https://issues.apache.org/ooo/show_bug.cgi?id=119085
Bug #: 119085
Issue Type: DEFECT
Summary: Incorrect manifest:start-key-generation-name IRI
Classification: Code
Product: security
Version: AOO340-dev
Platform: PC
OS/Version: Windows, all
Status: CONFIRMED
Severity: major
Priority: P3
Component: www
AssignedTo: [email protected]
ReportedBy: [email protected]
CC: [email protected]
When a package is encrypted (via Save with Password) Save As ... option, using
the enhanced encryption allowed with ODF 1.2, an incorrect URI is used to
express the manifest:start-key-generation-name for use of SHA256 digests.
According to OASIS Standard ODF 1.2 Part 3 section 4.8.6, the allowed values
for digest IRIs are those specified in section 5.7 of [xmlenc-core] at
(http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/). The IRI specified for
SHA256 there in section 5.7.2 is <http://www.w3.org/2001/04/xmlenc#sha256>.
AOO340-dev r1293550 build uses the incorrect (and nonexistent) W3C IRI,
http://www.w3.org/2000/09/xmldsig#sha256
This is a bug in the specification of section 4.8.6, where the incorrect value
is given. This is reported at
http://tools.oasis-open.org/issues/browse/OFFICE-3708
See
http://tools.oasis-open.org/version-control/browse/wsvn/oic/Advisories/00006-SHA256_URIs/trunk/description.html
for an Interoperability Advisory on this defect in ODF 1.2.
--
Configure bugmail: https://issues.apache.org/ooo/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
