[Bluez-devel] SDP queries when authentication/encryption are turned on

[Bluez-devel] SDP queries when authentication/encryption are turned on

[Shawn Rutledge]

If in hcid.conf I use these lines:

        auth enable;
        encrypt enable;

then when I do sdptool browse or sdptool search, it keeps prompting me
to bond with every Bluetooth device that it discovers.  This does not
make sense, because the whole point of service discovery is to decide
what device you want to connect to, before having to bond with it.  If
the device was requiring a bond before answering an SDP query, fine,
but the devices I have tested with do not - they will answer SDP
queries just fine without a bond, as long as I have commented out those
two lines in hcid.conf.  Maybe this is a bug - IMO bluez should
probably ignore those settings for SDP, and always do SDP insecurely. 
Otherwise "sdp search" becomes very impractical.  At my office often 20
or more devices will be involved in such a search, belonging to various
coworkers, some of whom I have not met, and I certainly do not want to
bond with all those devices; but I also do not want to turn off
authorization completely just so that I can do sdp queries.


=====
. _______  Shawn T. Rutledge / KB7PWD ecloud@bigfoot.com
 (_  | |_)    http://ecloud.org/  kb7pwd@kb7pwd.ampr.org
 __) | | \______________________________________________


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Bluez-devel mailing list
Bluez-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bluez-devel

Re: [Bluez-devel] SDP queries when authentication/encryption are turned on

[Marcel Holtmann]

Hi Shawn,

> If in hcid.conf I use these lines:
> 
>         auth enable;
>         encrypt enable;
> 
> then when I do sdptool browse or sdptool search, it keeps prompting me
> to bond with every Bluetooth device that it discovers.  This does not
> make sense, because the whole point of service discovery is to decide
> what device you want to connect to, before having to bond with it.  If
> the device was requiring a bond before answering an SDP query, fine,
> but the devices I have tested with do not - they will answer SDP
> queries just fine without a bond, as long as I have commented out those
> two lines in hcid.conf.  Maybe this is a bug - IMO bluez should
> probably ignore those settings for SDP, and always do SDP insecurely. 
> Otherwise "sdp search" becomes very impractical.  At my office often 20
> or more devices will be involved in such a search, belonging to various
> coworkers, some of whom I have not met, and I certainly do not want to
> bond with all those devices; but I also do not want to turn off
> authorization completely just so that I can do sdp queries.

if you set your device into security mode 3, then this is what you get.
As I have often said, do this only when you know what you are doing and
what does this imply.

Regards

Marcel




-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Bluez-devel mailing list
Bluez-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bluez-devel

Re: [Bluez-devel] SDP queries when authentication/encryption are turned on

[Fred Schaettgen]

On Wednesday 23 February 2005 05:28, Marcel Holtmann wrote:
> Hi Shawn,
>
> > If in hcid.conf I use these lines:
> >
> >         auth enable;
> >         encrypt enable;
> >
...
>
> if you set your device into security mode 3, then this is what you get.
> As I have often said, do this only when you know what you are doing and
> what does this imply.

Marcel, why don't you simply put this often repeated sentence into a comment 
in default hcid.conf right above auth/encrypt? If people are not familiar 
with bluetooth, then it's reasonable to assume that you have to enable this 
if you want any security at all. You don't expect everbody to know what 
security mode 3 means and what the alternatives are, do you?

regards
Fred

-- 
Fred Schaettgen
bluez-devel@schaettgen.de


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Bluez-devel mailing list
Bluez-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bluez-devel

Re: [Bluez-devel] SDP queries when authentication/encryption are turned on

[Marcel Holtmann]

Hi Fred,

> > if you set your device into security mode 3, then this is what you get.
> > As I have often said, do this only when you know what you are doing and
> > what does this imply.
> 
> Marcel, why don't you simply put this often repeated sentence into a comment 
> in default hcid.conf right above auth/encrypt? If people are not familiar 
> with bluetooth, then it's reasonable to assume that you have to enable this 
> if you want any security at all. You don't expect everbody to know what 
> security mode 3 means and what the alternatives are, do you?

there is a comment that this is security mode 3, but actually this does
not prevents for its misuse and the later complaints. Problem is that
Bluetooth is still a complex technology and if you change defaults you
should understand what you are doing. However I always accept patches
that extends the manual pages with more details about it.

Regards

Marcel




-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Bluez-devel mailing list
Bluez-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bluez-devel

Re: [Bluez-devel] SDP queries when authentication/encryption are turned on

[Fred Schaettgen]

On Thursday 24 February 2005 11:43, Marcel Holtmann wrote:
> Hi Fred,
>
> > > if you set your device into security mode 3, then this is what you get.
> > > As I have often said, do this only when you know what you are doing and
> > > what does this imply.
> >
> > Marcel, why don't you simply put this often repeated sentence into a
> > comment in default hcid.conf right above auth/encrypt? If people are not
> > familiar with bluetooth, then it's reasonable to assume that you have to
> > enable this if you want any security at all. You don't expect everbody to
> > know what security mode 3 means and what the alternatives are, do you?
>
> there is a comment that this is security mode 3, but actually this does
> not prevents for its misuse and the later complaints. Problem is that
> Bluetooth is still a complex technology and if you change defaults you
> should understand what you are doing. However I always accept patches
> that extends the manual pages with more details about it.

"should understand what you are doing"? Well, obviously this is wishful 
thinking. You should really comment these settings right in the hcid.conf or 
at least referr to the manpage. Then it's nearly impossible to change these 
settings without reading the warnings about it. Not everyone will look into a 
manpage, you should be more pragmatic here. It's your time that is wasted 
with these questions after all ;)

Fred

-- 
Fred Schaettgen
bluez-devel@schaettgen.de


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Bluez-devel mailing list
Bluez-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bluez-devel

Re: [Bluez-devel] SDP queries when authentication/encryption are turned on

[Marcel Holtmann]

Hi Fred,

> > > > if you set your device into security mode 3, then this is what you get.
> > > > As I have often said, do this only when you know what you are doing and
> > > > what does this imply.
> > >
> > > Marcel, why don't you simply put this often repeated sentence into a
> > > comment in default hcid.conf right above auth/encrypt? If people are not
> > > familiar with bluetooth, then it's reasonable to assume that you have to
> > > enable this if you want any security at all. You don't expect everbody to
> > > know what security mode 3 means and what the alternatives are, do you?
> >
> > there is a comment that this is security mode 3, but actually this does
> > not prevents for its misuse and the later complaints. Problem is that
> > Bluetooth is still a complex technology and if you change defaults you
> > should understand what you are doing. However I always accept patches
> > that extends the manual pages with more details about it.
> 
> "should understand what you are doing"? Well, obviously this is wishful 
> thinking. You should really comment these settings right in the hcid.conf or 
> at least referr to the manpage. Then it's nearly impossible to change these 
> settings without reading the warnings about it. Not everyone will look into a 
> manpage, you should be more pragmatic here. It's your time that is wasted 
> with these questions after all ;)

even if I put a big explanation into the config file, people still will
do it wrong. Actually I think of removing some commands from the example
config file and only mentions their existens in the manual page or in
the source code.

Regards

Marcel




-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Bluez-devel mailing list
Bluez-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bluez-devel