Liubing (Remy) <[email protected]> wrote: > Thank you for your suggestion. I prefer not to include > [I-D.ietf-anima-bootstrapping-keyinfra], since it is not as directly > related to PLC as [I-D.ietf-6tisch-dtsecurity-zerotouch-join]. How > about make a very brief explanation just like you made for > [I-D.ietf-6tisch-minimal-security]?
> I post the second paragraph of the security considerations
> below. Please tell me your opinion. Thank you.
I like it, thank you.
> Malicious PLC devices could paralyze the whole network via DOS attacks,
> e.g., keep joining and leaving the network frequently, or multicast
> routing messages containing fake metrics. A device may also join a
> wrong or even malicious network, exposing its data to illegal
> users. Mutual authentication of network and new device can be conducted
> during the onboarding process of the new device. Methods include
> protocols such as [RFC7925] (exchanging pre-installed certificates over
> DTLS), [I-D.ietf-6tisch-minimal-security] (which uses pre-shared keys),
> and [I-D.ietf-6tisch-dtsecurity-zerotouch-join] (which uses IDevID and
> MASA service). It is also possible to use EAP methods such as
> [I-D.ietf-emu-eap-noob] via transports like PANA [RFC5191]. No specific
> mechanism is specified by this document as an appropriate mechanism
> will depend upon deployment circumstances. The network encryption key
> appropriate for the layer-2 can also be acquired during the onboarding
> process.
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ 6lo mailing list [email protected] https://www.ietf.org/mailman/listinfo/6lo
