RE: [office] Table Protection: Uselessness of table:protection-key

["Dennis E. Hamilton" <dennis.hamilton@acm.org>]

Bob, I think that's right.

Perhaps the way to say it is this:

(1) the table-cell protection feature is provided as a safeguard against
accidental alteration of cells that must be kept fixed in order to achieve
the intended purpose, such as use of tables as part of a form for data
collection and reporting.

(2) the locking of table-cell protection is provided as a safeguard against
careless over-riding of the table-cell protections.  Cell locking is not a
secure protection against unauthorized and undetected alteration of the
protected table cells.  Knowledge of the password is not required in order
for a knowledgeable party to over-ride the locking by manipulation of the
XML document directly.  

(3) The hash code is a barrier against casual discovery of the password by
inspection of the XML.  Hash codes of short texts such as memorable
passwords are easily attacked regardless of the strength of the hash code.
To limit the consequences of password compromise, passwords used for locking
the table-cell protection should not be used for any other purpose.

 - Dennis

-----Original Message-----
From: Bob Jolliffe [mailto:bobjolliffe@gmail.com] 
http://lists.oasis-open.org/archives/office/200901/msg00008.html
Sent: Saturday, January 03, 2009 10:17
To: office@lists.oasis-open.org
Subject: Re: [office] Table Protection: Uselessness of table:protection-key

Hi

2009/1/3 Patrick Durusau <patrick@durusau.net>:
http://lists.oasis-open.org/archives/office/200901/msg00007.html
> Dennis,
>
> While table/cell protection is an expected "feature," I am not sure how
far
> we should go in terms of warnings to users. In part because any warning we
> give will be of necessity incomplete.

I think users should simply know that cells are only protected against
accidental editing.  Currently it is most likely that most users
assume that some sort of actual protection is going on here.  Perhaps
the language of "protection" doesn't help. More neutral language like
"intended-read-only" rather than "protected" would be better.

Regards
Bob

[ ... ]
> Dennis E. Hamilton wrote:
>>
>> Forgot to address this to the list
>> -----Original Message-----
>> From: Dennis E. Hamilton [mailto:dennis.hamilton@acm.org] Sent: Friday,
>> January 02, 2009 16:04
http://lists.oasis-open.org/archives/office/200901/msg00006.html
>> To: 'Bob Jolliffe'
>> Subject: RE: [office] Table Protection: Uselessness of
>> table:protection-key
>>
>> I like your suggestion about a warning in the specification and I
included
>> that in the final part of my analysis on what needs to be specified if
>> table:protection-key-digest-algorithm is going to be useful.
>>
>> In addition, I just realized that worrying about coming up with hash
>> collisions is actually a misplaced concern and the strength of the
message
>> digest algorithm is irrelevant.  The weakness here is that keys are short
>> compared to the kinds of messages that digests work well for.
>>
>> Because keys are short and usually memorable, one can simply attack the
>> key
>> directly.  [ ... ]