View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
000575310000-007: ProfilesSpecpublic2020-06-22 14:152020-09-22 15:50
ReporterDipika Khera Assigned ToPaul Hunkar  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Summary0005753: Need to update specification: OPC 10000-7 - UA Specification Part 7 - Profiles 1.04 - Deprecated security policies
Description

This is an issue with Security Policies defined in Part-07 - Profile. Below is the text from documentation v1.04 FYR. description for both the policies are same.

6.6.162: SecurityPolicy – Basic128Rsa15
SecurityPolicy – Basic128Rsa15 has been deprecated in v1.04 since the hash algorithm Sha-1 is not considered secure anymore.

6.6.163: SecurityPolicy – Basic256
SecurityPolicy – Basic128Rsa15 has been deprecated in v1.04 since the hash algorithm Sha-1 is not considered secure anymore.

It will be great if we can add some information about it's complete removal or no more supported for OPC Specification vX.y. So that intended audience of the specification is aware of it.

Steps To Reproduce

Open Specification Part 07 - Profile documentation for v1.04 & search for sections 6.6.162 & 6.6.163, you will find similar text for both security policies.

TagsNo tags attached.
Commit Version
Fix Due Date

Activities

Dipika Khera

2020-06-23 10:50

reporter   ~0012494

Comment obtained in OPC Day 2020 International Webinar:

Q: If anything is deprecated in v1.04 specification e.g., security policies, when (which version of specs) it will be completely unsupported in OPC Product or considered as non-compliant to OPC specification considering an OPC client/server has that feature implemented ?
A: We depreciate security policy when they have exploits that compromise them - certification will keep checking them (we don't remove them from testing), we just check that if they are supported they are disabled by default.

Can we make this answer as a part of the specification for deprecated security policies ?

Karl Deiretsbacher

2020-09-18 13:21

developer   ~0012945

Discussed in UA virtual F2F on 2020-09-17. Fixed as follows:

Added the following statement to the deprecated note:
If included in a Server:
1) It shall be disabled by default.
2) Documentation shall describe that it should not be used.
3) It will still be tested to ensure correct operation.

Jim Luth

2020-09-22 15:50

administrator   ~0012968

Agreed to text edited in telecon, including 1.04 database and Errata document.

Issue History

Date Modified Username Field Change
2020-06-22 14:15 Dipika Khera New Issue
2020-06-23 10:50 Dipika Khera Note Added: 0012494
2020-07-07 16:44 Jim Luth Assigned To => Paul Hunkar
2020-07-07 16:44 Jim Luth Status new => assigned
2020-09-18 13:21 Karl Deiretsbacher Status assigned => resolved
2020-09-18 13:21 Karl Deiretsbacher Resolution open => fixed
2020-09-18 13:21 Karl Deiretsbacher Note Added: 0012945
2020-09-22 15:50 Jim Luth Status resolved => closed
2020-09-22 15:50 Jim Luth Fixed in Version => 1.04
2020-09-22 15:50 Jim Luth Note Added: 0012968