Re: [widget-digsig] Updated Editors Draft of Widget Signature from Frederick Hirsch on 2009-03-27 (public-webapps@w3.org from January to March 2009)

From: Frederick Hirsch <Frederick.Hirsch@nokia.com>
Date: Fri, 27 Mar 2009 16:48:02 -0400
To: Hirsch Frederick (Nokia-CIC/Boston) <Frederick.Hirsch@nokia.com>
Cc: WebApps WG <public-webapps@w3.org>, Marcos Caceres <marcosscaceres@gmail.com>, "Barstow Art (Nokia-CIC/Boston)" <Art.Barstow@nokia.com>
Message-Id: <80521385-94B4-4C9E-8040-F4344105A726@nokia.com>

I ran this through the W3C validator and fixed validation errors and  
warnings, it now validates cleanly.

regards, Frederick

Frederick Hirsch
Nokia



On Mar 27, 2009, at 3:02 PM, Hirsch Frederick (Nokia-CIC/Boston) wrote:

> I have completed a major round of editorial updates to the Widget
> Signature editors draft.
>
> http://dev.w3.org/2006/waf/widgets-digsig/
>
> This is intended to be our public working draft for Monday, so please
> review the changes. Thanks to all who commented. This does not include
> changes for issues that might require more discussion.
>
> The document date and type (working draft vs editors draft) should be
> changed upon final publication.
>
> Changes to note (and please review)
>
> 1. Added new section, "Conventions".
>
> Note that I attempted to give examples of the formats rather than
> describe the formatting, since the formatting is based on a style
> sheet that might change.
>
> 2. Added reference for OCSP ( RFC 2560 ) and removed reference for
> X509 v3, referring to RFC 5280 instead. Reference RFC 5280 at first
> reference of CRL
>
> http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/ 
> 0980.html
>
> 3. Generally changed "widget archive" to "widget package"
>
> 4. Completed changes agreed in
> http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/ 
> 0969.html
>
> see [1] below
>
> 5. Completed changes agreed in
> http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/ 
> 0970.html
>
> see [2] below
>
> 6.  Completed changes agreed in
> http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/ 
> 0972.html
>
> see [3] below
>
> 7.  Completed changes agreed in
> http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/ 
> 0973.html
>
> see [4] below
>
> 8. Replaced two lower case "must" with "MUST"
>
> 9. Removed trust anchor text in 7.3:
> "The set of acceptable trust anchors, and policy  decisions based on
> the signer's identity are established through a security-critical out-
> of-band mechanism."
> http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/ 
> 0982.html
>   regards, Frederick
>
> Frederick Hirsch
> Nokia
>
> [1] added
> <p>Numerical order is the order based on the numeric portion of the
> signature file name. Thus the highest numbered distributor signature
>   would be validated first.</p>
> to section 4, #6
> ---
>
> replace
> <p>The ordering by
> <span>file name</span> can be used to allow consistent
> processing and possible
> optimization.
>
> in section 4 #6 with
>
> "Ordering of widget signature files by the numeric portion of the file
> name can be used to allow consistent processing and possible
> optimization."
>
> ===
> [2]
>
> 1. Section 1: "... with XML signatures that each cryptographically
>> include all of the non-signature ..."
>>
>> should become (missing "s")
>>
>> "... with XML signatures that each cryptographically includes all of
>> the non-signature ..."
>>
>
> 2. Unify "case sensitive" phrase. There are now both "case-
>> sensitive" and "case sensitive" present in the text.
>>
> ok, lets go with "case-sensitive" since Websters has that.
>
> a) Replace "root of the archive" with "root of the widget"
>>
>
> "root of the widget package", as you corrected in later email
> ok
>
>  6. Section 4, item 5: ".. treat this as.." -> what is "this"? I
>> suggest to change the text to "... treat this widget package as ..."
>
> 7. Section 4, item 6: "Validate the signature files in the
>> signatures list" -> "signatures" looks weird, the cause is <var> vs.
>> <code> in HTML.
>
> 8. Section 5.3.1: "A file entry whose file name that does not match
>> the" -> "that" should be removed
>
> 10. Section 7.2: The time SHOULD reflect the time that signature
>> generation completes. -> The time SHOULD reflect the time when
>> signature generation completed.
>
> 11. Section 7.3: If present then user agents MUST perform Basic ->
>> If present, the user agents MUST perform Basic
> user agent..
>
> 12. Section 9.2.1: The time SHOULD reflect the time that signature
>> generation completes. -> The time SHOULD reflect the time when
>> signature generation completed.
>>
>
> ====
> [3]
>
> <p>These signatures <em class="ct">MUST</em> be sorted numerically
>           based on the numeric
>       portion of the name. </p>
>
> to
>
> Within a widget package these signature files MUST be ordered based
>> on the numeric portion of the signature file name."
> ====
> [4]
>
> "The RECOMMENDED version of the certificate format is X.509 version 3
> [X509v3]. Implementations MUST be prepared to accept X.509 v3
> certificates [X509v3], [RFC5280]. "
> could become
> "The RECOMMENDED version of the certificate format is X.509 version 3
> as specified in [RFC5280]. Implementations MUST be prepared to accept
> X.509 v3 certificates [RFC5280]."
>
> removed X509 v3 reference.
>
> ====
>

Received on Friday, 27 March 2009 20:49:49 UTC