OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

office message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [OASIS Issue Tracker] Commented: (OFFICE-967) Public Comment: RE:[office-comment] ODF 1.1: Heads up on Document Crypto

    [ http://tools.oasis-open.org/issues/browse/OFFICE-967?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15585#action_15585 ] 

Dennis Hamilton commented on OFFICE-967:

This is not the only issue related to this part of the specification related to the identified encryption methods and the description of the procedure.

Because this is mentioned in Michael's offer of updated text, I will summarize the problems here:

1. The values of the various attributes are not specified.   That is, we don't know what the actual value is for specifying even the recommended hash methods and identification of the specific encryption and key-generation method.  The text names some methods but does not specify any corresponding attribute values.  I also note that examples and actual encrypted files use values that are not even hinted at in the specification.  

2. There are no authoritative references.

3. There is no specification of how any user-specifiable key is represented in storage before submission to hashing, so we don't know how to ensure interoperability of key hashing (MDAC algorithms take the bit array they are given.  For an enterable password or pass phrase, more needs to be known).

4. If other methods are allowed, as it says in the text, the means by which attribute values are chosen for other methods is not specified, nor is there no means for ensuring that uses do not collide, etc.  (I prefer allowing absolute URIs along with the fixed values available for common use, but I'm just saying.)

5. The latest draft abstracts the procedure properly, but a descriptive rather than procedural description might be even better.  

> Public Comment: RE: [office-comment] ODF 1.1: Heads up on Document Crypto
> -------------------------------------------------------------------------
>                 Key: OFFICE-967
>                 URL: http://tools.oasis-open.org/issues/browse/OFFICE-967
>             Project: OASIS Open Document Format for Office Applications (OpenDocument) TC
>          Issue Type: Bug
>          Components: Packaging, Security
>            Reporter: Robert Weir 
>            Assignee: Robert Weir 
>             Fix For: ODF 1.2
> Copied from office-comment list
> Original author: "Hanssens Bart" <Bart.Hanssens@fedict.be> 
> Original date: 7 Jul 2008 07:29:55 -0000
> Original URL: http://lists.oasis-open.org/archives/office-comment/200807/msg00050.html

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]