mirror of
https://github.com/RIOT-OS/RIOT.git
synced 2024-12-29 04:50:03 +01:00
doc: Extend and take responsibility for 802.15.4 security roadmap
This commit is contained in:
parent
7b01d41eca
commit
5542ecd9a7
@ -97,4 +97,18 @@ The text and items below are tentative, up for discussion, to be updated by regu
|
|||||||
1. RNG unified (secure, or basic), seeding
|
1. RNG unified (secure, or basic), seeding
|
||||||
2. easy TinyDTLS integration in sock, with CoAP etc.
|
2. easy TinyDTLS integration in sock, with CoAP etc.
|
||||||
4. RIOT default configuration = secure configuration (that's our goal/motto)
|
4. RIOT default configuration = secure configuration (that's our goal/motto)
|
||||||
5. 802.15.4 link layer security (gaps in RFCs? How to update keys?)
|
|
||||||
|
|
||||||
|
## 802.15.4 link layer security
|
||||||
|
(contact/steering: [chrysn](https://github.com/chrysn))
|
||||||
|
|
||||||
|
Current status: RIOT supports application provided keys,
|
||||||
|
with no guidance on how to (and no practical ways to) use that securely
|
||||||
|
(see [CVE-2021-41061](https://nvd.nist.gov/vuln/detail/CVE-2021-41061)).
|
||||||
|
|
||||||
|
Goal: Usably secure defaults.
|
||||||
|
|
||||||
|
1. Figure out applicability of [RFC9031](https://www.rfc-editor.org/rfc/rfc9031) ("CoJP") to non-6TiSCH scenarios.
|
||||||
|
2. Implement RFC9031 with any extensions needed for the MACs RIOT has.
|
||||||
|
3. Provide tools to set up a recommended JRC, and to provision keys between it and the device at flash time.
|
||||||
|
This may entail extensions to the build process, as CoJP requires per-device secrets.
|
||||||
|
Loading…
Reference in New Issue
Block a user