That's the intent. There are three classes of algorithms:
1) The "default" algorithm which is SHA1+Blowfish CFB. By default we
really mean in the XML sense, not that it is the preferred algorithm. In
fact, I think it should be called something like "legacy" rather than
"default", lest a reader get the wrong message.
2) The larger set of algorithms allowed in conforming packages from
[xmlenc-core], which includes TRIPLEDES and AES-128, AES-192 and AES-256.
3) The open-ended list of algorithms which are permitted in "extended"
packages but not in non-extended packages. For these we neither define
the algorithm nor the identifiers for the algorithms.
I think we want to preserve that third option, not only to meet government
needs, but also to future-proof ODF. For example, suppose some
fundamental crypto advance breaks AES tomorrow. Unlikely, but possible.
The point of the two conformance classes is to distinguish those documents
that use only the well-known identifiers defined in ODF 1.2, versus ones
that use others.
I think this is still an interop issue. I can email someone an encrypted
document and then send them a passcode via other means, such as SMS. This
will work and allow security as well interoperability. But if the doc
uses an unknown algorithm, then the receiver is blocked. Also, even in
the single user case, wanting to read my own documents 10 years from now.
That said, if there are additional algorithms that we want to reserve
identifiers for in ODF 1.2, ones not already in Part 3 or [xmlenc-core]
I'm open to suggestions.
-Rob
"Dennis E. Hamilton"