Considerations for stateful vs stateless join router in ANIMA bootstrap
draft-richardson-anima-state-for-joinrouter-03

Document Type Active Internet-Draft (individual)
Author Michael Richardson 
Last updated 2020-09-22
Stream (None)
Intended RFC status (None)
Formats plain text xml pdf htmlized (tools) htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state I-D Exists
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                      M. Richardson
Internet-Draft                                                       SSW
Intended status: Informational                        September 22, 2020
Expires: March 26, 2021

Considerations for stateful vs stateless join router in ANIMA bootstrap
             draft-richardson-anima-state-for-joinrouter-03

Abstract

   This document explores a number of issues affecting the decision to
   use a stateful or stateless forwarding mechanism by the join router
   (aka join assistant) during the bootstrap process for ANIMA.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on March 26, 2021.

Copyright Notice

   Copyright (c) 2020 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Richardson               Expires March 26, 2021                 [Page 1]
Internet-Draft            anima-bootstrap-state           September 2020

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
     1.1.  Terminology . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Purpose of the Joiner Router/Join Assistant . . . . . . . . .   2
   3.  Overview of suggested methods . . . . . . . . . . . . . . . .   3
     3.1.  method 1: Circuit Proxy method  . . . . . . . . . . . . .   3
     3.2.  method 2: NAPT66 method . . . . . . . . . . . . . . . . .   3
     3.3.  method 3: HTTP Proxy method . . . . . . . . . . . . . . .   4
     3.4.  method 4: CoAP/DTLS with relay mechanism  . . . . . . . .   4
     3.5.  method 5: HTTP with IPIP tunnel . . . . . . . . . . . . .   4
     3.6.  method 6: CoAP/DTLS with IPIP tunnel  . . . . . . . . . .   5
   4.  Comparison of methods . . . . . . . . . . . . . . . . . . . .   5
     4.1.  State required on Joining Router  . . . . . . . . . . . .   6
     4.2.  Bandwidth required on Joining Router  . . . . . . . . . .   6
       4.2.1.  Bandwidth considerations in constrained networks  . .   7
     4.3.  State required on Registrar . . . . . . . . . . . . . . .   8
   5.  Security Considerations . . . . . . . . . . . . . . . . . . .   8
   6.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   8
     6.1.  Normative References  . . . . . . . . . . . . . . . . . .   8
     6.2.  Informative References  . . . . . . . . . . . . . . . . .  10
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .  10

1.  Introduction

   The [I-D.pritikin-anima-bootstrapping-keyinfra] defines a process to
   securely enroll new devices in an existing network.  It order to
   avoid providing globally reachable addresses to the prospective new
   network member, it assumes that a Join Router.  The role of this
   router is common in this kind of architecture.

1.1.  Terminology

   EAP [RFC5247], 802.1X and PANA [RFC5191] use the term Authenticator
   to refer this role.

   The Thread architecture [threadcommish] uses the term Joiner Router

   The 6tisch architecture ([I-D.ietf-6tisch-terminology]) uses the term
   JA, short for Join Assistant.

2.  Purpose of the Joiner Router/Join Assistant

   This device is one layer-2 hop from the new device.  In addition to
   whatever secured networks it might connect to, it runs a sufficiently
   unprotected network (either physical or wireless) such that a new
   device can connect at layer-2 without any specific credentials.

Richardson               Expires March 26, 2021                 [Page 2]
Internet-Draft            anima-bootstrap-state           September 2020

   The new node runs a discovery protocol as explained in
   [I-D.pritikin-anima-bootstrapping-keyinfra] to find an address for a
   registrar to which it can run the Enrollment over Secure Transport
   (EST, [RFC7030].  EST runs RESTfully over protocols such as HTTP.
Show full document text