Constrained Join Protocol (CoJP) for 6TiSCH
Draft of message to be sent after approval:
From: The IESG <firstname.lastname@example.org> To: IETF-Announce <email@example.com> Cc: The IESG <firstname.lastname@example.org>, email@example.com, Pascal Thubert <firstname.lastname@example.org>, email@example.com, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, email@example.com Subject: Protocol Action: 'Minimal Security Framework for 6TiSCH' to Proposed Standard (draft-ietf-6tisch-minimal-security-12.txt) The IESG has approved the following document: - 'Minimal Security Framework for 6TiSCH' (draft-ietf-6tisch-minimal-security-12.txt) as Proposed Standard This document is the product of the IPv6 over the TSCH mode of IEEE 802.15.4e Working Group. The IESG contact persons are Éric Vyncke and Suresh Krishnan. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-6tisch-minimal-security/
Technical Summary This document describes a new Constrained Join Protocol (CoJP) and the associated framework required for a new device, called "pledge", to securely join a 6TiSCH network by leveraging a central server, the JRC. The framework requires that the pledge and the JRC share a symmetric key before the join process starts (pre-shared key). How this key is provisioned is out of scope of this document. Through a single CoAP request-response exchange secured by OSCORE, the pledge requests admission into the network and the JRC configures it with link-layer keying material and other parameters. Join Request and Join Response messages defined for this purpose are to be used as a generic transport based on CoAP for AKE messages between the pledge and the JRC, through a Join Proxy. This enables bidirectional communication of the pledge and the JRC, triggered by the pledge. What AKE transports within those messages is not very relevant, be it PSK, RPK or cert-authenticated DH. Once AKE completes and a shared secret is in place at the pledge and the JRC, the join exchange from this draft can take place, secured with OSCORE keys derived from the shared secret. Working Group Summary There was a controversy on OSCORE that this draft uses. OSCORE is now approved by IESG. The draft does not have a dependency on EDHOC. The chairs launched a second shorted WGLC after IETF 103. More in https://firstname.lastname@example.org/msg02875.html. Issues raised by Göran Selander are now solved in -10 More in https://email@example.com/msg02973.html Document Quality The protocol is implemented in OpenWSN. Personnel Pascal Thubert is the Document Shepherd. Suresh Krishnan is the Responsible Area Director.