Re: [widgets] Questions regarding to "Test Suite for the XML Digital Signatures For Widgets Specification "

On 2/1/11 1:41 PM, Arthur Barstow wrote:
> Hi Marcos,
>
> On Jan/31/2011 2:18 PM, ext Marcos Caceres wrote:
>>
>> On 1/31/11 7:52 PM, Arthur Barstow wrote:
>>> Andrey - on January 26, Marcos proposed changing the c14n algorithm in
>>> [1] and [2] and notified the group in [3] that he updated the Editor's
>>> Draft [ED] to reflect his proposal. He included rationale in [1].
>>>
>>> Marcos - in what way(s) does your proposal break the signer and
>>> validator conformance classes as defined in the June 2010 CR [CR]?
>>
>> It would remove all references and dependencies on XML
>> Canonicalization 1.1 in favor of XML Canonicalization 1.0. Explicit
>> <tranform> to Canonicalization 1.1 would no longer be needed (XML Dig
>> Sig just defaults to 1.0). Everything else stays the same.
>
> If an "old" widget is signed according to [CR] i.e. uses the ExC14N
> algorithm and a "new" validator is implemented according to the proposed
> changes (now reflected in [ED), then what happens when this new
> validator process this old widget? Based on what you and I just
> discussed in IRC, I believe the validation will fail. Correct?

Correct.

> It would be useful if we had at least a general idea regarding the
> number of widgets "in the wild" that are signed using the ExC14N
> algorithm. If anyone has relevant data, please send it to this mail list.

Absolutely!

--
Marcos Caceres
Opera Software

Received on Tuesday, 1 February 2011 16:38:39 UTC