Missing peer identity/transport context checks ? #84
Comments
|
Good point, I think I did got your point. We definitely should add those checks. |
|
👍 We face same kind of issue a long time ago with Californium too. I will try to share some information about that. CoAP RFC says : For coap,
For coaps,
The CoAP over DTLS matching rule is really unclear and lead to real production issue especially with Coap Observe.
And also some missing RFC statement about block transfer : It seems that the specifications are not yet clear on this and that there are probably many real-world implementations and use cases based on very different assumptions, so I guess :
In my coap(s)+tcp java-coap transport based netty, I have a first try of this, see : |
When you receive a request you can look to TransportContext to get "identifiication" of foreign peer.
But I can see nothing (let me know if I'm wrong) for ensuring identity of foreign peer when sending a request.
I give an example to better understand the issue.
Imagine 2 peer (A and B) which act both as coap server and client in a dynamic IP environment (e.g. peer A is behind a NAT)
Now imagine peer A initiates a (D)TLS handshake, then send a coap request to peer B.
Peer B check its identity and store its IP to send request later.
Now a Peer C which get same address IP than peer A (maybe because of NAT expiration), initiates an (D)TLS handshake with different authorized credentials.
Now Peer B want to send a request to peer A with current API the message will go to peer C.
If we could set a TransportContext constraint on outgoing request, it could be checked by transport layer.
I'm not sure I'm clear, let me know if this need more explanation. 🙏
Note that this kind of check should also probably be done to :
The text was updated successfully, but these errors were encountered: