[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: Part 3 CD01 7.2.1 PD1.4 Forbids encryption of signatures
Hi, Regarding encryption and signatures, I've noticed that we did not exactly state when a signature operates on the encrypted data, and when it operates on the decrypted data. I've submitted http://tools.oasis-open.org/issues/browse/OFFICE-2656 for this. Michael On 04/28/10 19:00, Dennis E. Hamilton wrote: > With regard to my comment during the 2010-04-26 call, it is Part 3 CD01 > conformance clause PD1.2.4 in section 7.2.1 that forbids the mimetype part > and any META-INF/... parts from being included in the manifest. > Consequently, none of these, including all META-INF/*signature* files, can > be encrypted using any method provided in ODF 1.2. > > I see that this is now corrected in Part 3 CDO1-rev02. This leaves a hole > in PD1.2.7 however, since the limitation to exactly one doesn't apply to > META-INF/... files that may be present in the manifest. I think we need a > little more work to reconcile PD1.2.4 and PD1.2.7. I also think there > should be something at least implementation-defined concerning META-INF/... > content that is not listed in manifest.xml by a producer, because of the > consequences for encryption. > > Beyond that, we still have the problem that Part 1 requires that > META-INF/documentsignature.xml includes manifest.xml in what it signs. > > Encryption after signing will break any signing of manifest.xml, whether or > not the signature file itself is encrypted. It appears that any decryption > process must remove the decryption information from manifest.xml in such a > way that the documentsignature.xml signing of manifest.xml (and any other > signing of manifest.xml) can still be verified. > > - Dennis > > Dennis E. Hamilton > ------------------ > NuovoDoc: Design for Document System Interoperability > mailto:Dennis.Hamilton@acm.org | gsm:+1-206.779.9430 > http://NuovoDoc.com http://ODMA.info/dev/ http://nfoWorks.org > -- Michael Brauer, Technical Architect Software Engineering StarOffice/OpenOffice.org Sun Microsystems GmbH Nagelsweg 55 D-20097 Hamburg, Germany michael.brauer@sun.com http://sun.com/staroffice +49 40 23646 500 http://blogs.sun.com/GullFOSS Sitz der Gesellschaft: Sun Microsystems GmbH, Sonnenallee 1, D-85551 Kirchheim-Heimstetten Amtsgericht Muenchen: HRB 161028 Geschaeftsfuehrer: Jürgen Kunz
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]