From: Cigdem Sengul <cigdem.sen...@gmail.com>
Sent: Monday, August 17, 2020 10:45 AM
To: Jim Schaad <i...@augustcellars.com>
Cc: draft-ietf-ace-mqtt-tls-prof...@ietf.org; Ace Wg <ace@ietf.org>
Subject: Re: [Ace] Review of draft-ietf-ace-mqtt-tls-profile-06
I've got that from MQTT v5 spec:
If a Client sets an Authentication Method in the CONNECT, the Client MUST NOT
send any packets other than AUTH or DISCONNECT packets until it has received a
CONNACK packet [MQTT-3.1.2-30].
and:
If the Server rejects the CONNECT, it MUST NOT process any data sent by the
Client after the CONNECT packet except AUTH packets [MQTT-3.1.4-6].
[JLS] I read this as the following would not do the publish
CONNECT -->
PUBLISH -->
<-- AUTH
AUTH -->
<-- CONNACK fail
The PUBLISH can be received but is not processed unless the CONNACK is going to
be a success.
[/JLS]
[CS] I think this sequence should not happen, as Client MUST NOT send PUBLISH
before CONNACK.
I did not know what brokers do if they receive PUBLISH (and still processing a
CONNECT) - drop or buffer until process. I quickly browsed mosquitto src.
It looks like the broker sets a context flag to mark the session active after
CONNECT is processed and accepted.
If this flag is not set when processing publish, it goes to an error state and
doesn't look like it keeps the packet.
[JLS] No, Clients are allowed to send further MQTT Control Packets immediately
after sending a CONNECT packet; Clients need not wait for a CONNACK packet to
arrive from the Server. – this is the preceding two sentences to requirement
MQTT-3.1.4-6. I would agree that this is going to be server specific. The
following paragraph suggests that clients SHOULD wait for the CONNACK but it is
non-normative. I think that I would write my client code to wait. I would
have to work really hard to figure out what my code base would do for this as I
know it does queue packets for later processing but I am not sure what it would
do for this case.
[CS] Ok, this is confusing. I assumed that sentence regarding clients about
not having to wait was when no Authentication Method set.
Because there is: If a Client sets an Authentication Method in the CONNECT, the
Client MUST NOT send any packets other than AUTH or DISCONNECT packets until it
has received a CONNACK packet [MQTT-3.1.2-30].
In the profile, we do set an authentication method in connect to "ace".
[JLS] Looks like there might be some conflicting statements here. I don’t know
the best way to resolve it.
Jim
--Cigdem
_______________________________________________
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace
