OASIS Open Document Format for Office Applications (OpenDocument) TC

  • 1.  Re: [office] Re: encryption

    Posted 09-02-2009 08:40
    Bob, Rob,
    
    On 09/01/09 19:02, Robert Weir/Cambridge/IBM wrote:
    > The reason to allow more than one algorithm, aside from preferences 
    > (individual, corporate, national requirements etc.) is that an attack 
    > could be found against any one of these algorithms and you don't want to 
    > be in a situation where the only algorithms specified are weak or broken. 
    
    Yes, this is a valid point. In addition, there may be situations where
    any of the algorithms defined by the W3C or any set of algorithms we may
    define ourselves does not include an algorithm that is mandated by a
    particular organization or government that wishes to use ODF. So, also
    from that perspective, it seems to be reasonable to me that, if we allow
    additional algorithms, that we are not again restricting them to a
    particular set. But of cause, the proposal should clearer state that for
    the algorithms defines the the W3C specifications, the IRIs defined be
    the W3C specification shall be used.
    
    Regarding implementation defined IRIs, we have already a requirement
    that conforming implementations have to document the implementation
    defined values they are using. This includes the IRIs that denote
    algorithms.
    
    
    > The use of SHA1, in particular, does not seem to be a good algorithm 
    > today.
    > 
    > Of course, this doesn't mean you need to leave it open ended.
    > 
    > It really boils down to three questions:
    > 
    > 1) For each algorithm type (hash, encryption, etc.), what unique 
    > identifier to we associate with each algorithm?
    
    This actually needs to be clarified in my proposal.
    > 
    > 2) For the sake of encouraging interoperability do we recommend or mandate 
    > that a subset of these algorithms be supported?
    
    The idea behind the proposal was to open encryption for additional 
    algorithms as a first step In ODF 1.2. The algorithms that we had 
    already in ODF 1.1 remain mandatory for implementations that support 
    encryption. This set may be extended in later versions.
    > 
    > 3) Do we allow implementation-defined algorithms beyond those which we 
    > have assigned identifiers to?
    
    I would recommend that for the reasons mentioned above.
    > 
    > But remember, there is nothing in the standard that mandates the support 
    > of the document encryption feature at all, so #2 doesn't really help us 
    > much here, does it?
    
    Thank you for our feedback
    
    Michael
    
    
    > 
    > -Rob
    > 
    > 
    > 
    > 
    > From:
    > Bob Jolliffe 


  • 2.  Re: [office] Re: encryption

    Posted 09-02-2009 08:45
    2009/9/2 Michael Brauer - Sun Germany - ham02 - Hamburg
    


  • 3.  Re: [office] Re: encryption

    Posted 09-02-2009 09:03
    Hi Dave,
    
    On 09/02/09 10:45, Dave Pawson wrote:
    > 2009/9/2 Michael Brauer - Sun Germany - ham02 - Hamburg
    > 


  • 4.  Re: [office] Re: encryption

    Posted 09-02-2009 09:37
    2009/9/2 Michael Brauer - Sun Germany - ham02 - Hamburg