0007300: [TP_SEC_ITSS_SND_CERT_02_01_BV][General remarks/questions] Testing the certifcate chain

ETSI's Bug Tracker - SECURITY
View Issue Details

ID	Project	Category	View Status	Date Submitted	Last Update
0007300	SECURITY	TSS&TP	public	14-01-2016 09:08	13-12-2016 13:11

Reporter	haddads
Assigned To	Denis Filatov
Priority	normal	Severity	minor	Reproducibility	have not tried
Status	resolved	Resolution	no change required
Platform		OS		OS Version
Product Version	Test_Spec_TS103096_V121
Target Version	Next Version	Fixed in Version

Summary	0007300: [TP_SEC_ITSS_SND_CERT_02_01_BV][General remarks/questions] Testing the certifcate chain
Description	Shouldn't we check (add a test?) that the chain is not longer than an upper 3 and that longer chains are rejected ? As far as I know the chain presented in the standards are always the same (root, AA, AT, cert), but can it be longer ? Since validating long certification chains can be a source of attacks. If it can be longer we should add tests with long chains (10-15 certificates, 100 ?). Also I think that the test should check the validity of the entire chain, not just the one of the last certificate e.g. : no loop, all the certificates are valid, etc; this is not tested.
Steps To Reproduce
Additional Information
Tags	No tags attached.
Relationships
Attached Files

Issue History
Date Modified	Username	Field	Change
14-01-2016 09:08	haddads	New Issue
14-01-2016 09:08	haddads	Status	new => assigned
14-01-2016 09:08	haddads	Assigned To	=> Denis Filatov
14-01-2016 10:04	Peter Felber	Note Added: 0013686
15-01-2016 15:27	Denis Filatov	Note Added: 0013698
13-12-2016 13:11	Denis Filatov	Note Added: 0014408
13-12-2016 13:11	Denis Filatov	Status	assigned => resolved
13-12-2016 13:11	Denis Filatov	Resolution	open => no change required

Notes