View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
000794710000-006: MappingsSpecpublic2022-04-19 11:322023-04-04 16:07
ReporterAlexander Allmendinger Assigned ToRandy Armstrong  
PrioritynormalSeveritymajorReproducibilityhave not tried
Status closedResolutionreopened 
Fixed in Version1.05.03 RC1 
Summary0007947: Certificate Validation are missing details about the Reason in Error Message
Description

The OPC UA Connection Protocol Error Message defined in Part 6 has two fields, Error and Reason. While the Error is a StatusCode the Reason is defined with "A more verbose description of the error". To meet this expectation there are products/SDKs which provide the exact reason for such an Error Message, even in case of a failed Certificate Validation. In the certification validation steps there are requirements to mask the Error with BadSecurityChecksFailed in many cases to prevent providing to much information to an attacker. But the specification is silent about the Reason in the Error Message, why logically it is still expected to provide a more verbose description.
To reduce the amount of information an attacker is getting, the specification should also indicate, to not provide more information by other mechanisms like this Reason field or the ServiceDiagnostics.

TagsNo tags attached.
Commit Version
Fix Due Date

Relationships

related to 0008011 closedMatthias Damm 10000-004: Services Restrictions on DiagnosticInfo.AdditionalInfo with unauthenticated Clients 

Activities

Matthias Damm

2023-03-20 16:10

developer   ~0018913

I am not able to resolve the Part 6 part of the issue - need to clone this issue to Part 6

Added following clarification for Part 4 DiagnosticInfo.AdditionalInfo

Any security related information shall be excluded from the AdditionalInfo. This includes details for cases where Bad_SecurityChecksFailed is returned.

Jim Luth

2023-03-22 17:55

administrator   ~0018970

No changes needed to Part 4, move to PArt 6.

Randy Armstrong

2023-03-29 23:08

administrator   ~0019066

Any security related information shall not be returned. This includes any indication of the reason that caused Bad_SecurityChecksFailed to be returned

Jim Luth

2023-04-04 16:07

administrator   ~0019096

Agreed to changes in web meeting.

Issue History

Date Modified Username Field Change
2022-04-19 11:32 Alexander Allmendinger New Issue
2022-05-03 16:32 Jim Luth Assigned To => Matthias Damm
2022-05-03 16:32 Jim Luth Status new => assigned
2023-03-20 16:10 Matthias Damm Status assigned => resolved
2023-03-20 16:10 Matthias Damm Resolution open => fixed
2023-03-20 16:10 Matthias Damm Fixed in Version => 1.05.03 RC1
2023-03-20 16:10 Matthias Damm Note Added: 0018913
2023-03-22 17:54 Jim Luth Assigned To Matthias Damm => Randy Armstrong
2023-03-22 17:54 Jim Luth Status resolved => feedback
2023-03-22 17:54 Jim Luth Resolution fixed => reopened
2023-03-22 17:55 Jim Luth Status feedback => assigned
2023-03-22 17:55 Jim Luth Note Added: 0018970
2023-03-22 17:55 Jim Luth Relationship added related to 0008011
2023-03-22 17:56 Jim Luth Project 10000-004: Services => 10000-006: Mappings
2023-03-29 23:08 Randy Armstrong Status assigned => resolved
2023-03-29 23:08 Randy Armstrong Note Added: 0019066
2023-04-04 16:07 Jim Luth Status resolved => closed
2023-04-04 16:07 Jim Luth Note Added: 0019096