regards, Frederick
Frederick Hirsch
Nokia
"as secure as possible."
regards, Frederick
Frederick Hirsch
Nokia
On Mar 17, 2009, at 7:22 AM, ext Marcos Caceres wrote:
On Mon, Mar 16, 2009 at 12:17 PM, Thomas Roessler wrote:
I'd suggest this instead:
Implementations should be careful about trusting path components
fo
ig Sig spec.
[1] http://dev.w3.org/2006/waf/widgets/#zip-relative-paths
regards, Frederick
Frederick Hirsch
Nokia
, Frederick
Frederick Hirsch
Nokia
[1] http://dev.w3.org/2006/waf/widgets-digsig/
On Mar 17, 2009, at 8:15 AM, ext Marcos Caceres wrote:
Hi Frederick,
On 3/17/09 1:01 PM, Frederick Hirsch wrote:
The latest draft includes the revised text from Thomas.
Marcos, are you suggesting we add
recommended key length
Does this change make sense? Do you have any suggestion or comment?
Thanks for the careful review of the draft.
regards, Frederick
Frederick Hirsch
Nokia
[1] http://dev.w3.org/2006/waf/widgets-digsig/
[mp] While this is better I think it misses the fact that we are
strongly
additional comment or corrections. Thanks
Marcos for suggestions to this wording.
(Also removed Inc from Nokia in title page)
regards, Frederick
Frederick Hirsch
Nokia
[1] http://dev.w3.org/2006/waf/widgets-digsig/
correction.
The latest draft also changes all usage of "widget user agent" to
"user agent".
regards, Frederick
Frederick Hirsch
Nokia
On Mar 16, 2009, at 4:46 PM, ext Priestley, Mark, VF-Group wrote:
[mp] My view is that whether zero, one or more signatures is processed
I include some updates and questions inline on Widget Signature with
pointers to mail archive.
regards, Frederick
Frederick Hirsch
Nokia
On Mar 18, 2009, at 9:41 AM, Barstow Art (Nokia-CIC/Boston) wrote:
Below is the draft agenda for the March 19 Widgets Voice Conference
(VC).
Inputs
XML Security WG continues to refine XML Signature
1.1 and is looking for feedback.
Thanks
regards, Frederick
Frederick Hirsch
Nokia
On Mar 19, 2009, at 6:17 AM, ext Hillebrand, Rainer wrote:
Dear Art,
May I give feedback on an old action item regarding the preference
for ECDSA vs. DSA
FPWD of XML SIgnature 1.1.
regards, Frederick
Frederick Hirsch
Nokia
[1] http://dev.w3.org/2006/waf/widgets-digsig/#algorithms
XML Security WG is also requesting feedback on the
FPWD of XML SIgnature 1.1.
regards, Frederick
Frederick Hirsch
Nokia
On Mar 19, 2009, at 9:48 AM, Hirsch Frederick (Nokia-CIC/Boston) wrote:
Based on the discussion on today's call, I will add the following
editors note to Widget Signatu
bly should review whether we
need key length defined for each algorithm but can defer for now.
Will this change of sentence work ?
Thanks
regards, Frederick
Frederick Hirsch
Nokia
(for some reason this message of yours did not reach my personal
inbox, but it was on the list)
Hi Frederic
I think the current text is clearer since it make clear which
direction to process the list, which would be ambiguous otherwise.
regards, Frederick
Frederick Hirsch
Nokia
On Mar 19, 2009, at 9:40 AM, ext Priestley, Mark, VF-Group wrote:
Hi Frederick,
Small comment. I would change the
WG agreed earlier that we would add this material.
4. Changed "Security Policy" to lowercase as appropriate.
This should complete all my editorial actions before publication.
Please review and let me know of any corrections or noted omissions.
regards, Frederick
Frederick Hirsch
Noki
Completed additional changes to Editorial note in section 6, added
links to XML Security WG home page, list of comments on FPWD and
mailto link for comments on XML Signature 1.1.
Also fixed editorial nit, "final set" to "a final set"
regards, Frederick
Frederick Hirsc
rs vs
working draft I think).
I also notice on a substantive level that you changed the namespace.
Was the reason to match a pre-existing choice for the Packaging and
Configuration? Is this an item for discussion?
The other changes looked good, thanks for improving the draft.
regards,
Marcos
I checked in another revision to fix the broken link in 7. 2 (last
sentence included s in span) and to fix various validation errors.
The latest revision looks ok to me now, version 1.85 of
Overview.src.html, version 1.93 of Overview.html
regards, Frederick
Frederick Hirsch
I fixed one additional ordered list nit in widgets signature, so it
validates correctly.
When published the document date will need to be updated to the
publication date.
regards, Frederick
Frederick Hirsch
Nokia
Frederick Hirsch
Nokia
On Mar 26, 2009, at 12:58 PM, ext Priestley, Mark, VF-Group wrote:
Hi All,
As the author signature was something I had a hand in creating let
me add my 2 pence worth.
Rainer is correct in that the author signature need not actually
come from the author of the
having used the
same signing key are from the same party .
regards, Frederick
Frederick Hirsch
Nokia
On Mar 26, 2009, at 12:14 PM, ext Hillebrand, Rainer wrote:
Hi Marcos!
I agree with your suggestions.
Best Regards,
Rainer
---
Sent from m
I think the draft provides enough assurance for the intended level of
use. If you want higher levels of assurance more will be required, but
I don't believe we have a requirement here for that.
regards, Frederick
Frederick Hirsch
Nokia
On Mar 26, 2009, at 12:20 PM, ext Hillebrand, R
n the same category as policy and other such
important considerations, which we have not detailed in the
specification.
regards, Frederick
Frederick Hirsch
Nokia
On Mar 26, 2009, at 5:06 PM, ext Marcin Hanclik wrote:
Hi,
I support this view.
In the whole design of various widget signature
Marcin
[removed cross-posting, since my posting would fail anyway]
comments inline
regards, Frederick
Frederick Hirsch
Nokia
On Mar 27, 2009, at 5:27 AM, ext Marcin Hanclik wrote:
Hi Marcos,
These are my further comments to the DigSig spec:
1. There is no section about typographic
Marcin
Thanks, for the careful review. some comment inline
[removed cross post, fails anyway]
regards, Frederick
Frederick Hirsch
Nokia
On Mar 26, 2009, at 2:04 PM, ext Marcin Hanclik wrote:
Hi Marcos, All,
Please find below my - mostly editorial - comments to the latest
digsig
author means creator...
also, ok with your proposed change
Within a widget package these signature files MUST be ordered based on
the numeric portion of the signature file name.
regards, Frederick
Frederick Hirsch
Nokia
On Mar 27, 2009, at 9:41 AM, ext Marcin Hanclik wrote:
Hi Frederick,
Th
No I agree, we are trying to stay away from legal statements , that
requires much more.
regards, Frederick
Frederick Hirsch
Nokia
On Mar 27, 2009, at 10:40 AM, ext Marcin Hanclik wrote:
Hi Frederick,
re author, would the term "creator" in the sentence from Thomas
help,
thi
comments inline, thanks for reviewing this
regards, Frederick
Frederick Hirsch
Nokia
On Mar 27, 2009, at 1:26 PM, ext Hillebrand, Rainer wrote:
Dear Marcos,
I hope to have less critical comments than in my last feedback email.
1. Section 7.1: change "The ds:SignatureMethod algo
I think we should remove it.
Also, I revised the e.g. as follows
... undesireable and security relevant effects, such as overwriting of
startup or system files.
regards, Frederick
Frederick Hirsch
Nokia
On Mar 27, 2009, at 2:00 PM, ext Hillebrand, Rainer wrote:
Dear Frederick,
I
s/Public/public-webapps/2009JanMar/0982.html
regards, Frederick
Frederick Hirsch
Nokia
[1] added
Numerical order is the order based on the numeric portion of the
signature file name. Thus the highest numbered distributor signature
would be validated first.
to section 4, #6
---
replace
The ord
I ran this through the W3C validator and fixed validation errors and
warnings, it now validates cleanly.
regards, Frederick
Frederick Hirsch
Nokia
On Mar 27, 2009, at 3:02 PM, Hirsch Frederick (Nokia-CIC/Boston) wrote:
I have completed a major round of editorial updates to the Widget
ecure (and of course there are no attacks available
against the algorithms and so on).
regards, Frederick
Frederick Hirsch
Nokia
On Apr 2, 2009, at 5:20 PM, ext Priestley, Mark, VF-Group wrote:
Hi Art, All,
I tracked down my original explanation with subsequent qualification
[1].
The pr
algorithms should be required in Widget Signature.
Please share this additional information in your organization and
indicate if it would cause any change in position regarding the
mandatory to implement algorithms.
Thank you
regards, Frederick
Frederick Hirsch, Nokia
Chair XML Se
+1
I do not understand the attack, but can envision cases where
precluding access could cause problems. Examples might be user "see
what is signed" or access to signature properties.
Is this an access control issue rather than a general specification
rule?
regards, Frederick
mentations.
So apart from personal preference I do not see why a change is needed.
regards, Frederick
Frederick Hirsch
Nokia
On Apr 15, 2009, at 3:00 PM, ext Jonas Sicking wrote:
On Tue, Apr 14, 2009 at 4:38 AM, Marcos Caceres
wrote:
Although I agree that it was probably a short-sightedne
ments the OPTIONAL [Widgts-DigSig] specification, in which case
the user agent MUST make signature documents available to the
implementation of the [Widgets-DigSig] specification."
This message should complete ACTION-329 which should be closed.
regards, Frederick
Frederick Hirsch
Nokia
Mark
Please find responses inline. Thanks for the review.
regards, Frederick
Frederick Hirsch
Nokia
On Apr 7, 2009, at 2:27 AM, ext Priestley, Mark, VF-Group wrote:
Hi Art, All,
Please find below my editorial comments and requests for
clarifications
based on the new WD [1]. While it
if there is no need for the Created property in the Widgets Signature
spec I suggest we remove it, though keep what we have in the Signature
Properties specification.
regards, Frederick
Frederick Hirsch
Nokia
On Apr 15, 2009, at 5:45 AM, ext Priestley, Mark, VF-Group wrote:
Dear All
update of Signature Properties, thus
remove section 9 from widget signature
http://dev.w3.org/2006/waf/widgets-digsig/#sigproperties
any other comments received that we might have missed?
regards, Frederick
Frederick Hirsch
Nokia
On Apr 22, 2009, at 7:36 AM, Barstow Art (Nokia-CIC/Bos
I agree that the sentence should be dropped.
I'll take an editorial pass today to remove that sentence, address the
agreed changes on Mark's editorial comments and to remove the Created
material.
Thanks for noting this one.
regards, Frederick
Frederick Hirsch
Nokia
On Apr 22
it will
be correct to talk about "files".
I don't think we can always expect creation of a physical file for
processing. Suggest not making any change here.
regards, Frederick
Frederick Hirsch
Nokia
On Apr 22, 2009, at 6:45 AM, ext Marcos Caceres wrote:
On Tue, Apr 21, 20
s into the requirements
document, and thus possibly the requirements section in general.
regards, Frederick
Frederick Hirsch
Nokia
1 - 100 of 147 matches
Mail list logo
