Liubing (Remy) <[email protected]> wrote: > Thank you for mentioning 6tisch-minimal-security. There is also a > BRSKI-like 6tisch mechanism that uses IDevID.
> [Remy] I think you must
> be talking about [draft-ietf-6tisch-dtsecurity-zerotouch-join]. The
> minimal security is considered to be one-touch since the PSK has to be
> configured a priori. And this document provides a zero-touch method, in
> which the IDevID (provided by the manufacturer) in 802.1AR is used as
> the credential for authentication. The authentication is done with the
> help of the MASA. Am I understanding it correctly? I think the method
> simplifies the provisioning procedure. However, the PLC standards have
> not supported 802.1AR yet, thus this zero-touch method couldn't be used
> in the implementation at this moment.
Whether or not the *PLC* documents specify 802.1AR is not really relevant.
They also don't specify any useful secure join mechanism at all.
The device either has a manufacturer provided keypair, or it has to be
provisioned with a key by the operator.
> Is it the case that the PLC devices can have no L2 security as an
> option? I believe that you may wish to outlaw that situation.
> [Remy] All the PLC standards we mentioned in this document have L2
> security mechanisms, such as encryption, data integrity, and
> anti-replay. Since this document is focused on the adaptation layer and
> above, the L2 security is considered to be applied by default.
Then uou can use dtsecurity-zerotouch-join or 6tisch-minimal-security.
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ 6lo mailing list [email protected] https://www.ietf.org/mailman/listinfo/6lo
