[framework-issues] [Issue 60875] Certificate key usage is n ot handled by the OpenOffice programs when sig n a document digitaly
To comment on the following update, log in, then open the issue: http://www.openoffice.org/issues/show_bug.cgi?id=60875 --- Additional comments from [EMAIL PROTECTED] Wed Nov 12 14:51:29 + 2008 --- Yes, jl, you have right. I simply detailed the knowledge behind the separation of the certificates. - Please do not reply to this automatically generated notification from Issue Tracker. Please log onto the website and enter your comments. http://qa.openoffice.org/issue_handling/project_issues.html#notification - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[framework-issues] [Issue 60875] Certificate key usage is n ot handled by the OpenOffice programs when sig n a document digitaly
To comment on the following update, log in, then open the issue: http://www.openoffice.org/issues/show_bug.cgi?id=60875 --- Additional comments from [EMAIL PROTECTED] Tue Nov 11 16:28:06 + 2008 --- My opinion, to filter out the signer certificates with Key Enchipherment Key Usage. The separation of the encryption(EC), authentication(DS), and signing(NR) function came from a security problem. Please imagine it: case 1: You have a certificate with DS, NR, EC. You want to login on a webpage, and the server drops some random data to sign it. You sign it, then the server check the signature, and logins you, when it is correct. But if the server drops some patched data, not random, the server owner will have a signed document, which is signed with a certificate, where the allowed purposes includes non repudation (NR), so your random data was SIGNED for them. case 2: You have EC with NR bits. You can have an application, which simply sign with your encription certificate, of course, this is not a way, yo want, but you sign something, with a law acceptable certificate. case 3: You sing something with a EC certificate You signed it, because you want to make it an official document. But when you will use it, on the judge, you will found, oops, no really signeture on it. So you lost on the judge. - Please do not reply to this automatically generated notification from Issue Tracker. Please log onto the website and enter your comments. http://qa.openoffice.org/issue_handling/project_issues.html#notification - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[framework-issues] [Issue 76124] Certificate handling is no t RFC compatible
To comment on the following update, log in, then open the issue: http://www.openoffice.org/issues/show_bug.cgi?id=76124 --- Additional comments from [EMAIL PROTECTED] Mon Nov 10 16:08:58 + 2008 --- I have tested again on the OO3 the RFC compatibility. There is no filtering on the Key Usage bits, and certificate without Non Repudation bit is allowed to use for signing. Maybe a retargeting to OO4? :) (I have tested the smart card problem too, and i am starting an other issue with the included info.) - Please do not reply to this automatically generated notification from Issue Tracker. Please log onto the website and enter your comments. http://qa.openoffice.org/issue_handling/project_issues.html#notification - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[framework-issues] [Issue 60875] Certificate key usage is n ot handled by the OpenOffice programs when sig n a document digitaly
To comment on the following update, log in, then open the issue: http://www.openoffice.org/issues/show_bug.cgi?id=60875 --- Additional comments from [EMAIL PROTECTED] Mon Nov 10 16:22:47 + 2008 --- Tested on OO 3 and still not working. Retargeting to OO4??? :) - Please do not reply to this automatically generated notification from Issue Tracker. Please log onto the website and enter your comments. http://qa.openoffice.org/issue_handling/project_issues.html#notification - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[framework-issues] [Issue 76124] Certificate handling is no t RFC compatible
To comment on the following update, log in, then open the issue: http://www.openoffice.org/issues/show_bug.cgi?id=76124 --- Additional comments from [EMAIL PROTECTED] Mon Nov 10 16:31:10 + 2008 --- Oops, I have found that i reported the RFC part it previously as 60175 bug. So the RFC compatible handling is already in another bug. Maybe should we close this bug, and the smart card problem, without certificate auto remove should be posted into another bug, as new? Or it is possible to edit out the 60175 bug info from this bug? Smart card problem still in in the OO 3. - Please do not reply to this automatically generated notification from Issue Tracker. Please log onto the website and enter your comments. http://qa.openoffice.org/issue_handling/project_issues.html#notification - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[framework-issues] [Issue 76124] Certificate handling is no t RFC compatible
To comment on the following update, log in, then open the issue: http://www.openoffice.org/issues/show_bug.cgi?id=76124 --- Additional comments from [EMAIL PROTECTED] Mon Nov 26 12:31:59 + 2007 --- fst: whick kind of type token did you use? has it cert remove feature on removal? because i have tried with some token and cards too. (micardo card, oberthurt card, alladin etoken, ikey 2032, gemsafe card are installed on my computer) when the oo reads the certificate list, ask for the card and should i click on the cancel for a few times, until I see the actual token, I am using actually. so this is comming aout, when the usable certificate list is generated.) of-course, the oo ask for password only for selected card. but the other part of thus bug report is more important than this. please concentrate on it. - Please do not reply to this automatically generated notification from Issue Tracker. Please log onto the website and enter your comments. http://qa.openoffice.org/issue_handling/project_issues.html#notification - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[framework-issues] [Issue 76124] Certificate handling is no t RFC compatible
To comment on the following update, log in, then open the issue: http://www.openoffice.org/issues/show_bug.cgi?id=76124 --- Additional comments from [EMAIL PROTECTED] Mon Nov 26 14:49:17 + 2007 --- some of the smart card drivers has the feature, that on removal of the sc, token, the certificate isn't removed form the store. then this is the cause, why the oo asks for the token, sc. but if you will a list of certificates registered on the computer, you dont need to ask all the tokens, its enough, to ask for it, when you are signing with one of these. - Please do not reply to this automatically generated notification from Issue Tracker. Please log onto the website and enter your comments. http://qa.openoffice.org/issue_handling/project_issues.html#notification - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[framework-issues] [Issue 76124] Certificate handling is no t RFC compatible
To comment on the following update, log in, then open the issue: http://www.openoffice.org/issues/show_bug.cgi?id=76124 --- Additional comments from [EMAIL PROTECTED] Fri Nov 23 14:00:49 + 2007 --- If I have more than one secure device connected to the computer at a given time, it must ask for access granting for each and every device. Its Ok when you have connected them in the time of signing. I have as tester a lot of security device installed, and when I want to test one of it, was only one device connected to the computer. In this case the OO still ask the PINs, passphrases for installed devices, but tohse are not present at that time, only the certificates registrated from them. Maybe it is not a good behavior. - Please do not reply to this automatically generated notification from Issue Tracker. Please log onto the website and enter your comments. http://qa.openoffice.org/issue_handling/project_issues.html#notification - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[framework-issues] [Issue 60875] New - Certificate key usag e is not handled by the OpenOffice programs wh en sign a document digitaly
To comment on the following update, log in, then open the issue: http://www.openoffice.org/issues/show_bug.cgi?id=60875 Issue #:|60875 Summary:|Certificate key usage is not handled by the |OpenOffice programs when sign a document digitaly Component:|framework Version:|OOo 2.0.1 Platform:|All URL:| OS/Version:|All Status:|UNCONFIRMED Status whiteboard:| Keywords:| Resolution:| Issue type:|DEFECT Priority:|P3 Subcomponent:|code Assigned to:|tm Reported by:|vargaviktor --- Additional comments from [EMAIL PROTECTED] Fri Jan 20 04:28:19 -0800 2006 --- The cerficate key usage is not handled in the Digital Sign feature, so it is possible, to sign a document with an encryption certificate. Reproduction: 1. Sign a document with an encryption certificate, (Key Enchipherment set) 2. It will be successful, so it is wrong. Solution: By the regarding RFCs and ETSIs, the Non-Repudation bit and/or Digital Sign bit should be set, for the signing certificate. Key Enchipherment should not allowed, or minimum should together with a Digital Sign. For qualified certs (EU): only Non-Repudation more info: RFC 3039 For other certificates: Non-Repudation and/or Digital Sign ( more info: ETSI TS 102 280 chapter 5.4.3 Key usage, table, Line A, B, C (the RFC overides the description of qualified, so only the A usable in qulified) Line D - not recommended, dread later Line E - for encryption D line - not recommended, because: 1) most of the EU contry laws are not allowing to use for digital signing a combined certificate. 2) ETSI security notes describes, for security reasons it is not recommended. - Please do not reply to this automatically generated notification from Issue Tracker. Please log onto the website and enter your comments. http://qa.openoffice.org/issue_handling/project_issues.html#notification - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
