Linux-Bluetooth Archive on
 help / color / Atom feed
From: ""  <>
To: "Gix, Brian" <>
Cc: "" <>,
	"" <>,
	"Stotland, Inga" <>
Subject: Re: [PATCH BlueZ 0/1] mesh: Add D-Bus Security for sensitive data
Date: Wed, 14 Aug 2019 23:20:41 +0200
Message-ID: <20190814212041.ty27uuyolyujaoqe@kynes> (raw)
In-Reply-To: <>


On 08/14, Gix, Brian wrote:
> I don't think so.... If a token is leaked, and we offer *any* kind of
> mechanism to export keys, then any permissions that the App with
> legitimate access to the token has, is then conferred on *any* entity
> that obtains access to the token.
> The only way around this is to not allow any access, by any apps, to
> any exportable keys....   or to secure access to the token.
No, not the only way.

We could require additional authentication before attached applicatino
can access export functionality - for example, check that user running
the application belongs to a certain group.

Michał Lowas-Rzechonek <>
Jasnogórska 44, 31-358 Krakow, POLAND

      reply index

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-08-14  1:43 Brian Gix
2019-08-14  1:43 ` [PATCH BlueZ 1/1] doc: Add Pub/Private ECC shared secret to obscure " Brian Gix
2019-08-14  8:14   ` Vallaster Stefan
2019-08-14  7:52 ` [PATCH BlueZ 0/1] mesh: Add D-Bus Security for " Michał Lowas-Rzechonek
2019-08-14 16:41   ` Gix, Brian
2019-08-14 20:52     ` michal.lowas-rzechonek
2019-08-14 21:02       ` Gix, Brian
2019-08-14 21:20         ` michal.lowas-rzechonek [this message]

Reply instructions:

You may reply publically to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190814212041.ty27uuyolyujaoqe@kynes \ \ \ \ \ \ \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-Bluetooth Archive on

Archives are clonable:
	git clone --mirror linux-bluetooth/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-bluetooth linux-bluetooth/ \
	public-inbox-index linux-bluetooth

Newsgroup available over NNTP:

AGPL code for this site: git clone public-inbox