Tero Kivinen <[email protected]> wrote: > Of course if the KMP is run only between JN and JA, and the ACL check > is done between JA and JCE, then JCE has to trust JA to check > credentials of the JN before letting it to join. If you do not trust > your JAs enough to do that, then you need to run EAP and run > authentication in the JCE instead of in the JA.
It's not really about trusting the JA exactly, but that is an issue.
It is, in my opinion, about cost (RAM/battery) of state (DDoS on JA).
The other side of the question is what does the JCE provide the JA
that it can use to authenticate the network to the JN, and which the JN can
validate. That's where the trust issue is really.
It would be useful for the 6tisch *SPECIFIC* situation if we could better
understand what the power/connectivity of the JA might be. If in a typical
6tisch industrial setting, if we could assume the JA were more powerful, that
would change things. In a generic LLN things would be different.
> Also quite soon you will realize that we need to have rekeys, and we
> need to be able to distribute group keys, and we need to do group
> membership management -> you are adding more and more KMP features...
I agree here: having a good KMP is really useful.
--
Michael Richardson
-on the road-
pgpKPfbl9Fr9X.pgp
Description: PGP signature
_______________________________________________ 6tisch mailing list [email protected] https://www.ietf.org/mailman/listinfo/6tisch
