View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0009047 | 10000-006: Mappings | Spec | public | 2023-07-19 12:22 | 2024-03-21 22:47 |
Reporter | Nathan Lebeau | Assigned To | Randy Armstrong | ||
Priority | normal | Severity | minor | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Fixed in Version | 1.05.04 RC1 | ||||
Summary | 0009047: Self-signed certificates shall have keyCertSign but should not be CA : it is contradictory with the RFC referenced in the spec. | ||||
Description | The OPCUA Specification v1.05 Part 6 section §6.2.2 / table 43 specifies that :
In the section §6.2.1 it is specified that "Certificates [...] shall also conform to RFC 5280" and the RFC 5280 section §4.2.1.3 states that:
Therefore it seems the backward interoperability version is the only version compliant with RFC 5280. | ||||
Tags | No tags attached. | ||||
Commit Version | 1.05.04 RC | ||||
Fix Due Date | 2023-11-01 | ||||
|
Need to clarify in spec to reduce these errant Mantis issues. |
|
Added text to 1.05.04: Note that RFC 6818 updates RFC 5280 and explicitly states that self-signed Certificates used as end-entity Certificates are outside the scope of RFC 5280. This means the requirement that the CA flag be FALSE for ApplicationInstance Certificates does not violate RFC 5280 requirements |
|
Agreed to changes in Dallas F2F. |
Date Modified | Username | Field | Change |
---|---|---|---|
2023-07-19 12:22 | Nathan Lebeau | New Issue | |
2023-07-25 15:14 | Jim Luth | Note Added: 0019718 | |
2023-07-25 15:14 | Jim Luth | Assigned To | => Randy Armstrong |
2023-07-25 15:14 | Jim Luth | Status | new => assigned |
2023-07-25 15:15 | Jim Luth | Commit Version | => 1.05.04 RC |
2023-07-25 15:15 | Jim Luth | Fix Due Date | => 2023-11-01 |
2023-10-17 08:04 | Randy Armstrong | Status | assigned => resolved |
2023-10-17 08:04 | Randy Armstrong | Resolution | open => fixed |
2023-10-17 08:04 | Randy Armstrong | Fixed in Version | => 1.05.04 RC1 |
2023-10-17 08:04 | Randy Armstrong | Note Added: 0020197 | |
2024-03-21 22:47 | Jim Luth | Status | resolved => closed |
2024-03-21 22:47 | Jim Luth | Note Added: 0021002 |