On Thu, Jan 3, 2019, 10:37 AM Nathan Heldt-Sheller < nathan.heldt-shel...@intel.com wrote:
> Thanks Mats, > > > > Yes, for sure agree with you. I have a security primer document for > device vendors (see here > <https://openconnectivity.org/wp-content/uploads/2018/06/4.-Security-Introduction-Architecture.pdf>; > this doc is also on the list of links in the getting started page > <https://iotivity.org/getting-started>) but it doesn’t quite hit this > level of detail on certificate types. I was hoping we would have a clean > reference Onboarding Tool/OBT to illustrate proper use of certificates, > because the number of possible valid configurations is very high. But > additional documentation on this particular area is probably important > since the OBT that illustrates cert provisioning may not be available for > another few months. > The msg you just sent to George would be a great start. Nice and clear, thanks. G > > > Khaled, would you be willing to send this group just the top level 4 or 5 > (or 10!) items you had to “discover” in order to get things working? I’ll > polish and add your list to the primer document, or possibly to the getting > started FAQ > <https://wiki.iotivity.org/getting_started_troubleshooting_and_faq> (if > it’s IoTivity Specific). > > > > Thanks, > Nathan > > > > > > > > > > > > -----Original Message----- > From: iotivity-dev@lists.iotivity.org [mailto: > iotivity-dev@lists.iotivity.org] On Behalf Of Mats Wichmann > Sent: Thursday, January 3, 2019 8:06 AM > To: Heldt-Sheller, Nathan <nathan.heldt-shel...@intel.com> > Cc: iotivity-dev <iotivity-dev@lists.iotivity.org> > Subject: Re: [dev] Certificate-based credential (DTLS fails to find cipher > suite) > > > > On 1/3/19 8:46 AM, Nathan Heldt-Sheller wrote: > > > Thank you Aleksey and Khaled for the great troubleshooting work. One > important point: the “mutual cert” configuration (using same cert as both > “mfgtrustca” and “trustca” type) is suggested for testing purposes only. A > real product would not want to use the same Root Cert for OTM and for > normal D2D authentication, as it would create a potential attack vector. > The OBT is responsible for configuring the Device correctly in this manner, > but this is something to note for those of us playing around with Certs. > > > > > > I assume that all of this stuff can be gleaned from reading the security > specification, but as a long-time spec writer I know reading the specs is > not what we want to do. They are there for verifying the details of an > implementation, and setting up tests, but otherwise they are not really for > general consumption. > > > > So we will want to capture these findings, and other setup instructions, > in a more "accessible" place, no? > > > > > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#10130): https://lists.iotivity.org/g/iotivity-dev/message/10130 Mute This Topic: https://lists.iotivity.org/mt/28611921/21656 Group Owner: iotivity-dev+ow...@lists.iotivity.org Unsubscribe: https://lists.iotivity.org/g/iotivity-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
