View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
000458010000-012: DiscoverySpecpublic2019-01-10 21:402022-03-29 15:27
ReporterMatthias Damm Assigned ToRandy Armstrong  
PriorityhighSeveritymajorReproducibilityhave not tried
Status closedResolutionfixed 
Fixed in Version1.05.02 RC1 
Summary0004580: Application authentication for StartSigningRequest and FinishRequest
Description

The current version states for StartSigningRequest:
This Method can be invoked by a configuration tool which has provided user credentials with necessary access permissions. It can also be invoked by the Application that owns the private key used to sign the CertificateRequest (e.g. the private key shall be the private key used to create the SecureChannel).

The description should be more explicit that the first signing request has to be done with user authentication and that follow up updates can use the application authentication of the registered application itself and the certificate signed by the CA.

But the main problem is that the current definition would not allow to update the private key which is the recommended behavior. The definition should clearly allow this if the request is sent through a SecureChannel established by the application with a CA signed certificate for itself. This would inlcude the Application URI check that is part of the normal OPC UA connection establishment.

This applies also to the FinishRequest.

Additional Information

This clarification would also allow to apply the application authentication to StartNewKeyPairRequest

TagsNo tags attached.
Commit Version
Fix Due Date

Activities

Randy Armstrong

2020-06-11 05:33

administrator   ~0012235

Changed text to:
It can also be invoked by an Application which is requesting an update to a previously issued Certificate and that Certificate was used to create the SecureChannel

Jim Luth

2021-12-06 19:39

administrator   ~0015474

Last edited: 2021-12-06 19:40

Accepted changes. in 1.05.02 Draft 22

Needs 1.04 Errata to close.

Jim Luth

2022-03-29 15:27

administrator   ~0016472

Agreed to changes in Errata 1.04.11.

Issue History

Date Modified Username Field Change
2019-01-10 21:40 Matthias Damm New Issue
2019-06-25 16:21 Jim Luth Assigned To => Randy Armstrong
2019-06-25 16:21 Jim Luth Status new => assigned
2020-06-11 05:33 Randy Armstrong Status assigned => resolved
2020-06-11 05:33 Randy Armstrong Resolution open => fixed
2020-06-11 05:33 Randy Armstrong Note Added: 0012235
2021-12-06 19:39 Jim Luth Note Added: 0015474
2021-12-06 19:40 Jim Luth Note Edited: 0015474
2022-03-29 15:27 Jim Luth Status resolved => closed
2022-03-29 15:27 Jim Luth Fixed in Version => 1.05.02 RC1
2022-03-29 15:27 Jim Luth Note Added: 0016472