OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

office message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [office] What to do about digital signatures

Option #2 absolutely makes sense to me.


robert_weir@us.ibm.com wrote, On 05/07/10 20:51:
> We've been discussing this on the list for a few days now.  I think we're 
> getting a better feel for the scope of what needs to be done, thanks to 
> David's recent notes. . But I haven't seen a specific proposal yet.  I'm 
> having some IBM colleagues look at this issue as well, since it is outside 
> of my expertise.  But I will comment quickly on what our options are at 
> this point:
> 1) Continue discussing and delay ODF 1.2 until we have a resolution.
> 2) Continue discussing, send ODF 1.2 out for public review knowing that 
> this issue is open, and commit to resolving it when the public review 
> ends.  But know that changes made after the public review would trigger 
> another 15-day public review of those changes.
> 3) Remove the feature from ODF 1.2.
> 4) Do nothing in ODF 1.2, but address this area in a future revision.
> 5) Convince ourselves that there is not a problem ;-)
> Are there any other options I've missed?
> I think if we have the right people looking at this area, we should be 
> able to resolve it in ODF 1.2.  So to me that sounds like option #1 or #2. 
> Since the digital signature feature is not broadly entangled in the other 
> features of ODF 1.2, I think it can be reviewed and revised without 
> invalidating the review performed on other parts of specification.  So I'm 
> inclined to recommend that we pick option #2. 
> I reminded of the saying, 'Never code standing up', meaning if you are in 
> a rush to leave the office, and you already have your hat on, and you are 
> making one last change to the code while standing up to put on your coat, 
> then you are asking for trouble.  I think we want to also avoid specifying 
> security-related ODF features standing up.  Let's take a couple of months, 
> during the public review of ODF 1.2, to figure out exactly what needs to 
> be done here.  This will allow us to continue discussions at a deliberate, 
> but unrushed pace.  We could continue discussions on the main TC list.  Or 
> if we wanted to have a separate list and maybe a series of meetings on the 
> subject (yes, more meetings) we could choose to form a "ODF Security 
> Subcommittee".
> Any thoughts on the process side of this, before we get back to discussing 
> the details of XAdES?  In particular, any objections to #2?
> -Rob
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  Follow this link to all your TCs in OASIS at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php 

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]