- From: Hillebrand, Rainer <Rainer.Hillebrand@t-mobile.net>
- Date: Fri, 27 Mar 2009 19:00:30 +0100
- To: "Frederick Hirsch" <frederick.hirsch@nokia.com>
- Cc: <marcosc@opera.com>, "WebApps WG" <public-webapps@w3.org>
Dear Frederick, I added my comments inline. Best Regards, Rainer ************************************* T-Mobile International Terminal Technology Rainer Hillebrand Head of Terminal Security Landgrabenweg 151, D-53227 Bonn Germany +49 171 5211056 (My T-Mobile) +49 228 936 13916 (Tel.) +49 228 936 18406 (Fax) E-Mail: rainer.hillebrand@t-mobile.net http://www.t-mobile.net This e-mail and any attachment are confidential and may be privileged. If you are not the intended recipient, notify the sender immediately, destroy all copies from your system and do not disclose or use the information for any purpose. Diese E-Mail inklusive aller Anhänge ist vertraulich und könnte bevorrechtigtem Schutz unterliegen. Wenn Sie nicht der beabsichtigte Adressat sind, informieren Sie bitte den Absender unverzüglich, löschen Sie alle Kopien von Ihrem System und veröffentlichen Sie oder nutzen Sie die Information keinesfalls, gleich zu welchem Zweck. > T-Mobile International AG Aufsichtsrat/ Supervisory Board: René Obermann (Vorsitzender/ Chairman) Vorstand/ Board of Management: Hamid Akhavan (Vorsitzender/ Chairman), Michael Günther, Lothar A. Harings, Katharina Hollender Handelsregister/Commercial Register Entry: Amtsgericht Bonn, HRB 12276 Steuer-Nr./Tax No.: 205 / 5777/ 0518 USt.-ID./VAT Reg.No.: DE189669124 Sitz der Gesellschaft/ Corporate Headquarters: Bonn -----Original Message----- > From: Frederick Hirsch [mailto:frederick.hirsch@nokia.com] > Sent: Freitag, 27. März 2009 18:55 > To: Hillebrand, Rainer > Cc: Frederick Hirsch; marcosc@opera.com; WebApps WG > Subject: Re: [BONDI Architecture & Security] [widgets] new > digsig draft > > comments inline, thanks for reviewing this > > > regards, Frederick > > Frederick Hirsch > Nokia > > > > On Mar 27, 2009, at 1:26 PM, ext Hillebrand, Rainer wrote: > > > 3. Section 7.3: "The set of acceptable trust anchors, and policy > > decisions based on the signer's identity are established through a > > security-critical out-of-band mechanism." I do not really > understand > > this sentence. This is not subject for the processing rules, isn't > > it? What is an acceptable trust anchor? Are they really > established > > or may they be established? > > knowing whom you can trust and how to establish that trust > is out of > scope. > RH: Would you like to keep this sentence or delete it? I wonder whether we need to mention the potential use of the KeyInfo which is out-of-scope anyhow.
Received on Friday, 27 March 2009 18:01:11 UTC