OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

office message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: ODF Agenda for 4 June 2018 - prior discussions are inline

Greetings!

I trust everyone enjoyed the long break!

I have inserted prior chat logs where relevant so we won't have to spend time finding the prior discussions. Please review before our meeting.

Below you find a draft agenda for our TC call on Monday, 2018-06-04

The call counts towards voter eligibility.

Teleconference Numbers

Canada - (use US number)

Denmark - +45 78 77 25 34

Germany - +49 30 255550324

Hungary - +36 1 987 6874

The Netherlands - +31 6 35205016

USA - +1 641-715-3580

Access code (for all numbers): 438-387

Chat room for meeting is at: http://webconf.soaphub.org/conf/room/odf

Please send comments to the mailing list.


Agenda
------

1. Dial-In, Roll Call, Determination of Quorum and Voting Rights

2. Motion (simple majority): Approve the Agenda

3. Motion (simple majority): Notice of minutes from prior TC calls - pending

4. Meeting time for 4 June 2018 - https://www.timeanddate.com/worldclock/meetingdetails.html?year=2018&month=6&day=4&hour=16&min=0&sec=0&p1=25&p2=37

5. Issues for 4 June 2018:

Remaining from Michael's short list:

i. https://issues.oasis-open.org/browse/OFFICE-2093 Using URL fragment identifiers for ODF media types (was discussed 20 Feb 2017)

From 20 Feb 2017:

*****
Michael Stahl: https://issues.oasis-open.org/browse/OFFICE-2093
Jos van den Oever: http://example.com/data.csv#cell=4,1-6,2
Jos van den Oever: https://tools.ietf.org/html/rfc7111
Jos van den Oever: soffice 'file.ods#text|searchterm'   does not work ...
Svante Schubert: text:name is of type string
Svante Schubert: xml:id is of type ID
Svante Schubert: We should be careful when allowing text:name due to
encoding problems as part of the frament identifier and its multiple
usages (first might be taken)
Patrick: consumer requirements - shall would be inappropriate (Michael)
perhaps a should?
Patrick: Michael, no reason to limit to text documents -
Svante Schubert: mypresention.odp#1
Svante Schubert: similar something for spreadsheets and cells & cell-ranges
Michael Stahl: i think it's mypresentation.odp#page1 in OOo/LO
Svante Schubert: I will come up with a suggestion for presentation and
spreadsheet shortcuts - convention over configuration - to ease usage
Svante Schubert: NCName is https://www.w3.org/TR/xml-names11/#NT-NCName
Patrick: The practical restrictions of NCName are that it cannot contain
several symbol characters like :, @, $, %, &, /, +, ,, ;, whitespace
characters or different parenthesis. Furthermore an NCName cannot begin
with a number, dot or minus character although they can appear later in
an NCName.
Patrick: Svante and Michael will add to the issue and we will return to
it next week
*****


ii. https://issues.oasis-open.org/browse/OFFICE-3940 Add OpenPGP-based XML encryption (was discussed 4 Dec 2017)

From 4 Dec. 2017:

*****

Jos van den Oever: a. https://issues.oasis-open.org/browse/OFFICE-3940 Add OpenPGP-based XML encryption

Thorsten: https://www.w3.org/TR/xmldsig-core/#sec-PGPData

Jos van den Oever: https://www.w3.org/TR/2008/REC-xmldsig-core-20080610/#sec-PGPData

Jos van den Oever: The xmldsig version of 2008 also references PGP.

Jos van den Oever: Patrick: in ODF we can already encrypt with PGP, but cannot store info on the public key that was used

Jos van den Oever: Thorsten: in email you have hybrid encryption, with a symmetric key. The session key is encrypted with all recipients public key.

Jos van den Oever: Thorsten: each recipient gets it's own version of the encrypted session key. This is a nice way to go about without needing an external communication channel.

Jos van den Oever: Thorsten: for signatures we are good, but encryption is still lacking

Jos van den Oever: Michael: i have an issue with password based encryption. It uses a different key for every file in the session. With many iterations, it takes a long time to get these keys for all files. We could restructure to use only one key per package.

Jos van den Oever: Michael: we could put one package in a zip file to have only one encryption.

Jos van den Oever: Thorsten: the only thing to retain AES initialization vector and keep that for every file.

Jos van den Oever: Michael: init vectors is why we run KDF once per file.

Jos van den Oever: Jos: does KDF take so long?

Jos van den Oever: Michael: yes, because hashing would be run on cpu and that's fine, but now we have gpus' and they are much faster and in parallel. So we need more iterations to avoid brute-forcing.

Jos van den Oever: Thorsten: with a public/private key this issue is not present.

Jos van den Oever: Michael: yes this is an issue only with passwords

Jos van den Oever: Thorsten: so you want to have key-derivation attribute out of individual files?

Jos van den Oever: Michael: yes, have an inner package with the encrypted content

Jos van den Oever: Jos: so for password encryption it's beneficial to have a single encrypted package file

Jos van den Oever: Michael: yes

Jos van den Oever: Thorsten: unf that's a larger rearchitecturing

Jos van den Oever: Thorsten: the initialization vector was added because you might have many files starting with the same 16 bytes.

Jos van den Oever: Thorten: one blob with encrypted content solves that issue

Jos van den Oever: Thorsten: as to PGP/GPG support is just piggybanking on the existing encryption software, with the main part still being symmetric

Jos van den Oever: Jos: do you create a new file for each recipient or put encrypted keys for each recipient in the file?

Jos van den Oever: Thorsten: we put the encrypted keys for each recipient in the file

Jos van den Oever: Jos: so you can see in the file who are the recipients

Jos van den Oever: Thorsten: the key id / key fingerprint is required

Jos van den Oever: Thorsten: for x509 key package is usually also included

Jos van den Oever: Jos: would it make sense to keep the asymmetric receiver specific part external to the odf document?

Jos van den Oever: Thorsten: it's easier to keep it all in one place

Jos van den Oever: Thorsten: anything that is out of band may be lost

Jos van den Oever: Jos: are we sure things are missing?

Jos van den Oever: Patrick: at the time, just password protection seemed enough, promoting encrypting is the right direction

Jos van den Oever: Patrick: i'm not sure this proposal goes far enough or if we need something more substantial. Can we get a lot of benefit with small effort. Would we have a good differentiator with other systems?

Jos van den Oever: Thorsten: the current proposal is the minimal change we need

Jos van den Oever: Thorsten: conceivable we could go to x509 if there's a sponsor for that, to cover most prevalent encryption systems

Jos van den Oever: Michael: feature is a good idea, unf cannot read schema diff due to jira mangling it.

Jos van den Oever: Thorsten: email to the list should have better (no) formatting

Jos van den Oever: Michael: i did get the mail, even though it's broken for Thorsten

Jos van den Oever: Michael: but the no-formatting does not work because enabling it would have consequenced for all current comments

Jos van den Oever: Regina: can you make an example manifest.xml?

Jos van den Oever: Thorsten: ok

Jos van den Oever: Patrick: this is now an open issue for odf 1.3
*****

iii. https://issues.oasis-open.org/browse/OFFICE-3665 Allow data pilot source cell range to be referenced by textural name.


iv. https://issues.oasis-open.org/browse/OFFICE-1148 Demand for modification of ODF file format about regression curvein
spreadsheet (was discussed 2 Oct 2017)


Patrick: https://issues.oasis-open.org/browse/OFFICE-1148
Patrick: What of gnumeric and Excel?
Patrick: MS-Excel support all these points since MS-Excel 5.0 (for
MS-Windows 3.1, it was in 1993)
Gnumeric support polynomial regression curve in version 1.6 and moving
average regression curve in version 1.9.
LibreOffice extended ODF 1.2 to support all these points in version 4.2.
Patrick: Andreas will check against Gnumeric and - send email to Aarti
asking about Excel


****
I've added:

v. https://issues.oasis-open.org/browse/OFFICE-3937 Remove restrictions from drawing page style


6. Next meeting: 2018-06-11.

7.  Adjournment

Hope everyone is at the start of a great week!

Patrick

-- 
Patrick Durusau
patrick@durusau.net
Technical Advisory Board, OASIS (TAB)
Editor, OpenDocument Format TC (OASIS), Project Editor ISO/IEC 26300
Co-Editor, ISO/IEC 13250-1, 13250-5 (Topic Maps)

Another Word For It (blog): http://tm.durusau.net
Homepage: http://www.durusau.net
Twitter: patrickDurusau

Attachment: signature.asc
Description: OpenPGP digital signature

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]