[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [OASIS Issue Tracker] Commented: (OFFICE-2686) ODF 1.2 Part 1 3.16Macro Signature Meaningless and Inappropriate
[ http://tools.oasis-open.org/issues/browse/OFFICE-2686?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=19348#action_19348 ] Dennis Hamilton commented on OFFICE-2686: ----------------------------------------- Since there is no specification for macros at this point (see ODF 1.2 CD05 Part 1 sections 3.12-3.13), it seems weird to specify an implementation-dependent basis for their signatures. Also, since the META-INF/documentsignatures.xml file is expected to sign enverything, the possible exception being the META-INF/documentsignatures.xml file itself, it appears that it is expected to sign the proposed META-INF/macrosignatures.xml, I don't quite see what it means for them to happen concurrently. I also don't understand what the use case is. Perhaps there is more to be found out in OOXML, except I didn't think there were macros there. Finally, I am concerned by the way that these files are expected to be named and how that forces some sort of out-of-band undefined agreement on avoiding collisions on the names. (The Package specification allows ad lib creation of META-INF*signatures* files, with the only requirement being that they all use the same XML root element and basic schema.) I suppose it is fair for a consumer to simply ignore digital signature files it doesn't understand, and only create those that it does. If this is all we are establihsing here, I'd hope there would be a simpler way to accomplish that little. I still think we need something around how these are named so a consumer can confirm that an encountered META-INF/*signature* file is one that it does understand and might have created itself. > ODF 1.2 Part 1 3.16 Macro Signature Meaningless and Inappropriate > ----------------------------------------------------------------- > > Key: OFFICE-2686 > URL: http://tools.oasis-open.org/issues/browse/OFFICE-2686 > Project: OASIS Open Document Format for Office Applications (OpenDocument) TC > Issue Type: Bug > Components: General, Security > Affects Versions: ODF 1.2 CD 05 > Environment: This defect applies in ODF 1.2 Part 1 CD04 and in the revisions leading up to CD05. The specific text discussed is that in OpenDocument-v1.2-part1-cd04-rev05.odt > Reporter: Dennis Hamilton > Fix For: ODF 1.2 Part 1 CD 5 > > > Section 3.16 essentially restates provisions already provided in ODF 1.2 Part 3. Most of the restatement is unnecessary and is somewhat self-contradictory. There is a tiny amount of new material concerning META-INF/documentsignatures.xml. > MACRO SIGNATURE DIFFICULTIES > The vague treatment of macro signatures is uninformative and only serves to reserve the name META-INF/macrosignatures.xml for an unspecified purpose and significance. In all material respects, its occurrence is already provided for in Part 3 and the absence of an actionable provision here adds no value. > This non sequiter is not helpful: > "Since macro code and executable code is implementation specific, this specification does not define to the files to which a macro signature applies." > In addition, there is no indication what the signing of macros (and scripts?) signifies and how that is meaningful if document and such macro signatures can be applied simultaneously. > If there is a problem with naming provisions for digital-signature files in the META-INF/*signature*.xml family, it seems inappropriate that the solution be incorporation of reserved names for some unidentified party's implementaiton-specific purpose in the ODF 1.2 specification itself. This problem needs to be dealt with in a generally-useful manner. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]