OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

office message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [office] [OASIS Issue Tracker] Commented: (OFFICE-2656)NEEDS-DISCUSSION: Clarify when signatures operate on encrypted and when onunencrypted files.

I seem currently unable to add comments to these discussions.

I have a suggestion that may clarify how to handle these URIs for a Reference element. The core problem is that you have a need to have URIs that could be one of:

1) Same-document
2) Within the document-signatures element (typically this signature)
3) an external URI

There are two good ways to resolve the problem:

1) use of the Type attribute, which is required for the XAdES reference, and you would then specify that if a Reference were of a specific type, then the path resolution would be done in a specific way.
2) You could place all Reference elements that require special path processing into a Manifest - if a Reference is contained within an Object/Manifest, then you get to specify how those Reference elements are resolved and processed.

Either of these two approaches is fine, and would resolve the ambiguity.

The approach that Microsoft Office has taken is that all Reference elements within the SignedInfo must be based on an Id attribute, and must be within the Signature element (we have no upper container, excepting InfoPath), and all Reference elements that refer to the document are contained within the Object with a tag of idPackageObject. I am not saying that ODF documents should follow this approach, just giving an example of how it can be done. Using the Type attribute would accomplish the same thing.

Whether to sign something completely external to your document is a tricky subject - you're dealing with something outside your control, which renders the signature fragile. OTOH, if the external URI is used to change the appearance of the document itself, then any changes would violate the 'what you see is what you sign' rule, and it should be signed.

Dennis, could you please add this to the comments?

-----Original Message-----
From: OASIS Issues Tracker [mailto:workgroup_mailer@lists.oasis-open.org] 
Sent: Wednesday, May 05, 2010 7:24 AM
To: office@lists.oasis-open.org
Subject: [office] [OASIS Issue Tracker] Commented: (OFFICE-2656) NEEDS-DISCUSSION: Clarify when signatures operate on encrypted and when on unencrypted files.

    [ http://tools.oasis-open.org/issues/browse/OFFICE-2656?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=19123#action_19123 ] 

Michael Brauer commented on OFFICE-2656:

I've created OFFICE-2669 for the fragment identifier issue.

> NEEDS-DISCUSSION: Clarify when signatures operate on encrypted and when on unencrypted files.
> ----------------------------------------------------------------------
> -----------------------
>                 Key: OFFICE-2656
>                 URL: http://tools.oasis-open.org/issues/browse/OFFICE-2656
>             Project: OASIS Open Document Format for Office Applications (OpenDocument) TC
>          Issue Type: Sub-task
>          Components: Packaging
>    Affects Versions: ODF 1.2 Part 3 CD 1
>            Reporter: Michael Brauer
>            Assignee: Michael Brauer
>             Fix For: ODF 1.2 Part 2 CD 3
> The ODF 1.2 part 3 CD01 specification currently does not explicitly state how references to encrypted files are handled.
> There are two uses cases:
> a) A signature is applied to an encrypted document. In this case, the signature would operate on the encrypted files.
> b) A signed document is encrypted. In this case, the signature would operate on the unencrypted files.

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail.  Follow this link to all your TCs in OASIS at:

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]