Tero, Could you see if this sums up our discussion.
Reminder: K1 is used to authenticate BEACON frames (security levels MIC-32, MIC-64, and MIC-128); K2 used to authenticate + encrypt DATA (including broadcast), ACK, COMMAND frames (security levels ENC-MIC-32, ENC-MIC-64, and ENC-MIC-128). Option 1: K1, KeyIdMode 0b00 (implicit keying) K2, KeyIdMode 0b01 (Explicit Key Index) Pros: No extra overhead for K1; Flexible re-keying of K2. Cons: Difficult re-keying of K1; 1 byte signaling overhead for K2; Limits pairwise keying with KeyIdMode 0b00 in a later stage; Option 2: K1, KeyIdMode 0b01 (with 6tisch predefined Key Index) K2, KeyIdMode 0b01 (Explicit Key Index) Pros: Flexible re-keying for K1 and K2. Cons: 1 byte signaling overhead for K1 and K2; Potential collision of the 6tisch predefined Key Index with other networks using KeyIdMode 0b01, which would delay the join process. Options 3: K1, KeyIdMode 0b11 (explicit 8 byte Key Source field with a 6tisch pre-defined address) K2, KeyIdMode 0b01 (Explicit Key Index) Pros: Flexible re-keying for K2; Globally unique identification of 6tisch networks with K1. Cons: 9 byte signaling overhead for K1; 1 byte signaling overhead for K2. Regards, Mališa Vučinić _______________________________________________ 6tisch mailing list [email protected] https://www.ietf.org/mailman/listinfo/6tisch
