- From: Nick Doty via GitHub <sysbot+gh@w3.org>
- Date: Thu, 21 Jul 2022 17:10:31 +0000
- To: public-dxwg-wg@w3.org
npdoty has just created a new issue for https://github.com/w3c/dxwg: == authenticity and integrity of dcat files and associated datasets == The spec should address providing integrity and authenticity of dcat files and associated datasets. As a security matter, it's not clear how authenticity or integrity of metadata files or the associated datasets are assured. A checksum property for the dataset file is available (new in DCAT 3), but there seems a risk of a kind of downgrade attack here: someone tampering with the dataset might at the same time be able to tamper with the metadata and its checksum property. Authenticity and integrity might be important security properties to consider; signatures and potentially use of a public key infrastructure might make it possible for a consumer of a dataset to confirm that they know who it came from and that they received it without tampering. Please view or discuss this issue at https://github.com/w3c/dxwg/issues/1526 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 21 July 2022 17:10:33 UTC