Since these are released Profiles, Paul will paste proposed wording for the updates for review into Mantis and only tranfer them to the database after w.g. approval.

SecurityPolicy - Basic128Rsa15
This security Facet defines a Security Policy for configurations with medium secure. It requires a PKI infrastructure.

As computing power increases, SecurityPolicies are expected to expire. NIST provides guidelines for expected expiration dates for individual algorithms. These guidelines provided recommended dates at which the algorithm should be replaced or upgraded to a more secure algorithm. They do not indicate a failure of the algorithm. Nist recommends users of this SecurityPolicy should consider upgrading it in 2012. Nist also recommends that this SecurityPolicy should be depricated in 2013. OPC recommends that Servers and Client support all security profiles and that developers provided the recommned profile as a default. It is up to an administrator to configure the actual exposed SecurityPolicies.

Other Policies will have same text just different dates

from UA call 11/13/2012 - Reviewed reworded text, but still needs work. - Could use separate conformance units to describe the actions. Other suggestion was to include a “securitylevel” that describe the relative level of security provided by this policy - 0 indicate that it should not be used (i.e. it has been broken).

SecurityPolicy - Basic128Rsa15
This security Facet defines a Security Policy for configurations with medium secure. It requires a PKI infrastructure.

As computing power increases, SecurityPolicies are expected to expire. NIST provides guidelines for expected expiration dates for individual algorithms. These guidelines provided recommended dates at which the algorithm should be replaced or upgraded to a more secure algorithm. They do not indicate a failure of the algorithm. NIST recommends users of this SecurityPolicy should consider upgrading it in 2012. NIST also recommends that this SecurityPolicy should be deprecated in 2013. OPC recommends that Servers and Client support all security profiles and that developers provided the recommended profile as a default. It is up to an administrator to configure the actual exposed SecurityPolicies.

Propose to also add a conformance unit to each security policies that includes an indication of the security level of the profile. 0 being broken, 1 is less secure than 2 etc. New security profile would just add a new conformance unit with the next number. The conformance unit will indicate that as a default the highest level security policy should be used, but an administrator can enable any security policies that they feel are required. An application can also be configured to use a less secure SecuirtyPolicy, but without any configuration it should use the most secure available security policy. If an application does not it should receive a warning

A conformance Unit will be added for Level 0 which indicate that this security policy has be compromised and should no longer be used any alternate is available. The test results for this conformance unit if it is added to a security policy will include any possible workaround or other changes that could minimize any exploits.

Updated text in security policies as described

verified text in doc