OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

office message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: Part 3 CD01 7.2.1 PD1.4 Forbids encryption of signatures


Hi,

Regarding encryption and signatures, I've noticed that we did not 
exactly state when a signature operates on the encrypted data, and when 
it operates on the decrypted data. I've submitted 
http://tools.oasis-open.org/issues/browse/OFFICE-2656
for this.

Michael


On 04/28/10 19:00, Dennis E. Hamilton wrote:
> With regard to my comment during the 2010-04-26 call, it is Part 3 CD01
> conformance clause PD1.2.4 in section 7.2.1 that forbids the mimetype part
> and any META-INF/... parts from being included in the manifest.
> Consequently, none of these, including all META-INF/*signature* files, can
> be encrypted using any method provided in ODF 1.2.
> 
> I see that this is now corrected in Part 3 CDO1-rev02.  This leaves a hole
> in PD1.2.7 however, since the limitation to exactly one doesn't apply to
> META-INF/... files that may be present in the manifest.  I think we need a
> little more work to reconcile PD1.2.4 and PD1.2.7.  I also think there
> should be something at least implementation-defined concerning META-INF/...
> content that is not listed in manifest.xml by a producer, because of the
> consequences for encryption.
> 
> Beyond that, we still have the problem that Part 1 requires that
> META-INF/documentsignature.xml includes manifest.xml in what it signs.
> 
> Encryption after signing will break any signing of manifest.xml, whether or
> not the signature file itself is encrypted.  It appears that any decryption
> process must remove the decryption information from manifest.xml in such a
> way that the documentsignature.xml signing of manifest.xml (and any other
> signing of manifest.xml) can still be verified.
> 
>  - Dennis
> 
> Dennis E. Hamilton
> ------------------
> NuovoDoc: Design for Document System Interoperability 
> mailto:Dennis.Hamilton@acm.org | gsm:+1-206.779.9430 
> http://NuovoDoc.com http://ODMA.info/dev/ http://nfoWorks.org 
> 


-- 
Michael Brauer, Technical Architect Software Engineering
StarOffice/OpenOffice.org
Sun Microsystems GmbH             Nagelsweg 55
D-20097 Hamburg, Germany          michael.brauer@sun.com
http://sun.com/staroffice         +49 40 23646 500
http://blogs.sun.com/GullFOSS

Sitz der Gesellschaft: Sun Microsystems GmbH, Sonnenallee 1,
	   D-85551 Kirchheim-Heimstetten
Amtsgericht Muenchen: HRB 161028
Geschaeftsfuehrer: Jürgen Kunz


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]