RE: [widgets] Digital Signatures

Hi, 

>-----Original Message-----
>From: public-appformats-request@w3.org 
>[mailto:public-appformats-request@w3.org] On Behalf Of ext 
>Thomas Roessler
>Sent: 04 April, 2008 16:30
>To: Marcos Caceres
>Cc: WAF WG (public)
>Subject: Re: [widgets] Digital Signatures

>
>- Why use ds:Manifest?  Thats for holding ds:Reference elements that
>  you don't necessarily want to dereference, e.g., because you've
>  several signatures for the same URI reference (signing multiple
>  representations), or because you've signature semantics that make
>  verifying signatures on certain resources optional.  I don't think
>  that's the case here.
>  
>  On the other hand, if you just use a collection ds:Reference
>  elements which are direct children of ds:SignedInfo, XML Signature
>  core validation will ensure that all resources are signed.
>

The original proposal had support for multiple signatures, e.g. by
multiple parties. That's the reason for using Manifest, i.e. in order to
avoid repeating the list of references for every signature.

I guess later on, the use case for multiple signatures was considered
not important enough to support. So, in this case Manifest is not really
necessary.

/Olli

Olli Immonen
Nokia Research Center
Helsinki, Finland
olli.immonen@nokia.com

>Regards,
>--
>Thomas Roessler, W3C  <tlr@w3.org>
>
>
>On 2008-03-19 16:28:22 +1000, Marcos Caceres wrote:
>> From: Marcos Caceres <marcosscaceres@gmail.com>
>> To: "WAF WG (public)" <public-appformats@w3.org>
>> Date: Wed, 19 Mar 2008 16:28:22 +1000
>> Subject: [widgets] Digital Signatures
>> List-Id: <public-appformats.w3.org>
>> X-Spam-Level: 
>> Archived-At: 
><http://www.w3.org/mid/b21a10670803182328i57a52be2va471dff2f5e0
>e01e@mail.gmail.com>
>> X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.1.6
>> 
>> 
>> Hi All,
>> I've updated the digital signature spec [1]. I've modified the
>> verification algorithm so that literal comparisons of file/folder
>> names are done in UTF-8. I also checked what happens when you sign an
>> empty directory (nothing special happens:)), so all file/folder
>> entries are treated equally.
>> 
>> Any feedback is greatly appreciated.
>> 
>> Kind regards,
>> Marcos
>> [1]   http://dev.w3.org/2006/waf/widgets-digsig/
>> -- 
>> Marcos Caceres
>> http://datadriven.com.au
>> 
>> 
>
>
>

Received on Friday, 4 April 2008 14:28:34 UTC