. On the rekeying topic for IEEE 802.15.4. Have a look at IEEE 802.15.9. It takes existing key establishment protocols (IEEE 802.1x, etc.) and provides encapsulation over IEEE 802.15.4.
IEEE 802.15.9 does not solve all of your rekey needs but the tools are there when you agree on how you want rekeying to work. Don On 8/20/19, 1:03 PM, "6tisch on behalf of Michael Richardson" <6tisch-boun...@ietf.org on behalf of mcr+i...@sandelman.ca> wrote: > >Pascal Thubert (pthubert) <pthub...@cisco.com> wrote: > > I'm looking for a consensus on how to address the following review > > comment on the 6TiSCH Architecture by Benjamin: > > >> It would be good to see some architectural discussion about key > >> management > >> for the link-layer keys. (Given that 802.15.4 leaves key >management > >> as out of > >> scope, it is clearly our problem.) Thus far I don't even have a >sense > >> for when it is > >> possible to rotate a network's keys. > > PT> I'll take that to a separate thread with Michael, Tero and >Malisa. It > PT> is certainly possible to rotate keys. We had a draft about >rekeying > PT> that went stale. We isolated cases where this is desirable in the > PT> discussion on the minimal security draft. I'm unclear how deep we > PT> need to go in this regards vs. what belongs to the minimal >security > PT> specification. > >6tisch-minimal-security has a section 8.2 "Parameter Update Exchange" >Maybe it should include "(and Rekey)" > >We further have section 8.4.3.1 and 8.4.3.2 to explain how to use that >to rekey the entire network. > >I'm not sure what's in the Architecture document about this, but I'd >rather that it just said less. > >-- >Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works > -= IPv6 IoT consulting =- > > > >_______________________________________________ >6tisch mailing list >6tisch@ietf.org >https://www.ietf.org/mailman/listinfo/6tisch _______________________________________________ 6tisch mailing list 6tisch@ietf.org https://www.ietf.org/mailman/listinfo/6tisch
