An issue might be referenced files. I think for 'primary' files (defined as those directly referenced by manifest.xml), then adding new things may not be a problem. This would seem to me to not change either the content or appearance of the document.
Where I think we may get into trouble is if a primary file has a link to a secondary file, also contained in the archive. If that were 0-length to start with, and then got changed into something with content, then it could change the content or appearance.
Given that we don't have time right now to do really extensive work in terms of tracking down what may change the content or appearance, I think anything that qualifies as a file (and not an empty directory) should be signed in order to keep things simple.
________________________________________
From: Bob Jolliffe [bobjolliffe@gmail.com]
Sent: Monday, September 27, 2010 2:57 AM
To: dennis.hamilton@acm.org
Cc: Hanssens Bart; David LeBlanc; office@lists.oasis-open.org; Cornelis Frank
Subject: Re: [office] RE: Directories in Zip packages
Hi all
I've just been working through the helloworld.odt file with emacs (in
hexl-mode) with the appnote alongside. Primitive I know, but anyway
..
My take on what I am seeing is that it *should* be obvious what to
sign and what not to sign by looking at the "uncompressed size" field
of each local file header - one hopes if uncompressed size=0 then
compressed size will also equal zero. This at least is the case of
the file I am looking at. And I believe the signature references are
references to the content of streams.
So one (fairly low level algorithm) would be to iterate through all
the local file headers and provide a signature reference to all those
with uncompressed size>0 ie. which actually have file data sections to
sign.
The implication of this would be that empty files and directory
entries could be removed from (or added to) the zip archive without
breaking the signature. I would have to think some more on how bad
this might be but I suspect that its not altogether good (I'm having
visions of injecting 1000's of circular directory references). ODF
producers do not use winzip, pkzip or 7zip to create the packages so
in general there should be fine grained control over which entries go
into the zip. Is it too much to recommend that ODF producers *should
not* add entries for empty directories and empty files. I might be
wrong, but I suspect an odf consumer does not use such entries for any
purpose whatsoever in which case they are better not to be there. I
am fairly confident this is the case for directory entries - not 100%
sure about 0 length files.
Regards
Bob
On 27 September 2010 01:30, Dennis E. Hamilton