Constrained Join Protocol (CoJP) for 6TiSCH
draft-ietf-6tisch-minimal-security-15
Document | Type | Active Internet-Draft (6tisch WG) | ||
---|---|---|---|---|
Authors | Mališa Vučinić , Jonathan Simon , Kris Pister , Michael Richardson | |||
Last updated | 2021-01-26 (latest revision 2019-12-10) | |||
Replaces | draft-vucinic-6tisch-minimal-security | |||
Stream | IETF | |||
Intended RFC status | Proposed Standard | |||
Formats | plain text xml pdf htmlized (tools) htmlized bibtex | |||
Reviews | ||||
Stream | WG state | Submitted to IESG for Publication | ||
Document shepherd | Pascal Thubert | |||
Shepherd write-up | Show (last changed 2019-06-21) | |||
IESG | IESG state | RFC Ed Queue | ||
Action Holders |
(None)
|
|||
Consensus Boilerplate | Yes | |||
Telechat date | ||||
Responsible AD | Suresh Krishnan | |||
Send notices to | Pascal Thubert <pthubert@cisco.com> | |||
IANA | IANA review state | Version Changed - Review Needed | ||
IANA action state | RFC-Ed-Ack | |||
RFC Editor | RFC Editor state | REF | ||
Details |
6TiSCH Working Group M. Vucinic, Ed. Internet-Draft Inria Intended status: Standards Track J. Simon Expires: June 12, 2020 Analog Devices K. Pister University of California Berkeley M. Richardson Sandelman Software Works December 10, 2019 Constrained Join Protocol (CoJP) for 6TiSCH draft-ietf-6tisch-minimal-security-15 Abstract This document describes the minimal framework required for a new device, called "pledge", to securely join a 6TiSCH (IPv6 over the TSCH mode of IEEE 802.15.4e) network. The framework requires that the pledge and the JRC (join registrar/coordinator, a central entity), share a symmetric key. How this key is provisioned is out of scope of this document. Through a single CoAP (Constrained Application Protocol) request-response exchange secured by OSCORE (Object Security for Constrained RESTful Environments), the pledge requests admission into the network and the JRC configures it with link-layer keying material and other parameters. The JRC may at any time update the parameters through another request-response exchange secured by OSCORE. This specification defines the Constrained Join Protocol and its CBOR (Concise Binary Object Representation) data structures, and describes how to configure the rest of the 6TiSCH communication stack for this join process to occur in a secure manner. Additional security mechanisms may be added on top of this minimal framework. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." Vucinic, et al. Expires June 12, 2020 [Page 1] Internet-Draft Constrained Join Protocol (CoJP) for 6TiSCH December 2019 This Internet-Draft will expire on June 12, 2020. Copyright Notice Copyright (c) 2019 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 3. Provisioning Phase . . . . . . . . . . . . . . . . . . . . . 5 4. Join Process Overview . . . . . . . . . . . . . . . . . . . . 7 4.1. Step 1 - Enhanced Beacon . . . . . . . . . . . . . . . . 8 4.2. Step 2 - Neighbor Discovery . . . . . . . . . . . . . . . 9 4.3. Step 3 - Constrained Join Protocol (CoJP) Execution . . . 9 4.4. The Special Case of the 6LBR Pledge Joining . . . . . . . 10 5. Link-layer Configuration . . . . . . . . . . . . . . . . . . 10 5.1. Distribution of Time . . . . . . . . . . . . . . . . . . 11 6. Network-layer Configuration . . . . . . . . . . . . . . . . . 12 6.1. Identification of Unauthenticated Traffic . . . . . . . . 13 7. Application-level Configuration . . . . . . . . . . . . . . . 14 7.1. Statelessness of the JP . . . . . . . . . . . . . . . . . 15 7.2. Recommended Settings . . . . . . . . . . . . . . . . . . 16 7.3. OSCORE . . . . . . . . . . . . . . . . . . . . . . . . . 16 8. Constrained Join Protocol (CoJP) . . . . . . . . . . . . . . 19 8.1. Join Exchange . . . . . . . . . . . . . . . . . . . . . . 20 8.2. Parameter Update Exchange . . . . . . . . . . . . . . . . 21 8.3. Error Handling . . . . . . . . . . . . . . . . . . . . . 23 8.4. CoJP Objects . . . . . . . . . . . . . . . . . . . . . . 25Show full document text