Dear Marcos,
We cannot technically guarantee that the author signature really comes from the
widget's author. It is like having an envelop with an unsigned letter. The
envelop and the letter can come from different sources even if the envelop has
a signature.
Best Regards,
Rainer
Sent: 26 March 2009 16:20
To: marc...@opera.com; pa...@aplix.co.jp
Cc: public-webapps@w3.org; otsi-arch-...@omtplists.org
Subject: AW: Re: [BONDI Architecture Security] [widgets] new
digsig draft
Dear Marcos,
We cannot technically guarantee that the author signature
really comes from
Of Hillebrand,
Rainer
Sent: 26 March 2009 16:20
To: marc...@opera.com; pa...@aplix.co.jp
Cc: public-webapps@w3.org; otsi-arch-...@omtplists.org
Subject: AW: Re: [BONDI Architecture Security] [widgets] new
digsig draft
Dear Marcos,
We cannot technically guarantee that the author signature
really comes
(removing cross-posting since it doesn't work for mail from everyone)
I'd like to point out that section 5.2 says what an author signature
*can* do. I'm strongly against muddying this to account for various
edge cases - I agree with Thomas that the meaning is clear.
However I understand
I think the draft provides enough assurance for the intended level of
use. If you want higher levels of assurance more will be required, but
I don't believe we have a requirement here for that.
regards, Frederick
Frederick Hirsch
Nokia
On Mar 26, 2009, at 12:20 PM, ext Hillebrand, Rainer
, March 26, 2009 7:05 PM
To: Hillebrand, Rainer
Cc: frederick.hir...@nokia.com; mark.priest...@vodafone.com; marc...@opera.com
; pa...@aplix.co.jp; public-webapps@w3.org; otsi-arch-...@omtplists.org
Subject: Re: AW: Re: [BONDI Architecture Security] [widgets] new
digsig draft
What the author
, March 26, 2009 10:38 PM
To: Hillebrand, Rainer
Cc: marc...@opera.com; pa...@aplix.co.jp; public-webapps@w3.org;
otsi-arch-...@omtplists.org
Subject: Re: AW: Re: [BONDI Architecture Security] [widgets] new digsig draft
Suggestion:
The author signature asserts that the signing party is an author
Hi,
I have been trying to identify the term author in Widget specs.
I think we're in danger of getting into details that are irrelevant for the
PC specification.
This spec should define what information is asserted by the presence of the
author and distributor signatures.
It is up to a