Uploaded image for project: 'OASIS Open Document Format for Office Applications (OpenDocument) TC'
  1. OASIS Open Document Format for Office Applications (OpenDocument) TC
  2. OFFICE-3467

ODF 1.2 CD05-1 10.4.1 Frame Substitutions Repudiatable

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: No Action
    • Affects Version/s: None
    • Fix Version/s: None
    • Labels:
      None
    • Proposal:
      Hide

      The minimal case would seem to be to add a note that digital signatures may be repudiatable when there are material differences between the content that a signer claims was shown for a <draw:frame> and others that recipients were shown. Put a general precaution in the presentation of digital signatures in CD05-1 3.16 and mention in a10.4.1 note that the precautions against signing producer and verifying consumer presenting different alternatives from the <draw:frame> alternatives.

      Show
      The minimal case would seem to be to add a note that digital signatures may be repudiatable when there are material differences between the content that a signer claims was shown for a <draw:frame> and others that recipients were shown. Put a general precaution in the presentation of digital signatures in CD05-1 3.16 and mention in a10.4.1 note that the precautions against signing producer and verifying consumer presenting different alternatives from the <draw:frame> alternatives.

      Description

      Because different consumers may present different alternatives in a <draw:frame>, one that is presented by a consumer need not be the one that was seen when a producer provided a digital signature on the document.

      A signer may successfully claim that the document as presented by a consumer is not the one that was signed, even though the signature is verified.

      The difficulty is magnified when one or more of the alternatives is by reference to external material that is not covered by the signature and is not cached so as to be included in the signature. (This is a general concern when the document contains links to external material that may be accessed automatically and presented as if it is an inherent part of the document without it being somehow reflected in the document package files that are signed.)

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              orcmid Dennis Hamilton (Inactive)
            • Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: