sbernard31
commented
1 year ago About 3., https://github.com/obgm/libcoap/pull/786 is a partial answer.
Open sbernard31 opened 1 year ago
sbernard31
commented
1 year ago About 3., https://github.com/obgm/libcoap/pull/786 is a partial answer.
boaks
commented
1 year ago I guess, that this may also be implemented as selective feature of CoapResource.
boaks
commented
9 months ago Though the ECHO is available, I assume, that someone, who is interested in this function, is able to implement that in the own "CoapResource.handle???" functions. And clients may react on the error response. I haven't studied the RFC, so it may be not possible without some more changes in the library itself.
Since LWM2M v1.1.1, "The CoAP Echo Option SHOULD be used to enable lightweight freshness verification." (See for more details : https://github.com/eclipse-leshan/leshan/issues/1507))
I understand this is mainly to protect against :
So I try get more information about that.
About 3. I understand this is a very application oriented solution. (by opposition to a protocol oriented solution) In another world, I understand that an application developer should understand the "issue" and decide when he should use echo option or not. But in my experience application developers has not deep knowledge of protocol they are using, so relying on that sounds not so good.
I guess ideally this kind of hardening should be handled transparently at protocol stack level (at least by default). E.g. When you are using TLS you don't need to think about that kind of thing, you just consider the connection safe.
Or maybe I missed something and there is a smart way to handle this at protocol layer transparently ?