andrzej-kaczmarek commented on issue #726: [DO NOT MERGE] host: Don't allow unauth pairing if MITM protection required URL: https://github.com/apache/mynewt-nimble/pull/726#issuecomment-572612461 Correct, you can check `authenticated` flag to see if link is authenticated and unlock device. Also if at least one device set mitm=1, then pairing method is determined by IO capabilities so assuming you pair with a phone which should have `KeyboardDisplay`, setting `DisplayOnly` on your side should always trigger Passkey Entry pairing which results in an authenticated key. If remote device forced Just Works, you should be able to force MITM by initiating pairing once more, as per spec (Core 5.1, Vol 3, Part C, 10.3.2): > If an authenticated pairing is required but only an unauthenticated pairing has occurred and the link is currently encrypted, the pairing procedure should be executed with the required authentication settings. If the pairing procedure fails, or an authenticated pairing cannot be performed with the IO capabilities of the local device and remote device, then the service request shall be aborted. I do not think there is an issue here. IMO it's more user-friendly that Just Works is triggered if service does not require authenticated link. If it does, authenticated pairing should be triggered automatically. In your case it looks like an issue because as I understand you do not need to access any particular service and just want to trigger certain pairing method - that is not really an use-case for LE link in GAP spec since it defines behavior for either initiating local or remote service, i.e. accessing L2CAP channel or GATT service.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
