Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane

From: Rob Weir <robweir <at> apache.org>
Subject: Re: [RELEASE,CODE]: Bug 119090 - Default Encryption Fails for Down-Level Implementations
Newsgroups: gmane.comp.apache.incubator.ooo.devel
Date: Saturday 24th March 2012 16:22:49 UTC (over 6 years ago)
On Sat, Mar 24, 2012 at 9:45 AM, Dennis E. Hamilton
 wrote:
> Correcting my own typos and over-abbreviation of the previous post ...
>
> -----Original Message-----
> From: Dennis E. Hamilton [mailto:[email protected]]
> Sent: Saturday, March 24, 2012 06:28
> To: [email protected]
> Subject: RE: [RELEASE,CODE]: Bug 119090 - Default Encryption Fails for
Down-Level Implementations
>
> Rob,
>
>  1. It is absurd to make headway to strengthen security without
addressing the weakest links first. When has that ever been a design
principle?
>

It is not absurd at all.  When I leave my house I lock the back door
before the front, even thought I know the back door would be easier to
break through.  There is no mandated order in which we do things.
But you seem to be arguing for leaving the back door open just because
you think the front door's lock is weak.  That is absurd.

So -1 from me to changing the default unless you can come up with a
far better technical argument than you have.  For example, you might
demonstrate that users are actually confused by this change.  It would
be good to show some evidence of this.  Since OOo 3.4 beta had this
same change, and LibreOffice has made it as well, there should be 10
million+ users with the AES encryption enabled by default.  Can you
point us to something in the support forum or user lists where such
complaints/confusion are reported?   If it is a real problem we surely
would be hearing this from users.

-Rob
 
CD: 13ms