[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [office] Table Protection: Uselessness of table:protection-key
Dennis, all, On 03.01.09 14:26, Patrick Durusau wrote: > Dennis, > > While table/cell protection is an expected "feature," I am not sure how > far we should go in terms of warnings to users. In part because any > warning we give will be of necessity incomplete. Should we point out > that digitally signed documents are only meaningfully "secure" as part > of an overall security system? Do we specify at least the common > components of such systems? > > One of the things we can say in a standard is what we are not > standardizing. > > Perhaps we should say that while ODF can be used in "secure" systems and > that there are aspects of ODF, such a digital signatures, that may be > useful in building such systems, that security is beyond the purview of > the standard. That is we provide the hooks for such systems but your > actual mileage will vary. I agree to this, and in particular would like to point out that a digital signature for a piece of a document and a protected piece of a document in the sense that the editing applications does not allow modifications to it are two different things. A digital signature ensures that modifications to an ODF document can be noticed. But it does not prevent that modifications can be made. It is entirely up to the application whether it allows modification of a signed documents (or document piece) or not, and what happens to the signature information if a document is changed. The "protection" features again simply says that a piece of a document should not be editable. Maybe the name "protection" is not the best, although "protect" is a very general term. It is not a terms like "secure", "signature" or "encryption" which have their predefined meaning in the IT world. And "protect" is only the term we use in the ODF specification. Applications may call this feature whatever they want to if they believe the term "protect" leads to wrong expectations. Two more remarks: - Even if protected content would get signed, it still would be possible to remove the signature itself. That means, the existence of signature itself does not protect a document from getting edited. - We have a lot of other features that have similar issues. Take for instance a control for a fixed text. An application that has a mode for filling out the form data probably will not allow to change that text. But a form editor will by intention do so. And in any case, it is possible to change the text in the ODF document itself. Best regards Michael -- Michael Brauer, Technical Architect Software Engineering StarOffice/OpenOffice.org Sun Microsystems GmbH Nagelsweg 55 D-20097 Hamburg, Germany michael.brauer@sun.com http://sun.com/staroffice +49 40 23646 500 http://blogs.sun.com/GullFOSS Sitz der Gesellschaft: Sun Microsystems GmbH, Sonnenallee 1, D-85551 Kirchheim-Heimstetten Amtsgericht Muenchen: HRB 161028 Geschaeftsfuehrer: Thomas Schroeder, Wolfgang Engels, Dr. Roland Boemer Vorsitzender des Aufsichtsrates: Martin Haering
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]