Source: Real-Time Innovations ( Gerardo Pardo-Castellote)
Several inconsistencies remain in the document:
The document uses the terms " MasterReaderSpecificKey" and "MasterReceiverSpecificKey" to refer to the same key. Should rename one of the two. It would be better to keep MasterReceiverSpecificKey to be consistent with the name used for other keys, such as, SessionReceiverSpecificKey.
Section 184.108.40.206.4.2 second paragraph starts: "Note that the built cipher operations..." The "built" word should be removed.
The word: "operationg" is mis-spelled 5 times. Should be replaced with "operating"
The words "AES-GMAC operation" appear 3 times in the spec. The more correct term would be "AES-GMAC transformation"
Section 220.127.116.11.5 mentions a CryptographicSessionHandle three times. This is undefined. This really refers to the appropriate crypto handle (ParticipantCryptoHandle, DatawriterCryptoHandle, or DatawriterCryptoHandle).
To fix this replace the first occurrence of "CryptographicSessionHandle" with "crypto handle (ParticipantCryptoHandle, DatawriterCryptoHandle, or DatawriterCryptoHandle)" and the remaining two occurences with "crypto handle"
The IDL in the specification is still not using IDL 4.1 format. The following changes should be applied:
@Extensibility (EXTENSIBLE_EXTENSIBILITY) -> @extensibility (APPENDABLE)
@Extensibility (MUTABLE_EXTENSIBILITY) -> @extensibility (MUTABLE)
Paragraph in section 18.104.22.168.4.6 (RTPS Protection Kind element) is in the wrong section
This setting controls the contents of the ParticipantSecurityAttributes returned by the AccessControl::get_participant_sec_attributes operation on the DomainParticipant. Specifically the is_liveliness_protected attribute in the ParticipantSecurityAttributes shall be set to FALSE if and only if the value of the <liveliness_protection_kind> element is NONE.
Appears in the wrong section. It should be moved to the end of 22.214.171.124.4.5 (Liveliness Protection Kind element)
The numbered items in section 126.96.36.199.4 (Domain Rules) are missing one item. A new item numbered shown below should be inserted ahead of the current 6 (Topic Access Rules Section, containing topic rules).
6. RTPS Protection Kind Element
Consider renaming enable_strict_permission_formatting (from DDSSEC11-14) to be something else and specify that it also impacts processing of the Governance file.
Issue 88 changed all the BuiltinTopicKey_t to be GUID_t. However it missed some changes, partially because the resolution of Issue#21 added some parameters that thought have also been renamed by 88. As a consequence the following additional changes are needed:
- Global replace of remote_participant_key with remote_participant_guid in the specification document
- Global replace of local_participant_key with local_participant_guid in the specification document
- Global replace of "local participant_key" with local_participant_guid in the specification document
- Global replace of participant_key with participant_guid in the specification document
- Replace replace of BuiltinTopicKey_t with GUID_t in the machine readable IDL dds_security_pugin_spis.idl operation validate_remote_identity
- Global replace of remote_participant_key with remote_participant_guid in the machine readable IDL dds_security_pugin_spis.idl
Reported: DDS-Security 1.0 — Fri, 26 May 2017 15:55 GMT
Updated: Thu, 27 Jul 2017 11:03 GMT