W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2009

Re: AW: Re: [BONDI Architecture & Security] [widgets] new digsig draft

From: Frederick Hirsch <Frederick.Hirsch@nokia.com>
Date: Thu, 26 Mar 2009 17:12:07 -0400
Cc: Frederick Hirsch <Frederick.Hirsch@nokia.com>, Thomas Roessler <tlr@w3.org>, "Hillebrand, Rainer" <Rainer.Hillebrand@t-mobile.net>, "Mark.Priestley@vodafone.com" <Mark.Priestley@vodafone.com>, "marcosc@opera.com" <marcosc@opera.com>, "paddy@aplix.co.jp" <paddy@aplix.co.jp>, "public-webapps@w3.org" <public-webapps@w3.org>, "otsi-arch-sec@omtplists.org" <otsi-arch-sec@omtplists.org>
Message-Id: <2EE1BF79-AB20-40B2-BC69-58019C76E200@nokia.com>
To: ext Marcin Hanclik <Marcin.Hanclik@access-company.com>
I agree with what Thomas said as well. I  suggest we think about  
whether we really  need to change the specification since I read what  
is there as consistent with what Thomas wrote.

The intent is to flag a signature as an "author signature" - more  
detail is in my opinion in the same category as policy and other such  
important considerations, which we have not detailed in the  
specification.

regards, Frederick

Frederick Hirsch
Nokia



On Mar 26, 2009, at 5:06 PM, ext Marcin Hanclik wrote:

> Hi,
>
> I support this view.
> In the whole design of various widget signatures it seems important  
> that there is a list of signatures and from this list one is the  
> distinguished one.
> Naming of the signatures is not very important, I think.
> The term "author" is not defined anywhere. It does not have to be a  
> human being.
> Probably sooner or later (depending on the market) the author could  
> be someone/some entity/something who/that takes the responsibility  
> for what the widget actually does -  as pointed out by Thomas - or  
> who/that initiated some idea behind the widget's functionality.
> What then the distributor signatures are for?
> I assume some responsibility could also be assigned to them, but it  
> is out of the scope of the standard that is to only cover the  
> technical aspects.
> Verification of integrity and signature are one thing, and  
> responsibilities are covered by other agreements.
> I understand that the author signature could also be used to honour  
> the actual developer (a person) of the widget, but this seems to be  
> just some principle in the business world.
>
> Thanks.
>
> Kind regards,
> Marcin
> ________________________________________
> From: public-webapps-request@w3.org [public-webapps-request@w3.org]  
> On Behalf Of Thomas Roessler [tlr@w3.org]
> Sent: Thursday, March 26, 2009 7:05 PM
> To: Hillebrand, Rainer
> Cc: frederick.hirsch@nokia.com; Mark.Priestley@vodafone.com; marcosc@opera.com 
> ; paddy@aplix.co.jp; public-webapps@w3.org; otsi-arch-sec@omtplists.org
> Subject: Re: AW: Re: [BONDI Architecture & Security] [widgets] new  
> digsig draft
>
> What the author certificate lets you verify is whether a single party
> is taking responsibility for two widgets.
>
> There is indeed no *proof* of authorship here, but a statement that
> the signer is willing to assume the blame for being the widget's
> author.  Which is all we need, no?
> --
> Thomas Roessler, W3C  <tlr@w3.org>
>
>
>
>
>
>
>
> On 26 Mar 2009, at 19:00, Hillebrand, Rainer wrote:
>
>> Dear Frederick,
>>
>> The intent is clear but the technical solution will only provide
>> confidence if you trust the owner of the author certificate. If you
>> trust the owner then it is very likely for you that a widget with
>> this author signature really comes from this author. However, there
>> is no technical relationship between the widget author and the owner
>> of the author certificate that you can technically verify.
>>
>> Best Regards,
>>
>> Rainer
>> ---------------------------------------
>> Sent from my mobile device
>>
>>
>> ----- Originalnachricht -----
>> Von: Frederick Hirsch <frederick.hirsch@nokia.com>
>> An: ext Priestley, Mark, VF-Group <Mark.Priestley@vodafone.com>
>> Cc: Frederick Hirsch <frederick.hirsch@nokia.com>; Hillebrand,
>> Rainer; marcosc@opera.com <marcosc@opera.com>; paddy@aplix.co.jp <paddy@aplix.co.jp
>>> ; public-webapps@w3.org <public-webapps@w3.org>; otsi-arch-sec@omtplists.org
>> <otsi-arch-sec@omtplists.org>
>> Gesendet: Thu Mar 26 18:34:57 2009
>> Betreff: Re: [BONDI Architecture & Security] [widgets] new digsig
>> draft
>>
>> I think I disagree, since the intent *is* to identify the author,  
>> that
>> is the semantics, and this proposed change makes it less clear.
>>
>> Of course we can argue whether or not you achieve that if you cannot
>> associate the signature with the author, but that is out of scope.
>>
>>
>> regards, Frederick
>>
>> Frederick Hirsch
>> Nokia
>>
>>
>>
>> On Mar 26, 2009, at 12:58 PM, ext Priestley, Mark, VF-Group wrote:
>>
>>> Hi All,
>>>
>>> As the author signature was something I had a hand in creating let
>>> me add my 2 pence worth.
>>>
>>> Rainer is correct in that the author signature need not actually
>>> come from the author of the widget. It comes from someone who claims
>>> to be the widget's author. Whether you believe this claim depends on
>>> how much you trust the signer.
>>>
>>> In [1] the current text says:
>>>
>>> [
>>> The author signature can be used to determine:
>>>
>>>  * the author of a widget,
>>>  * that the integrity of the widget is as the author intended,
>>>  * and whether two widgets came from the same author.
>>> ]
>>>
>>> I would suggest changing this to:
>>>
>>> [
>>> The author signature can be used to:
>>>
>>>  * authenticate the identity of the entity that added the author
>>> signature to the widget package,
>>>  * confirm that no widget files have been modified, deleted or
>>> added since the generation of the author signature.
>>>
>>> The author signature may be used to:
>>>  * determine whether two widgets came from the same author.
>>> ]
>>>
>>> The reason the last point is a may is as follows:
>>>
>>> If two widgets contain author signatures that were created using the
>>> same private key then we can say that the widgets were both signed
>>> by someone who had access to that key. That would normally mean the
>>> same entity (author, company, whatever). If the owner of that key
>>> shares it with others then obviously this no longer is true.
>>> However, this is the choice of the owner of the key - normally you
>>> would not share your private key!
>>>
>>> One additional point to add. We also define a distributor signature.
>>> Distributor signatures cover the author signature. As such a
>>> distributor signature may (depending on other factors) be making an
>>> implicit statement that the distributor believes the owner of the
>>> author signature to be the widget's author.
>>>
>>> Any clearer?
>>>
>>> Thanks,
>>>
>>> Mark
>>>
>>>
>>> [1] http://dev.w3.org/2006/waf/widgets-digsig/Overview.html
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>>
>>
>>
>> T-Mobile International AG
>> Aufsichtsrat/ Supervisory Board: René Obermann (Vorsitzender/
>> Chairman)
>> Vorstand/ Board of Management: Hamid Akhavan (Vorsitzender/
>> Chairman), Michael Günther, Lothar A. Harings, Katharina Hollender
>> Handelsregister/Commercial Register Entry: Amtsgericht Bonn, HRB  
>> 12276
>> Steuer-Nr./Tax No.: 205 / 5777/ 0518
>> USt.-ID./VAT Reg.No.: DE189669124
>> Sitz der Gesellschaft/ Corporate Headquarters: Bonn
>>
>>
>>
>>
>> -----Original Message-----
>>>> From: public-webapps-request@w3.org
>>>> [mailto:public-webapps-request@w3.org] On Behalf Of Hillebrand,
>>>> Rainer
>>>> Sent: 26 March 2009 16:20
>>>> To: marcosc@opera.com; paddy@aplix.co.jp
>>>> Cc: public-webapps@w3.org; otsi-arch-sec@omtplists.org
>>>> Subject: AW: Re: [BONDI Architecture & Security] [widgets] new
>>>> digsig draft
>>>>
>>>> Dear Marcos,
>>>>
>>>> We cannot technically guarantee that the author signature
>>>> really comes from the widget's author. It is like having an
>>>> envelop with an unsigned letter. The envelop and the letter
>>>> can come from different sources even if the envelop has a  
>>>> signature.
>>>>
>>>> Best Regards,
>>>>
>>>> Rainer
>>>> ---------------------------------------
>>>> Sent from my mobile device
>>>>
>>>>
>>>> ----- Originalnachricht -----
>>>> Von: Marcos Caceres <marcosc@opera.com>
>>>> An: Paddy Byers <paddy@aplix.co.jp>
>>>> Cc: Hillebrand, Rainer; WebApps WG <public-webapps@w3.org>;
>>>> otsi-arch-sec@omtplists.org <otsi-arch-sec@omtplists.org>
>>>> Gesendet: Thu Mar 26 17:12:20 2009
>>>> Betreff: Re: [BONDI Architecture & Security] [widgets] new digsig
>>>> draft
>>>>
>>>> On Thu, Mar 26, 2009 at 4:29 PM, Paddy Byers <paddy@aplix.co.jp>
>>>> wrote:
>>>>> Hi,
>>>>>
>>>>>> Agreed. Can we say "were signed with the same certificate"
>>>>>> instead?
>>>>>
>>>>> I understood that Webapps had agreed to add a signature profile
>>>>> that
>>>>> designates a particular signature as the author signature -
>>>> and where
>>>>> this is present it is possible to come up with appropriate precise
>>>>> wording as to whether or not two packages originate from the
>>>> same author.
>>>>
>>>> Well, that's basically what we have, but Rainer seems to imply
>>>> that it is impossible to do this. I think we get as close as
>>>> we technically can to achieving that goal. However, if that
>>>> current solution is inadequate, then please send us suggestions.
>>>>
>>>> --
>>>> Marcos Caceres
>>>> http://datadriven.com.au
>>>>
>>>>
>>>> T-Mobile International AG
>>>> Aufsichtsrat/ Supervisory Board: René Obermann (Vorsitzender/
>>>> Chairman)
>>>> Vorstand/ Board of Management: Hamid Akhavan (Vorsitzender/
>>>> Chairman), Michael Günther, Lothar A. Harings, Katharina Hollender
>>>> Handelsregister/Commercial Register Entry: Amtsgericht Bonn, HRB
>>>> 12276
>>>> Steuer-Nr./Tax No.: 205 / 5777/ 0518
>>>> USt.-ID./VAT Reg.No.: DE189669124
>>>> Sitz der Gesellschaft/ Corporate Headquarters: Bonn
>>>>
>>>>
>>>
>>
>
>
>
> ________________________________________
>
> Access Systems Germany GmbH
> Essener Strasse 5  |  D-46047 Oberhausen
> HRB 13548 Amtsgericht Duisburg
> Geschaeftsfuehrer: Michel Piquemal, Tomonori Watanabe, Yusuke Kanda
>
> www.access-company.com
>
> CONFIDENTIALITY NOTICE
> This e-mail and any attachments hereto may contain information that  
> is privileged or confidential, and is intended for use only by the
> individual or entity to which it is addressed. Any disclosure,  
> copying or distribution of the information by anyone else is  
> strictly prohibited.
> If you have received this document in error, please notify us  
> promptly by responding to this e-mail. Thank you.
Received on Thursday, 26 March 2009 21:15:57 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:30 GMT