Constrained Join Protocol (CoJP) for 6TiSCH
draft-ietf-6tisch-minimal-security-15

Approval announcement
Draft of message to be sent after approval:

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: The IESG <iesg@ietf.org>, pthubert@cisco.com, Pascal Thubert <pthubert@cisco.com>, 6tisch-chairs@ietf.org, 6tisch@ietf.org, draft-ietf-6tisch-minimal-security@ietf.org, suresh@kaloom.com, rfc-editor@rfc-editor.org
Subject: Protocol Action: 'Minimal Security Framework for 6TiSCH' to Proposed Standard (draft-ietf-6tisch-minimal-security-12.txt)

The IESG has approved the following document:
- 'Minimal Security Framework for 6TiSCH'
  (draft-ietf-6tisch-minimal-security-12.txt) as Proposed Standard

This document is the product of the IPv6 over the TSCH mode of IEEE 802.15.4e
Working Group.

The IESG contact persons are Éric Vyncke and Suresh Krishnan.

A URL of this Internet Draft is:
https://datatracker.ietf.org/doc/draft-ietf-6tisch-minimal-security/


Technical Summary

   This document describes a new Constrained Join Protocol (CoJP) and the
   associated framework required for a new device, called "pledge", to
   securely join a 6TiSCH network by leveraging a central server, the JRC.
   The framework requires that the pledge and the JRC share a symmetric key
   before the join process starts (pre-shared key). How this key is
   provisioned is out of scope of this document.  
   
   Through a single CoAP request-response exchange secured by OSCORE, the
   pledge requests admission into the network and the JRC configures it
   with link-layer keying material and other parameters. 
   
   Join Request and Join Response messages defined for this purpose are to
   be used as a generic transport based on CoAP for AKE messages between
   the pledge and the JRC, through a Join Proxy. This enables bidirectional
   communication of the pledge and the JRC, triggered by the pledge. 
   
   What AKE transports within those messages is not very relevant,
   be it PSK, RPK or cert-authenticated DH. Once AKE completes and a
   shared secret is in place at the pledge and the JRC, the join exchange
   from this draft can take place, secured with OSCORE keys derived from
   the shared secret.

Working Group Summary

   There was a controversy on OSCORE that this draft uses. OSCORE is now
   approved by IESG. The draft does not have a dependency on EDHOC.
   The chairs launched a second shorted WGLC after IETF 103.
   More in https://www.mail-archive.com/6tisch@ietf.org/msg02875.html.
   Issues raised by Göran Selander are now solved in -10
   More in https://www.mail-archive.com/6tisch@ietf.org/msg02973.html

Document Quality

  The protocol is implemented in OpenWSN.

Personnel

  Pascal Thubert is the Document Shepherd. Suresh Krishnan is the Responsible Area Director.