incubator-ooo-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 119090] Default Encryption Fails for Down-Level Implementations
Date Mon, 19 Mar 2012 00:02:29 GMT
https://issues.apache.org/ooo/show_bug.cgi?id=119090

--- Comment #2 from orcmid <orcmid@apache.org> 2012-03-19 00:02:29 UTC ---
The OASIS Standard ODF 1.2 Part 3 specifies the following conformance
requirements with regard to choice of encryption methods (section 4.8.1):

"Package producers that support encryption shall support the value Blowfish
CFB. Package consumers that support encryption shall support the values
Blowfish CFB and urn:oasis:names:tc:opendocument:xmlns:manifest:1.0#blowfish."

Although other algorithms are allowed for ODF 1.2, these are the only ones that
are required to be supported for ODF 1.2 conformance.

Furthermore, the one document encryption method defined for ODF 1.0/1.1 is
fully allowable in ODF 1.2, in exactly the form provided in ODF 1.0/1.1.

RECOMMENDATION

Have the automatic choice of encryption methods and parameters be the same as
when the document is saved in ODF 1.0/1.1 format.  Do this even when Load/Save
is set to ODF 1.2 or ODF 1.2 (extended).  

Still *ACCEPT* (but do not produce) any of the additional encryption methods
and parameters including (1) SHA256 start-key digests, SHA256-1k confirmation
checksums, and at least AES256-CBC among the other AES and Triple-DES
algorithms allowed in accordance with section 5.2 of [xmlenc-core].

*AFTER* AOO 3.4, consider whether or not to allow user-controlled choice of a
different encryption during a Save with Password operation. At that time, it
can be determined how to advise users about the optional use and limitation to
consumers that support the same optional parameters.  This would be something
useful to coordinate with LibreOffice support for optional ODF 1.2 encryption
cases as well.

-- 
Configure bugmail: https://issues.apache.org/ooo/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

Mime
View raw message