Abhishek, The current use of assigned numbers in the security code violates Internet conventions, so it must change. I have written about this, and I am incorporating the needed infrastructure changes in the IPv6 rewrite of the IP Adapter. Once the IP Adapter is merged, the security code can be re-aligned to use sockets differently. John Light
From: Abhishek Sharma [mailto:[email protected]] Sent: Friday, June 26, 2015 2:05 AM To: Agrawal, Sachin; Light, John J; hyuna jo Cc: iotivity-dev at lists.iotivity.org Subject: Re: [dev] dtls issue for "IP address plumbing changes to support IPv6" changed Hi Sachin Yes as per the change, if a fixed port is requested, it is shared with other applications. This was also suggested in review comments. Query: Is it ok to have secure communication on any other port than the mandated 5684 ? If yes, we can patch caipserver to not set "reuse_address" option when secure unicast port is requested. In any case, this should not affect if client and server are running on different machines. Hyuna, can you update your test scenario ? Regards Abhishek Sharma ------- Original Message ------- Sender : Agrawal, Sachin<sachin.agrawal at intel.com<mailto:sachin.agrawal at intel.com>> Date : Jun 26, 2015 05:39 (GMT+05:30) Title : Re: [dev] dtls issue for "IP address plumbing changes to support IPv6" changed Hi Hyuna, It seems there was a recent check-in in master which made all the apps (Client and Server) running on the same machine acquiring secure port ?5684?. https://gerrit.iotivity.org/gerrit/#/c/1338/ This seems to have broken Security. I need to go and pick up my kid from day-care. I will investigate further tonight. Thanks Sachin 503-264-8071 From: iotivity-dev-bounces at lists.iotivity.org<mailto:iotivity-dev-bounces at lists.iotivity.org> [mailto:[email protected]] On Behalf Of Light, John J Sent: Thursday, June 25, 2015 9:26 AM To: hyuna0213.jo at samsung.com<mailto:hyuna0213.jo at samsung.com> Cc: iotivity-dev at lists.iotivity.org<mailto:iotivity-dev at lists.iotivity.org> Subject: Re: [dev] dtls issue for "IP address plumbing changes to support IPv6" changed Hyuna Jo, Please provide additional information about the failure. Sachin verified that the DTLS code works at some level, so in order to answer your request, I will need to know what doesn?t work for you. John From: ??? [mailto:[email protected]] Sent: Thursday, June 25, 2015 3:03 AM To: Light, John J Cc: iotivity-dev at lists.iotivity.org<mailto:iotivity-dev at lists.iotivity.org> Subject: [dev] dtls issue for "IP address plumbing changes to support IPv6" changed Dear John Light Hi, I'm Hyuna Jo who is one of developers for CA. I have taken the latest code and trying to build dtls for linux platform. But dtls for linux is not working after "IP address plumbing changes to support IPv6" is merged in master branch. CATransportFlags_t structure has been added. And I understood that the CA_SECURE be used to send the secure message. So, I modified the CA sample to use the CA_SECURE when creating CACreateEndpoint. Despite modifications, dtls is not working still. Please check the dtls and if it is woking fine with RI samples, please give me the information for fixing the CA sample application. Regards, Hyuna Jo [cid:image001.gif at 01D0AFE2.0FECEF00] [http://ext.samsung.net/mailcheck/SeenTimeChecker?do=929864819710bd59eb61377a280ed78874b5d64262574b140afd4d5ab3290520a0d230ab136794643256a73227592257c7b41e955949e5c8a728c55b39cc59eacf878f9a26ce15a0] -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.iotivity.org/pipermail/iotivity-dev/attachments/20150626/c8b959eb/attachment.html> -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.gif Type: image/gif Size: 13168 bytes Desc: image001.gif URL: <http://lists.iotivity.org/pipermail/iotivity-dev/attachments/20150626/c8b959eb/attachment.gif>
