0008171: SKS: Key Revocation Definition

ID	Project	Category	View Status	Date Submitted	Last Update

0008171	10000-014: PubSub	Spec	public	2022-07-28 12:06	2022-08-02 16:48

Reporter	Muddasir Shakil	Assigned To	Jim Luth
Priority	normal	Severity	feature	Reproducibility	N/A
Status	closed	Resolution	no change required
Product Version	1.04

Summary	0008171: SKS: Key Revocation Definition
Description	The SKS model defines the GetSecurityKeys (Pull) and SetSecurityKeys (push) for key exchange between SKS and Publisher/Subscriber nodes. The spec states that the keys are valid until the SecurityGroup is present or the Keys are revoked. However, there is no option or method defined in the spec for revocation of keys on Subscriber and Publisher side. In case of Central SKS, how will the Subscriber and Publisher know if the current key or any of the future keys are invalidated or revoked? There should be a method defined on Publisher or Subscriber side which can be called from central SKS or Configuration Tool with the SecurityGroupId, startingTokenId and RevokedKeyCount. Suggestion: UA_Statuscode RevokeSecuritykeys(String SecurityGroupId, UInt32 StartingTokenid, UInt32 RevokedKeyCount); BR Muddasir Shakil
Tags	No tags attached.

Commit Version
Fix Due Date

Date Modified	Username	Field	Change
2022-07-28 12:06	Muddasir Shakil	New Issue
2022-08-02 16:47	Jim Luth	Note Added: 0017213
2022-08-02 16:48	Jim Luth	Assigned To	=> Jim Luth
2022-08-02 16:48	Jim Luth	Status	new => closed
2022-08-02 16:48	Jim Luth	Resolution	open => no change required

Jim Luth 2022-08-02 16:47 administrator ~0017213	There is no revocation process for symmetric keys. Keys are just invalidated and a new list of keys must be obtained by the Publishers and Subscribers. Indication of the invalidation is provided. This is made more clear in version 1.05 of Part 14.