OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

office message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: What to do about digital signatures

We've been discussing this on the list for a few days now.  I think we're 
getting a better feel for the scope of what needs to be done, thanks to 
David's recent notes. . But I haven't seen a specific proposal yet.  I'm 
having some IBM colleagues look at this issue as well, since it is outside 
of my expertise.  But I will comment quickly on what our options are at 
this point:

1) Continue discussing and delay ODF 1.2 until we have a resolution.

2) Continue discussing, send ODF 1.2 out for public review knowing that 
this issue is open, and commit to resolving it when the public review 
ends.  But know that changes made after the public review would trigger 
another 15-day public review of those changes.

3) Remove the feature from ODF 1.2.

4) Do nothing in ODF 1.2, but address this area in a future revision.

5) Convince ourselves that there is not a problem ;-)

Are there any other options I've missed?

I think if we have the right people looking at this area, we should be 
able to resolve it in ODF 1.2.  So to me that sounds like option #1 or #2. 

Since the digital signature feature is not broadly entangled in the other 
features of ODF 1.2, I think it can be reviewed and revised without 
invalidating the review performed on other parts of specification.  So I'm 
inclined to recommend that we pick option #2. 

I reminded of the saying, 'Never code standing up', meaning if you are in 
a rush to leave the office, and you already have your hat on, and you are 
making one last change to the code while standing up to put on your coat, 
then you are asking for trouble.  I think we want to also avoid specifying 
security-related ODF features standing up.  Let's take a couple of months, 
during the public review of ODF 1.2, to figure out exactly what needs to 
be done here.  This will allow us to continue discussions at a deliberate, 
but unrushed pace.  We could continue discussions on the main TC list.  Or 
if we wanted to have a separate list and maybe a series of meetings on the 
subject (yes, more meetings) we could choose to form a "ODF Security 

Any thoughts on the process side of this, before we get back to discussing 
the details of XAdES?  In particular, any objections to #2?


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]