W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2009

Re: [BONDI Architecture & Security] [widgets] new digsig draft

From: Frederick Hirsch <frederick.hirsch@nokia.com>
Date: Fri, 27 Mar 2009 13:55:02 -0400
Cc: Frederick Hirsch <frederick.hirsch@nokia.com>, "marcosc@opera.com" <marcosc@opera.com>, WebApps WG <public-webapps@w3.org>
Message-Id: <76496DB3-D47D-47B7-AA1B-2FE0EB354C9A@nokia.com>
To: "ext Hillebrand, Rainer" <Rainer.Hillebrand@t-mobile.net>
comments inline, thanks for reviewing this


regards, Frederick

Frederick Hirsch
Nokia



On Mar 27, 2009, at 1:26 PM, ext Hillebrand, Rainer wrote:

> Dear Marcos,
>
> I hope to have less critical comments than in my last feedback email.
>
> 1. Section 7.1: change "The ds:SignatureMethod algorithm used in the  
> ds:SignatureValue element MUST one of the signature algorithms." to  
> "The ds:SignatureMethod algorithm used in the ds:SignatureValue  
> element MUST be one of the signature algorithms."

ok

>
>
> 2. Section 7.1: "The ds:KeyInfo element MAY be included and MAY  
> include certificate, CRL and/or OCSP information.": CRL and OCSP are  
> not defined before. Do you have a reference for these abbreviations?

will add RFC references. (but should be common to those familar with  
certs )

>
>
> 3. Section 7.3: "The set of acceptable trust anchors, and policy  
> decisions based on the signer's identity are established through a  
> security-critical out-of-band mechanism." I do not really understand  
> this sentence. This is not subject for the processing rules, isn't  
> it? What is an acceptable trust anchor? Are they really established  
> or may they be established?

knowing  whom you can trust and how to establish that trust is out of  
scope.

>
>
> 4. Section 8: change "Care should be taken to avoid resource  
> exhaustion attacks through maliciously crafted Widget archives  
> during signature verification." to "Care should be taken to avoid  
> resource exhaustion attacks through maliciously crafted [widget  
> package]s during signature validation."

ok

>
>
> 5. Section 8: change "Implementations should be careful about  
> trusting path components found in the zip archive" to  
> "Implementations should be careful about trusting path components  
> found in the [widget package]"

ok

>
>
> 6. Section 8: change "and naive unpacking of widget archives into"  
> to "and naive unpacking of [widget package]s into"
>
ok

> 7. Section 8: change "e.g., overwriting of startup or system files"  
> to "e.g. overwriting of startup or system files"
>
No, I believe the correct usage is to have the comma. e.g. means  
"exempli gratia" , meaning "for example".
Thus
for example, some text
I think we should change to "for example" in this case.


> 8. Section 8: change "There is no single signature file that  
> includes all contents of a widget, including all of the signatures."  
> to "There is no single signature file that includes all files of a  
> [widget package], including all of the signature files."

ok, since everything is a file

>
>
> 9. Section 8: change "This leaves a widget package subject to an  
> attack where distributor signatures can be removed (and an author  
> signature if any corresponding distributor signature is also  
> removed), or added." to "This leaves a widget package subject to an  
> attack where distributor signatures can be removed or added. An  
> author signature could also be attacked by removing it and any  
> distributor signatures if they are present."

better, thanks

>
>
> Best Regards,
>
> Rainer
>
> *************************************
> T-Mobile International
> Terminal Technology
> Rainer Hillebrand
> Head of Terminal Security
> Landgrabenweg 151, D-53227 Bonn
> Germany
>
> +49 171 5211056 (My T-Mobile)
> +49 228 936 13916 (Tel.)
> +49 228 936 18406 (Fax)
> E-Mail: rainer.hillebrand@t-mobile.net
>
> http://www.t-mobile.net
>
> This e-mail and any attachment are confidential and may be  
> privileged. If you are not the intended recipient, notify the sender  
> immediately, destroy all copies from your system and do not disclose  
> or use the information for any purpose.
>
> Diese E-Mail inklusive aller Anhänge ist vertraulich und könnte  
> bevorrechtigtem Schutz unterliegen. Wenn Sie nicht der beabsichtigte  
> Adressat sind, informieren Sie bitte den Absender unverzüglich,  
> löschen Sie alle Kopien von Ihrem System und veröffentlichen Sie  
> oder nutzen Sie die Information keinesfalls, gleich zu welchem Zweck.
>
>
> T-Mobile International AG
> Aufsichtsrat/ Supervisory Board: René Obermann (Vorsitzender/  
> Chairman)
> Vorstand/ Board of Management: Hamid Akhavan (Vorsitzender/  
> Chairman), Michael Günther, Lothar A. Harings, Katharina Hollender
> Handelsregister/Commercial Register Entry: Amtsgericht Bonn, HRB 12276
> Steuer-Nr./Tax No.: 205 / 5777/ 0518
> USt.-ID./VAT Reg.No.: DE189669124
> Sitz der Gesellschaft/ Corporate Headquarters: Bonn
>
Received on Friday, 27 March 2009 17:56:17 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:30 GMT