W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2009

Re: [widgets] Digsig optimization

From: Frederick Hirsch <Frederick.Hirsch@nokia.com>
Date: Fri, 27 Feb 2009 08:20:29 -0500
Cc: "marcosc@opera.com" <marcosc@opera.com>, "public-webapps@w3.org WG" <public-webapps@w3.org>, "ext Priestley, Mark, VF-Group" <Mark.Priestley@vodafone.com>
Message-Id: <B45C8CEB-2A05-4577-AD70-4AEFD61EDB7D@nokia.com>
To: "Hirsch Frederick (Nokia-CIC/Boston)" <Frederick.Hirsch@nokia.com>
obviously I meant every non-signature file etc

regards, Frederick

Frederick Hirsch
Nokia



On Feb 27, 2009, at 8:18 AM, Hirsch Frederick (Nokia-CIC/Boston) wrote:

> Marcos
>
> Yes, logically there would be two self contained signatures with
> references to every file in the package.
>
> Again Policy indicates which signatures must be verified. What does
> the packaging spec currently say? To date it has been one distributor
> spec that must be verified. We should be clearer on this - I think
> this goes with the changes we make regarding filename sorting and
> processing.
>
> However if both are to be verified, and if the algorithms are the same
> (which is currently the case given one hash algorithm in widget
> signatures) an implementation could be smart and calculate the
> reference hashes once, eliminating that overhead if it were a concern.
>
> regards, Frederick
>
> Frederick Hirsch
> Nokia
>
>
>
> On Feb 27, 2009, at 6:48 AM, ext Marcos Caceres wrote:
>
>> Hi Frederick, Mark,
>> I have a concern wrt the author signature. It seems that both the
>> author signature and the distributor signature need to sign every  
>> file
>> in the package. Does this mean that, to verify a package, you would
>> need to effectively verify everything in the package twice? or is
>> verification of the author signature optional?
>>
>> Kind regards,
>> Marcos
>>
>>
>> --
>> Marcos Caceres
>> http://datadriven.com.au
>
Received on Friday, 27 February 2009 13:21:47 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:30 GMT