OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

office message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [office] OFFICE-2656: Default Signing After Encryption is Unacceptable

Patrick, the only proposal I would make is that the current signatures always happen before any encryption, whether or not the signature is encrypted (and it should be if there is any encryption).  That's with regard to the current state of affairs.  There would be no signing after encryption using the package-embedded ODF 1.2 digital signatures.

However, that will break every digital signature implementation in previous and current versions of OO.o, including any other implementation using that part of the code base, which is why I think removal from the ODF specification might be the only option (for now).

Another solution, whether or not there is removal or repair, is to go to an external/wrapper signing and encryption model.  The signing part of that is a bit problematic because it has to deal with being outside of a Zip.  That may be simply unworkable, especially as more-sophisticated signature approaches are introduced, such as XadES.  (On the other hand, since we have adopted a sign-everything whatever its form for META-INF/documentsignatures.xml, an external signature can do that little rather easily.)  But either way, external/wrapper signatures/encryptions don't have to be on the ODF 1.2 critical path and don't even have to be done in the ODF TC.  The advantage of these models, at least for encryption, is that it just makes everything straightforward, the threat models are understandable, and it is possible to vet implementations much more easily than one snarled up inside the ODF 1.2 Package and document model. 

Thanks for asking,

 - Dennis

-----Original Message-----
From: Patrick Durusau [mailto:patrick@durusau.net] 
Sent: Wednesday, May 05, 2010 15:02
To: office@lists.oasis-open.org
Subject: Re: [office] OFFICE-2656: Default Signing After Encryption is Unacceptable


I am trying to catch up on this issue.

Do you have an alternative proposal?

To the list: Discussion without the adjectives would be appreciated. I 
have enough closing emails to review without having to wade through 
non-substantive remarks. Simply stating the facts are enough. You 
already have my attention.

Hope you are having a great day!


[ ... ] 

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]