View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0002484 | 10000-004: Services | public | 2013-06-04 15:43 | 2013-12-10 17:24 | |
| Reporter | Assigned To | Matthias Damm | |||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Fixed in Version | 1.02 | ||||
| Summary | 0002484: Automatic closure of idle secure channels (possibly security threat) | ||||
| Description | Is a server under a potential DoS attack if a Client creates a secure channel and then never uses it to make any UA calls? What if the client had an IOP problem or malitiously created open channels? Becuase the stacks maintain a "heartbeat" to keep the channel open we (CMPWG) thought it applicable that a channel automatically close if no UA calls are made within the channel timeout period. | ||||
| Tags | No tags attached. | ||||
| Commit Version | |||||
| Fix Due Date | |||||
|
|
Needs analysis to determine if UA imposes anything that would make it worse than any other typical DOS-aware TCP application. Possibly we want a much shorter timeout on "unsecure" secure channels. |
|
|
Added the following clarification to 5.5.2 OpenSecureChannel A Server application should limit the number of SecureChannels. To protect against miss behaving Clients and denial of service attacks, the Server shall close the oldest SecureChannels that has no Session assigned before reaching the maximum number of supported SecureChannels. Resolved in document IEC 62541-4 - Services [Pre-CDV] 1.02.07.doc |
|
|
Agreed to changes in doc in telecon. Awaiting Errata to close this issue. |
|
|
Agreed to Errata changes |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2013-06-04 15:43 |
|
New Issue | |
| 2013-06-11 16:29 | Jim Luth | Note Added: 0004722 | |
| 2013-06-11 16:30 | Jim Luth | Status | new => assigned |
| 2013-06-11 16:30 | Jim Luth | Assigned To | => Matthias Damm |
| 2013-11-25 16:15 | Matthias Damm | Status | assigned => resolved |
| 2013-11-25 16:15 | Matthias Damm | Resolution | open => fixed |
| 2013-11-25 16:15 | Matthias Damm | Note Added: 0005137 | |
| 2013-11-25 18:30 | Jim Luth | Note Added: 0005146 | |
| 2013-12-10 17:24 | Jim Luth | Status | resolved => closed |
| 2013-12-10 17:24 | Jim Luth | Note Added: 0005183 | |
| 2013-12-10 17:24 | Jim Luth | Fixed in Version | => 1.02 |
