Re: [oiic-formation-discuss] Caution and Disclaimer on Interoperability

["Peter Dolding" <oiaohm@gmail.com>]

On Sat, Jun 14, 2008 at 8:49 AM,  <robert_weir@us.ibm.com> wrote:
>
> jose lorenzo <hozelda@yahoo.com> wrote on 06/13/2008 06:20:47 PM:
>
>
>>
>> I think this is a pretty important message just illustrated. I doubt
>> most laypeople, when they talk about ODF compliance, realize this
>> scenario is possible and actually quite possibly likely to happen at
>> some point in the future.
>>
>> I think this is a pretty important message.
>>
>
> Indeed.  It can even be done with plain ASCII text.  It can be done with a
> PNG file even.  When done intentionally to hide a message they call it
> "steganography".  But the same techniques can be used to encode extensions,
> scripts, whatever.  I call them "embedded formats", the formats within the
> format.
>
> There are good embedded formats.  For example, an ODF 1.2 spreadsheet
> formula is just a string, from an XML perspective.  But within that string
> is encoded an expression in a complex expression language.  But since the
> syntax and semantics of that expression language are defined in ODF 1.2,
> this is not a problem.
>
> But embedded formats, especially private ones, can certainly be abused.
>
> Is there anything that can be done about this, from a standards perspective?
>  Saying "No undisclosed embedded formats allowed" is not really a testable
> provision.
>
> A while back I said that conformity was the relationship of an
> implementation to a standard, and interoperability was the relationship of
> two implementations of the same standard with each other.  There are some
> things that you will never find just testing an application and a test
> suite.  The world is complex and strange enough that some sort of "plugfest"
> event to bring itogether the vendors to test real round-trip scenarios with
> real-world complex documents is needed.
>
No undisclosed embedded formats can be tested for.  Here is the key
thing a undisclosed embedded format is not a issue if the program will
by default no undisclosed output standard ODF that does work.  If its
not on the known list its not disclosed so embed XYZ found that is not
in the ODF docs would be a undisclosed section equaling program
creating document with a secret.

Next about hiding settings using steganography normally goes flat on
its face when face.   Why that setting will alter something on someone
causing a different appearance result complete unexpected one day
because by pure bad luck user lays out exactly the same code as what
is needed to activate the steganographic hidden feature.  Section of
the test case system should be collected trouble sum samples.  Ie
report you problem documents here.   This is also one way of finding
what sections people are using and is giving everyone the most
problems for targeted acid testing.

Peter Dolding