-
Notifications
You must be signed in to change notification settings - Fork 52
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Should an update registration request fail if LWM2M server changes security credentials( e.g. PSK ) after client registration ? #126
Comments
We discussed this topic at the OMA interim meeting in Paris and we came up with the following conclusion. We believe that the action by the LWM2M server in this case are policy dependent. This means an implementation may require the DTLS security context to be torn down when the long-term credentials are changed. Another implementation may allow the existing security context to be kept alive and to make use of the newly configured credential only once a new connection is established. |
Thanks. Will the above be written to the spec or it will continue to be unmentioned ? If yes, shall I keep issue open till it is written ? |
Do you think it was confusing to state it? Because if it's not written, it's clear it's up to the implementation to handle PSK lifecycle. If someone have the same question in the future they can refer to this discussion. |
I added some text to Section 7 to capture this issue. Here is the text I suggest to add: " Here is my proposed CR: Does this work for you? |
@jvermillard I could be easily wrong in the following. I see it as a limitation to LwM2M spec caused by how DTLS works. For some one who doesn't know DTLS handshakes, could see it like " the logon password has changed and if the user had logged in earlier, he/she can still login with the old password ". In that case, I feel it is better the exception being made to account for DTLS handshakes is in spec. |
It appears currently the specification doesn't specify behavior for the below case. Please consider specifying the behavior in the below.
The text was updated successfully, but these errors were encountered: