OASIS Open Document Format for Office Applications (OpenDocument) TC

 View Only
  • 1.  Default encryption algorithm concerns

    Posted 05-11-2010 17:40
    I'd like to add to, maybe duplicate some of the issues that David has 
    raised.
    
    Part 3 defines in section 2.4.2 "Encryption Process using default 
    algorithms" .  This is encryption using SHA1 and Blowfish.  These 
    algorithms are not, I believe, well suited for a "default" algorithm. 
    
    In particular:
    
    1) The use of SHA1 is going to be a red flag for many.  It is generally 
    considered weak and is being phased out.  For example, the US list of 
    cryptographic hashes permitted for government use, what we call 
    FIPS800-131 says that SHA1 will not be permitted after 2010.
    
    2) Blowfish is also not on the FIPS list.  We also heard via public 
    comment that it is not on the approved list in Japan.
    
    To be fair we should note that these algorithms are from ODF 1.1 and are 
    implemented.  So I would not suggest we remove them altogether.  But I 
    think we should call the the section  "Encryption Process using legacy 
    algorithms" and state that it "should not" be used for new documents. 
    
    
    Do we need to have a procedure that we call the "default"?  If so, I'd 
    recommend one based on SHA2/AES128.
    
    In section 3.8.1 we currently say:
    
    "Package producers that support encryption shall support the value 
    Blowfish CFB. Package consumers that support encryption shall support the 
    values Blowfish CFB and 
    urn:oasis:names:tc:opendocument:xmlns:manifest:1.0#blowfish."
    
    I don't think we want to require that package producers support the legacy 
    method, especially if it is known to be weak.  So I suggest eliminating 
    that bullet paragraph altogether, or require the use of SHA2/AES128 if 
    there is consensus to have that be the "default" algorithm
    
    
    -Rob
    


  • 2.  RE: [office] Default encryption algorithm concerns

    Posted 05-11-2010 18:12
    Rob,
    
    +1 on AES (See also OFFICE-2264 :-) and SHA-2
    
    Nothing wrong with Blowfish AFAIK, but security policies probably mandate
    the use of AES
    
    > I don't think we want to require that package producers support the legacy
    > method, especially if it is known to be weak.  So I suggest eliminating
    > that bullet paragraph altogether, or require the use of SHA2/AES128 if
    > there is consensus to have that be the "default" algorithm
    
    Best regards,
    
    Bart
    


  • 3.  Re: [office] Default encryption algorithm concerns

    Posted 05-11-2010 18:38
    On 11 May 2010 19:11, Hanssens Bart 


  • 4.  Re: [office] Default encryption algorithm concerns

    Posted 05-11-2010 18:58
    EAS is recommended by the Brazilian Interoperability Framework (e-ping).
    
    Best,
    
    Jomar
    


  • 5.  Re: [office] Default encryption algorithm concerns

    Posted 05-11-2010 19:00
    Sorry, typo... - EAS is recommended by the Brazilian Interoperability
    Framework (e-ping).
    
    Best,
    
    Jomar
    
    On Tue, May 11, 2010 at 3:57 PM, Jomar Silva
    


  • 6.  Re: [office] Default encryption algorithm concerns

    Posted 05-11-2010 19:28
    Two typos in a row (this flu is killing me): AES is recommended by the
    Brazilian Interoperability Framework (e-Ping -
    http://www.governoeletronico.gov.br/anexos/versao-2010-da-e-ping-ingles).
    
    Best,
    
    Jomar
    
    On Tue, May 11, 2010 at 3:59 PM, Jomar Silva