support rti connext dds 7.7.0; update expiration dates from 2025 to 2037#21
support rti connext dds 7.7.0; update expiration dates from 2025 to 2037#21YushengYangRTI wants to merge 8 commits into
Conversation
YushengYangRTI
commented
May 20, 2026
YushengYangRTI
commented
- Support RTI Connext DDS 7.7.0, the latest LTS.
- Explicitly set <enable_key_revision>false</enable_key_revision> in case other vendors don't support it yet: https://community.rti.com/static/documentation/connext-dds/current/doc/manuals/migration_guide/770/product770/security770.html#key-revisions-are-enabled-by-default .
- Use basicConstraints = CA:true because it's required by x509v3: https://community.rti.com/static/documentation/connext-dds/current/doc/manuals/migration_guide/731/product731/security731.html#openssl-3-upgrade .
- Update expiration dates of RTI and TOC permissions documents from 2025 to 2037.
There was a problem hiding this comment.
This schema is older and doesn't have key revision. Can we point to:
https://www.omg.org/spec/DDS-SECURITY/20240301/omg_shared_ca_governance.xsd
| </domains> | ||
| <allow_unauthenticated_participants>FALSE</allow_unauthenticated_participants> | ||
| <enable_join_access_control>TRUE</enable_join_access_control> | ||
| <enable_key_revision>false</enable_key_revision> |
There was a problem hiding this comment.
I thought about adding must_interpret="false" here, but I don't know if other vendors support must_interpret. It is in the DDS Security spec.
There was a problem hiding this comment.
@YushengYangRTI They could fail because they don't support must_interpret or because they don't support enable_key_revision. We could also leave the Governance Document as it is. In that case, new binaries for this example won't communicate with previous ones (we enable key revision by default in newer releases).
I would say it depends on what happens when other vendors run the example with this Governance Document. Let's have what you suggest unless other people complain.
2 participants
