All, I have just submitted a new version of the minimal-security draft. We will be asking for WGLC on this version in London.
Changelog: - Introduced tagging of join traffic. This resolution mitigates the vulnerability where the attacker could inject join requests in the network and intermediate nodes would allocate bandwidth as the network uses distributed scheduling. - Introduced payload for join requests, carrying the PAN ID. In order to enable a JRC that manages multiple networks, the JRC needs to know which network a given pledge is attempting to join in order to hand out the correct keys. - Editorial reshuffling, reorganization and clarifications throughout. Encompassed the join request-response exchange defined in the document as the “6TiSCH Join Protocol (6JP)”. Looking forward to discussing minimal-security at the meeting. Regards, Mališa > On 5 Mar 2018, at 19:46, [email protected] wrote: > > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the IPv6 over the TSCH mode of IEEE 802.15.4e WG > of the IETF. > > Title : Minimal Security Framework for 6TiSCH > Authors : Malisa Vucinic > Jonathan Simon > Kris Pister > Michael Richardson > Filename : draft-ietf-6tisch-minimal-security-05.txt > Pages : 28 > Date : 2018-03-05 > > Abstract: > This document describes the minimal framework required for a new > device, called "pledge", to securely join a 6TiSCH (IPv6 over the > TSCH mode of IEEE 802.15.4e) network. The framework requires that > the pledge and the JRC (join registrar/coordinator, a central > entity), share a symmetric key. How this key is provisioned is out > of scope of this document. Through a single CoAP (Constrained > Application Protocol) request-response exchange secured by OSCORE > (Object Security for Constrained RESTful Environments), the pledge > requests admission into the network and the JRC configures it with > link-layer keying material and a short link-layer address. This > specification defines the message format, a new Stateless-Proxy CoAP > option, and configures the rest of the 6TiSCH communication stack for > this join process to occur in a secure manner. Additional security > mechanisms may be added on top of this minimal framework. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-6tisch-minimal-security/ > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-ietf-6tisch-minimal-security-05 > https://datatracker.ietf.org/doc/html/draft-ietf-6tisch-minimal-security-05 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-6tisch-minimal-security-05 > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > 6tisch mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/6tisch _______________________________________________ 6tisch mailing list [email protected] https://www.ietf.org/mailman/listinfo/6tisch
