Dear Art, All,
After commuting about 200km each day over more than three years I will go back
to T-Mobile Germany in Münster that is nearer to the place where I live. I will
leave Deutsche Telekom AG Headquarters (former T-Mobile International) by the
end of August.
So, I want to take the
Dear Arve,
Here are my comments on your Widgets AE last editor's draft.
1. Change A environment in which a Widget interface is presented to the user.
to An environment in which a Widget interface is presented to the user.
2. All URLs in the Step 8 hyperlinks in section The Widget Interface
:22
To: Hillebrand, Rainer
Cc: public-webapps
Subject: Re: [widgets] Screenshots and case sensitive file names
Hi Rainer,
On Mon, Mar 16, 2009 at 3:11 PM, Hillebrand, Rainer
rainer.hillebr...@t-mobile.net wrote:
Dear Marcos,
The current version W3C Working Draft 11 March 2009 does
Dear Marcos,
I hope to have less critical comments than in my last feedback email.
1. Section 7.1: change The ds:SignatureMethod algorithm used in the
ds:SignatureValue element MUST one of the signature algorithms. to The
ds:SignatureMethod algorithm used in the ds:SignatureValue element MUST
Dear Marcos,
I have some proposals for editorial changes.
1. Section 1.2: change which MAY logically contains to which MAY logically
contain
2. Section 1.2: An unsigned widget package is a widget package that does not
contain any signature files. It is left to the user agent's security policy
---
Sent from my mobile device
- Originalnachricht -
Von: Marcos Caceres marc...@opera.com
An: Paddy Byers pa...@aplix.co.jp
Cc: Hillebrand, Rainer; WebApps WG public-webapps@w3.org;
otsi-arch-...@omtplists.org otsi-arch-...@omtplists.org
Gesendet: Thu Mar 26 17
Dear Mark,
I agree to use your text.
Best Regards,
Rainer
---
Sent from my mobile device
- Originalnachricht -
Von: otsi-arch-sec-ow...@omtp.ieee-isto.org
otsi-arch-sec-ow...@omtp.ieee-isto.org
An: Hillebrand, Rainer; marc...@opera.com marc
Priestley, Mark, VF-Group mark.priest...@vodafone.com
Cc: Frederick Hirsch frederick.hir...@nokia.com; Hillebrand, Rainer;
marc...@opera.com marc...@opera.com; pa...@aplix.co.jp pa...@aplix.co.jp;
public-webapps@w3.org public-webapps@w3.org; otsi-arch-...@omtplists.org
otsi-arch-...@omtplists.org
Dear Art,
May I give feedback on an old action item regarding the preference for ECDSA
vs. DSA. I hope that T-Mobile's position statement is not too late.
T-Mobile favors ECDSA. DSA has no advantage regarding speed and memory
consumption against the classic RSA. ECDSA improves the security
Dear Marcos,
IMO, it is a good idea to support multiple screenshots that are used to
represent a widget in a running state. So, I support your proposal. The PC
might not be the right place to define running state. Under the assumption
that a widget could be in different running states multiple
Dear Marcos,
The current version W3C Working Draft 11 March 2009 does not mention the
gallery in Chapter 6.9: A screenshot is an optional file inside the widget
resource that graphically represents the widget in a running state. Well, the
question is what is a running state and which kind of
Dear Art,
Regarding PC spec - Mandatory config file, I would like to give more
information about my concerns.
According to the current W3C Working Draft 9 March 2009, the config.xml file
has a single mandatory element. This is the widget element. All its expected
children elements and
, Rainer
Cc: Arthur Barstow; public-webapps
Subject: Re: [widgets] Minutes from 12 March 2009 Voice Conference
On Mon, Mar 16, 2009 at 3:06 PM, Hillebrand, Rainer
rainer.hillebr...@t-mobile.net wrote:
Dear Art,
Regarding PC spec - Mandatory config file, I would like to give more
information about
Dear Frederick,
I agree with you and Mark to remove Only the first distributor signature MUST
be processed. It may depend on a security policy which is currently not
defined. It might be the first matching signature which can be successfully
validated with a public key that is available to the
Dear Arve,
Good point regarding OMTP/BONDI. BONDI supports a security framework for
widgets and web pages (or non-widgets).
On the other, if widgets in pre-existing implementations may use sensitive
resources then I as an attacker would pack my rogue content in a widget
resource, add the
Dear Marcos,
We already have defined two parameters that identify a zip archive as a widget
resource:
a) The content type in a server's response.
b) The file extension for a widget resource that is distributed on memory cards
for instance.
Roughly thinking, I have the impression that this is
Dear Marcos,
I have some doubts that a secure transport of a widget resource is so important
in case of a signed widget resource. I would agree with you that we currently
do not know how a signature is considered because we do not have a security
framework and security policies that would
Caceres
Sent: Montag, 2. März 2009 15:03
To: Hillebrand, Rainer
Cc: public-webapps
Subject: Re: Reminder: January 31 comment deadline for LCWD of Widgets 1.0:
Packaging Configuration spec
On Mon, Mar 2, 2009 at 2:56 PM, Hillebrand, Rainer
rainer.hillebr...@t-mobile.net wrote:
Dear Marcos
Dear Marcos,
From my point of view the current model as described by you is ok. The author
of the update description document and the author of the widget resource that
shall be updated are able to control the security level shall be reached. This
is not mandated by the widget specifications
Hi Marcos,
I am not aware of any feedback on your e-mail. Here is mine.
Best Regards,
Rainer
*
T-Mobile International
Terminal Technology
Rainer Hillebrand
Head of Terminal Security
Landgrabenweg 151, D-53227 Bonn
Germany
+49 171 5211056 (My T-Mobile)
+49
20 matches
Mail list logo
