[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [OASIS Issue Tracker] (MQTT-584) MQTT-SN integrity protection proposal
[ https://issues.oasis-open.org/browse/MQTT-584?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=79602#comment-79602 ] Simon Johnson commented on MQTT-584: ------------------------------------ # Questions about the nature of the algorithmÂselection bitfields - is 2 bits too restrictive # We addressed the scopeÂof the proposal - end to end versus message integrity - Simon suggested end2end would potentially mean changes to the core spec which could cause issues / blockers so agreed the scope was valid # The protection of all messages seemed overkill and technically challenging given that flags only exist on a subset of the message types; was suggested we only protect those messages with flags (PUBLISH, CONNECT, SUBSCRIBE, UNSUBSCRIBE, REGISTER) - needs consideration - does this still meet the securityÂrequirements (ie. if the ACKs are not protected could this mean DDos could now take place) - we need to come back on this point # The protection of all messages seemed overkill and technically challenging given that flags only exist on a subset of the message types; was suggested we only protect those messages with flags (PUBLISH, CONNECT, SUBSCRIBE, UNSUBSCRIBE, REGISTER) - needs consideration - does this still meet the securityÂrequirements (ie. if the ACKs are not protected could this mean DDos could now take place) - we need to come back on this point > MQTT-SN integrity protection proposal > ------------------------------------- > > Key: MQTT-584 > URL: https://issues.oasis-open.org/browse/MQTT-584 > Project: OASIS Message Queuing Telemetry Transport (MQTT) TC > Issue Type: New Feature > Components: MQTT-SN > Reporter: Simon Johnson > Assignee: Simon Johnson > Priority: Major > > Various entities have expressed a desire to bake in some level of security to the MQTT-SN protocol. The desire is to protect from common exploits, whilst adhering to the principals of designing for low power, low bandwidth devices. -- This message was sent by Atlassian Jira (v8.3.3#803004)
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]