From: Stephen Crane <steve.crane@rococosoft.com>
To: Marcel Holtmann <marcel@holtmann.org>
Cc: BlueZ Mailing List <bluez-devel@lists.sourceforge.net>
Subject: Re: [Bluez-devel] RFCOMM service level security testing
Date: Wed, 03 Nov 2004 16:38:53 +0000 [thread overview]
Message-ID: <1099499933.3261.75.camel@baroque.rococosoft.com> (raw)
In-Reply-To: <1099498137.6330.29.camel@notepaq>
On Wed, 2004-11-03 at 16:08, Marcel Holtmann wrote:
> does anyone tested this on a SMP system, a 64 bit box or big endian
> machine?
I have an old dual-celeron at home. I'll try and make some time to
re-run the Java tests on it over the next few days. It will probably be
the weekend though.
> > > Another question is what should we do when the encryption on a link with
> > > RFCOMM_ENCRYPT is switched off? At the moment L2CAP keeps works, but in
> > > the RFCOMM layer I drop the connection by sending DM.
> >
> > Yeah I thought I saw something like this happen. I don't think it is
> > correct behaviour. My reasoning would go something like this:
> >
> > * If encryption on a link is switched off at the HCI level, _all_ of the
> > connections (L2CAP and RFComm) which required it should be closed
> > shouldn't they?
> >
> > * Conversely, encryption should be automatically turned off on a link
> > when the last connection which required encryption is closed.
> >
> > * Owners of a connection should be able to indicate that they're no
> > longer interested in encryption by an ioctl on the L2CAP or RFComm
> > socket.
> >
> > * Connections which were created without the encryption requirement
> > should be able to ask for it by a similar ioctl.
> >
> > I imagine this behaviour would be required only very rarely but it seems
> > the most intuitive to me. What do you think?
>
> Actually I have no real meaning about it a the moment. There are pros
> and cons and I like to follow some written specification or erratum. Is
> there something that tells us exactly what to do in these cases?
There is something related to this on p50 of the JSR-82 spec (and, not
coincidentally, in our implementation of it):
"[...] withdrawing a request for encryption does not necessarity mean
that encryption is turned off. If other connections to this same device
need encryption, then the data link that underlies all of the
connections might continue to be encrypted, depending on the policies
used in the BCC for this device."
Regards,
Steve
--
Stephen Crane, Rococo Software Ltd. http://www.rococosoft.com
steve.crane@rococosoft.com +353-1-6601315 (ext 209)
next prev parent reply other threads:[~2004-11-03 16:38 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-10-30 15:55 [Bluez-devel] RFCOMM service level security testing Marcel Holtmann
2004-11-02 22:03 ` Marcel Holtmann
2004-11-03 15:28 ` Stephen Crane
2004-11-03 15:37 ` Marcel Holtmann
2004-11-03 15:56 ` Stephen Crane
2004-11-03 16:08 ` Marcel Holtmann
2004-11-03 16:38 ` Stephen Crane [this message]
2004-11-05 12:28 ` Marcel Holtmann
2004-11-03 16:49 ` Steven Singer
2004-11-03 17:52 ` Marcel Holtmann
2004-11-03 18:45 ` Steven Singer
2004-11-03 19:01 ` Marcel Holtmann
2004-11-15 17:58 ` [Bluez-devel] " David Hughes
2004-11-15 18:10 ` Marcel Holtmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1099499933.3261.75.camel@baroque.rococosoft.com \
--to=steve.crane@rococosoft.com \
--cc=bluez-devel@lists.sourceforge.net \
--cc=marcel@holtmann.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox