View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0005350 | 10000-002: Security | Spec | public | 2019-12-11 23:59 | 2022-06-23 15:52 |
| Reporter | Jim Luth | Assigned To | Paul Hunkar | ||
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | closed | Resolution | no change required | ||
| Summary | 0005350: timestamp field in RequestHeader says it is only used for diagnostics but it is also used for security | ||||
| Description | Part 4, Table 170, timestamp, states: "The time the Client sent the request. The parameter is only used for diagnostic and logging purposes in the server" This is contradicted by other parts of the spec. Part 4, Table 177, shows errorCode Bad_InvalidTimestamp and states: "The timestamp is outside the range allowed by the Server." Part 6, section 6.3 Time synchronization states: "All SecurityProtocols require that system clocks on communicating machines be reasonably synchronized in order to check the expiry times for Certificates or Messages. The amount of clock skew that can be tolerated depends on the system security requirements and applications shall allow administrators to configure the acceptable clock skew when verifying times. A suitable default value is 5 minutes." Recommend changing the description of Part 4, Table 170, timestamp, to: "The time the Client sent the request. The parameter is used for security purposes and can be used for diagnostic and logging purposes in the server. Reference Part 6, section 6.3" | ||||
| Tags | No tags attached. | ||||
| Commit Version | |||||
| Fix Due Date | |||||
| related to | 0004799 | closed | Randy Armstrong | 10000-006: Mappings | timestamp field in RequestHeader says it is only used for diagnostics but it is also used for security |
|
|
Remove "The amount of clock skew that can be tolerated depends on the system security requirements and applications shall allow administrators to configure the acceptable clock skew when verifying times. A suitable default value is 5 minutes." from Part 6. Review text in Part 2 to match Part 6 relative to Time sync and security. |
|
|
Reviewed specification , found no text that needed updates |
|
|
Agreed to no-change-required in F2F. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2019-12-11 23:59 | Jim Luth | New Issue | |
| 2019-12-11 23:59 | Jim Luth | Status | new => assigned |
| 2019-12-11 23:59 | Jim Luth | Assigned To | => Paul Hunkar |
| 2019-12-11 23:59 | Jim Luth | Issue generated from: 0004799 | |
| 2019-12-11 23:59 | Jim Luth | Note Added: 0011340 | |
| 2019-12-11 23:59 | Jim Luth | Relationship added | related to 0004799 |
| 2019-12-11 23:59 | Jim Luth | Project | 10000-006: Mappings => 10000-002: Security |
| 2022-06-22 08:23 | Paul Hunkar | Status | assigned => resolved |
| 2022-06-22 08:23 | Paul Hunkar | Resolution | open => no change required |
| 2022-06-22 08:23 | Paul Hunkar | Note Added: 0016970 | |
| 2022-06-23 15:52 | Jim Luth | Status | resolved => closed |
| 2022-06-23 15:52 | Jim Luth | Note Added: 0017058 |
