• Type: Improvement
    • Resolution: Fixed
    • Priority: Minor
    • ODF 1.2 Part 3 CD 2
    • Affects Version/s: ODF 1.2 Part 3 CD 1
    • Component/s: Security
    • None
    • Hide

      Add to 3.8.3 manifest:checksum-type

      • urn:oasis:names:tc:opendocument:xmlns:manifest:1.0#sha256-1k: SHA256 algorithm (see [RFC3174]) applied to first 1024 bytes of the compressed unencrypted file.

      Adapt the last paragraph of 3.8.3 to:

      Package producers that support encryption should use the urn:oasis:names:tc:opendocument:xmlns:manifest:1.0#sha256-1k algorithm. Package consumers that support encryption shall support the values SHA1/1K, urn:oasis:names:tc:opendocument:xmlns:manifest:1.0#sha1-1k and urn:oasis:names:tc:opendocument:xmlns:manifest:1.0#sha256-1k.

      Adapt the last paragraph of 3.8.6 to:

      Package producers that support encryption should use the http://www.w3.org/2000/09/xmldsig#sha256 alogorithm. Package consumers that support encryption shall support the values SHA1, http://www.w3.org/2000/09/xmldsig#sha1 and http://www.w3.org/2000/09/xmldsig#sha256.

      Show
      Add to 3.8.3 manifest:checksum-type urn:oasis:names:tc:opendocument:xmlns:manifest:1.0#sha256-1k: SHA256 algorithm (see [RFC3174] ) applied to first 1024 bytes of the compressed unencrypted file. Adapt the last paragraph of 3.8.3 to: Package producers that support encryption should use the urn:oasis:names:tc:opendocument:xmlns:manifest:1.0#sha256-1k algorithm. Package consumers that support encryption shall support the values SHA1/1K, urn:oasis:names:tc:opendocument:xmlns:manifest:1.0#sha1-1k and urn:oasis:names:tc:opendocument:xmlns:manifest:1.0#sha256-1k. Adapt the last paragraph of 3.8.6 to: Package producers that support encryption should use the http://www.w3.org/2000/09/xmldsig#sha256 alogorithm. Package consumers that support encryption shall support the values SHA1, http://www.w3.org/2000/09/xmldsig#sha1 and http://www.w3.org/2000/09/xmldsig#sha256 .

      Part 3, 3.8.3 manifest:checksum-type says
      "Package consumers that support encryption shall support the values SHA1/1K and urn:oasis:names:tc:opendocument:xmlns:manifest:1.0#sha1"
      "Package producers that support encryption shall support the value SHA1/1K"

      Part 3, 3.8.6 manifest:start-key-generation-name states
      "Package consumers that support encryption shall support the values SHA1 and http://www.w3.org/2000/09/xmldsig#sha1"
      "Package producers that support encryption shall support the value SHA1"

      On the other hand, Part 1, 19.700 table:protection-key-digest-algorithm states
      "Consumers shall support SHA1, which is the default, and SHA256"
      "Producers should use SHA256"

      While I do realize that part 3 may be used outside the scope of ODF, it seems a bit odd that the spec as a whole more or less promotes SHA256 for a table protection key, SHA1 for start key generation and SHA1/1K for checksum-type (2-3 different algorithms for basically the same thing)

            Assignee:
            Michael Brauer (Inactive)
            Reporter:
            Bart Hanssens (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved: