linux-bluetooth.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: "Gix, Brian" <brian.gix@intel.com>
To: "michal.lowas-rzechonek@silvair.com" 
	<michal.lowas-rzechonek@silvair.com>,
	"anupam.r@samsung.com" <anupam.r@samsung.com>
Cc: "semun.lee@samsung.com" <semun.lee@samsung.com>,
	"dh79.pyun@samsung.com" <dh79.pyun@samsung.com>,
	"linux-bluetooth@vger.kernel.org"
	<linux-bluetooth@vger.kernel.org>,
	"Stotland, Inga" <inga.stotland@intel.com>
Subject: Re: Re: Regarding OOB authentication method & action for Mesh provisioner
Date: Mon, 2 Mar 2020 16:56:32 +0000	[thread overview]
Message-ID: <7686b0b5ec818946fef72d8eb438460898d53c40.camel@intel.com> (raw)
In-Reply-To: <20200302145518epcms5p7ec2da0403de9efa6733e12290f3cc80d@epcms5p7>

On Mon, 2020-03-02 at 20:25 +0530, Anupam Roy wrote:
> Hi Michal,
>  
> > --------- Original Message ---------
> > Sender : Michał Lowas-Rzechonek <michal.lowas-rzechonek@silvair.com>
> > Date : 2020-03-02 19:52 (GMT+5:30)
> > Title : Re: Regarding OOB authentication method & action for Mesh provisioner
> > 
> > Hi,
> > 
> > On 03/02, Anupam Roy wrote:
> > > Also, I would like to know, whether there is any plan to Request
> > > external provisioning Agent to choose Provisioning method & specific
> > > action?  The reason being, some *application* may be interested in a
> > > particular Security level & Authentication action, depending on its
> > > own I/O capabilities.
> > 
> > For the record, we also need this is functionality. One of the possible
> > scenarios is having a provisioner who doesn't have a reliable Internet
> > connection and might want to fall back to (less secure) OOB actions if
> > it cannot obtain OOB public key.
> > 
> > We've been planning to send a patch implementing a D-Bus API for that,
> > but it's not ready yet :(
> 
> Okay, that would be nice & and will it allow application to choose both a) "OOB Pub Key(With/Without)" as
> well as  b)"OOB Auth Methods(IN/OUT/Static/No OOB) & Actions(Blink/Beep/Vibrate/Num/alpha etc.)"?

The original plan for this was that an Agent defines it's Capabilities d-bus properties to indicate the OOB
methodologies it is willing to support *for that session*. If you *sometimes* want to support "static-oob" or
"public-oob" (for instance, to do a Certificate lookup via a WAN) then for that session, those capabilities
should be included in the Agent's Capabilities array...   and if the WAN is offline, and Certificates can't be
retrieved, then leave that capability out.

Otherwise, yes...  The *initiator* daemon then looks at the capabilities of the remote unprovisioned device,
and the capabilities of the local agent, and chooses the highest security method that can be supported between
the two devices.  But the list of available methods is still under the control of the App.

> 
> > regards
> > -- 
> > Michał Lowas-Rzechonek <michal.lowas-rzechonek@silvair.com>
> > Silvair 
> > https://protect2.fireeye.com/url?k=bcd496bf-e1422fc8-bcd51df0-0cc47a312ab0-f5d986cca20e804f&u=http://silvair.com/
> > Jasnogórska 44, 31-358 Krakow, POLAND

  reply	other threads:[~2020-03-02 16:56 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <CGME20200302125344epcms5p3e31d97ef6263e0513b94f6306536269b@epcms5p3>
2020-03-02 12:53 ` Regarding OOB authentication method & action for Mesh provisioner Anupam Roy
2020-03-02 14:22   ` Michał Lowas-Rzechonek
     [not found]   ` <CGME20200302125344epcms5p3e31d97ef6263e0513b94f6306536269b@epcms5p7>
2020-03-02 14:55     ` Anupam Roy
2020-03-02 16:56       ` Gix, Brian [this message]
2020-03-02 17:15         ` Stotland, Inga
2020-03-02 17:31           ` Gix, Brian
2020-03-03  8:55             ` michal.lowas-rzechonek
     [not found]         ` <CGME20200302125344epcms5p3e31d97ef6263e0513b94f6306536269b@epcms5p1>
2020-03-03  9:18           ` Re: " Anupam Roy
2020-03-03 18:26             ` Gix, Brian
     [not found]             ` <CGME20200302125344epcms5p3e31d97ef6263e0513b94f6306536269b@epcms5p4>
2020-03-04 14:52               ` Anupam Roy
2020-03-27 13:47               ` RE: Re: Mesh Key Refreshment procedure from Config client Anupam Roy
2020-03-30  6:04                 ` Stotland, Inga
     [not found]                 ` <CGME20200302125344epcms5p3e31d97ef6263e0513b94f6306536269b@epcms5p5>
2020-03-31  8:05                   ` Anupam Roy
2020-03-27  5:35           ` Anupam Roy
     [not found] <20200326144743epcms5p401053700dae86ae93749df5fc77a2807@epcms5p4>
     [not found] ` <20200304153920epcms5p47e26659f715177b0244f18c71e4b5fed@epcms5p4>
     [not found]   ` <CGME20200302125344epcms5p3e31d97ef6263e0513b94f6306536269b@epcms5p2>
2020-03-26 14:52     ` Anupam Roy
2020-03-27  5:10       ` Stotland, Inga

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=7686b0b5ec818946fef72d8eb438460898d53c40.camel@intel.com \
    --to=brian.gix@intel.com \
    --cc=anupam.r@samsung.com \
    --cc=dh79.pyun@samsung.com \
    --cc=inga.stotland@intel.com \
    --cc=linux-bluetooth@vger.kernel.org \
    --cc=michal.lowas-rzechonek@silvair.com \
    --cc=semun.lee@samsung.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).