[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [office] auto-play presentation file format like PPS
Hi Warren Interesting questions. I think if you wanted to encrypt "all" of the data, for example to transfer a file securely via email, then I don't really see how it is necessary to specifically support this in the file format at all. Whatever the standard does or does not say, you are always free to encrypt the entire file just as you would any other file. There's not even a good reason to let a potential attacker know that its an odf file for that matter. In that context, I think on balance that it is reasonable for the standard to define only a method which does not encrypt the metadata. The metadata might still be required for implementing of workflows in a document management system for example. As well as provide necessary information about algorithms and keys as per Duanne's note below. And you are still not prevented from encrypting the entire file as per above if that is your requirement. Otherwise I am becoming sold on the idea of the preferred open method being indicated in the manifest. Though I've also been rattling my brain about what a concept like "autoplay" might mean in terms of a word processor document or spreadsheet. I guess if you had something like an Xform embedded in one of these document types there is useful case for specifying it open in edit mode or 'play' mode. There are other scenarios with spreadsheets which are traditionally controlled using protected ranges which might also lend themselves to such a metaphor. Apart from such speculations, and mindful of time, it may be safest to specify for the moment that the flag may be ignored in document types other than presentations. Regards Bob ----- Original Message ----- From: "Duane Nickull" <dnickull@adobe.com> To: "Warren Turkal" <turkal@google.com> Cc: "robert weir" <robert_weir@us.ibm.com>, office@lists.oasis-open.org Sent: 25 March 2008 08:50:31 PM Subject: Re: [office] auto-play presentation file format like PPS Agree. The ISO PDF spec does not and I believe it is a wise approach. Duane On 25/03/08 11:33 AM, "Warren Turkal" <turkal@google.com> wrote: I can see a use for both encrypting and not encrypting the metadata. I just don't want to see the standard define only a method that does not encrypt the metadata. wt On Tue, Mar 25, 2008 at 11:13 AM, Duane Nickull <dnickull@adobe.com> wrote: > > For the ISO PDF specification and reference implementation, the ability to > encrypt the entire package vs. the content except metadata is a decision > left to the encrypter. If you use Acrobat pro, you can toggle this > preference. There is no one rule that universally applied to people using > PDF. For archiving PDF's, it is often preferred to be able to preserve > plain text metadata. This also might help applications understand the > encryption algorithm used and give them the ability to use the right key to > open it. > > As for the preferred opening, there is a way to save PDF as backwards > compatible files (previous versions) and specify certain initial view > settings however you cannot (to my knowledge) specify a preferred > application that will override the base operating system preferences the SU > of the O/S specified. Such would be a minor security risks in some cases > (such as telling it to open a PDF in a browser and pass it a URL to a porn > site or some site to verify a user responded to add that use to a spam > list). > > Duane > > > > > On 25/03/08 10:49 AM, "Warren Turkal" <turkal@google.com> wrote: > > > > I think that it makes sense to include the "preferred" open method in > the manifest. > > However, an encryption layer should probably encrypt the manifest as > well. There's no reason to give an attacker any information. > > wt > > On Mon, Mar 24, 2008 at 5:57 PM, <robert_weir@us.ibm.com> wrote: > > > > But even a PDF file could be opened in either Acrobat Reader or the full > > Acrobat application (or their equivalents). > > > > It makes me wonder if this isn't better expressed at the > packaging/manifest > > level? > > > > We should think of our package format as being independent of whatever is > in > > content.xml. In the future, our packaging conventions (Zip container + > > manifest.xml + mimetype + thumbnail.png) could be used by other > > applications. At this level we define things like encryption and digital > > signatures. Is this the right place to define the preferred "open mode" > of > > the document, edit versus play versus whatever? > > > > This would also have the advantage of being able to detect this > preference > > quickly before decryption, which would be useful if there are two > entirely > > difference applications, like in the PDF case, but also where you might > have > > a lightweight screenshow viewer, fast to launch, versus a larger, slower > > loading editor. > > > > -Rob > > > > > > > > > > > > "Warren Turkal" <turkal@google.com> > > > > 03/24/2008 07:14 PM > > > > To dwheeler@dwheeler.com > > > > cc > > office@lists.oasis-open.org > > > > Subject Re: [office] auto-play presentation file format like PPS > > > > > > > > > > > > > > On Mon, Mar 24, 2008 at 2:12 PM, David A. Wheeler <dwheeler@dwheeler.com> > > wrote: > > > E.G., in the "one laptop per child" system, it'd make sense to have a > > lot of > > > textbooks in OpenDocument format that are normally opened in a > "browser" > > > (read-only) mode, while other documents that you're working on would > be > > > opened using an editor. (The browser might be optimized just for > > reading). > > > > To play devil's advocate, wouldn't PDF be a better format for the use > > case of viewing (and not editing) a document? > > > > wt > > > > --------------------------------------------------------------------- > > To unsubscribe from this mail list, you must leave the OASIS TC that > > generates this mail. You may a link to this group and all your TCs in > > OASIS > > at: > > > > > > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php > > > > > > > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. You may a link to this group and all your TCs in > OASIS > at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php > > > > -- > ********************************************************************** > "Speaking only for myself" > Senior Technical Evangelist - Adobe Systems, Inc. > Blog - http://technoracle.blogspot.com > Community Music - http://www.mix2r.com > My Band - http://www.myspace.com/22ndcentury > Adobe MAX 2008 - > http://technoracle.blogspot.com/2007/08/adobe-max-2008.html > ********************************************************************** > -- ********************************************************************** "Speaking only for myself" Senior Technical Evangelist - Adobe Systems, Inc. Blog - http://technoracle.blogspot.com Community Music - http://www.mix2r.com My Band - http://www.myspace.com/22ndcentury Adobe MAX 2008 - http://technoracle.blogspot.com/2007/08/adobe-max-2008.html **********************************************************************
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]