Correcting my own typos and over-abbreviation of the previous post ... -----Original Message----- From: Dennis E. Hamilton [mailto:dennis.hamil...@acm.org] Sent: Saturday, March 24, 2012 06:28 To: ooo-dev@incubator.apache.org Subject: RE: [RELEASE,CODE]: Bug 119090 - Default Encryption Fails for Down-Level Implementations
Rob, 1. It is absurd to make headway to strengthen security without addressing the weakest links first. When has that ever been a design principle? 2. The proposal is not to abandon AES but to not make it the default. Folks for whom AES is imperative can elect it. Packagers in enterprises can even configure it. If it is as easy as claimed, why *not* do this *rather than impose a* silent, forced change that causes the most pain to the least-expert? 3. To address a check-off item without addressing the actual security situation and what is achieved in actual context brands us as the amateurs. For me, it is an ethical issue I can't step over as a computer-system professional. (The fact that I can see this much as an amateur document-security wonk is an indication of how fragile, and amateurish, the security of ODF document encryption is.) - Dennis -----Original Message----- From: Rob Weir [mailto:robw...@apache.org] Sent: Friday, March 23, 2012 17:32 To: ooo-dev@incubator.apache.org Subject: Re: [RELEASE,CODE]: Bug 119090 - Default Encryption Fails for Down-Level Implementations On Fri, Mar 23, 2012 at 4:23 PM, Dennis E. Hamilton [ ... ] Yes, security is only as strong as the weakest link. But that is an argument for improving all the links. It is not an argument for undoing improvements that have already been made to some of the links. We're not required to refurbish the battleship all in one day. We can work deck-by-deck. The advantage of AES is that it is a known quantity, a standard, and is called out as a requirement for government procurement in several countries, including the US. [*Restored:*] We're not called on to individually become amateur cryptographers on this project. That would benefit absolutely no one. Instead we should follow existing industry standards and best practices, one of which is AES. And if there are other parts of the encryption pipeline that can be improved, then let's do that as well. [ ... ]