What the author certificate lets you verify is whether a single party
is taking responsibility for two widgets.
There is indeed no *proof* of authorship here, but a statement that
the signer is willing to assume the blame for being the widget's
author. Which is all we need, no?
--
Thomas Roessler, W3C <t...@w3.org>
On 26 Mar 2009, at 19:00, Hillebrand, Rainer wrote:
Dear Frederick,
The intent is clear but the technical solution will only provide
confidence if you trust the owner of the author certificate. If you
trust the owner then it is very likely for you that a widget with
this author signature really comes from this author. However, there
is no technical relationship between the widget author and the owner
of the author certificate that you can technically verify.
Best Regards,
Rainer
---------------------------------------
Sent from my mobile device
----- Originalnachricht -----
Von: Frederick Hirsch <frederick.hir...@nokia.com>
An: ext Priestley, Mark, VF-Group <mark.priest...@vodafone.com>
Cc: Frederick Hirsch <frederick.hir...@nokia.com>; Hillebrand,
Rainer; marc...@opera.com <marc...@opera.com>; pa...@aplix.co.jp <pa...@aplix.co.jp
>; public-webapps@w3.org <public-webapps@w3.org>; otsi-arch-...@omtplists.org
<otsi-arch-...@omtplists.org>
Gesendet: Thu Mar 26 18:34:57 2009
Betreff: Re: [BONDI Architecture & Security] [widgets] new digsig
draft
I think I disagree, since the intent *is* to identify the author, that
is the semantics, and this proposed change makes it less clear.
Of course we can argue whether or not you achieve that if you cannot
associate the signature with the author, but that is out of scope.
regards, Frederick
Frederick Hirsch
Nokia
On Mar 26, 2009, at 12:58 PM, ext Priestley, Mark, VF-Group wrote:
Hi All,
As the author signature was something I had a hand in creating let
me add my 2 pence worth.
Rainer is correct in that the author signature need not actually
come from the author of the widget. It comes from someone who claims
to be the widget's author. Whether you believe this claim depends on
how much you trust the signer.
In [1] the current text says:
[
The author signature can be used to determine:
* the author of a widget,
* that the integrity of the widget is as the author intended,
* and whether two widgets came from the same author.
]
I would suggest changing this to:
[
The author signature can be used to:
* authenticate the identity of the entity that added the author
signature to the widget package,
* confirm that no widget files have been modified, deleted or
added since the generation of the author signature.
The author signature may be used to:
* determine whether two widgets came from the same author.
]
The reason the last point is a may is as follows:
If two widgets contain author signatures that were created using the
same private key then we can say that the widgets were both signed
by someone who had access to that key. That would normally mean the
same entity (author, company, whatever). If the owner of that key
shares it with others then obviously this no longer is true.
However, this is the choice of the owner of the key - normally you
would not share your private key!
One additional point to add. We also define a distributor signature.
Distributor signatures cover the author signature. As such a
distributor signature may (depending on other factors) be making an
implicit statement that the distributor believes the owner of the
author signature to be the widget's author.
Any clearer?
Thanks,
Mark
[1] http://dev.w3.org/2006/waf/widgets-digsig/Overview.html
T-Mobile International AG
Aufsichtsrat/ Supervisory Board: René Obermann (Vorsitzender/
Chairman)
Vorstand/ Board of Management: Hamid Akhavan (Vorsitzender/
Chairman), Michael Günther, Lothar A. Harings, Katharina Hollender
Handelsregister/Commercial Register Entry: Amtsgericht Bonn, HRB 12276
Steuer-Nr./Tax No.: 205 / 5777/ 0518
USt.-ID./VAT Reg.No.: DE189669124
Sitz der Gesellschaft/ Corporate Headquarters: Bonn
-----Original Message-----
From: public-webapps-requ...@w3.org
[mailto:public-webapps-requ...@w3.org] On Behalf Of Hillebrand,
Rainer
Sent: 26 March 2009 16:20
To: marc...@opera.com; pa...@aplix.co.jp
Cc: public-webapps@w3.org; otsi-arch-...@omtplists.org
Subject: AW: Re: [BONDI Architecture & Security] [widgets] new
digsig draft
Dear Marcos,
We cannot technically guarantee that the author signature
really comes from the widget's author. It is like having an
envelop with an unsigned letter. The envelop and the letter
can come from different sources even if the envelop has a signature.
Best Regards,
Rainer
---------------------------------------
Sent from my mobile device
----- Originalnachricht -----
Von: Marcos Caceres <marc...@opera.com>
An: Paddy Byers <pa...@aplix.co.jp>
Cc: Hillebrand, Rainer; WebApps WG <public-webapps@w3.org>;
otsi-arch-...@omtplists.org <otsi-arch-...@omtplists.org>
Gesendet: Thu Mar 26 17:12:20 2009
Betreff: Re: [BONDI Architecture & Security] [widgets] new digsig
draft
On Thu, Mar 26, 2009 at 4:29 PM, Paddy Byers <pa...@aplix.co.jp>
wrote:
Hi,
Agreed. Can we say "were signed with the same certificate"
instead?
I understood that Webapps had agreed to add a signature profile
that
designates a particular signature as the author signature -
and where
this is present it is possible to come up with appropriate precise
wording as to whether or not two packages originate from the
same author.
Well, that's basically what we have, but Rainer seems to imply
that it is impossible to do this. I think we get as close as
we technically can to achieving that goal. However, if that
current solution is inadequate, then please send us suggestions.
--
Marcos Caceres
http://datadriven.com.au
T-Mobile International AG
Aufsichtsrat/ Supervisory Board: René Obermann (Vorsitzender/
Chairman)
Vorstand/ Board of Management: Hamid Akhavan (Vorsitzender/
Chairman), Michael Günther, Lothar A. Harings, Katharina Hollender
Handelsregister/Commercial Register Entry: Amtsgericht Bonn, HRB
12276
Steuer-Nr./Tax No.: 205 / 5777/ 0518
USt.-ID./VAT Reg.No.: DE189669124
Sitz der Gesellschaft/ Corporate Headquarters: Bonn
