OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

office-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: ODF 1.2 Part 3 section 2.4 (Encryption)

Hi ODF TC,

Description:

Section 2.4 of ODF 1.2 Part 3 describes how to encrypt an ODF package
as well as storing information needed to decrypt the package again.

Section 2.4 describes in detail the required steps to encrypt an ODF
package, herein key derivation algorithm, password digest algorithm
and iteration count as well as encryption algorithm.

The manifest contains a number of constructs to hold information like
the cited above. These include

3.7.1 manifest:algorithm-name
3.7.3 manifest:checksum-type
3.7.7 manifest:key-derivation-name

Reading the accompanying RelaxNG-schemas of the attributes above, the
value-space is a generic "string".

Problem:

From my reading of both section 2.4 and the sections in relation to
the manifest, the value-space of the constructs seem to be fixed.

It appears to me that the only valid values for the constructs are:

manifest:algorithm-name="Blowfish CFB"
manifest:check-sum-type="SHA1/1K"
manifest:key-derivation-name="PBKDF2"

So there seems to be a slight contradiction between the prose of the
specification and the value-space of the schemas. Also, the
specification contains this sentence:

The defined value for the manifest:key-derivation-name attribute is:
* PBKDF2: The PBKDF2 key derivation method. See [RFC2898].

I have looked in Part 3 for guidance to this prose (The defined value
...) but have found none. So it is not clear to me if it means that
"PBKDF2" is a "reserved value" of the attribute with a specific
meaning or if the value "PBKDF2" is the only allowed value.

Proposed solution:

Assuming that the value-space is indeed fixed, having constructs in
the schemas that have fixed values could be a cause of confusion to
developers and hence diminish interoperability
between applications. Since the values in the prose seems to be
predefined, the constructs serve no purpose.


* Remove the constructs mentioned above from the schemas or
* clarify in the specification that any algorithm (type) etc is
allowed as values of these constructs.

Other sections in ODF specify requirements that an application SHALL
support a feature (image-formats, as I recall it), and it might be a
good idea to include similar prose here to maximize interoperability.

--
Jesper Lund Stocholm
www.idippedut.dk
SC34/WG4 http://www.itscj.ipsj.or.jp/sc34/wg4/

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]