OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

office message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [office] [OASIS Issue Tracker] Commented: (OFFICE-3028) Updatedigital signatures for better XaDeS support


On Wed, 2010-10-20 at 03:50 -0700, David LeBlanc wrote:
> I'll post this back to the web site when I return from travel, but it is a chicken-and-egg problem. You simply cannot sign the signatures file. You have made the decision that all signatures must be in one file, so you then have a number of problems:


> You also said:
> " The proposal further makes it implementation-dependent whether the files not defined by ODF are signed. I'm against this change. The purpose of a document signature is that everything is signed. If only parts of a document should be signed, then these signatures should be stored in other files. At least, that was the intention behind document signatures. And to allow this case, it is explicitly stated that a document may contain other signature files, and the name conventions have been added to part 3."
> OK, then we should discuss this. It is my position that anything that affects the content or display of the content should be signed - What You See Is What You Sign. It is possible to have additional metadata which may only make sense to the file store. If you sign this metadata, then the store could change it and break it. We have provisions for exactly this in OOXML, and it is needed for several functional reasons. I see it as a benefit if we can maintain as much functional equivalence as possible between ODF and OOXML, and think this is a benefit for everyone. Other people may certainly have other opinions, so I'd like to see what those opinions are.

This may be a very naive question but why shouldn't a signal include
non-visible metadata?

The reason I ask is that I anticipate with the new metadata capabilities
that users will be annotating content in ways that don't affect display
but do have an impact on searching (identification of terms), work flow
(approval of a document), etc.

I don't know about the signature breaking on changing metadata that
impacts search but I would think that it would if someone altered the
approval of a document in a work flow.

Perhaps I am not clear on what you mean by "...affects the content or
display of the content...."

Can you say a bit more about that?


Hope you are having safe travels!


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]