OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

office-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [office-comment] ODF 1.1: Heads up on Document Crypto

"Dennis E. Hamilton" <dennis.hamilton@acm.org> wrote on 07/04/2008 
12:08:38 PM:

> David Leblanc is a serious cryptography maven at Microsoft. 
> http://blogs.msdn.com/david_leblanc/archive/2008/07/03/office-
> crypto-follies.aspx
> is a great post on the different uses of obfuscation and 
> cryptography for Office documents, from the binaries up to OOXML (I 
> assume he means Office 2007).
> There are observations on ODF 1.1 cryptography, related to the 
> maturing understanding of cryptography for Microsoft Office 
> documents, at the end of the blog post. 

Ah, he is not a fan of Blowfish, I see.

We should probably look at this.  Although it is nice to have a single, 
patent-free algorithm specified, that does put us in the position of 
having the format potentially obsoleted overnight if Blowfish were broken. 
 The safer practice is to allow a number of strong algorithms.  The 
downside is that this makes more work for implementors, and could reduce 
interoperability (you can only exchange with those applications that 
support the same algorithm that your document was encrypted with).

AES is not a panacea either.  I know that some foreign governments are 
suspicious of anything that the NSA says is OK for use.  So best to allow 
a choice of several strong algorithms.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]