OASIS Open Document Format for Office Applications (OpenDocument) TC

  • 1.  Spreadsheet Table Protection Options

    Posted 08-21-2008 17:17
    Hello,
    
    I'd like to inform the list that my below is now ready.
    
    http://wiki.oasis-open.org/office/Spreadsheet_Table_Protection_Options
    
    But there is still one thing to be decided, which is the URI for the
    legacy Excel password hash algorithm that we discussed earlier on
    another thread.  I remember Rob mentioned something like 'ISO/IEC 29500
    Legacy Hash' could be used, but Michael mentioned that it has to be an
    URI.  But other than that, I don't remember we ever have reached an
    agreed-upon URI that we could use for this.  The hash algorithm itself
    is specified in the OOXML spec (albeit incorrectly), but it remains
    unnamed if I understand Doug's statement correctly.
    
    If we can use any URI, I can make one up.  But does anyone have any good
    suggestion on what to use?
    
    Also, I've incorporated the requirement of double-hashing the legacy
    hash values into my proposal as we discussed during the call.
    
    Kohei
    
    -- 
    Kohei Yoshida - OpenOffice.org Engineer - Novell, Inc.
    


  • 2.  Re: [office] Spreadsheet Table Protection Options

    Posted 08-21-2008 17:21
    On Thu, 2008-08-21 at 13:17 -0400, Kohei Yoshida wrote:
    > I'd like to inform the list that my below is now ready.
                                       ^^^^^^^^
    I meant my proposal below. :-P
    
    My typos are getting out of hand.  Sorry folks.
    
    Kohei
    
    -- 
    Kohei Yoshida - OpenOffice.org Engineer - Novell, Inc.
    


  • 3.  Re: [office] Spreadsheet Table Protection Options

    Posted 08-26-2008 00:17
    > 
    > I'd like to inform the list that my below is now ready.
    > 
    > http://wiki.oasis-open.org/office/Spreadsheet_Table_Protection_Options
    > 
    > But there is still one thing to be decided, which is the URI for the
    > legacy Excel password hash algorithm that we discussed earlier on
    > another thread.  I remember Rob mentioned something like 'ISO/IEC 29500
    > Legacy Hash' could be used, but Michael mentioned that it has to be an
    > URI.  But other than that, I don't remember we ever have reached an
    > agreed-upon URI that we could use for this.  The hash algorithm itself
    > is specified in the OOXML spec (albeit incorrectly), but it remains
    > unnamed if I understand Doug's statement correctly.
    > 
    > If we can use any URI, I can make one up.  But does anyone have any good
    > suggestion on what to use?
    > 
    > Also, I've incorporated the requirement of double-hashing the legacy
    > hash values into my proposal as we discussed during the call.
    > 
    
    
    This is a difficult one, and not because of the URI.  We could just make 
    up a URI if we wanted to.  The problem is that we do not have a good 
    normative description of the encryption algorithm that we can cite.
    
    What we do have is:
    
    1) An incorrect algorithm in the Ecma-376 standard
    
    2) A version in the ISO/IEC 29500 standard which we cannot even look at 
    right now, so I'm not sure whether it is correct or not. 
    
    3) A blog entry that claims to have the correct algorithm
    
    
    I can see a couple ways out.
    
    1) We could wait for the ISO/IEC 29500 text to be published.  This could 
    be a matter of a few weeks to months.  But it should not be very long.  If 
    it expresses the correct algorithm, then we simply reference it by part 
    and clause. 
    
    Or do we suspect that the algorithm will still be incorrect in the 
    published version of OOXML?  If the defect was found and reported to Ecma 
    before the BRM, there is a good chance that it was fixed.  Doug would know 
    for sure.
    
    or
    
    2) We include the correct algorithm in the ODF specification.  Someone 
    would need to formally contribute it to the TC first, my sending it in an 
    email or posting it to the file library.
    
    My recommendation would be to see if we can do #1.  But agree that if we 
    get to the end of our ODF 1.2 work and ISO/IEC 29500 is still not 
    published, or we find the error still exists in their specification, then 
    we can substitute solution #2.
    
    What do others think?
    
    -Rob
    


  • 4.  RE: [office] Spreadsheet Table Protection Options

    Posted 08-27-2008 16:17
    The final IS29500 text will have the corrected algorithm.  The necessary changes were identified before the BRM and it's my understanding that they've been made and the final text is accurate.  So we can do option 1 as Rob outlined below, and that's probably best to avoid any duplication of the description.
    
    - Doug
    
    
    


  • 5.  RE: [office] Spreadsheet Table Protection Options

    Posted 08-28-2008 13:03
    On Wed, 2008-08-27 at 08:28 -0700, Doug Mahugh wrote:
    > The final IS29500 text will have the corrected algorithm.  The
    > necessary changes were identified before the BRM and it's my
    > understanding that they've been made and the final text is accurate.
    > So we can do option 1 as Rob outlined below, and that's probably best
    > to avoid any duplication of the description.
    
    Thanks Doug.
    
    Looks like the better option is to wait for the final ISO/IEC 29500 to
    be released, and reference its corrected algorithm in the ODF spec.
    
    Kohei
    
    -- 
    Kohei Yoshida - OpenOffice.org Engineer - Novell, Inc.