W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2009

Re: [widgets] Jar signing vs. XML signatures

From: Thomas Roessler <tlr@w3.org>
Date: Tue, 14 Apr 2009 16:55:42 +0200
To: Henri Sivonen <hsivonen@iki.fi>
Message-Id: <BAB61A90-E7FE-4648-B505-DA0AB92B6761@w3.org>
Cc: marcosc@opera.com, public-webapps <public-webapps@w3.org>
On 14 Apr 2009, at 16:19, Henri Sivonen wrote:

> Instead of canonicalizing the manifest XML and using XML signature,  
> you could treat the manifest XML as a binary file and sign it the  
> traditional way leaving a detached binary signature in the format  
> customary for the signing cipher in the zip file. This would address  
> issues #1 and #2.

The manifest isn't the issue, part of the signature itself is.  The  
widget signing proposal already makes minimal use of canonicalization.
Received on Tuesday, 14 April 2009 14:55:52 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:12:53 UTC