View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0003603 | 10000-007: Profiles | Spec | public | 2016-11-15 17:06 | 2022-09-13 07:16 |
Reporter | brameret | Assigned To | Karl Deiretsbacher | ||
Priority | normal | Severity | minor | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Summary | 0003603: Under specified Security Policy Basic256Sha256 | ||||
Description | The security policy Basic256Sha256 (URI: https://opcfoundation.org/UA/SecurityPolicy/#Basic256Sha256, or Part7 v1.03, table 11), is not completely specified : 1) AsymmetricEncryptionAlgorithm – Rsa_Oaep: the OAEP RSA scheme, as defined in RFC 3447 (PKCS#1 v2.1), can work with a large spectrum of hash methods. Recommended methods are SHA-1, SHA-256/384/512. Current implementation uses SHA-1 by default. 2) AsymmetricSignatureAlgorithm – Rsa_Sha256: when using RSA as a signing algorithm, it is possible to use two signing schemes (as of RFC 3447 PKCS#1 v2.1): PKCS#1 v1.5 or OAEP. Current implementation uses PKCS#1 v1.5 by default. RFC 3447 recommends OAEP. | ||||
Tags | No tags attached. | ||||
Commit Version | |||||
Fix Due Date | |||||
|
Older (prior to 4.6) .NET frameworks do not give any control over these options. To maximize IOP this profile needs to mandate SHA1 for the OAEP padding with encryption and PKCS#1 v1.5 padding with the signature. The name of the profile cannot be changed at this time. So we should look at adding a new profile Basic256Sha256_PKCSv2.1 which would require full compliance with RFC3447 recommendations. |
|
Dallas meeting: Add following explanatory text: |
|
Fixed in OPC UA Part 7 - Profiles Release 1.04.02.docx |
|
Agreed to text in telecon. |
Date Modified | Username | Field | Change |
---|---|---|---|
2016-11-15 17:06 | brameret | New Issue | |
2016-11-22 17:00 | Jim Luth | Assigned To | => randyarmstrong |
2016-11-22 17:00 | Jim Luth | Status | new => assigned |
2016-11-22 17:00 | Jim Luth | Project | UA Specification => 10000-007: Profiles |
2016-11-29 17:04 | Karl Deiretsbacher | Target Version | => 1.04 |
2016-12-04 19:07 | randyarmstrong | Note Added: 0007398 | |
2016-12-04 19:09 | randyarmstrong | Assigned To | randyarmstrong => |
2016-12-04 19:09 | randyarmstrong | Assigned To | => Karl Deiretsbacher |
2016-12-30 08:57 | Karl Deiretsbacher | Note Added: 0007685 | |
2017-02-08 13:13 | Karl Deiretsbacher | Note Added: 0007867 | |
2017-02-08 13:13 | Karl Deiretsbacher | Status | assigned => resolved |
2017-02-08 13:13 | Karl Deiretsbacher | Fixed in Version | => 1.04 |
2017-02-08 13:13 | Karl Deiretsbacher | Resolution | open => fixed |
2017-02-14 16:19 | Jim Luth | Note Added: 0007880 | |
2017-02-14 16:19 | Jim Luth | Status | resolved => closed |
2022-09-13 07:16 | fieldsplum | Tag Attached: PROFINET | |
2022-09-13 07:16 | fieldsplum | Tag Detached: PROFINET |