DDS-SECURITY 1.1 RTF Avatar
  1. OMG Issue

DDSSEC11 — How does the built-in Cryptographic plugin know whether to just Sign or EncryptThenSign?

Open Closed All
  • Key: DDSSEC11-3
  • Status: closed  
  • Source: Real-Time Innovations ( Dr. Gerardo Pardo-Castellote, Ph.D.)
  • Summary:

    The builtin plugins can be configured via the Governance and Permissions documents to selectively only Sign, or EncryptThenSign different Submessages and SubmessageElements.

    However the specification does not describe the mechanism by which Cryptographic plugin can know what the intent it when it creates the cryptographic material for the different DataWriters and DataReaders.

    The cryptographic material is created by the CryptoFactory operations register_local_datawriter and register_local_datareader. The only parameter that could be used to communicate a decision of Sign versus EncryptThenSign is the Properties parameter. But the specific property names and values to use should be prescribed in the specification.

  • Reported: DDS-SECURITY 1.0b1 — Sun, 3 Jan 2016 17:42 GMT
  • Disposition: Resolved — DDS-SECURITY 1.1
  • Disposition Summary:

    Add EndpointSecurityAttributes Parameter to register_local_datawriter /register_local_datareader

    Add new parameter to register_local_datawriter and register_local_datareader: EndpointSecurityAttributes:

    register_local_datawriter
    (empty) DatawriterCryptoHandle
    participant_crypto ParticipantCryptoHandle
    datawriter_properties PropertySeq
    datawriter_security_attributes EndpointSecurityAttributes
    out: exception SecurityException
    register_local_datareader
    (empty) DatareaderCryptoHandle
    participant_crypto ParticipantCryptoHandle
    datareader_properties PropertySeq
    datareader_security_attributes EndpointSecurityAttributes
    out: exception SecurityException

    As per DDSSEC11-106 (which added plugin_specific_attributes), this will now include all the required information.

    For consistency, similar change proposed to register local participant:

    register_local_participant
    (empty) ParticipantCryptoHandle
    participant_identity IdentityHandle
    participant_permissions PermissionsHandle
    participant_properties PropertySeq
    participant_security_attributes ParticipantSecurityAttributes
    out: exception SecurityException
  • Updated: Tue, 19 Dec 2017 20:03 GMT