I have read the security sections of draft-ietf-roll-rpl-11.
The encumbered signature algorithms have been removed, which is good.
There are two major issues which I thought were brought up in RPL-10
which are still unresolved:
1) if RPL is using a link-level security mechanism, how can
the distinction in section 3.3.3 (and 10.1) between "pre-installed"
and "authenticated" be communicated from the link-level
security to the RPL-level?
I.e. how is layer-2/layer-3 channel binding done?
(When the security is built-in, then section 10.2 tries to explain
it, and I think the idea will work, but I'm not sure if the actual
details are right.
The rules of 10.2 will take me some time to fully understand,
and they are very new.)
2) we still do not know how to calculate the MAC.
What byte does it start at? The beginning of the IPv6 header,
it says in 10.8. What values go into the mutable fields? What
about checksum? Flow-Label? I'd guess zero, but???
I'd like to see a sample packet in the document along with the
keys involved.
--
] He who is tired of Weird Al is tired of life! | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr@xxxxxxxxxxxxxxxxxxxxxx http://www.sandelman.ottawa.on.ca/ |device driver[
Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE>
then sign the petition.
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf