Re: AW: Re: [BONDI Architecture & Security] [widgets] new digsig draft from Thomas Roessler on 2009-03-26 (public-webapps@w3.org from January to March 2009)

From: Thomas Roessler <tlr@w3.org>
Date: Thu, 26 Mar 2009 19:05:48 +0100
To: "Hillebrand, Rainer" <Rainer.Hillebrand@t-mobile.net>
Cc: <frederick.hirsch@nokia.com>, <Mark.Priestley@vodafone.com>, <marcosc@opera.com>, <paddy@aplix.co.jp>, <public-webapps@w3.org>, <otsi-arch-sec@omtplists.org>
Message-Id: <96E0B7FD-6C52-4A4E-8F8E-7404C5BA0A79@w3.org>
What the author certificate lets you verify is whether a single party  
is taking responsibility for two widgets.

There is indeed no *proof* of authorship here, but a statement that  
the signer is willing to assume the blame for being the widget's  
author.  Which is all we need, no?
--
Thomas Roessler, W3C  <tlr@w3.org>







On 26 Mar 2009, at 19:00, Hillebrand, Rainer wrote:

> Dear Frederick,
>
> The intent is clear but the technical solution will only provide  
> confidence if you trust the owner of the author certificate. If you  
> trust the owner then it is very likely for you that a widget with  
> this author signature really comes from this author. However, there  
> is no technical relationship between the widget author and the owner  
> of the author certificate that you can technically verify.
>
> Best Regards,
>
> Rainer
> ---------------------------------------
> Sent from my mobile device
>
>
> ----- Originalnachricht -----
> Von: Frederick Hirsch <frederick.hirsch@nokia.com>
> An: ext Priestley, Mark, VF-Group <Mark.Priestley@vodafone.com>
> Cc: Frederick Hirsch <frederick.hirsch@nokia.com>; Hillebrand,  
> Rainer; marcosc@opera.com <marcosc@opera.com>; paddy@aplix.co.jp <paddy@aplix.co.jp 
> >; public-webapps@w3.org <public-webapps@w3.org>; otsi-arch-sec@omtplists.org 
>  <otsi-arch-sec@omtplists.org>
> Gesendet: Thu Mar 26 18:34:57 2009
> Betreff: Re: [BONDI Architecture & Security] [widgets] new digsig  
> draft
>
> I think I disagree, since the intent *is* to identify the author, that
> is the semantics, and this proposed change makes it less clear.
>
> Of course we can argue whether or not you achieve that if you cannot
> associate the signature with the author, but that is out of scope.
>
>
> regards, Frederick
>
> Frederick Hirsch
> Nokia
>
>
>
> On Mar 26, 2009, at 12:58 PM, ext Priestley, Mark, VF-Group wrote:
>
>> Hi All,
>>
>> As the author signature was something I had a hand in creating let
>> me add my 2 pence worth.
>>
>> Rainer is correct in that the author signature need not actually
>> come from the author of the widget. It comes from someone who claims
>> to be the widget's author. Whether you believe this claim depends on
>> how much you trust the signer.
>>
>> In [1] the current text says:
>>
>> [
>> The author signature can be used to determine:
>>
>>   * the author of a widget,
>>   * that the integrity of the widget is as the author intended,
>>   * and whether two widgets came from the same author.
>> ]
>>
>> I would suggest changing this to:
>>
>> [
>> The author signature can be used to:
>>
>>   * authenticate the identity of the entity that added the author
>> signature to the widget package,
>>   * confirm that no widget files have been modified, deleted or
>> added since the generation of the author signature.
>>
>> The author signature may be used to:
>>   * determine whether two widgets came from the same author.
>> ]
>>
>> The reason the last point is a may is as follows:
>>
>> If two widgets contain author signatures that were created using the
>> same private key then we can say that the widgets were both signed
>> by someone who had access to that key. That would normally mean the
>> same entity (author, company, whatever). If the owner of that key
>> shares it with others then obviously this no longer is true.
>> However, this is the choice of the owner of the key - normally you
>> would not share your private key!
>>
>> One additional point to add. We also define a distributor signature.
>> Distributor signatures cover the author signature. As such a
>> distributor signature may (depending on other factors) be making an
>> implicit statement that the distributor believes the owner of the
>> author signature to be the widget's author.
>>
>> Any clearer?
>>
>> Thanks,
>>
>> Mark
>>
>>
>> [1] http://dev.w3.org/2006/waf/widgets-digsig/Overview.html
>>
>>
>>
>>
>>
>>
>>
>>
>>>
>
>
> T-Mobile International AG
> Aufsichtsrat/ Supervisory Board: René Obermann (Vorsitzender/  
> Chairman)
> Vorstand/ Board of Management: Hamid Akhavan (Vorsitzender/  
> Chairman), Michael Günther, Lothar A. Harings, Katharina Hollender
> Handelsregister/Commercial Register Entry: Amtsgericht Bonn, HRB 12276
> Steuer-Nr./Tax No.: 205 / 5777/ 0518
> USt.-ID./VAT Reg.No.: DE189669124
> Sitz der Gesellschaft/ Corporate Headquarters: Bonn
>
>
>
>
> -----Original Message-----
>>> From: public-webapps-request@w3.org
>>> [mailto:public-webapps-request@w3.org] On Behalf Of Hillebrand,
>>> Rainer
>>> Sent: 26 March 2009 16:20
>>> To: marcosc@opera.com; paddy@aplix.co.jp
>>> Cc: public-webapps@w3.org; otsi-arch-sec@omtplists.org
>>> Subject: AW: Re: [BONDI Architecture & Security] [widgets] new
>>> digsig draft
>>>
>>> Dear Marcos,
>>>
>>> We cannot technically guarantee that the author signature
>>> really comes from the widget's author. It is like having an
>>> envelop with an unsigned letter. The envelop and the letter
>>> can come from different sources even if the envelop has a signature.
>>>
>>> Best Regards,
>>>
>>> Rainer
>>> ---------------------------------------
>>> Sent from my mobile device
>>>
>>>
>>> ----- Originalnachricht -----
>>> Von: Marcos Caceres <marcosc@opera.com>
>>> An: Paddy Byers <paddy@aplix.co.jp>
>>> Cc: Hillebrand, Rainer; WebApps WG <public-webapps@w3.org>;
>>> otsi-arch-sec@omtplists.org <otsi-arch-sec@omtplists.org>
>>> Gesendet: Thu Mar 26 17:12:20 2009
>>> Betreff: Re: [BONDI Architecture & Security] [widgets] new digsig
>>> draft
>>>
>>> On Thu, Mar 26, 2009 at 4:29 PM, Paddy Byers <paddy@aplix.co.jp>
>>> wrote:
>>>> Hi,
>>>>
>>>>> Agreed. Can we say "were signed with the same certificate"  
>>>>> instead?
>>>>
>>>> I understood that Webapps had agreed to add a signature profile  
>>>> that
>>>> designates a particular signature as the author signature -
>>> and where
>>>> this is present it is possible to come up with appropriate precise
>>>> wording as to whether or not two packages originate from the
>>> same author.
>>>
>>> Well, that's basically what we have, but Rainer seems to imply
>>> that it is impossible to do this. I think we get as close as
>>> we technically can to achieving that goal. However, if that
>>> current solution is inadequate, then please send us suggestions.
>>>
>>> --
>>> Marcos Caceres
>>> http://datadriven.com.au
>>>
>>>
>>> T-Mobile International AG
>>> Aufsichtsrat/ Supervisory Board: René Obermann (Vorsitzender/
>>> Chairman)
>>> Vorstand/ Board of Management: Hamid Akhavan (Vorsitzender/
>>> Chairman), Michael Günther, Lothar A. Harings, Katharina Hollender
>>> Handelsregister/Commercial Register Entry: Amtsgericht Bonn, HRB
>>> 12276
>>> Steuer-Nr./Tax No.: 205 / 5777/ 0518
>>> USt.-ID./VAT Reg.No.: DE189669124
>>> Sitz der Gesellschaft/ Corporate Headquarters: Bonn
>>>
>>>
>>
>
Received on Thursday, 26 March 2009 18:05:58 UTC