Pascal Thubert (pthubert) writes: > I do not think minimal is the place to define what proper security > is. This is use case dependent. > If we are confident that 802.15.4 can be secured at layer-2, I'm all > set. We need to indicate that it is so and let people use it.
But you still want to include well-known key in the draft for testing purposes, even when you know that you need to agree on couple of dozen other things before you can interoperate with two implementations. And I am sure it can be done unsafely. I am not sure there are that many people in the world who know how it can be done so it is actually secure. I have real fear about the security of 802.15.4 networks in general, the more I look at the things left out in the specification, i.e. things that implementors need to decide, the more I found subtle ways to cause security issues if the vendor implementing things do not know what they are doing. > If we want to define how that is done per use case, that's a Pandora > box that I do not want to open with this draft. The Pandora's box is already open, it is called 802.15.4. To be able to use that box safely you need to know how it works very well, and understand minute details in the security processing of it. I think it would be worth of effort to document that in the IETF, i.e. how to make 6tisch secure. IEEE 802.15.4 cannot do that, as there are so many environments that needs to be considered, and they need to support everything, even the broken stuff from the past. In the 6tisch we could profile the 802.15.4 TSCH in such way, that we take secure subset of it, and define how it is used securely. We can do it now as there is no 6tisch networks yet out, so we do not need to care about backward compatibility that much. We do need to care that 6tisch can be implemented with current hardware, so we cannot really extend or modify it, but we can profile it and say we use it in this way. -- [email protected] _______________________________________________ 6tisch mailing list [email protected] https://www.ietf.org/mailman/listinfo/6tisch
