OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

office message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [OASIS Issue Tracker] Commented: (OFFICE-3297) Part 3 [Blowfish]Reference Out-of-Date, Misleading

    [ http://tools.oasis-open.org/issues/browse/OFFICE-3297?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=20266#action_20266 ] 

Dennis Hamilton commented on OFFICE-3297:


I think this resolution is fine.  With regard to where the reference to the errata should be placed, I have no objection.  Although there are errata items that apply to our understanding of the performance of different techniques, and where they are vulnerable, I don't think there is anything that alters the correct normative use of the Blowfish and CFB techniques.

The errata document is dated and applies specifically to printings of the second edition ([Schneier]).  There seems to be care in indicating how to use the errata even if some of the errata items are applied in a future printing.  Even so, the errata is provided on a web page and,  I agree that its preservation, like that of [Zip] is not assured, however stable it appears to be.

> Part 3 [Blowfish] Reference Out-of-Date, Misleading
> ---------------------------------------------------
>                 Key: OFFICE-3297
>                 URL: http://tools.oasis-open.org/issues/browse/OFFICE-3297
>             Project: OASIS Open Document Format for Office Applications (OpenDocument) TC
>          Issue Type: Bug
>          Components: External References, Packaging, Part 3 (Packages), Security
>    Affects Versions: ODF 1.0, ODF 1.0 (second edition), ODF 1.1, ODF 1.2 CD 05
>         Environment: This applies to all versions of ODF but the description and proposal is specific to ODF 1.2 CD05, with correction proposed for ODF 1.2 CD06.  This is part of a series of issues that apply to encryption in Part 3 and should probably be reviewed and discussed as a block.
>            Reporter: Dennis Hamilton
>            Assignee: Patrick Durusau
>             Fix For: ODF 1.2 CD 06
> The current reference when there is mention of the default Blowfish CFB encryption algorithm is
> [Blowfish] Bruce Schneier, Applied Cryptography (Second Edition), John Wiley & Sons, ISBN: 0-471-11709-9, 1996.
> While Blowfish is discussed in the referenced technical publication, that is not all that is there.  In addition, the description of CFB (and alternatives) is not specific to Blowfish and is discussed in a different part of the text.  
> Finally, there is an errata for Applied Cryptography (Second Edition) that is relevant to the consideration of various methods (including CFB) in employing an encryption algorithm.

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]