Michael Richardson <[email protected]> writes: > It would be awesome if we could find a way to distribute this information > securely in the EB. The issue is that we are sending a single EB, it is > authenticated, but it is not encrypted. It must not be encrypted so that > long sleep nodes can resync their ASN with the network again, and they > can't encrypt (or decrypt?) unless they know the ASN. > > So this means that any info we put into the EB will not be encrypted > unless we do something very special with this Information Elements. > I'm not comfortable putting the RA PIO information in the clear, nor > the RPL DIO information. Note that the IE is authenticated with the "K2" key.
Of course, you can always encrypt a sub-section of a message. I'm not up to speed on 802.15.4e message formats, but it seems that you could define an "encrypted information elements" IE whose body consists of an auxiliary security header followed by a series of IEs that are encrypted in more or less the normal way. The only real costs are code complexity and the 2 octets of overhead for the IE. And also whether all this information can fit in the EB... Dale _______________________________________________ 6tisch mailing list [email protected] https://www.ietf.org/mailman/listinfo/6tisch
