OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

office message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [OASIS Issue Tracker] Commented: (OFFICE-2724) ODF 1.2 Part 3 3.4.1and 3.4.2(1) One Password and Start Key, Many Encryption Keys

    [ http://tools.oasis-open.org/issues/browse/OFFICE-2724?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=19420#action_19420 ] 

Dennis Hamilton commented on OFFICE-2724:

[From David LeBlanc, on the list at <http://lists.oasis-open.org/archives/office/201006/msg00155.html>]

"I'm not sure I understand the user scenario for this. While I agree with the other issues raised today, I don't see the need to complicate the software to support multiple encryption passwords in the same file."

> ODF 1.2 Part 3 3.4.1 and 3.4.2(1) One Password and Start Key, Many Encryption Keys
> ----------------------------------------------------------------------------------
>                 Key: OFFICE-2724
>                 URL: http://tools.oasis-open.org/issues/browse/OFFICE-2724
>             Project: OASIS Open Document Format for Office Applications (OpenDocument) TC
>          Issue Type: Bug
>          Components: Packaging, Security
>    Affects Versions: ODF 1.2 Part 3 CD 1
>         Environment: This issue applies to all versions of ODF starting with the OASIS ODF 1.0 Standard.  The specific text and repair is for ODF 1.2 Part 3 CD01-rev08 (and its ODF 1.2 CD05 Part 3 approved form).
>            Reporter: Dennis Hamilton
>             Fix For: ODF 1.2 Part 3 CD 2
>  1. There is no provision in the default encryption process and its implmentations for there to be more than one encryption cycle or different password for different files within the package.
>  2. All of the encryptions that are performed using the model in ODF 1.2 Part 3 sections 3.4 and the related definitions of manifest elements and attributes are performed at one time using a single pass phrase (a.k.a. plaintext password) and start key.  There is no manifest information by which any different default procedure can be employed with regard to the start-key derivation step.  
>  3. We must assume that there is a single start key used for all of the individual encryptions.
> (Although section 4.8.6 provides for a variety of recognized message digest algorithms, none of them have parameters and there is no way to indicate that different pass phrases are digested for some start keys.   Although different start-key-generation message-digest algorithms might be specified for different files, it is unclear whether any package consumer is prepared for such an eventuality.  In the default case, there does not appear to be room for any variation.)

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]