[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: ODF 1.2 Part 3 Section 3.8.1 manifest:algorithm-name
Hello ODF TC, I have been looking at the file located at http://docs.oasis-open.org/office/v1.2/part3/cd01/OpenDocument-v1.2-part3-cd01.odt, dated 19. October 2009. ODF 1.2 is the first major "over-haul" of ODF since ODF 1.0 was approved, so this would be a good time to tighten a few things up in terms of support of already existing applications and where to ODF should be driven in the future. * Section 3.8.1 manifest:algorithm-name I like the idea of reusing already standardised functionality in "XML Encryption Syntax and Processing". Especially the reusage of the xmlenc-core way of specifiying algorithms look really good and facilitate interoperability and reuse of existing implementations of encryption algorithms in the best possible way. However, I do not understand the need to persist Blowfish as the preferred, default algorithm. I also do not understand the need to include usage of Blowfish in the list of possible algorithms complying with "standard OpenDocument conformance" (and not making it extended conformance) - especially since the creator of Blowfish (Bruce Schneier) himself discourages the usage of Blowfish today to other alternatives. I therefore propose the entire paragraph to be changed to: [Section 3.8.1 start] The manifest:algorithm-name attribute specifies the name of the algorithm used to encrypt a file entry, and also specifies in which mode this algorithm was used. Defined values for the manifest:algorithm-name attribute are: * An IRI listed in §5.2 or §5.3 of [xmlenc-core]: The algorithm specified in §5.2 or §5.3 of [xmlenc-core] for this IRI, or * The IRI of an alternative algorithm as specified in §5.1 of [xmlenc-core]. To maintain compatibility with existing applications and documents conforming to earlier versions of this specification, an application may support Blowfish in CBC-code. The defined values for this algorithm are "Blowfish CBC" or "urn:oasis:names:tc:opendocument:xmlns:manifest:1.0#blowfish" See [Blowfish]. Package producers and package consumers that support encryption shall support AES-128 CBC using the value http://www.w3.org/2001/04/xmlenc#aes128-cbc. Alternative algorithms other than an IRI listed in §5.2 or §5.3 of [xmlenc-core] may be specified by extended conforming documents only. They shall not be specified by conforming documents. (section describing schema at the end of the section remains the same) [Section 3.8.1 end] Justification: The idea is basically to promote "standard" algorithms as those mentioned in [xmlenc-core] to "first class citizens" of ODF while making usage of Blowfish a second class citizen - while acknowledging that there are legacy documents and applications out there using Blowfish. Also, the words above are carefully chosen as not to require any code change in any application nor making any existing documents non-conformant (as such). Additionally, as you may know, I fully support your two new conformance classes "normal" and "extended in ODF 1.2", but I really feel that saying "to be conformant (and not extended) you need to use this list of standardised encryption algorithms ... or this non-standardised, legacy one (Blowfish)" ... is a bit weird. I hope you will take this into consideration. -- Jesper Lund Stocholm www.idippedut.dk SC34/WG4 http://www.itscj.ipsj.or.jp/sc34/wg4/ S-445 - Danish mirror committee to SC34
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]