- From: Marcos Caceres <m.caceres@qut.edu.au>
- Date: Tue, 2 Jan 2007 21:50:14 +1000
- To: "Ed Voas" <voas@yahoo-inc.com>
- Cc: public-appformats@w3.org
Ed's right, asymmetric encryption on its own will not work for the reasons he mentioned (I would have to encrypt my widgets with your public key to send them to you securely). However, tapping into the private key infrastructure with a digital certificate will at least help with the issue of authenticity and data integrity... but only as long as the widget engine can contact the Certificate Authority (CA) to verify the authenticity of the certificate and the status of its public key. CAs, like Verisign, have more sophisticated solutions to this problem but they come at a high cost to the general developer. However, digitally signing software widgets should not be an issue for larger institutions (which can act as their own CA for widgets). The issue is still how this is all expressed inside the packaging format, which is part of what we are currently trying to standardize. Kind regards, Marcos On 12/31/06, Ed Voas <voas@yahoo-inc.com> wrote: > > Hi, > > Unfortunately, no. For you to encrypt something that a widget engine could > read using asymmetrical encryption, I'd have to give you my public key. So > far so good, but then for me to read it, I'd still need to have my private > key in my software. Once there, it's effectively compromised. Even if the > private key was somehow protected, you'd have to have the key to unlock it > in your software. The only way to mitigate that would be to have a system > where each copy of the software had its own private key and have it such > that to run a protected widget it would have to be encrypted using that > engine's public key. This is unwieldy and prevents you from just putting > your software out there as a simple package for anyone to download. > > --Ed > > > On Dec 30, 2006, at 10:18 AM, mozer wrote: > > > On 12/30/06, Ed Voas <voas@yahoo-inc.com> wrote: > > > > The problem I see with encrypting content is that you'll need to use > > a shared secret. That secret will be in the source code of the widget > > runner. This is something that I know our security peeps would have > > an issue with. This is actually the main reason we don't have any > > true encryption in our stuff to date. Does anyone know a good way to > > pull this off with no shared secrets? > > That's the aim of asymetric encryption > The emittor has a private key > Emit a public key out of that private one > And encrypt with his private key > You can decrypt with the public key > But nobody can encrypt with the public key, so nobody share the secret with > the emittor > > Does this help you? > > Xmlizer > > > -- Marcos Caceres http://datadriven.com.au
Received on Tuesday, 2 January 2007 11:50:27 UTC