Kris Pister writes: > Whatever value you choose for K1, you will need to store it. The > abstraction of a macKeyTable gets implemented in software and > hardware in a lot of different ways. The details are not > standardized. Whatever the implementation interface is for a given > chip and stack, that's the one you use for storing K1, whatever it's > value. The software can also be written (and is written for many > shipping products) so that when a mote is trying to synchronize it > uses K1 to process EBs. You don't need a 9B header to define this - > it's just what the software does to be compliant with a higher-layer > standard.
You need to specify how that K1 will be identified in the frames. For the 802.15.4 the keys in the frames are identified using the combination of KeyIdMode, KeySource and KeyIndex. KeyIdMode 0b00 is not used for group keys, it is for pairwise keys between peers. KeyIdMode 0b01 uses only KeyIndex to identify key, and it assumes everybody in the network already have predefined macDefaultKeySource that is used to identify to the owner of the key. This is not really usable for the joining, as the joining device does not know the macDefaultKeySource or if everybody is using default macDefaultSource (all ff's) then this does not separate networks using different well-known keys. KeyIdMode 0b10 uses KeySource consisting of PAN ID and short address, in addition to the KeyIndex. As the PAN ID is unknown before we start joining the network, the joining device cannot configure the Key to the MAC before it knows the PAN ID, and then we would need some kind of definition in the minimal draft saying that short address of xxxx is allocated for this etc. What Rene was saying that for something that really works is to use KeyIde Mode 0b11 which uses 64-bit extended address as KeySource, in addition to the KeyIndex. And in this mode we would specify the 64-bit extended address that would be used for this well know key. This will mean you will use 9 octet KeySource field. If bootstrapping phase, or provisioning step is used, those KeyIdMode, KeySource and KeyIndex associated with the ky can be distributed at that point. If we do not ues the 9 octet header, then what shall we use for KeyIdMode, KeySource and KeyIndex when using the well-known K1 key? -- [email protected] _______________________________________________ 6tisch mailing list [email protected] https://www.ietf.org/mailman/listinfo/6tisch
