- edited description
When rekeying, add delay before removing old keys
Tag: WGLC
Tero Kivinen wrote:
Upon reception and successful security processing of a link-layer frame secured with a key from the new key set, a non-6LBR node MUST remove any old keys it has installed from the previous key set.
I think it would be better to wait for a while before deleting the old set, but immediately move to use the new set for transmissions. I.e., we might have node B and C, which both have old and new keys, their parent A sends an EB with new keys out, but node C is not able to receive it correctly. Now if C wants to send frame to A or B, it will still be using old key as it has not yet seen any new frames. Both A and B will throw that frame out as it is using old key. If this would be changed to say that "node MUST remove any old keys after delay of N seconds" (or delay of N slotframes or whatever).
Comments (2)
-
reporter -
reporter - changed status to resolved
Fix Issue
#51: Add REKEYING_GUARD_TIME before removing old keys.→ <<cset ff43a725c8dd>>
- Log in to comment