...

...

SSP requires that all L2CAP connections be authenticated ... Bluetooth 4 Section 5.2.2.8 ... mandates the use of encryption when the remote device is v2.1+EDR for all services other than SDP.

Incorrect cite in this context. Do not confuse encryption with authentication. One moment, I know what you think: Alexei is looking for a way connect two devices with minimal user-interaction. For this, Simple-Secure Pairing offers the Just-Works authentication scheme. Here, both devices connect only for this service like a one-time use. Such a connection can be encrypted. And this is what the above cite is about. The problem: Apple's current API offers Man-in-the-Middle (MITM) secure authentication *only*; asking for pass-key (numeric) comparison = Level 3. We would need Level 1, see section 7.1.29 and 7.7.24: MITM Protection Not Required ­ No (or General) Bonding, numeric comparison with automatic accept allowed. To be honest, I am not aware of any Bluetooth stack which offers all features of SSP, yet - and far too many stacks do SSP completely wrong, too. Therefore, turning off SSP is one way I would love to see in more stacks. _______________________________________________ Do not post admin requests to the list. They will be ignored. Bluetooth-dev mailing list (Bluetooth-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/bluetooth-dev/site_archiver%40lists.... This email sent to site_archiver@lists.apple.com