OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

office message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [office] RE: XAdES support in ODF


You're right, the Configurations2\accelerator\current.xml should have been
signed, and it was.  Oddly, they used the default transformation, but I
guess that is tolerable considering it is a 0-length file.  

So I don't think they missed any that they weren't supposed to.  They even
signed the mimetype, Thumbnails/thumbnail.png, manifest.rdf and
META-INF/manifest.xml.  It looks like everything was signed that could be.  

 - Dennis


-----Original Message-----
From: David LeBlanc [mailto:dleblanc@exchange.microsoft.com] 
Sent: Friday, September 24, 2010 21:09
To: dennis.hamilton@acm.org; 'Hanssens Bart'; office@lists.oasis-open.org
Cc: 'Cornelis Frank'
Subject: RE: [office] RE: XAdES support in ODF

I was looking at the directory structure in the zip file. Current spec says
that everything has to be signed, and if it is of zero length, then
something that made it not zero length would possibly change the content or
appearance, and should then break the signature.

If there are things that do not change the content or appearance, then
perhaps they shouldn't be signed, and the constraint that everything should
be signed (other than documentsignature.xml) is too broad. In OOXML
documents, we don't sign everything, and have some areas meant for things
that can change without breaking the signature.

________________________________________
From: Dennis E. Hamilton [dennis.hamilton@acm.org]
Sent: Friday, September 24, 2010 5:53 PM
To: 'Hanssens Bart'; David LeBlanc; office@lists.oasis-open.org
Cc: 'Cornelis Frank'
Subject: RE: [office] RE: XAdES support in ODF

Bart,

There are no Zip entries for empty directory structures or directory
structures of any kind.  I think you mean <manifest:file-entry> elements.

Agreed there is nothing to sign for a subdocument directory, but that is the
only thing, beside manifest:full-path="/" that should not have a package
file to go with it.

Is Configurations2\accelerator\current.xml signed?  It has 0 length but it
definitely needs to be signed.

Also, I see that you really mean
manifest:full-path="Configurations2/menubar/" which is indeed a subdocument
entry and there is of course nothing to sign.  
 [ ... ]



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]