{did I send this already? Many unfinished emails I wrote on the airplane
last month lurk in drafts folder}In a private email, Pascal Thubert (pthubert) <[email protected]> suggested that we extend the RA in IE concept to include also sending RA PIOs, and possibly also RPL DIO messages. > RA info include prefix info O, router link local + SLLAO, and new > security/join option(s) indicating JA capability and whatever comes > with it. > DIO info includes Rank, root ID (hopefully compressed since there is > probably a context for that in the RA). This is used as DNA (detecting > network attachment). It would be awesome if we could find a way to distribute this information securely in the EB. The issue is that we are sending a single EB, it is authenticated, but it is not encrypted. It must not be encrypted so that long sleep nodes can resync their ASN with the network again, and they can't encrypt (or decrypt?) unless they know the ASN. So this means that any info we put into the EB will not be encrypted unless we do something very special with this Information Elements. I'm not comfortable putting the RA PIO information in the clear, nor the RPL DIO information. Note that the IE is authenticated with the "K2" key. Putting in the DODAG in would permit a long sleeping node that may have moved (or the network has changed around it) to find the right beacon, should there be more than one of them. Of course, if the K2 is still valid, it can authenticate the beacon to learn if it's the right beacon, but this won't work if the network has rekeyed it's K2. (In that case the returning node will need to use it's long-term relationship with the JCE to rekey. Not a full bootstrap) -- Michael Richardson <[email protected]>, Sandelman Software Works -= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ 6tisch mailing list [email protected] https://www.ietf.org/mailman/listinfo/6tisch
