Details

    • Type: Improvement
    • Status: Applied
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: ODF 1.2 Part 3 CD 1
    • Fix Version/s: ODF 1.2 Part 3 CD 2
    • Component/s: Security
    • Labels:
      None
    • Resolution:
      Hide

      Add to 3.8.3 manifest:checksum-type

      • urn:oasis:names:tc:opendocument:xmlns:manifest:1.0#sha256-1k: SHA256 algorithm (see [RFC3174]) applied to first 1024 bytes of the compressed unencrypted file.

      Adapt the last paragraph of 3.8.3 to:

      Package producers that support encryption should use the urn:oasis:names:tc:opendocument:xmlns:manifest:1.0#sha256-1k algorithm. Package consumers that support encryption shall support the values SHA1/1K, urn:oasis:names:tc:opendocument:xmlns:manifest:1.0#sha1-1k and urn:oasis:names:tc:opendocument:xmlns:manifest:1.0#sha256-1k.

      Adapt the last paragraph of 3.8.6 to:

      Package producers that support encryption should use the http://www.w3.org/2000/09/xmldsig#sha256 alogorithm. Package consumers that support encryption shall support the values SHA1, http://www.w3.org/2000/09/xmldsig#sha1 and http://www.w3.org/2000/09/xmldsig#sha256.

      Show
      Add to 3.8.3 manifest:checksum-type urn:oasis:names:tc:opendocument:xmlns:manifest:1.0#sha256-1k: SHA256 algorithm (see [RFC3174] ) applied to first 1024 bytes of the compressed unencrypted file. Adapt the last paragraph of 3.8.3 to: Package producers that support encryption should use the urn:oasis:names:tc:opendocument:xmlns:manifest:1.0#sha256-1k algorithm. Package consumers that support encryption shall support the values SHA1/1K, urn:oasis:names:tc:opendocument:xmlns:manifest:1.0#sha1-1k and urn:oasis:names:tc:opendocument:xmlns:manifest:1.0#sha256-1k. Adapt the last paragraph of 3.8.6 to: Package producers that support encryption should use the http://www.w3.org/2000/09/xmldsig#sha256 alogorithm. Package consumers that support encryption shall support the values SHA1, http://www.w3.org/2000/09/xmldsig#sha1 and http://www.w3.org/2000/09/xmldsig#sha256 .

      Description

      Part 3, 3.8.3 manifest:checksum-type says
      "Package consumers that support encryption shall support the values SHA1/1K and urn:oasis:names:tc:opendocument:xmlns:manifest:1.0#sha1"
      "Package producers that support encryption shall support the value SHA1/1K"

      Part 3, 3.8.6 manifest:start-key-generation-name states
      "Package consumers that support encryption shall support the values SHA1 and http://www.w3.org/2000/09/xmldsig#sha1"
      "Package producers that support encryption shall support the value SHA1"

      On the other hand, Part 1, 19.700 table:protection-key-digest-algorithm states
      "Consumers shall support SHA1, which is the default, and SHA256"
      "Producers should use SHA256"

      While I do realize that part 3 may be used outside the scope of ODF, it seems a bit odd that the spec as a whole more or less promotes SHA256 for a table protection key, SHA1 for start key generation and SHA1/1K for checksum-type (2-3 different algorithms for basically the same thing)

        Attachments

          Activity

            People

            • Assignee:
              michael.brauer Michael Brauer (Inactive)
              Reporter:
              bart.hanssens Bart Hanssens (Inactive)
            • Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: