OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

office message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: [OASIS Issue Tracker] Commented: (OFFICE-2315) NEEDS-DISCUSSION:Security Exposures - Public Comment: ODF 1.2 part 1 cd03 - 3.16 digitalsig, certificate chain (CLONE)



    [ http://tools.oasis-open.org/issues/browse/OFFICE-2315?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18837#action_18837 ] 

Michael Brauer commented on OFFICE-2315:
----------------------------------------

Dennis: You've added the NEEDS-DISCUSSION because of your encryption concerns, which are unrelated to the public comment. I would like to remove it, but please don't hesitate to submit a new issue regarding your concerns.

Are the any other disagreements on the issue, or can we set it to resolved with a "no action"?

(While it is off topic for this issue I'd like to add one comment regarding document signatures: The ODF package specification allows arbitrary types of signatures to be stored. The Part 1 specification defines two kind of signatures (document signatures and macro signatures) that have a particular purpose. The purpose of a document signature is to sign a full document, which may be encrypted already. A document signature may not be a good choice if one wants to sign a document, and encrypt it afterwards. But that is not an issue for a document signature. One in this case could store another kind of signature, which excludes META-INF/manifest.xml. The part 3 specification does allow that. Such a signature only may not be called a document signature.

> NEEDS-DISCUSSION: Security Exposures - Public Comment: ODF 1.2 part 1 cd03 - 3.16 digital sig, certificate chain (CLONE)
> ------------------------------------------------------------------------------------------------------------------------
>
>                 Key: OFFICE-2315
>                 URL: http://tools.oasis-open.org/issues/browse/OFFICE-2315
>             Project: OASIS Open Document Format for Office Applications (OpenDocument) TC
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: ODF 1.2 Part 1 CD 4 
>         Environment: This issue applies to OpenDocument-v1.2-part1-cd04 and Public Review of that document.
>            Reporter: Robert Weir 
>            Priority: Blocker
>
> Copied from office-comment list
> Original author: Hanssens Bart <Bart.Hanssens@fedict.be> 
> Original date: 24 Dec 2009 13:37:19 -0000
> Original URL: http://lists.oasis-open.org/archives/office-comment/200912/msg00023.html

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]