OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

office message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [OASIS Issue Tracker] Commented: (OFFICE-2315) NEEDS-DISCUSSION:Security Exposures - Public Comment: ODF 1.2 part 1 cd03 - 3.16 digitalsig, certificate chain (CLONE)


    [ http://tools.oasis-open.org/issues/browse/OFFICE-2315?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18963#action_18963 ] 

Dennis Hamilton commented on OFFICE-2315:
-----------------------------------------

I would fix the use of "implies" which is not quite right and so long as it is clear that the documentsignature.xml signs absolutely everything in the Zip catalog with the possible exception of META-INF/documentsignature.xml itself.  

My examination of Part 3 CD01-rev02 suggests that the documentsignature.xml file can be encrypted, so long as the manifest.xml encryption information is carefully removed before any signatures are checked.

I will look at raising a separate JIRA issue for any lingering questions that I have.

> NEEDS-DISCUSSION: Security Exposures - Public Comment: ODF 1.2 part 1 cd03 - 3.16 digital sig, certificate chain (CLONE)
> ------------------------------------------------------------------------------------------------------------------------
>
>                 Key: OFFICE-2315
>                 URL: http://tools.oasis-open.org/issues/browse/OFFICE-2315
>             Project: OASIS Open Document Format for Office Applications (OpenDocument) TC
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: ODF 1.2 Part 1 CD 4 
>         Environment: This issue applies to OpenDocument-v1.2-part1-cd04 and Public Review of that document.
>            Reporter: Robert Weir 
>            Assignee: Michael Brauer
>            Priority: Blocker
>
> Copied from office-comment list
> Original author: Hanssens Bart <Bart.Hanssens@fedict.be> 
> Original date: 24 Dec 2009 13:37:19 -0000
> Original URL: http://lists.oasis-open.org/archives/office-comment/200912/msg00023.html

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]