OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

office message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [office] OpenDocument TC Coordination Call Agenda July 19th


I've just sent a complete draft of my proposal for digital signatures to Cherie. There are a few issues outstanding, some minor:

- I didn't know how to get the correct URN for the namespace when I defined 'xades' as a namespace in the table.
- There's no attempt to solve the signature-encryption conundrum. BTW, I have recently found NIST documents saying one should never have a clear-text signature of the clear-text of encrypted information. We also have a conflicting requirement that all the files be signed (which would include the manifest) and the need to alter the manifest to perform encryption using the current approach. It might be good to at least mention that once a file is signed, it cannot then be later encrypted using the technique defined in the standard.
- Apparently, Word, ODT files and revision tracking do not play nicely together. I didn't know the exact format for specifying the change, and it seemed like a revision-tracked copy would be helpful in reviewing a draft. I understand that this is a bit heretical in this particular context, but I saved them as .docx files to be able to send Cherie a draft. If someone would like to see the draft before Cherie turns it into a proper proposal, I'll be happy to forward the documents as-is to either individuals or the list.

A summary of the changes:

Part 1, section 3.16:

Modified to read:

An OpenDocument document that is stored in a package may have one or more digital signatures applied to the package. 

Document signatures shall be stored in a file called META-INF/documentsignatures.xml in the package as described in section 2.4 of the OpenDocument specification part 3. 

A document signature shall be considered to be valid only if the "XML Digital Signature" contained in documentsignatures.xml is valid. 

Document signatures shall contain a <ds:Reference> element for each file within the package, with the exception that a <ds:Reference> element for the file containing the signature is omitted. If non-standard files are added to the package, then it is implementation-specific whether <ds:Reference> elements for the additional files shall be required. An implementer may also choose to support a partial document signature which may contain <ds:Reference> elements for only some of the files within the package or portions of files.

Part 3:
Addition of xades to the namespace table

Packages, Digital Signatures section:
Added "A full document signature shall be stored in a file called META-INF/documentsignatures.xml, as described in part 1, section 3.16." to be consistent with part 1.

<dsig:document-signatures> section:
Changed:

In particular, consumers may require that a digital signature references all files contained in a package.

To:

In particular, consumers may require that a digital signature references all files contained in a package, excepting the META-INF/documentsignatures.xml file, which cannot be included because a signature cannot sign itself.

I didn't touch the next 2 paragraphs, but these are a problem due to the encryption conundrum.

<ds:Signature> section:
This is long, and I'll wait for Cherie here. Basically, it puts into standards language the what I suggested in e-mail previously, and specifies the current signature implementation of (IIRC) Open Office as the standard, and adds in the information needed to do XAdES such that everyone can interoperate.

Oh - as I was reviewing this, I noticed that I forgot to add language to support the XAdES CounterSignature element, which itself contains one or more Signatures, each of which may also have a CounterSignature. We need to make sure that restrictions on the <ds:Signature> element do not preclude using them differently in a CounterSignature.

Speaking of the encryption conundrum, I am still working on the encryption proposal. Dennis has provided some good references that we may use. I'm waiting on some feedback from our cryptographers, and other than this, I'm attempting to be on vacation this week. Next week, I'll be at the BlackHat convention and unlikely to get much done. I'll attempt to make more progress once I return. 

There was some question as to what the 1.3 spec should look like. I personally would like to make it small and quick so that we could get encryption settled and not leave the situation of signatures and encryption in limbo any longer than we have to.

-----Original Message-----
From: David LeBlanc 
Sent: Monday, July 19, 2010 10:01 AM
To: Cherie Ekholm; robert_weir@us.ibm.com; office@lists.oasis-open.org
Subject: RE: [office] OpenDocument TC Coordination Call Agenda July 19th

Just got back into cell coverage. I'll have a draft to Cherie this evening when I get Internet access.

Sent from my phone, but I might be verbose - I have a keyboard...

-----Original Message-----
From: Cherie Ekholm <cheriee@exchange.microsoft.com>
Sent: Monday, July 19, 2010 2:02 AM
To: robert_weir@us.ibm.com <robert_weir@us.ibm.com>; office@lists.oasis-open.org <office@lists.oasis-open.org>
Subject: RE: [office] OpenDocument TC Coordination Call Agenda July 19th


I am going to miss today's phone call.

I had promised to speak to David LeBlanc about the proposal he's putting together for digital signatures and encryption. He's aware of the timing, and will have something for the committee soon, which will be language that can be plugged into the existing document(s), once critiquing is complete. Rob, he noted that he welcomed feedback from your colleagues at IBM.

Cherie

________________________________________
From: robert_weir@us.ibm.com [robert_weir@us.ibm.com]
Sent: Thursday, July 15, 2010 4:31 PM
To: office@lists.oasis-open.org
Subject: [office] OpenDocument TC Coordination Call Agenda July 19th

====================

OASIS OpenDocument TC

The OpenDocument Technical Committee will have its next TC Coordination Call on Monday, July 19th at 13:30 GMT (6.30am PDT, 9:30am EDT, 2:30pm CET, 9:30pm China).

The call counts towards voter eligibility.

*** IMPORTANT***

PLEASE NOTE THE NEW PHONE NUMBERS

Dial-In Numbers, local (paid) / toll-free
Brazil:         -                / 08008916307
China:          +86 4006700514   / 8008195024
Germany:        +49 69222216106  / 08006648515
Ireland:        +353 12475650    / 1800932479
Netherlands:    +31 207143543    / 08000235028
USA:            14087744073      / 8666824770

Conference-Code: 4801870

Security-Passcode: 63312

Please contact Michael Brauer if you want to dial-in from a country not listed above.

Press *6 to mute/unmute line

Chat room for meeting is at:  http://webconf.soaphub.org/conf/room/odf

Agenda
------
1. Dial-In, Roll Call, Determination of Quorum and Voting Rights

2. Motion (simple majority): Approve the Agenda

3. Motion (simple majority): Approve the Minutes from July 12th meeting

4. Discussion: ODF maintenance

5. Discussion: ODF 1.2

6. Discussion: ODF-Next

7. Adjournment






---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail.  Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail.  Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]