OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

office message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [OASIS Issue Tracker] Commented: (OFFICE-3417) NEEDS-DISCUSSION:Public Comment: Comment on ODF v1.2 CD 05 - Document Signatures


    [ http://tools.oasis-open.org/issues/browse/OFFICE-3417?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=21535#action_21535 ] 

Dennis Hamilton commented on OFFICE-3417:
-----------------------------------------

Rob,

I don't think the duplication of the file with two different names is wise in a security situation, especially if a consumer will ignore one or the other.  ODF 1.2 currently allows multiple META-INF/*signature* files and presumably they all have to be verified.

The other contradiction is that the current material being used as the basis of that other work requires that there be one and only one Digital signatures file and that it be META-INF/signatures.xml.  It is not clear that their container model is compatible with ODF 1.2 Package at all, and it is too sketchy to think that freezing a single name is going to solve more problems than it might create at this point.

And making this complexity seems not worth the burden of testing, verification, verifiers, etc.

> NEEDS-DISCUSSION: Public Comment: Comment on ODF v1.2 CD 05 - Document Signatures
> ---------------------------------------------------------------------------------
>
>                 Key: OFFICE-3417
>                 URL: http://tools.oasis-open.org/issues/browse/OFFICE-3417
>             Project: OASIS Open Document Format for Office Applications (OpenDocument) TC
>          Issue Type: Bug
>          Components: Packaging, Security
>    Affects Versions: ODF 1.2 CD 05
>            Reporter: Robert Weir 
>             Fix For: ODF 1.2 CD 06
>
>
> Copied from office-comment list
> Original author: "Pope, Nick" <Nick.Pope@thales-esecurity.com> 
> Original date: 6 Sep 2010 19:48:26 -0000
> Original URL: http://lists.oasis-open.org/archives/office-comment/201009/msg00001.html

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]