[OFFICE-3869] PAS Comment JP5: Clarify relationship between digital signature and encryption - OASIS Technical Committees Issue Tracker

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: ODF 1.2
Fix Version/s: ODF 1.3
Component/s: Part 2 (Packages) [1.2: 3]
Labels:
None

Proposal:

Hide

proposal for our response to this ODF 1.2 PAS Submission comment:

We agree that the current wording might cause an uncertainty regarding the relationship between encryption and digital signatures.
We suggest to replace the last two paragraphs of section 5.2 in Part 3 by:
"If a digital signature file is not encrypted, each encrypted file referenced by <ds:Reference> elements shall be signed in its encrypted form."
and
"If a digital signature file is encrypted, then the files referenced by <ds:Reference> elements shall be signed in their decrypted forms."
We also suggest to introduce a new section 3.9 "Interactions Between Encryption and Digital Signatures" with the following content:
"An OpenDocument Package Producer that both encrypts files in the package and applies digital signatures to files in the package should either first encrypt (per section 3.4) and then apply the digital signatures (per section 5) or first apply the digital signatures and then encrypt.
If the encryption of the files is done first, the digital signatures files shall not be encrypted.
If the files in the package are encrypted after applying the digital signatures, the digital signature files shall be encrypted.
See also section 5.2.
Note: It is current practice to first encrypt and then apply the digital signatures."

Show
proposal for our response to this ODF 1.2 PAS Submission comment: We agree that the current wording might cause an uncertainty regarding the relationship between encryption and digital signatures. We suggest to replace the last two paragraphs of section 5.2 in Part 3 by: "If a digital signature file is not encrypted, each encrypted file referenced by <ds:Reference> elements shall be signed in its encrypted form." and "If a digital signature file is encrypted, then the files referenced by <ds:Reference> elements shall be signed in their decrypted forms." We also suggest to introduce a new section 3.9 "Interactions Between Encryption and Digital Signatures" with the following content: "An OpenDocument Package Producer that both encrypts files in the package and applies digital signatures to files in the package should either first encrypt (per section 3.4) and then apply the digital signatures (per section 5) or first apply the digital signatures and then encrypt. If the encryption of the files is done first, the digital signatures files shall not be encrypted. If the files in the package are encrypted after applying the digital signatures, the digital signature files shall be encrypted. See also section 5.2. Note: It is current practice to first encrypt and then apply the digital signatures."
Resolution:

Hide

our response to this ODF 1.2 PAS Submission comment:

We agree that the current wording might cause an uncertainty regarding the relationship between encryption and digital signatures.
We suggest to replace the last two paragraphs of section 5.2 in Part 3 by:
"If a digital signature file is not encrypted, each encrypted file referenced by <ds:Reference> elements shall be signed in its encrypted form."
and
"If a digital signature file is encrypted, then the files referenced by <ds:Reference> elements shall be signed in their decrypted forms."
We also suggest to introduce a new section 3.9 "Interactions Between Encryption and Digital Signatures" with the following content:
"An OpenDocument Package Producer that both encrypts files in the package and applies digital signatures to files in the package should either first encrypt (per section 3.4) and then apply the digital signatures (per section 5) or first apply the digital signatures and then encrypt.
If the encryption of the files is done first, the digital signatures files shall not be encrypted.
If the files in the package are encrypted after applying the digital signatures, the digital signature files shall be encrypted.
See also section 5.2.
Note: It is current practice to first encrypt and then apply the digital signatures."

Show
our response to this ODF 1.2 PAS Submission comment: We agree that the current wording might cause an uncertainty regarding the relationship between encryption and digital signatures. We suggest to replace the last two paragraphs of section 5.2 in Part 3 by: "If a digital signature file is not encrypted, each encrypted file referenced by <ds:Reference> elements shall be signed in its encrypted form." and "If a digital signature file is encrypted, then the files referenced by <ds:Reference> elements shall be signed in their decrypted forms." We also suggest to introduce a new section 3.9 "Interactions Between Encryption and Digital Signatures" with the following content: "An OpenDocument Package Producer that both encrypts files in the package and applies digital signatures to files in the package should either first encrypt (per section 3.4) and then apply the digital signatures (per section 5) or first apply the digital signatures and then encrypt. If the encryption of the files is done first, the digital signatures files shall not be encrypted. If the files in the package are encrypted after applying the digital signatures, the digital signature files shall be encrypted. See also section 5.2. Note: It is current practice to first encrypt and then apply the digital signatures."

Description

Comment logged by national body during the ODF 1.2 PAS process, to be address at Ballot Resolution Meeting.

Nature of defect :Technical

Original text of NB comment: Relations between the digital signature and encryption are not clear. Specify the relations.

PAS Comment JP5: Clarify relationship between digital signature and encryption

Details

Description

Attachments

Activity

People

Dates