onvif / specs

Disparity 1:
__To keep the issue readable, deleted based based on comment from @HansBusch.

Disparity 2:
Consider

Line 1647 in af63a32

    
           <para>If the key pair that the certificate shall be linked to does not have status <emphasis>ok</emphasis>, an InvalidKeyID fault is produced, and the uploaded certificate is not stored in the keystore.</para>

I guess the auther intended to write InvalidKeyStatus fault as shown at the end of the faults table, highlighted below.
Either way this message is misleading inside a fault generated from UploadCertificate as the sender does not send any KeyID as part of invoking this operation.

Disparity 3:

specs/doc/Security.xml

Lines 1692 to 1693 in af63a32

    
           <para role="param">ter:Sender - ter:InvalidArgVal - ter:InvalidKeyStatus</para> 
        
           <para role="text"> The key with the requested KeyID has an inappropriate status.</para>

This message is also misleading inside a fault generated from UploadCertificate as the sender does not send any KeyID as part of invoking this operation.

For CreateRSAKeyPair a key is generated by the device which typically takes seconds to minutes.

UploadCertificate just tries to match an existing key pair with the public key in the certificate. The text is quite complicated and could be shortened but I don't see any mistake.

what about issue2 and inssue 3 above ?

Agree that 2 and three contradict each other and your proposal to change to InvalidKeyStatus sounds good. Please create a PR for that part so that out test tool team can review the proposal.

Further discussion in PR

	<para role="param">ter:Sender - ter:InvalidArgVal - ter:InvalidKeyStatus</para>
	<para role="text"> The key with the requested KeyID has an inappropriate status.</para>

Disparity in KeyPair Generation approaches in ONVIF-Security-Service-Spec.pdf (Ver 23.06)