ccollins476ad edited a comment on issue #726: [DO NOT MERGE] host: Don't allow unauth pairing if MITM protection required URL: https://github.com/apache/mynewt-nimble/pull/726#issuecomment-572598704 I think the fix I described in my last comment works, so we can close this PR. I wonder if there is a user-friendliness issue here though (I have no idea what the solution is). It might just be me, but I don't think it's obvious that the stack allows unauthenticated pairing when it is configured to use authentication. In my mind if you configure the stack to use authentication, you want to reject unauthenticated attempts (otherwise why even allow authentication?). EDIT: Actually, I can understand why a device might allow both authenticated and unauthenticated pairing. Some characteristics might require more security than others. That alone isn't too bad, but my real concern is that it is easy to overlook such a security vulnerability. Most Bluetooth devices won't attempt JustWorks if the nimble device sets `mitm=1`, so this problem never gets detected. Again, I don't know what the solution is. Maybe just a big disclaimer in the documentation about it being the application's responsibilty to check the authenticated state if it cares about it?
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
