0009594: Need to add explicit requirement that Certificate be validated before being used to produce a Signature.

ID	Project	Category	View Status	Date Submitted	Last Update

0009594	10000-004: Services	Spec	public	2024-06-12 16:25	2024-09-24 08:01

Reporter	Randy Armstrong	Assigned To	Matthias Damm
Priority	high	Severity	minor	Reproducibility	always
Status	closed	Resolution	fixed
Product Version	1.05.03
Target Version	1.05.04 RC1	Fixed in Version	1.05.04 RC1

Summary	0009594: Need to add explicit requirement that Certificate be validated before being used to produce a Signature.
Description	Add text to CreateSession.serverSignature: The clientCertificate shall be validated according to the rules in 6.1.3 even if the Server chooses to allow connections from untrusted Clients. This validation may have occurred when the SecureChannel was established and does not need to be repeated. The Signature is not generated if the SecurityMode is None. Should apply to 1.03 and 1.04 too.
Tags	No tags attached.

Commit Version	1.05.04 RC
Fix Due Date

Matthias Damm 2024-06-12 19:23 developer ~0021338	Table 15 – CreateSession Service Parameters clientCertificate Changed A Client shall prove possession by using the private key to sign the Nonce provided by the Server in the response. to If the SecurityMode is not None, aA Client shall prove possession by using the private key to create a Signature using sign the Nonce provided by the Server in the response. serverSignature Added The clientCertificate shall be validated according to the rules in 6.1.3 even if the Server chooses to allow connections from untrusted Clients. This validation may have occurred when the SecureChannel was established and does not need to be repeated. The Signature is not generated if the SecurityMode is None.

Jim Luth 2024-06-13 14:15 administrator ~0021346	Agreed to changes edited in Virtual F2F.

Jim Luth 2024-06-13 15:50 administrator ~0021364	Fixed and reviewed in 1.05.04RC Needs 1.03 and 1.04 Errata to close.

Jim Luth 2024-09-24 08:01 administrator ~0021787	Agreed to 1.03 and 1.04 Errata

Date Modified	Username	Field	Change
2024-06-12 16:25	Randy Armstrong	New Issue
2024-06-12 16:25	Randy Armstrong	Status	new => assigned
2024-06-12 16:25	Randy Armstrong	Assigned To	=> Matthias Damm
2024-06-12 16:41	Randy Armstrong	Description Updated
2024-06-12 19:23	Matthias Damm	Status	assigned => resolved
2024-06-12 19:23	Matthias Damm	Resolution	open => fixed
2024-06-12 19:23	Matthias Damm	Fixed in Version	=> 1.05.04 RC1
2024-06-12 19:23	Matthias Damm	Note Added: 0021338
2024-06-13 14:15	Jim Luth	Status	resolved => closed
2024-06-13 14:15	Jim Luth	Commit Version	=> 1.05.04 RC
2024-06-13 14:15	Jim Luth	Note Added: 0021346
2024-06-13 15:50	Jim Luth	Status	closed => resolved
2024-06-13 15:50	Jim Luth	Note Added: 0021364
2024-09-24 08:01	Jim Luth	Status	resolved => closed
2024-09-24 08:01	Jim Luth	Note Added: 0021787