Kris Pister <[email protected]> wrote: > Things that a mote might start with (one or more of): > A) nothing > B) PSK(s) > C) raw public/private key > D) certificate(s) from > i) manufacturer/distributor/installer > ii) consortium (e.g. Corner Grocers Alliance) > iii) end user/owner (e.g. Charlie's Market) > iv) desired network(s)
> Things that a mote might end with:
> 1) L2 key(s) for MIC (and optionally encryption)
> 2) DTLS session with JCE if present
> 3) DTLS session with PCE if present
> 4) L2 keys for 6top communication to neighbors
> 5) locally-significant certificate for future joins
I agree with your characterisation, but (A) can't be correct.
> We need a way for people who say "I don't want the hassle of security,
> and I can't afford a chip with ECC" (e.g. start state A) to still
> transition to something
> that is
> secure after the join process is over.
I can design/pick an online protocol where such a device that has been
provisioned at manufacturing time with a (larger) symmetric key could join.
To make this work requires that the manufacturer always be online and
available, that the devices are never resold or repurposed without the
participation of the manufacturer, and the privacy footprint of the solution
may poor. Such a join process may lack PFS, and maybe some forms of replay
attack may be possible; that suggests that the device, once provisioned may
never be factory defaultable.
I would prefer to leave (A) out for now.
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ 6tisch mailing list [email protected] https://www.ietf.org/mailman/listinfo/6tisch
