From: Marcel Holtmann <marcel@holtmann.org>
To: Stephen Crane <steve.crane@rococosoft.com>
Cc: Bhatt Abhi-ABHATT <ABHISHEK.BHATT@motorola.com>,
BlueZ Mailing List <bluez-devel@lists.sourceforge.net>
Subject: RE: [Bluez-devel] Service level security for RFCOMM
Date: Fri, 29 Oct 2004 18:40:50 +0200 [thread overview]
Message-ID: <1099068050.10164.69.camel@pegasus> (raw)
In-Reply-To: <1099062653.28599.47.camel@baroque.rococosoft.com>
Hi Steve,
> > So the question still stands. Should we already force authentication
> > when the peer sends PN CMD?
>
> Actually p412 in the SPEC (v1.1) says:
>
> "On the responding side, if authentication procedures are triggered from
> RFCOMM, this must only be done when receiving a SABM frame, not when
> receiving configuration commands preparing an unopened DLC (Erratum
> 1052)."
this is a clear statement. Thanks for pointing this out.
However this also leads to a security problem, because I can scan the
RFCOMM ports of a remote device without forcing the security mechanism.
I only have to do the PN exchange and then disconnect. What should a
remote device do when a PN CMD comes in for a channel without a service
behind it?
> > You must convince me that this is really needed and a good idea. For
> > what kind of application do you wanna use it?
>
> It's for the same reason as stated above: you don't want the connection
> to succeed unless the security requirements can be met. If you have a
> client in security mode 2 and a server in security mode 1, you want the
> server to see an incoming connection _only_ if authentication/encryption
> have been successfully performed. You _don't_ want the server to see an
> incoming connection which is immediately closed.
Sorry, I don't get the point. Why should a client care about security
mode 2, when it want to connect to a server in security mode 1. Actually
the server must know what services to protect and not the client. If you
have such server running, then this is a wrong designed server from my
point of view.
Regards
Marcel
-------------------------------------------------------
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click
_______________________________________________
Bluez-devel mailing list
Bluez-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bluez-devel
next prev parent reply other threads:[~2004-10-29 16:40 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-10-29 14:36 [Bluez-devel] Service level security for RFCOMM Bhatt Abhi-ABHATT
2004-10-29 14:47 ` Marcel Holtmann
2004-10-29 15:10 ` Stephen Crane
2004-10-29 16:40 ` Marcel Holtmann [this message]
2004-11-01 12:02 ` Stephen Crane
2004-11-01 12:17 ` Marcel Holtmann
-- strict thread matches above, loose matches on Subject: below --
2004-10-29 20:04 Bhatt Abhi-ABHATT
2004-10-29 20:22 ` Marcel Holtmann
[not found] <5987A7CB1694D811A04D0002B32C289601BF3C03@il93exb05.corp.mot.com>
2004-10-29 19:41 ` Marcel Holtmann
2004-10-29 15:35 Bhatt Abhi-ABHATT
2004-10-29 15:53 ` Stephen Crane
2004-10-29 17:05 ` Marcel Holtmann
2004-10-29 17:02 ` Marcel Holtmann
2004-10-29 4:42 Marcel Holtmann
2004-10-29 4:46 ` James Cameron
2004-10-29 4:55 ` Marcel Holtmann
2004-10-29 9:31 ` Stephen Crane
2004-10-29 10:34 ` Fred Schaettgen
2004-10-29 12:10 ` Marcel Holtmann
2004-10-29 12:02 ` Marcel Holtmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1099068050.10164.69.camel@pegasus \
--to=marcel@holtmann.org \
--cc=ABHISHEK.BHATT@motorola.com \
--cc=bluez-devel@lists.sourceforge.net \
--cc=steve.crane@rococosoft.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.