OASIS Open Document Format for Office Applications (OpenDocument) TC

 View Only

Notes from 12 February 2024 - ODF TC Teleconference

  • 1.  Notes from 12 February 2024 - ODF TC Teleconference

    Posted 02-12-2024 18:23
    [17:56] Svante Schubert: Greetings! The agenda for our TC call on Monday, 2024-02-12 Time of meeting: https://www.timeanddate.com/worldclock/meetingdetails.html?year=2024&month=2&day=12&hour=17&min=0&sec=0&p1=25&p2=37 The call counts towards voter eligibility. Teleconference Numbers - Access code: 438387 Canada (use US number) Denmark +45 78 77 25 34 Germany +49 30 255550324 Hungary +36 1 987 6874 Netherlands +31 6 35205016 United Kingdom +44 330 777 2407 US +1 267 807 9605 Chat room for meeting is at http://webconf.soaphub.org/conf/room/odf Please send comments to the mailing list. 1. Dial-In, Roll Call, Determination of Quorum and Voting Rights 2. Motion (simple majority): Approve minutes of 02 February 2024 - https://lists.oasis-open.org/archives/office/202402/msg00009.html 3. Motion (simple majority): Approve the Agenda 4. OFFICE-4153 - ODF password-based package encryption enhancements https://issues.oasis-open.org/browse/OFFICE-4153 Guest speaker from Microsoft Cryptography Unit - Raul Garcia - 5. Adjournment Next Call: 19th of February [18:02] Svante Schubert: 1. we have quorum [18:02] Svante Schubert: 2. minutes approved [18:04] Svante Schubert: 3. agenda approved [18:06] Svante Schubert: 4. OFFICE-4153 - ODF password-based package encryption enhancements https://issues.oasis-open.org/browse/OFFICE-4153 Guest speaker from Microsoft Cryptography Unit - Raul Garcia - [18:06] Svante Schubert: Welcome Raul! [18:10] Francis Cave: Michael: The problem is that the current package encryption method is very slow using PBKDF2. [18:11] Raul Garcia (MSFT): At Microsoft, we recommend 100K iterations for PBKDF2 as part of our internal cryptographic policies, but if it is too slow for practical purposes, our recommendation is to adjust it to the maximum number that is possible without disrupting customers. [18:11] Francis Cave: Michael: In 2023 a customer (a German govt agency) requested that this problem be fixed by January 2024. [18:15] Raul Garcia (MSFT): Argon2 is not currently a FIPS 140-3 approved algorithm, however it is likely that by the time v1.5 is evaluated there would be changes to SP 800-132 [Decision to Revise NIST SP 800-132 / CSRC]( https://csrc.nist.gov/News/2023/decision-to-revise-nist-sp-800-132 ) that would change its status. Assuming Argon2 becomes FIPS 140-3 approved by that time, we agree it would be a welcomed change; otherwise, we would need to discuss it in more detail in the future to find a way to meet FIPS 140 compliance. [18:25] Michael Stahl: add note to recommend producers to freshly generate random salt when storing a document [18:25] Michael Stahl: ... to alleviate concerns about AES-GCM nonce/key reuse problems [18:26] Raul Garcia (MSFT): Argon2 will be the default, but PBKDF2 will be an option for anyone who cannot use Argon2. [18:28] Svante Schubert: If there are multiple algorithms usable by configuration does the receiver have to implement this algo. to read the file? [18:29] Svante Schubert: Michael: Does it prevent you from reading files with Argon2? [18:37] Svante Schubert: Alfred: Even if Argon2 is not yet part of NIST SP 800-132 standard, it is required by international agencies and by this a de-facto-standard and should likely be implemented. [18:40] Raul Garcia (MSFT): Key derivation functions: PBKDF2 and Argon2 [18:47] Raul Garcia (MSFT): I agree, we should add some text emphasizing the new encryption scheme advantages vs. the old encryption scheme. [18:50] Raul Garcia (MSFT): One common recommendation we typically provide is to always encrypt using the new scheme, but provide a mechanism to decrypt (i.e. red) the old data, but discourage creating new data encrypted with the old scheme. [18:57] Francis Cave: Wholesome -> Whole-package? [18:57] Raul Garcia (MSFT): "full package" instead of "wholesome" [18:57] Alfred Hellstern: package-based encryption [18:57] Regina Henschel: encryption on a whole [18:58] Alfred Hellstern: complete package encryption [18:58] Francis Cave: package-level encryption? [19:00] Svante Schubert: We all agreed on the new naming: "full package" [19:01] Svante Schubert: Alfred: We need the issue to be updated and feedback is required before we can set a target (when we resolve) [19:02] Svante Schubert: Michael will update the issue / correct the wording! [19:02] Svante Schubert: 5. Meeting adjourned