View Issue Details

IDProjectCategoryView StatusLast Update
000250410000-006: Mappingspublic2013-12-10 18:46
ReporterRandy Armstrong Assigned ToRandy Armstrong  
PrioritynormalSeveritymajorReproducibilityalways
Status closedResolutionfixed 
Fixed in Version1.02 
Summary0002504: Security Validation Tests expect wrong error codes.
Description

Part 6 Section 6.7.6 Verifying Message Security lays out the requirements for these test cases. Specifically it says that Bad_SecurityChecksFailed is the only error that returned until security validation is complete. Security validation includes all checks on the certificate provided by the client.

It also says that applications must log the real error, however, checking the application log requires a lab test and cannot be done with the CTT.

Additional Information

After the security validation is complete the receiver shall verify the RequestId and the SequenceNumber. If these checks fail a Bad_SecurityChecksFailed error is reported. The RequestId only needs to be verified by the Client since only the Client knows if it is valid or not.
Text from spec:

At this point the SecureChannel knows it is dealing with an authenticated Message that was not tampered with or resent. This means the SecureChannel can return secured error responses if any further problems are encountered.

Stacks that implement UASC shall have a mechanism to log errors when invalid Messages are discarded. This mechanism is intended for developers, systems integrators and administrators to debug network system configuration issues and to detect attacks on the network.

TagsNo tags attached.
Commit Version
Fix Due Date

Relationships

related to 0002534 closedMatthias Damm 10000-004: Services Security Validation Tests expect wrong error codes. 
child of 0002496 closedNathan Pocock Compliance Test Tool (CTT) Unified Architecture Security Validation Tests expect wrong error codes. 

Activities

Jim Luth

2013-07-16 16:42

administrator   ~0004815

Agreed to fix as Randy proposed. The w.g. will need to review the proposed text changes.

Randy Armstrong

2013-07-24 23:48

administrator   ~0004857

Proposed Errata:

Section 6.7.6

Now states that Certificate Trust shall be checked first.
The other steps are the same.

Jim Luth

2013-12-10 18:46

administrator   ~0005189

Agreed to edited text in Errata.

Issue History

Date Modified Username Field Change
2013-06-28 04:15 Randy Armstrong New Issue
2013-06-28 04:15 Randy Armstrong Issue generated from: 0002496
2013-06-28 04:15 Randy Armstrong Relationship added child of 0002496
2013-06-28 04:15 Randy Armstrong Project Compliance Test Tool (CTT) Unified Architecture => 10000-006: Mappings
2013-07-16 16:40 Jim Luth Issue cloned: 0002534
2013-07-16 16:40 Jim Luth Relationship added related to 0002534
2013-07-16 16:42 Jim Luth Note Added: 0004815
2013-07-16 16:42 Jim Luth Status new => assigned
2013-07-16 16:42 Jim Luth Assigned To => Randy Armstrong
2013-07-24 23:48 Randy Armstrong Status assigned => resolved
2013-07-24 23:48 Randy Armstrong Resolution open => fixed
2013-07-24 23:48 Randy Armstrong Note Added: 0004857
2013-12-10 18:46 Jim Luth Status resolved => closed
2013-12-10 18:46 Jim Luth Note Added: 0005189
2013-12-10 18:46 Jim Luth Fixed in Version => 1.02