- From: Marcos Caceres <marcosscaceres@gmail.com>
- Date: Tue, 16 Dec 2008 12:28:40 +0000
- To: "Thomas Roessler" <tlr@w3.org>
- Cc: "Frederick Hirsch" <frederick.hirsch@nokia.com>, public-webapps <public-webapps@w3.org>
Hi Thomas, On Tue, Dec 16, 2008 at 10:43 AM, Thomas Roessler <tlr@w3.org> wrote: > I suggest to remove the editorial note currently present in section 8 of the > Editor's Draft. > Removed. > Instead, add the following to the Security Considerations section: > >> The signature scheme described in this document deals with the content >> present inside a compressed widget package. This implies that, in order to >> verify a widget signature, implementations need to uncompress a data stream >> that can come from an arbitrary source. A signature according to this >> specification does <em>not</em> limit the attack surface of decompression >> and unpacking code used during signature extraction and verification. > >> Care should be taken to avoid resource exhaustion attacks through >> maliciously crafted Widget archives during signature verification. > >> Implementations that store the content of widget archives to the file >> system during signature verification must not trust any path components of >> file names present in the archive, to avoid overwriting of arbitrary files >> during signature verification. > > (In other words, the zip archive isn't signed, and bad things might happen > if signature verification is implemented naively.) > Added! Thanks, Thomas. That's much better. Kind regards, Marcos -- Marcos Caceres http://datadriven.com.au
Received on Tuesday, 16 December 2008 12:29:25 UTC