Re: [Bluez-devel] Re: RFCOMM service level security testing

[Marcel Holtmann <marcel@holtmann.org>]

Hi David,

> Please keep in mind that a device that has been authenticated and even 
> authorized does not necessarily mean it is trusted.  I believe that trusted 
> means that the user does not need to "ok" a secure connection using 
> Authorization for each time it connects.  Some services may wish to have a 
> device be authorized each time it connects to a particular service (profile), 
> even though the device has been previously paired.

this is correct, but this is another topic and for that we need a policy
manager that will take care of it.

> also, regarding enabling/disabling encrypted links...there are a few 
> controllers out there that REQUIRE encyption to be disabled before allowing a 
> Role Switch.  So being able to disable encrption and reenable it Must be an 
> option (without disconnecting RFCOMM and/or L2CAP channels).  There is 
> currently a Bluetooth design proposal to require the controllers to perform 
> this logic...but it is still at an early revision phase, and therefore won't 
> be a requirement for a long time.  This also shows that an application WILL 
> need to be able to talk directly to HCI when it has l2cap and/or rfcomm 
> channels that are active.  When apps start getting more sophisticated and need 
> to allow lots of profiles (Such as phones, PCs, and PDAs), they need to manage 
> the Controller for roles, power management, eSCO, etc.

In general there should be no need to switch the role more than once. I
only must make sure that the role switch is finished before we enable
the encryption.

According to the HCI I really like to avoid that any profile related
applications talk directly to it. This shouldn't be needed.

Regards

Marcel




-------------------------------------------------------
This SF.Net email is sponsored by: InterSystems CACHE
FREE OODBMS DOWNLOAD - A multidimensional database that combines
robust object and relational technologies, making it a perfect match
for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8
_______________________________________________
Bluez-devel mailing list
Bluez-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bluez-devel/listinfo/bluez-devel