W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2011

Re: [widgets] Dig Sig spec

From: Marcos Caceres <marcosscaceres@gmail.com>
Date: Wed, 4 May 2011 17:10:33 +0200
To: timeless <timeless@gmail.com>
Cc: public-webapps@w3.org
Message-ID: <B522EF7AEFA54B60A28A0C08094CC719@gmail.com>

On Tuesday, May 3, 2011 at 12:00 AM, timeless wrote: 
> It's pretty much impossible for me to figure out which things are new
> or which i've missed in previous rounds. (It's also possible that I
> didn't review this spec, in which case, I'm sorry.) I don't believe
> these comments significantly affect the document, i.e. they're mostly
> editorial, although some are technically errors which should
> definitely be fixed.
> 
> http://dev.w3.org/2006/waf/widgets-digsig/
> 
> > A widget package can be digitally signed by an author to produce a signature file
> > that cryptographically includes all of the files of a widget package that are not
> 
> i don't think "includes" is right, perhaps "covers" or "attests".
> 
Covers it is. 


> > A user agent or other entity can use author signature to determine:
> 
> use _an_ author

fixed. 
> 
> > As the following terms are used throughout this specification, they are gathered here for the readers convenience.
> 
> reader's

fixed 
> 
> > A file name is the name of a file contained in a widget package (excludes path information), as defined in the [Widgets Packaging] specification.
> 
> probably s/excludes/excluding/
fixed 
> 
> > Set the a URI attribute for each ds:Reference to be the zip relative path that identifies a file inside the widget package.
> 
> drop "a"
I changed it "the fie"... just saying "file" 
> >  Generate a identifier property in the manner specified in [Signature Properties].
> 
> an
fixed 
> 
> >  Serialized the signature as a [UTF-8] encoded [XML] document using the appropriate naming convention depending on its role:
> 
> Serialize ? (present tense, action/command v. past tense)
> 
Fixed. 
> > To validate the siganture files of a widget package, a validator MUST run the algorithm to validate digital signatures.
> 
> signature is misspelled
fixed 
> 
> > terminate this algorithm and treat as an unsigned widget package:
> 
> treat _it_ as...

fixed 
> 
> >  Check that signature has a ds:Reference for every file that is not a signature file. If every non-signature file is not included, then signature is in error.
> 
> s/every/any/
> s/not included/not listed/
fixed and fixed 
> 
> >  If the role property is missing or or invalid, then signature is in error.
> 
> s/or or/or/
fixed 
> 
> >  If all signatures validated successfully, treat this as a signed widget package.
> 
> s/validated/validate/

fixed 
> 
> >  Search the root of the widget package for any file name that case-sesitively
> 
> sensitively is misspelled
> 

Fixed. 
> > This implies that, in order to verify a signature file, a user agent need
> 
> needs
> 

fixed 
> > A signature .. does not limit .. decompression and unpacking code used during signature extraction and verification.
> 
> This doesn't seem to be a complete thought.

Agreed. This is redundant anyway so I killed it. I just said in the first paragraph: "the security considerations of [Widget Packaging] also apply to this specification." 
> 
> > A signature file can also be renamed, which can affect the order in which distributor signatures are processed.
> 
> This could have been addressed by embedding the signature file name
> into the file, oh well :)
True... oh well. Something for v2, I guess. 
> 
> > Mechanisms to install new root certificates in a user agent need to be subject to security critical mechanisms.
> 
> 'security critical mechanisms' doesn't sound right
Agreed. Removed that sentence. Changed the paragraph to: 

 If the user agent supports installing a new root certificate, an end-user should be made aware of what they are doing, and why. 

Thanks for the review, Josh! 
Received on Wednesday, 4 May 2011 15:11:04 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:45 GMT