Turner, Randy <[email protected]> wrote: > I think it's a false assumption that just because K1 is pre-provisioned > that K2 will be pre-provisioned as well -- there are many network > success stories that utilize pre-provisioning of an endpoint-unique K1 > to bootstrap other trust relationships.
You didn't say what I said.,
I'm saying that if K1 has to be provisioned in the field, (not
pre-provisioned at manufacturer time), that one might as well provision K2 to
as well.
I wonder what you mean by "pre-provisioning" here, and if you can point at
the the success stories you mention.
> -----Original Message-----
> From: 6tisch [mailto:[email protected]] On Behalf Of Michael
Richardson
> Sent: Tuesday, May 05, 2015 2:06 PM
> To: [email protected]
> Subject: Re: [6tisch] Shipping minimal
> Tero Kivinen <[email protected]> wrote:
>> Kris Pister writes:
>>> > there would be no false sense of security
>>>
>>> Can we see a show of hands of all of the people on the list who
>>> think that there is any sense of security from using a key that is
>>> published in an RFC? No? No one?
>> And ask that same question from normal users installing termostats or
>> other internet of things devices?
> But, 6tisch (minimal) is not targetted at that kind of use.
> It's targetted at industrial users that need deterministic work.
> Minimal is further targetted at well... interop.
> Let me put it differently: Bluetooth didn't specify a default key, and
didn't do enrollment for headsets sanely, and now the "K1" *and* "K2" keys are
"0000"
> We can't keep people from doing stupid things. We need known K1 in order
to bootstrap to a KMP in order to set up K2.
> If K1 has to be provisioned, then K2 will get set at the same time, and
K1 and K2 will get set to "0000".
> --
> Michael Richardson <[email protected]>, Sandelman Software Works -=
IPv6 IoT consulting =-
> P PLEASE CONSIDER OUR ENVIRONMENT BEFORE PRINTING THIS EMAIL.
> This e-mail (including any attachments) is confidential and may be
legally privileged. If you are not an intended recipient or an authorized
representative of an intended recipient, you are prohibited from using, copying
or distributing the information in this e-mail or its attachments. If you have
received this e-mail in error, please notify the sender immediately by return
e-mail and delete all copies of this message and any attachments. Thank you.
> _______________________________________________
> 6tisch mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/6tisch
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ 6tisch mailing list [email protected] https://www.ietf.org/mailman/listinfo/6tisch
