[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Part 3 CD01 7.2.1 PD1.4 Forbids encryption of signatures
With regard to my comment during the 2010-04-26 call, it is Part 3 CD01 conformance clause PD1.2.4 in section 7.2.1 that forbids the mimetype part and any META-INF/... parts from being included in the manifest. Consequently, none of these, including all META-INF/*signature* files, can be encrypted using any method provided in ODF 1.2. I see that this is now corrected in Part 3 CDO1-rev02. This leaves a hole in PD1.2.7 however, since the limitation to exactly one doesn't apply to META-INF/... files that may be present in the manifest. I think we need a little more work to reconcile PD1.2.4 and PD1.2.7. I also think there should be something at least implementation-defined concerning META-INF/... content that is not listed in manifest.xml by a producer, because of the consequences for encryption. Beyond that, we still have the problem that Part 1 requires that META-INF/documentsignature.xml includes manifest.xml in what it signs. Encryption after signing will break any signing of manifest.xml, whether or not the signature file itself is encrypted. It appears that any decryption process must remove the decryption information from manifest.xml in such a way that the documentsignature.xml signing of manifest.xml (and any other signing of manifest.xml) can still be verified. - Dennis Dennis E. Hamilton ------------------ NuovoDoc: Design for Document System Interoperability mailto:Dennis.Hamilton@acm.org | gsm:+1-206.779.9430 http://NuovoDoc.com http://ODMA.info/dev/ http://nfoWorks.org
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]