W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2009

Re: Reminder: January 31 comment deadline for LCWD of Widgets 1.0: Packaging & Configuration spec

From: Marcos Caceres <marcosc@opera.com>
Date: Mon, 2 Mar 2009 14:29:33 +0100
Message-ID: <b21a10670903020529g73100411r1d574b8ed5d09f2d@mail.gmail.com>
To: "Hillebrand, Rainer" <Rainer.Hillebrand@t-mobile.net>
Cc: public-webapps <public-webapps@w3.org>
Rainer,
On Mon, Mar 2, 2009 at 2:01 PM, Hillebrand, Rainer
<Rainer.Hillebrand@t-mobile.net> wrote:
> Dear Marcos,
>
> I have some doubts that a secure transport of a widget resource is so important in case of a signed widget resource. I would agree with you that we currently do not know how a signature is considered because we do not have a security framework and security policies that would define the use of signatures. However, if a user agent implements a security framework that enforces security policies considering signed widget resources then a secure transport will not be required. The signature shall guarantee the widget resource's integrity and authenticity. What would a secure transport add?
>


The way I see it, secure transport would add protection from a
signature being deleted from the archive or replaced all together,
with the inclusion of other files (i.e., protects from a
man-in-the-middle attack). There may be other things too, but I have
not thought of them yet.

Kind regards,
Marcos
-- 
Marcos Caceres
http://datadriven.com.au
Received on Monday, 2 March 2009 13:30:16 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:30 GMT