OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

office message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [OASIS Issue Tracker] Commented: (OFFICE-2315) Public Comment: ODF1.2 part 1 cd03 - 3.16 digital sig, certificate chain (CLONE)


    [ http://tools.oasis-open.org/issues/browse/OFFICE-2315?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18800#action_18800 ] 

Dennis Hamilton commented on OFFICE-2315:
-----------------------------------------

"so encryption is possible even when signing manifest.xml (w/o storing information for the encryption in the manifest.xml, but in the signature file itself). "

Malte: Excuse me.  The only encryption method specified in ODF 1.2 Packaging is that involving the manifest.xml file.

Tell me, using provisions of the proposed ODF 1.2 specification, how signature files and other package material with META-INF/... names can be encrypted.  Tell me, using provisions of the proposed ODF 1.2 specification, the META-INF/documentsignature.xml file can be encrypted and that it sign manifest.xml?

Michael: If we are going to allow arbitrary other "extended"  META-INF/... package material that is not to be included in the META-INF/manifest.xml and cannot be encrypted, I think we are creating a serious security vulnerabiity and should not be entertaining that at all in the OpenDocument specification untill we have resolved the security implications first.

> Public Comment: ODF 1.2 part 1 cd03 - 3.16 digital sig, certificate chain (CLONE)
> ---------------------------------------------------------------------------------
>
>                 Key: OFFICE-2315
>                 URL: http://tools.oasis-open.org/issues/browse/OFFICE-2315
>             Project: OASIS Open Document Format for Office Applications (OpenDocument) TC
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: ODF 1.2 Part 1 CD 4 
>         Environment: This issue applies to OpenDocument-v1.2-part1-cd04 and Public Review of that document.
>            Reporter: Robert Weir 
>            Priority: Blocker
>
> Copied from office-comment list
> Original author: Hanssens Bart <Bart.Hanssens@fedict.be> 
> Original date: 24 Dec 2009 13:37:19 -0000
> Original URL: http://lists.oasis-open.org/archives/office-comment/200912/msg00023.html

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]