-
Key: DDSSEC12-81
-
Status: open
-
Source: Real-Time Innovations ( Dr. Gerardo Pardo-Castellote, Ph.D.)
-
Summary:
The Builtin Authentication Protocol described in 9.3.4.2 'Protocol description' as well as in Table 52 'Actions undertaken by the operations of the builtin Authentication plugin' should be more explicit about how each of the protocol messages is validated.
Specifically it should prescribe that:
- Participant_A shall check the fields inside HandshakeReplyMessageToken and ensure that
{Challenge1, Hash(C1), DH1}
match what Participant A sent in the HandshakeRequestMessageToken.
- Participant_B shall check the fields inside HandshakeFinalMessageToken and ensure that
{Hash(C1), Hash(C2), DH1, DH2,
Challenge1, Challenge2}
match what Participant B sent in the HandshakeRequestMessageToken.
This should be made clear both in 9.3.4.2 'Protocol description' and in Table 52 'Actions undertaken by the operations of the builtin Authentication plugin'.
- Participant_A shall check the fields inside HandshakeReplyMessageToken and ensure that
{Challenge1, Hash(C1), DH1}
-
Reported: DDS-SECURITY 1.1b1 — Tue, 6 Aug 2019 17:13 GMT
-
Updated: Tue, 6 Aug 2019 17:13 GMT
DDSSEC12 — Authentication Protocol: Make what is validated in the messages more explicit
- Key: DDSSEC12-81
- OMG Task Force: DDS Security 1.2 RTF