Does signing and encryption bring any benefits for OCP UA over HTTPS?

I am reading the OPC UA specification and there is one thing I am confused about:

When using HTTPS as a transport protocol, the secure channel is already established by the TLS.

In this case, does it make sense to use any other security mode than None?

What would be the benefit to encrypt or sign the messages over an already secured channel?

Solution

The SecurityPolicy becomes mostly irrelevant when using HTTPS transport.

From Part 6 when discussing HTTPS:

The SecurityPolicy shall be specified, however, it only affects the algorithms used for signing the Nonces during the CreateSession/ActivateSession handshake. A SecurityPolicy of None indicates that the Nonces do not need to be signed.

For what it's worth... the only transport you'll find widely supported in the real world is the OPC UA TCP transport with binary encoding. This is the only combination that is mandatory for implementations.

What is a node in OPC-UA?
How to add role permissions to a node in OPCFoundation OPCUA
Write integer to OPC UA server - “not of the same type” error
Is there any way to export the model from the OPC server?
Python OPC-UA : authentification
The OPC UA server is only accessible via localhost
How to set an access level to a method or a folder in milo server
Connect system which includes OPC UA IoT Agent, Orion Context Broker. Cygnus and Historic data with Postgres
A question about Milo SDK subscriptionTransfer
OPC UA Client certificate connection problem: BadCertificateUseNotAllowed
OCP UA status=Bad_ConnectionClosed using digital petri
Writing variables with OPC UA
question about Milo SDK SubscriptionListener
Why isn't dataChangeFilterDeadbandValue key working by using Apache Camel OPC UA Client?
Use Open62541 to connect a server failed, because of 'No suitable UserTokenPolicy found for the possible endpoints'
Collect OPC-UA Data using Telegraf into QuestDB in a dense format
Read ExtensionObject OPC UA - python
Encoding and Decoding Custom OPC-UA DataTypes with UA-ModelCompiler
Trouble Overriding addNodes Method in Eclipse Milo's NodeManagementServices
Retries for Certs rejected by the OPCUA server
save to csv simultaneously opcua datachange notification
Adding security to OPC UA python server/client (Asyncua)
Is it technically possible for an OPC UA client to tunnel requests to an OPC UA server via a Forward Proxy?
The infinite loop to make the connection with opcua server, regardless of disconnecting the client
Python OPCUA, modbus communication code gets a RuntimeError after 3 hours of running
How to check whether a specific opc ua node already exists with asyncua?
Opc.Ua "ServiceResultException: Endpoint does not support the user identity type provided." but Security Level is None
OPC UA - Serialize an ExtensionObject
Nodejs OPC-UA server certificat error without using any tls or certificates
Understanding OPC-UA Security using Eclipse Milo