OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

office message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [OASIS Issue Tracker] Commented: (OFFICE-3297) Part 3 [Blowfish]Reference Out-of-Date, Misleading

    [ http://tools.oasis-open.org/issues/browse/OFFICE-3297?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=20269#action_20269 ] 

Michael Brauer commented on OFFICE-3297:


You are right that the errata itself is versioned. I should have been more precise. What I meant is that the URI to the errata is not versioned. I don't know if there ever will be a 3rd edition of Applied  Cryptography, but if so, it may happen that the URI refers to that. Further, the document the URI refers to may get amended. Both may be considered problematic for a normative reference.

> Part 3 [Blowfish] Reference Out-of-Date, Misleading
> ---------------------------------------------------
>                 Key: OFFICE-3297
>                 URL: http://tools.oasis-open.org/issues/browse/OFFICE-3297
>             Project: OASIS Open Document Format for Office Applications (OpenDocument) TC
>          Issue Type: Bug
>          Components: External References, Packaging, Part 3 (Packages), Security
>    Affects Versions: ODF 1.0, ODF 1.0 (second edition), ODF 1.1, ODF 1.2 CD 05
>         Environment: This applies to all versions of ODF but the description and proposal is specific to ODF 1.2 CD05, with correction proposed for ODF 1.2 CD06.  This is part of a series of issues that apply to encryption in Part 3 and should probably be reviewed and discussed as a block.
>            Reporter: Dennis Hamilton
>            Assignee: Patrick Durusau
>             Fix For: ODF 1.2 CD 06
> The current reference when there is mention of the default Blowfish CFB encryption algorithm is
> [Blowfish] Bruce Schneier, Applied Cryptography (Second Edition), John Wiley & Sons, ISBN: 0-471-11709-9, 1996.
> While Blowfish is discussed in the referenced technical publication, that is not all that is there.  In addition, the description of CFB (and alternatives) is not specific to Blowfish and is discussed in a different part of the text.  
> Finally, there is an errata for Applied Cryptography (Second Edition) that is relevant to the consideration of various methods (including CFB) in employing an encryption algorithm.

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]