Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security] Consider making auth-initiation-token mandatory. #185

Closed
mfoltzgoogle opened this issue Aug 14, 2019 · 2 comments
Closed

[Security] Consider making auth-initiation-token mandatory. #185

mfoltzgoogle opened this issue Aug 14, 2019 · 2 comments
Labels
security-tracker Group bringing to attention of security, or tracked by the security Group but not needing response. v1-spec

Comments

@mfoltzgoogle
Copy link
Contributor

We recommend agents use a token to hand out consent to participate in PSK authentication.

Should we make it mandatory?

What are the implications for agents outside the LAN (how would they get the token)?

Ref: #182 (comment)
@mfoltzgoogle mfoltzgoogle added security-tracker Group bringing to attention of security, or tracked by the security Group but not needing response. v1-spec labels Aug 14, 2019
@mfoltzgoogle mfoltzgoogle mentioned this issue Aug 14, 2019
Merged
@pthatcherg
Copy link
Contributor

I think we should make it mandatory. Any non-mDNS discovery mechanism should also provide a token. The token is proof that you used a discovery mechanism.

@mfoltzgoogle mfoltzgoogle mentioned this issue Aug 20, 2019
Merged
@mfoltzgoogle
Copy link
Contributor Author

Closed by PR #189

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
security-tracker Group bringing to attention of security, or tracked by the security Group but not needing response. v1-spec
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mfoltzgoogle @pthatcherg