| [cf-dev] Request/Response matching for DTLS-Secured exchange |
|
Hi, I would like to implement the request/response matching on DTLS-Secured CoAP. If I well understand the code : Currently californium does not manage it at all. It only do the matching on peer address and token, As it was describe in the spec for non secured exchange : 5.3.2. Request/Response Matching Rules ".... The source endpoint of the response MUST be the same as the destination endpoint of the original request. ... ... In a piggybacked response, the Message ID of the Confirmable request and the Acknowledgement MUST match, and the tokens of the response and original request MUST match. In a separate response, just the tokens of the response and original request MUST match ..." For DTLS-Secured exchange the spec say : 9.1.1. Messaging Layer "... The following rules are added for matching an Acknowledgement message or Reset message to a Confirmable message, or a Reset message to a Non-confirmable message: The DTLS session MUST be the same, and the epoch MUST be the same. ... " 9.1.2. Request/Response Layer "... The following rules are added for matching a response to a request: The DTLS session MUST be the same, and the epoch MUST be the same. ..." I know there have been some discussions about the epoch constraint which could be too strict. And something like the "same session and the same cipher suite" could be acceptable. The "source/destination endpoint matching" constraints should not be needed too in secured exchange. Does it sounds good for you ? Simon |