OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

office message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [OASIS Issue Tracker] Commented: (OFFICE-2741) ODF 1.2 Part 3Sections 4.6, 4.8.9 conflict on start-key-derivation

    [ http://tools.oasis-open.org/issues/browse/OFFICE-2741?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=22735#action_22735 ] 

Michael Brauer commented on OFFICE-2741:

Dennis: I think this change is not essential, but I also don't object to it. For consistency reasons I would however make use of default values.  I further think we can omit the note. We don't have to provide the reasons for particular requirements in the standard, and it is actually not quite correct that we support down-level compatibility. Even if the element is present, ODF 1.1 could correctly interpret the encryption data.

That is:

For 4.6  <manifest:start-key-generation> I would just write

The optional <manifest:start-key-generation> element specifies how the encryption start key is derived from the user specified password.

When a <manifest:start-key-generation> element is absent as a child of a <manifest:encryption-data> element, interpretation is the same as if the element is present with default attribute values.

For 4.8.6 manifest:start-key-derivation-name I would add:

The default value for this attribute is SHA1

For 4.8.7 manifest:key-size I would add

For a <manifest-start-key-generation> element the default value for this attribute is 20. 

> ODF 1.2 Part 3 Sections 4.6, 4.8.9 conflict on start-key-derivation
> -------------------------------------------------------------------
>                 Key: OFFICE-2741
>                 URL: http://tools.oasis-open.org/issues/browse/OFFICE-2741
>             Project: OASIS Open Document Format for Office Applications (OpenDocument) TC
>          Issue Type: Bug
>          Components: Packaging, Part 3 (Packages), Security
>    Affects Versions: ODF 1.2 CD 05
>         Environment: This issue applies to various recent drafts of ODF 1.2 Part 3.  The issue is worded in terms of the specific text of ODF 1.2 CD05 Part 3.
>            Reporter: Dennis Hamilton
>            Assignee: Dennis Hamilton
>             Fix For: ODF 1.2 CD 06
> In ODF 1.2 CD05 Part 3, sections 3.4.1 and 3.4.2 are clear that a digest of the user-provided password is always created and that it is used in a key-derivation procedure that is always performed.
> In ODF 1.2 CD05 Part 3, the new <manifest:start-key-derivation> attribute is optional and may specify a variety of digest algorithms and, optionally, a key size determining how much of the digest is taken as the password used in the key-derivation stage.
> The default behavior when there is no appearance of optional informational start-key information is quite clear.  It is also compatible with documents encrypted by ODF 1.1 producers.  
> Because the default behavior is quite clear, there seems to be no point in the provision in 4.8.9 manifest-key-derivation-name that when the default settings are present for that attribute, the appearance of the <manifest:start-key-derivation> element is mandatory.  It also makes default encryptions from ODF 1.2 producers unacceptable to ODF 1.1 consumers for which <manifest:start-key-derivation> is no better than a foreign attribute and for which the fall-back behavior of simply ignoring it may or may not be successful.  On the other hand, having the element be absent when the default interpretation is intended is always successful down-level.

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]