Minimal Security Framework for 6TiSCH

The information below is for an old version of the document
Document Type None Internet-Draft (6tisch WG)
Last updated 2019-07-11 (latest revision 2019-06-13)
Replaces draft-vucinic-6tisch-minimal-security
Stream IETF
Intended RFC status Proposed Standard
Expired & archived
pdf htmlized bibtex
Additional URLs
- Mailing list discussion
Stream WG state (None)
Document shepherd Pascal Thubert
Shepherd write-up Show (last changed 2019-06-21)
IESG IESG state Unknown state
Consensus Boilerplate Yes
Telechat date
Responsible AD Suresh Krishnan
Send notices to Pascal Thubert <>

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This document describes the minimal framework required for a new device, called "pledge", to securely join a 6TiSCH (IPv6 over the TSCH mode of IEEE 802.15.4e) network. The framework requires that the pledge and the JRC (join registrar/coordinator, a central entity), share a symmetric key. How this key is provisioned is out of scope of this document. Through a single CoAP (Constrained Application Protocol) request-response exchange secured by OSCORE (Object Security for Constrained RESTful Environments), the pledge requests admission into the network and the JRC configures it with link-layer keying material and other parameters. The JRC may at any time update the parameters through another request-response exchange secured by OSCORE. This specification defines the Constrained Join Protocol and its CBOR (Concise Binary Object Representation) data structures, and configures the rest of the 6TiSCH communication stack for this join process to occur in a secure manner. Additional security mechanisms may be added on top of this minimal framework.


Mališa Vučinić (
Jonathan Simon (
Kris Pister (
Michael Richardson (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)