Is there any technical reason that simple, reliable, end-user
configuration tools couldn't be developed that pre-configure
network-specific keys?
Probably not, if the mechanism for doing such configuration (AKA
provisioning) is standardized and made mandatory, so that such tooling
is ubiquitous and ALWAYS works. For example, an LED is a poor
photo-transistor, so hooking it up as a 3-terminal device could provide
a way to get an optical signal into the device that is being provisioned
for the network without adding any extra hardware to most devices. (Note
that there is a patent on this specific reverse-LED-as-a-photodiode
approach, by Matsushita if I recall correctly.) Privacy during the
injection process can be achieved via a fiber-optic cable with boots on
the ends, or by doing the provisioning in a closed windowless room. Any
decent modern cellphone will likely be programmable enough to provide
the requisite optical signaling.
That would be all well and good for an industry standard, such as
WirelessHART (which itself mandates a different secure way to do that
initial provisioning). But it's unlikely to be acceptable for something
that purports to be a communication standard, since mandating a specific
type of auxiliary provisioning channel is unlikely to be acceptable to
the wider community.
-Tom
=====
On 2015.05.04 14:52, Timothy J. Salo wrote:
... If the key is generated randomly for each network, that's fine, but
then how do the new nodes join? Either they get programmed with
the randomly generated key for the particular network that they want
to join
OK, ...
(which is not an acceptable solution to most end users) ...
Why don't users find this acceptable?
It seems to me that vendors ought to provide tools that make this
configuration process painless. Is the problems that vendors aren't
delivering tools that make this configuration simple and painless?
Or, do customers not want to have incoming products flow through a
common point or process?
It seems to me that some level of technical competence is necessary to
install or even replace these nodes, and that this level of technical
of competence ought to be adequate to pre-configure nodes (assuming
that adequate tools are available). Of course, if these tools could
be used by field technicians, then incoming nodes wouldn't have to
flow through a common location or process.
Alternatively, this pre-configuration seems to be something that
vendors ought to provide, (as a service). (Presumably, this would
stimulate the development of tools that would make the configuration
process simple and painless.) Of course, it's not clear whether
distributors would want to provide this process.
Is there any technical reason that simple, reliable, end-user
configuration tools couldn't be developed that pre-configure
network-specific keys?
-tjs
_______________________________________________
6tisch mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/6tisch
_______________________________________________
6tisch mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/6tisch
