DDS Security Avatar
  1. OMG Specification

DDS Security — Open Issues

  • Acronym: DDS-SECURITY
  • Issues Count: 79
  • Description: Issues not resolved
Open Closed All
Issues not resolved

Issues Summary

Key Issue Reported Fixed Disposition Status
DDSSEC13-78 Operation: set_permissions_credential_and_token DDS-SECURITY 1.1b1 open
DDSSEC13-72 Builtin Auth dependency on Access Control details DDS-SECURITY 1.1b1 open
DDSSEC13-74 Misleading description of Crypto Key Exchange (8.5.1.8) DDS-SECURITY 1.1b1 open
DDSSEC13-73 Add explanation of how to use the secureWriterSet to support GROUP ordered access DDS-SECURITY 1.1b1 open
DDSSEC13-76 validate_remote_permissions interaction with Authentication Plugin DDS-SECURITY 1.1b1 open
DDSSEC13-71 Inconsistent descriptions of Data Tagging DDS-SECURITY 1.1b1 open
DDSSEC13-77 get_topic_sec_attributes 3rd parameter type DDS-SECURITY 1.1b1 open
DDSSEC13-75 IDL struct ParticipantSecurityAttributes contains ac_endpoint_properties DDS-SECURITY 1.1b1 open
DDSSEC13-70 serialized_local_participant_data passed to Auth plugin DDS-SECURITY 1.1b1 open
DDSSEC13-63 class_id string in Authentication/Permissions Tokens should include spec version DDS-SECURITY 1.1b1 open
DDSSEC13-64 Authentication Protocol: Make what is validated in the messages more explicit DDS-SECURITY 1.1b1 open
DDSSEC13-66 Add support for ChaCha20 DDS-SECURITY 1.1b1 open
DDSSEC13-69 Multiple grants in a permissions document DDS-SECURITY 1.1b1 open
DDSSEC13-67 Invalid IETF RFC document reference. DDS-SECURITY 1.1b1 open
DDSSEC13-65 Protecting the Source Timestamp DDS-SECURITY 1.1b1 open
DDSSEC13-68 IDL should be updated to match IDL 4.2 DDS-SECURITY 1.1b1 open
DDSSEC13-62 The Qos used to publish the BuiltinLoggingTopic is not specicified DDS-SECURITY 1.1b1 open
DDSSEC13-56 encode_rtps_message/decode_rtps_message error and status reporting DDS-SECURITY 1.1 open
DDSSEC13-60 Size of permission file sent on authentication can exceed max IP packet size DDS-SECURITY 1.1b1 open
DDSSEC13-55 Provide efficient way to skip encrypted implementation-specific content DDS-SECURITY 1.1b1 open
DDSSEC13-58 Add return_permissions_handle to the AccessControl interface DDS-SECURITY 1.1 open
DDSSEC13-57 Update parameters of check_remote_datawriter_register_instance DDS-SECURITY 1.1 open
DDSSEC13-61 Builtin Access Control operations (Table 63) missing entries DDS-SECURITY 1.1 open
DDSSEC13-59 Add best practice/implementation guidelines to the CryptoTransform plugin DDS-SECURITY 1.1b1 open
DDSSEC13-54 Provide a way for multiple vendors to extend the algorithms and interoperate DDS-SECURITY 1.1b1 open
DDSSEC13-53 Problematic use of multiple INFO_SRC within an RTPS DDS-SECURITY 1.1b1 open
DDSSEC13-50 Parsing messages generated by encode_serialized_payload (auth only) DDS-SECURITY 1.1b1 open
DDSSEC13-52 Table 29 description of is_write_protected DDS-SECURITY 1.1b1 open
DDSSEC13-51 check_remote_topic domainId parameter DDS-SECURITY 1.1b1 open
DDSSEC13-49 AES-GCM doesn't add padding DDS-SECURITY 1.1b1 open
DDSSEC13-48 Builtin Crypto message authentication codes DDS-SECURITY 1.1b1 open
DDSSEC13-47 XML Schema defines boolean literals as "true" / "false" DDS-SECURITY 1.1b1 open
DDSSEC13-39 register_local_datareader and Data Protection Kind DDS-SECURITY 1.1b1 open
DDSSEC13-40 Replace "CryptoKeyTransform" with "CryptoTransform" DDS-SECURITY 1.1b1 open
DDSSEC13-41 "atributes" typo DDS-SECURITY 1.1b1 open
DDSSEC13-43 Clarify the configuration and use of certificate chains for Identity DDS-SECURITY 1.1b1 open
DDSSEC13-44 Builtin CryptoKeyFactory direct dependency on AccessControl's config details DDS-SECURITY 1.1b1 open
DDSSEC13-42 Inconsistent Flag Name PLUGIN_PARTICIPANT_SECURITY_ATTRIBUTES_FLAG_BUILTIN_IS_DISCOVERY_ENCRYPTED DDS-SECURITY 1.1b1 open
DDSSEC13-45 Participant2ParticipantKxKeyMaterial DDS-SECURITY 1.1b1 open
DDSSEC13-46 9.5.3.3.4.3 should refer to the footer, not header DDS-SECURITY 1.1b1 open
DDSSEC13-32 Modify Security's QoS changes for compatibility with RTPS DDS-SECURITY 1.1b1 open
DDSSEC13-33 Broken cross-references DDS-SECURITY 1.1b1 open
DDSSEC13-38 IDL ParticipantSecurityAttributes::plugin_participant_attributes DDS-SECURITY 1.1b1 open
DDSSEC13-36 Reduce the range of Reserved RTPS parameter IDs DDS-SECURITY 1.1b1 open
DDSSEC13-37 Various Typos DDS-SECURITY 1.1b1 open
DDSSEC13-35 Return types in CryptoKeyFactory interface description DDS-SECURITY 1.1b1 open
DDSSEC13-34 AuthRequestMessageToken future_challenge property DDS-SECURITY 1.1b1 open
DDSSEC13-26 Security for DDS-RPC DDS-SECURITY 1.1b1 open
DDSSEC13-27 Authentication behavior use of built-in endpoints DDS-SECURITY 1.1b1 open
DDSSEC13-28 Use a submessage flag to indicate Data/Frag submessage has a transformed payload DDS-SECURITY 1.1b1 open
DDSSEC13-29 Wrong XML tag in description of Enable Read Access Control DDS-SECURITY 1.1b1 open
DDSSEC13-30 Description of the PluginEndpointSecurityAttributes DDS-SECURITY 1.1b1 open
DDSSEC13-31 Description of the EndpointSecurityAttributes DDS-SECURITY 1.1b1 open
DDSSEC13-21 IDL get_topic_sec_attributes parameter typo DDS-SECURITY 1.1b1 open
DDSSEC13-24 Determining when to use DCPSParticipantMessageSecure DDS-SECURITY 1.1b1 open
DDSSEC13-23 ParticipantStatelessMessage definition DDS-SECURITY 1.1b1 open
DDSSEC13-22 IDL SubscriptionBuiltinTopicDataSecure inheritance DDS-SECURITY 1.1b1 open
DDSSEC13-25 8.4.2.9.24 section name typo DDS-SECURITY 1.1b1 open
DDSSEC13-15 Allow expressions to be used in the data-tag permissions DDS-SECURITY 1.1 open
DDSSEC13-14 Authentication interface begin_handshake_reply() DDS-SECURITY 1.1b1 open
DDSSEC13-17 decode_datawriter_submessage uses "in" for SecurityException DDS-SECURITY 1.1b1 open
DDSSEC13-16 SecureSubmessageCategory_t in normative IDL DDS-SECURITY 1.1b1 open
DDSSEC13-18 get_datawriter/reader_sec_attributes inconsistent IDL DDS-SECURITY 1.1b1 open
DDSSEC13-19 Authentication interface set_permissions_credential_and_token DDS-SECURITY 1.1b1 open
DDSSEC13-20 IDL LongLongSeq unused DDS-SECURITY 1.1b1 open
DDSSEC13-13 DataHolder IDL inconsistent DDS-SECURITY 1.1b1 open
DDSSEC13-8 The specification should not duplicate (copy) the machine readable XSD files DDS-SECURITY 1.0 open
DDSSEC13-7 Section 3 (Normative References) should be updated and expanded DDS-SECURITY 1.0 open
DDSSEC13-12 Avoid sending permissions as part of Authentication Handshake DDS-SECURITY 1.1 open
DDSSEC13-11 Instance-Level access-control DDS-SECURITY 1.1 open
DDSSEC13-10 say explicitly that is_valid is set to zero if that is case DDS-SECURITY 1.1b1 open
DDSSEC13-9 Issues with the UML model used in the specification DDS-SECURITY 1.0 open
DDSSEC13-2 Built-in Authentication and Cryptography plugins tied together by SharedSecretHandle implementation DDS-SECURITY 1.0b1 open
DDSSEC13-3 Examples of Wildcard permissions DDS-SECURITY 1.0 open
DDSSEC13-4 The UML model should be cleaned up DDS-SECURITY 1.0 open
DDSSEC13-5 Remove Jira-issue related comments from machine-readable files DDS-SECURITY 1.0 open
DDSSEC13-6 The DDS-Security specification makes some modifications to the DDSI-RTPS protocol that should be taken into consideration DDS-SECURITY 1.0 open
DDSSEC13-1 Complexity of Authentication Plugin Model DDS-SECURITY 1.0b1 open
DDSSEC_-190 Multiple DataReaders per topic on secured Participant DDS-SECURITY 1.0 open

Issues Descriptions

Operation: set_permissions_credential_and_token

  • Status: open  
  • Source: Object Computing, Inc. - OCI ( Mr. Adam Mitz)
  • Summary:

    Section 8.3.2.11.11 has no description of the permissions_token parameter

  • Reported: DDS-SECURITY 1.1b1 — Fri, 6 Jul 2018 21:42 GMT
  • Updated: Fri, 21 Jun 2024 22:35 GMT

Builtin Auth dependency on Access Control details

  • Status: open  
  • Source: Object Computing, Inc. - OCI ( Mr. Adam Mitz)
  • Summary:

    (This may be a moot point depending on the resolution of DDSSEC12-13.)

    The row of Table 52 that describes validate_local_identity states that the QoS it receives must contain the properties defined in section 9.3.1. These properties are the ones starting with dds.sec.auth.

    The problem is that for begin_handshake_* (either variant) to work, validate_local_identity must also receive the property dds.sec.access.permissions. This should be noted in the requirements for validate_local_identity: it must store the QoS, or at least this property, in a location that can be looked up by IdentityHandle so that handshake tokens can be created. Alternatively, the begin_handshake_* operations could be extended to receive this info separately.

    Another connection between the two plugins is made by the PermissionsCredentialToken. If the intent is to use this data when generating handshake handles, that should be noted in tables 49-50 (c.perm) instead of referencing QoS policies there.

  • Reported: DDS-SECURITY 1.1b1 — Mon, 23 Jul 2018 16:19 GMT
  • Updated: Fri, 21 Jun 2024 22:35 GMT

Misleading description of Crypto Key Exchange (8.5.1.8)

  • Status: open  
  • Source: Object Computing, Inc. - OCI ( Mr. Adam Mitz)
  • Summary:

    Section 8.8.9 specifies that when the crypto tokens are sent on the network,
    BuiltinParticipantVolatileMessageSecureWriter is used so they are not sent in the clear. This detail is also described in 8.5.1.8.1 and other parts of 8.5.1.8.

    Section 8.5.1.8.1 (2nd pgh) contains
    ...intended for transmission in "clear text" to the remote...
    which contradicts 8.8.9.

    To resolve this issue, remove a few unnecessary parts of 8.5.1.8:

    • 8.5.1.8.1 2nd sentence of 2nd pgh "The returned CryptoToken sequence is intended..."
    • 8.5.1.8.2 latter half of 2nd pgh starting "The CryptoToken sequence may contain..."
    • 8.5.1.8.4 (similar content to 8.5.1.8.2)
    • 8.5.1.8.6 (similar content to 8.5.1.8.2)
  • Reported: DDS-SECURITY 1.1b1 — Fri, 13 Jul 2018 17:02 GMT
  • Updated: Fri, 21 Jun 2024 22:35 GMT

Add explanation of how to use the secureWriterSet to support GROUP ordered access

  • Status: open  
  • Source: Real-Time Innovations ( Dr. Gerardo Pardo-Castellote, Ph.D.)
  • Summary:

    RTPS 2.4 added support for GROUP ordered access and coherent access. Part of this work added fields to the heartbeat submessage, one of which is a secureWriterSet.

    This field shall contain the 32-bit xxHash32 of all of the writer EntityIds that are sent via secure discovery.

    The use of this field should be mentioned somewhere in the security spec as the RTPS spec refers to the security specification to define the use of this field.

    A new inline QoS was also added: PID_SECURE_WRITER_GROUP_INFO. This inline QoS should also be added to the security spec.

    See the revised RTPS text here: DDSIRTP23-117

  • Reported: DDS-SECURITY 1.1b1 — Fri, 20 Jul 2018 16:44 GMT
  • Updated: Fri, 21 Jun 2024 22:35 GMT

validate_remote_permissions interaction with Authentication Plugin

  • Status: open  
  • Source: Object Computing, Inc. - OCI ( Mr. Adam Mitz)
  • Summary:

    Table 63's entry for validate_remote_permissions describes a required interaction with the authentication plugin in order to obtain an AuthenticatedPeerCredentialToken. This appears to be an artifact of a previous spec revision, since the current API for validate_remote_permissions already provides the AuthenticatedPeerCredentialToken.

    So that validate_remote_permissions makes more sense, remove the auth_plugin and remote_identity_handle parameters (Table 32, section 8.4.2.9.2, Table 63, IDL).

  • Reported: DDS-SECURITY 1.1b1 — Fri, 6 Jul 2018 21:56 GMT
  • Updated: Fri, 21 Jun 2024 22:35 GMT

Inconsistent descriptions of Data Tagging

  • Status: open  
  • Source: Object Computing, Inc. - OCI ( Mr. Adam Mitz)
  • Summary:

    Section 8.7 specifies the optional Data Tagging model, but the details of how this works really reside in the Access Control plugin. Sections 1.2 and 2.3 need to be updated to remove references to a Data Tagging "Plugin." Also update section 8.1.1. For clarity, update section 8.7.2 to add a reference to Access Control.

  • Reported: DDS-SECURITY 1.1b1 — Mon, 6 Aug 2018 16:58 GMT
  • Updated: Fri, 21 Jun 2024 22:35 GMT

get_topic_sec_attributes 3rd parameter type

  • Status: open  
  • Source: Object Computing, Inc. - OCI ( Mr. Adam Mitz)
  • Summary:

    In the IDL get_topic_sec_attributes's 3rd parameter has type TopicSecurityAttributes. In table 32 it appears as EndpointSecurityAttributes which seems to be an error.

    Also Figure 10 calls this method get_topic_security_attributes instead of using "sec".

  • Reported: DDS-SECURITY 1.1b1 — Fri, 6 Jul 2018 21:47 GMT
  • Updated: Fri, 21 Jun 2024 22:35 GMT

IDL struct ParticipantSecurityAttributes contains ac_endpoint_properties

  • Status: open  
  • Source: Object Computing, Inc. - OCI ( Mr. Adam Mitz)
  • Summary:

    The name of field ac_endpoint_properties in ParticipantSecurityAttributes should be ac_participant_properties as specified in Table 27.

  • Reported: DDS-SECURITY 1.1b1 — Wed, 11 Jul 2018 16:47 GMT
  • Updated: Fri, 21 Jun 2024 22:35 GMT

serialized_local_participant_data passed to Auth plugin

  • Status: open  
  • Source: Object Computing, Inc. - OCI ( Mr. Adam Mitz)
  • Summary:

    When the middleware calls Auth plugin operations begin_handshake_request and begin_handshake_reply, it must provide serialized_local_participant_data as an OctetSeq according to serialization rules described in 8.3.2.11.4-5. However, these sections do not specify that padding bytes in the serialized data should be initialized to 0. This is desirable so that the OctetSeq can be hashed with consistent results.

    Alternatively, revisit the choice to use OctetSeq here in the plugin API. It seems like it would be fine to pass the structure ParticipantBuiltInTopicDataSecure directly to the plugin, as is already done with Access Control.

  • Reported: DDS-SECURITY 1.1b1 — Thu, 9 Aug 2018 16:01 GMT
  • Updated: Fri, 21 Jun 2024 22:35 GMT

class_id string in Authentication/Permissions Tokens should include spec version

  • Status: open  
  • Source: Real-Time Innovations ( Dr. Gerardo Pardo-Castellote, Ph.D.)
  • Summary:

    The class_id attribute in various Tokens includes the Plugin Name and a version number. The intention was that the version number would track the specification version so that it could be used to understand the format of the Token.

    However this is not done consistently. Currently the following class_id are used:

    token class_id
    IdentityToken "DDS:Auth:PKI-DH:1.0"
    AuthenticatedPeerCredentialToken "DDS:Auth:PKI-DH:1.0"
    AuthRequestMessageToken "DDS:Auth:PKI-DH:1.0+AuthReq"
    HandshakeRequestMessageToken "DDS:Auth:PKI-DH:1.0+Req"
    HandshakeReplyMessageToken "DDS:Auth:PKI-DH:1.0+Reply"
    HandshakeFinalMessageToken "DDS:Auth:PKI-DH:1.0+Final”
    PermissionsToken "DDS:Access:Permissions:1.0"
    PermissionsCredentialToken "DDS:Access:PermissionsCredential"
    CryptoToken "DDS:Crypto:AES_GCM_GMAC"

    As it can be seen some class_ids are missing the version number. The ones that have it use "1.0" instead of "1.1" which is the version of the spec. Finally when there are multiple tokens with the same class ID a suffix preceded by a "+" is uses to differentiate them, but this is not done in all cases.

    The goal of this issue is to correct this irregularities. So DDS Security version 1.2 should modify the Token as follows:

    token class_id
    IdentityToken "DDS:Auth:PKI-DH:1.2"
    AuthenticatedPeerCredentialToken "DDS:Auth:PKI-DH:1.2+AuthPeer"
    AuthRequestMessageToken "DDS:Auth:PKI-DH:1.2+AuthReq"
    HandshakeRequestMessageToken "DDS:Auth:PKI-DH:1.2+Req"
    HandshakeReplyMessageToken "DDS:Auth:PKI-DH:1.2+Reply"
    HandshakeFinalMessageToken "DDS:Auth:PKI-DH:1.2+Final”
    PermissionsToken "DDS:Access:Permissions:1.2"
    PermissionsCredentialToken "DDS:Access:Permissions:1.2+Cred"
    CryptoToken "DDS:Crypto:AES_GCM_GMAC:1.2"

    Note that this change is not intended to break backwards interoperability. So the proposal could/should be adjusted to ensure that. Specifically the change in the name for the PermissionsCredentialToken should not impact interoperability as this token is not exchanged between participants. The same is true for the addition of the "+AuthPeer" to the AuthenticatedPeerCredentialToken.

  • Reported: DDS-SECURITY 1.1b1 — Tue, 17 Dec 2019 00:26 GMT
  • Updated: Fri, 21 Jun 2024 22:35 GMT

Authentication Protocol: Make what is validated in the messages more explicit

  • Status: open  
  • Source: Real-Time Innovations ( Dr. Gerardo Pardo-Castellote, Ph.D.)
  • Summary:

    The Builtin Authentication Protocol described in 9.3.4.2 'Protocol description' as well as in Table 52 'Actions undertaken by the operations of the builtin Authentication plugin' should be more explicit about how each of the protocol messages is validated.

    Specifically it should prescribe that:

    • Participant_A shall check the fields inside HandshakeReplyMessageToken and ensure that {Challenge1, Hash(C1), DH1}

      match what Participant A sent in the HandshakeRequestMessageToken.

    • Participant_B shall check the fields inside HandshakeFinalMessageToken and ensure that {Hash(C1), Hash(C2), DH1, DH2, Challenge1, Challenge2}

      match what Participant B sent in the HandshakeRequestMessageToken.

    This should be made clear both in 9.3.4.2 'Protocol description' and in Table 52 'Actions undertaken by the operations of the builtin Authentication plugin'.

  • Reported: DDS-SECURITY 1.1b1 — Tue, 6 Aug 2019 17:13 GMT
  • Updated: Fri, 21 Jun 2024 22:35 GMT

Add support for ChaCha20

  • Status: open  
  • Source: Real-Time Innovations ( Dr. Gerardo Pardo-Castellote, Ph.D.)
  • Summary:

    The AES-CCM cypher suite used by the built-in authentication plugins is well suited for higher end processors that have hardware support for AES (e.g. the Intel AES-NI instructions and the the AES instructions in ARMv8).

    ARMv7 and other low-end processors don't have hardware support. In these AES can be quite slow.

    To better support lower end processors it would be good to add support for a cypher suite that has reasonable performance without hardware support. The industry seems to be converging around the ChaCha20. See:

    https://tools.ietf.org/html/rfc8439
    https://tools.ietf.org/html/rfc7905

    Gerardo

  • Reported: DDS-SECURITY 1.1b1 — Sat, 16 Mar 2019 05:31 GMT
  • Updated: Fri, 21 Jun 2024 22:35 GMT

Multiple grants in a permissions document

  • Status: open  
  • Source: Object Computing, Inc. - OCI ( Mr. Adam Mitz)
  • Summary:

    There is only one <permissions> element in a permissions document, but it can contain multiple <grant> elements. Section 9.4.1.3.2.1 states "Each subject name can only appear in a single <permissions> Section"... which should be "single <grant> Section" and "A permissions Section with a subject name that doesn't match" should be "A grant Section with a subject name that doesn't match."

  • Reported: DDS-SECURITY 1.1b1 — Mon, 20 Aug 2018 15:41 GMT
  • Updated: Fri, 21 Jun 2024 22:35 GMT

Invalid IETF RFC document reference.

  • Status: open  
  • Source: ZettaScale Technology ( Mr. Erik Hendriks)
  • Summary:

    The "Domain Governance Document" and "DomainParticipant permissions document" chapters contain references to "IETF RFC 5761". This doesn't seem correct.

    It seems that it should be "IETF RFC 2633". At least then the mentioned RFC sections fit.

  • Reported: DDS-SECURITY 1.1b1 — Tue, 4 Sep 2018 10:56 GMT
  • Updated: Fri, 21 Jun 2024 22:35 GMT

Protecting the Source Timestamp

  • Status: open  
  • Source: Real-Time Innovations ( Dr. Gerardo Pardo-Castellote, Ph.D.)
  • Summary:

    Currently the INFO_SOURCE can only be protected by RTPS protection. This makes anyone on the Domain able to modify it. Moreover it must be left unprotected when communicating with unsecured participants.

    It would be better if it was included into the DATA / DATA_FRAG submessge as an inlineQos

  • Reported: DDS-SECURITY 1.1b1 — Fri, 27 Jul 2018 12:32 GMT
  • Updated: Fri, 21 Jun 2024 22:35 GMT

IDL should be updated to match IDL 4.2

  • Status: open  
  • Source: Real-Time Innovations ( Dr. Gerardo Pardo-Castellote, Ph.D.)
  • Summary:

    The IDL used by the specification should be updated to the latest IDL 4.2 syntax.

    This specially impacts annotations. For example @Extensibility(MUTABLE_EXTENSIBILITY) has been replace with @mutable.

  • Reported: DDS-SECURITY 1.1b1 — Wed, 29 Aug 2018 00:44 GMT
  • Updated: Fri, 21 Jun 2024 22:35 GMT

The Qos used to publish the BuiltinLoggingTopic is not specicified

  • Status: open  
  • Source: Real-Time Innovations ( Dr. Gerardo Pardo-Castellote, Ph.D.)
  • Summary:

    Section 9.6 'Builtin Logging Plugin' should specify the Qos used to publish and subscribe to the BuiltinLoggingTopic, similar to how it is done for other builtin topics introduced by DDS-Security.

    See for example how it is done for the DCPSParticipantMessageSecure builtin Topic (section 7.4.2) where it refers to the Qos of other builtin Topics and also how it is done for the TopicBuiltinParticipantVolatileMessageSecureWriter and BuiltinParticipantVolatileMessageSecureReader (section 7.4.4.2 ) where it defines it explicitly.

  • Reported: DDS-SECURITY 1.1b1 — Thu, 26 Mar 2020 16:48 GMT
  • Updated: Fri, 21 Jun 2024 22:35 GMT

encode_rtps_message/decode_rtps_message error and status reporting

  • Status: open  
  • Source: Object Computing, Inc. - OCI ( Mr. Adam Mitz)
  • Summary:

    8.5.1.9.4 (4th pgh) describes that encode_rtps_message may determine that no encoding is necessary. This is currently an awkward fit with the common API design of returning a boolean and "setting" or "not setting" an exception struct. What does "not setting" the exception struct mean in practice? How does an implementation portably handle this?

    It would be better to have an enum or integer return type so that the plugin can more directly influence the implementation's control flow, with distinct return values for OK_ENCODED, OK_NOT_ENCODED, ERROR, possibly others.

    A similar issue occurs with decode_rtps_message (8.5.1.9.5). Because key exchange happens asynchronously with respect to encoded message transmission, the plugin may not be able to decode a given message. Simply "returning an exception" in this case is not ideal since the calling code should probably log this exception and it may raise alarms.

    Extending this idea of enum (or integer constants) return types instead of boolean to other CryptoTransform operations may also be useful. For example, the other encode operations could return a OK_NOT_ENCODED instead of copying data.

  • Reported: DDS-SECURITY 1.1 — Tue, 17 Sep 2019 21:53 GMT
  • Updated: Fri, 21 Jun 2024 22:35 GMT

Size of permission file sent on authentication can exceed max IP packet size

  • Status: open  
  • Source: Real-Time Innovations ( Dr. Gerardo Pardo-Castellote, Ph.D.)
  • Summary:

    The Permission File is an XML file. The signature is also encoded as text. For large systems with a lot of Topics the size can grow to be quite big. This is amplified by the fact that it is possible and convenient to combine the permissions of multiple participants into a single file. This size can exceed the 64KB max size of IP.

    An additional problem is that the permissions file is sent during the authentication handshake. The authentication handshake uses a special "best efforts stateless" that does not support fragmentation of large packets. This is done on purpose to make the channel to be robust to sequence number attacks but it results on the inability to send these large permission files.

    This could be addressed by separating the permissions from the authentication handshake and there is already an issue filed for this, see DDSSEC12-13.

    However there is a simple solution that can make the current approach more scalable. The proposed approach is to send the Permissions document compressed rather than in their current text form.

    Users are already hitting this limit so this issue requests that capability to send the permissions compressed is added with high priority, even if later a more general solution is developed as requested in DDSSEC12-13.

  • Reported: DDS-SECURITY 1.1b1 — Tue, 1 Sep 2020 17:50 GMT
  • Updated: Fri, 21 Jun 2024 22:35 GMT

Provide efficient way to skip encrypted implementation-specific content

  • Status: open  
  • Source: Real-Time Innovations ( Dr. Gerardo Pardo-Castellote, Ph.D.)
  • Summary:

    The RTPS specification allows implementations to send implementation-specific RTPS sub-messages inside an RTPS message. These submessages are distinguished by having submessageId's within a specific range.

    Prior to DDS security skipping implementation-specific RTPS sub-messages was very efficient requiring only the receiver to jump their length indicated in. the header.
    However with DDS security the submessages can be encrypted inside a SRTPS_PREFIX/SUFFIX envelope this requires the receiver to always decrypt them even if it will end up skipping them.
    An extreme, but likely common case is when the SRTPS_PREFIX/SUFFIX contains exclusively implementation-specific RTPS sub-messages which makes the effort to decrypt the RTPS message fruitless.

    A way to resolve this would be to designate a flag in the SRTPA_PREFIX submessage to indicate that the content contains only vendor-specific submessages. A receiver can use this flag to skip the whole RTPS message avoiding the effort to decrypt i n the event that the sender vendorId does not match the receiver's.

    The proposal therefore is to designate the leftmost flag of the SRTPS_PREFIX submessage to indicate it contains only "vendor specific content".

  • Reported: DDS-SECURITY 1.1b1 — Thu, 8 Jun 2023 04:35 GMT
  • Updated: Fri, 21 Jun 2024 22:35 GMT

Add return_permissions_handle to the AccessControl interface

  • Status: open  
  • Source: Object Computing, Inc. - OCI ( Mr. Adam Mitz)
  • Summary:

    Handles that are allocated by plugins need to have a "return" operation so that the memory used by the plugin can be freed when the handle is no longer needed by the middleware.

    boolean return_permissions_handle(in PermissionsHandle handle,
      inout SecurityException ex);
    
  • Reported: DDS-SECURITY 1.1 — Thu, 1 Oct 2020 16:12 GMT
  • Updated: Fri, 21 Jun 2024 22:35 GMT

Update parameters of check_remote_datawriter_register_instance

  • Status: open  
  • Source: Object Computing, Inc. - OCI ( Mr. Adam Mitz)
  • Summary:

    check_remote_datawriter_register_instance defined in 8.4.2.9.15 has these parameters: permissions_handle, reader, publication_handle, key, exception.

    In the IDL file and Table 32 in 8.4.2.9 there's also an instance_handle parameter, which should be removed.

  • Reported: DDS-SECURITY 1.1 — Fri, 24 Jun 2022 19:50 GMT
  • Updated: Fri, 21 Jun 2024 22:35 GMT

Builtin Access Control operations (Table 63) missing entries

  • Status: open  
  • Source: Object Computing, Inc. - OCI ( Mr. Adam Mitz)
  • Summary:

    The operations get_topic_sec_attributes, get_datareader_sec_attributes and get_datawriter_sec_attributes are missing from Table 63 - Actions undertaken by the operations of the bulitin AccessControl plugin.

  • Reported: DDS-SECURITY 1.1 — Mon, 27 Aug 2018 22:12 GMT
  • Updated: Fri, 21 Jun 2024 22:35 GMT

Add best practice/implementation guidelines to the CryptoTransform plugin


Provide a way for multiple vendors to extend the algorithms and interoperate

  • Status: open  
  • Source: Real-Time Innovations ( Dr. Gerardo Pardo-Castellote, Ph.D.)
  • Summary:

    The specification provides mechanisms to extend the set of cryptographic algorithms in future revisions.
    The specification also provides mechanisms to extend the set of cryptographic algorithms by a single vendor without requiring a revision of the standard. Those extended algorithms will be understood by the vendor and ignored by others.
    What is not clear is if two vendors can agree to use another cryptographic algorithm and interoperate. This use-case may be relevant to an end-user that is using multiple vendors and wants to have those vendors work together to use a new crypto algorithm

    This issue requests some mechanism to support this last use case.

  • Reported: DDS-SECURITY 1.1b1 — Fri, 30 Jun 2023 16:34 GMT
  • Updated: Fri, 21 Jun 2024 22:35 GMT

Problematic use of multiple INFO_SRC within an RTPS

  • Status: open  
  • Source: Real-Time Innovations ( Dr. Gerardo Pardo-Castellote, Ph.D.)
  • Summary:

    The RTPS spec allows a single RTPS message to contain multiple INFO_SRC submessages, effectively changing the Participant GUID of the sending Participant.

    This seems problematic for DDS Security since the cryptograophic material is tied to that Participant GUID (e.g. the RTPS protection).
    Also INFO_SRC does not work well with the new RTPS_HEADER_EXTENSION.

    How commonly is this capability used? It is worth finding a way to make DDS-Security work with it or would it be better to disallow it.

    Should it be disallowed just for DDS-Security or for DDS in general?

  • Reported: DDS-SECURITY 1.1b1 — Wed, 27 Sep 2023 13:24 GMT
  • Updated: Fri, 21 Jun 2024 22:35 GMT

Parsing messages generated by encode_serialized_payload (auth only)

  • Status: open  
  • Source: Object Computing, Inc. - OCI ( Mr. Adam Mitz)
  • Summary:

    When "performing authentication only," the encode_serialized_payload operation wraps the SerializedPayload inside CryptoHeader and CryptoFooter. This resulting byte stream takes the place of the original SerializedPayload submessage element in a Data(Frag) submessage.

    On the receiving side, this modified submessage element is passed to decode_serialized_payload. The problem comes in parsing this CryptoHeader-SeralizedPayload-CryptoFooter group.

    The CryptoHeader is of fixed size and only contains octet-width data (therefore has no padding), so parsing it and determining where SerializedPaylod starts is trivial.

    Then the implementation needs to determine where SerializedPayload ends in order to determine which bytes to authenticate. There is no in-stream indication of where the SerializePayload ends.

    One possibility would be to look at the end of the byte sequence that decode_serialized_payload received and "step backwards" by the length of the CryptoFooter, however the CryptoFooter is variable length (with receiver_specific_macs). Even if the implementation has external knowledge that receiver_specific_macs are not in use, the alignment requirement of the plugin_sec_tag.receiver_specific_macs.length effectively makes this a variable-length element (also see issue #58).

    To resolve this, an additional element for "length" could be added before the SerializedPayload, just like the CryptoContent submessage element does. This would make parsing the encoded payload similar for the encrypt and auth-only cases.

  • Reported: DDS-SECURITY 1.1b1 — Wed, 9 May 2018 15:38 GMT
  • Updated: Fri, 21 Jun 2024 22:34 GMT

Table 29 description of is_write_protected

  • Status: open  
  • Source: Object Computing, Inc. - OCI ( Mr. Adam Mitz)
  • Summary:

    The description of is_write_protected starts with "Indicates if read access". This should be "Indicates if write access."

  • Reported: DDS-SECURITY 1.1b1 — Thu, 31 May 2018 16:49 GMT
  • Updated: Fri, 21 Jun 2024 22:34 GMT

check_remote_topic domainId parameter

  • Status: open  
  • Source: Object Computing, Inc. - OCI ( Mr. Adam Mitz)
  • Summary:

    domainId is not listed in section 8.4.2.9.12

  • Reported: DDS-SECURITY 1.1b1 — Thu, 10 May 2018 15:06 GMT
  • Updated: Fri, 21 Jun 2024 22:34 GMT

AES-GCM doesn't add padding

  • Status: open  
  • Source: Object Computing, Inc. - OCI ( Mr. Adam Mitz)
  • Summary:

    In 9.5.3.3.4.2 remove this part:
    "Note that the cipher operations have 16-byte block-size and add padding when needed. Therefore the secure data.length (“N”) will always be a multiple of 16."

    AES-GCM doesn't add padding. The implication of this is that the CryptoContent Submessage Element may end at an arbitrary point in the stream (from the point of view of alignment). Bringing the stream "back into alignment" will depend on the usage context:

    • When encoding payload, the CryptoFooter follows directly after CryptoContent. This means that CryptoFooter's first element (common_mac) may start unaligned. Then receiver_specific_macs.length appears in the stream as a 32-bit value so it will be preceded by 0-3 padding bytes depending on the length of CryptoContent.
    • When encoding a submessage or full message, CryptoContent is followed by the start of another submessage which must be aligned to 4 per the RTPS spec.
  • Reported: DDS-SECURITY 1.1b1 — Tue, 1 May 2018 15:10 GMT
  • Updated: Fri, 21 Jun 2024 22:34 GMT

Builtin Crypto message authentication codes

  • Status: open  
  • Source: Object Computing, Inc. - OCI ( Mr. Adam Mitz)
  • Summary:

    9.5.3.3.6 "The message digest is computed on the crypto_header and the ciphertext."

    This statement appears to contradict the descriptions of common_mac and receiver_specific_macs in 9.5.3.3.4.4 (payload), 9.5.3.3.4.5 (submessage), and 9.5.3.3.4.6 (message).

  • Reported: DDS-SECURITY 1.1b1 — Thu, 19 Apr 2018 20:58 GMT
  • Updated: Fri, 21 Jun 2024 22:34 GMT


register_local_datareader and Data Protection Kind

  • Status: open  
  • Source: Object Computing, Inc. - OCI ( Mr. Adam Mitz)
  • Summary:

    In the Table 70 row for register_local_datareader, the ReaderKeyMaterial is created based on Data Protection Kind. This should be Metadata Protection Kind because the ReaderKeyMaterial signs/encrypts submessages and not data payloads.

  • Reported: DDS-SECURITY 1.1b1 — Fri, 9 Mar 2018 20:51 GMT
  • Updated: Fri, 21 Jun 2024 22:34 GMT

Replace "CryptoKeyTransform" with "CryptoTransform"

  • Status: open  
  • Source: Object Computing, Inc. - OCI ( Mr. Adam Mitz)
  • Summary:

    The term CryptoKeyTransform is used 3 times (section name of 9.5.3.3, text of 9.5.3.3.1, caption of Table 72). These should be CryptoTransform.

  • Reported: DDS-SECURITY 1.1b1 — Fri, 9 Mar 2018 21:19 GMT
  • Updated: Fri, 21 Jun 2024 22:34 GMT

"atributes" typo

  • Status: open  
  • Source: OCI ( Tim Simpson)
  • Summary:

    participant_security_attributes is currently spelled participant_security_atributes on page 25 of the specification.

  • Reported: DDS-SECURITY 1.1b1 — Wed, 14 Feb 2018 21:57 GMT
  • Updated: Fri, 21 Jun 2024 22:34 GMT

Clarify the configuration and use of certificate chains for Identity

  • Status: open  
  • Source: Real-Time Innovations ( Dr. Gerardo Pardo-Castellote, Ph.D.)
  • Summary:

    Section 9.3.1.3 (Identity Certificate) indicates it is possible to use certificate chains.

    However the language of this section is confusing because an X.509 v3 Certificate does not contain a chain. It is a single certificate. What can contain a chain of certificates is a file. E.g. the standard "PEM" file format referenced in Table 44 can contain a certificate chain.

    To clarify this the following modifications are suggested:
    (1) In table 44, row for "identity_certificate" change from:
    "URI to a X509 certificate signed by the IdentityCA in PEM format"...
    To
    "URI to a X509 certificate (or certificate chain) signed by the IdentityCA, either as the root CA or as an intermediate CA, in PEM format"

    (2) In section 9.3.1.3 change from:
    "An X.509 v3 Certificate [39] that chains up to the Identity CA (see 9.3.1.1)."
    To:
    "A X.509 v3 Certificate chain [39] that is signed by the Identity CA (see 9.3.1.1) either as the root or as an intermediate CA in the chain"

    (3) In section 9.3
    In bullet 3. Clarify it may not be a single X.509 rather it can be a chain.

    (4) In table 49, field "c.id" indicate this is not a single certificate but a certificate chain. As that is what was configured in the PropertyQosPolicy.

    (5) In table 50, field "c.id" indicate this is not a single certificate but a certificate chain. As that is what was configured in the PropertyQosPolicy.

    (5) In table 52, field "validate_local_identity" indicate this is not a single certificate but a certificate chain.

    (6) In Table 53 IdentityCertificate is undefined. Maybe it should be "identity_certificate" and refer to the property defined in Table 44.

  • Reported: DDS-SECURITY 1.1b1 — Mon, 9 Apr 2018 23:56 GMT
  • Updated: Fri, 21 Jun 2024 22:34 GMT

Builtin CryptoKeyFactory direct dependency on AccessControl's config details

  • Status: open  
  • Source: Object Computing, Inc. - OCI ( Mr. Adam Mitz)
  • Summary:

    The behavior of the built-in CryptoKeyFactory operations is described in Table 70. Many entries of this table include direct references to details of the built-in Access Control plugin's configuration file (an example, "see 9.4.1.2.5.6").

    It would be easier to follow and more modular if this was changed to instead reference the data structure that the CryptoKeyFactory can actually see, which in this case is ParticipantSecurityAttributes.

  • Reported: DDS-SECURITY 1.1b1 — Wed, 11 Apr 2018 16:41 GMT
  • Updated: Fri, 21 Jun 2024 22:34 GMT

Inconsistent Flag Name PLUGIN_PARTICIPANT_SECURITY_ATTRIBUTES_FLAG_BUILTIN_IS_DISCOVERY_ENCRYPTED

  • Status: open  
  • Source: OCI ( Tim Simpson)
  • Summary:

    All the other flag names defined here take the form of "PLUGIN_PARTICIPANT_SECURITY_ATTRIBUTES_FLAG_IS_XXX_YYY". Should the BUILTIN part of this flag really be there? I believe this should instead read: PLUGIN_PARTICIPANT_SECURITY_ATTRIBUTES_FLAG_IS_DISCOVERY_ENCRYPTED.

  • Reported: DDS-SECURITY 1.1b1 — Wed, 14 Feb 2018 22:02 GMT
  • Updated: Fri, 21 Jun 2024 22:34 GMT

Participant2ParticipantKxKeyMaterial

  • Status: open  
  • Source: Object Computing, Inc. - OCI ( Mr. Adam Mitz)
  • Summary:

    Table 70 introduces the term "Participant2ParticipantKxKeyMaterial" which isn't used anywhere else in the spec.

    It would be helpful to have a table that lists each "key material" object along with which operation creates it and how it's used.

  • Reported: DDS-SECURITY 1.1b1 — Wed, 11 Apr 2018 16:45 GMT
  • Updated: Fri, 21 Jun 2024 22:34 GMT

9.5.3.3.4.3 should refer to the footer, not header

  • Status: open  
  • Source: Object Computing, Inc. - OCI ( Mr. Adam Mitz)
  • Summary:

    The last paragraph of 9.5.3.3.4.3 refers to the "CryptoHeader", this should be "CryptoFooter"

  • Reported: DDS-SECURITY 1.1b1 — Wed, 11 Apr 2018 16:48 GMT
  • Updated: Fri, 21 Jun 2024 22:34 GMT

Modify Security's QoS changes for compatibility with RTPS

  • Status: open  
  • Source: Object Computing, Inc. - OCI ( Mr. Adam Mitz)
  • Summary:

    Section 7.2.5 changes QoS in ways that break RTPS compatibility, however minor modifications can fix this.

    Because the mapping for PropertyQosPolicy in Table 10 (is this an implied entry in Table 12 as well?) conflicts with RTPS's definition of PID 0x59, the Binary Property values may not be sent on the wire. Note that RTPS has no concept of appendable extensibility, and requires backwards compatibility for all 2.x versions.

    We can represent this restriction on PropertyQosPolicy in IDL4:

    @extensibility(FINAL)
    struct PropertyQosPolicy {
      PropertySeq value;
    
      @non-serialized
      BinaryPropertySeq binary_value;
    };
    

    The practical effect of this change is that any BinaryProperty entry with propagate == TRUE is not actually propagated inside PropertyQosPolicy. However a search through the specification indicates that there is no requirement for this, at least for built-in plugins. Any other plugins are necessarily vendor specific so those are not necessarily restricted from using an appendable policy, as long as they are aware of the compatibility issues (for allow_unauthenticated_participants == TRUE).

    Also, for consistency the Tag and DataTags structs could be made @extensibility(FINAL). This is not as important since only Security-aware implementations will know about DataTagQosPolicy.

  • Reported: DDS-SECURITY 1.1b1 — Mon, 19 Feb 2018 23:37 GMT
  • Updated: Fri, 21 Jun 2024 22:34 GMT

Broken cross-references

  • Status: open  
  • Source: Object Computing, Inc. - OCI ( Mr. Adam Mitz)
  • Summary:

    There are a few cross-references that don't resolve, resulting in the text "see 0" or "in subclause 0" in the spec:

    • Table 30 plugin_endpoint_attributes column 3 contains "found in 0"
    • Table 52 get_authenticated_peer_credential_token contains "See section 0"
    • 9.4.1.2.6.7 right before the bullet list
    • Table 63 validate_remote_permissions
    • 9.5.3.3.4.1 final paragraph has "subclause 0"
  • Reported: DDS-SECURITY 1.1b1 — Wed, 21 Feb 2018 16:11 GMT
  • Updated: Fri, 21 Jun 2024 22:34 GMT

IDL ParticipantSecurityAttributes::plugin_participant_attributes

  • Status: open  
  • Source: Object Computing, Inc. - OCI ( Mr. Adam Mitz)
  • Summary:

    In the normative IDL, the struct ParticipantSecurityAttributes's field plugin_participant_attributes has type ParticipantSecurityAttributesMask but it should have type PluginParticipantSecurityAttributesMask

  • Reported: DDS-SECURITY 1.1b1 — Thu, 8 Mar 2018 21:33 GMT
  • Updated: Fri, 21 Jun 2024 22:34 GMT

Reduce the range of Reserved RTPS parameter IDs

  • Status: open  
  • Source: Real-Time Innovations ( Dr. Gerardo Pardo-Castellote, Ph.D.)
  • Summary:

    Section 7.4.1.3 'Reserved RTPS parameter IDs' reserves the whole 0x1000 to 0x1FFF (plus 0x5000 to 0x5FFF for must-understand) . That is 2 x 4096 PIDs. In reality DDS security only uses 6 PIDs... So this is a bit too much of a land grab.

    It would be better to be more conservative and reserve a smaller range which can then be expanded as needed.

    RTPS version 2.4 states that the reserved range for DDS security is 0x1000 to 0x10FF and 0x5000 to 0x50FF.

    Section 7.4.1.3 should be updated to reflect this reduced range.

  • Reported: DDS-SECURITY 1.1b1 — Tue, 6 Mar 2018 23:34 GMT
  • Updated: Fri, 21 Jun 2024 22:34 GMT

Various Typos

  • Status: open  
  • Source: Object Computing, Inc. - OCI ( Mr. Adam Mitz)
  • Summary:

    Section 7.4.4.2 "TopicSecurityAtributes" should be "Attributes"

    Section 8.8.9.1, 8.8.9.2, and 8.8.9.3 "cripto" should be "crypto"

    Section 8.8.3 "best-efforts" should be "best-effort"

    Section 8.8.4 "simultanepusly" should be "simultaneously"

    Table 63 caption: "bulitin" should be "built-in"

    Section 9.5 "BEST_EFFORTS" should be "BEST_EFFORT"

    Section 9.5.2.3 "indentifier" should be "identifier"

    Section 9.5.3.1 "ciphetext' should be "ciphertext"

    Normative IDL parameter 1 of create_local_data_crypto_tokens "cryto" should be "crypto"

  • Reported: DDS-SECURITY 1.1b1 — Thu, 8 Mar 2018 17:02 GMT
  • Updated: Fri, 21 Jun 2024 22:34 GMT

Return types in CryptoKeyFactory interface description

  • Status: open  
  • Source: Object Computing, Inc. - OCI ( Mr. Adam Mitz)
  • Summary:

    In CryptoKeyFactory, all operations other than the unregister_* ones return handles. But the descriptions of register_matched_remote_participant and register_local_datawriter (8.5.1.7.2-3) end with "operation returns false". That should be "operation returns HandleNIL".

  • Reported: DDS-SECURITY 1.1b1 — Thu, 1 Mar 2018 19:31 GMT
  • Updated: Fri, 21 Jun 2024 22:34 GMT

AuthRequestMessageToken future_challenge property

  • Status: open  
  • Source: Object Computing, Inc. - OCI ( Mr. Adam Mitz)
  • Summary:

    In Table 48 (9.3.2.4), "properties" should be "binary_properties" so that the property future_challenge is treated as binary, matching Table 49's challenge1.

  • Reported: DDS-SECURITY 1.1b1 — Thu, 1 Mar 2018 19:02 GMT
  • Updated: Fri, 21 Jun 2024 22:34 GMT

Security for DDS-RPC

  • Status: open   Implementation work Blocked
  • Source: Real-Time Innovations ( Dr. Gerardo Pardo-Castellote, Ph.D.)
  • Summary:

    DDS security does not provide any additional means to secure the DDS-RPC service calls. Absent this the protection would be based on the underlying DDS Topics.

    DDS-RPC maps all operations of an interface to two unkeyed Topics. One for the request and one for the reply. The request Topic is used for all operations and likewise the reply Topic.

    Thus relying on the underlying Topics would provide access control granularity at the level of the service and not allow to give narrower permissions. E.g. invoke certain operations and not others. This is not acceptable in some deployment situations.

    One solution may be to make the Topics keyed by the operation. This is possible now that IDL42 allows the discriminator of a union to act as the key.

    Alternatively DDS-Security could specify some other mechanism, for example designate a data-tag to indicate the operations that the request DataWriter may invoke. The receiver side would check that the operation invoked matches the DataWriter tag before processing the request.

  • Reported: DDS-SECURITY 1.1b1 — Sun, 11 Feb 2018 07:43 GMT
  • Updated: Fri, 21 Jun 2024 22:34 GMT

Authentication behavior use of built-in endpoints

  • Status: open  
  • Source: Object Computing, Inc. - OCI ( Mr. Adam Mitz)
  • Summary:

    In section 8.8.2.2, it's established that the BuiltinParticipantStatelessMessage built-in endpoints are used for exchanging the "authentication handshake" messages. This makes sense based on how those built-in endpoints are defined in 7.4.3 and how they're used in some parts of 8.3.2.9 and .11.

    However there are parts of 8.3.2.11 and 8.8.2 that describe this handshake using the names BuiltinParticipantMessageWriter / Reader (note the absence of "Stateless"). The name BuiltinParticipantMessageWriter is defined by the RTPS spec as the endpoint used to implement the participant scoped liveliness (see RTPS 2.2 section 8.4.13.2).

  • Reported: DDS-SECURITY 1.1b1 — Wed, 14 Feb 2018 21:41 GMT
  • Updated: Fri, 21 Jun 2024 22:34 GMT

Use a submessage flag to indicate Data/Frag submessage has a transformed payload

  • Status: open  
  • Source: Object Computing, Inc. - OCI ( Mr. Adam Mitz)
  • Summary:

    If the crypto plugin transforms the payload but the layers containing the payload (submessage or message) are not transformed, the resulting Data/Frag submessage contains no indication that its payload has a nonstandard format.
    Since this spec is essentially defining a new minor version of RTPS (along with RTPS RTF process concurrent to this), one of the reserved flags in the submessage header of Data/Frag can be defined as FLAG_S meaning that the format of the SerializedPayload submessage element is defined by the security spec.

  • Reported: DDS-SECURITY 1.1b1 — Thu, 15 Feb 2018 19:38 GMT
  • Updated: Fri, 21 Jun 2024 22:34 GMT

Wrong XML tag in description of Enable Read Access Control

  • Status: open  
  • Source: Object Computing, Inc. - OCI ( Mr. Adam Mitz)
  • Summary:

    9.4.1.2.6.4 describes Enable Read Access Control, however the bullet list within this section uses the xml tag <enable_write_access_control> (twice), it should be <enable_read_access_control>.

  • Reported: DDS-SECURITY 1.1b1 — Fri, 16 Feb 2018 22:33 GMT
  • Updated: Fri, 21 Jun 2024 22:34 GMT

Description of the PluginEndpointSecurityAttributes

  • Status: open  
  • Source: Object Computing, Inc. - OCI ( Mr. Adam Mitz)
  • Summary:

    The rows in Table 61 is_submessage_encrypted and is_payload_encrypted each have paragraphs starting "If is_*_encrypted is FALSE..." and including "GCM authenticated encryption", which should be "GMAC authentication transformation" like the corresponding rows of Table 59.

  • Reported: DDS-SECURITY 1.1b1 — Fri, 16 Feb 2018 23:06 GMT
  • Updated: Fri, 21 Jun 2024 22:34 GMT

Description of the EndpointSecurityAttributes

  • Status: open  
  • Source: Object Computing, Inc. - OCI ( Mr. Adam Mitz)
  • Summary:

    In Table 30, the entry for is_payload_protected says "If is_payload_protected is FALSE, then the CryptoKeyFactory, KeyExchange and CryptoTransform operations are called only if is_payload_protected is TRUE", but the last phrase should be "only if is_submessage_protected is TRUE".

  • Reported: DDS-SECURITY 1.1b1 — Fri, 16 Feb 2018 23:16 GMT
  • Updated: Fri, 21 Jun 2024 22:34 GMT

IDL get_topic_sec_attributes parameter typo

  • Status: open  
  • Source: Object Computing, Inc. - OCI ( Mr. Adam Mitz)
  • Summary:

    2nd parameter to get_topic_sec_attributes has type "String", should be "string".

  • Reported: DDS-SECURITY 1.1b1 — Tue, 30 Jan 2018 19:07 GMT
  • Updated: Fri, 21 Jun 2024 22:34 GMT

Determining when to use DCPSParticipantMessageSecure

  • Status: open  
  • Source: Object Computing, Inc. - OCI ( Mr. Adam Mitz)
  • Summary:

    The last paragraph of 7.4.2 indicates that TopicSecurityAttributes::is_liveliness_protected is used to determine if a liveliness message should be sent using the new DCPSParticipantMessageSecure builtin endpoint or the old DCPSParticipantMessage builtin endpoint.

    However it is not clear which topic's TopicSecurityAttributes are to be used. The liveliness message essentially belongs to the participant and not any given topic (see RTPS v2.2 8.4.13.5). Should the security spec use ParticipantSecurityAttributes here instead?

  • Reported: DDS-SECURITY 1.1b1 — Thu, 1 Feb 2018 17:03 GMT
  • Updated: Fri, 21 Jun 2024 22:34 GMT

ParticipantStatelessMessage definition

  • Status: open  
  • Source: Object Computing, Inc. - OCI ( Mr. Adam Mitz)
  • Summary:

    Section 7.4.3.2:

    The data type associated with these endpoints is ParticipantStatelessMessage defined
    below (see also 7.2.5):
    typedef ParticipantStatelessMessage ParticipantGenericMessage;

    Two issues:
    a. I don't see how this relates to 7.2.5, should that be 7.2.6?
    b. The typedef is backwards. Typedef declares a new name (second) from an existing type (first).

  • Reported: DDS-SECURITY 1.1b1 — Tue, 30 Jan 2018 19:23 GMT
  • Updated: Fri, 21 Jun 2024 22:34 GMT

IDL SubscriptionBuiltinTopicDataSecure inheritance

  • Status: open  
  • Source: Object Computing, Inc. - OCI ( Mr. Adam Mitz)
  • Summary:

    SubscriptionBuiltinTopicDataSecure should inherit from SubscriptionBuiltinTopicData in the local module, not the one in the DDS:: module.

  • Reported: DDS-SECURITY 1.1b1 — Tue, 30 Jan 2018 19:10 GMT
  • Updated: Fri, 21 Jun 2024 22:34 GMT

8.4.2.9.24 section name typo

  • Status: open  
  • Source: Object Computing, Inc. - OCI ( Mr. Adam Mitz)
  • Summary:

    Operation: get_datarwriter_sec_attributes
    should be
    Operation: get_datawriter_sec_attributes

  • Reported: DDS-SECURITY 1.1b1 — Fri, 9 Feb 2018 20:34 GMT
  • Updated: Fri, 21 Jun 2024 22:34 GMT

Allow expressions to be used in the data-tag permissions

  • Status: open  
  • Source: Real-Time Innovations ( Dr. Gerardo Pardo-Castellote, Ph.D.)
  • Summary:

    The permissions document allow and deny rules contain a section for matching the data tags of the DataReader/DataWriter. The match is based on an exact match of the tag-name and tag-value.

    For consistency with the way we match the permissions for Topic and Partitions we should also allow an expression for the tag-value portion. This is only for the permission rule itself. Not for the DataTag QosPolicy.

    So to match the rule the DataTag name in the Qos must exactly match the name in the permissions document (no expressions here) and the DataTag value in the Qos should match (using fnmatch) the expression in the permissions document.

  • Reported: DDS-SECURITY 1.1 — Thu, 18 Jan 2018 23:24 GMT
  • Updated: Fri, 21 Jun 2024 22:34 GMT

Authentication interface begin_handshake_reply()

  • Status: open  
  • Source: Object Computing, Inc. - OCI ( Mr. Adam Mitz)
  • Summary:

    Normative IDL has no parameter handshake_message_in (from Table 23). It would be possible to use handshake_message_out to serve the purposes of "in" since it's an inout parameter in IDL, but is that the intention here?

  • Reported: DDS-SECURITY 1.1b1 — Wed, 10 Jan 2018 19:37 GMT
  • Updated: Fri, 21 Jun 2024 22:34 GMT

decode_datawriter_submessage uses "in" for SecurityException

  • Status: open  
  • Source: Object Computing, Inc. - OCI ( Mr. Adam Mitz)
  • Summary:

    In the normative IDL interface CryptoTransform, the decode_datawriter_submessage operation uses the "in" parameter passing mode for SecurityException – should be "out" or "inout".

  • Reported: DDS-SECURITY 1.1b1 — Tue, 30 Jan 2018 18:54 GMT
  • Updated: Fri, 21 Jun 2024 22:34 GMT

SecureSubmessageCategory_t in normative IDL

  • Status: open  
  • Source: Object Computing, Inc. - OCI ( Mr. Adam Mitz)
  • Summary:

    The normative IDL doesn't have SecureSubmessageCategory_t, but it does have SecureSumessageCategory_t which appears to be a typo.

  • Reported: DDS-SECURITY 1.1b1 — Tue, 30 Jan 2018 18:51 GMT
  • Updated: Fri, 21 Jun 2024 22:34 GMT

get_datawriter/reader_sec_attributes inconsistent IDL

  • Status: open  
  • Source: Object Computing, Inc. - OCI ( Mr. Adam Mitz)
  • Summary:

    Table 32 (8.4.2.9) has a topic_name parameter for both get_datawriter_sec_attributes and get_datareader_sec_attributes, however this parameter is not present in the normative IDL.

  • Reported: DDS-SECURITY 1.1b1 — Tue, 30 Jan 2018 18:59 GMT
  • Updated: Fri, 21 Jun 2024 22:34 GMT

Authentication interface set_permissions_credential_and_token

  • Status: open  
  • Source: Object Computing, Inc. - OCI ( Mr. Adam Mitz)
  • Summary:

    In the normative IDL, the type of the 2nd parameter for set_permissions_credential_and_token is listed as PermissionsCredential but should PermissionsCredentialToken.

  • Reported: DDS-SECURITY 1.1b1 — Tue, 30 Jan 2018 19:04 GMT
  • Updated: Fri, 21 Jun 2024 22:34 GMT

IDL LongLongSeq unused

  • Status: open  
  • Source: Object Computing, Inc. - OCI ( Mr. Adam Mitz)
  • Summary:

    DDS::Security::LongLongSeq is not used so it should be removed from the normative IDL.

  • Reported: DDS-SECURITY 1.1b1 — Tue, 30 Jan 2018 19:06 GMT
  • Updated: Fri, 21 Jun 2024 22:34 GMT

DataHolder IDL inconsistent

  • Status: open  
  • Source: Object Computing, Inc. - OCI ( Mr. Adam Mitz)
  • Summary:

    In 7.2.3.1, DataHolder is a struct annotated with @extensibility(APPENDABLE) and no optional fields.
    However in ptc/17-09-26 (normative IDL), DataHolder has no @extensibility annotation and two optional fields.

  • Reported: DDS-SECURITY 1.1b1 — Thu, 4 Jan 2018 21:38 GMT
  • Updated: Fri, 21 Jun 2024 22:34 GMT

The specification should not duplicate (copy) the machine readable XSD files

  • Key: DDSSEC13-8
  • Status: open  
  • Source: Real-Time Innovations ( Dr. Gerardo Pardo-Castellote, Ph.D.)
  • Summary:

    The specification contains full copies of the machine readable XSD files:

    • DDS Security Access Control Permissions XSD
    • DDS Security Access Control Governance XSD

    This causes problems as updates may not always be done consistently.

    Therefore it would be better if the specification removed this duplication and just referenced the external machine-readable files.

  • Reported: DDS-SECURITY 1.0 — Mon, 25 Sep 2017 09:30 GMT
  • Updated: Fri, 21 Jun 2024 22:34 GMT

Section 3 (Normative References) should be updated and expanded

  • Key: DDSSEC13-7
  • Status: open  
  • Source: Real-Time Innovations ( Dr. Gerardo Pardo-Castellote, Ph.D.)
  • Summary:

    The specification depends on many other standards that appear referenced thought the specification and in Annex A (References) but do not appear in Section 3.

    Section 3 should be expanded to include the subset of those references that are used for normative behavior. [46], [47], and [52] are clear examples of references that should be moved to Section 3.

  • Reported: DDS-SECURITY 1.0 — Mon, 25 Sep 2017 07:02 GMT
  • Updated: Fri, 21 Jun 2024 22:34 GMT

Avoid sending permissions as part of Authentication Handshake

  • Status: open  
  • Source: Real-Time Innovations ( Dr. Gerardo Pardo-Castellote, Ph.D.)
  • Summary:

    The authentication handshake requires participants to exchange their permission files. This is done as clear text.

    Visibility into the permissions file leaks information as to what the system Topic names are as well as what the application publishes and subscribes. This can be sensitive for some systems.

    Aside form this sending this document is potentially expensive as the knowledge could be available on a separate channel.

    The RTF should look share this information only with authenticated participants and possibly also avoid sending it if it is already known to the peer participant.

    Related this is the fact that permissions are "monolithic" of you need to add a permission to a Participant you need to create and sign a new document. Would be nice to have some way to grant/propagate incremental permissions. E.g. something that could be bundled into the propagation of the Endpoint discovery data itself.

  • Reported: DDS-SECURITY 1.1 — Sat, 18 Nov 2017 00:42 GMT
  • Updated: Fri, 21 Jun 2024 22:34 GMT

Instance-Level access-control

  • Status: open   Implementation work Blocked
  • Source: Real-Time Innovations ( Dr. Gerardo Pardo-Castellote, Ph.D.)
  • Summary:

    The Security plugin model supports being able to control access to each DDS Topic instance (instead of just controlling access to the DDS Topic). However the builtin plugin permission files do not provide a way to configure these permissions.

    This is important for many DDS-Security use-cases where each instance represents a different object and needs to separately indicate who has access to it. For example imaging a "CarPosition" topic that is used to publish the position of cars. Someone may be given permission to suscribe or publish its own car position, but not other cars. Likewise a manufactured or insurance company may be given permissions to the cars that they manage but not others.

  • Reported: DDS-SECURITY 1.1 — Fri, 17 Nov 2017 02:07 GMT
  • Updated: Fri, 21 Jun 2024 22:34 GMT

say explicitly that is_valid is set to zero if that is case

  • Status: open  
  • Source: Upham Security ( Frederick Hirsch)
  • Summary:

    At end of 2nd to last para document has (matching the errata):

    "sending the ParticipantSecurityInfo (the default value of zero has is_valid=0) or sending it with is_valid."

    It should probably be

    "sending the ParticipantSecurityInfo (the default value of zero has is_valid=0) or sending it with is_valid set to zero.”

  • Reported: DDS-SECURITY 1.1b1 — Tue, 31 Oct 2017 20:03 GMT
  • Updated: Fri, 21 Jun 2024 22:34 GMT

Issues with the UML model used in the specification

  • Key: DDSSEC13-9
  • Status: open  
  • Source: Real-Time Innovations ( Dr. Gerardo Pardo-Castellote, Ph.D.)
  • Summary:

    The UML diagrams in the specification use UML stereotypes, such as <<discovery>>. However these are not documented anywhere in the specification nor do they appear in the XMI.

    Also the diagrams are non-standard UML in that they show superclasses in the top right corner. See for example Figure 10.

    These issues should be corrected.

  • Reported: DDS-SECURITY 1.0 — Mon, 25 Sep 2017 07:07 GMT
  • Updated: Fri, 21 Jun 2024 22:34 GMT

Built-in Authentication and Cryptography plugins tied together by SharedSecretHandle implementation

  • Key: DDSSEC13-2
  • Status: open  
  • Source: THALES ( Cyril Dangerville)
  • Summary:

    An implementation of the built-in Cryptography plugin is not compatible with the local implementation of the built-in Authentication, unless it uses/understands the same type of SharedSecretHandle. (SharedSecretHandle is the interface defined at the architecture level.) Therefore, the two built-in plugins are tied together and you cannot replace one or another with any other implementation of the same built-in plugin.
    It is possible to make them independent in two possible ways (at least):

    1. Define a BuiltinSharedSecretHandle that extends SharedSecretHandle interface, and has 3 methods like this:
      • octet[] getChallenge1(): returns challenge1 from the authentication handshake
      • octet[] getChallenge2(): returns challenge2 from the authentication handshake
      • octet[] getSharedSecret(): returns the shared secret from the authentication handshake
    2. OR define a new type of Token (IDL structure) - e.g. HandshakeResultToken - for the final output of the Authentication handshake like this:
      • class_id DDS:Auth:PKI-DH:1.0+Result
      • binary_properties: challenge1, challenge2, SharedSecret

    In both cases, it would change the specs of the methods get_shared_secret() and return_shared_handle() of the Authentication plugin, section 9.3.3.

  • Reported: DDS-SECURITY 1.0b1 — Tue, 1 Mar 2016 17:36 GMT
  • Updated: Fri, 21 Jun 2024 22:34 GMT

Examples of Wildcard permissions

  • Key: DDSSEC13-3
  • Status: open  
  • Source: THALES ( Cyril Dangerville)
  • Summary:

    It is not clear whether the Permissions XSD allows to express all kinds of wildcard permissions. Just to make sure we cover all cases, we should give examples of permissions XML that grant only...

    1. all permissions to any domain? ("all permissions" = join, pub/sub/relay to any topic/partition/data_tag, etc.)
    2. all permissions to a specific domain, e.g. domain 0?
    3. all permissions to all topics of domain 0? ("all permissions" = pub/sub/relay, etc.)
    4. all permissions to all partitions of domain 0?
    5. all permissions to a specific topic, e.g. "Circle1", of domain 0?
    6. all permissions to a specific partition, e.g. "P1", of domain 0?
    7. the permission to publish to any topic of domain 0? (but not subscribe/relay)
    8. the permission to publish to any partition of domain 0? (but not subscribe/relay)

    Such examples would be very useful in the spec as well.

  • Reported: DDS-SECURITY 1.0 — Tue, 11 Jul 2017 12:43 GMT
  • Updated: Fri, 21 Jun 2024 22:34 GMT
  • Attachments:

The UML model should be cleaned up

  • Key: DDSSEC13-4
  • Status: open  
  • Source: Real-Time Innovations ( Dr. Gerardo Pardo-Castellote, Ph.D.)
  • Summary:

    There are some issues with the UML model that should be improved. This came from the AB review of the RTF 1 report:

    ● SubmessageKind should be an Enumeration not a Class. And it’s missing its Literals. Tables 4,5 indicate Literals would include SEC_BODY, SEC_PREFIX, SEC_POSTFIX, SRTPS_PREFIX, SRTPS_POSTFIX
    ● SubmessageFlag is totally underspecified but probably should not be a PrimitiveType
    ● Likewise CryptoState. In fact there are far too many PrimitiveTypes, none of them documented, which should probably be Strings.

  • Reported: DDS-SECURITY 1.0 — Mon, 25 Sep 2017 17:53 GMT
  • Updated: Fri, 21 Jun 2024 22:34 GMT

Remove Jira-issue related comments from machine-readable files

  • Key: DDSSEC13-5
  • Status: open  
  • Source: Real-Time Innovations ( Dr. Gerardo Pardo-Castellote, Ph.D.)
  • Summary:

    The machine-readable files have comments that trace their changes to the Jira issues that caused them. This hurts the use of the specification so they should be removed.

  • Reported: DDS-SECURITY 1.0 — Mon, 25 Sep 2017 10:24 GMT
  • Updated: Fri, 21 Jun 2024 22:34 GMT

The DDS-Security specification makes some modifications to the DDSI-RTPS protocol that should be taken into consideration

  • Key: DDSSEC13-6
  • Status: open  
  • Source: Real-Time Innovations ( Dr. Gerardo Pardo-Castellote, Ph.D.)
  • Summary:

    The following two sections in DDS-Security 1.1 affect future versions of DDSI-RTPS.

    The DDSI-RTPS should include language that makes sure future versions do not conflict with what DDS-Security and future revisions thereof may do.

    Specifically the following two sections of DDS-Security 1.1 should be taken into consideration

    7.3.6.1 Change to the RTPS minor version number
    Implementations of this specification shall set the RTPS protocol version number present in the RTPS Header. The RTPS Major version number shall be set to 2 and the RTPS Minor version number shall be set to 3. Future revisions of the DDS-RTPS specification shall take into consideration this fact.

    7.4.1.3 Reserved RTPS parameter IDs
    This specification reserves the RTPS Simple Discovery Protocol ParameterIDs in the range:
    0x1000 to 0x1FFF and 0x5000 to 0x5FFF. The second interval covers the same range of parametersID, except they have the must-understand bit set. This reserved range applies to RTPS version 2.3 (see 7.3.6.1) and higher minor revisions of RTPS. Future revisions of the DDS-RTPS specification shall take into consideration this fact.

  • Reported: DDS-SECURITY 1.0 — Mon, 25 Sep 2017 09:48 GMT
  • Updated: Fri, 21 Jun 2024 22:34 GMT

Complexity of Authentication Plugin Model

  • Key: DDSSEC13-1
  • Legacy Issue Number: 19793
  • Status: open  
  • Source: ZettaScale Technology ( Mr. Julien Enoch)
  • Summary:

    The Authentication Plugin Model specifies a state machine to be implemented by the DDS middleware to manage the authentication of the remote Participants. The implementation of this state machine is complex because:

    • It is not specified when to call validate_remote_identity (for each received SPDP or only for the first received SPDP from a newly discovered Participant? What if a malicious Participant send a SPDP at first, usurping the GUID of a legit Participant?)
    • The handshake could be initiated from both sides at nearly the same time (nothing forbid this in §8.3)
    • There is no indication in the specification to tell how parallel handshakes between 2 Participants should interact
    • It is difficult to determine at which sense a received message belongs
    • In §8.3.2.8.1 it's specified that "The DDS security implementation shall pass to the AuthenticationPlugin any message received by the BuiltinParticipantStatelessMessageReader...". But there are states in the state machine where it's not specified how to pass those messages (e.g. when validate_remote_identity has not been called yet, and the state machine is not initialized)

    This results in quite complex code, and this is a weakness in a mechanism which needs to be very strong.

    Anyway, the state machine in the middleware is redundant with the one needed in the plugin. In addition, it has to deal with events where it doesn't know what is really going on. Only the plugin has the real information. Therefore, we think this middleware state machine is useless, add extra complexity which makes the authentication less robust, and consumes a lot of resources.

    Instead, we suggest to remove it and to change the mechanism to the following:

    • remove all the "_handshake" methods on the Authentication Plugin
    • add a treat_message method to the authentication plugin to handle any incoming authentication ParticipantStatelessMessage
    • add a send_message method to the authentication listener interface to tell the middleware to send an authentication ParticipantStatelessMessage
    • add a validated_remote_participant method to the authentication listener interface to tell the middleware that the indicated participant is authenticated
    • add a invalidated_remote_participant method to the authentication listener interface to tell the middleware that the indicated participant is not authenticated
    • once the authentication is initialised with validate_remote_identity, all the state machine is managed directly by the plugin which sends the appropriate messages and is given the received ones, until its decision is given to the DDS middleware through the authentication listener.

    This will provide the necessary functionality in a much simple, efficient and robust manner.

  • Reported: DDS-SECURITY 1.0b1 — Thu, 11 Jun 2015 04:00 GMT
  • Updated: Fri, 21 Jun 2024 22:34 GMT

Multiple DataReaders per topic on secured Participant

  • Status: open   Implementation work Blocked
  • Source: ZettaScale Technology ( Mr. Julien Enoch)
  • Summary:

    Looking at the datareader_crypto parameter description of the preprocess_secure_submsg operation:

    "If secure_submessage_category is DATAWRITER_SUBMESSAGE, the datareader_crypto shall be the DatareaderCryptoHandle returned by a previous call to register_local_datareader for the DataReader that is the destination of the RTPS Submessage."

    It seems that only a single DatareaderCryptoHandle can be returned. This implies that a secure DATAWRITER_SUBMESSAGE should be at destination of a single DataReader.

    How to deal with several DataReaders in a Participant matching the same DataWriter ? Most of the time, the submessage destination is ENTITY_UNKOWN. As a consequence a clarification is required.

  • Reported: DDS-SECURITY 1.0 — Tue, 29 Aug 2017 15:45 GMT
  • Updated: Wed, 30 Aug 2017 15:16 GMT