W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2008

Re: partial signing (Re: ACTION-163)

From: Arve Bersvendsen <arveb@opera.com>
Date: Thu, 04 Dec 2008 15:51:50 +0100
To: "Thomas Roessler" <tlr@w3.org>, "Arve Bersvendsen" <arveb@opera.com>
Cc: public-webapps@w3.org, "Arthur Barstow" <art.barstow@nokia.com>
Message-ID: <op.ulm7koxqbyn2jm@galactica>

On Thu, 04 Dec 2008 15:42:46 +0100, Thomas Roessler <tlr@w3.org> wrote:

>
> Have you considered what the requirements would be for external  
> resources, e.g., scripts sourced through a script tag?

That would have to be determined by a security model that applies to the signed package. Opera's implementation could for instance allow:

<script src="https://good.example.com/script.js"></script>

... while it could deny 

<script src="http://bad.example.com/script.js"></script>

-- 
Arve Bersvendsen

Developer, Opera Software ASA, http://www.opera.com/
Received on Thursday, 4 December 2008 14:52:35 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:28 GMT