[dev] Basic questions on IoTivity security

2016-11-29 Thread Prakash Karthikeyan 

Hi Max,
With my experience in working with IoTivity, the secured flag is not going to 
change anything in maximum general server/client examples provided. 
You can find these general examples in /out/../../resource/examples
1. The secured flag is meant to create a resource with options to communicate 
via a secured channel using tinyDTLS or mbedTLS. 
These are mentioned in SVR's while creating a resource.
There are different steps involved before the regular communications with the 
server created with secured flag (On-Boarding, Provisioning etc.,). Hope this 
link helps you to find out different steps in that. 
Link: https://openconnectivity.org/wp-content/uploads/2016/01/Habib-Virji.pdf
The examples when you build using the secured flag are mentioned in the PDF 
from above link. 
2. The server which is created with secured flag needs Storage, Ownership 
transfer method etc., Which are not implemented in regular server/client 
examples.
Non-Secured and Secured UDP communication ports are different and mentioned in 
the specs.
You can go through scons files under different folders to findout which files 
are included when building with SECURED=1 flag.
Hope above details answers your question.
--
Regards,
Karthikeyan Prakash
Blog: http://goo.gl/mN65Dl Tuesday, 29 November 2016, 09:31PM +05:30 from Max 
Kholmyansky  max001 at gmail.com :

>Hi,
>
>2 basic questions:
>
>1. What's the exact difference between SECURED=1 and SECURED=0 compiled 
>library versions?
>Is "1" a superset of ?"0"? Implementing a different behavior? What exactly "0" 
>cannot do?
>
>2. If a server resource is created as "secure" (with?OC_SECURE flag):
>I understand it means that "it can be accessed in both non-secure and secure 
>(DTLS) way" - right?
>If this is the case, how does the IoTivity client determine whether or not to 
>use encryption?
>
>Thanks in advance,
>
>Max
>
>Software Architect - Tekoia Ltd.
>___
>iotivity-dev mailing list
>iotivity-dev at lists.iotivity.org
>https://lists.iotivity.org/mailman/listinfo/iotivity-dev
-- next part --
An HTML attachment was scrubbed...
URL:

[dev] Basic questions on IoTivity security

2016-11-29 Thread Thiago Macieira 
On ter?a-feira, 29 de novembro de 2016 18:01:48 PST Max Kholmyansky wrote:
> Hi,
> 
> 2 basic questions:
> 
> 1. What's the exact difference between SECURED=1 and SECURED=0 compiled
> library versions?
> Is "1" a superset of  "0"? Implementing a different behavior? What exactly
> "0" cannot do?

SECURED=0 is a debug mode. It disables a lot of functionality, including 
encryption, just so you can develop your application.

Such application must never be deployed. It will never pass OCF certification.

What's more, a SECURED=0 application will not interoperate with SECURED=1 
applications. In order for you to test an application with real devices (when 
those exist), you'll need SECURED=1

> 2. If a server resource is created as "secure" (with OC_SECURE flag):
> I understand it means that "it can be accessed in both non-secure and
> secure (DTLS) way" - right?

The other way around: it can only be accessed in secured way. If the flag is 
absent, then IoTivity allows it to be accessed without DTLS.

Note that allowing access outside of DTLS is out of scope of the OCF 
specification. I don't remember whether that will also cause a certification 
failure. Either way, you should not have devices without the OC_SECURE flag.

> If this is the case, how does the IoTivity client determine whether or not
> to use encryption?

I think you should not ask the question.

Instead, use encryption, period.

-- 
Thiago Macieira - thiago.macieira (AT) intel.com
  Software Architect - Intel Open Source Technology Center

[dev] Basic questions on IoTivity security

2016-11-29 Thread Max Kholmyansky 
Hi,

2 basic questions:

1. What's the exact difference between SECURED=1 and SECURED=0 compiled
library versions?
Is "1" a superset of  "0"? Implementing a different behavior? What exactly
"0" cannot do?

2. If a server resource is created as "secure" (with OC_SECURE flag):
I understand it means that "it can be accessed in both non-secure and
secure (DTLS) way" - right?
If this is the case, how does the IoTivity client determine whether or not
to use encryption?

Thanks in advance,

Max

Software Architect - Tekoia Ltd.
-- next part --
An HTML attachment was scrubbed...
URL: