OASIS Open Document Format for Office Applications (OpenDocument) TC

Re: [office] What to do about digital signatures

  • 1.  Re: [office] What to do about digital signatures

    Posted 05-10-2010 09:48
    Hi all,
    
    #2 sounds like a good choice to me, too, and is my recommendation as well.
    
    Michael
    
    
    On 05/07/10 20:51, robert_weir@us.ibm.com wrote:
    > We've been discussing this on the list for a few days now.  I think we're 
    > getting a better feel for the scope of what needs to be done, thanks to 
    > David's recent notes. . But I haven't seen a specific proposal yet.  I'm 
    > having some IBM colleagues look at this issue as well, since it is outside 
    > of my expertise.  But I will comment quickly on what our options are at 
    > this point:
    > 
    > 1) Continue discussing and delay ODF 1.2 until we have a resolution.
    > 
    > 2) Continue discussing, send ODF 1.2 out for public review knowing that 
    > this issue is open, and commit to resolving it when the public review 
    > ends.  But know that changes made after the public review would trigger 
    > another 15-day public review of those changes.
    > 
    > 3) Remove the feature from ODF 1.2.
    > 
    > 4) Do nothing in ODF 1.2, but address this area in a future revision.
    > 
    > 5) Convince ourselves that there is not a problem ;-)
    > 
    > Are there any other options I've missed?
    > 
    > I think if we have the right people looking at this area, we should be 
    > able to resolve it in ODF 1.2.  So to me that sounds like option #1 or #2. 
    >  
    > 
    > Since the digital signature feature is not broadly entangled in the other 
    > features of ODF 1.2, I think it can be reviewed and revised without 
    > invalidating the review performed on other parts of specification.  So I'm 
    > inclined to recommend that we pick option #2. 
    > 
    > I reminded of the saying, 'Never code standing up', meaning if you are in 
    > a rush to leave the office, and you already have your hat on, and you are 
    > making one last change to the code while standing up to put on your coat, 
    > then you are asking for trouble.  I think we want to also avoid specifying 
    > security-related ODF features standing up.  Let's take a couple of months, 
    > during the public review of ODF 1.2, to figure out exactly what needs to 
    > be done here.  This will allow us to continue discussions at a deliberate, 
    > but unrushed pace.  We could continue discussions on the main TC list.  Or 
    > if we wanted to have a separate list and maybe a series of meetings on the 
    > subject (yes, more meetings) we could choose to form a "ODF Security 
    > Subcommittee".
    > 
    > Any thoughts on the process side of this, before we get back to discussing 
    > the details of XAdES?  In particular, any objections to #2?
    > 
    > -Rob
    > 
    > ---------------------------------------------------------------------
    > To unsubscribe from this mail list, you must leave the OASIS TC that
    > generates this mail.  Follow this link to all your TCs in OASIS at:
    > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php 
    > 
    
    
    -- 
    Michael Brauer, Technical Architect Software Engineering
    StarOffice/OpenOffice.org
    Sun Microsystems GmbH             Nagelsweg 55
    D-20097 Hamburg, Germany          michael.brauer@sun.com
    http://sun.com/staroffice         +49 40 23646 500
    http://blogs.sun.com/GullFOSS
    
    Sitz der Gesellschaft: Sun Microsystems GmbH, Sonnenallee 1,
    	   D-85551 Kirchheim-Heimstetten
    Amtsgericht Muenchen: HRB 161028
    Geschaeftsfuehrer: Jürgen Kunz