OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

mqtt message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [OASIS Issue Tracker] (MQTT-293) Review Section 3.1.4 CONNECT Response behaviour and Section 5 Security

    [ https://issues.oasis-open.org/browse/MQTT-293?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=63408#comment-63408 ] 

Ken Borgendale commented on MQTT-293:
-------------------------------------

I do not see that requiring the server to close the network connection conflicts with the TLS requirement to send a close.  That is simply part of the job of closing the network connection.  Depending on how messed up you think the TLS environment, you would either send or not sent this.

The current draft says that on a CONNECT error the server MAY send one of the Connect Return codes, and MUST close the network connection.  There are valid situations such as an unauthenticated connection where not returning a CONNACK is the correct thing to do.

There are a number of conditions for which TLS is not the appropriate way to secure the connection.  The examples you give of working within a closed system are hardly the only ones.  What we should stress is that it is important to have a strategy to secure the MQTT communications.  For internet type of situations the recommendation in commonly TLS.

I still do not believe that the MQTT spec is the correct place to deal with how to do security.  I agree that saying the connection should be secure is a good thing.

> Review Section 3.1.4 CONNECT Response behaviour and Section 5 Security
> ----------------------------------------------------------------------
>
>                 Key: MQTT-293
>                 URL: https://issues.oasis-open.org/browse/MQTT-293
>             Project: OASIS Message Queuing Telemetry Transport (MQTT) TC
>          Issue Type: Improvement
>          Components: core
>    Affects Versions: 5
>            Reporter: Richard Coppen
>
> Jira opened following discussion on TC call 11.08.2016
> Review Section 3.1.4 Connect / Response
> e.g., The Server MAY check that the contents of the CONNECT Packet meet any further restrictions and MAY perform authentication and authorization checks. If any of these checks fail, it SHOULD send an appropriate CONNACK response with a non-zero return code as described in section 3.2 and it MUST close the Network Connection.
> Review Section 5 (Security)



--
This message was sent by Atlassian JIRA
(v6.2.2#6258)

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]