Clarifications on MY_SIGNING_WEAK_SECURITY
-
@sindrome73 said in Clarifications on MY_SIGNING_WEAK_SECURITY:
MY_SIGNING_WEAK_SECURITY
This will allow clients without signatures to be able to connect to GW and it will lower the security level a bit, but imho if you have signature on the important nodes and also enabled encryption you still have a reasonable security level.
-
@sindrome73 said in Clarifications on MY_SIGNING_WEAK_SECURITY:
MY_SIGNING_WEAK_SECURITY
This will allow clients without signatures to be able to connect to GW and it will lower the security level a bit, but imho if you have signature on the important nodes and also enabled encryption you still have a reasonable security level.
-
I'd recommend two gateways if secure and insecure nodes are needed. One network is signed (globally) and the other is not, or "weak".
-
I believe that the use of two gateways, and therefore 2 networks, is perhaps the most correct solution !! A secure network with a signature and a slightly leaner network with all the other Sensors .....
And a right solution !!Further information !!
Using #define MY_SIGNING_REQUEST_SIGNATURES only in the nodes and not in the Gateway, could it be a way to introduce the signature only between some nodes ???
Without incurring a degradation of security ??
It's correct?? Or is it a wrong thing ???? -
I believe that the use of two gateways, and therefore 2 networks, is perhaps the most correct solution !! A secure network with a signature and a slightly leaner network with all the other Sensors .....
And a right solution !!Further information !!
Using #define MY_SIGNING_REQUEST_SIGNATURES only in the nodes and not in the Gateway, could it be a way to introduce the signature only between some nodes ???
Without incurring a degradation of security ??
It's correct?? Or is it a wrong thing ????@sindrome73 if the GW isn't requesting signatures at all, security is not really present as the GW is the network hub. If you are prepared to use two gw:s/networks, that is the best solution if you need nodes that don't or can't use signing.
-
I had thought of an alternative because however the signature requires much more memory of the script, and much more substantial communications !! That's why I wanted to somehow use nodes with signature and nodes without signature !!
But from what I understood, the only node to have a secure network and to have all the nodes with the signature in the network .....Thanks anyway for the idea of a double network ......
-
I had thought of an alternative because however the signature requires much more memory of the script, and much more substantial communications !! That's why I wanted to somehow use nodes with signature and nodes without signature !!
But from what I understood, the only node to have a secure network and to have all the nodes with the signature in the network .....Thanks anyway for the idea of a double network ......
@sindrome73 security is a quite relative thing so it is also a matter of how far you are prepared to compromise. Having a gw with weak security still require a deliberate attack. But anyone that knows what protocol you use and has some basic programming skill might be able to mess with you. The do really need to want to mess with you though. It won't happen by accident.
-
We will address the communications overhead for security 3.0 but it will not be completely eliminated. Some handshaking will always be needed but there will be a ttl counter so one established token can be reused for a limited time/uses. Keep a look out on github if you want to follow the development for this. There will soon be tickets for the various features planned.
Users are welcome to provide constructive feedback to these tickets, but the core team reserve the right of deciding ;)
