Let's see if we can get agreement at a high level on what we're trying to do
during the joining process.
Things that a mote might start with (one or more of):
A) nothing
B) PSK(s)
C) raw public/private key
D) certificate(s) from
i) manufacturer/distributor/installer
ii) consortium (e.g. Corner Grocers Alliance)
iii) end user/owner (e.g. Charlie's Market)
iv) desired network(s)
Things that a mote might end with:
1) L2 key(s) for MIC (and optionally encryption)
2) DTLS session with JCE if present
3) DTLS session with PCE if present
4) L2 keys for 6top communication to neighbors
5) locally-significant certificate for future joins
The mote might start with things in {B, C, D} at manufacture, or by some
out of band
commissioning step as suggested by Tero and Timothy.
The keys that a mote gets in 1 and 4 may all be generated by a single
entity (e.g. JCE)
or they may be generated locally from one or more Master Keys.
Some of the things in the desired end state (like 1 or 5) might have
been installed
already (like B or D.iv).
We need a way for people who say "I don't want the hassle of security,
and I can't
afford a chip with ECC" (e.g. start state A) to still transition to
something that is
secure after the join process is over.
ksjp
_______________________________________________
6tisch mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/6tisch
