OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

office message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [OASIS Issue Tracker] Commented: (OFFICE-3417) Public Comment:Comment on ODF v1.2 CD 05 - Document Signatures

    [ http://tools.oasis-open.org/issues/browse/OFFICE-3417?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=21436#action_21436 ] 

Andreas Guelzow  commented on OFFICE-3417:

A comment from David LeBlanc sent to the tc list https://mail.concordia.ab.ca/owa/?ae=Item&t=IPM.Note&id=RgAAAAB2n%2b5V8cQcQpdtK2lYFt/7BwDk6vjwdJMdT7igZh0%2bPM/sAAAAO2mZAADyW5i0CpX0S4NRN 

I am going to straighten out my ability to logon and add comments directly this week, but in the meantime, I'm going to argue that we should not make this change. Here's why:

1) Dennis has pointed out a number of issues with their proposal in terms of how it deals with encryption and signatures just by itself. I don't think their proposal is really to a state where it can be adopted yet.
2) Existing implementations for ODF signatures do not comply with this, and it would be a breaking change. I also see no discernable user benefit to taking this change.
3) Existing implementations for OOXML signatures, which are also "signed things in a zip package", don't comply with this, and I'm extremely unlikely to make a change that would break signed OOXML documents for the last 2 versions of Microsoft Office.
4) The net effect on any implementation, whether ODF or OOXML, of moving where the signatures are kept, would be for down level versions to not understand there is a signature. This leads to a state where the app might actually write signed portions of the document, irrevocably breaking the signature. Microsoft made this mistake between the old binary MD5 signatures and the new XmlDSig signatures such that binary documents (e.g., doc, not docx) which are signed with XmlDSig (Office 2007 and later) are not recognized as signed by Office 2003. This has caused significant user annoyance, and isn't something I want to repeat (and wouldn't even wish on a competitor <g>).

> Public Comment: Comment on ODF v1.2 CD 05 - Document Signatures
> ---------------------------------------------------------------
>                 Key: OFFICE-3417
>                 URL: http://tools.oasis-open.org/issues/browse/OFFICE-3417
>             Project: OASIS Open Document Format for Office Applications (OpenDocument) TC
>          Issue Type: Bug
>          Components: Packaging
>    Affects Versions: ODF 1.2 CD 05
>            Reporter: Robert Weir 
>             Fix For: ODF 1.2 CD 06
> Copied from office-comment list
> Original author: "Pope, Nick" <Nick.Pope@thales-esecurity.com> 
> Original date: 6 Sep 2010 19:48:26 -0000
> Original URL: http://lists.oasis-open.org/archives/office-comment/201009/msg00001.html

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]