Re: [office] What to do about encryption?

[Malte Timmermann <Malte.Timmermann@Sun.COM>]

David LeBlanc wrote, On 05/11/10 17:14:
> Malte said:
> 
>> Last but not least one goal/wish was to stay quite compatible with ODF
>> 1.1 - but the new encryption approach would be completely incompatible
>> with every existing implementation.

> Yes, but that's unfortunately the nature of encryption changes. If you
> change the slightest thing, you introduce incompatabilities. This is why
> we shipped the new encryption that was to go into 2010 in the 2007 SP2.

Ah - that explains why the situation was different than what I remembered.
My memory was that MSO2007 would store something that is not a zip
container anymore. So it changed with SP2...

But you are in the comfortable position that there is no other
implementation for (encrypted) OOXML files except MSO, where you have
full control over older and newer versions, and what you want to update.
For ODF, there are multiple implementations, and I guess at least 3
implement encryption.

> So if you're going to break compatability, then let's go ahead and do
> that while fixing everything you know that should be fixed.

I agree that we should fix everything in one step.
And we should also try to get it right in one step.
That's why I suggest to not do it in the long awaited ODF 1.2, but to
take more time to investigate into everything more deeply.
It also would be helpful to start with an actual implementation in
parallel, to experience any issues early.
I am not sure if it's a good idea to simply publish anything that nobody
tried out with a real implementation.

> It is also up to the implementer which approach to use by default. For
> example, I am at the start of a development cycle. If the other
> implementers all support the new encryption, then I would make that a
> default, but I'd still have to warn that MS Office 2007 cannot read it,
> unless I had some way to update that version.

I guess you have the MSO2007 issue anyway, because it currently don't
support any ODF encryption, AFAIK.


> I agree that we should design the encryption carefully, but I'm not
> completely sure of the schedule and will refrain from commenting on
> that. I will say that I would be happier about implementing something
> that is part of the standard, unless perhaps we have some way to make a
> working group that can come to an agreement.

Implementing the old ODF encryption in MSO (at least for importing ODF)
could be a good idea anyway, for interop reasons.


> I also agree that many of the flaws I listed are minor, some extremely
> so (e.g., the iteration count for the KDF, which is easily corrected),
> but now that we've come upon the issue that a signed file cannot be
> encrypted, and an encrypted, then signed file can never be decrypted
> without breaking the signature, I think that's a fairly major issue.

Well, we don't have an ideal situation, but it's still not clear whether
or not the use cases really can't be done with minor
modifications/explanations in the current specification....

Malte.