You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
"The following is a quote from the Security Consideration section of the draft:
"The use of layer-2 or layer-3 security for RPL control messages prevents the
two aforementioned attacks, by preventing malicious nodes from becoming part of
the control plane."
The following quote is from RFC7416, section 7.1.2:
"A number of deployments, such as [ZigBeeIP] specify no Layer 3 (L3) / RPL
encryption or authentication and rely upon similar security at Layer 2 (L2).
These networks are immune to outside wiretapping attacks but are vulnerable to
passive (and active) routing attacks through compromises of nodes (see Section
8.2)."
The draft seems to suggest layer-2 security might be sufficient protection,
while RFC7416 seems to suggest that solely relying on layer-2 might not be
enough.
RFC7416, section 8.2 states:
"RPL provides for asymmetric authentication at L3 of the RPL Control Message
carrying the DIO, and this may be warranted in some deployments."
I feel that this should be discussed here to make it clear that in some
deployments, layer-2 by itself might not be sufficient and the use of
asymmetric authentication at L3 might be required."
The text was updated successfully, but these errors were encountered:
Source: https://datatracker.ietf.org/doc/review-ietf-roll-enrollment-priority-10-secdir-early-shekh-yusef-2024-01-29/
"The following is a quote from the Security Consideration section of the draft:
"The use of layer-2 or layer-3 security for RPL control messages prevents the
two aforementioned attacks, by preventing malicious nodes from becoming part of
the control plane."
The following quote is from RFC7416, section 7.1.2:
"A number of deployments, such as [ZigBeeIP] specify no Layer 3 (L3) / RPL
encryption or authentication and rely upon similar security at Layer 2 (L2).
These networks are immune to outside wiretapping attacks but are vulnerable to
passive (and active) routing attacks through compromises of nodes (see Section
8.2)."
The draft seems to suggest layer-2 security might be sufficient protection,
while RFC7416 seems to suggest that solely relying on layer-2 might not be
enough.
RFC7416, section 8.2 states:
"RPL provides for asymmetric authentication at L3 of the RPL Control Message
carrying the DIO, and this may be warranted in some deployments."
I feel that this should be discussed here to make it clear that in some
deployments, layer-2 by itself might not be sufficient and the use of
asymmetric authentication at L3 might be required."
The text was updated successfully, but these errors were encountered: