- From: Frederick Hirsch <frederick.hirsch@nokia.com>
- Date: Wed, 17 Dec 2008 18:58:44 -0500
- To: Marcos Caceres <marcosscaceres@gmail.com>, VF-Group ext Priestley Mark <Mark.Priestley@vodafone.com>
- Cc: Frederick Hirsch <frederick.hirsch@nokia.com>, public-webapps <public-webapps@w3.org>, ext Thomas Roessler <tlr@w3.org>
I updated the Editors draft of Widgets Digital Signatures with the following changes: Updated reference for Canonical XML to Canonical XML 1.1 Updated reference for XML SIgnature to Second Edition Fixed bibliographic links in document Fixed validation error, correcting numbering of document sections Additional minor editorial update regards, Frederick Frederick Hirsch Nokia On Dec 16, 2008, at 5:43 AM, ext Thomas Roessler wrote: > I suggest to remove the editorial note currently present in section > 8 of the Editor's Draft. > > Instead, add the following to the Security Considerations section: > >> The signature scheme described in this document deals with the >> content present inside a compressed widget package. This implies >> that, in order to verify a widget signature, implementations need >> to uncompress a data stream that can come from an arbitrary >> source. A signature according to this specification does <em>not</ >> em> limit the attack surface of decompression and unpacking code >> used during signature extraction and verification. > >> Care should be taken to avoid resource exhaustion attacks through >> maliciously crafted Widget archives during signature verification. > >> Implementations that store the content of widget archives to the >> file system during signature verification must not trust any path >> components of file names present in the archive, to avoid >> overwriting of arbitrary files during signature verification. > > (In other words, the zip archive isn't signed, and bad things might > happen if signature verification is implemented naively.) > > -- > Thomas Roessler, W3C <tlr@w3.org> > > > > > > >
Received on Wednesday, 17 December 2008 23:59:35 UTC