Re: PTS / linkkey issue - Johan Hedberg

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Johan Hedberg <johan.hedberg@gmail.com>
To: Marcel Holtmann <marcel@holtmann.org>
Cc: Mike <puffy.taco@gmail.com>,
	linux-bluetooth <linux-bluetooth@vger.kernel.org>
Subject: Re: PTS / linkkey issue
Date: Mon, 23 Apr 2012 12:14:02 +0300	[thread overview]
Message-ID: <20120423091402.GA5758@x220> (raw)
In-Reply-To: <1335164553.16897.371.camel@aeonflux>

Hi Marcel,

On Mon, Apr 23, 2012, Marcel Holtmann wrote:
> > > the real problem that you are seeing here is that the disappearing of
> > > the BlueZ devices and with that the oFono modem is actually fully
> > > intentional. It boils all down to the no bonding pairing. The device
> > > never gets marked as bonded.
> > > 
> > > I honestly have no idea on how to workaround this issue. My only idea is
> > > that we combine the access to a RFCOMM server channel with a re-pairing
> > > to upgrade this to general bonding. Problem is just that I have no idea
> > > if this would fly with the GAP qualification or not. Or if we would
> > > break that one then.
> > 
> > This whole thing looks so obviously as a PTS issue to me that I don't
> > see why anyone should spend any effort on anything else than raising an
> > errata for the PTS.
> > 
> > As far as what you're suggesting as a potential workaround it still
> > wouldn't guarantee that the PTS would start giving an authentication
> > requirement other than no-bonding. We can only control our own
> > authentication requirement.
> > 
> > Furthermore, you couldn't have this as general RFCOMM server behavior
> > since there are servers for which no-bonding may be desirable, like OPP,
> > and clients might not be tested to handle rejecting our general bonding
> > request properly if they were designed to assume they can get by with
> > their initial no-bonding request.
> 
> I was considering that if pairing is allowed and security is either
> medium or high, then we force a repairing if the link key is temporary.
> 
> Something like in the area of a no bonding link key is only allowed to
> connect a security low service. And if pairing is not allowed and you
> try to access a medium or high security service with no bonding, you
> will just get rejected.

I don't think it's a good idea to mix the security level (MITM/no-MITM)
requirement with the permanence requirement (no-bonding/bonding). Those
really are and should remain as orthogonal requirements. Even though OPP
is the only profile we know that it's natural to use no-bonding for
there may well be use cases where you want a secure connection for
sensitive data but want to forget about the security relationship once
the connection is gone.

I also think this is what the core spec intends since you've got the
option of no-bonding with MITM and no-bonding without MITM. Even the
table (5.7, page 1671) that defines the security levels talks nothing
about the permanence of the link key but only about authenticated vs
unauthenticated and MITM vs no MITM. Mixing the no-bonding stuff into
the security level would then also confuse anyone thinking that our
security levels are mappings to how the core spec defines them to be.

Johan

next prev parent reply	other threads:[~2012-04-23  9:14 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-04-20 22:40 PTS / linkkey issue Mike
2012-04-21  0:28 ` Tom Allebrandi
2012-04-21  0:45   ` Mike
2012-04-21  1:57     ` Mike
2012-04-21 10:35 ` Marcel Holtmann
2012-04-21 17:06   ` Mike
2012-04-21 19:09     ` Marcel Holtmann
2012-04-21 20:17       ` Mike
2012-04-21 21:13         ` Marcel Holtmann
2012-04-22 17:42           ` Mike
2012-04-22 20:08             ` Marcel Holtmann
2012-04-22 20:33               ` Mike
2012-04-22 21:35                 ` Marcel Holtmann
2012-04-22 22:22                   ` Johan Hedberg
2012-04-23  7:02                     ` Marcel Holtmann
2012-04-23  8:24                       ` Luiz Augusto von Dentz
2012-04-23  9:14                       ` Johan Hedberg [this message]
2012-04-23  9:40                         ` Marcel Holtmann
2012-04-23 22:46                           ` Tom Allebrandi
2012-04-24  0:36                             ` Mike
2012-04-26 17:31                               ` Mike

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20120423091402.GA5758@x220 \
    --to=johan.hedberg@gmail.com \
    --cc=linux-bluetooth@vger.kernel.org \
    --cc=marcel@holtmann.org \
    --cc=puffy.taco@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.