Dear Roman Danyliw, Thanks for your review in advance.
The spec, NAP 1.0 describes the basic mechanism (i.e., mechanisms for cryptographically authenticated NFC connections) for applications needing an authentication and/or a secured data transfer. NAP 1.0 supports three mechanisms: (1) Establishment of a secure channel between two NFC devices to prevent eavesdropping. (2) The authentication process allows NFC devices to build up trust with each other for NFC communication. (3) The bonding process allows two NFC devices to be paired together and establish a common secret key during a registration phase. LLCP 1.4 uses NAP 1.0 for secure data transfer, replacing parts of the secure data transfer defined by LLCP 1.3 specification. I am sorry that it is not easy to provide NAP 1.0 spec at the moment. It is available in a charge for access that on the NFC forum website.. (here <https://members.nfc-forum.org/apps/group_public/document.php?document_id=39278>) Best regards, Younghwan Choi ----------------------------------------------- YOUNGHWAN CHOI, Ph.D. Principal Researcher, PEC, ETRI Tel +82-42-860-1429 Fax +82-42-860-5404 Email y...@etri.re.kr > On Dec 28, 2022, at 11:59 PM, Roman Danyliw via Datatracker > <nore...@ietf.org> wrote: > > Roman Danyliw has entered the following ballot position for > draft-ietf-6lo-nfc-19: Discuss > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to > https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ > for more information about how to handle DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-6lo-nfc/ > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > (Preliminary ballot from an incomplete review of the document, but shared here > for early awareness) > > Multiple prior DISCUSes were filed on the basis of concerns that the base > normative references were not available. In response, the "NFC LLC v1.4" > specification was shared. However, it appears additional normative references > are needed to evaluate the security claims of the protocol (NFC LLC v1.4). > > Section 7 of this I-D says: > > Ad-hoc secure data transfer can be established between two > communication parties without any prior knowledge of the > communication partner. Ad-hoc secure data transfer can be vulnerable > to Man-In-The-Middle (MITM) attacks. Authenticated secure data > transfer provides protection against Man-In-The-Middle (MITM) > attacks. In the initial bonding step, the two communicating parties > store a shared secret along with a Bonding Identifier. For all > subsequent interactions, the communicating parties re-use the shared > secret and compute only the unique encryption key for that session. > Secure data transfer is based on the cryptographic algorithms defined > in the NFC Authentication Protocol (NAP). > > This text is a cut-and-paste verbatim from Section 3.2.5 of NFC Forum LLC > specification previously shared as part of the last telechat. However the NAP > is defined in yet another NFC Forum document. How does one access that? >
_______________________________________________ 6lo mailing list 6lo@ietf.org https://www.ietf.org/mailman/listinfo/6lo
