aiocoap icon indicating copy to clipboard operation
aiocoap copied to clipboard
verified publisher icon chrysn

Security context confiugration format

Open chrysn opened this issue 9 months ago • 1 comments

The current credentials.diag format (and the parts that ) is a bit of a mess, owing in no small part to its history of organically growing from what was originally just DTLS support and very vague idea of what ACE-OSCORE responses might look like.

Things that should be improved:

  • Multi-file support. A credential may be referred to in different contexts.
    • In particular, aiocoap-keygen and any future --tofu switch (maybe even default mode?) should have an option to write somewhere.
  • Default system-wide files. aiocoap tools will use those unless something --no-default-credentials is passed, libraries should get an easy way to opt in to it.
  • Clean up {14:{8:…}}. Lakers justifiedly switched to having programming language names for the different credentials types, given that putting them into CRED_x requires understanding what they are anyway, so they can get names in the config language too. This will make things consistent with Ariel OS.
  • The current form of ingesting items through a type builder is a bit awkward, and should at least get thorough refactoring. In particular, psk_hex and psk_bin was probably a mistake. Right now, I'd go more towards having TOML files supported easily, and there the JSON-model structure would be 
    {"psk": {"ascii": "correct horse battery staple"}}
    and then the ingesting entity asks to make a binary string out of it, whereupon any map gets pulled through some to-binary conversion that might tolerate a single "ascii", "hex" or "edn" key. (Not sure yet what to do with places that are typically encoded-CBOR shaped, can we put the item in there directly if the format happens to be EDN? Maybe <<{}>> which is kinda nice when it comes to non-deterministically encoded stuff where that is allowed).

Further notes:

Related issues:

  • https://github.com/chrysn/aiocoap/issues/383
  • https://github.com/chrysn/aiocoap/issues/377
  • The whole topic of having fixed configurations for peers and proxies
  • Setting something easy from the CLI (eg. kicking off opportunistic EDHOC or TOFU)

chrysn avatar Mar 24 '25 09:03 chrysn

TOML would now be an easier candidate since https://github.com/chrysn/aiocoap/issues/391

chrysn avatar Nov 05 '25 17:11 chrysn