W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2009

[widgets-digsig] Editors Draft update and open issues

From: Frederick Hirsch <Frederick.Hirsch@nokia.com>
Date: Mon, 16 Mar 2009 10:35:39 -0400
Message-Id: <63D5F223-471C-44DF-B520-CFF5BD24443C@nokia.com>
To: WebApps WG <public-webapps@w3.org>
Cc: Frederick Hirsch <Frederick.Hirsch@nokia.com>
I have updated the Widgets Signature editors draft [1] according to  
the following, please review the changes:

1) Added ABNF update

http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/0731.html
and
http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/0732.html

See section 1.2, 5.2, 5.3 and References

2) Added ds:Reference constraint

http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/0742.html

See section 5.1 and References.

3) Clarified and updated security considerations text

http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/0750.html

See section 8.

4) Misc editorial cleanup

http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/0743.html

Security considerations as noted for 3, and clear editorial comments.

Throughout.

The following issues are still open (see message 743):

a) Remove "Only the first distributor signature MUST be processed." ?

I think I agree that Widgets Signature should be silent on this. if  
so, where is this going to be noted?
Agreement to remove?

b) Remove DSAwithSHA1 requirement? Status of requirement R47 (Section  
2)?
" Support for Multiple Signature Algorithms: DSA-SHA-1, RSA-SHA-1, DSA- 
SHA-256 and RSA-SHA-256."

c) I suggest removing the restatement of algorithm requirements in  
section 7.1 , specifically remove #5a and #5b.

Are there any other changes needed that we are aware of?

Thanks

regards, Frederick

Frederick Hirsch
Nokia

[1] http://dev.w3.org/2006/waf/widgets-digsig/
Received on Monday, 16 March 2009 14:45:15 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:30 GMT