View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0009520 | 10000-006: Mappings | Spec | public | 2024-04-15 12:56 | 2025-08-10 14:02 |
| Reporter | Dominik Ziegler | Assigned To | Randy Armstrong | ||
| Priority | normal | Severity | feature | Reproducibility | N/A |
| Status | assigned | Resolution | open | ||
| Summary | 0009520: Update SecurityPolicy [ECC-B] – ECC-nistP256 Encryption Algorithm | ||||
| Description | The current implementation of SecurityPolicy [ECC-B] – ECC-nistP256 relies on AES128-CBC for encryption, as outlined in the specification. However, AES128-CBC should be considered for "legacy" systems only according to (H2020-ICT-2014 – Project 645421, D5.4, ECRYPT-CSA, 02/2018; available at https://www.ecrypt.eu.org/csa/documents/D5.4-FinalAlgKeySizeProt.pdf) , signaling the need for an update to more modern encryption variants. The report highlights the necessity of transitioning to more robust encryption algorithms, such as AES-128-GCM, for enhanced security and resilience against evolving threats. To address this concern and ensure the security of OPC UA implementations, it is proposed to update SecurityPolicy [ECC-B] – ECC-nistP256 to utilize AES-128-GCM instead of AES-128-CBC. This transition will align OPC UA with contemporary security practices and provide a stronger defense against potential vulnerabilities. | ||||
| Tags | Security | ||||
| Commit Version | 1.05.07 RC1 | ||||
| Fix Due Date | 2025-10-01 | ||||
|
|
Agreed that adding GCM profiles is best for the long term. |
|
|
Will assign when we have a volunteer to complete a prototype. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2024-04-15 12:56 | Dominik Ziegler | New Issue | |
| 2024-04-15 12:56 | Dominik Ziegler | Tag Attached: Security | |
| 2024-04-17 15:44 | Randy Armstrong | Assigned To | => Randy Armstrong |
| 2024-04-17 15:44 | Randy Armstrong | Status | new => acknowledged |
| 2024-04-17 15:44 | Randy Armstrong | Note Added: 0021133 | |
| 2024-06-14 20:43 | Paul Hunkar | Project | 10000-002: Security => 10000-006: Mappings |
| 2024-07-09 16:18 | Jim Luth | Assigned To | Randy Armstrong => |
| 2024-07-09 16:21 | Jim Luth | Note Added: 0021432 | |
| 2025-08-05 15:12 | Jim Luth | Assigned To | => Randy Armstrong |
| 2025-08-05 15:12 | Jim Luth | Status | acknowledged => assigned |
| 2025-08-05 17:28 | Jim Luth | Commit Version | => 1.05.07 RC1 |
| 2025-08-05 17:29 | Jim Luth | Fix Due Date | => 2025-10-01 |
