OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

mqtt message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [OASIS Issue Tracker] (MQTT-293) Review Section 3.1.4 CONNECT Response behaviour and Section 5 Security

    [ https://issues.oasis-open.org/browse/MQTT-293?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=63410#comment-63410 ] 

Raphael Cohn commented on MQTT-293:
-----------------------------------

Thanks Ken.

Regarding TLS close_notify, I think it'd be wise to just be a bit clearer, and perhaps point out what 'closing the network connection' means for the underlying transport.

I recall a conversation when drafting MQTT 3.1.1 about restricting what we added about TLS, etc, to the spec. The consensus then was to not start getting into a process of defining TLS 'profiles' (eg this cipher, that HMAC, etc), and I'm happy to stay with that decision. A large part of the TLS stuff could be dealt with by committee note. The ALPN protocol stuff can't, as I understand it, because we'll need to point IANA at a spec.

I agree TLS isn't the only game in town, although, flawed as it is, it is probably well and ahead the default choice... Indeed, there's even an argument for using TLS atop an IPSec, to prevent disclosing SNI names and cipher suite choices to a network administrator...

> Review Section 3.1.4 CONNECT Response behaviour and Section 5 Security
> ----------------------------------------------------------------------
>
>                 Key: MQTT-293
>                 URL: https://issues.oasis-open.org/browse/MQTT-293
>             Project: OASIS Message Queuing Telemetry Transport (MQTT) TC
>          Issue Type: Improvement
>          Components: core
>    Affects Versions: 5
>            Reporter: Richard Coppen
>
> Jira opened following discussion on TC call 11.08.2016
> Review Section 3.1.4 Connect / Response
> e.g., The Server MAY check that the contents of the CONNECT Packet meet any further restrictions and MAY perform authentication and authorization checks. If any of these checks fail, it SHOULD send an appropriate CONNACK response with a non-zero return code as described in section 3.2 and it MUST close the Network Connection.
> Review Section 5 (Security)



--
This message was sent by Atlassian JIRA
(v6.2.2#6258)

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]