[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: chat notes from ODF TC teleconference - 04 Dec 2017
Greetings! Thanks to Jos we have very good chat notes for the meeting today! Hope everyone is at the start of a great week! Patrick Chat notes - 04 December 2017 Patrick: quorum Jos van den Oever: No additions to the agenda. Agenda approved. Patrick: agenda approved Jos van den Oever: a. https://issues.oasis-open.org/browse/OFFICE-3940 Add OpenPGP-based XML encryption Jos van den Oever: https://www.w3.org/TR/2008/REC-xmldsig-core-20080610/#sec-PGPData Jos van den Oever: The xmldsig version of 2008 also references PGP. Jos van den Oever: Patrick: in ODF we can already encrypt with PGP, but cannot store info on the public key that was used Jos van den Oever: Thorsten: in email you have hybrid encryption, with a symmetric key. The session key is encrypted with all recipients public key. Jos van den Oever: Thorsten: each recipient gets it's own version of the encrypted session key. This is a nice way to go about without needing an external communication channel. Jos van den Oever: Thorsten: for signatures we are good, but encryption is still lacking Jos van den Oever: Michael: i have an issue with password based encryption. It uses a different key for every file in the session. With many iterations, it takes a long time to get these keys for all files. We could restructure to use only one key per package. Jos van den Oever: Michael: we could put one package in a zip file to have only one encryption. Jos van den Oever: Thorsten: the only thing to retain AES initialization vector and keep that for every file. Jos van den Oever: Michael: init vectors is why we run KDF once per file. Jos van den Oever: Jos: does KDF take so long? Jos van den Oever: Michael: yes, because hashing would be run on cpu and that's fine, but now we have gpus' and they are much faster and in parallel. So we need more iterations to avoid brute-forcing. Jos van den Oever: Thorsten: with a public/private key this issue is not present. Jos van den Oever: Michael: yes this is an issue only with passwords Jos van den Oever: Thorsten: so you want to have key-derivation attribute out of individual files? Jos van den Oever: Michael: yes, have an inner package with the encrypted content Jos van den Oever: Jos: so for password encryption it's beneficial to have a single encrypted package file Jos van den Oever: Michael: yes Jos van den Oever: Thorsten: unf that's a larger rearchitecturing Jos van den Oever: Thorsten: the initialization vector was added because you might have many files starting with the same 16 bytes. Jos van den Oever: Thorten: one blob with encrypted content solves that issue Jos van den Oever: Thorsten: as to PGP/GPG support is just piggybanking on the existing encryption software, with the main part still being symmetric Jos van den Oever: Jos: do you create a new file for each recipient or put encrypted keys for each recipient in the file? Jos van den Oever: Thorsten: we put the encrypted keys for each recipient in the file Jos van den Oever: Jos: so you can see in the file who are the recipients Jos van den Oever: Thorsten: the key id / key fingerprint is required Jos van den Oever: Thorsten: for x509 key package is usually also included Jos van den Oever: Jos: would it make sense to keep the asymmetric receiver specific part external to the odf document? Jos van den Oever: Thorsten: it's easier to keep it all in one place Jos van den Oever: Thorsten: anything that is out of band may be lost Jos van den Oever: Jos: are we sure things are missing? Jos van den Oever: Patrick: at the time, just password protection seemed enough, promoting encrypting is the right direction Jos van den Oever: Patrick: i'm not sure this proposal goes far enough or if we need something more substantial. Can we get a lot of benefit with small effort. Would we have a good differentiator with other systems? Jos van den Oever: Thorsten: the current proposal is the minimal change we need Jos van den Oever: Thorsten: conceivable we could go to x509 if there's a sponsor for that, to cover most prevalent encryption systems Jos van den Oever: Michael: feature is a good idea, unf cannot read schema diff due to jira mangling it. Jos van den Oever: Thorsten: email to the list should have better (no) formatting Jos van den Oever: Michael: i did get the mail, even though it's broken for Thorsten Jos van den Oever: Michael: but the no-formatting does not work because enabling it would have consequenced for all current comments Jos van den Oever: Regina: can you make an example manifest.xml? Jos van den Oever: Thorsten: ok Jos van den Oever: Patrick: this is now an open issue for odf 1.3 Jos van den Oever: next: b. https://issues.oasis-open.org/browse/OFFICE-3906 DCOUNT and DCOUNTA Field argument can be omitted Jos van den Oever: Patrick: there are some cases where a field can be ommitted Jos van den Oever: Patrick: there is no example where the final field is required but a middle field is optional Jos van den Oever: Jos: have Field be optional and Criterium required would break current pattern, but Field might be required, so empty string between the two ';' characters Jos van den Oever: Patrick: the criteria should ideally be earlier because it's always desired Jos van den Oever: Regina: i see no problem. the semicolons will avoid confusion Michael Stahl: LINEST Jos van den Oever: Michael: LINEST has optional knownX which can still be followed by other arguments Jos van den Oever: Regina: this case is explained in other functions where this happens. The same text could be added to the function in this proposal Jos van den Oever: Jos: that's a good solution Regina Henschel: Something as in CEILING "If significance is omitted or an empty parameter (two consecutive ;; semicolons)..." Jos van den Oever: Patrick: with the addition of that language, we can mark this issue as resolved Jos van den Oever: Patrick: with that we adjourn
-- Patrick Durusau patrick@durusau.net Technical Advisory Board, OASIS (TAB) Editor, OpenDocument Format TC (OASIS), Project Editor ISO/IEC 26300 Co-Editor, ISO/IEC 13250-1, 13250-5 (Topic Maps) Another Word For It (blog): http://tm.durusau.net Homepage: http://www.durusau.net Twitter: patrickDurusau |
Attachment:
signature.asc
Description: OpenPGP digital signature
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]