Source: Real-Time Innovations ( Gerardo Pardo-Castellote)
Section 220.127.116.11 (Identity Certificate) indicates it is possible to use certificate chains.
However the language of this section is confusing because an X.509 v3 Certificate does not contain a chain. It is a single certificate. What can contain a chain of certificates is a file. E.g. the standard "PEM" file format referenced in Table 44 can contain a certificate chain.
To clarify this the following modifications are suggested:
(1) In table 44, row for "identity_certificate" change from:
"URI to a X509 certificate signed by the IdentityCA in PEM format"...
"URI to a X509 certificate (or certificate chain) signed by the IdentityCA, either as the root CA or as an intermediate CA, in PEM format"
(2) In section 18.104.22.168 change from:
"An X.509 v3 Certificate  that chains up to the Identity CA (see 22.214.171.124)."
"A X.509 v3 Certificate chain  that is signed by the Identity CA (see 126.96.36.199) either as the root or as an intermediate CA in the chain"
(3) In section 9.3
In bullet 3. Clarify it may not be a single X.509 rather it can be a chain.
(4) In table 49, field "c.id" indicate this is not a single certificate but a certificate chain. As that is what was configured in the PropertyQosPolicy.
(5) In table 50, field "c.id" indicate this is not a single certificate but a certificate chain. As that is what was configured in the PropertyQosPolicy.
(5) In table 52, field "validate_local_identity" indicate this is not a single certificate but a certificate chain.
(6) In Table 53 IdentityCertificate is undefined. Maybe it should be "identity_certificate" and refer to the property defined in Table 44.
Reported: DDS-SECURITY 1.1b1 — Mon, 9 Apr 2018 23:56 GMT
Updated: Mon, 9 Apr 2018 23:56 GMT