OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

office message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: [OASIS Issue Tracker] Commented: (OFFICE-2562) ODF 1.2 Part 1 CD04:protection-key password format unspecified



    [ http://tools.oasis-open.org/issues/browse/OFFICE-2562?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18754#action_18754 ] 

Michael Brauer commented on OFFICE-2562:
----------------------------------------

Section 2.2 of XML 1.0 does not say anything about collapsing of white space (or I have overseen that), and it is not clear to me why we should forbid any kind of characters. In particular, why should we forbid space characters in passwords? 

There may be difficulties in entering certain characters. For instance it will be difficult to enter let's say CJK characters with an English keyboard. But how characters are entered is entirely outside the scope of ODF. It is usually also outside the scope of ODF implementations, because the input methods are provided by the operating systems. 

So, I think saying that the password has to be provided as a sequence of bytes in UTF-8 encoding is sufficient, and I would not feel comfortable adding any kind of restrictions, since it would be an arbitrary one. But if we figure out that there are interoperability issues with certain characters in practice, wouldn't that then not be a something for the OIC TC?

> ODF 1.2 Part 1 CD04: protection-key password format unspecified
> ---------------------------------------------------------------
>
>                 Key: OFFICE-2562
>                 URL: http://tools.oasis-open.org/issues/browse/OFFICE-2562
>             Project: OASIS Open Document Format for Office Applications (OpenDocument) TC
>          Issue Type: Bug
>          Components: Security, Table, Text
>    Affects Versions: ODF 1.2 Part 1 CD 4 
>         Environment: This issue applies to all versions of ODF 1.2 Part 1 CD04, earlier drafts, and to ODF 1.1 and ODF 1.0
>            Reporter: Dennis Hamilton
>             Fix For: ODF 1.2
>
>
> The table:protection-key (19.699) and text:protection-key (19.852) attributes carry the results of hashing of sequences of binary bits supplied to a digest algorithm.  The input is internal computer data.
> For ODF 1.2 Part 1 protection-key attributes, it is not specified how those binary bits are obtained nor how a consumer of a document holding such keys is expected to obtain the same binary bits and confirm their submission by arriving at the same hash-code result.
> This proposal establishes that UTF-8 encoding in binary octets shall be used.
> This proposal establishes that the permissible Unicode characters shall be the same ones permitted for encoding of XML document in Unicode.
> Finally, truncation or limitation of the string differently by the consumer than is applied by the producer requires that there be some agreement on where truncation shall occur.  The value of 2^61-1 octets is chosen because that is the limitation on the input for SHA1.    It would be wise to find a more-practical though generous limitation.  This proposal makes no recommendation.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]