[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: A reported error / bug in MQTT Version 3.1.1 Plus Errata 01
Fette, I. and A. Melnikov, "The WebSocket Protocol", RFC 6455, December 2011.
The CONNECT Packet contains Username and Password fields. Implementations can choose how to make use of the content of these fields. They may provide their own authentication mechanism, use an external authentication system such as LDAP [RFC4511] or OAuth [RFC6749] tokens, or leverage operating system authentication mechanisms.
Implementations passing authentication data in clear text, obfuscating such data elements or requiring no authentication data should be aware this can give rise to Man-in-the-Middle and replay attacks. Section 5.4.5 introduces approaches to ensure data privacy.
A Virtual Private Network (VPN) between the Clients and Servers can provide confidence that data is only being received from authorized Clients.
Where TLS [RFC5246] is used, SSL Certificates sent from the Client can be used by the Server to authenticate the Client.
--Hi there,I'm not sure whether it's really a typo.But, the 'TLS [RFC5246]', line 1488 actually points to [RFC6455], line 70, which just following the right one.It actually confused me and took me some time to figure it out, though may not be a serious issue.
To learn more about MQTT please visit http://mqtt.org
---
You received this message because you are subscribed to the Google Groups "MQTT" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mqtt+unsubscribe@googlegroups.com .
To post to this group, send email to mqtt@googlegroups.com.
Visit this group at https://groups.google.com/group/mqtt .
For more options, visit https://groups.google.com/d/optout .
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]