Liubing (Remy) <[email protected]> wrote: > It is highly recommended to conduct a mutual authentication between the > network and the device tending to join in it. The authentication can be > accomplished with the help of certificates or pre-shared keys > [I-D.ietf-6tisch-minimal-security] provisioned by the operator at the > deployment site. Alternatively, the certificates could be provisioned > by the manufacturer or the vendor before the shipment, and in this case > the authentication can be accomplished with the help of a MASA service > on the Internet [dtsecurity-zerotouch-join].
I suggest: An onboarding process is required to enabled a new PLC node to join the network. This is required in order for the new node to acquire the network encryption key appropriate for the layer-2. Automated processes perform a mutual authentication of network and new node. Methods include protocols such as [I-D.ietf-6tisch-minimal-security] (which uses pre-shared keys), and constrained variations of [I-D.ietf-anima-bootstrapping-keyinfra] such [I-D.ietf-6tisch-dtsecurity-zerotouch-join]. It is also possible to use EAP methods such as [I-D.ietf-emu-eap-noob] via transports like PANA [RFC5191]. No specific mechanism is specified by this document as an appropriate mechanism will depend upon deployment circumstances. -- Michael Richardson <[email protected]>, Sandelman Software Works -= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ 6lo mailing list [email protected] https://www.ietf.org/mailman/listinfo/6lo
