Hi Yoshi, Unlike legacy EAP transports, the final EAP result delivery in PANA is two-way (acknowledged) and also crypto-protected using the key generated from successful EAP authentication. Therefore, I don't think we need an additional step of key confirmation.
Alper On Nov 10, 2015, at 5:41 PM, <[email protected]> wrote: > Actually LLCs for PANA in 802.15.9 section D.2 can be link-layer keys that > are independent of pair-wise key established between JN and JCE. In this > case, we might need a key confirmation protocol (such as MLE 3-way handshake > ) used as an 802.15.9 KMP between JN and JA. > > Yoshihiro Ohba > > > -----Original Message----- > From: 6tisch [mailto:[email protected]] On Behalf Of Tero Kivinen > Sent: Monday, November 09, 2015 9:06 AM > To: [email protected] > Cc: Malisa Vucinic; Michael Richardson; [email protected]; Rafa Marin Lopez > Subject: Re: [6tisch] Directions on the join process > > Robert Cragie writes: >> provide the secure session with which to transport the data. So I >> think Tero has this wrong - PANA definitely can be used to distribute >> keys and be used for rekeying, however I mean this independent of the >> pairwise key established as part of the authentication between JN and JCE. > > That might be true for general case, but in the 802.15.9 annex D says: > > D.2 Use Cases > > The main use of PANA in 802.15.9 is for provisioning the link-layer > credentials (LLCs) to the joining node, where the LLCs can be of any type > including shared key and public key credentials. LLCs are used for secure > link establishment between adjacent 802.15.9-capable nodes. > The process of provisioning the LLCs is also referred to as bootstrapping. > Bootstrapping can also be used for renewing the LLCs. A KMP used for > bootstrapping is referred to as a bootstrapping KMP. A KMP used to secure > link establishment is referred to as a link-establishment KMP. While PANA can > be used for both bootstrapping and link-establishment, this document provides > the guidelines for the use of PANA as a bootstrapping KMP. > > I.e. for some reason 802.15.9 annex was written in a way where it only > describes how it is used as a bootstrapping KMP. And no, I do not know why it > was written that way. > -- > [email protected] > > _______________________________________________ > 6tisch mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/6tisch > > _______________________________________________ > 6tisch mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/6tisch _______________________________________________ 6tisch mailing list [email protected] https://www.ietf.org/mailman/listinfo/6tisch
