On Friday 24 July 2015 16:39:06 Light, John J wrote: > 4. Going forward, I believe all uses of IoTivity will need to be > secure. I didn?t see any mention of security in the routing proposal, but > I did see weaknesses with respect to security which will require some > rethinking. More on that below. > > 5. I believe the attempt to handle routing within the CoAP framework > will create problems. Among the problems is that doing so requires that > the routed CoAP messages will need to be decrypted and encrypted at each > gateway. This requires establishing separate trusted relations with every > intermediate node, which adds considerable overhead, and results in lower > overall security, as each intermediate node becomes an attack surface.
I'll point out that decrypting at every node is not called "routing". It's called "proxying" and proxies usually handle the requests at the application layer, not the transport / session layers. Proxying of devices in other networks is indeed a feature we need in OIC & IoTivity. In fact, we can go further and use proxying to bridge technologies, so simple clients could talk to other devices that might speak ZigBee, ZWave, AllSeen, etc protocols. This way, we could "bridge" the multiple networks together. Last I checked, this was being discussed in two separate proposals. One was the Directory Service and the -- the actual proxying -- had a name I can't exactly remember. Probably Virtual Resource. [1] "bridge" in quotes because bridging is also a term used in networking and sits at a lower layer than routing. -- Thiago Macieira - thiago.macieira (AT) intel.com Software Architect - Intel Open Source Technology Center
