Malisa Vucinic writes: > Could you see if this sums up our discussion. Yes, good summary.
> Reminder: K1 is used to authenticate BEACON frames (security levels MIC-32, > MIC-64, and MIC-128); > K2 used to authenticate + encrypt DATA (including broadcast), ACK, COMMAND > frames (security levels ENC-MIC-32, ENC-MIC-64, and ENC-MIC-128). > > Option 1: > K1, KeyIdMode 0b00 (implicit keying) > K2, KeyIdMode 0b01 (Explicit Key Index) > > Pros: No extra overhead for K1; Flexible re-keying of K2. > Cons: Difficult re-keying of K1; 1 byte signaling overhead for K2; Limits > pairwise keying with KeyIdMode 0b00 in a later stage; > > > > Option 2: > K1, KeyIdMode 0b01 (with 6tisch predefined Key Index) > K2, KeyIdMode 0b01 (Explicit Key Index) > > Pros: Flexible re-keying for K1 and K2. > Cons: 1 byte signaling overhead for K1 and K2; Potential collision of the > 6tisch predefined Key Index with other networks using KeyIdMode 0b01, which > would delay the join process. > > > > Options 3: > K1, KeyIdMode 0b11 (explicit 8 byte Key Source field with a 6tisch > pre-defined address) > K2, KeyIdMode 0b01 (Explicit Key Index) > > Pros: Flexible re-keying for K2; Globally unique identification of 6tisch > networks with K1. > Cons: 9 byte signaling overhead for K1; 1 byte signaling overhead for K2. -- [email protected] _______________________________________________ 6tisch mailing list [email protected] https://www.ietf.org/mailman/listinfo/6tisch
