Difference between revisions of "Security"

Revision as of 12:58, 10 July 2009

The security project

This wiki page is the collaboration entry point for the OOo security project.

For questions and discussions, please use the new mailing list from the security project: discuss@security.openoffice.org

When you plan to file an issue with regard to security, please make sure to add the keyword security.

General Topics

Digital Signatures

Encryption

Document Integrity

Current Activities

• Digital Signature:
  • Improving the Digital Signature Specification for ODF 1.2
  • Digital Signature Implementation in OOo 3.2
  • Inform the user that OOo's Digital Signatures have no legal value
  • Show a warning for not signed macro streams in documents signed with OpenOffice.org 2.x
  • Certificate revocation
• Encryption:
  • Encrypted documents shouldn't have any non encrypted content
  • Improving the Encryption Implementation in OOo 3.2
  • Enhancing the Encryption Specification for ODF 1.2
  • Comply to the updated ODF 1.2 Encryption Specification in OOo 3.2
• Document Integrity:
  • ODF conformance clause
  • Make sure OOo 3.2 would adhere to the ODF conformance clause
  • Check ODF integrity in OOo 3.2

Open Discussions

Protecting the not encrypted manifest.xml in an encrypted document

Notes and Ideas - nothing we currently work on

• Digital Signatures:
  • Digital Signatures Framework
  • Digital Signatures for Extensions
  • Include existing document signatures in newer document signatures
  • Skip support for self signed certificates?
• Encryption:
  • Public Key Document Encryption
  • Digital Rights Management
  • Password length and password pattern
• Notes and Ideas:
  • Different ways of doing encryption and signatures

Other Pages

Frequently Asked Questions. Please help us improve the content by editing these pages.