Re: [office] Table Protection: Uselessness of table:protection-key

[Michael Brauer - Sun Germany - ham02 - Hamburg <Michael.Brauer@Sun.COM>]

Dennis, all,

On 03.01.09 14:26, Patrick Durusau wrote:
> Dennis,
> 
> While table/cell protection is an expected "feature," I am not sure how 
> far we should go in terms of warnings to users. In part because any 
> warning we give will be of necessity incomplete. Should we point out 
> that digitally signed documents are only meaningfully "secure" as part 
> of an overall security system? Do we specify at least the common 
> components of such systems?
> 
> One of the things we can say in a standard is what we are not 
> standardizing.
> 
> Perhaps we should say that while ODF can be used in "secure" systems and 
> that there are aspects of ODF, such a digital signatures, that may be 
> useful in building such systems, that security is beyond the purview of 
> the standard. That is we provide the hooks for such systems but your 
> actual mileage will vary.

I agree to this, and in particular would like to point out that a 
digital signature for a piece of a document and a protected piece of a 
document in the sense that the editing applications does not allow 
modifications to it are two different things.

A digital signature ensures that modifications to an ODF document can be 
noticed. But it does not prevent that modifications can be made. It is 
entirely up to the application whether it allows modification of a 
signed documents (or document piece) or not, and what happens to the 
signature information if a document is changed.

The "protection" features again simply says that a piece of a document 
should not be editable. Maybe the name "protection" is not the best, 
although "protect" is a very general term. It is not a terms like 
"secure", "signature" or "encryption" which have their predefined 
meaning in the IT world. And "protect" is only the term we use in the 
ODF specification. Applications may call this feature whatever they want 
to if they believe the term  "protect" leads to wrong expectations.

Two more remarks:
- Even if protected content would get signed, it still would be possible 
to remove the signature itself. That means, the existence of signature 
itself does not protect a document from getting edited.
- We have a lot of other features that have similar issues. Take for 
instance a control for a fixed text. An application that has a mode for 
filling out the form data probably will not allow to change that text. 
But a form editor will by intention do so. And in any case, it is 
possible to change the text in the ODF document itself.

Best regards

Michael




-- 
Michael Brauer, Technical Architect Software Engineering
StarOffice/OpenOffice.org
Sun Microsystems GmbH             Nagelsweg 55
D-20097 Hamburg, Germany          michael.brauer@sun.com
http://sun.com/staroffice         +49 40 23646 500
http://blogs.sun.com/GullFOSS

Sitz der Gesellschaft: Sun Microsystems GmbH, Sonnenallee 1,
	   D-85551 Kirchheim-Heimstetten
Amtsgericht Muenchen: HRB 161028
Geschaeftsfuehrer: Thomas Schroeder, Wolfgang Engels, Dr. Roland Boemer
Vorsitzender des Aufsichtsrates: Martin Haering