-
Type: Bug
-
Status: Deferred
-
Priority: Major
-
Resolution: Later
-
Affects Version/s: ODF 1.2 CD 05
-
Fix Version/s: ODF-Next
-
Component/s: Packaging, Part 2 (Packages) [1.2: 3], Part 3 (Schema) [1.2: 1], Security
-
Labels:None
-
Environment:
This issue applies to ODF 1.2 Part 3 CD01 and its revisions. The text discussed is as in OpenDocument-v1.2-part3-cd1-rev04.odt
-
Proposal:
-
Resolution:
Part 3 Section 2.5 establishes Digital Signatures as stored in one or more files whose "relative pahs" begin with 'META-INF/' and that contain the "term" 'signatures'. I take this to read that digital signature files SHALL have names of the form 'META-INF/signature' in the Zip archive, using conventional wild-card notation. The format of these files is established in Section 4.
Part 3 Section 4 says nothing about the naming of the file, although it refers to <dsig-document-signatures> as a root element and it asserts that the schema for the file is that given in Appendix A. There are no explicit producer conformance requirements. The only strong requirements on consumers concern differences in signature verification depending on whether or not a digital signature file is encrypted or not (in section 4.2).
Part 3 Section 7.2.1 on Conforming OpenDocument Packages asserts in (PD1.4-PD1.6) that the only permitted files beside META-INF/manifest.xml with META-INF/* name structure are those which have name structure META-INF/signatures and which are XML 1.0 documents with root element <dsig:document-signatures>, along with a few additional conditions. (Note that occurrence in /META-INF/manifest.xml is not required, so such files do not have explicit MIME types nor are they subject to encryption when not listed in META-INF/manifest.xml.)
Part 3 Section 7.2.2 on Conforming OpenDocument Extended Packages does not have any limitation on what can have a META-INF/* form name.
There is no stipulation that production of META-INF/* and META-INF/signature files be implementation defined. There is no stipulation that consumer-permissive limitations on what is accepted as a valid digital signature are implementation defined.
ALLOCATION OF META-INF/signatures NAMES
The point of the preceding review is to confirm that there is no provision for how META-INF/signature name forms are allocated nor whether and how "implementation-defined" appropriation of such a name for a particular purpose is accomplished. There is similarly no basis for an implementation determining whether the occurrence of such a named Zip archive file is one for which the implementation has been designed.
There is no provision similar to those in other places where ODF 1.2 provides for explicit identification of implementation-defined provisions via namespace bindings.
At the same time, all occurrences of META-INF/signature name forms for XML 1.0 documents having <dsig:digital-signatures> root elements and satisfying a few other conditions are permitted as part of Conforming OpenDocument Packages.
Likewise, consumers may restrict what is permissible in a digital signature without any requirement that this be implementation-defined and with no provision considering how consumers apply restrictions on what digital signatures there are and which ones are subject to what constraints.
An interoperable arrangement is required.