7.1 Related Governance Attributes for Cryptography
This section describes the Cryptography attributes that appear in the Governance Document.
7.1.1 ProtectionKind
Attributes whose names end with _protection_kind share a type called ProtectionKind. The DDS Security specification lists five possible values of ProtectionKind, all of which are supported by Security Plugins.
7.1.2 domain_rule
The following attributes belong inside a <domain_rule>.
- rtps_protection_kind. This ProtectionKind specifies how to protect a DomainParticipant’s outgoing messages and what kind of protection is required of incoming messages. A message consists of an RTPS header and submessages, so a message is an envelope around submessages. If allow_unauthenticated_participants is set to TRUE, rtps_protection_kind must be set to NONE. Setting rtps_protection_kind to NONE will cause the DomainParticipant to accept both protected and unprotected incoming RTPS messages. Setting rtps_protection_kind to something other than NONE will cause the DomainParticipant to reject incoming RTPS messages that have a missing or incorrect GMAC or GCM.
- discovery_protection_kind. This ProtectionKind specifies the metadata_protection_kind used for the secure builtin DataWriter and DataReader entities used for discovery, Topic Queries, and Locator Reachability Responses.
- liveliness_protection_kind. This ProtectionKind specifies the metadata_protection_kind used for the secure builtin DataWriter and DataReader entities used for liveliness.
7.1.3 topic_rule
The following attributes belong inside a <topic_rule>.
- metadata_protection_kind. This ProtectionKind specifies how to protect a DataWriter’s or DataReader’s outgoing submessages. These submessages include, but are not limited to, DATA, HEARTBEAT, ACKNACK, and GAP. A DATA submessage is an envelope around a serialized payload, so metadata_protection_kind affects data as well as metadata. One difference between metadata_protection_kind and data_protection_kind is that for metadata_protection_kind, the submessage protection takes effect immediately before sending out the content, so a protected submessage is re-protected when it is resent.
- data_protection_kind. This attribute may be NONE, SIGN, or ENCRYPT. It specifies how to protect a DataWriter’s serialized payload. The writer history stores the protected payload, so the protected payload is not re-protected when it is resent. Receiver-specific GMACs are never included in this protection, so the WITH_ORIGIN_AUTHENTICATION values are not allowed here.
- enable_discovery_protection. This attribute may be TRUE or FALSE. It specifies whether to use the secure or non-secure builtin endpoints for certain outgoing traffic related to this topic. Such traffic includes endpoint discovery messages and TopicQuery messages. enable_discovery_protection also specifies whether or not to reject non-secure incoming endpoint discovery messages related to this topic.
- enable_liveliness_protection. This attribute may be TRUE or FALSE. The value of this attribute matters only if the DataWriter LivelinessQosPolicy is AUTOMATIC_LIVELINESS_QOS or MANUAL_BY_PARTICIPANT_LIVELINESS_QOS. In either of these cases, enable_liveliness_protection specifies whether or not to use the secure builtin endpoints for exchanging liveliness messages for DataWriters of this topic.
© 2020 RTI