Hello Pascal, Most of the resolutions to my comments look good. Couple of nits inline.
Mališa *[PT>] *I think we need to define an entry for CoJP, similar to 6P. What > about; > > CoJP (Constrained Join Protocol): CoJP is a one-touch join protocol > > defined in the Minimal Security Framework for 6TiSCH > > [I-D.ietf-6tisch-minimal-security]. CoJP requires the > > distribution of preshared keys (PSK), and enables a node > > to join with a single round trip to the JRC via the JP. > > How about: CoJP (Constrained Join Protocol): CoJP enables a pledge to securely join a 6TiSCH network by distributing network parameters over a secure channel. CoJP is defined in the Minimal Security Framework for 6TiSCH [I-D.ietf-6tisch-minimal-security]. In the minimal setup with pre-shared keys defined in [I-D.ietf-6tisch-minimal-security], CoJP allows the pledge to join the network in a single round trip exchange. ===================================================== > > Section 3.1: 6TiSCH Stack > > > - add Constrained Join Protocol in the Figure above CoAP. Use “Constrained > Join Protocol” instead of “Minimal Security Framework for 6TiSCH”. > > - Description of DTLS seems as a remnant. I would stress OSCORE here as > the primacy choice with DTLS also being an option for applications. > > *[PT>] * > > *[PT>] *This gives : > > > > +--------+--------+ > > | CoJP | Applis | > > +--------+--------+--------------+-----+ > > | CoAP / OSCORE | 6LoWPAN ND | RPL | > > +-----------------+--------------+-----+ > > | UDP | ICMPv6 | > > +-----------------+--------------------+ > > | IPv6 | > > +--------------------------------------+----------------------+ > > | 6LoWPAN HC / 6LoRH HC | Scheduling Functions | > > +--------------------------------------+----------------------+ > > | 6top (to be IEEE Std 802.15.12) inc. 6top protocol | > > +-------------------------------------------------------------+ > > | IEEE Std 802.15.4 TSCH | > > +-------------------------------------------------------------+ > > Nit: Swap Applis and CoJP to have control plane "kind of" on the left side :-). Security Considerations in WIP-19: > As detailed in Section 6, a pledge that wishes to join the 6TiSCH > > network must participate to a join process to obtain its security > > keys. > > Nits: Replace "must participate to a join process" with "must trigger the join protocol". > The join process can be zero-touch and leverage ANIMA procedures, as > > detailed in the 6tisch Zero-Touch Secure Join protocol > > [I-D.ietf-6tisch-dtsecurity-zerotouch-join]. > > Alternatively, the join process can be one-touch, in which case the > > pledge is provisioned with a preshared key (PSK), and uses CoJP as > > specified in [I-D.ietf-6tisch-minimal-security]. > > Proposal to replace the paragraph above with: The join protocol used in 6TiSCH is Constrained Join Protocol (CoJP). In the minimal setting defined in [I-D.ietf-6tisch-minimal-security], the authentication is based on a pre-shared key, based on which a secure session is derived. CoJP exchange may also be preceded with a zero-touch handshake [I-D.ietf-6tisch-dtsecurity-zerotouch-join] in order to enable pledge joining based on certificates and/or inter-domain communication.
_______________________________________________ 6tisch mailing list 6tisch@ietf.org https://www.ietf.org/mailman/listinfo/6tisch