W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2009

Re: Reminder: January 31 comment deadline for LCWD of Widgets 1.0: Packaging & Configuration spec

From: Marcos Caceres <marcosc@opera.com>
Date: Mon, 2 Mar 2009 14:29:33 +0100
Message-ID: <b21a10670903020529g73100411r1d574b8ed5d09f2d@mail.gmail.com>
To: "Hillebrand, Rainer" <Rainer.Hillebrand@t-mobile.net>
Cc: public-webapps <public-webapps@w3.org>
On Mon, Mar 2, 2009 at 2:01 PM, Hillebrand, Rainer
<Rainer.Hillebrand@t-mobile.net> wrote:
> Dear Marcos,
> I have some doubts that a secure transport of a widget resource is so important in case of a signed widget resource. I would agree with you that we currently do not know how a signature is considered because we do not have a security framework and security policies that would define the use of signatures. However, if a user agent implements a security framework that enforces security policies considering signed widget resources then a secure transport will not be required. The signature shall guarantee the widget resource's integrity and authenticity. What would a secure transport add?

The way I see it, secure transport would add protection from a
signature being deleted from the archive or replaced all together,
with the inclusion of other files (i.e., protects from a
man-in-the-middle attack). There may be other things too, but I have
not thought of them yet.

Kind regards,
Marcos Caceres
Received on Monday, 2 March 2009 13:30:16 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:26:14 UTC