39   Is Event ID 62351-3:1.10 supposed to be a "notice" or "warning"?

Created: 15 May 2024

Status: Approval (Editoral)

Part: Part 3 (2023, Edition 2)

Links:

Page: 24 and 47

Clause: 7.4.4, A.2 (Table A.1)

Paragraph: 3, 1

Issue

Event ID IEC 62351-3:1.10 - section 7.4.4 says "notice" but Table A.1 says "warning". Is this event supposed to be a "notice" or "warning"?

Also, "Warning" for Table A.2 for 1.10 has the 'W' in uppercase.

Text on page 24:

If session resumption is performed based on the session identifier (as specified in RFC 5246)
and the sessionID has expired, the TLS client and server perform a full handshake as per
section 7.3 of RFC 5246. In this case a security event shall be raised ("notice: Session could
not be resumed sessionID lifetime expired. Performing a full TLS handshake instead)").

Proposal

Either declare the severity of the event as "notice" in Table A.1 or declare the severity of the even as "warning" in section 7.4.4.

Discussion Created Status
Approval (editorial improvement) 26 Aug 24 Approval (Editoral)
OK. 27 Jun 24 Discussion (red)
Proposal to approve for Approval (editorial improvement) 26 Jun 24 Discussion (red)
Yes, agree, intention was a "note" as the connection will get established even without resumption.
Proposal to make change in Table A.1 as suggested.
28 May 24 Accepted
In my opinion there is nothing "wrong" going on, or there is not something that is badly configured (like support for deprecated algorithms).
This would be normal operation. So, in my opinion, this should be a "notice".
I would propose to make the change in Table A.1.
16 May 24 Triage

 

Privacy | Contact | Disclaimer

Tissue DB v. 24.12.6.1