OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

mqtt message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [OASIS Issue Tracker] (MQTT-261) Add a CONNACK return code for 'Upgrade to TLS'

    [ https://issues.oasis-open.org/browse/MQTT-261?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=62907#comment-62907 ] 

Ken Borgendale commented on MQTT-261:

The problem with this return code on CONNACK is that if the user has already sent credentials on the CONNECT, telling him to use a secure connection is too late and the breach has already occurred.

Otherwise this is just a sort of subclass of not-authorized specifically informing the user that the connection is rejected because a secure connection is required.  If we add this return code it should be a bit more generic such as "A secure connection is required".  There are certainly a number of ways to get a secure connection and TLS is just one of them. There are a dozen other reasons that a connection could fail for authentication related issues such as no acceptable ciphers, no client cert, expired client cert, not long enough key, unsupported curve, etc.  If we are trying to inform the developer of the client about what failed, then it seems better to just return a string where we can put in replacement data.  If we think the client application would take action on the return code then in makes sense to have a separate return code.  In this case it seems dangerous to have the client application first try a non-secure connection and then try a secure connection when told to.  I would therefore vote against including this return code, and would not implement this function.

> Add a CONNACK return code for 'Upgrade to TLS'
> ----------------------------------------------
>                 Key: MQTT-261
>                 URL: https://issues.oasis-open.org/browse/MQTT-261
>             Project: OASIS Message Queuing Telemetry Transport (MQTT) TC
>          Issue Type: Improvement
>          Components: futures
>    Affects Versions: 5
>            Reporter: Raphael Cohn
>            Assignee: Raphael Cohn
>            Priority: Critical
> Adding a CONNACK return code for 'Upgrade to TLS' makes it easier to share MQTT URIs and server endpoint details, as clients do not need to know in advance that MQTT servers require TLS. This avoids the need to have 'MQTT / MQTTS' service names.

This message was sent by Atlassian JIRA

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]