Re: [office] Digital signature proposal

[Malte Timmermann <Malte.Timmermann@Sun.COM>]

Uri,

we had long discussions about section signing in OOo, and in the end
decided to not do it.

One problem are the styles.
It doesn't help to sign a section w/o signing all styles that are
involved, otherwise someone could hide text which is in a signed section.

The other problem is that (current) ODF applications read the complete
XML, and even when only modifying one character, they completely
"export" everything again - content and styles. They don't remember what
XML they did read. For embedded signatures they would have to do so.

So for now we don't plan to implement such thing in SO/OOo.

It probably doesn't make sense to specify anything when nobody plans to
implement it in the near future.
So we better wait until someone really wants to do so - or does anyone
have plans here?

And to your visible signatures:
I would like to have that also, but we have no concrete plans right now.
It's easier to specify such things if someone is really working on such
a feature, otherwise you will miss something, or specify it in a way
it's not usable.
Probably for exactly this reason OASIS requires 3 confirmation that a
spec is actively used before it can become a standard.

So I suggest to specify these two things in a later ODF release, when
nobody plans to do such implementations now.

Malte.

Uri Resnitzky wrote, On 02/21/07 22:31:
> On Friday 16 February 2007 12:08, Michael Brauer wrote:
>   
>> A document signature *shall* be considered to be valid only if
>> it valid itself, and if it is applied to all files of the package.
>>     
>
> This requirement will prevent applications from implementing sectional
> signing.
> Sectional signing allows signing of only certain elements in a document
> and is supported by xml-dsig.
> For example in an approval process a document may be written by one
> person and signed, then another person needs to approve it after
> possibly adding some comments to a "comments" section of the document.
> Another example is a collaboration of multiple people on the same
> document, each responsible for his own section. Two requirements may
> arise in this scenario: section A may need to be edited after section B
> is already completed and signed, and person A may not want to appear to
> have signed the text of section B for legal or other reasons.
>
> To add to my previous suggestion for visible signatures:
> I propose to add a new signature control.
> This control can have some default appearance (something like
> "x________").
> It can have attributes such as the intended signer name/role.
> It can be associated with an existing document element (section, table,
> etc.) for sectional signing.
> It must have a unique ID attribute.
> When a user activates this control, the application will produce
> document content to represent a new appearance for the signed control
> (For example the application may prompt the user or may already have a
> pre-configure signature image file for the user and the new appearance
> will be built from that image + signer name + date / time).
> The document content for the new appearance will not be stored in the
> document itself so as not to break already existing signatures, but
> instead will be written to a new file within the META-INF folder. The
> content of the file will be an element that includes the originating
> control's ID and the new appearance markup.
> Next, the application will sign the whole document (or the element
> specified in the control) and create the appropriate <Signature> element
> in the documentsignatures.xml file. The file with the new signature
> appearance must always be included in the signature calculation as well.
> The application is expected to display signed controls using the content
> from their respective appearance files rather than the default
> appearance.
> When a signed control is activated, the application can validate the
> signature, display information about the signed area, about the signer
> and certificate, etc.
> To prevent users from thinking a document is properly signed when in
> fact the signature validation fails (as Thomas suggested), applications
> should display a validation mark on top of the appearance in any signed
> signature control.
> This validation mark will indicate if the signature has been validated
> yet or not and if the validation failed or succeeded.
>
> I'm new to ODF (but have a lot of experience in digital signatures and
> signed documents of various formats) so I apologize in advance if I'm
> not using the correct terminology.
>
> - Uri
>
> Uri Resnitzky
> Chief Scientist
> ARX
> http://www.arx.com
>