Re: [office] [OASIS Issue Tracker] Commented: (OFFICE-3297) Part 3[Blowfish] Reference Out-of-Date, Misleading

[Patrick Durusau <patrick@durusau.net>]

Michael,

The TC needs to make a choice about how to treat references that may be
updated but I don't know that it is "problematic." 

It is entirely permissible for the TC to chose to base conformance on a
particular version of another standard. For example, a standard could
cite Unicode 4.0 and say that conformance was based on support for
Unicode 4.0 and no later versions or amendments to the same. 

I choose Unicode because the usual case is that standards reference the
current version and any later editions. 

I don't think that causes much of an issue because conformance to
Unicode can extend to a subset of characters and abilities.

I don't recall seeing a standard that chose to include later editions of
some standards but specific versions of others. Will have to investigate
that as a possibility.

Hope you are having a great day!

Patrick

On Tue, 2010-08-10 at 09:40 -0400, OASIS Issues Tracker wrote:
> [ http://tools.oasis-open.org/issues/browse/OFFICE-3297?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=20269#action_20269 ] 
> 
> Michael Brauer commented on OFFICE-3297:
> ----------------------------------------
> 
> Dennis,
> 
> You are right that the errata itself is versioned. I should have been more precise. What I meant is that the URI to the errata is not versioned. I don't know if there ever will be a 3rd edition of Applied  Cryptography, but if so, it may happen that the URI refers to that. Further, the document the URI refers to may get amended. Both may be considered problematic for a normative reference.
> 
> > Part 3 [Blowfish] Reference Out-of-Date, Misleading
> > ---------------------------------------------------
> >
> >                 Key: OFFICE-3297
> >                 URL: http://tools.oasis-open.org/issues/browse/OFFICE-3297
> >             Project: OASIS Open Document Format for Office Applications (OpenDocument) TC
> >          Issue Type: Bug
> >          Components: External References, Packaging, Part 3 (Packages), Security
> >    Affects Versions: ODF 1.0, ODF 1.0 (second edition), ODF 1.1, ODF 1.2 CD 05
> >         Environment: This applies to all versions of ODF but the description and proposal is specific to ODF 1.2 CD05, with correction proposed for ODF 1.2 CD06.  This is part of a series of issues that apply to encryption in Part 3 and should probably be reviewed and discussed as a block.
> >            Reporter: Dennis Hamilton
> >            Assignee: Patrick Durusau
> >             Fix For: ODF 1.2 CD 06
> >
> >
> > The current reference when there is mention of the default Blowfish CFB encryption algorithm is
> > [Blowfish] Bruce Schneier, Applied Cryptography (Second Edition), John Wiley & Sons, ISBN: 0-471-11709-9, 1996.
> > While Blowfish is discussed in the referenced technical publication, that is not all that is there.  In addition, the description of CFB (and alternatives) is not specific to Blowfish and is discussed in a different part of the text.  
> > Finally, there is an errata for Applied Cryptography (Second Edition) that is relevant to the consideration of various methods (including CFB) in employing an encryption algorithm.
>