Closed theresalech closed 3 years ago
1. Change 1 seems a bit unclear to me. What is meant by "single frame" in the context of frame info? The frame type is already "single frame", why is the frame info "single frame"? Would something like "Security Query" be better, or could you add some additional clarification?
2. This section doesn't seem to be correct to me:
The handshake is designed as a client server communication which is configurable in the system settings. An application can take the role of a server where the system is the client or vice versa. This setting is not dynamic which means an SDL integrator must agree on one setup and avoid Client/Client or Server/Server connections. The client entity will initiate a TLS handshake with the corresponding security manager of the server. The client will do this only if the server was not authenticated before in the current transport connection.
It appears that the iOS library always assumes that it is the server. It sends the initial startService
message with encryption enabled, and the code for TLS handling seems to assume it's the server and the HU is the client.
3. What service is the "Error Handling" query supposed to be sent on? Control? This should be explicitly specified.
4. 4.7.1's title is "Security Query" which doesn't seem very self-explanatory. Perhaps "Security Query Binary Header Definition"? I feel like it could possibly be combined into a different sub-section.
5. Can you clarify 4.7.5.1 and 4.7.5.2? 4.5.7.1 states that the binary data has a single byte error code, but 4.5.7.2 seems to say that the error code is in the JSON data.
6. This proposal doesn't make it explicit, but is "implementation" of this proposal merely adding it to the protocol_spec, or does it also include aligning all implementations to implement error handling if it's not, etc.? The latter seems to be the case based on the "Impact to Existing Code" section.
7. In "Impact to Existing Code" #3, you note that there's an existing known SDL Core issue around receiving an error code. Is this an existing Github issue, and if so, could it be linked here?
@joeljfischer
1. Sorry I think a proper diff could have been better but it would be almost impossible to understand the context. Because Frame Info
is specific per frame type the spec needs to change to meet existing Core behavior. The section proposes to change
Field | Size | Description |
---|---|---|
Frame Info | 8 bit |
... Frame Type = 0x01 (Single Frame) 0x00 - 0xFF Reserved ... |
to
Field | Size | Description |
---|---|---|
Frame Info | 8 bit |
... Frame Type = 0x01 (Single Frame) 0x00 Single Frame 0x01 - 0xFF Reserved ... |
Hello SDL community,
The review of the revised proposal "SDL 0317 - SDL Protocol Security Specification" begins now and runs through June 1, 2021. Previous reviews of this proposal took place August 19 - September 1, 2020, and October 21 - November 17, 2020. The proposal is available here:
https://github.com/smartdevicelink/sdl_evolution/blob/master/proposals/0317-sdl-protocol-security-specification.md
Reviews are an important part of the SDL evolution process. All reviews should be sent to the associated Github issue at:
https://github.com/smartdevicelink/sdl_evolution/issues/1070
What goes into a review?
The goal of the review process is to improve the proposal under review through constructive criticism and, eventually, determine the direction of SDL. When writing your review, here are some questions you might want to answer in your review:
More information about the SDL evolution process is available at
https://github.com/smartdevicelink/sdl_evolution/blob/master/process.md
Thank you, Theresa Lech
Program Manager - Livio theresa@livio.io