Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [cf-dev] Request/Response matching short term concern 
> Using the exchangesByToken map also allows real per-endpoint tokens.
> Question is now, if we should be strict and add the remote address back
> into KeyToken or leave it to allow for changing IP addresses during
> observe (when using CoAP without DTLS). It is somewhat a security
> issue, but it actually starts with not using DTLS...
> 
> What do you think?

[Hudalla Kai (INST/ESY)] I think it makes sense to provide a way for people to use changing IP addresses in a non-DTLS scenario as well.
If you want to make sure nobody can eavesdrop your data you should use DTLS and Simon has done a great job in making session resumption work providing exactly this capability to DTLS enabled scenarios with changing (client) IP addresses.
+1 from my point of view for your approach ...

Kai

Back to the top