[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [OASIS Issue Tracker] (MQTT-261) Add a CONNACK return code for 'Upgrade to TLS'
[ https://issues.oasis-open.org/browse/MQTT-261?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=62910#comment-62910 ]
Raphael Cohn commented on MQTT-261:
-----------------------------------
At the first face-to-face this year I suggested we should drop this as it is insecure; I actually thought we'd closed this issue! Additionally, I'd also like to strongly suggest we resist any attempt to add 'TLS upgrade' (a la LDAP or SMTP) to MQTT. The original reason this suggestion came from was the need to support more generic server redirects or lifetime changes; a client then did not need to know whether to use TLS or not and DNS SRV, etc, don't help. A broker endpoint is free to sniff the first few bytes and so use the same port for TLS and non-TLS MQTT if it so wants to.
> Add a CONNACK return code for 'Upgrade to TLS'
> ----------------------------------------------
>
> Key: MQTT-261
> URL: https://issues.oasis-open.org/browse/MQTT-261
> Project: OASIS Message Queuing Telemetry Transport (MQTT) TC
> Issue Type: Improvement
> Components: futures
> Affects Versions: 5
> Reporter: Raphael Cohn
> Assignee: Raphael Cohn
> Priority: Critical
>
> Adding a CONNACK return code for 'Upgrade to TLS' makes it easier to share MQTT URIs and server endpoint details, as clients do not need to know in advance that MQTT servers require TLS. This avoids the need to have 'MQTT / MQTTS' service names.
--
This message was sent by Atlassian JIRA
(v6.2.2#6258)
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]