On 14 July 2017 at 16:13, Dave Raggett <dsr@w3.org> wrote: > A fallback could be to use local discovery, e.g. mDNS. I implemented a > mDNS and DHCP client for the Arduino to configure IP networking and to > discover the gateway to register the device with. In addition, note that > the work on scripting APIs for the WoT WG includes a discovery API. > Mozilla's gateway implementation currently uses mDNS for initial discovery to bootstrap a secure connection. The gateway is plugged into an Ethernet network and gets an IP address via DHCP which is then broadcast over mDNS using the local domain gateway.local. This local address can then be used to access the first time setup web interface of the gateway (at least on clients which support mDNS, which Android still doesn't. Otherwise the user has to find the local IP address assigned to the gateway). This insecure connection is only used to ask the user to choose their secure subdomain, at which point they are then re-directed to a secure HTTPS connection to configure their username and password. You can see how this looks to the end user in the Getting Started Guide <https://docs.google.com/presentation/d/1urdIH-0vfXYauEW_gshCNyRzAwjcpSx79N_xXWopffI/pub?start=false&loop=false&delayms=3000> . We're also exploring other methods of first time setup including using WiFi (the "Chromecast method"), Bluetooth (e.g. Physical Web Bluetooth beacons for discovery and WiFi configuration over Bluetooth), or even audio (which turned out to be very reliable in previous experimental projects). > > Of course, you still need to protect against compromised devices on the > same local network that either spoof devices or log their activity. > Yes, this is the main problem I was describing. Maintaining a secure connection on the same local network when an Internet connection becomes temporarily unavailable.
Received on Friday, 14 July 2017 15:32:04 UTC