View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
000449110000-004: ServicesSpecpublic2018-12-04 16:232020-12-07 18:53
ReporterRandy Armstrong Assigned ToMatthias Damm  
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionfixed 
Summary0004491: Table 187 – EncryptionAlgorithm selection
Description

Table should be expanded to include MessageSecurityMode and make it clear that when Encryption is enabled the UserToken SecurityPolicy can be None, otherwise it must blank or specified.

Add explicit requirement:

If the SecurityMode is None then the UserTokenPolicy should (shall?) have a SecurityPolicy specified.

If the SecurityMode is SignOnly then the UserTokenPolicy should (shall?) not specify the None SecurityPolicy

If the SecurityMode is SignAndEncrypt then the UserTokenPolicy SecurityPolicy may be None

TagsNo tags attached.
Commit Version
Fix Due Date

Relationships

related to 0006304 assignedAlexander Allmendinger CTT UA Scripts Table 187 – EncryptionAlgorithm selection 

Activities

Matthias Damm

2020-06-14 12:47

developer   ~0012269

The intention of 'Table 190 – EncryptionAlgorithm selection' is to define what is filled in to UserNameIdentityToken.encryptionAlgorithm.

It is not the right place to define additional security requirements.
If this is needed, we need a better place.

Matthias Damm

2020-06-15 17:22

developer   ~0012301

Add note for the cases UserIdentityToken EncryptionAlgorithm = No encryption to make it explicit that this is either an invalid configuration or something that should not be allowed. See related text in Part 4.

Matthias Damm

2020-06-15 20:38

developer   ~0012321

Added to 7.39.4 UserNameIdentityToken:
The Server shall specify a SecurityPolicy for the UserTokenPolicy if the SecureChannel has a SecurityPolicy other than None and the MessageSecurityMode is not SIGNANDENCRYPT.

Added to Table 190 – EncryptionAlgorithm selection:
(a) The use of this configuration without network encryption would result in a serious security fault.
(b) The configuration is invalid if the MessageSecurityMode is not SIGNANDENCRYPT.

Added in OPC 10000-4 - UA Specification Part 4 - Services Draft 1.05.09.docx

Jim Luth

2020-12-07 18:53

administrator   ~0013388

Agreed to changes edited in Virtual F2F.

Issue History

Date Modified Username Field Change
2018-12-04 16:23 Randy Armstrong New Issue
2018-12-04 16:27 Jim Luth Assigned To => Matthias Damm
2018-12-04 16:27 Jim Luth Status new => assigned
2020-06-14 12:47 Matthias Damm Note Added: 0012269
2020-06-15 17:22 Matthias Damm Note Added: 0012301
2020-06-15 20:38 Matthias Damm Status assigned => resolved
2020-06-15 20:38 Matthias Damm Resolution open => fixed
2020-06-15 20:38 Matthias Damm Note Added: 0012321
2020-12-07 18:50 Jim Luth Issue cloned: 0006304
2020-12-07 18:50 Jim Luth Relationship added related to 0006304
2020-12-07 18:53 Jim Luth Status resolved => closed
2020-12-07 18:53 Jim Luth Fixed in Version => 1.05
2020-12-07 18:53 Jim Luth Note Added: 0013388