-
Key: DDSSEC11-9
-
Status: closed
-
Source: THALES ( Cyril Dangerville)
-
Summary:
An implementation of the built-in Cryptography plugin is not compatible with the local implementation of the built-in Authentication, unless it uses/understands the same type of SharedSecretHandle. (SharedSecretHandle is the interface defined at the architecture level.) Therefore, the two built-in plugins are tied together and you cannot replace one or another with any other implementation of the same built-in plugin.
It is possible to make them independent in two possible ways (at least):- Define a BuiltinSharedSecretHandle that extends SharedSecretHandle interface, and has 3 methods like this:
- octet[] getChallenge1(): returns challenge1 from the authentication handshake
- octet[] getChallenge2(): returns challenge2 from the authentication handshake
- octet[] getSharedSecret(): returns the shared secret from the authentication handshake
- OR define a new type of Token (IDL structure) - e.g. HandshakeResultToken - for the final output of the Authentication handshake like this:
- class_id DDS:Auth:PKI-DH:1.0+Result
- binary_properties: challenge1, challenge2, SharedSecret
In both cases, it would change the specs of the methods get_shared_secret() and return_shared_handle() of the Authentication plugin, section 9.3.3.
- Define a BuiltinSharedSecretHandle that extends SharedSecretHandle interface, and has 3 methods like this:
-
Reported: DDS-SECURITY 1.0b1 — Tue, 1 Mar 2016 17:36 GMT
-
Disposition: Deferred — DDS-SECURITY 1.1
-
Disposition Summary:
Defer to RTF2
Making the different interfaces independent from each other is a desirable goal. But it may require some additional changes beyond the ones mentioned in this issue description. For this reason the RTF decided to postpone it to the next RTF.
-
Updated: Tue, 19 Dec 2017 20:03 GMT
DDSSEC11 — Built-in Authentication and Cryptography plugins tied together by SharedSecretHandle implementation
- Key: DDSSEC11-9
- OMG Task Force: DDS Security 1.1 RTF