DDS-SECURITY 1.2 RTF Avatar
  1. OMG Issue

DDSSEC12 — Meeting CNSSP-15 security requirements

  • Key: DDSSEC12-90
  • Status: closed  
  • Source: Real-Time Innovations ( Dr. Gerardo Pardo-Castellote, Ph.D.)
  • Summary:

    The goal of this issues is to identify incorporate any additions that would allow systems built using DDS-Security to meet the CNSSP-15 security requirements.
    https://imlive.s3.amazonaws.com/Federal%20Government/ID151830346965529215587195222610265670631/CNSSP15.pdf)

    This is an important requirements for many systems and we are running into many users that are asking whether DDS-Security can be used to meet CNSSP-15 security requirements.

    It seems like currently the "builtin plugins" are not enough because they do not include support for stronger asymmetric key algorithms. For example when using ECDSA digital signatures the minimal requirement is using 384-bit keys (e,g, NITS's Curve P-384). However the builtin plugins only include support for 256 bit EC keys.

  • Reported: DDS-SECURITY 1.1b1 — Fri, 11 Jun 2021 01:34 GMT
  • Disposition: Resolved — DDS-SECURITY 1.2
  • Disposition Summary:

    Add support for additional crypto algorithms

    Reorganize specification separating the definition of the crypto algorithms from its use by the plugins, such that, it becomes possible to extend the algorithms used, specifically adding support for algorithms that meet CNSSP-15 top-secret requoirements.

  • Updated: Mon, 17 Jun 2024 13:36 GMT
  • Attachments: