OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

office message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [office] RE: Part 3 CD01 7.2.1 PD1.4 Forbids encryption of signatures


"Dennis E. Hamilton" <dennis.hamilton@acm.org> wrote on 04/30/2010 
12:09:12 PM:

> 
> [office] RE: Part 3 CD01 7.2.1 PD1.4 Forbids encryption of signatures
> 
> I have an immediate concern about further hacking of digital-signature
> provisions.  I think we SHOULD NOT make the addition proposed in
> OFFICE-2656. 
> 
> I am frightened to see this increasing complexity by what appears to be
> last-minute instant design of provisions that have serious security,
> privacy, and authentication implications.  I MUST object. 
> 

I don't see this proposal as introducing complexity.  It is just defining 
the behavior for the real-world complexity that already exists.  You can 
receive an encrypted documented and then want to sign it.  And you can 
receive a signed document and want to encrypt it.  These are two 
independent real-world actions that may be done by different agents.  But 
since they manipulate some of the same package structures we need to be 
clear about how these operations relate and what ordering constraints we 
have.

I agree that this is an area we need to get right.   So what do we need to 
do to make sure we get it right? 

-Rob


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]