Roman Danyliw has entered the following ballot position for draft-ietf-6lo-nfc-19: Discuss
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-6lo-nfc/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- (Preliminary ballot from an incomplete review of the document, but shared here for early awareness) Multiple prior DISCUSes were filed on the basis of concerns that the base normative references were not available. In response, the "NFC LLC v1.4" specification was shared. However, it appears additional normative references are needed to evaluate the security claims of the protocol (NFC LLC v1.4). Section 7 of this I-D says: Ad-hoc secure data transfer can be established between two communication parties without any prior knowledge of the communication partner. Ad-hoc secure data transfer can be vulnerable to Man-In-The-Middle (MITM) attacks. Authenticated secure data transfer provides protection against Man-In-The-Middle (MITM) attacks. In the initial bonding step, the two communicating parties store a shared secret along with a Bonding Identifier. For all subsequent interactions, the communicating parties re-use the shared secret and compute only the unique encryption key for that session. Secure data transfer is based on the cryptographic algorithms defined in the NFC Authentication Protocol (NAP). This text is a cut-and-paste verbatim from Section 3.2.5 of NFC Forum LLC specification previously shared as part of the last telechat. However the NAP is defined in yet another NFC Forum document. How does one access that? _______________________________________________ 6lo mailing list [email protected] https://www.ietf.org/mailman/listinfo/6lo
