On 10/29/07, Mathias Bauer <[EMAIL PROTECTED]> wrote: > > Signing isn't something you can use without understanding what you are > doing. You must create a signature first. So there is no way to hide > this functionality behind something and IMHO it would be wrong also.
I think people use features, like 'read only,' all the time without understanding them. As you've pointed out the feature is very easy to circumvent. However read only gets used because most users understand it to me restricting rights to the document. Whether that's what they actually want or need to accomplish and whether the implementation is reliable or secure is a different discussion. Regarding creating a signature, I am not aware of having created or been issued one on my home PC, and was able to sign a document in Writer. The signature does have a warning that 'the signature is okay but the certificates could not be validated.' I presume that's because I haven't got a certificate from a recognized signature authority like VeriSign. I still understand why "Tools-Options-Security" is not enough: it > creates a document that is opened read-only and so is protected against > inadvertent changes. Can somebody explain me what is wrong with that > (except that it does not exactly what you have in Word)? Expecially if > you consider that the password "protection" like in Word can be > circumented even by a kid? The Protect button under tools options security works fine from my point of view. Can't open the document without the password so it is completely protected. However the 'open this document in read only mode' is where I was stumbling because of what I was wanting to do. What I wanted (originally) was to distribute a document that could be opened but not altered without a password. As you helped me understand that's not available in an open document format and can be circumvented in proprietary formats that provide the feature. After our discussion about read only and open document formats I recognized that what I wanted to accomplish would be better accomplished by signing the document. Yes no password is required to open such a document but signing would make it possible to tell, without doubt, whether the document is modified after distribution. I consider myself fairly computer literate. Still it took me a while and some discussion to recognize the advantage of signing over proprietary read only. What I suggested as a result is that perhaps there's some way to make the usefulness and advantages of signing more apparent to the average user. One possibility I saw is the seventh message area in the Writer status bar. Regardless of whether a message is signed or not the area is very small and likely to escape the attention of many users. My thought was that it could be made larger and perhaps include some message when a document isn't signed to draw more attention to the feature.
