lwm2m-registry icon indicating copy to clipboard operation
lwm2m-registry copied to clipboard

Published 20 hours ago verified publisher icon OpenMobileAlliance

Bootstrap LWM2M Security object 0 resource 3,4,5: When is mandatory not mandatory?

Open davidahoward opened this issue 2 years ago • 1 comments

LWM2M Security object has several resources that are defined 'Mandatory that at best appear to be conditionally Mandatory.

Resource 3 Public Key or Identity

Stores the LwM2M Client's certificate, public key (RPK mode) or PSK Identity (PSK mode).

When the Security Mode resource 2 = 3 (NoSec) resource 3 has no meaning.

Resource 4 Server Public Key

Stores the LwM2M Server's, respectively LwM2M Bootstrap-Server's, certificate, public key (RPK mode) or trust anchor. The Certificate Mode Resource determines the content of this resource.

When the Security Mode resource 2 = 3 (NoSec) or 0 (Pre-Shared Key) resource 4 has no meaning.

Resource 5 Secret Key

Stores the secret key (PSK mode) or private key (RPK or certificate mode).

When the Security Mode resource 2 = 3 (NoSec) resource 5 has no meaning.

In all of these scenarios, it should not be necessary for the Bootstrap server to send the unused resources, nor for the client to require they be received --- as they are not used.

In order to eliminate the current confusion and interoperability issues, I suggest that LWM2M Security object resources 3,4,5 be changed to optional with text in the description and/or in the normative core or transport documents that specify precisely when they are required to be sent by the boot strap server, and whose existence would be verified by the client.

There is some precedence for how this could be done.

The normative text from Lightweight Machine to Machine Technical Specification: Transport Bindings --- Approved Version: 1.1.1 - 2019-06-17, section 5.2.8.1. Pre-Shared Keys, states "The "Server Public Key" Resource MUST NOT be used in the Pre-Shared Key mode."

davidahoward avatar Oct 12 '22 22:10 davidahoward

it could also be fixed in a manner similar to Resource 10 Short Server ID, which is Optional but has text in the description section that clarifies when it MUST be used: "This Resource MUST be set when the Bootstrap-Server Resource has a value of 'false'."

davidahoward avatar Oct 12 '22 23:10 davidahoward

Resolved via PR #808 in LWM2M repository for 1.2.1

mkgillmore avatar Nov 22 '22 16:11 mkgillmore