W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2008

Updated Editors Draft of Widgets Digital Signatures

From: Frederick Hirsch <frederick.hirsch@nokia.com>
Date: Wed, 17 Dec 2008 18:58:44 -0500
Cc: Frederick Hirsch <frederick.hirsch@nokia.com>, public-webapps <public-webapps@w3.org>, ext Thomas Roessler <tlr@w3.org>
Message-Id: <4ABCF973-1AD2-4DED-8840-9D418A70414A@nokia.com>
To: Marcos Caceres <marcosscaceres@gmail.com>, VF-Group ext Priestley Mark <Mark.Priestley@vodafone.com>

I updated the Editors draft of Widgets Digital Signatures with the  
following changes:

Updated reference for Canonical XML to Canonical XML 1.1
Updated reference for XML SIgnature to Second Edition
Fixed bibliographic links in document
Fixed validation error, correcting numbering of document sections
Additional minor editorial update

regards, Frederick

Frederick Hirsch
Nokia



On Dec 16, 2008, at 5:43 AM, ext Thomas Roessler wrote:

> I suggest to remove the editorial note currently present in section  
> 8 of the Editor's Draft.
>
> Instead, add the following to the Security Considerations section:
>
>> The signature scheme described in this document deals with the  
>> content present inside a compressed widget package. This implies  
>> that, in order to verify a widget signature, implementations need  
>> to uncompress a data stream that can come from an arbitrary  
>> source.  A signature according to this specification does <em>not</ 
>> em> limit the attack surface of decompression and unpacking code  
>> used during signature extraction and verification.
>
>> Care should be taken to avoid resource exhaustion attacks through  
>> maliciously crafted Widget archives during signature verification.
>
>> Implementations that store the content of widget archives to the  
>> file system during signature verification must not trust any path  
>> components of file names present in the archive, to avoid  
>> overwriting of arbitrary files during signature verification.
>
> (In other words, the zip archive isn't signed, and bad things might  
> happen if signature verification is implemented naively.)
>
> --
> Thomas Roessler, W3C  <tlr@w3.org>
>
>
>
>
>
>
>
Received on Wednesday, 17 December 2008 23:59:35 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:29 GMT