I'd like to add to, maybe duplicate some of the issues that David has
raised.
Part 3 defines in section 2.4.2 "Encryption Process using default
algorithms" . This is encryption using SHA1 and Blowfish. These
algorithms are not, I believe, well suited for a "default" algorithm.
In particular:
1) The use of SHA1 is going to be a red flag for many. It is generally
considered weak and is being phased out. For example, the US list of
cryptographic hashes permitted for government use, what we call
FIPS800-131 says that SHA1 will not be permitted after 2010.
2) Blowfish is also not on the FIPS list. We also heard via public
comment that it is not on the approved list in Japan.
To be fair we should note that these algorithms are from ODF 1.1 and are
implemented. So I would not suggest we remove them altogether. But I
think we should call the the section "Encryption Process using legacy
algorithms" and state that it "should not" be used for new documents.
Do we need to have a procedure that we call the "default"? If so, I'd
recommend one based on SHA2/AES128.
In section 3.8.1 we currently say:
"Package producers that support encryption shall support the value
Blowfish CFB. Package consumers that support encryption shall support the
values Blowfish CFB and
urn:oasis:names:tc:opendocument:xmlns:manifest:1.0#blowfish."
I don't think we want to require that package producers support the legacy
method, especially if it is known to be weak. So I suggest eliminating
that bullet paragraph altogether, or require the use of SHA2/AES128 if
there is consensus to have that be the "default" algorithm
-Rob