Technical Summary
This document describes a new Constrained Join Protocol (CoJP) and the
associated framework required for a new device, called "pledge", to
securely join a 6TiSCH network by leveraging a central server, the JRC.
The framework requires that the pledge and the JRC share a symmetric key
before the join process starts (pre-shared key). How this key is
provisioned is out of scope of this document.
Through a single CoAP request-response exchange secured by OSCORE, the
pledge requests admission into the network and the JRC configures it
with link-layer keying material and other parameters.
Join Request and Join Response messages defined for this purpose are to
be used as a generic transport based on CoAP for AKE messages between
the pledge and the JRC, through a Join Proxy. This enables bidirectional
communication of the pledge and the JRC, triggered by the pledge.
What AKE transports within those messages is not very relevant,
be it PSK, RPK or cert-authenticated DH. Once AKE completes and a
shared secret is in place at the pledge and the JRC, the join exchange
from this draft can take place, secured with OSCORE keys derived from
the shared secret.
Working Group Summary
There was a controversy on OSCORE that this draft uses. OSCORE is now
approved by IESG. The draft does not have a dependency on EDHOC.
The chairs launched a second shorted WGLC after IETF 103.
More in https://www.mail-archive.com/6tisch@ietf.org/msg02875.html.
Issues raised by Göran Selander are now solved in -10
More in https://www.mail-archive.com/6tisch@ietf.org/msg02973.html
Document Quality
The protocol is implemented in OpenWSN.
Personnel
Pascal Thubert is the Document Shepherd. Suresh Krishnan is the Responsible Area Director.