View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
000486710000-012: DiscoverySpecpublic2019-07-22 10:122021-12-06 19:53
ReporterTorsten Förder Assigned ToRandy Armstrong  
PrioritynormalSeverityfeatureReproducibilityalways
Status closedResolutionreopened 
Fixed in Version1.05.02 RC1 
Summary0004867: Meta data for Trust Lists for security checks
Description

Please specify an optional part of a Trust List which describes the security checks which are mandatory or not to be performed at all when using the Trust List content to verify certificates. Examples for security checks are checking the revocation status of application certificates and / or issuer certificates. Alternatively please specify a way how the Certificate Managament can provide such information to applications.

Additional Information

Reason: For support of multiple security domains and automated distribution of certificates it becomes tedious and error prone to configure each application to skip or perform checks for revoked application certififcates and or revoked issuer certificates. Please note that some security domains may choose not to use CRLs at all but use short lived certificates instead. The Certificate Authority knows which checks to perform and which checks to skip. So a Certificate Management could distribute that information as well.
Please note that some Certificate Authorities might even choose to raise availability over security with regards to some aspects and thus want to even have the check for the validity period of certificates disabled.

TagsCertificate Management, ClientCertififcate
Commit Version
Fix Due Date

Activities

Randy Armstrong

2020-06-15 02:40

administrator   ~0012272

Added DefaultValidationOptions Property to TrustList.

Matthias Damm

2020-09-14 17:51

developer   ~0012809

The flag SuppressCertificateExpired covers the status BadCertificateTimeInvalid
The flag SuppressRevocationStatusUnknown covers the status BadCertificateRevocationUnknown

There are no flags for the issuer part (BadCertificateIssuerTimeInvalid and BadCertificateIssuerRevocationUnknown)
These flags should be added.

  • SuppressIssuerCertificateExpired
  • SuppressIssuerRevocationStatusUnknown

Randy Armstrong

2020-09-16 02:40

administrator   ~0012846

Added 

SuppressIssuerCertificateExpired
SuppressIssuerRevocationStatusUnknown

Jim Luth

2021-12-06 19:53

administrator   ~0015477

Agreed to changes in VirtualF2F.

Issue History

Date Modified Username Field Change
2019-07-22 10:12 Torsten Förder New Issue
2019-07-22 10:12 Torsten Förder Tag Attached: ClientCertififcate
2019-07-22 10:12 Torsten Förder Tag Attached: Certificate Management
2019-07-30 16:58 Jim Luth Assigned To => Randy Armstrong
2019-07-30 16:58 Jim Luth Status new => assigned
2020-06-15 02:40 Randy Armstrong Status assigned => resolved
2020-06-15 02:40 Randy Armstrong Resolution open => fixed
2020-06-15 02:40 Randy Armstrong Note Added: 0012272
2020-09-14 17:51 Matthias Damm Status resolved => feedback
2020-09-14 17:51 Matthias Damm Resolution fixed => reopened
2020-09-14 17:51 Matthias Damm Note Added: 0012809
2020-09-16 02:40 Randy Armstrong Status feedback => resolved
2020-09-16 02:40 Randy Armstrong Note Added: 0012846
2021-12-06 19:53 Jim Luth Status resolved => closed
2021-12-06 19:53 Jim Luth Fixed in Version => 1.05.02 RC1
2021-12-06 19:53 Jim Luth Note Added: 0015477