View Issue Details

IDProjectCategoryView StatusLast Update
001005510000-006: MappingsSpecpublic2025-01-14 17:29
ReporterRandy Armstrong Assigned To 
PrioritynormalSeverityminorReproducibilityalways
Status newResolutionopen 
Product Version1.05.04 
Summary0010055: Add ChannelThumbprint Identifier to All SecureChannels.
Description

to resolve this issue for a future ECC security policy
I would like to suggest the following changes to the protocol.

First I want to authenticate the initial open secure channel
handshake in this way:

When the server responds to the client's OpenSecureChannelRequest,
it validates the RequestSignature, and uses this data when generating
the signature of the OpenSecureChannelResponse.

That means, the server generates the signature over this data:

ToBeSigned = OpenSecureChannelResponse + ValidatedRequestSignature

but it sends only OpenSecureChannelResponse + Signature(ToBeSigned).

The client uses the same algorithm to validate the signature.
This is only done for the initial SecureChannel handshake, the
signature for the SecureChannelRenew handshake stays as is.

This signature is used by both peers as the ChannelId, it keeps
the same value even after a SecureChannelRenew.

The ChannelId is to be used in this way:

Whenever a Signature of a Certificate + Nonce is requested,
and the Secure Channel has a ChannelId, we generate
Signature(ChannelId + LeafCertificate + Nonce)

This affects the CreateSessionResponse.ServerSignature and
the ActivateSessionRequest.ClientSignature but also the
ActivateSessionRequest.UserTokenSignature.

If the channel has a ChannelId, this overrides also the way how
the signature for X509IdentityToken is generated for any
X509IdentityToken whose PolicyId names a security policy without
ChannelId like RSA.

Furthermore there is no backward compatibility for certificate chains
here, and the server shall not accept a UserTokenSignature that was
generated without the ChannelId, over a channel that has a ChannelId.

Additional Information

1) SHA256 or SHA284 Hash to Calculate Thumbprint on OpenSecureChannel Response Message.

  • simple, independent of algorithm.
  • calculated for all new profiles.
TagsNo tags attached.
Commit Version
Fix Due Date

Activities

Bernd Edlinger

2024-12-05 05:58

reporter   ~0022176

My original proposal has one major advantage over using a simple
ChannelThumbprint = Hash(OpenSecureChannelRequest + OpenSecureChannelResponse)

That is in chase of a Session Reactivation the honest, but potentially compromised
Client has no confirmation that the Server has indeed received the unmodified
OpenSecureChannelRequest, because there is no ServerSignature on the
ActivateSessionResponse.
But with my proposal the Client gets the confirmation by the Signature
of the OpenSecureChannelResponse, because it authenticates the
ToBeSigned = OpenSecureChannelResponse + ValidatedRequestSignature

Other than that, although it looks a bit more complicated as your proposal,
It can be implemented very efficiently, the hashing is completely for free,
because it is already included in the Signature generation, and the additional
memory needed is just an additional space for one signature.

Randy Armstrong

2025-01-14 17:29

administrator   ~0022280

What needs to be done is to define an algorithm that identifies a secure channel that the client and server can use when generating user token or user token signature.

This identifier can then be used to defined an updated user token/user token signature for future security profiles.

No work needs to be done until we have a new security profile under development.

Issue History

Date Modified Username Field Change
2024-12-04 16:37 Randy Armstrong New Issue
2024-12-05 05:58 Bernd Edlinger Note Added: 0022176
2025-01-14 17:29 Randy Armstrong Note Added: 0022280