- From: Frederick Hirsch <frederick.hirsch@nokia.com>
- Date: Thu, 26 Mar 2009 15:20:33 -0400
- To: "ext Hillebrand, Rainer" <Rainer.Hillebrand@t-mobile.net>
- Cc: Frederick Hirsch <frederick.hirsch@nokia.com>, "marcosc@opera.com Caceres" <marcosc@opera.com>, paddy@aplix.co.jp, "public-webapps@w3.org WG" <public-webapps@w3.org>
I think the draft provides enough assurance for the intended level of use. If you want higher levels of assurance more will be required, but I don't believe we have a requirement here for that. regards, Frederick Frederick Hirsch Nokia On Mar 26, 2009, at 12:20 PM, ext Hillebrand, Rainer wrote: > Dear Marcos, > > We cannot technically guarantee that the author signature really > comes from the widget's author. It is like having an envelop with an > unsigned letter. The envelop and the letter can come from different > sources even if the envelop has a signature. > > Best Regards, > > Rainer > --------------------------------------- > Sent from my mobile device > > > ----- Originalnachricht ----- > Von: Marcos Caceres <marcosc@opera.com> > An: Paddy Byers <paddy@aplix.co.jp> > Cc: Hillebrand, Rainer; WebApps WG <public-webapps@w3.org>; otsi-arch-sec@omtplists.org > <otsi-arch-sec@omtplists.org> > Gesendet: Thu Mar 26 17:12:20 2009 > Betreff: Re: [BONDI Architecture & Security] [widgets] new digsig > draft > > On Thu, Mar 26, 2009 at 4:29 PM, Paddy Byers <paddy@aplix.co.jp> > wrote: >> Hi, >> >>> Agreed. Can we say "were signed with the same certificate" instead? >> >> I understood that Webapps had agreed to add a signature profile that >> designates a particular signature as the author signature - and >> where this >> is present it is possible to come up with appropriate precise >> wording as to >> whether or not two packages originate from the same author. > > Well, that's basically what we have, but Rainer seems to imply that it > is impossible to do this. I think we get as close as we technically > can to achieving that goal. However, if that current solution is > inadequate, then please send us suggestions. > > -- > Marcos Caceres > http://datadriven.com.au > > > T-Mobile International AG > Aufsichtsrat/ Supervisory Board: René Obermann (Vorsitzender/ > Chairman) > Vorstand/ Board of Management: Hamid Akhavan (Vorsitzender/ > Chairman), Michael Günther, Lothar A. Harings, Katharina Hollender > Handelsregister/Commercial Register Entry: Amtsgericht Bonn, HRB 12276 > Steuer-Nr./Tax No.: 205 / 5777/ 0518 > USt.-ID./VAT Reg.No.: DE189669124 > Sitz der Gesellschaft/ Corporate Headquarters: Bonn >
Received on Thursday, 26 March 2009 19:22:49 UTC