Randy, We have not ruled out neighbor-to-neighbor authentication, but would like to keep that mechanism independent from draft-ietf-6tisch-6top-protocol to that (1) draft-ietf-6tisch-6top-protocol doesn't define two things and (2) we can assemble draft-ietf-6tisch-6top-protocol with different security solutions.
Happy to hear input from others. Thomas On Thu, Jan 19, 2017 at 1:59 PM, Randy Turner <[email protected]> wrote: > Hi All, > > In draft-ietf-6tisch-6top-protocol-03, the security considerations > section implies no additional security mechanisms for 6top — instead, the > draft relies on existing layer-2 security mechanisms for integrity and > confidentiality. > > I was curious if others in the WG have considered whether or not a one-hop > neighbor is “authorized” to add a cell to another neighbor’s schedule? > We’re assuming if a neighbor has securely joined the network, then all > neighbors are implicitly authorized to modify each other’s schedule (or > possibly a PCE is authorized). > > In looking at the IEEE 802.15.12 ULI work, there may be an opportunity to > introduce authorization into the ULI, and the ACE group has one solution > for potentially enabling this functionality. > > Just curious if anyone on the list has considered authorization as a third > security vector for 6top, in addition to confidentiality and integrity. > > Thanks! > > Randy > > _______________________________________________ > 6tisch mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/6tisch > > -- _______________________________________ Thomas Watteyne, PhD Research Scientist & Innovator, Inria Sr Networking Design Eng, Linear Tech Founder & co-lead, UC Berkeley OpenWSN Co-chair, IETF 6TiSCH www.thomaswatteyne.com _______________________________________
_______________________________________________ 6tisch mailing list [email protected] https://www.ietf.org/mailman/listinfo/6tisch
