Hello,
The following are the security requirements for the device-2-database
protocol that have been derived from the threat model:
(http://www.ietf.org/mail-archive/web/paws/current/msg00768.html).
-Raj
Threat1 to Reqt1 -> The protocol MUST provide the ability for the WSDB to
authenticate the master device.
Threat 2 to Reqt2 -> The protocol MUST provide the ability for the master
device
to verify the authenticity of the WSDB that it is interacting with.
Threat 3 to Reqt3 -> The messages sent by the master device to the WSDB
MUST be
integrity protected.
Threat 4 to Reqt4 -> The messages sent by the WSDB to the master device
MUST be
integrity protected.
Threat 5 to Reqt5-> The protocol MUST provide the capability for messages
sent by the master
device and WSDB to be encrypted.
Threat 6 to Reqt6-> A Master device MAY not include its identity in
messages sent to the WSDB when not required by the regulatory
domain.
_______________________________________________
paws mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/paws
