OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

office message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [office] RE: XAdES support in ODF


I was looking at the directory structure in the zip file. Current spec says that everything has to be signed, and if it is of zero length, then something that made it not zero length would possibly change the content or appearance, and should then break the signature.

If there are things that do not change the content or appearance, then perhaps they shouldn't be signed, and the constraint that everything should be signed (other than documentsignature.xml) is too broad. In OOXML documents, we don't sign everything, and have some areas meant for things that can change without breaking the signature.

________________________________________
From: Dennis E. Hamilton [dennis.hamilton@acm.org]
Sent: Friday, September 24, 2010 5:53 PM
To: 'Hanssens Bart'; David LeBlanc; office@lists.oasis-open.org
Cc: 'Cornelis Frank'
Subject: RE: [office] RE: XAdES support in ODF

Bart,

There are no Zip entries for empty directory structures or directory
structures of any kind.  I think you mean <manifest:file-entry> elements.

Agreed there is nothing to sign for a subdocument directory, but that is the
only thing, beside manifest:full-path="/" that should not have a package
file to go with it.

Is Configurations2\accelerator\current.xml signed?  It has 0 length but it
definitely needs to be signed.

Also, I see that you really mean
manifest:full-path="Configurations2/menubar/" which is indeed a subdocument
entry and there is of course nothing to sign.  (Why this junk is in the
manifest is a different matter.  Someone seems to have the idea that every
"/" in a series of path segments means there has to be a subdocument file
entry. That wasn't true in ODF 1.1 and I have no idea what is served by
making useless subdocument file-entries in ODF 1.2 packages.  The fact that
there is no meaningful manifest:media-type value should be a clue.)

Also, manifest:media-type="" is a bug, if you are trying to handle those.
There are no such registered MIME types and there was no provision for
anything but in that attribute, the last time I checked.

I suspect that David is unaware that not every <manifest:file-entry> has a
package file that corresponds to it.

 - Dennis

-----Original Message-----
From: Hanssens Bart [mailto:Bart.Hanssens@fedict.be]
Sent: Friday, September 24, 2010 16:56
To: David LeBlanc; office@lists.oasis-open.org
Cc: Cornelis Frank
Subject: [office] RE: XAdES support in ODF
[ ... ]


> You didn't sign everything in the file, especially in Configurations2/* -
why not?

You mean empty things like Configuration/menubar ? The latest ODF draft spec
says:
"Document signatures shall contain a <ds:Reference> element for each file
within the package"

Now, the spec only mentions "files", so should it be changed to include
every zip-entry, even
the empty directory structures ?


[ ... ]


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]