[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [oiic-formation-discuss] Caution and Disclaimer on Interoperability
On Sat, Jun 14, 2008 at 8:49 AM, <robert_weir@us.ibm.com> wrote: > > jose lorenzo <hozelda@yahoo.com> wrote on 06/13/2008 06:20:47 PM: > > >> >> I think this is a pretty important message just illustrated. I doubt >> most laypeople, when they talk about ODF compliance, realize this >> scenario is possible and actually quite possibly likely to happen at >> some point in the future. >> >> I think this is a pretty important message. >> > > Indeed. It can even be done with plain ASCII text. It can be done with a > PNG file even. When done intentionally to hide a message they call it > "steganography". But the same techniques can be used to encode extensions, > scripts, whatever. I call them "embedded formats", the formats within the > format. > > There are good embedded formats. For example, an ODF 1.2 spreadsheet > formula is just a string, from an XML perspective. But within that string > is encoded an expression in a complex expression language. But since the > syntax and semantics of that expression language are defined in ODF 1.2, > this is not a problem. > > But embedded formats, especially private ones, can certainly be abused. > > Is there anything that can be done about this, from a standards perspective? > Saying "No undisclosed embedded formats allowed" is not really a testable > provision. > > A while back I said that conformity was the relationship of an > implementation to a standard, and interoperability was the relationship of > two implementations of the same standard with each other. There are some > things that you will never find just testing an application and a test > suite. The world is complex and strange enough that some sort of "plugfest" > event to bring itogether the vendors to test real round-trip scenarios with > real-world complex documents is needed. > No undisclosed embedded formats can be tested for. Here is the key thing a undisclosed embedded format is not a issue if the program will by default no undisclosed output standard ODF that does work. If its not on the known list its not disclosed so embed XYZ found that is not in the ODF docs would be a undisclosed section equaling program creating document with a secret. Next about hiding settings using steganography normally goes flat on its face when face. Why that setting will alter something on someone causing a different appearance result complete unexpected one day because by pure bad luck user lays out exactly the same code as what is needed to activate the steganographic hidden feature. Section of the test case system should be collected trouble sum samples. Ie report you problem documents here. This is also one way of finding what sections people are using and is giving everyone the most problems for targeted acid testing. Peter Dolding
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]