- From: Frederick Hirsch <Frederick.Hirsch@nokia.com>
- Date: Mon, 16 Mar 2009 10:35:39 -0400
- To: WebApps WG <public-webapps@w3.org>
- Cc: Frederick Hirsch <Frederick.Hirsch@nokia.com>
I have updated the Widgets Signature editors draft [1] according to the following, please review the changes: 1) Added ABNF update http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/0731.html and http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/0732.html See section 1.2, 5.2, 5.3 and References 2) Added ds:Reference constraint http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/0742.html See section 5.1 and References. 3) Clarified and updated security considerations text http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/0750.html See section 8. 4) Misc editorial cleanup http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/0743.html Security considerations as noted for 3, and clear editorial comments. Throughout. The following issues are still open (see message 743): a) Remove "Only the first distributor signature MUST be processed." ? I think I agree that Widgets Signature should be silent on this. if so, where is this going to be noted? Agreement to remove? b) Remove DSAwithSHA1 requirement? Status of requirement R47 (Section 2)? " Support for Multiple Signature Algorithms: DSA-SHA-1, RSA-SHA-1, DSA- SHA-256 and RSA-SHA-256." c) I suggest removing the restatement of algorithm requirements in section 7.1 , specifically remove #5a and #5b. Are there any other changes needed that we are aware of? Thanks regards, Frederick Frederick Hirsch Nokia [1] http://dev.w3.org/2006/waf/widgets-digsig/
Received on Monday, 16 March 2009 14:45:15 UTC