ETSI's Bug Tracker |
Anonymous | Login | Signup for local Mantis account | 21-05-2024 04:22 IST |
Main | My View | View Issues | Change Log | Roadmap | Monitor project |
View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
ID | Project | Category | View Status | Date Submitted | Last Update | ||||
0007351 | SECURITY | TSS&TP | public | 14-01-2016 13:39 | 08-02-2016 14:59 | ||||
Reporter | haddads | ||||||||
Assigned To | Denis Filatov | ||||||||
Priority | normal | Severity | minor | Reproducibility | have not tried | ||||
Status | resolved | Resolution | fixed | ||||||
Platform | OS | OS Version | |||||||
Product Version | |||||||||
Target Version | Fixed in Version | ||||||||
Summary | 0007351: [TP_SEC_ITSS_RCV_CAM_04_11_BO] Is 103 097 consistent ? | ||||||||
Description | Here is a strange thing regarding 103 097 v1.2.1. To have a valid cam, the certificate must be valid. So if there is a regional validity restriction on the certificate it has to be correct. But in the same time the CAM validity verification has to ignore the generation location of the message, even if it states that the message has been produced outside of the certificate validity region. Do we have to report that to someone ? Do we really support that ? Regarding security it seems really strange to me to accept messages produce outside of the validity region of there authorization tickets !? | ||||||||
Tags | No tags attached. | ||||||||
Attached Files | |||||||||
Notes | |
(0013727) Denis Filatov (administrator) 19-01-2016 16:48 |
To be discussed on the meeting I'm totally agree with Sammy, but following the 103097 the message has to be taken into account. Is it a hole in the Security? |
(0013745) Sebastian Muellers (administrator) 20-01-2016 15:29 |
It is a useful test, but our actual tests focus on malformed messages only, i.e. wrong Information elements. We keep it open and see if we can implement it if at the end of the project there is soem time/budget left. Otherwise it shoud be implemeneted for the upcoming Plugtest under the PLugtest budget, if possible. |
(0013746) Sebastian Muellers (administrator) 20-01-2016 15:32 |
consider adding a SEND test to check that IUT does not send a CAM when it is outside the certificate validity restriction |
(0013748) Sebastian Muellers (administrator) 21-01-2016 08:41 |
chapter 6.1 of TS103097: "NOTE 1: A certificate is considered valid if the current time is within the validity period specified in the certificate, the current region is within the validity region specified in the certificate, the type of the certificate is valid for the current type of communication, the signature, which covers all fields except the signature itself, is valid, and the certificate of the signer is valid as signer for the given certificate's type. If the certificate is self-signed, it is valid if it is stored as a trusted certificate." |
(0013817) Denis Filatov (administrator) 08-02-2016 14:59 |
TP added: SEC_ITSS_RCV_CAM_13, SEC_ITSS_RCV_DENM_13, SEC_ITSS_RCV_GENMSG_13 |
Issue History | |||
Date Modified | Username | Field | Change |
14-01-2016 13:39 | haddads | New Issue | |
14-01-2016 13:39 | haddads | Status | new => assigned |
14-01-2016 13:39 | haddads | Assigned To | => Denis Filatov |
19-01-2016 16:48 | Denis Filatov | Note Added: 0013727 | |
19-01-2016 16:48 | Denis Filatov | Status | assigned => feedback |
20-01-2016 15:29 | Sebastian Muellers | Note Added: 0013745 | |
20-01-2016 15:29 | Sebastian Muellers | Status | feedback => acknowledged |
20-01-2016 15:32 | Sebastian Muellers | Note Added: 0013746 | |
21-01-2016 08:41 | Sebastian Muellers | Note Added: 0013748 | |
08-02-2016 14:59 | Denis Filatov | Note Added: 0013817 | |
08-02-2016 14:59 | Denis Filatov | Status | acknowledged => resolved |
08-02-2016 14:59 | Denis Filatov | Resolution | open => fixed |
MantisBT 1.2.14 [^] Copyright © 2000 - 2024 MantisBT Team |