search

xaptum / xtt

A C implementation of the Trusted Transit protocol for securing Internet of Things (IoT) network traffic. Created to support the Xaptum Edge Network Fabric, an IoT Network Solution.
https://www.xaptum.com
Apache License 2.0
5 stars 5 forks source link

Fixing inconsistencies in the XTT tool #87

Closed kathrynfejer closed 5 years ago

kathrynfejer commented 5 years ago

server_id was a requirement of both the client and genservercert. In order to get rid of server_id.bin, I changed the client code to accept the server_cert as input and find the randomly generated server_id from the server's certificate.

Fixes #81

zanebeckwith commented 5 years ago

I think this is fine for now (I agree with the change to have the genservercert randomly-generate a server id if not given one). However, having the client take the certificate, rather than just a server_id, may be a little strange, since we won't be doing that for TPM clients (we're currently just saving the server ID in TPM).

This touches on the long-standing issue of whether the server ID serves (pun intended) any purpose or if we should get rid of it. I would like to start this discussion in earnest, and potentially not require the client to provide the file, so I'm going to open an issue to start that discussion.

The point here is that we have to remember that with this change we now require a TPM-using-client to have a server ID, while a non-TPM-using-client has to have a server certificate. This should just be a short-term situation, until we resolve the status of the server ID.

zanebeckwith commented 5 years ago

Given that we're removing the server ID, can you remove the parts of this PR that affect the server id? We can then go ahead and merge this, then do the work to remove the server ID stuff.