Default encryption algorithm concerns

[robert_weir@us.ibm.com]

I'd like to add to, maybe duplicate some of the issues that David has 
raised.

Part 3 defines in section 2.4.2 "Encryption Process using default 
algorithms" .  This is encryption using SHA1 and Blowfish.  These 
algorithms are not, I believe, well suited for a "default" algorithm. 

In particular:

1) The use of SHA1 is going to be a red flag for many.  It is generally 
considered weak and is being phased out.  For example, the US list of 
cryptographic hashes permitted for government use, what we call 
FIPS800-131 says that SHA1 will not be permitted after 2010.

2) Blowfish is also not on the FIPS list.  We also heard via public 
comment that it is not on the approved list in Japan.

To be fair we should note that these algorithms are from ODF 1.1 and are 
implemented.  So I would not suggest we remove them altogether.  But I 
think we should call the the section  "Encryption Process using legacy 
algorithms" and state that it "should not" be used for new documents. 


Do we need to have a procedure that we call the "default"?  If so, I'd 
recommend one based on SHA2/AES128.

In section 3.8.1 we currently say:

"Package producers that support encryption shall support the value 
Blowfish CFB. Package consumers that support encryption shall support the 
values Blowfish CFB and 
urn:oasis:names:tc:opendocument:xmlns:manifest:1.0#blowfish."

I don't think we want to require that package producers support the legacy 
method, especially if it is known to be weak.  So I suggest eliminating 
that bullet paragraph altogether, or require the use of SHA2/AES128 if 
there is consensus to have that be the "default" algorithm


-Rob