View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0002504 | 10000-006: Mappings | public | 2013-06-28 04:15 | 2013-12-10 18:46 | |
Reporter | Randy Armstrong | Assigned To | Randy Armstrong | ||
Priority | normal | Severity | major | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Fixed in Version | 1.02 | ||||
Summary | 0002504: Security Validation Tests expect wrong error codes. | ||||
Description | Part 6 Section 6.7.6 Verifying Message Security lays out the requirements for these test cases. Specifically it says that Bad_SecurityChecksFailed is the only error that returned until security validation is complete. Security validation includes all checks on the certificate provided by the client. It also says that applications must log the real error, however, checking the application log requires a lab test and cannot be done with the CTT. | ||||
Additional Information | After the security validation is complete the receiver shall verify the RequestId and the SequenceNumber. If these checks fail a Bad_SecurityChecksFailed error is reported. The RequestId only needs to be verified by the Client since only the Client knows if it is valid or not. At this point the SecureChannel knows it is dealing with an authenticated Message that was not tampered with or resent. This means the SecureChannel can return secured error responses if any further problems are encountered. Stacks that implement UASC shall have a mechanism to log errors when invalid Messages are discarded. This mechanism is intended for developers, systems integrators and administrators to debug network system configuration issues and to detect attacks on the network. | ||||
Tags | No tags attached. | ||||
Commit Version | |||||
Fix Due Date | |||||
related to | 0002534 | closed | Matthias Damm | 10000-004: Services | Security Validation Tests expect wrong error codes. |
child of | 0002496 | closed | Compliance Test Tool (CTT) Unified Architecture | Security Validation Tests expect wrong error codes. |
|
Agreed to fix as Randy proposed. The w.g. will need to review the proposed text changes. |
|
Proposed Errata: Section 6.7.6 Now states that Certificate Trust shall be checked first. |
|
Agreed to edited text in Errata. |
Date Modified | Username | Field | Change |
---|---|---|---|
2013-06-28 04:15 | Randy Armstrong | New Issue | |
2013-06-28 04:15 | Randy Armstrong | Issue generated from: 0002496 | |
2013-06-28 04:15 | Randy Armstrong | Relationship added | child of 0002496 |
2013-06-28 04:15 | Randy Armstrong | Project | Compliance Test Tool (CTT) Unified Architecture => 10000-006: Mappings |
2013-07-16 16:40 | Jim Luth | Issue cloned: 0002534 | |
2013-07-16 16:40 | Jim Luth | Relationship added | related to 0002534 |
2013-07-16 16:42 | Jim Luth | Note Added: 0004815 | |
2013-07-16 16:42 | Jim Luth | Status | new => assigned |
2013-07-16 16:42 | Jim Luth | Assigned To | => Randy Armstrong |
2013-07-24 23:48 | Randy Armstrong | Status | assigned => resolved |
2013-07-24 23:48 | Randy Armstrong | Resolution | open => fixed |
2013-07-24 23:48 | Randy Armstrong | Note Added: 0004857 | |
2013-12-10 18:46 | Jim Luth | Status | resolved => closed |
2013-12-10 18:46 | Jim Luth | Note Added: 0005189 | |
2013-12-10 18:46 | Jim Luth | Fixed in Version | => 1.02 |