View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0008266Part 83: UAFX Offline EngineeringSpecpublic2022-08-26 19:292024-10-23 12:00
ReporterJim Luth Assigned ToEmanuel Kolb  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionno change required 
Product Version1.00.02 
Target Version1.00.03Fixed in Version1.00.03 
Summary0008266: Missing requirement to validate Certificate Revocation List (CRL)
Description

Clause 6.1.3 is missing the requirement for actors to verify that a CRL is valid before using it (i.e. it is signed by the appropriate CA, not tampered with, not expired ...)

Additional Information

This issue was originally reported against Part 83 which has text copied from Part 4 -- see related issue.

TagsNo tags attached.

Relationships

related to 0008265 assignedRandy Armstrong 10000-004: Services Missing requirement to validate Certificate Revocation List (CRL) 

Activities

Emanuel Kolb

2022-10-14 13:23

manager   ~0018046

We rewrote text in part 83. Part 4 is not updated yet. We keep this open as a reminder.

Emanuel Kolb

2024-09-12 13:02

manager   ~0021712

This is now in section 7.8.2 in part83

Emanuel Kolb

2024-10-09 08:56

manager   ~0021870

RFC 5280 which is referenced in part 83 in table 3 "revocation checks" states in section 6.3.3:

(f) Obtain and validate the certification path for the issuer of
the complete CRL. The trust anchor for the certification
path MUST be the same as the trust anchor used to validate
the target certificate. If a key usage extension is present
in the CRL issuer's certificate, verify that the cRLSign bit
is set.

(g) Validate the signature on the complete CRL using the public
key validated in step (f).

So the CRL validity is covered by the RFC.

Suggest to close this issue with no changes to the spec.

Emanuel Kolb

2024-10-10 12:16

manager   ~0021873

No change is required since the "missing" step is covered in RFC 5280

Emanuel Kolb

2024-10-17 12:10

manager   ~0021901

One small change was done in pat 83 in section 7.8.1 Table 3.
The statement "The certificate shall not be revoked" in the last two of the table, is difficult to understand.
The statement was removed - the information how to check a revocation is kept.

Emanuel Kolb

2024-10-23 12:00

manager   ~0021930

Team agreed to close this

Emanuel Kolb

2024-10-23 12:00

manager   ~0021931

closed

Issue History

Date Modified Username Field Change
2022-08-26 19:29 Jim Luth New Issue
2022-08-26 19:29 Jim Luth Issue generated from: 0008265
2022-08-26 19:29 Jim Luth Relationship added related to 0008265
2022-08-26 19:29 Jim Luth Project 10000-004: Services => Part 83: UAFX Offline Engineering
2022-08-26 19:29 Jim Luth Category Spec => Api Change
2022-10-14 13:23 Emanuel Kolb Assigned To => Emanuel Kolb
2022-10-14 13:23 Emanuel Kolb Status new => acknowledged
2022-10-14 13:23 Emanuel Kolb Note Added: 0018046
2024-09-12 13:01 Emanuel Kolb Category Api Change => Spec
2024-09-12 13:01 Emanuel Kolb Product Version 1.04 => 1.00.02
2024-09-12 13:01 Emanuel Kolb Target Version => 1.00.03
2024-09-12 13:02 Emanuel Kolb Note Added: 0021712
2024-10-09 08:56 Emanuel Kolb Note Added: 0021870
2024-10-10 12:16 Emanuel Kolb Status acknowledged => resolved
2024-10-10 12:16 Emanuel Kolb Resolution open => no change required
2024-10-10 12:16 Emanuel Kolb Fixed in Version => 1.00.03
2024-10-10 12:16 Emanuel Kolb Note Added: 0021873
2024-10-17 12:10 Emanuel Kolb Note Added: 0021901
2024-10-23 12:00 Emanuel Kolb Note Added: 0021930
2024-10-23 12:00 Emanuel Kolb Status resolved => closed
2024-10-23 12:00 Emanuel Kolb Note Added: 0021931