View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
000666710000-007: ProfilesSpecpublic2021-03-18 07:132021-04-06 15:11
ReporterMatthias Damm Assigned ToKarl Deiretsbacher  
PriorityhighSeveritymajorReproducibilityalways
Status closedResolutionfixed 
Summary0006667: PubSub Security Policies clarifications for signature keys
Description

In the PubSub prototyping for PubSub security we did run into issues with the signature key length.

One issue is a bug in http://opcfoundation.org/UA/SecurityPolicy#PubSub-Aes128-CTR
PubSub-Aes128-CTR_Limits
DerivedSignatureKeyLength: 128 bits

This must be 256 bits instead of 128 bits.
The signature algorithm is HMAC-SHA2-256

The second issue are clarifications in both policies to match the reference in Part 14.

SymmetricSignatureAlgorithm:
we need a 'key length' in the description in front of the '256 bits'.
Updates sentence would be:
The hash algorithm is SHA2 with a key length of 256 bits and described in https://tools.ietf.org/html/rfc4634

SymmetricEncryptionAlgorithm:
Replace 'key size' with 'key length'

TagsNo tags attached.
Commit Version
Fix Due Date

Relationships

related to 0006668 closedMatthias Damm 10000-014: PubSub Defintion of key derivation missing for PubSub security 

Activities

Matthias Damm

2021-03-23 15:32

developer   ~0014053

Last edited: 2021-03-23 17:05

Necessary changes for PubSub security policies as discussed in the UA WG:

SecurityPolicy:
http://opcfoundation.org/UA/SecurityPolicy#PubSub-Aes128-CTR

Remove Conformance Unit KeyDerivationAlgorithm_P-SHA2-256.

In Conformance Unit PubSub-Aes128-CTR_Limits:
Replace existing text with
-> SymmetricSignatureAlgorithm Key Length: 256 bits
-> SymmetricEncryptionAlgorithm Key Length: 128 bits
-> SymmetricEncryption Nonce Length: 4 Byte

SecurityPolicy:
http://opcfoundation.org/UA/SecurityPolicy#PubSub-Aes256-CTR

Remove Conformance Unit KeyDerivationAlgorithm_P-SHA2-256.

In Conformance Unit PubSub-Aes256-CTR_Limits:
Replace existing text with
-> SymmetricSignatureAlgorithm Key Length: 256 bits
-> SymmetricEncryptionAlgorithm Key Length: 256 bits
-> SymmetricEncryption Nonce Length: 4 Byte

We need a 1.04 errata for the conformance unit removal

Jim Luth

2021-04-06 15:11

administrator   ~0014164

Agreed to Errata and changes in Profile DB.

Issue History

Date Modified Username Field Change
2021-03-18 07:13 Matthias Damm New Issue
2021-03-18 07:13 Matthias Damm Status new => assigned
2021-03-18 07:13 Matthias Damm Assigned To => Karl Deiretsbacher
2021-03-18 07:22 Matthias Damm Relationship added related to 0006668
2021-03-23 15:32 Matthias Damm Note Added: 0014053
2021-03-23 17:01 Matthias Damm Note Edited: 0014053
2021-03-23 17:05 Matthias Damm Note Edited: 0014053
2021-04-06 15:11 Jim Luth Status assigned => closed
2021-04-06 15:11 Jim Luth Resolution open => fixed
2021-04-06 15:11 Jim Luth Fixed in Version => 1.05
2021-04-06 15:11 Jim Luth Note Added: 0014164