DDS-SECURITY 1.2 RTF Avatar
  1. OMG Issue

DDSSEC12 — Misleading description of Crypto Key Exchange (8.5.1.8)

Open Closed All
  • Key: DDSSEC12-67
  • Status: open  
  • Source: Object Computing, Inc. - OCI ( Mr. Adam Mitz)
  • Summary:

    Section 8.8.9 specifies that when the crypto tokens are sent on the network,
    BuiltinParticipantVolatileMessageSecureWriter is used so they are not sent in the clear. This detail is also described in 8.5.1.8.1 and other parts of 8.5.1.8.

    Section 8.5.1.8.1 (2nd pgh) contains
    ...intended for transmission in "clear text" to the remote...
    which contradicts 8.8.9.

    To resolve this issue, remove a few unnecessary parts of 8.5.1.8:

    • 8.5.1.8.1 2nd sentence of 2nd pgh "The returned CryptoToken sequence is intended..."
    • 8.5.1.8.2 latter half of 2nd pgh starting "The CryptoToken sequence may contain..."
    • 8.5.1.8.4 (similar content to 8.5.1.8.2)
    • 8.5.1.8.6 (similar content to 8.5.1.8.2)
  • Reported: DDS-SECURITY 1.1b1 — Fri, 13 Jul 2018 17:02 GMT
  • Updated: Fri, 13 Jul 2018 17:02 GMT