Hi 6tisch security,
Having re-read RPLinfo and reading the secure-join draft, I do have a
suggestion about the traffic from pledge to registrar. The draft already
mentions the IP-in-IP encapsulation specified in RPLinfo draft. Why not
rely on the RPLinfo draft for the pledge to Registrar communication
completely?
The pledge can be considered a non-RPL aware node, one hop away from a
DODAG node.
The pledge may receive (allocate itself) a "temporary" routable IPv6
address.
When it sends requests to the Registrar the join-proxy (first 6lri in
RPLinfo) will add the necessary IP-in-IP headers. Also for the message
from Registrar to pledge the same RPLinfo specification will be used.
The Registrar does not need to be part of the DODAG, because RPLinfo
prescribes what to do.
I don't think allocating a temporary routable address will make the
network more vulnerable.
Communication between pledge and assistant is still over an insecure
link with a permission to allow traffic from this one routable address
(instead of link-local address) to the registrar.
Once the pledge is accepted and the link is secured, I assume that
neighbour discovery takes place, prefixes are distributed, routable
addresses are allocated, and the temporary address disappears.
Using RPLinfo makes the protocol less ad-hoc and relies on other
established (RPLinfo) specifications.
Greetings,
Peter
--
Peter van der Stok
mailto: [email protected]
www: www.vanderstok.org
tel NL: +31(0)492474673 F: +33(0)966015248
_______________________________________________
6tisch mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/6tisch
