View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
000837010000-006: MappingsSpecpublic2022-09-29 14:192023-03-23 21:24
ReporterRandy Armstrong Assigned ToRandy Armstrong  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Product Version1.04 
Fixed in Version1.04 
Summary0008370: Requirement on CA Flag for self-signed certificates is a potential security risk
Description

We see products which are not accepting self-signed certificates which have the CA Flag set to TRUE due to security concerns. The specification in 1.05 states:
The CA flag should be FALSE for self-signed Certificates, however, TRUE shall be accepted to ensure backward interoperability.
If the CA flag is TRUE for self-signed ApplicationInstance Certificates, then the pathLength shall be 0.

The security concern is about the requirement to accept self-signed certificates where the CA Flag is set to TRUE for backward interoperability. Is this a hard requirement or should such certificates rather be rejected by default with a configuration option to accept them (individually).

In any case the requirement changes need to be pushed back to 1.04 as well.

Additional Information

Cloned for errate.

TagsNo tags attached.
Commit Version
Fix Due Date

Relationships

related to 0008357 closedRandy Armstrong Requirement on CA Flag for self-signed certificates is a potential security risk 
related to 0008670 closedRandy Armstrong Update from OpenSSL V1.x.x (EOL(end of live) soon) to V3.x.x 

Activities

Randy Armstrong

2022-09-29 14:29

administrator   ~0017891

Fixed in 1.04.12 errata.

Jim Luth

2023-01-24 17:05

administrator   ~0018569

Agreed to changes in web meeting.

Issue History

Date Modified Username Field Change
2022-09-29 14:19 Randy Armstrong New Issue
2022-09-29 14:19 Randy Armstrong Status new => assigned
2022-09-29 14:19 Randy Armstrong Assigned To => Randy Armstrong
2022-09-29 14:19 Randy Armstrong Issue generated from: 0008357
2022-09-29 14:19 Randy Armstrong Relationship added related to 0008357
2022-09-29 14:29 Randy Armstrong Status assigned => resolved
2022-09-29 14:29 Randy Armstrong Resolution open => fixed
2022-09-29 14:29 Randy Armstrong Fixed in Version => 1.04
2022-09-29 14:29 Randy Armstrong Note Added: 0017891
2023-01-24 17:05 Jim Luth Status resolved => closed
2023-01-24 17:05 Jim Luth Note Added: 0018569
2023-03-23 21:24 Jim Luth Relationship added related to 0008670