Summary0010055: Add ChannelThumbprint Identifier to All SecureChannels.

First I want to authenticate the initial open secure channel
handshake in this way:

When the server responds to the client's OpenSecureChannelRequest,
it validates the RequestSignature, and uses this data when generating
the signature of the OpenSecureChannelResponse.

That means, the server generates the signature over this data:

ToBeSigned = OpenSecureChannelResponse + ValidatedRequestSignature

but it sends only OpenSecureChannelResponse + Signature(ToBeSigned).

The client uses the same algorithm to validate the signature.
This is only done for the initial SecureChannel handshake, the
signature for the SecureChannelRenew handshake stays as is.

This signature is used by both peers as the ChannelId, it keeps
the same value even after a SecureChannelRenew.

The ChannelId is to be used in this way:

Whenever a Signature of a Certificate + Nonce is requested,
and the Secure Channel has a ChannelId, we generate
Signature(ChannelId + LeafCertificate + Nonce)

This affects the CreateSessionResponse.ServerSignature and
the ActivateSessionRequest.ClientSignature but also the

If the channel has a ChannelId, this overrides also the way how
the signature for X509IdentityToken is generated for any
X509IdentityToken whose PolicyId names a security policy without
ChannelId like RSA.

Furthermore there is no backward compatibility for certificate chains
here, and the server shall not accept a UserTokenSignature that was
generated without the ChannelId, over a channel that has a ChannelId.

Additional Information

1) SHA256 or SHA284 Hash to Calculate Thumbprint on OpenSecureChannel Response Message.

  • simple, independent of algorithm.
  • calculated for all new profiles.
Bernd Edlinger

2024-12-05 05:58

reporter   ~0022176

My original proposal has one major advantage over using a simple
ChannelThumbprint = Hash(OpenSecureChannelRequest + OpenSecureChannelResponse)

That is in chase of a Session Reactivation the honest, but potentially compromised
Client has no confirmation that the Server has indeed received the unmodified
OpenSecureChannelRequest, because there is no ServerSignature on the
But with my proposal the Client gets the confirmation by the Signature
of the OpenSecureChannelResponse, because it authenticates the
ToBeSigned = OpenSecureChannelResponse + ValidatedRequestSignature

Other than that, although it looks a bit more complicated as your proposal,
It can be implemented very efficiently, the hashing is completely for free,
because it is already included in the Signature generation, and the additional
memory needed is just an additional space for one signature.

Randy Armstrong

2025-01-14 17:29

administrator   ~0022280

What needs to be done is to define an algorithm that identifies a secure channel that the client and server can use when generating user token or user token signature.

This identifier can then be used to defined an updated user token/user token signature for future security profiles.

No work needs to be done until we have a new security profile under development.

