OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

office message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Part 3 CD01 7.2.1 PD1.4 Forbids encryption of signatures

With regard to my comment during the 2010-04-26 call, it is Part 3 CD01
conformance clause PD1.2.4 in section 7.2.1 that forbids the mimetype part
and any META-INF/... parts from being included in the manifest.
Consequently, none of these, including all META-INF/*signature* files, can
be encrypted using any method provided in ODF 1.2.

I see that this is now corrected in Part 3 CDO1-rev02.  This leaves a hole
in PD1.2.7 however, since the limitation to exactly one doesn't apply to
META-INF/... files that may be present in the manifest.  I think we need a
little more work to reconcile PD1.2.4 and PD1.2.7.  I also think there
should be something at least implementation-defined concerning META-INF/...
content that is not listed in manifest.xml by a producer, because of the
consequences for encryption.

Beyond that, we still have the problem that Part 1 requires that
META-INF/documentsignature.xml includes manifest.xml in what it signs.

Encryption after signing will break any signing of manifest.xml, whether or
not the signature file itself is encrypted.  It appears that any decryption
process must remove the decryption information from manifest.xml in such a
way that the documentsignature.xml signing of manifest.xml (and any other
signing of manifest.xml) can still be verified.

 - Dennis

Dennis E. Hamilton
NuovoDoc: Design for Document System Interoperability 
mailto:Dennis.Hamilton@acm.org | gsm:+1-206.779.9430 
http://NuovoDoc.com http://ODMA.info/dev/ http://nfoWorks.org 

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]