Dear all : I published in the bucket an early version of archie 07 that takes care of most of Michael's comments (Michael please review my responses in the tickets and eventually propose a better stack figure).
But some comments on section 13 need some more attention, in particular from the security DT. Here they are: ------------ Device Authentication: The JN and the JA mutually authenticate each other and establish a shared key, so as to ensure on-going authenticated communications. This may involve a server as a third party. I again say that this is incorrect, the JA will never be able to authenticate itself to the JN. It may be able to present some authorization from the network owner, that the JA is authorized to act on behalf of the network owner. Unless you consider un-authenticated DH exchange "authentication", or you decide that it's okay for the JA to just not accept any public (some kind of leap of faith), the JA will not have an identity that a JN will accept. ----------- I have also repeatedly complained that figure 10 is inaccurate, because it fails to depict that authorization begins before authentication finishes. Perhaps the second two unidirectional arrows are part of the authentication phase, I don't know. I suggest that figure 10 be omitted. --------- Comments? Cheers, Pascal
_______________________________________________ 6tisch mailing list [email protected] https://www.ietf.org/mailman/listinfo/6tisch
