View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
000919510000-012: DiscoverySpecpublic2023-10-10 17:122024-09-10 15:55
ReporterMatthias Damm Assigned ToRandy Armstrong  
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionreopened 
Product Version1.05.02 
Fixed in Version1.05.04 
Summary0009195: Define more details about recommended behaviour for "setup state" and TOFU
Description

Part 12 - Annex G2 defines a "setup state" and Part 21 defines TOFU (trust on first use).

Part 12 states for "setup state"
Always allow Clients to connect securely if the TrustList is empty

But it does not say anything about the SecurityAdmin role assignment.
TOFU in Part 21 implies that the SecurityAdmin configuration is done during the "setup state"

A GDS would be able to do the full configuration without any configuration needs on the server

  • set it's own ApplicationUri in as Application Identity in the SecurityAdmin Role
  • Push the initial certificate and trust list
TagsNo tags attached.
Commit Version1.05.04
Fix Due Date

Relationships

related to 0007928 closedRandy Armstrong No way to get the certificate of a registered application that has a signed certificate from the GDS. 
related to 0009474 closedRandy Armstrong Enhancements for G.1 Application Setup with Pull Management 
related to 0009588 assignedRandy Armstrong Harmonize the TOFU language and concepts in Part 21 and Part 12 

Activities

Ondrej Flek

2023-11-02 10:39

reporter   ~0020257

This can be addressed by assigning the SecurityAdmin role to the Anonymous user in TOFU/setup state. Once the GDS assigns its ApplicationUri to the SecurityAdmin role, it removes the assignment to the Anonymous user.

Randy Armstrong

2024-03-17 05:37

administrator   ~0020907

Subsequent updates to TrustLists or Certificates can be allowed if the Client has a trusted Certificate has access to the SecurityAdmin Role. During the setup state the Client should configure the SecurityAdmin Role. If the Client fails to do the, the Server should grant SecurityAdmin rights to the ApplicationUri used by the Client to setup the Server.

Jim Luth

2024-04-09 16:47

administrator   ~0021100

Needs more work.

Randy Armstrong

2024-06-11 18:59

administrator   ~0021305

add When a Server is in the “setup state” it shall limit the available functionality.

and assign the SecurityAdmin Role to Anonymous user if the TrustList is empty;

Need to move TOFU text from Part 21 in a future release.

Jim Luth

2024-06-11 18:59

administrator   ~0021306

Agreed to changes in Virtual F2F.

Matthias Damm

2024-06-20 15:26

developer   ~0021389

I think we need some further clarifications

(1) Order of configuration
Since we say that the mode is only valid for 'empty TrustList', a client must first configure the SecurityAdmin role and then configure the TrustList

(2) ServerState
We are silent about the ServerState.
It makes sense to define the value of the ServerState in the "setup state". It could be NoConfiguration or Suspended

Matthias Damm

2024-08-05 15:37

developer   ~0021531

There is another issue with the "setup state". The actual state is unknown until the client has created a Session. If a configuration client has stored a user that was created for administration, this user is no longer available after a factory reset. A client would need to create a Session with Anonymous to be able to connect and to find out that the server is in provisioning mode. But a client that was connected before would not fall back to Anonymous.

One option would be to return somthing like Good_ProvisioningMode in CreateSession. This would allow a client to go into a special mode for provisioning.

Randy Armstrong

2024-09-06 05:36

administrator   ~0021666

Added requirements for ServerState and a new InSetupState property.

Jim Luth

2024-09-10 15:55

administrator   ~0021695

Agreed to changes edited in Web meeting.

Issue History

Date Modified Username Field Change
2023-10-10 17:12 Matthias Damm New Issue
2023-10-10 17:12 Matthias Damm Relationship added related to 0007928
2023-10-31 16:14 Jim Luth Assigned To => Randy Armstrong
2023-10-31 16:14 Jim Luth Status new => assigned
2023-11-02 10:39 Ondrej Flek Note Added: 0020257
2024-03-17 05:37 Randy Armstrong Status assigned => resolved
2024-03-17 05:37 Randy Armstrong Resolution open => fixed
2024-03-17 05:37 Randy Armstrong Note Added: 0020907
2024-03-17 15:47 Matthias Damm Relationship added related to 0009474
2024-04-09 16:47 Jim Luth Status resolved => feedback
2024-04-09 16:47 Jim Luth Resolution fixed => reopened
2024-04-09 16:47 Jim Luth Note Added: 0021100
2024-06-11 18:58 Jim Luth Status feedback => assigned
2024-06-11 18:59 Randy Armstrong Status assigned => resolved
2024-06-11 18:59 Randy Armstrong Note Added: 0021305
2024-06-11 18:59 Jim Luth Status resolved => closed
2024-06-11 18:59 Jim Luth Fixed in Version => 1.05.04 RC1
2024-06-11 18:59 Jim Luth Commit Version => 1.05.04 RC
2024-06-11 18:59 Jim Luth Note Added: 0021306
2024-06-11 19:05 Jim Luth Relationship added related to 0009588
2024-06-20 15:26 Matthias Damm Status closed => feedback
2024-06-20 15:26 Matthias Damm Note Added: 0021389
2024-07-02 15:45 Jim Luth Status feedback => assigned
2024-08-05 15:37 Matthias Damm Note Added: 0021531
2024-09-06 05:36 Randy Armstrong Status assigned => resolved
2024-09-06 05:36 Randy Armstrong Note Added: 0021666
2024-09-10 15:03 Randy Armstrong Commit Version 1.05.04 RC => 1.05.04
2024-09-10 15:55 Jim Luth Status resolved => closed
2024-09-10 15:55 Jim Luth Fixed in Version 1.05.04 RC1 => 1.05.04
2024-09-10 15:55 Jim Luth Note Added: 0021695