Have you considered what the requirements would be for external resources, e.g., scripts sourced through a script tag? -- Thomas Roessler, W3C <tlr@w3.org> On 4 Dec 2008, at 15:36, Arve Bersvendsen wrote: > > Opera's current position is that we do not wish to allow partial > signing, as > a) Unsigned components in a signed package can always in some way be > treated as executable code, and thus it undermines any security > model, or forces vendors to implement a much more complex tainting > model for the content. > > b) As for having different signatures for different components: > While this is slightly less problematic, it should not fall in under > use cases solved for any v1.0 specification, as it also complicates > any security model too much at this stage. > > -- > Arve Bersvendsen > > Developer, Opera Software ASA, http://www.opera.com/ >Received on Thursday, 4 December 2008 14:42:56 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:43:01 GMT