From: Carsten Bormann <[email protected]>
Date: Tue, 9 Jun 2009 21:33:16 +0200
The clause you cited from 15.4-2006 says what I said in a couple more
words:
15.4 provides state-of-the-art cryptographic mechanisms.
These can be used for security, but 15.4 does not say how.
In particular there is no defined key management.
The references you gave don't change that (but they do contain
proposals for nice fixes, in particular finally a secured ACK).
I'm not saying all this to critique 15.4, just to wake up people on
this list to the fact that we cannot simply rely on the wonderful
security provided by 15.4 -- there is none, unless we add key
management.
And frame counter synchronization. People see the frame
counters and think they replay protection. We should
either finish the job or not use the frame counters.
-Richard Kelsey
_______________________________________________
6lowpan mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/6lowpan
