Mališa Vučinić <[email protected]> wrote: > Instead, as with traditional TSCH, the joined node can obtain its time > information from its time source neighbor, i.e. RPL preferred parent, > by triggering an exchange of link-layer frames with L2 security > features enabled. The MSF draft already mandates that the first > outgoing message from the joined node after joining is the 6P ADD > message to its preferred parent, which consequently gets protected with > L2 security.
But, how can the L2-security work if the newly-joined node has an ancient
ASN? Won't the parent just drop the packet as being a replay, and then what?
> What needs to be specified clearly is that this first 6P
> exchange should not be encrypted but only authenticated at L2.
> Upon successful completion of the first 6P exchange with its time
(routing)
> parent, the joined node obtains a negotiated cell and as a side effect
> proves freshness of the ASN used.
I'd rather that we added a new exchange, rather than special casing some 6P
interaction here. An RPL DIS would be a better choice here, I think, with
an RPL DAO unicast reply. Still, I hate to special case this as being
authenticated only.
Doesn't that have to happen first?
Is the DIS unicast or multicast. Hmm.
How do we put something unique in it that has to be replied to proving the
freshness of the ASN against a reply attack.
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ 6tisch mailing list [email protected] https://www.ietf.org/mailman/listinfo/6tisch
