Re: [widget-digsig] Updated Editors Draft of Widget Signature

I ran this through the W3C validator and fixed validation errors and warnings, it now validates cleanly. regards, Frederick Frederick Hirsch Nokia On Mar 27, 2009, at 3:02 PM, Hirsch Frederick (Nokia-CIC/Boston) wrote: I have completed a major round of editorial updates to the Widget Sign

[widget-digsig] Updated Editors Draft of Widget Signature

I have completed a major round of editorial updates to the Widget Signature editors draft. http://dev.w3.org/2006/waf/widgets-digsig/ This is intended to be our public working draft for Monday, so please review the changes. Thanks to all who commented. This does not include changes for iss

Re: [BONDI Architecture & Security] [widgets] new digsig draft

I think we should remove it. Also, I revised the e.g. as follows ... undesireable and security relevant effects, such as overwriting of startup or system files. regards, Frederick Frederick Hirsch Nokia On Mar 27, 2009, at 2:00 PM, ext Hillebrand, Rainer wrote: Dear Frederick, I added

RE: [BONDI Architecture & Security] [widgets] new digsig draft

Dear Frederick, I added my comments inline. Best Regards, Rainer * T-Mobile International Terminal Technology Rainer Hillebrand Head of Terminal Security Landgrabenweg 151, D-53227 Bonn Germany +49 171 5211056 (My T-Mobile) +49 228 936 13916 (Tel.) +49 228 9

Re: [BONDI Architecture & Security] [widgets] new digsig draft

comments inline, thanks for reviewing this regards, Frederick Frederick Hirsch Nokia On Mar 27, 2009, at 1:26 PM, ext Hillebrand, Rainer wrote: Dear Marcos, I hope to have less critical comments than in my last feedback email. 1. Section 7.1: change "The ds:SignatureMethod algorithm used

Re: [BONDI Architecture & Security] [widgets] new digsig draft

Hi Frederick, I support the changes below. They are all editorial in nature. Kind regards, Marcos On Fri, Mar 27, 2009 at 6:26 PM, Hillebrand, Rainer wrote: > Dear Marcos, > > I hope to have less critical comments than in my last feedback email. > > 1. Section 7.1: change "The ds:SignatureMethod

RE: [BONDI Architecture & Security] [widgets] new digsig draft

Dear Marcos, I hope to have less critical comments than in my last feedback email. 1. Section 7.1: change "The ds:SignatureMethod algorithm used in the ds:SignatureValue element MUST one of the signature algorithms." to "The ds:SignatureMethod algorithm used in the ds:SignatureValue element MUS

[admin] Seeking clarification of otsi-arch-sec mail list

Hi, Where can we find: a) a short description of the otsi-arch-sec mail list (e.g. its function); b) who is subscribed to this list and c) its Public archive? Also, is this mail list writable by anyone that has not agreed to the Turin Rules [1]? -Regards, Art Barstow [1]

[admin] Seeking clarification of otsi-arch-sec mail list

Hi, Where can we find: a) a short description of the otsi-arch-sec mail list (e.g. its function); b) who is subscribed to this list and c) its Public archive? Also, is this mail list writable by anyone that has not agreed to the Turin Rules [1]? -Regards, Art Barstow [1]

Re: [widgets] Author

No I agree, we are trying to stay away from legal statements , that requires much more. regards, Frederick Frederick Hirsch Nokia On Mar 27, 2009, at 10:40 AM, ext Marcin Hanclik wrote: Hi Frederick, re author, would the term "creator" in the sentence from Thomas help, this probably do

[widgets] Author

Hi Frederick, >>re author, would the term "creator" in the sentence from Thomas help, >>this probably doesn't help, since by definition author means creator... Yes, it seems the same. Thomas' statement: " What the author certificate lets you verify is whether a single party is taking responsibili

RE: [BONDI Architecture & Security] [widgets] new digsig draft

Hi Frederick, Thanks for your review again. Thanks for all the corrections. These are my further comments for dispute. >>> b) Clarify "file name" in P&C (the definition in DigSig says about >>> deriving from file name field and it seems strange to me). >>why? it is the string file name? P&C defi

Re: [BONDI Architecture & Security] [widgets] new digsig draft, further comments

Marcin re author, would the term "creator" in the sentence from Thomas help, e.g. The author signature asserts that the signing party is a creator of the widget, and binds the creator's identity to the widget package. this probably doesn't help, since by definition author means creator... a

RE: [BONDI Architecture & Security] [widgets] new digsig draft, further comments

Hi Frederick, Thanks for your review of my comments. >>"Ordering of widget signature files by the numeric portion of the file >>name can be used to allow consistent processing and possible >>optimization." >> >>I think we should keep a sentence since Mark Priestly had earlier >>asked that we add

Re: [BONDI Architecture & Security] [widgets] new digsig draft

Marcin Thanks, for the careful review. some comment inline [removed cross post, fails anyway] regards, Frederick Frederick Hirsch Nokia On Mar 26, 2009, at 2:04 PM, ext Marcin Hanclik wrote: Hi Marcos, All, Please find below my - mostly editorial - comments to the latest digsig draft

Re: [BONDI Architecture & Security] [widgets] new digsig draft, further comments

Marcin [removed cross-posting, since my posting would fail anyway] comments inline regards, Frederick Frederick Hirsch Nokia On Mar 27, 2009, at 5:27 AM, ext Marcin Hanclik wrote: Hi Marcos, These are my further comments to the DigSig spec: 1. There is no section about typographic conve

RE: [BONDI Architecture & Security] [widgets] new digsig draft, further comments

Hi Marcos, These are my further comments to the DigSig spec: 1. There is no section about typographic conventions, as e.g. section 1.3 in P&C spec. Therefore it is not possible to know e.g. which part of the spec is defining an example. 2. Section 4. My below comment "5. Section 4, item 3:" is