Dear Paul Wouters. Thanks for your valuable comments and sorry for the late response.
To resolve your comments, I updated the draft. Please, find inline responses. And, I submitted the revision draft based on your comments. https://www.ietf.org/archive/id/draft-ietf-6lo-use-cases-15.html It is appreciated to check again and let me know any missing points. Best regards. Yong-Geun. 2022년 12월 15일 (목) 오전 10:45, Paul Wouters via Datatracker <[email protected]>님이 작성: > Paul Wouters has entered the following ballot position for > draft-ietf-6lo-use-cases-14: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to > https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ > for more information about how to handle DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-6lo-use-cases/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Like Roman, I am a bit concerned about the security aspects. As this is a > use > cases document, I've limited my issues to comments. But it would have to be > satisfied in any further specification RFCs. > > Security and Encryption: Though 6LoWPAN basic specifications do not > address security at the network layer, the assumption is that L2 > security must be present. > > While I do understand that some L2 security is possible, eg via pairing, > there > is still a gap for some technologies - eg NFC where I wouldn't know which > payment terminal I really connect to. > [Hong] Update the paragraph and add a relevant sentence > > End-to-end communication is expected to be secured by means of common > mechanisms, such as IPsec, TLS/DTLS or object security [RFC8613]. > > EDHOC (draft-ietf-lake-edhoc) could also be a good match > > Note that while the common mechanism is a good start, it only presents the > use > of a technology. Those technologies have requirements that might not be > usable > in the context of 6lo (eg when there is no internet connection to verify > X.509 > certificates (OCSP or CRLs) or DNS identifiers). > [Hong] Add EDHOC as a one of examples
_______________________________________________ 6lo mailing list [email protected] https://www.ietf.org/mailman/listinfo/6lo
