OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

office-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Insufficient documentation on ODF encryption.

Hi,

 

I am attempting to implement ODF encryption (ODF 1.1 paragraph 17.3) and I am failing miserably. My goal was to purely use information within the ODF specification and not use any extra materials like the Open Office source code. My goal of implementing this feature of ODF is made difficult with the lack of useful information in the ODF specification itself. In total there is ½ an A4 worth of text on encryption of documents, which IMHO is a vital feature and deserves much more attention. I find the text hard to read, lacking important information and generally not useful for building software. In short, here are my main issues with this part of the ODF specification.

-          The text immediately jumps into implementation steps, without explaining anything about the goals, process or general background of encryption of ODF documents. For instance, is the entire ZIP encrypted, or the entries within the ZIP?

-          There are no references to other important areas of the specification, which would facilitate improved navigation. This makes it even harder to find relevant areas of ODF to look at.

-          There is no mention of decryption of a document.

-          The steps do not show any sample data which could be used to validate my code without needing to fall back on existing implementations (which might be equally wrong as my code)

-          The author of the Blowfish encryption algorithm indicates that he is amazed that it is even used. It might not be allowed to use the algorithm for FIPS compliancy (I’m no expert on that though).

-          The encoding of the password is not mentioned, which is vital information to be able to implement this feature.

-          The exact process of salting the password hash is defined as ‘used together’, which is totally useless from an implementation standpoint.

 

Since my government is demanding usage of this file format, I have interest in seeing it improve much beyond where it is right now. Even the source code of Open Office would result in more useful documentation, which IMHO should never be the case for a specification of this importance.

I hope you will appreciate this feedback and take appropriate action to make ODF a more useful standard, and not the essay that I am reading right now. People actually need to use this to implement applications, and to be honest, I do not think this is actually possible. Please don’t take this the wrong way, but the Open XML specification would be a great sample on how the general structure of the ODF specification should look like. Much more text, samples, and anchor / hyperlinks.

 

Thanks for all your efforts in this field. I hope you will continue to improve and tune ODF.

Sincerely yours,

 

Wouter van Vugt

Code Counsel

 

 

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]