Hi Richard: A simple approach avoiding duplicate device identifiers would be to register devices with a registration authority and hand out device certificates that bind the device id with public/private keying material. If devices can only gain access to a network by presenting their public key certificate, this would push counter-feit devices off the cliff, since the registration authority would not allow registration of more than one device with the same device id.
(Obviously, one can still try and clone a device by trying and extract private keys as well and copying this info to a number of devices, all with the same device id, something - if deemed to be a real risk - to be dealt with by proper implementation security and security techniques along the supply chain.) Best regards, Rene -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Richard Kelsey Sent: Friday, June 12, 2009 11:18 AM To: Rene Struik Cc: [email protected] Subject: Re: [6lowpan] (16-bit addresses are not globally unique) RE: ad hoc whiteboard (was: [Fwd: New Version Notification for draft-ietf-6lowpan-nd-03]) From: Rene Struik <[email protected]> Date: Thu, 11 Jun 2009 16:44:46 -0400 One cautionary node: in my mind, secure, yet easy to use device configuration and trust lifecycle management relies on devices to be uniquely identified in a static way, in a vendor independent fashion. Sadly, as I learned on another part of this thread, it appears that we may not be able to rely on having static, globally-unique identifiers. Manufacturers of counterfeit-branded devices have a disincentive to cooperate. As such, this assumes a globally unique name space across all nodes. This suggests that "globally unique" is not a proper adjective for "16-bit addresses" (unless you wish global device deployment to be limited to 64k devices only [which I hope not...]). "Globally unique" was indeed incorrect. I should have said "unique within the LoWPAN" or some such. -Richard Kelsey _______________________________________________ 6lowpan mailing list [email protected] https://www.ietf.org/mailman/listinfo/6lowpan _______________________________________________ 6lowpan mailing list [email protected] https://www.ietf.org/mailman/listinfo/6lowpan
