Re: [widgets] Comments on the 22-Dec-2008 LCWD of the Widgets 1.0: P&C spec

2009/2/7 Priestley, Mark, VF-Group <>:
>> 3. Signature handling should be specified in [Widgets-DigSig], thus,
>> replace all of Step 5 in section 8.2 with the following:
>> [[
>> The algorithm that describes how to process the list of signatures
>> created in step 4 is defined in [Widgets-DigSig].
>> ]]
>> And add the processing model currently defined in Step 5 to
>> [Widgets-DigSig].
> I need to discuss this change with the editor's of the Widget Dig Sig
> spec before doing that. I'll get back to you shortly about that.
> [mp] I know that this is part of a broader discussion on the digital
> signature spec, but for what its worth I think the packaging and
> configuration spec should cover how to handle multiple signatures while
> simply referencing the digital signatures spec for the processing of the
> actual signature document. Putting the handling of multiple signatures
> this into the digital signatures spec would IMHO bloat it in an
> undesirable way. It is possible that the best place for some of this may
> be in the mythical [Widget Security] spec.

I also think that, in the P&C spec, we can get away with:
  1. finding the signatures.
  2. sorting them into the correct order.

All processing is left up to the Widgets Dig Sig Spec. However, if
this architectural dependency is still troublesome, we can consider
decoupling it further.

Kind regards,

Marcos Caceres

Received on Thursday, 12 February 2009 14:10:02 UTC