- From: Marcos Caceres <marcosc@opera.com>
- Date: Sat, 28 Mar 2009 11:17:47 +0100
- To: Frederick Hirsch <frederick.hirsch@nokia.com>
- Cc: WebApps WG <public-webapps@w3.org>, Arthur Barstow <art.barstow@nokia.com>
Hi Frederick, Thank you for making the corrections. As the W3C has always requested that we have the publication fully ready to publish, I've gone ahead and made the following changes to the processed document (Overview.html): * Changed date to of the document to the 31 of March (as indicated by the W3C in their response to our request to publish) * changed the style sheet to use the W3C's WD version. * Changed the status from Editor's Draft to W3C Working Draft. Document is now ready to. Nice work everyone :) Kind regards, Marcos On Fri, Mar 27, 2009 at 8:02 PM, Frederick Hirsch <frederick.hirsch@nokia.com> wrote: > I have completed a major round of editorial updates to the Widget Signature > editors draft. > > http://dev.w3.org/2006/waf/widgets-digsig/ > > This is intended to be our public working draft for Monday, so please review > the changes. Thanks to all who commented. This does not include changes for > issues that might require more discussion. > > The document date and type (working draft vs editors draft) should be > changed upon final publication. > > Changes to note (and please review) > > 1. Added new section, "Conventions". > > Note that I attempted to give examples of the formats rather than describe > the formatting, since the formatting is based on a style sheet that might > change. > > 2. Added reference for OCSP ( RFC 2560 ) and removed reference for X509 v3, > referring to RFC 5280 instead. Reference RFC 5280 at first reference of CRL > > http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/0980.html > > 3. Generally changed "widget archive" to "widget package" > > 4. Completed changes agreed in > http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/0969.html > > see [1] below > > 5. Completed changes agreed in > http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/0970.html > > see [2] below > > 6. Completed changes agreed in > http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/0972.html > > see [3] below > > 7. Completed changes agreed in > http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/0973.html > > see [4] below > > 8. Replaced two lower case "must" with "MUST" > > 9. Removed trust anchor text in 7.3: > "The set of acceptable trust anchors, and policy decisions based on the > signer's identity are established through a security-critical out-of-band > mechanism." > http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/0982.html > regards, Frederick > > Frederick Hirsch > Nokia > > [1] added > <p>Numerical order is the order based on the numeric portion of the > signature file name. Thus the highest numbered distributor signature > would be validated first.</p> > to section 4, #6 > --- > > replace > <p>The ordering by > <span>file name</span> can be used to allow consistent > processing and possible > optimization. > > in section 4 #6 with > > "Ordering of widget signature files by the numeric portion of the file > name can be used to allow consistent processing and possible > optimization." > > === > [2] > > 1. Section 1: "... with XML signatures that each cryptographically >> include all of the non-signature ..." >> >> should become (missing "s") >> >> "... with XML signatures that each cryptographically includes all of >> the non-signature ..." >> > > 2. Unify "case sensitive" phrase. There are now both "case- >> sensitive" and "case sensitive" present in the text. >> > ok, lets go with "case-sensitive" since Websters has that. > > a) Replace "root of the archive" with "root of the widget" >> > > "root of the widget package", as you corrected in later email > ok > > 6. Section 4, item 5: ".. treat this as.." -> what is "this"? I >> suggest to change the text to "... treat this widget package as ..." > > 7. Section 4, item 6: "Validate the signature files in the >> signatures list" -> "signatures" looks weird, the cause is <var> vs. >> <code> in HTML. > > 8. Section 5.3.1: "A file entry whose file name that does not match >> the" -> "that" should be removed > > 10. Section 7.2: The time SHOULD reflect the time that signature >> generation completes. -> The time SHOULD reflect the time when >> signature generation completed. > > 11. Section 7.3: If present then user agents MUST perform Basic -> >> If present, the user agents MUST perform Basic > user agent.. > > 12. Section 9.2.1: The time SHOULD reflect the time that signature >> generation completes. -> The time SHOULD reflect the time when >> signature generation completed. >> > > ==== > [3] > > <p>These signatures <em class="ct">MUST</em> be sorted numerically > based on the numeric > portion of the name. </p> > > to > > Within a widget package these signature files MUST be ordered based >> on the numeric portion of the signature file name." > ==== > [4] > > "The RECOMMENDED version of the certificate format is X.509 version 3 > [X509v3]. Implementations MUST be prepared to accept X.509 v3 certificates > [X509v3], [RFC5280]. " > could become > "The RECOMMENDED version of the certificate format is X.509 version 3 > as specified in [RFC5280]. Implementations MUST be prepared to accept > X.509 v3 certificates [RFC5280]." > > removed X509 v3 reference. > > ==== > > -- Marcos Caceres http://datadriven.com.au
Received on Saturday, 28 March 2009 10:18:55 UTC