View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0006279 | 10000-004: Services | Spec | public | 2020-11-25 16:26 | 2021-11-16 13:04 |
Reporter | Ondrej Flek | Assigned To | Matthias Damm | ||
Priority | normal | Severity | minor | Reproducibility | always |
Status | closed | Resolution | duplicate | ||
Summary | 0006279: Unclear certificate validation requirements | ||||
Description | Part 4, Section 6.1.3 states: “If an application is not directly trusted (i.e. its Certificate is not in the list of trusted applications) then the application shall build a chain of Certificates back to a trusted CA.” However, the CTT expects that the trust path is built even for directly trusted (end entity) Application Instance Certificates, unless the Certificate is self-signed. Either the CTT test case (Security Certificate Validation, cases 009.js and 046.js) should be fixed, or the wording in the Specification should be changed to describe the behavior stipulated by the CTT, depending on which behavior is actually desired. | ||||
Additional Information | After initial discussion with Randy, it looks like the behavior expected by the CTT is the desired one. That is why this issue is filed under UA Spec/Part 4 and not under CTT. | ||||
Tags | No tags attached. | ||||
Commit Version | |||||
Fix Due Date | |||||
duplicate of | 0004666 | closed | Matthias Damm | 10000-004: Services | 6.1.3 Determining if a Certificate is Trusted is not consistent with Part 12 |
Not all the children of this issue are yet resolved or closed. |
|
This was already change in 1.05 draft based on Mantis 0004666 6.1.3 Determining if a Certificate is trusted Applications shall rely on lists of Certificates provided by the Administrator to determine trust. There are two separate lists: a list of trusted Certificates and a list of issuer Certificates (i.e. CAs). The list of trusted Certificates may contain a Certificate issued to another Application or it may be a Certificate belonging to a CA. The list of issuer Certificates contains CA Certificates needed for chain validation that are not in the list of trusted Certificates. |
|
Agreed to dup in Virtual F2F. fixed in 1.04.8. |
Date Modified | Username | Field | Change |
---|---|---|---|
2020-11-25 16:26 | Ondrej Flek | New Issue | |
2020-12-06 14:30 | Matthias Damm | Relationship added | duplicate of 0004373 |
2020-12-06 14:37 | Matthias Damm | Relationship added | duplicate of 0004666 |
2020-12-06 14:37 | Matthias Damm | Relationship deleted | 0004373 |
2020-12-06 14:39 | Matthias Damm | Assigned To | => Matthias Damm |
2020-12-06 14:39 | Matthias Damm | Status | new => resolved |
2020-12-06 14:39 | Matthias Damm | Resolution | open => duplicate |
2020-12-06 14:39 | Matthias Damm | Note Added: 0013371 | |
2020-12-11 15:34 | Jim Luth | Status | resolved => closed |
2020-12-11 15:34 | Jim Luth | Note Added: 0013467 |