The biggest issues that needed clarifying are:
- SecureODF is not about encryption and making documents unreadable to those who shouldn't read them. There are excellent and easy solutions to this - including encrypting documents, or putting documents behind doors which need the right credentials to access them
- SecureODF is about preventing documents from carrying unwanted malware or triggering undesirable behaviour in your technology (document editor/reader application, operating system, network).
And really importantly:
- SecureODF is about being able to receive documents from UNTRUSTED sources who may or may not have inserted malware into the documents. This is different from the scenario where you trust a source but the documents are corrupted in trasit between your trusted friend and yourself - that scenario is already easily addressed through the use of cryptographic hashes and certificates to verify the document you received is as it was sent.
