In a later note, Jan asks about my statement concerning digital signatures, private content, and covert content:
"In the other mail you write a quite interesting note about digital signing of artifact the user cannot see. Do you happen to know how microsoft goes around that with the web based offerings ? Digital signatures officially entered ODF with the ODF 1.2 specification, although there was an implementation of that capability in versions of OpenOffice.org that extended their ODF 1.0/1.1 support to provide digital signatures. (The ODF 1.2 version is incompatible and that created some interesting interoperability issues until the implementations sorted it out.) With regard to Microsoft Office. Microsoft supports the ODF 1.2 digital signature in their support for ODF in Microsoft Office 2013. Since Microsoft is careful about what is signed and whether the user knows what is being signed (in terms of what is visible to users), there is no problem. On receiving digitally signed ODF 1.2 documents, Microsoft verifies those signatures as provided. Any editing will break the signature (as is true for all Consumers) and if the result is signed, there will be no unsupported features or private/covert content left, so all is well. I am not certain how this applies to the Office Web Applications. It appears that the Web Applications notice that a document is signed (whether they check it or not I have not tested) but provide no way to sign a document that is edited in one of the Web Applications. PS: Here is what I did. I downloaded an OpenOffice Calc (.ods) file that I already had in OneDrive, saved it under a new name, and signed it using LibreOffice. I put that back up on OneDrive. Now, when I open the .ods, I am warned that there may be features lost because editing is with the on-line Excel application. The Excel Online Help reports that an existing digital signature will be lost if any attempt to edit is performed. When I edited the document anyhow, there was no way to sign it on saving it back to OneDrive. It appears that I have to open it either in AOO or LibO or Excel on the desktop and sign it there. That's easy to do on Windows 8 because I have a OneDrive virtual folder on my desktop. (By the way, the making of a copy of the Calc file before editing in the Web Application is no longer automatic. I can edit the Calc document directly, but there is a warning about it. The warning links to details of what can be lost when Excel edits the Calc document. That includes loss of the digital signature.) I just uploaded a signed Microsoft Word 2013 document. When I opened it in the Web Application to edit it, I was warned that editing would invalidate the signature. After editing, I could find no way using the Web Application to sign the document. I would have to open it in the desktop application in order to do that. -----Original Message----- From: Dennis E. Hamilton [mailto:dennis.hamil...@acm.org] Sent: Saturday, August 2, 2014 13:05 To: dev@openoffice.apache.org Subject: RE: OOXML [ ... ] There are some tricky cases, including - Changes that overlap/conflict with tracked changes but tracked changes are not updated/preserved properly - Accessibility impacts - Digital signature applying to content not observable by the signer - Covert content of various kinds - breaking of RDF/RDA connections into the document (along with failure to preserve markers correctly) The digital signature and covert-content avoidance cases work against preserving material that is not evident in a given application. In the case of ODF, the damage to tracked changes is survivable (with some loss), because the ODF approach is resilient. But not knowing about the tracked changes gets into the digital signature problem if the material is preserved while not being visible to the user. [ ... ] --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
