Carsten, Is it within the scope of 6lowpan to define key management and frame counter synchronization mechanisms for 15.4?
Thanks Peter Burnett Philips -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Robert Cragie Sent: 2009 Jun 10 05:44 To: Richard Kelsey Cc: Carsten Bormann; [email protected]; [email protected] Subject: Re: [6lowpan] ND and MAC-level security It is possible to use various key establishment mechanisms based on shared secrets or asymmetric cryptography to not only establish key pairs but also to mutully authenticate and exchange information for frame counter synchronisation. These have never been part of 15.4 but do need to be defined somewhere. Robert Robert Cragie, Principal Engineer Direct: +44 (0) 114 281 4512 _______________________________________________________________ Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK http://www.jennic.com Tel: +44 (0) 114 281 2655 Confidential _______________________________________________________________ Richard Kelsey wrote: > From: Carsten Bormann <[email protected]> > Date: Tue, 9 Jun 2009 21:33:16 +0200 > > The clause you cited from 15.4-2006 says what I said in a couple more > words: > 15.4 provides state-of-the-art cryptographic mechanisms. > These can be used for security, but 15.4 does not say how. > In particular there is no defined key management. > The references you gave don't change that (but they do contain > proposals for nice fixes, in particular finally a secured ACK). > > I'm not saying all this to critique 15.4, just to wake up people on > this list to the fact that we cannot simply rely on the wonderful > security provided by 15.4 -- there is none, unless we add key > management. > > And frame counter synchronization. People see the frame > counters and think they replay protection. We should > either finish the job or not use the frame counters. > > -Richard Kelsey > _______________________________________________ > 6lowpan mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/6lowpan > > _______________________________________________ 6lowpan mailing list [email protected] https://www.ietf.org/mailman/listinfo/6lowpan The information contained in this message may be confidential and legally protected under applicable law. The message is intended solely for the addressee(s). If you are not the intended recipient, you are hereby notified that any use, forwarding, dissemination, or reproduction of this message is strictly prohibited and may be unlawful. If you are not the intended recipient, please contact the sender by return e-mail and destroy all copies of the original message. _______________________________________________ 6lowpan mailing list [email protected] https://www.ietf.org/mailman/listinfo/6lowpan
