Hi,
We are attempting moving our BLE security from mitm to lesc+mitm, and have a few questions on the matter:
- Is it "good practice" to change the security of the characteristics' read/write permissions to LESC from our current MITM?
- An nrf expert who had helped us add MITM to our code had added a disconnect if the connection is not mitm_protected, so as to not let someone create a DOS attack by holding the connection open - is it good practice to add LESC as well to this logic?
- Are there practical considerations to take into account for out devices already in the field? We have DFU OTA functionality, but want to make sure that this DFU will go smoothly, in that:
- All devices will finish the DFU with their flash unharmed by any changes that LESC may yield (it is important to note that PM_LESC_ENABLED and NRF_BLE_LESC_ENABLED were already true in our SDK_CONFIG before this change).
- The LTKs will work to encrypt the connections post-DFU, and that pairing will not have to be reinitiated.
Thanks!
Roi
