On 1/3/19 8:46 AM, Nathan Heldt-Sheller wrote: > Thank you Aleksey and Khaled for the great troubleshooting work. One > important point: the “mutual cert” configuration (using same cert as both > “mfgtrustca” and “trustca” type) is suggested for testing purposes only. A > real product would not want to use the same Root Cert for OTM and for normal > D2D authentication, as it would create a potential attack vector. The OBT is > responsible for configuring the Device correctly in this manner, but this is > something to note for those of us playing around with Certs.
I assume that all of this stuff can be gleaned from reading the security specification, but as a long-time spec writer I know reading the specs is not what we want to do. They are there for verifying the details of an implementation, and setting up tests, but otherwise they are not really for general consumption. So we will want to capture these findings, and other setup instructions, in a more "accessible" place, no? -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#10126): https://lists.iotivity.org/g/iotivity-dev/message/10126 Mute This Topic: https://lists.iotivity.org/mt/28611921/21656 Group Owner: iotivity-dev+ow...@lists.iotivity.org Unsubscribe: https://lists.iotivity.org/g/iotivity-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
