> On 05 Nov 2015, at 14:01, Rafa Marin Lopez <[email protected]> wrote: > > What I meant is that for security reasons we will have to refresh the keying > material. For example, EAP Key Management Framework recommends 8 hours as > default lifetime (this might be modified in this type of networks). Thus, I > do not think the source code will be used only once.
Ok, I see what you mean. So, yes, if we go for the EAP approach, we would be using it for rekeying as well. The problem I have there is that we will in any case need to use DTLS, and even maybe the object security mechanism ACE comes up with for application session security so I don’t think this would be optimal from code point of view. >> >>> EAP-AKA has two messages + EAP Success : EAP-Req/AKA (4 bytes header EAP + >>> 1 the type) + EAP-Resp/AKA (4 bytes header EAP +1 the type) + EAP >>> success(4 bytes) = 14 overhead with respect to running “AKA" without EAP. >> >> Ok thanks. So, am I right if I say that this will trigger 3 additional >> frames at L2 with additional CoAP / UDP-6LoWPAN-IPv6 / 15.4 overhead? > > Not sure about what you mean with 3 “additional" frames at L2. Additional to > what else?. You also mention additional CoAP/UDP...? Are you assuming > CoAP-EAP? I was referring to the 14-byte overhead you referenced above in case we use CoAP for EAP transport. Is my understanding wrong? _______________________________________________ 6tisch mailing list [email protected] https://www.ietf.org/mailman/listinfo/6tisch
