Closed mcr closed 1 year ago
@EskoDijk
Besides 6TiSCH there's probably a dozen more 6LoWPAN-over-15.4 protocols existing. So in general we can't say much about "802.15.4". For example Thread has its own proprietary protocol to obtain the network key (PSK) from a designated entity. So a node can obtain that key if it can prove (DTLS handshake) that it is member of the domain.
We could add some general wording on this approach if needed? And explain that it can be different per mesh protocol.
In the constrained-voucher case, with 802.15.4 networks, once a pledge has enrolled, it may receive a certificate from the Registrar. It is unclear what it does with it's certificate in order to get connected to the 802.15.4 network. One option is that it can now do 802.15.9 security (using IKEv2 or ???) with any peer that it wishes to speak to, generating a per-node-pair set of keys. Another option is that there is a missing protocol (like RFC9032 CoJP) that would retrieve a network-wide PSK.