OASIS Open Document Format for Office Applications (OpenDocument) TC

  • 1.  RE: [office] Extended conforming packages and manifest:algorithm-name

    Posted 05-04-2010 21:37
    Welcome, David!
    
    The idea is not to rule out other algorithms than blowfish and the
    low-number SHAs.  There are already provisions to allow anything that
    [xml-enc] provides a specific URI for.  So AES is covered.  This is in the
    ODF 1.2 Part 3 CD01, which you can find via
    


  • 2.  RE: [office] Extended conforming packages and manifest:algorithm-name

    Posted 05-04-2010 22:11
    That's the intent.  There are three classes of algorithms:
    
    1) The "default" algorithm which is SHA1+Blowfish CFB.  By default we 
    really mean in the XML sense, not that it is the preferred algorithm.  In 
    fact, I think it should be called something like "legacy" rather than 
    "default", lest a reader get the wrong message.
    
    2) The larger set of algorithms allowed in conforming packages from 
    [xmlenc-core], which includes TRIPLEDES and AES-128, AES-192 and AES-256.
    
    3) The open-ended list of algorithms which are permitted in "extended" 
    packages  but not in non-extended packages.  For these we neither define 
    the algorithm nor the identifiers for the algorithms.
    
    I think we want to preserve that third option, not only to meet government 
    needs, but also to future-proof ODF.  For example, suppose some 
    fundamental crypto advance breaks AES tomorrow. Unlikely, but possible.
    
    The point of the two conformance classes is to distinguish those documents 
    that use only the well-known identifiers defined in ODF 1.2, versus ones 
    that use others.
    
    I think this is still an interop issue.  I can email someone an encrypted 
    document and then send them a passcode via other means, such as SMS.  This 
    will work and allow security as well interoperability.  But if the doc 
    uses an unknown algorithm, then the receiver is blocked.    Also, even in 
    the single user case, wanting to read my own documents 10 years from now.
    
    That said, if there are additional algorithms that we want to reserve 
    identifiers for in ODF 1.2, ones not already in Part 3 or [xmlenc-core] 
    I'm open to suggestions.
    
    -Rob
    
    
    "Dennis E. Hamilton" 


  • 3.  RE: [office] Extended conforming packages andmanifest:algorithm-name

    Posted 05-04-2010 22:29
    Thanks for the clarification - our encryption implementation for OOXML is (somewhat by accident, to be honest) very much like what you're advocating - the encrypted stream decrypts to a full document that can be pulled out and stands on its own. This avoids information leaks, which you point out in your other mail.
    
    


  • 4.  RE: [office] Extended conforming packages andmanifest:algorithm-name

    Posted 05-04-2010 22:44
    Oh, good - I see you've all met David. He is the developer who maintains digital signatures for Office here. I've asked him to join the TC to respond directly to the conversation on signing and encryption rather than having me pass messages back and forth. He's reviewing the conversation so far and I've forwarded him the earlier threads on XAdES, as well as pointers Patrick had sent me to the wiki for the work that was originally done for ODF 1.2.
    
    Cherie