OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

office message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: ODF 1.2 PAS Submission comment JP5 - OFFICE-3869: proposal for discussion


I am not an expert in the area of ODF encryption and digital signatures, but I would like to propose to combine would Dennis, Rob and Michael had been discussed.

My proposal for our response to JP5 is:
We agree that the current wording might cause an uncertainty regarding the relationship between encryption and digital signatures.
We suggest to replace the last two paragraphs of section 5.2 in Part 3 by:
"If a digital signature file is not encrypted, any encrypted files covered by the digital signature are signed in their encrypted form as identified in META-INF/manifest.xml."
"If a digital signature file is encrypted using the encryption means specified for ODF 1.2 Packages, then the digital signature applies to the decrypted forms of all encrypted files in the package exactly as if they had not been encrypted.  (Note that in this case, the manifest, which is never encrypted, is different when there are encrypted files than when there are not.  In particular, the manifest must include the parameters that must be known to decrypt the encrypted digital signature files.)"
We also suggest to introduce a new section 3.9 "Interactions Between Encryption and Digital Signatures" with the following content:
"An OpenDocument Package Producer that both encrypts and applies digital signatures to a document is advised to either first encrypt (per section 3.4) and then apply the digital signatures (per section 5) or to first apply the digital signatures and then encrypt.
If the encryption is done first, the digital signature file is not encrypted. If the document is encrypted after applying the digital signatures, the digital signature file is encrypted - see also section 5.2.
The perference is to first encrypt and then apply the digital signatures."

Please give feedback to this proposal.

Mit freundlichen Grüßen / Best regards
Oliver-Rainer Wittmann

Advisory Software Engineer
IBM Deutschland
Beim Strohhause 17
20097 Hamburg
Phone: +49-40-6389-1415
E-Mail: orwitt@de.ibm.com
IBM Deutschland Research & Development GmbH / Vorsitzende des Aufsichtsrats: Martina Koederitz
Geschäftsführung: Dirk Wittkopp
Sitz der Gesellschaft: Böblingen / Registergericht: Amtsgericht Stuttgart, HRB 243294

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]