DDS-SECURITY 1.1 RTF Avatar
  1. OMG Issue

DDSSEC11 — Specify a transformation_kind for BuiltinParticipantVolatileMessageSecure Endpoints

Open Closed All
  • Key: DDSSEC11-53
  • Status: closed  
  • Source: Real-Time Innovations ( Dr. Gerardo Pardo-Castellote, Ph.D.)
  • Summary:

    Table 52 - KeyMaterial_AES_GCM_GMAC for BuiltinParticipantVolatileMessageSecureWriter and BuiltinParticipantVolatileMessageSecureReader defines the following two values for transformation_kind:

    • CRYPTO_TRANSFORMATION_KIND_AES128_GCM
    • CRYPTO_TRANSFORMATION_KIND_AES256_GCM

    This can lead to vendor interoperability issues. The DDS-SECURITY specification should specify one transformation_kind.

    Proposal: use CRYPTO_TRANSFORMATION_KIND_AES256_GCM
    otherwise we would potentially send AES256 keys protected with 128-bit encryption which makes little sense.
  • Reported: DDS-SECURITY 1.0 — Thu, 23 Feb 2017 23:21 GMT
  • Disposition: Resolved — DDS-SECURITY 1.1
  • Disposition Summary:

    Changes in Specification to Specify a Transformation Kind in Table 52

    Specify changes according to DDSSEC11-53.
  • Updated: Tue, 19 Dec 2017 20:03 GMT