Pascal Thubert (pthubert) <[email protected]> wrote: > * Michael: Layer3 (meaning and above NOTNT) Only one per > packet. Payload is > already 1000 bytes layer 2 on every packet. not reduce layer 2 security, > repeat it on every fragment. Cannot eliminate in that layer.
To clarify. If one has a 1000 byte CoAP packet, split up into 8 layer-2 fragments, the layer-3 security will be applied once. So the overhead of the layer-3 security may be much lower *on average* than the layer-2 security. The layer-2 security will get repeated on each of the 8 layer-2 fragments. It would be wonderful if that layer-3 security could be used to eliminate the overhead of the layer-2 security, but that would open up our LLNs to being used to carry bogus traffic. (The OSCOAP layer-3 security can not be checked on a hop-by-hop basis without sharing the session key everywhere) Obviously, if one has an 80-byte CoAP packet, this calculation is not the same. -- Michael Richardson <[email protected]>, Sandelman Software Works -= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ 6tisch mailing list [email protected] https://www.ietf.org/mailman/listinfo/6tisch
