[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [office] RE: XAdES support in ODF
I was looking at the directory structure in the zip file. Current spec says that everything has to be signed, and if it is of zero length, then something that made it not zero length would possibly change the content or appearance, and should then break the signature. If there are things that do not change the content or appearance, then perhaps they shouldn't be signed, and the constraint that everything should be signed (other than documentsignature.xml) is too broad. In OOXML documents, we don't sign everything, and have some areas meant for things that can change without breaking the signature. ________________________________________ From: Dennis E. Hamilton [dennis.hamilton@acm.org] Sent: Friday, September 24, 2010 5:53 PM To: 'Hanssens Bart'; David LeBlanc; office@lists.oasis-open.org Cc: 'Cornelis Frank' Subject: RE: [office] RE: XAdES support in ODF Bart, There are no Zip entries for empty directory structures or directory structures of any kind. I think you mean <manifest:file-entry> elements. Agreed there is nothing to sign for a subdocument directory, but that is the only thing, beside manifest:full-path="/" that should not have a package file to go with it. Is Configurations2\accelerator\current.xml signed? It has 0 length but it definitely needs to be signed. Also, I see that you really mean manifest:full-path="Configurations2/menubar/" which is indeed a subdocument entry and there is of course nothing to sign. (Why this junk is in the manifest is a different matter. Someone seems to have the idea that every "/" in a series of path segments means there has to be a subdocument file entry. That wasn't true in ODF 1.1 and I have no idea what is served by making useless subdocument file-entries in ODF 1.2 packages. The fact that there is no meaningful manifest:media-type value should be a clue.) Also, manifest:media-type="" is a bug, if you are trying to handle those. There are no such registered MIME types and there was no provision for anything but in that attribute, the last time I checked. I suspect that David is unaware that not every <manifest:file-entry> has a package file that corresponds to it. - Dennis -----Original Message----- From: Hanssens Bart [mailto:Bart.Hanssens@fedict.be] Sent: Friday, September 24, 2010 16:56 To: David LeBlanc; office@lists.oasis-open.org Cc: Cornelis Frank Subject: [office] RE: XAdES support in ODF [ ... ] > You didn't sign everything in the file, especially in Configurations2/* - why not? You mean empty things like Configuration/menubar ? The latest ODF draft spec says: "Document signatures shall contain a <ds:Reference> element for each file within the package" Now, the spec only mentions "files", so should it be changed to include every zip-entry, even the empty directory structures ? [ ... ]
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]