+1
I do not understand the attack, but can envision cases where
precluding access could cause problems. Examples might be user see
what is signed or access to signature properties.
Is this an access control issue rather than a general specification
rule?
regards, Frederick
Frederick
Hi Art,
On 4/13/09 1:03 PM, Arthur Barstow wrote:
On Apr 9, 2009, at 1:44 PM, ext Marcos Caceres wrote:
On 4/9/09 3:56 PM, Arthur Barstow wrote:
On Apr 9, 2009, at 9:52 AM, ext Marcos Caceres wrote:
On Thu, Apr 9, 2009 at 2:17 PM, Priestley, Mark, VF-Group
mark.priest...@vodafone.com
Hi Art, All,
If there is no use case for accessing this information (I was after why
you would want to access this information because I think just saying it
might be interesting to do so isn't justification enough), then I think
my original proposal holds - make the signature files unavailable
On Thu, Apr 9, 2009 at 2:17 PM, Priestley, Mark, VF-Group
mark.priest...@vodafone.com wrote:
Hi Art, All,
If there is no use case for accessing this information (I was after why
you would want to access this information because I think just saying it
might be interesting to do so isn't
On 4/9/09 3:56 PM, Arthur Barstow wrote:
On Apr 9, 2009, at 9:52 AM, ext Marcos Caceres wrote:
On Thu, Apr 9, 2009 at 2:17 PM, Priestley, Mark, VF-Group
mark.priest...@vodafone.com wrote:
Hi Art, All,
If there is no use case for accessing this information (I was after why
you would want to
Mark - during the March 5 widgets voice conference we discussed this
issue that you raised [1]. Marcos created this issue from the
following e-mail thread:
http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/
0521.html
A couple of the people on the call asked for some more
ISSUE-83 (digsig should not be read at runtime): Instantiated widget should not
be able to read digital signature [Widgets]
http://www.w3.org/2008/webapps/track/issues/83
Raised by: Mark Priestley
On product: Widgets
Need to mention somewhere that the digital signature must not be accessible