View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0010055 | 10000-006: Mappings | Spec | public | 2024-12-04 16:37 | 2025-01-14 17:29 |
Reporter | Randy Armstrong | Assigned To | |||
Priority | normal | Severity | minor | Reproducibility | always |
Status | new | Resolution | open | ||
Product Version | 1.05.04 | ||||
Summary | 0010055: Add ChannelThumbprint Identifier to All SecureChannels. | ||||
Description | to resolve this issue for a future ECC security policy First I want to authenticate the initial open secure channel When the server responds to the client's OpenSecureChannelRequest, That means, the server generates the signature over this data: ToBeSigned = OpenSecureChannelResponse + ValidatedRequestSignature but it sends only OpenSecureChannelResponse + Signature(ToBeSigned). The client uses the same algorithm to validate the signature. This signature is used by both peers as the ChannelId, it keeps The ChannelId is to be used in this way: Whenever a Signature of a Certificate + Nonce is requested, This affects the CreateSessionResponse.ServerSignature and If the channel has a ChannelId, this overrides also the way how Furthermore there is no backward compatibility for certificate chains | ||||
Additional Information | 1) SHA256 or SHA284 Hash to Calculate Thumbprint on OpenSecureChannel Response Message.
| ||||
Tags | No tags attached. | ||||
Commit Version | |||||
Fix Due Date | |||||
|
My original proposal has one major advantage over using a simple That is in chase of a Session Reactivation the honest, but potentially compromised Other than that, although it looks a bit more complicated as your proposal, |
|
What needs to be done is to define an algorithm that identifies a secure channel that the client and server can use when generating user token or user token signature. This identifier can then be used to defined an updated user token/user token signature for future security profiles. No work needs to be done until we have a new security profile under development. |
Date Modified | Username | Field | Change |
---|---|---|---|
2024-12-04 16:37 | Randy Armstrong | New Issue | |
2024-12-05 05:58 | Bernd Edlinger | Note Added: 0022176 | |
2025-01-14 17:29 | Randy Armstrong | Note Added: 0022280 |