OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

office-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: ODF 1.2 CD02 17.669 / 17.700 (protection-key)

When reading the newly added constructs for persisting passwords for
e.g. protecting cell content, I noticed that in the corresponding
schemas, both the attributes "protection-key" and
"protection-key-digest-algorithm" are optional.

To enhance interoperability and predictability between ODF
implementations supporting these constructs, I suggest you add a
normative reguirement that _if_ an application uses the
"protection-key" attribute, the attribute
"protection-key-digest-algorithm" _shall_ be used as well.

If you don't have any information about the algorithm used to create
the digest, you are forced to iterate through a list of digest
algorithms until you find one that matches. It would be much easier to
simply use the algorithm-name and look that specific algorithm up in
the "toolbox" of the implementation. Also (and this is the most
important part), by making the protection-key-digest-algorithm a
required attribute when using the "protection-key" attribute, you
would force the applications to implement the normative requirements
of this attribute, which is read-support for SHA1 and SHA256. This
would greatly improve interoperability between applications using
these document protection constructs since you could be certain that a
FIPS180/NIST-approved digest algorithm was used

I believe that RelaxNG supports constraints like this but if not, the
prose should be changed to make the requirement normative.

I hope you take this into consideration.

Jesper Lund Stocholm
SC34/WG4 http://www.itscj.ipsj.or.jp/sc34/wg4/

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]