On 14 Apr 2009, at 16:19, Henri Sivonen wrote: > Instead of canonicalizing the manifest XML and using XML signature, > you could treat the manifest XML as a binary file and sign it the > traditional way leaving a detached binary signature in the format > customary for the signing cipher in the zip file. This would address > issues #1 and #2. The manifest isn't the issue, part of the signature itself is. The widget signing proposal already makes minimal use of canonicalization.Received on Tuesday, 14 April 2009 14:55:52 GMT
This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:31 GMT