You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@mynewt.apache.org by GitBox <gi...@apache.org> on 2020/01/09 14:31:11 UTC

[GitHub] [mynewt-nimble] ccollins476ad commented on issue #726: [DO NOT MERGE] host: Don't allow unauth pairing if MITM protection required

ccollins476ad commented on issue #726: [DO NOT MERGE] host: Don't allow unauth pairing if MITM protection required
URL: https://github.com/apache/mynewt-nimble/pull/726#issuecomment-572586514
 
 
   The use case is this:
   
   A device ships locked.  The user can only unlock the device by pairing with it.  Pairing requires a passkey that the user gets from the vendor web site after logging in and authenticating.
   
   The application sets mitm=1.  I assumed this meant that JustWorks pairing would never occur.  The application unlocks the device as soon as the connection changes its state to "encrypted".
   
   I don't see a means for the application to abort the pairing procedure when the peer indicates that it will be using an unauthenticated algorithm.  The application has to allow pairing to succeed, but then it can inspect the `authenticated` flag to determine if it should unlock the device, is this correct?  I hadn't noticed the `authenticated` member of `struct ble_gap_sec_state`! 

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services