W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2008


From: Arve Bersvendsen <arveb@opera.com>
Date: Thu, 04 Dec 2008 15:36:45 +0100
To: public-webapps@w3.org
Cc: "Arthur Barstow" <art.barstow@nokia.com>
Message-ID: <op.ulm6vj2abyn2jm@galactica>

Opera's current position is that we do not wish to allow partial signing, as 

a) Unsigned components in a signed package can always in some way be treated as executable code, and thus it undermines any security model, or forces vendors to implement a much more complex tainting model for the content.

b) As for having different signatures for different components: While this is slightly less problematic, it should not fall in under use cases solved for any v1.0 specification, as it also complicates any security model too much at this stage.

Arve Bersvendsen

Developer, Opera Software ASA, http://www.opera.com/
Received on Thursday, 4 December 2008 14:37:32 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:26:13 UTC