DDS-Security 1.0 FTF Avatar
  1. OMG Issue

DDSSEC_ — Meaning of SessionId

Open Closed All
  • Key: DDSSEC_-22
  • Legacy Issue Number: 19786
  • Status: closed  
  • Source: ZettaScale Technology ( Mr. Julien Enoch)
  • Summary:

    in Table 47, the meaning of SessionId contains this sentence:
    "Knowledge of the MasterKey, MasterSalt, MasterHMACSalt, and the SessionId is sufficient to create the SessionKey, SessionSalt, and SessionHMACKey."

    This is not true, as the MasterSessionSalt is also required to create the SessionSalt (see ยง9.5.3.3.3).

    Thus, the sentence shoud be rephrased as following:
    "Knowledge of the MasterKey, MasterSalt, MasterSessionSalt, MasterHMACSalt, and the SessionId is sufficient to create the SessionKey, SessionSalt, and SessionHMACKey."

  • Reported: DDS-Security 1.0b1 — Wed, 10 Jun 2015 04:00 GMT
  • Disposition: Resolved — DDS-Security 1.0
  • Disposition Summary:

    Table 47. Improve description of sessionId

    Make the change specified in the issue description.
  • Updated: Tue, 12 Jul 2016 14:45 GMT