- From: Thomas Roessler <tlr@w3.org>
- Date: Tue, 14 Apr 2009 16:55:42 +0200
- To: Henri Sivonen <hsivonen@iki.fi>
- Cc: marcosc@opera.com, public-webapps <public-webapps@w3.org>
On 14 Apr 2009, at 16:19, Henri Sivonen wrote: > Instead of canonicalizing the manifest XML and using XML signature, > you could treat the manifest XML as a binary file and sign it the > traditional way leaving a detached binary signature in the format > customary for the signing cipher in the zip file. This would address > issues #1 and #2. The manifest isn't the issue, part of the signature itself is. The widget signing proposal already makes minimal use of canonicalization.
Received on Tuesday, 14 April 2009 14:55:52 UTC