On 17.09.2011 22:32, Pedro F. Giffuni wrote:
--- On Sat, 9/17/11, Rob Weir robw...@apache.org wrote:
...
OpenSSL is a a validated module when run in FIPS mode:
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2009.htm#
But that would still apply to AES, not Blowfish.
Hi;
--- On Thu, 9/22/11, Michael Stahl wrote:
...
Thanks for this point. NSS is not certified and given
the
where the heck did you get that idea?
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#1280
Ugh.. there's something broken in the iPad safari
search option.
Am 22.09.2011 17:49, schrieb Michael Stahl:
On 17.09.2011 22:32, Pedro F. Giffuni wrote:
--- On Sat, 9/17/11, Rob Weir robw...@apache.org wrote:
...
OpenSSL is a a validated module when run in FIPS mode:
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2009.htm#
But
Hi Mathias,
AFAIR a genius has bound our whole address book support code (not only
the code for the Mozilla address book) to Mozilla code. And we also use
the Mozilla stuff for ldap. All other formerly Mozilla based
functionality in OOo nowadays uses nss.
That's correct. Well, except the
Am 18.09.2011 06:10, schrieb Pedro F. Giffuni:
Ugh ... nevermind, we already carry xmlsec !
I guess we have everything to get rid of nss but we are not using it right?
Apache Santuario is interesting though.
Cheers, Pedro.
The reason why we went for nss when we needed AES enryption was
Am 19.09.2011 23:07, schrieb Pedro Giffuni:
Hi Matias;
On Mon, 19 Sep 2011 22:06:56 +0200, Mathias Bauer
mathias_ba...@gmx.net wrote:
Am 18.09.2011 06:10, schrieb Pedro F. Giffuni:
Ugh ... nevermind, we already carry xmlsec !
I guess we have everything to get rid of nss but we are
On Mon, 19 Sep 2011 23:34:22 +0200, Mathias Bauer
mathias_ba...@gmx.net wrote:
...
Just a thought ... Perhaps we should try to make Apache OO *really*
Apache. I am now seeing so many nice things that other Apache
projects
offer: Santuario, APR, pdfbox, Xerces/Xalan, Maven, etc. Just
On Mon, 19 Sep 2011 16:42:22 -0500, Pedro Giffuni
giffu...@tutopia.com wrote:
On Mon, 19 Sep 2011 23:34:22 +0200, Mathias Bauer
mathias_ba...@gmx.net wrote:
...
Just a thought ... Perhaps we should try to make Apache OO
*really*
Apache. I am now seeing so many nice things that other Apache
[mailto:mathias_ba...@gmx.net]
Sent: Friday, September 16, 2011 15:40
To: ooo-dev@incubator.apache.org
Subject: Re: AOOo can't save passwort protected file
Hi,
AOOo can't use the nss libraries as easily as it was possible in the
old OOo, so perhaps a fix would be to revert the default
Am 17.09.2011 14:44, schrieb Rob Weir:
When the competition for a new algorithm ended, the winner was the
Advanced Encryption Standard (AES). We really need to support that
algorithm. There is a reason why ODF 1.3 recommends it. There are
regulations in several countries that specify what
: Rob Weir [mailto:robw...@apache.org]
Sent: Saturday, September 17, 2011 05:45
To: ooo-dev@incubator.apache.org
Subject: Re: AOOo can't save passwort protected file
On Fri, Sep 16, 2011 at 7:51 PM, Dennis E. Hamilton
dennis.hamil...@acm.org wrote:
I think reverting to Blowfish with 8-bit CFB
reference cases as well.
- Dennis
-Original Message-
From: Rob Weir [mailto:robw...@apache.org]
Sent: Saturday, September 17, 2011 05:45
To: ooo-dev@incubator.apache.org
Subject: Re: AOOo can't save passwort protected file
On Fri, Sep 16, 2011 at 7:51 PM, Dennis E. Hamilton
.
- Dennis
-Original Message-
From: Rob Weir [mailto:robw...@apache.org]
Sent: Saturday, September 17, 2011 05:45
To: ooo-dev@incubator.apache.org
Subject: Re: AOOo can't save passwort protected file
On Fri, Sep 16, 2011 at 7:51 PM, Dennis E. Hamilton
dennis.hamil...@acm.org wrote:
I think
On 9/17/11, Mathias Bauer mathias_ba...@gmx.net wrote:
Am 17.09.2011 14:44, schrieb Rob Weir:
When the competition for a new algorithm ended, the winner was the
Advanced Encryption Standard (AES). We really need to support that
algorithm. There is a reason why ODF 1.3 recommends it. There
the document on ODF 1.1 format. That
solves this issue, and several others.
- Dennis
-Original Message-
From: Rob Weir [mailto:robw...@apache.org]
Sent: Saturday, September 17, 2011 05:45
To: ooo-dev@incubator.apache.org
Subject: Re: AOOo can't save passwort protected file
On Fri
-Original Message-
From: Rob Weir [mailto:robw...@apache.org]
Sent: Saturday, September 17, 2011 09:40
To: ooo-dev@incubator.apache.org; dennis.hamil...@acm.org
Subject: Re: AOOo can't save passwort protected file
On 9/17/11, Dennis E. Hamilton dennis.hamil...@acm.org wrote:
Rob,
1
17, 2011 09:58
To: ooo-dev@incubator.apache.org; dennis.hamil...@acm.org
Subject: Re: AOOo can't save passwort protected file
[ ... ]
I'm not arguing that we
don't support Blowfish at all. I'm saying that we should also allow
saving with AES, as allowed by ODF, and as required by regulation
:40
To: ooo-dev@incubator.apache.org; dennis.hamil...@acm.org
Subject: Re: AOOo can't save passwort protected file
On 9/17/11, Dennis E. Hamilton dennis.hamil...@acm.org wrote:
Rob,
1. There is no requirement in ODF 1.2 for consumers and producers to
support anything but the default Blowfish
Hi;
Despite the valid interest in higher encryption schemes, I
prefer to set Blowfish as default now. That doesn't mean
we won't consider patches later on, of course.
BTW, can't we just use OpenSSL? I think it's included in
most linux/BSD distributions.
Pedro.
On Sat, 17 Sep 2011 12:47:59
Am 17.09.2011 18:47, schrieb Rob Weir:
On 9/17/11, Mathias Bauer mathias_ba...@gmx.net wrote:
Am 17.09.2011 14:44, schrieb Rob Weir:
When the competition for a new algorithm ended, the winner was the
Advanced Encryption Standard (AES). We really need to support that
algorithm. There is a
On Sat, Sep 17, 2011 at 1:26 PM, Pedro Giffuni giffu...@tutopia.com wrote:
Hi;
Despite the valid interest in higher encryption schemes, I
prefer to set Blowfish as default now. That doesn't mean
we won't consider patches later on, of course.
BTW, can't we just use OpenSSL? I think it's
Am 17.09.2011 19:26, schrieb Pedro Giffuni:
Hi;
Despite the valid interest in higher encryption schemes, I
prefer to set Blowfish as default now. That doesn't mean
we won't consider patches later on, of course.
Ah, you used the magic word. :-)
So for those who want to have AES
--- On Sat, 9/17/11, Rob Weir robw...@apache.org wrote:
...
OpenSSL is a a validated module when run in FIPS mode:
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2009.htm#
But that would still apply to AES, not Blowfish.
Think of it this way: FIPS 140 defines what
Hi again;
I think I found the missing piece in the puzzle ...
OOo already uses OpenSSL, but in order to replace nss we need support for
xmlsecurity. This library provides just that under an MIT license:
http://www.aleksey.com/xmlsec/
Alternatively Apache has it#39;s own stuff:
Ugh ... nevermind, we already carry xmlsec !
I guess we have everything to get rid of nss but we are not using it right?
Apache Santuario is interesting though.
Cheers, Pedro.
hi, Raphael
I built out AOOo on my Ubuntu 11 days ago. Just now, I tried the steps
you described. The results are that :
1) There will be a general IO error, when saving the document with
password to ODT format. Please refer to the snapshot attached.
2) If change to DOC format, there is
Hi Dennis
Thank you for the test too
Am 16.09.11 03:19, schrieb Dennis E. Hamilton:
I can't confirm with an AOOo Build, but I did check the OOO-dev 3.4 on win32 to
see if the problem existed previously. I was able to password protect
(encrypt) a simple Writer document. It saved and opened
Hi Jürgen
Exactly, I used --disable-copyleft wich automaticly use
--disable-mozilla. Thanks, for your information. I assume that this has
samething to do with the copyleft removal.
Greetings Raphael
Am 16.09.11 10:30, schrieb Jürgen Schmidt:
Hi Raphael,
i assume you have built your office
would do this myself.)
-Original Message-
From: Raphael Bircher [mailto:r.birc...@gmx.ch]
Sent: Friday, September 16, 2011 01:01
To: ooo-dev@incubator.apache.org
Subject: Re: AOOo can't save passwort protected file
Hi Dennis
Thank you for the test too
Am 16.09.11 03:19, schrieb Dennis E
, September 16, 2011 01:01
To: ooo-dev@incubator.apache.org
Subject: Re: AOOo can't save passwort protected file
Hi Dennis
Thank you for the test too
Am 16.09.11 03:19, schrieb Dennis E. Hamilton:
I can't confirm with an AOOo Build, but I did check the OOO-dev 3.4 on win32
to see if the problem
that build, or I would do this myself.)
-Original Message-
From: Raphael Bircher [mailto:r.birc...@gmx.ch]
Sent: Friday, September 16, 2011 01:01
To: ooo-dev@incubator.apache.org
Subject: Re: AOOo can't save passwort protected file
Hi Dennis
Thank you for the test too
Am 16.09.11 03:19
: Friday, September 16, 2011 01:01
To: ooo-dev@incubator.apache.org
Subject: Re: AOOo can't save passwort protected file
Hi Dennis
Thank you for the test too
Am 16.09.11 03:19, schrieb Dennis E. Hamilton:
I can't confirm with an AOOo Build, but I did check the OOO-dev 3.4 on win32
to see
Hi Dennis
Am 16.09.11 19:47, schrieb Dennis E. Hamilton:
I use a series of older versions as part of my document forensics work. In
particular, I keep ODF 1.1 processors around.
It happened that it is the default application in the same VM where I have
OOo-dev 3.4 installed. So it opened
: AOOo can't save passwort protected file
Hi Dennis
Am 16.09.11 19:47, schrieb Dennis E. Hamilton:
I use a series of older versions as part of my document forensics work. In
particular, I keep ODF 1.1 processors around.
It happened that it is the default application in the same VM where I have
Hi,
AOOo can't use the nss libraries as easily as it was possible in the
old OOo, so perhaps a fix would be to revert the default encryption
algorithm in AOOo from AES to Blowfish in 3.4 until we found a
replacement for the AES encryption code from the nss libs.
I know that MPL libs can be used
, September 16, 2011 15:40
To: ooo-dev@incubator.apache.org
Subject: Re: AOOo can't save passwort protected file
Hi,
AOOo can't use the nss libraries as easily as it was possible in the
old OOo, so perhaps a fix would be to revert the default encryption
algorithm in AOOo from AES to Blowfish
Raphael,
When you set Writer to Save as ODF 1.0/1.1, does
it work then?
-Original Message-
From: Raphael Bircher [mailto:r.birc...@gmx.ch]
Sent: Thursday, September 15, 2011 15:18
To: ooo-dev@incubator.apache.org
Subject: AOOo can't save passwort protected file
Hi all
Can sameone
+1 to reverting to Blowfish for now.
Also note that we can use BouncyCastle in the future if using java for
this is acceptable.
Pedro.
On Sat, 17 Sep 2011 00:39:31 +0200, Mathias Bauer
mathias_ba...@gmx.net wrote:
Hi,
AOOo can't use the nss libraries as easily as it was possible in the
old
Hi all
Can sameone confirm the flowing on a AOOo Build?
Steps to reproduce
- Open a new Writer Document
- Write same text
- Save as
- check password protection and choice a name
- press enter and give in a passwort and confirm it
Result:
I get a error that the document can't be saved.
of documents awaiting forensic analysis.
- Dennis
-Original Message-
From: Raphael Bircher [mailto:r.birc...@gmx.ch]
Sent: Thursday, September 15, 2011 15:18
To: ooo-dev@incubator.apache.org
Subject: AOOo can't save passwort protected file
Hi all
Can sameone confirm the flowing on a AOOo
40 matches
Mail list logo