I agree. The ability to do stuff like this is one of the big advantages
of being connected with the internet. Let's use it.
As usual Rene, I'm going to ask you to tell me exactly what I'm supposed
to buy from you (I mean "implement", sorry). :)
What's right approach? Do we start with what you did in Zigbee, or
isa100, or an existing rfc, or what?
ksjp
Rene Struik wrote:
Hi Richard:
A simple approach avoiding duplicate device identifiers would be to register devices with a registration authority and hand out device certificates that bind the device id with public/private keying material. If devices can only gain access to a network by presenting their public key certificate, this would push counter-feit devices off the cliff, since the registration authority would not allow registration of more than one device with the same device id.
(Obviously, one can still try and clone a device by trying and extract private keys as well and copying this info to a number of devices, all with the same device id, something - if deemed to be a real risk - to be dealt with by proper implementation security and security techniques along the supply chain.)
Best regards,
Rene
-----Original Message-----
From: [email protected] [mailto:[email protected]] On Behalf Of
Richard Kelsey
Sent: Friday, June 12, 2009 11:18 AM
To: Rene Struik
Cc: [email protected]
Subject: Re: [6lowpan] (16-bit addresses are not globally unique) RE: ad hoc
whiteboard (was: [Fwd: New Version Notification for draft-ietf-6lowpan-nd-03])
From: Rene Struik <[email protected]>
Date: Thu, 11 Jun 2009 16:44:46 -0400
One cautionary node: in my mind, secure, yet easy to use device
configuration and trust lifecycle management relies on devices to be
uniquely identified in a static way, in a vendor independent
fashion.
Sadly, as I learned on another part of this thread, it
appears that we may not be able to rely on having static,
globally-unique identifiers. Manufacturers of
counterfeit-branded devices have a disincentive to
cooperate.
As such, this assumes a globally unique name space across all
nodes. This suggests that "globally unique" is not a proper adjective
for "16-bit addresses" (unless you wish global device deployment to be
limited to 64k devices only [which I hope not...]).
"Globally unique" was indeed incorrect. I should have
said "unique within the LoWPAN" or some such.
-Richard Kelsey
_______________________________________________
6lowpan mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/6lowpan
_______________________________________________
6lowpan mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/6lowpan
_______________________________________________
6lowpan mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/6lowpan
