Tero Kivinen <[email protected]> wrote: > Kris Pister writes: >> > there would be no false sense of security >> >> Can we see a show of hands of all of the people on the list who >> think that there is any sense of security from using a key that is >> published in an RFC? No? No one?
> And ask that same question from normal users installing termostats or
> other internet of things devices?
But, 6tisch (minimal) is not targetted at that kind of use.
It's targetted at industrial users that need deterministic work.
Minimal is further targetted at well... interop.
Let me put it differently: Bluetooth didn't specify a default key, and didn't
do enrollment for headsets sanely, and now the "K1" *and* "K2" keys are "0000"
We can't keep people from doing stupid things. We need known K1 in order to
bootstrap to a KMP in order to set up K2.
If K1 has to be provisioned, then K2 will get set at the same time, and K1
and K2 will get set to "0000".
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ 6tisch mailing list [email protected] https://www.ietf.org/mailman/listinfo/6tisch
