DDS-Security 1.0 FTF Avatar
  1. OMG Issue

DDSSEC_ — How does the built-in Cryptographic plugin know whether to just Sign or EncryptThenSign?

Open Closed All
  • Key: DDSSEC_-128
  • Status: closed  
  • Source: Real-Time Innovations ( Dr. Gerardo Pardo-Castellote, Ph.D.)
  • Summary:

    The builtin plugins can be configured via the Governance and Permissions documents to selectively only Sign, or EncryptThenSign different Submessages and SubmessageElements.

    However the specification does not describe the mechanism by which Cryptographic plugin can know what the intent it when it creates the cryptographic material for the different DataWriters and DataReaders.

    The cryptographic material is created by the CryptoFactory operations register_local_datawriter and register_local_datareader. The only parameter that could be used to communicate a decision of Sign versus EncryptThenSign is the Properties parameter. But the specific property names and values to use should be prescribed in the specification.

  • Reported: DDS-Security 1.0b1 — Sun, 3 Jan 2016 17:42 GMT
  • Disposition: Deferred — DDS-Security 1.0
  • Disposition Summary:

    Defer specification of crypto factory configuration to RTF

    Issue deferred to RTF. It does not affect interoperability, or even portability as long as vendors provide a way to configure it.
    In a future revision we can standardize the configuration mechanism if it seems worthwhile.
  • Updated: Tue, 12 Jul 2016 14:45 GMT