Robert Cragie writes: > provide the secure session with which to transport the data. So I think Tero > has this wrong - PANA definitely can be used to distribute keys and be used > for rekeying, however I mean this independent of the pairwise key established > as part of the authentication between JN and JCE.
That might be true for general case, but in the 802.15.9 annex D says: D.2 Use Cases The main use of PANA in 802.15.9 is for provisioning the link-layer credentials (LLCs) to the joining node, where the LLCs can be of any type including shared key and public key credentials. LLCs are used for secure link establishment between adjacent 802.15.9-capable nodes. The process of provisioning the LLCs is also referred to as bootstrapping. Bootstrapping can also be used for renewing the LLCs. A KMP used for bootstrapping is referred to as a bootstrapping KMP. A KMP used to secure link establishment is referred to as a link-establishment KMP. While PANA can be used for both bootstrapping and link-establishment, this document provides the guidelines for the use of PANA as a bootstrapping KMP. I.e. for some reason 802.15.9 annex was written in a way where it only describes how it is used as a bootstrapping KMP. And no, I do not know why it was written that way. -- [email protected] _______________________________________________ 6tisch mailing list [email protected] https://www.ietf.org/mailman/listinfo/6tisch
