OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

office message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [OASIS Issue Tracker] Commented: (OFFICE-3467) ODF 1.2 CD05-110.4.1 Frame Substitutions Repudiatable


    [ http://tools.oasis-open.org/issues/browse/OFFICE-3467?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=21971#action_21971 ] 

Dennis Hamilton commented on OFFICE-3467:
-----------------------------------------

I think all of these observations are appropriate.  I favor caching whenever that makes sense just so a consumer (or viewer) can present the document without having to recreate potential dynamically-changeable parts.

It is unfortunate that <draw:image> does not provide for caching, since there are such provisions in other parts of ODF.

I think the only thing to be done is to provide Notes that indicate the difficulties that occur when there is linked content that is not captured in a way that the signature covers what the signer sees.  I assume any link-refreshing on a signed document will produce a warning from any major implementation, whether there is caching or not.

Of course, HTML is not signed, and we expect dynamic updating, so I don't think that is a worthwhile comparision.  There are other means for declaring the authenticity of a web page and allowing an user to decline to see anything that is not authenticated.

> ODF 1.2 CD05-1 10.4.1 Frame Substitutions Repudiatable
> ------------------------------------------------------
>
>                 Key: OFFICE-3467
>                 URL: http://tools.oasis-open.org/issues/browse/OFFICE-3467
>             Project: OASIS Open Document Format for Office Applications (OpenDocument) TC
>          Issue Type: Bug
>          Components: Graphics, Part 1 (Schema), Security
>            Reporter: Dennis Hamilton
>
> Because different consumers may present different alternatives in a <draw:frame>, one that is presented by a consumer need not be the one that was seen when a producer provided a digital signature on the document.
> A signer may successfully claim that the document as presented by a consumer is not the one that was signed, even though the signature is verified.  
> The difficulty is magnified when one or more of the alternatives is by reference to external material that is not covered by the signature and is not cached so as to be included in the signature.  (This is a general concern when the document contains links to external material that may be accessed automatically and presented as if it is an inherent part of the document without it being somehow reflected in the document package files that are signed.)

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]