Return-Path: From: Fred Schaettgen To: bluez-devel@lists.sourceforge.net Subject: Re: [Bluez-devel] Service level security for RFCOMM References: <1099024935.10164.11.camel@pegasus> <1099042277.31284.438.camel@baroque.rococosoft.com> In-Reply-To: <1099042277.31284.438.camel@baroque.rococosoft.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Message-Id: <200410291234.49907.bluez-devel@schaettgen.de> Sender: bluez-devel-admin@lists.sourceforge.net Errors-To: bluez-devel-admin@lists.sourceforge.net List-Unsubscribe: , List-Id: List-Post: List-Help: List-Subscribe: , List-Archive: Date: Fri, 29 Oct 2004 12:34:49 +0200 On Friday 29 October 2004 11:31, Stephen Crane wrote: > On Fri, 2004-10-29 at 05:42, Marcel Holtmann wrote: > > actually it seems that nobody really cares about service level security > > on the RFCOMM layer. Or people are too lazy to send in a patch. However, > > I spent some hours with thinking about it and the core stuff of a small > > framework for providing authentication and encrypt feedback from HCI to > > higher level protocols is finished. .. > > And btw, who is really interested in this feature or needs it? Over here! I'm interested. I would like to integrate service level security into the meta server of kdebluetooth. At the moment you can allow/disallow connections (or show a confirmation popup) based on the service/rfcomm channel and on the peer device address, but we can't ask for an authenticated link. Being able to use service level security would allow us to force authenticated links when using any service other than obex push, which should work without having to pair devices first. IIRC I asked you to allow every user to send authentication requests a few months ago, so that even programs running without root privileges can trigger authentication. But then I didn't post it on the list as you told me, to let other people comment on the security implications. The corresonding patch changed only a single bit somewhere, but of course this solution is not very conveniant. But if you want authentication to appear as a property of a single rfcomm connection that's fine too, as long as a regular users are allowed to use this feature. Would that be safe? regards Fred -- Fred Schaettgen bluez-devel@schaettgen.de ------------------------------------------------------- This Newsletter Sponsored by: Macrovision For reliable Linux application installations, use the industry's leading setup authoring tool, InstallShield X. Learn more and evaluate today. http://clk.atdmt.com/MSI/go/ins0030000001msi/direct/01/ _______________________________________________ Bluez-devel mailing list Bluez-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bluez-devel