-
Notifications
You must be signed in to change notification settings - Fork 52
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bootstrap Server Account cannot be properly handled during the bootstrap procedure #152
Comments
What about letting the Client - regarding the Security Object only - to allocate from its own, the |
So, you're suggesting allowing to call BOOTSTRAP WRITE with the Location URI set to e.g. /0, with payload in TLV format containing multiple Resource entries without a root entry, which would be semantically equivalent to a similar call to CREATE from a regular server? I guess that would solve the issue, although I personally find it semantically ugly, because it would make a "write" operation behave like "create", which is somewhat counter-intuitive. Even more so, considering the fact that on the CoAP layer, BOOTSTRAP WRITE maps to a PUT request, which is required to be idempotent as per RFC 7252, 5.1. Allowing BOOTSTRAP WRITE to create new instances with unspecified IDs would violate this requirement. |
Wouldn't this be the simplest way forward: |
Yes, this would be an acceptable solution, I think. But there are still some issues that would need to be addressed with such change:
These are just my remarks about @FredRodermund's idea, which I believe need consideration before merging it into the spec. |
Agreed with DM Working Group to close. |
As described in the current revision of TS 1.0, section 5.2 "Bootstrap Interface", to perform either Client Initiated Bootstrap or Server Initiated Bootstrap, the LWM2M Client needs to have an "LWM2M Bootstrap Server Account", which is an instance of the LWM2M Security (0) object with the resource "Bootstrap Server" (1) set to true.
The Bootstrap Server communicates with the Client over the Bootstrap Interface, which defines only two operations on the data model, BOOTSTRAP WRITE and BOOTSTRAP DELETE (as BOOTSTRAP REQUEST and BOOTSTRAP FINISH can be described as control commands rather than actual operations)
It means that the Bootstrap Server can only perform the bootstrap procedure "blindly", as it cannot read the client's data model in any way. This is not a big problem for the typical bootstrap case, as "BOOTSTRAP DELETE /" can be used to clear the data model, then the Bootstrap Server may create the essential objects from scratch, and the rest of the configuration procedure can be done by ordinary LWM2M Servers (which may in fact cooperate, or even be physically integrated, with the Bootstrap Server).
However, as section 5.2.5.2 states, "BOOTSTRAP DELETE /" operation:
Since the Bootstrap Server Account is necessary for communication with the Bootstrap Server, it effectively means that the "BOOTSTRAP DELETE /" operation will always put the data model in a state in which exactly one configurable Object Instance is present - the Bootstrap Server Account.
However, its Instance ID is unknown to the Bootstrap Server. This means that when the Bootstrap Server wants to perform the BOOTSTRAP WRITE operation in order to create a Security Object Instance for a regular LWM2M Server, it cannot be sure whether that operation will create a new Instance, or (with effectively 1/65535 probability, which makes it a bit of a Bootstrap Russian Roulette 😉) overwrite the Bootstrap Server Account.
A possible workaround for this problem would be for the Bootstrap Server to recreate its own Bootstrap Server Account in addition to creating instances for regular servers. However, this could (again, with 65534/65535 probability 😉) violate the requirement stated in 5.2.1:
However, the result of Bootstrap Server making an attempt to violate this requirement is not well specified. If such attempt results in the Client returning a 4.00 Bad Request response (the only applicable error permitted by 8.5 "Response Codes"), it allows for a possibly somewhat interoperable way of operation for the Bootstrap Server - after having performed "BOOTSTRAP DELETE /", it may attempt to write its own Bootstrap Server Account on some Instance ID - if the client responds with 4.00 Bad Request, it means that the ID is unused and it can then proceed with writing a regular server account onto it. Such flow is, however, extremely convoluted, counter-intuitive, inefficient, and probably not in line with the intentions of the specification authors.
I believe that the proper solution would be to:
and/or:
The text was updated successfully, but these errors were encountered: