OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

office message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [OASIS Issue Tracker] Updated: (OFFICE-2739) ODF 1.2 Part 3 4.8.5manifest:initialisation-vector underspecified


     [ http://tools.oasis-open.org/issues/browse/OFFICE-2739?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Dennis Hamilton updated OFFICE-2739:
------------------------------------

    Resolution: 
 1. In the schema definition for algorithm-attlist, make the manifest:initialization-vector attribute optional.

2. In section 4.8.5 manifest:initialisation-vector change the first sentence from
"""
"The manifest:initialization vector specifies the byte-sequence used as an initialization vector to a encryption algorithm.
"""
to
"""
The optional manifest:initialisation-vector attribute value provides the byte-sequence for the initialization vector used by the encryption algorithm when delivery of a required initialization vector is not specified as part of the encryption algorithm definition.
"""

Also in 4.8,5, add the final sentence:
"""
The format and length of the initialization vector, in bytes, shall be as required by the encryption algorithm specification.
"""

The addition of further encryption methods and the resolution of OFFICE-3027 raises two problems.

1. We should probably say that the size of the initialization vector should be the exact number of bytes required by the encryption algorithm.  Then the business about which end bits get used form doesn't matter.

2. Some encryption algorithms carry the initialization vector as part of the ciphertext.  AES128-CBC does so and so all of the AES methods defined in [xmlenc-core].  It would seem that it makes sense to make the initialization vector optional when the encryption algorithms provide the initialization vector by other means.

I have made the resolution reflect that.

> ODF 1.2 Part 3 4.8.5 manifest:initialisation-vector underspecified
> ------------------------------------------------------------------
>
>                 Key: OFFICE-2739
>                 URL: http://tools.oasis-open.org/issues/browse/OFFICE-2739
>             Project: OASIS Open Document Format for Office Applications (OpenDocument) TC
>          Issue Type: Bug
>          Components: Packaging, Part 3 (Packages), Security
>    Affects Versions: ODF 1.2 CD 05
>         Environment: This issue applies for ODF 1.0/1.1/IS 26300 and drafts of ODF 1.2.  The specific text and location that is addressed here is that in ODF 1.2 CD05 Part 3.
>            Reporter: Dennis Hamilton
>            Assignee: Dennis Hamilton
>             Fix For: ODF 1.2 CD 06
>
>
> Section 4.8.5 does not indicate what the governing characteristics of the initialisation vector are and where the requirements for it are obtained.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]