[OASIS Issue Tracker] Created: (OFFICE-2687) ODF 1.2 Part 3:Unspecified Signature-File Name Allocation

[OASIS Issues Tracker <workgroup_mailer@lists.oasis-open.org>]

ODF 1.2 Part 3: Unspecified Signature-File Name Allocation
----------------------------------------------------------

                 Key: OFFICE-2687
                 URL: http://tools.oasis-open.org/issues/browse/OFFICE-2687
             Project: OASIS Open Document Format for Office Applications (OpenDocument) TC
          Issue Type: Bug
         Environment: This issue applies to ODF 1.2 Part 3 CD01 and its revisions.  The text discussed is as in OpenDocument-v1.2-part3-cd1-rev04.odt
            Reporter: Dennis Hamilton


Part 3 Section 2.5 establishes Digital Signatures as stored in one or more files whose "relative pahs" begin with 'META-INF/' and that contain the "term" 'signatures'.   I take this to read that digital signature files SHALL have names of the form 'META-INF/*signature*' in the Zip archive, using conventional wild-card notation.  The format of these files is established in Section 4.

Part 3 Section 4 says nothing about the naming of the file, although it refers to <dsig-document-signatures> as a root element and it asserts that the schema for the file is that given in Appendix A.  There are no explicit producer conformance requirements.  The only strong requirements on consumers concern differences in signature verification depending on whether or not a digital signature file is encrypted or not (in section 4.2).

Part 3 Section 7.2.1 on Conforming OpenDocument Packages asserts in (PD1.4-PD1.6) that the only permitted files beside  META-INF/manifest.xml with META-INF/ name structure are those which have name structure META-INF/*signatures* and which are XML 1.0 documents with root element <dsig:document-signatures>, along with a few additional conditions.  

Part 3 Section 7.2.2 on Conforming OpenDocument Extended Packages does not have any limitation on what can have a META-INF/* form name.

There is no stipulation that production of META-INF/* and META-INF/*signature* files be implementation defined.  There is no stipulation that consumer-permissive limitations on what is accepted as a valid digital signature are implementation defined.

ALLOCATION OF META-INF/*signatures* NAMES

The point of the preceding review is to confirm that there is no provision for how META-INF/*signature* name forms are allocated nor whether and how "implementation-defined" appropriation of such a name for a particular purpose is accomplished.  

There is no provision similar to those in other places where ODF 1.2 provides for explicit identification of implementation-defined provisions via namespace bindings.  

At the same time, all occurrences of META-INF/*signature* name forms for XML 1.0 documents having <dsig:digital-signatures> root elements and satisfying a few other conditions are permitted as part of Conforming OpenDocument Packages. 

Likewise, consumers may restrict what is permissible in a digital signature without any requirement that this be implementation-defined and with no provision considering how consumers apply restrictions on what digital signatures there are and which ones are subject to what constraints. 

An interoperable arrangement is required.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira