Difference between revisions of "Talk:LSL Protocol/Restrained Love Open Relay Group/key"
Satomi Ahn (talk | contribs) (Created page with 'Should the key be deleted/inactivated after a take over? If not, there is the possibility for the session to be stolen another time, by replaying the message. If it is, then, it ...') |
Dahlia Orfan (talk | contribs) |
||
| Line 3: | Line 3: | ||
On the other hand, it would be interesting if the session key completely superseded the controller key. Then there would be the possibility for a bunch of controllers to share a session (one being able to change restriction from another, with no real takeover/handover). Of course we would want to add some security so that only authorized device could join the session (combining with !x-channel could help some). Maybe also we would want to make a difference between session key and session password. | On the other hand, it would be interesting if the session key completely superseded the controller key. Then there would be the possibility for a bunch of controllers to share a session (one being able to change restriction from another, with no real takeover/handover). Of course we would want to add some security so that only authorized device could join the session (combining with !x-channel could help some). Maybe also we would want to make a difference between session key and session password. | ||
--[[User:Satomi Ahn|Satomi Ahn]] 00:36, 28 October 2010 (UTC) | --[[User:Satomi Ahn|Satomi Ahn]] 00:36, 28 October 2010 (UTC) | ||
The key is not deleted or inactivated after a takeover; if the session was negociated with !x-channel on a private communication channel, the key is private. Of course, after a takeover, the controller can renegociate a new key by sending a new !x-key command: the new key must supersede the old one. | |||
--[[User:Dahlia Orfan|Dahlia Orfan]] 20:35, 1 November 2010 (UTC) | |||
Revision as of 13:35, 1 November 2010
Should the key be deleted/inactivated after a take over? If not, there is the possibility for the session to be stolen another time, by replaying the message. If it is, then, it should be explicitly said in the spec!
On the other hand, it would be interesting if the session key completely superseded the controller key. Then there would be the possibility for a bunch of controllers to share a session (one being able to change restriction from another, with no real takeover/handover). Of course we would want to add some security so that only authorized device could join the session (combining with !x-channel could help some). Maybe also we would want to make a difference between session key and session password. --Satomi Ahn 00:36, 28 October 2010 (UTC)
The key is not deleted or inactivated after a takeover; if the session was negociated with !x-channel on a private communication channel, the key is private. Of course, after a takeover, the controller can renegociate a new key by sending a new !x-key command: the new key must supersede the old one. --Dahlia Orfan 20:35, 1 November 2010 (UTC)