Commit 67987396 authored by Santeri Toikka's avatar Santeri Toikka
Browse files

Adjusted secure channel definition

Closes #12
parent 09dc867b
Loading
Loading
Loading
Loading
+5 −3
Original line number Diff line number Diff line
@@ -166,15 +166,17 @@ A **secure channel** referred in [REQ-TECH-2] and used in transportation is a cr

Mutual trust is in plural form not exluding IP Multicast or Anycast usage if implemented.

![Figure 5.2.1-1: Secure channel example with TLS](./media/52_secure_channel_example.drawio.png)
![Figure 5.2.1-1: Secure channel example with TLS originated by managed device](./media/52_secure_channel_example.drawio.png)

**Figure 5.2.1-1: Secure channel example with TLS**

The figure above is an illustration of a simple TLS protected communication between NMS and the managed device.
The device initiates the connection towards reachable endpoint based on a DNS address configured into the managed device.
The figure 5.2.1-1 is an illustration of a simple TLS protected communication between product and the managed device, where the device initiates the connection towards reachable endpoint based on a DNS address configured into the managed device.
The device validates the provided public certificate and logs in with machine credentials.
NMS authorises the query based on the role and identity of the device.

Other approaches are possible, including where the product is responsible for initiating the TLS connection towards the managed device and logging into the managed device.
In this case, the managed device is responsible for authorizing the product based on the identity of the product.

### 5.2.2 Cryptographic key intialisation and rotation

* **[REQ-CRYPTO-4]** The product shall support and implement a on-demand rotation of cryptographic keys.