2005-02-23 02:08:07

by Shawn Rutledge

[permalink] [raw]
Subject: [Bluez-devel] SDP queries when authentication/encryption are turned on

If in hcid.conf I use these lines:

auth enable;
encrypt enable;

then when I do sdptool browse or sdptool search, it keeps prompting me
to bond with every Bluetooth device that it discovers. This does not
make sense, because the whole point of service discovery is to decide
what device you want to connect to, before having to bond with it. If
the device was requiring a bond before answering an SDP query, fine,
but the devices I have tested with do not - they will answer SDP
queries just fine without a bond, as long as I have commented out those
two lines in hcid.conf. Maybe this is a bug - IMO bluez should
probably ignore those settings for SDP, and always do SDP insecurely.
Otherwise "sdp search" becomes very impractical. At my office often 20
or more devices will be involved in such a search, belonging to various
coworkers, some of whom I have not met, and I certainly do not want to
bond with all those devices; but I also do not want to turn off
authorization completely just so that I can do sdp queries.


=====
. _______ Shawn T. Rutledge / KB7PWD [email protected]
(_ | |_) http://ecloud.org/ [email protected]
__) | | \______________________________________________


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Bluez-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/bluez-devel


2005-02-28 08:28:15

by Marcel Holtmann

[permalink] [raw]
Subject: Re: [Bluez-devel] SDP queries when authentication/encryption are turned on

Hi Fred,

> > > > if you set your device into security mode 3, then this is what you get.
> > > > As I have often said, do this only when you know what you are doing and
> > > > what does this imply.
> > >
> > > Marcel, why don't you simply put this often repeated sentence into a
> > > comment in default hcid.conf right above auth/encrypt? If people are not
> > > familiar with bluetooth, then it's reasonable to assume that you have to
> > > enable this if you want any security at all. You don't expect everbody to
> > > know what security mode 3 means and what the alternatives are, do you?
> >
> > there is a comment that this is security mode 3, but actually this does
> > not prevents for its misuse and the later complaints. Problem is that
> > Bluetooth is still a complex technology and if you change defaults you
> > should understand what you are doing. However I always accept patches
> > that extends the manual pages with more details about it.
>
> "should understand what you are doing"? Well, obviously this is wishful
> thinking. You should really comment these settings right in the hcid.conf or
> at least referr to the manpage. Then it's nearly impossible to change these
> settings without reading the warnings about it. Not everyone will look into a
> manpage, you should be more pragmatic here. It's your time that is wasted
> with these questions after all ;)

even if I put a big explanation into the config file, people still will
do it wrong. Actually I think of removing some commands from the example
config file and only mentions their existens in the manual page or in
the source code.

Regards

Marcel




-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Bluez-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/bluez-devel

2005-02-24 12:22:06

by Fred Schaettgen

[permalink] [raw]
Subject: Re: [Bluez-devel] SDP queries when authentication/encryption are turned on

On Thursday 24 February 2005 11:43, Marcel Holtmann wrote:
> Hi Fred,
>
> > > if you set your device into security mode 3, then this is what you get.
> > > As I have often said, do this only when you know what you are doing and
> > > what does this imply.
> >
> > Marcel, why don't you simply put this often repeated sentence into a
> > comment in default hcid.conf right above auth/encrypt? If people are not
> > familiar with bluetooth, then it's reasonable to assume that you have to
> > enable this if you want any security at all. You don't expect everbody to
> > know what security mode 3 means and what the alternatives are, do you?
>
> there is a comment that this is security mode 3, but actually this does
> not prevents for its misuse and the later complaints. Problem is that
> Bluetooth is still a complex technology and if you change defaults you
> should understand what you are doing. However I always accept patches
> that extends the manual pages with more details about it.

"should understand what you are doing"? Well, obviously this is wishful
thinking. You should really comment these settings right in the hcid.conf or
at least referr to the manpage. Then it's nearly impossible to change these
settings without reading the warnings about it. Not everyone will look into a
manpage, you should be more pragmatic here. It's your time that is wasted
with these questions after all ;)

Fred

--
Fred Schaettgen
[email protected]


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Bluez-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/bluez-devel

2005-02-24 10:43:39

by Marcel Holtmann

[permalink] [raw]
Subject: Re: [Bluez-devel] SDP queries when authentication/encryption are turned on

Hi Fred,

> > if you set your device into security mode 3, then this is what you get.
> > As I have often said, do this only when you know what you are doing and
> > what does this imply.
>
> Marcel, why don't you simply put this often repeated sentence into a comment
> in default hcid.conf right above auth/encrypt? If people are not familiar
> with bluetooth, then it's reasonable to assume that you have to enable this
> if you want any security at all. You don't expect everbody to know what
> security mode 3 means and what the alternatives are, do you?

there is a comment that this is security mode 3, but actually this does
not prevents for its misuse and the later complaints. Problem is that
Bluetooth is still a complex technology and if you change defaults you
should understand what you are doing. However I always accept patches
that extends the manual pages with more details about it.

Regards

Marcel




-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Bluez-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/bluez-devel

2005-02-23 09:44:48

by Fred Schaettgen

[permalink] [raw]
Subject: Re: [Bluez-devel] SDP queries when authentication/encryption are turned on

On Wednesday 23 February 2005 05:28, Marcel Holtmann wrote:
> Hi Shawn,
>
> > If in hcid.conf I use these lines:
> >
> > auth enable;
> > encrypt enable;
> >
...
>
> if you set your device into security mode 3, then this is what you get.
> As I have often said, do this only when you know what you are doing and
> what does this imply.

Marcel, why don't you simply put this often repeated sentence into a comment
in default hcid.conf right above auth/encrypt? If people are not familiar
with bluetooth, then it's reasonable to assume that you have to enable this
if you want any security at all. You don't expect everbody to know what
security mode 3 means and what the alternatives are, do you?

regards
Fred

--
Fred Schaettgen
[email protected]


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Bluez-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/bluez-devel

2005-02-23 04:28:59

by Marcel Holtmann

[permalink] [raw]
Subject: Re: [Bluez-devel] SDP queries when authentication/encryption are turned on

Hi Shawn,

> If in hcid.conf I use these lines:
>
> auth enable;
> encrypt enable;
>
> then when I do sdptool browse or sdptool search, it keeps prompting me
> to bond with every Bluetooth device that it discovers. This does not
> make sense, because the whole point of service discovery is to decide
> what device you want to connect to, before having to bond with it. If
> the device was requiring a bond before answering an SDP query, fine,
> but the devices I have tested with do not - they will answer SDP
> queries just fine without a bond, as long as I have commented out those
> two lines in hcid.conf. Maybe this is a bug - IMO bluez should
> probably ignore those settings for SDP, and always do SDP insecurely.
> Otherwise "sdp search" becomes very impractical. At my office often 20
> or more devices will be involved in such a search, belonging to various
> coworkers, some of whom I have not met, and I certainly do not want to
> bond with all those devices; but I also do not want to turn off
> authorization completely just so that I can do sdp queries.

if you set your device into security mode 3, then this is what you get.
As I have often said, do this only when you know what you are doing and
what does this imply.

Regards

Marcel




-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Bluez-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/bluez-devel