- From: Marcos Caceres <marcosc@opera.com>
- Date: Mon, 2 Mar 2009 14:29:33 +0100
- To: "Hillebrand, Rainer" <Rainer.Hillebrand@t-mobile.net>
- Cc: public-webapps <public-webapps@w3.org>
Rainer, On Mon, Mar 2, 2009 at 2:01 PM, Hillebrand, Rainer <Rainer.Hillebrand@t-mobile.net> wrote: > Dear Marcos, > > I have some doubts that a secure transport of a widget resource is so important in case of a signed widget resource. I would agree with you that we currently do not know how a signature is considered because we do not have a security framework and security policies that would define the use of signatures. However, if a user agent implements a security framework that enforces security policies considering signed widget resources then a secure transport will not be required. The signature shall guarantee the widget resource's integrity and authenticity. What would a secure transport add? > The way I see it, secure transport would add protection from a signature being deleted from the archive or replaced all together, with the inclusion of other files (i.e., protects from a man-in-the-middle attack). There may be other things too, but I have not thought of them yet. Kind regards, Marcos -- Marcos Caceres http://datadriven.com.au
Received on Monday, 2 March 2009 13:30:16 UTC