Rainer, On Mon, Mar 2, 2009 at 2:01 PM, Hillebrand, Rainer <rainer.hillebr...@t-mobile.net> wrote: > Dear Marcos, > > I have some doubts that a secure transport of a widget resource is so > important in case of a signed widget resource. I would agree with you that we > currently do not know how a signature is considered because we do not have a > security framework and security policies that would define the use of > signatures. However, if a user agent implements a security framework that > enforces security policies considering signed widget resources then a secure > transport will not be required. The signature shall guarantee the widget > resource's integrity and authenticity. What would a secure transport add? >
The way I see it, secure transport would add protection from a signature being deleted from the archive or replaced all together, with the inclusion of other files (i.e., protects from a man-in-the-middle attack). There may be other things too, but I have not thought of them yet. Kind regards, Marcos -- Marcos Caceres http://datadriven.com.au