RIOT-OS/RIOT
RIOT-OS/RIOT
1
0
Fork 0
mirror of https://github.com/RIOT-OS/RIOT.git synced 2024-12-29 04:50:03 +01:00
Code Releases Activity

doc: Extend and take responsibility for 802.15.4 security roadmap

Browse Source
This commit is contained in:
chrysn 2023-11-30 12:14:12 +01:00
parent 7b01d41eca
commit 5542ecd9a7
1 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
doc/doxygen/src/roadmap.md
View File

@ -97,4 +97,18 @@ The text and items below are tentative, up for discussion, to be updated by regu
1. RNG unified (secure, or basic), seeding
2. easy TinyDTLS integration in sock, with CoAP etc.
4. RIOT default configuration = secure configuration (that's our goal/motto)
5. 802.15.4 link layer security (gaps in RFCs? How to update keys?)
## 802.15.4 link layer security
(contact/steering: [chrysn](https://github.com/chrysn))
Current status: RIOT supports application provided keys,
with no guidance on how to (and no practical ways to) use that securely
(see [CVE-2021-41061](https://nvd.nist.gov/vuln/detail/CVE-2021-41061)).
Goal: Usably secure defaults.
1. Figure out applicability of [RFC9031](https://www.rfc-editor.org/rfc/rfc9031) ("CoJP") to non-6TiSCH scenarios.
2. Implement RFC9031 with any extensions needed for the MACs RIOT has.
3. Provide tools to set up a recommended JRC, and to provision keys between it and the device at flash time.
This may entail extensions to the build process, as CoJP requires per-device secrets.