Date: Thu, 28 May 2009 00:55:27 +0200 From: Zach Shelby <[email protected]>
A new version of draft-ietf-6lowpan-nd is now available at: http://www.ietf.org/internet-drafts/draft-ietf-6lowpan-nd-03.txt Zach, The security section says that MAC sublayer cryptography is expected to provide: secure unicast to/from Routers and secure broadcast from the Routers in a way that prevents tampering with or replaying the RA messages. 802.15.4 security does not provide replay protection. It does have a means for including frame counters in messages, but there is no mechanism for synchronizing frame counters in the first place. The frame counters prevent messages from being replayed out of order, but they do not prevent replaying in general. This seems particularly important for RA messages, which are often some of the first packets traveling over a link or the first packets received after a reboot. It may be that the limited replay protection that 802.15.4 security provides is sufficient in this case, but I think that this needs to be spelled out in more detail. Either that or real replay protection needs to be provided by extending 802.15.4 security or adding additional security at the 6LoWPAN adaption layer. -Richard Kelsey _______________________________________________ 6lowpan mailing list [email protected] https://www.ietf.org/mailman/listinfo/6lowpan
