Re: [cf-dev] Request for feedback on mixing different DTLS modes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [cf-dev] Request for feedback on mixing different DTLS modes

From: "Kraus Achim (INST/ECS4)" <Achim.Kraus@xxxxxxxxxxxx>
Date: Thu, 31 Aug 2017 10:23:59 +0000
Accept-language: de-DE, en-US
Delivered-to: cf-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/cf-dev>
List-help: <mailto:cf-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/cf-dev>, <mailto:cf-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/cf-dev>, <mailto:cf-dev-request@eclipse.org?subject=unsubscribe>
Thread-index: AQHTIKVWBU8Bo/NtxE29RuBxFRVhGKKeNeeA
Thread-topic: [cf-dev] Request for feedback on mixing different DTLS modes

Hello Ludwig,

I'm not sure, If I understand, what you want exactly to achieve.
 
Using branch 2.0, the CoapResource has:

	public void handleRequest(final Exchange exchange) 

overriding that you may access 

	exchange.getCurrentRequest().getSenderIdentity()

the senders identity and then check the instanceOf of that identity (e.g. PreSharedKeyIdentity or RawPublicKeyIdentity). 

So you could decide based on that identity to either call the "super.handleRequest()" or to response with an error.
  

Mit freundlichen Grüßen / Best regards

 Achim Kraus

(INST/ECS4) 
Bosch Software Innovations GmbH | Stuttgarter Straße 130 | 71332 Waiblingen | GERMANY | www.bosch-si.com

Sitz: Berlin, Registergericht: Amtsgericht Charlottenburg; HRB 148411 B 
Aufsichtsratsvorsitzender: Dr.-Ing. Thorsten Lücke; Geschäftsführung: Dr.-Ing. Rainer Kallenbach, Michael Hahn 



-----Original Message-----
From: cf-dev-bounces@xxxxxxxxxxx [mailto:cf-dev-bounces@xxxxxxxxxxx] On Behalf Of Ludwig Seitz
Sent: Dienstag, 29. August 2017 11:01
To: cf-dev@xxxxxxxxxxx
Subject: [cf-dev] Request for feedback on mixing different DTLS modes

Hello,

I'm trying to achieve a specific functionality which doesn't seem to be supported at the moment, and I'd like some input how to solve this (or why you think it's a bad idea):

I'd like a server where all resources except one are protected with DTLS-PSK, the exception resource could e.g. use DTLS-RPK or plain CoAP.

The reason for this is the work done at IETF in the ACE working group (https://datatracker.ietf.org/group/ace/). In short I need a way for a client that has no prior relationship to a server to submit some data (an access token) that establishes the DTLS-PSK they are going to use (among other things).

Regards,

Ludwig
--
Ludwig Seitz, PhD
Security Lab, RISE SICS
Phone +46(0)70-349 92 51
_______________________________________________
cf-dev mailing list
cf-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/cf-dev

Follow-Ups:
- Re: [cf-dev] Request for feedback on mixing different DTLS modes
  - From: Ludwig Seitz

References:
- [cf-dev] Request for feedback on mixing different DTLS modes
  - From: Ludwig Seitz

Prev by Date: [cf-dev] Request for feedback on mixing different DTLS modes
Next by Date: Re: [cf-dev] Request for feedback on mixing different DTLS modes
Previous by thread: [cf-dev] Request for feedback on mixing different DTLS modes
Next by thread: Re: [cf-dev] Request for feedback on mixing different DTLS modes
Index(es):
- Date
- Thread

Breadcrumbs