Hi Malisa,
Just one point to understand the temporary secure link between JN and
JA.
Consequently, that means during the whole bootstrap process the link
between JA and JN is not secured by layer2 keys.
This is still under discussion within the design team, but the
conclusion is the same — we can’t provide any L2 security at that
point because L2 keys are simply not known. One option is to use
well-known K1 to provisionally protect the join packets at L2 but this
of course does not provide any security other than helping to
bootstrap L2. Another option is for JA to simply accept unsecured
packets at L2, and make it an exception for join traffic, potentially
only during the duration of the join process.
I like to state the objectives of the "temporary secure link" (TSL)
between JA and JN as I see them.
Sorry for stating the obvious.
The security objectives for the TSL are:
(1) When the JN is correct, malicious nodes cannot decode the key
exchange between JN and JCA or replay them.
(2) When the JN is malicious,
(2.1) the TSL keys cannot be used to decode the key exchange over other
TSL's or replay them.
(2.2) the TSL MUST be restricted to a set of messages to prevent the
malicious node from misusing the network.
Protocol choices are:
The selection and generation of TSL keys.
The selection and enforcement of message sets.
Do you agree? Is there more?
I repeat these objectives because especially objective 2.2 seems to be
silently understood or ignored; although you seem to mention them in the
text above.
Selecting messages on destination address in JA, may allow setting up a
path between JN and JCA where JN uses a global address, provided by JA.
That will simplify the replacement of EST over CoAPs by your EDHOC,
OSCOAP protocol and vice versa.
As expressed earlier, I like to define separate protocol parts which can
be changed during technology evolution.
Is that a design consideration you want to take into account?
Peter
_______________________________________________
6tisch mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/6tisch
