Andrea wrote
> I don't think your argument is valid, according to it you could, absurdly,
> always replace the owner password with a random string (even when the user
> provided it) and still strictly don't contradict the spec (there is an
> owner password, *a random string*, algorithm 3.3 applies)
Andrea,
Andrea wrote
> I found what seemed a little discrepancy with the spec and I asked why,
> that's it.
> I spent time re-reading the spec, comparing it with your implementation
> and writing a detailed email because I thought it was useful for me to
> understand it but might also be good for
Andrea,
Andrea wrote
> encryption is performed without an owner password being specified. I read
> the specs, the mailing list and looked at the code and my understanding
> from the specs is that "If there is no owner password, use the user
> password instead". As far as I can tell this doesn't ha