[dev] Not able to access the non-secure resource registered into the IoTivity with Secured mode

Thu, 26 Nov 2015 18:23:01 +0900 

Dear IoTivity-Security Maintainer,



I have found that the non-secure resource registered into the IoTivity Stack
with "Secured" mode cannot be accessed through the network.

Here is the code snippet that I'm using.



Case 1. Non-Secured Resource with Discoverable Property

     OCStackResult ret = OCCreateResource(&m_Handle, 

                                                  resource_Type,

                              resource_Interface,

                                                  resource_URI,

                             eh,

                                                NULL,

                             OC_DISCOVERABLE|OC_OBSERVABLE);



Case 2. Non-Secured Resource with Not-Discoverable Property

     OCStackResult ret = OCCreateResource(&m_Handle, 

                                                  resource_Type,

                              resource_Interface,

                                                  resource_URI,

                             eh,

                                                NULL,

                             OC_ACTIVE);



Remind that I didn't put "OC_SECURE" flag when I register my resource in
both cases.

And when I broadcast discovery message, the HOST address of the found
non-secure resource (Case 1) in the response message was
"coaps://xxx.xxx.xxx.xxx:yyyy".

Moreover, the resource client was not able to access(receiving response by
sending GET/POST requests) to that resource in both cases if it does not
execute the "Provisioning" process.



Question is 

1.     "Is it right to use scheme type "coaps" in host information of the
un-secured resource if the server uses the IoTivity stack with "Secured"
mode?".

2.     "Is it right handling if not sending response back to the request on
the non-secure resource if the server uses the IoTivity stack with "Secured"
mode?"



Seems like "coap" was used in the "Non-Secured" mode and "coaps" in the
"Secured" mode of the IoTivity stack by default.

I think the scheme should be "coap" in the response from non-secure resource
regardless of the IoTivity mode(secured vs. non-secured) if the app.
developer register the resource without "OC_SECURE" flag intentionally.

However, I just want to check whether this is intended design or not, and if
it's not intended, I would like to create a jira ticket for this.

I will be appreciated if you, IoTivity-Security Maintainer, share us some
explanation on this issue. :)



Thank you.

Jay.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: 
<http://lists.iotivity.org/pipermail/iotivity-dev/attachments/20151126/5b714697/attachment.html>

Reply via email to