[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [OASIS Issue Tracker] (MQTT-469) Non-normative comment on optional CONNACK
[ https://issues.oasis-open.org/browse/MQTT-469?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=66659#comment-66659 ]
Ken Borgendale commented on MQTT-469:
-------------------------------------
This was the result of a particular security concern raised about scanners trolling for MQTT servers. This advice is in non-normative text and was put there as the result of a TC discussion. We can of course change it but not without having another TC discussion.
> Non-normative comment on optional CONNACK
> -----------------------------------------
>
> Key: MQTT-469
> URL: https://issues.oasis-open.org/browse/MQTT-469
> Project: OASIS Message Queuing Telemetry Transport (MQTT) TC
> Issue Type: Improvement
> Components: edits
> Affects Versions: 5, wd14
> Reporter: Konstantin Dotchkoff
> Priority: Minor
> Fix For: 5, wd14
>
>
> Line 1373-1374:
> "it is advised that the Server does not to send a CONNACK at all, ..."
> --> "the Server may choose to not send a CONNACK at all,..."
> The non-normative comment talks about processing sensitive data, which may or may not be related to DOS attacks. Even if the Server doesn't process sensitive data, DOS attack may have high business impact.
> Advising what to do is too strong statement, w/o the specific context. Saying, a Server could do it if there is such a concerns is more appropriate, and explains enough why a CONNACK is an optional packet.
> This issue was originally reported in MQTT-417, which doesn't seem to be applied in WD14.
--
This message was sent by Atlassian JIRA
(v6.2.2#6258)
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]