incubator-ooo-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 119090] Default Encryption Fails for Down-Level Implementations
Date Tue, 20 Mar 2012 14:20:28 GMT

--- Comment #15 from orcmid <> 2012-03-20 14:20:28 UTC ---
@Oliver.  Issue r117562 is based on an incorrect premise.  ODF 1.2 does not
change the default encryption in any way.  I quoted the ODF 1.2 specification
in an earlier comment.  Here it is again, with more emphasis (ODF 1.2 Part 3
section 4.8.1):

"Package producers that support encryption SHALL support the value Blowfish
CFB. Package consumers that support encryption SHALL support the values
Blowfish CFB and urn:oasis:names:tc:opendocument:xmlns:manifest:1.0#blowfish."

There is conformance language related to the use of the manifest:checksum,
which is not about security but being able to determine whether a decryption is
correct.  That language is in 4.8.3,

"Package producers that support encryption SHOULD use the
urn:oasis:names:tc:opendocument:xmlns:manifest:1.0#sha256-1k algorithm, Package
consumers that support encryption SHALL support the values SHA1/1K,
urn:oasis:names:tc:opendocument:xmlns:manifest:1.0#sha1-1k and

For the legacy case, the values "SHA1" and "SHA1/1K" are the only ones
recognized in use and some implementations treat "SHA1" the same as "SHA1/1K".

When blowfish is used, the SHA1/1K should always be used for interoperability

Configure bugmail:
------- You are receiving this mail because: -------
You are on the CC list for the bug.

View raw message