Hello 6lo WG, As you may noticed that we have uploaded a new version of the draft "Transmission of IPv6 Packets over PLC Networks". In this latest version, we've enhanced the security consideration section.
A paragraph on authentication is added. Without authentication, malicious PLC devices can easily join the network and starts attacks such as keep joining and leaving the network, or sending routing messages with fake metrics to declare itself as a better parent to the gateway (PANC). The authentication can be done with the support of DTLS. When the device is an immediate neighbor of the PANC, the PANC authenticates the device via the certificate in DTLS. Otherwise, the device will choose a neighbor which has joined in the network as a proxy to relay its certificate to the PANC. In both of the two cases, before the authentication has been accomplished, the device enrolling itself will be limited within link-local, preventing the rest of the network from potential attack. After the authentication, the device can actually be part of the network, e.g. get the address within the network, the route to the PANC, etc. >From the authors' perspective, we think that the draft is stable and ready for >the last call. Your comments will be more than welcome and appreciated. Many thanks and best regards, Remy
_______________________________________________ 6lo mailing list [email protected] https://www.ietf.org/mailman/listinfo/6lo
