OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

mqtt message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [OASIS Issue Tracker] (MQTT-431) Review Re-authentication mechanism

    [ https://issues.oasis-open.org/browse/MQTT-431?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=66312#comment-66312 ] 

Richard Coppen commented on MQTT-431:

Reviewed with editors. Two options:

1. Leave as is. Clients typically initiate authentication.
2. Allow the server to send Auth (reauthentication) to clients

> Review Re-authentication mechanism
> ----------------------------------
>                 Key: MQTT-431
>                 URL: https://issues.oasis-open.org/browse/MQTT-431
>             Project: OASIS Message Queuing Telemetry Transport (MQTT) TC
>          Issue Type: Bug
>          Components: core
>    Affects Versions: 5, wd13
>            Reporter: Richard Coppen
>             Fix For: 5
> MQTT v5.0 introduces a new AUTH mechanism. This allows MQTT to bind with various authentication mechanisms such as SASL within the CONNECT / CONNACK exchange.
> In its current form the Client is permitted to flow an Auth Packet for re-authenication at any point. There are a few potential issues with this approach:
> 1. Implementations might exploit the AUTH flow for application data and control.
> 2. Only the Client can initiate the re-authentication. In many cases the Server is likely to coordinate Clients to refresh keys.
> 3. It is likely that existing deployments simply use DISCONNECT to coordinate re-authentication and this might lead to little uptake on re-auth.
> There are benefits to the current approach, for example in reducing bandwidth.

This message was sent by Atlassian JIRA

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]