View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
000646910000-005: Information ModelSpecpublic2021-02-08 09:032021-03-04 18:50
ReporterMatthias Damm Assigned ToJeff Harding  
PrioritynormalSeveritymajorReproducibilityalways
Status closedResolutionfixed 
Summary0006469: Clarification needed for AuditEntryId in AuditCertificateEventType and AuditOpenSecureChannelEventType
Description

The AuditEntryId is part of the encrypted body of the OpenSecureChannel request. All of the certificate checks are executed before the body is decrypted. If one of the certificate checks fails, the stack does not decrypt the body.

It would be unnecessary (and even dangerous) to decrypt a message that will be skipped with an error.

Therefore it is not possible to to provide the AuditEntryId in AuditCertificateEventType events and also not for most AuditOpenSecureChannelEventType indicating an error.

We need a clarification since the compliance test expects the AuditEntryId for these cases.

TagsNo tags attached.
Commit Version
Fix Due Date

Relationships

related to 0006470 closedJeff Harding Relation between AuditCertificateEventType and AuditOpenSecureChannelEventType 

Activities

Matthias Damm

2021-02-08 20:17

developer   ~0013685

We can recommend alternative information that is available like the client IP address as AuditEntryId.

Jeff Harding

2021-02-09 17:23

developer   ~0013711

also need a 1.04 Errata

Jeff Harding

2021-02-09 17:30

developer   ~0013712

Need to recommend what information the Server should use to populate AuditEntryId.
Something that helps identify what Client is making the attempt.
Need to clone to compliance once we agree on the recommendation.
Need Errata for 1.04, and 1.03.

The information should be client details such as the IP address.

Jeff Harding

2021-02-23 15:38

developer   ~0013763

While implementing this Part 5 change I realized AuditEntryId is described as being defined in Part 3 but it is actually defined in Part 4 in the Request Header Structure.

Jeff Harding

2021-02-23 19:20

developer   ~0013797

Added definition of ClientAuditEntryId content to 6.4.3.
Added Errata to 1.03.08 and 1.04.10.

Jim Luth

2021-03-04 18:50

administrator   ~0013968

Agreed to changes in Virtual F2F.

Issue History

Date Modified Username Field Change
2021-02-08 09:03 Matthias Damm New Issue
2021-02-08 09:25 Matthias Damm Relationship added related to 0006470
2021-02-08 20:17 Matthias Damm Note Added: 0013685
2021-02-09 17:23 Jeff Harding Note Added: 0013711
2021-02-09 17:30 Jeff Harding Note Added: 0013712
2021-02-09 17:31 Jim Luth Assigned To => Jeff Harding
2021-02-09 17:31 Jim Luth Status new => assigned
2021-02-23 15:38 Jeff Harding Note Added: 0013763
2021-02-23 19:20 Jeff Harding Status assigned => resolved
2021-02-23 19:20 Jeff Harding Resolution open => fixed
2021-02-23 19:20 Jeff Harding Fixed in Version => 1.05
2021-02-23 19:20 Jeff Harding Note Added: 0013797
2021-03-04 18:38 Jim Luth Issue cloned: 0006543
2021-03-04 18:41 Jim Luth Issue cloned: 0006544
2021-03-04 18:42 Jim Luth Issue cloned: 0006545
2021-03-04 18:50 Jim Luth Status resolved => closed
2021-03-04 18:50 Jim Luth Note Added: 0013968