From: Fred Schaettgen <bluez-devel@schaettgen.de>
To: bluez-devel@lists.sourceforge.net
Subject: Re: [Bluez-devel] Service level security for RFCOMM
Date: Fri, 29 Oct 2004 12:34:49 +0200 [thread overview]
Message-ID: <200410291234.49907.bluez-devel@schaettgen.de> (raw)
In-Reply-To: <1099042277.31284.438.camel@baroque.rococosoft.com>
On Friday 29 October 2004 11:31, Stephen Crane wrote:
> On Fri, 2004-10-29 at 05:42, Marcel Holtmann wrote:
> > actually it seems that nobody really cares about service level security
> > on the RFCOMM layer. Or people are too lazy to send in a patch. However,
> > I spent some hours with thinking about it and the core stuff of a small
> > framework for providing authentication and encrypt feedback from HCI to
> > higher level protocols is finished.
..
> > And btw, who is really interested in this feature or needs it?
Over here! I'm interested.
I would like to integrate service level security into the meta server of
kdebluetooth. At the moment you can allow/disallow connections (or show a
confirmation popup) based on the service/rfcomm channel and on the peer
device address, but we can't ask for an authenticated link. Being able to use
service level security would allow us to force authenticated links when using
any service other than obex push, which should work without having to pair
devices first.
IIRC I asked you to allow every user to send authentication requests a few
months ago, so that even programs running without root privileges can trigger
authentication. But then I didn't post it on the list as you told me, to let
other people comment on the security implications. The corresonding patch
changed only a single bit somewhere, but of course this solution is not very
conveniant. But if you want authentication to appear as a property of a
single rfcomm connection that's fine too, as long as a regular users are
allowed to use this feature. Would that be safe?
regards
Fred
--
Fred Schaettgen
bluez-devel@schaettgen.de
-------------------------------------------------------
This Newsletter Sponsored by: Macrovision
For reliable Linux application installations, use the industry's leading
setup authoring tool, InstallShield X. Learn more and evaluate
today. http://clk.atdmt.com/MSI/go/ins0030000001msi/direct/01/
_______________________________________________
Bluez-devel mailing list
Bluez-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bluez-devel
next prev parent reply other threads:[~2004-10-29 10:34 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-10-29 4:42 [Bluez-devel] Service level security for RFCOMM Marcel Holtmann
2004-10-29 4:46 ` James Cameron
2004-10-29 4:55 ` Marcel Holtmann
2004-10-29 9:31 ` Stephen Crane
2004-10-29 10:34 ` Fred Schaettgen [this message]
2004-10-29 12:10 ` Marcel Holtmann
2004-10-29 12:02 ` Marcel Holtmann
-- strict thread matches above, loose matches on Subject: below --
2004-10-29 14:36 Bhatt Abhi-ABHATT
2004-10-29 14:47 ` Marcel Holtmann
2004-10-29 15:10 ` Stephen Crane
2004-10-29 16:40 ` Marcel Holtmann
2004-11-01 12:02 ` Stephen Crane
2004-11-01 12:17 ` Marcel Holtmann
2004-10-29 15:35 Bhatt Abhi-ABHATT
2004-10-29 15:53 ` Stephen Crane
2004-10-29 17:05 ` Marcel Holtmann
2004-10-29 17:02 ` Marcel Holtmann
[not found] <5987A7CB1694D811A04D0002B32C289601BF3C03@il93exb05.corp.mot.com>
2004-10-29 19:41 ` Marcel Holtmann
2004-10-29 20:04 Bhatt Abhi-ABHATT
2004-10-29 20:22 ` Marcel Holtmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200410291234.49907.bluez-devel@schaettgen.de \
--to=bluez-devel@schaettgen.de \
--cc=bluez-devel@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox