Hello Michael I agree that the details of how it is done in practice belong to minimal security. My expectation would be that we discuss times when it is appropriate to rekey, and what it takes to do that.
Out of my hat (but please come back with cases that I missed) I can see that: - we need to rekey to expel undesired nodes. - we need to rekey if a short address is reassigned to avoid nonce-replay attacks with an ASN in the past - the ASN-based nonce never wraps in practice, but should we reset ASN -or allow it to go back in time - for whatever reason, we'd need to rekey as well. - based on Mirja's comment - seconded by Benjamin - minimal security should be a normative reference since it expands on the security considerations I think it does not hurt to have a word on that in the architecture, even if more details are found in minimal security All the best, Pascal > -----Original Message----- > From: 6tisch <6tisch-boun...@ietf.org> On Behalf Of Michael Richardson > Sent: mardi 20 août 2019 22:03 > To: Pascal Thubert (pthubert) <pthub...@cisco.com>; Benjamin Kaduk > <ka...@mit.edu>; =?iso-8859-2?Q?Mali=B9a_Vu=E8ini=E6?= > <malisa.vuci...@inria.fr>; Tero Kivinen <kivi...@iki.fi>; 6tisch@ietf.org > Subject: Re: [6tisch] rekeying the 6TiSCH network > > > Pascal Thubert (pthubert) <pthub...@cisco.com> wrote: > > I'm looking for a consensus on how to address the following review > > comment on the 6TiSCH Architecture by Benjamin: > > >> It would be good to see some architectural discussion about key > >> management > >> for the link-layer keys. (Given that 802.15.4 leaves key management > >> as out of > >> scope, it is clearly our problem.) Thus far I don't even have a sense > >> for when it is > >> possible to rotate a network's keys. > > PT> I'll take that to a separate thread with Michael, Tero and Malisa. It > PT> is certainly possible to rotate keys. We had a draft about rekeying > PT> that went stale. We isolated cases where this is desirable in the > PT> discussion on the minimal security draft. I'm unclear how deep we > PT> need to go in this regards vs. what belongs to the minimal security > PT> specification. > > 6tisch-minimal-security has a section 8.2 "Parameter Update Exchange" > Maybe it should include "(and Rekey)" > > We further have section 8.4.3.1 and 8.4.3.2 to explain how to use that to > rekey > the entire network. > > I'm not sure what's in the Architecture document about this, but I'd rather > that it > just said less. > > -- > Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works - > = IPv6 IoT consulting =- > > _______________________________________________ 6tisch mailing list 6tisch@ietf.org https://www.ietf.org/mailman/listinfo/6tisch
