Tero,

Could you see if this sums up our discussion.

Reminder: K1 is used to authenticate BEACON frames (security levels MIC-32, 
MIC-64, and MIC-128); 
K2 used to authenticate + encrypt DATA (including broadcast), ACK, COMMAND 
frames (security levels ENC-MIC-32, ENC-MIC-64, and ENC-MIC-128).

Option 1:
K1, KeyIdMode 0b00 (implicit keying)
K2, KeyIdMode 0b01 (Explicit Key Index)

Pros: No extra overhead for K1; Flexible re-keying of K2.
Cons: Difficult re-keying of K1; 1 byte signaling overhead for K2; Limits 
pairwise keying with KeyIdMode 0b00 in a later stage;



Option 2:
K1, KeyIdMode 0b01 (with 6tisch predefined Key Index)
K2, KeyIdMode 0b01 (Explicit Key Index)

Pros: Flexible re-keying for K1 and K2.
Cons: 1 byte signaling overhead for K1 and K2; Potential collision of the 
6tisch predefined Key Index with other networks using KeyIdMode 0b01, which 
would delay the join process. 



Options 3:
K1, KeyIdMode 0b11 (explicit 8 byte Key Source field with a 6tisch pre-defined 
address)
K2, KeyIdMode 0b01 (Explicit Key Index)

Pros: Flexible re-keying for K2; Globally unique identification of 6tisch 
networks with K1.
Cons: 9 byte signaling overhead for K1; 1 byte signaling overhead for K2.

Regards,
Mališa Vučinić
_______________________________________________
6tisch mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/6tisch

Reply via email to