Tero Kivinen <[email protected]> wrote: > You can also run IKEv2 over 802.15.9 using raw public keys, which will > simply be 4 messages between JN-JA, and then you do need to run some > protocol between JA-JCE, where the JA sends the hash of public key + > EUI-64 to the JCE, and JCE says whether that device should be allowed > to connect (i.e. ACL check done on the JCE).
Yes, that's good, but how does the device authenticate the JCE? Do you think the EUI-64 should be signed by the public key? Would you include some nonce from the JCE to assure freshness? -- Michael Richardson <[email protected]>, Sandelman Software Works -= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ 6tisch mailing list [email protected] https://www.ietf.org/mailman/listinfo/6tisch
