2

I am aware of certificate chains when validating a client certificate. Still, this either puts a lot of burden on the server administrator or restricts clients, which can be unfavorable when implementing a public OPC UA server.

An implementation of the client certificate validator that accepts all certificates for message encryption/signing is certainly possible. But would such an implementation be considered insecure in that matter?

If yes, how?

ttulka
  • 10,309
  • 7
  • 41
  • 52

1 Answers1

1

Yes, it is considered insecure.

Aside from the (hopefully) obvious use case, where certificates ensure you know exactly what client applications are allowed to connect to the server, certificates are also the first line of defense against malicious clients and are part of a "defense in depth" strategy.

A malicious actor that can't establish a secure channel with the server doesn't have much to work with. A malicious actor that can establish a secure channel can, e.g., open many connections, create many sessions (without activating, potentially causing a DoS are you use resources), attempt to guess credentials, re-use default credentials that an application may ship with, etc...

Further... in the face of the recent CIS alert re: ICS/SCADA devices + OPC UA servers, you'd be a bit of a fool to willingly ship a less secure product for the sake of convenience.

Kevin Herron
  • 6,500
  • 3
  • 26
  • 35
  • Thanks, @Kevin! Maybe a bit more context: I am talking about a public server that is running as a scalable cloud application rather than directly on a device. This means DoS attacks could potentially be solved on the Gateway. The server requires authentication, of course. With this context, would you reconsider your statement? – ttulka Apr 24 '22 at 10:59
  • Another point I have in mind is Opc Ua over HTTTPS. In that case, clients are not required to provide any certificates at all and the secure channel is established by the server side. Is then HTTPS communication considered less secure that communication over TCP as well? – ttulka Apr 24 '22 at 11:02
  • 1
    No, I don’t think I’d reconsider my stance on this, it would remain some degree of worry to me. HTTPS still uses client application instance certificates to permit/deny an untrusted application from connecting unless your server is configured to allow `SecurityPolicy.None`. – Kevin Herron Apr 24 '22 at 13:17