Hi Gregg, If the local filesystem is not secure (e.g. Android) then yes, it’s a Device/Implementation-specific task to encrypt the Security Virtual Resources when storing. This is clearly and loudly spelled out in the “Best Security Practices” document that Vendors have to read (and initial that they’ve read) as part of Device Certification.
The reason we just didn’t “do for everyone” is because it’s very much platform and device and use model specific. Thanks, Nathan From: [email protected] [mailto:[email protected]] On Behalf Of Gregg Reynolds Sent: Sunday, January 14, 2018 12:09 PM To: iotivity-dev <[email protected]> Subject: [dev] Security bug? Iotivity reads security resources from any ol' file the user provides (the foo.dat file). Is this a security bug? See https://wiki.sei.cmu.edu/confluence/plugins/servlet/mobile?contentId=87152134#content/view/87152134
_______________________________________________ iotivity-dev mailing list [email protected] https://lists.iotivity.org/mailman/listinfo/iotivity-dev
