Author: Mike Hearn 2014-03-21 15:24:24
Published on: 2014-03-21T15:24:24+00:00
The discussion revolves around the implementation of HTTP-over-Bluetooth. Alex Kotenko suggests that HTTP, which is well known and proven to be quite good for such tasks, could be handy in this case. However, Andreas Schildbach argues that HTTP might be overkill and they should not implement it unless they really have to. Furthermore, Andreas proposes the consideration of SPDY as an alternative to HTTP. However, it is noted that SPDY requires SSL and is even more complex than HTTP. The current protocol being used is fine except for the lack of encryption/authentication. To establish a shared AES session key, ECDH needs to be done, and each packet needs to be MACed. Although it is not entirely trivial, it is worth trying SSL too, but it is also not a massive effort. In conclusion, the discussion explores the pros and cons of implementing HTTP-over-Bluetooth and considers alternatives such as SPDY, which requires SSL and is more complex than HTTP. The current protocol being used is deemed fine, except for the lack of encryption/authentication, which can be achieved by doing ECDH to establish a shared AES session key and MACing each packet.
Updated on: 2023-06-08T01:00:03.040710+00:00