Malisa Vucinic writes: > Ok, I see your point. If you don’t think we should design a new one, > is there something already specified that does not require 10+ > exchanges that we could use?
Depends on your requirements and what kind of authentication and authorization you are doing. The example I gave with IKEv2 + EAP-AKA is 3 exchanges between JN and JA (exchange = message pair, i.e. one request and one reply) and 2 exchanges between JA and JCE. The exchanges between JN and JA would most likely be fragmented as they will not fit 100 bytes, so actual 802.15.4 frames count is even higher. The exchanges between JA and JCE can most likely be fit in 802.15.4 frames, so they are single frames. I am not expert in EAP methods, so I have not really checked what can be done there, but they usually do require two exchanges between JA and JCE, as there needs to be some kind of challenge from JCE to be sent to the JN through JA, and JN needs to reply to that, and only after that JCE can signal JA and JN that authentication and authorization is successful. There might be some method where the challenge might be generated in such way that JA could generate it and forward both the challenge it generated and the reply from JN to the JCE, but in that case I think that puts more trust on the JA by the JCE, and I do not know if there us such EAP method, and how secure it is. -- [email protected] _______________________________________________ 6tisch mailing list [email protected] https://www.ietf.org/mailman/listinfo/6tisch
