DDS-SECURITY 1.3b1 RTF Avatar
  1. OMG Issue

DDSSEC13 — Specify use of encryption by BuiltinParticipantVolatileMessageSecure and TypeLookupService Writer/Reader

Open Closed All
  • Key: DDSSEC13-92
  • Status: open  
  • Source: Real-Time Innovations ( Dr. Gerardo Pardo-Castellote, Ph.D.)
  • Summary:

    The security spec does not explicitly mention that the secure volatile channel must use encryption.

    This probably belongs to chapter 10, as the impacted configuration is the PluginEndpointSecurityAttributes.

    The specification should state that, for the BuiltinParticipantVolatileMessageSecureWriter & BuiltinParticipantVolatileMessageSecureReader, the attribute is_submessage_encrypted in the PluginEndpointSecurityAttributes (see 10.4.2.5) shall be set to TRUE .)

    The same applies to the endpoints used by the TypeLookupService.

    Also. These two channels are not using origin authentication. We should discuss whether this is vulnerability or reasonable for this use-case.
  • Reported: DDS-SECURITY 1.2 — Mon, 9 Jun 2025 22:53 GMT
  • Updated: Wed, 17 Sep 2025 11:10 GMT