Hello Mališa Please see below ( I pushed the result in the repo, please let me know if we are OK now )
From: 6tisch <[email protected]> On Behalf Of Mališa Vucinic Sent: mercredi 12 décembre 2018 15:01 To: Pascal Thubert (pthubert) <[email protected]> Cc: Michael Richardson <[email protected]>; [email protected] Subject: Re: [6tisch] WGLC for https://www.ietf.org/id/draft-ietf-6tisch-architecture-17.txt Hello Pascal, Most of the resolutions to my comments look good. Couple of nits inline. Mališa [PT>] I think we need to define an entry for CoJP, similar to 6P. What about; CoJP (Constrained Join Protocol): CoJP is a one-touch join protocol defined in the Minimal Security Framework for 6TiSCH [I-D.ietf-6tisch-minimal-security]. CoJP requires the distribution of preshared keys (PSK), and enables a node to join with a single round trip to the JRC via the JP. How about: CoJP (Constrained Join Protocol): CoJP enables a pledge to securely join a 6TiSCH network by distributing network parameters over a secure channel. CoJP is defined in the Minimal Security Framework for 6TiSCH [I-D.ietf-6tisch-minimal-security]. In the minimal setup with pre-shared keys defined in [I-D.ietf-6tisch-minimal-security], CoJP allows the pledge to join the network in a single round trip exchange. [PT>] The second sentence is extraneous, correct? [PT>] what about CoJP (Constrained Join Protocol): The Constrained Join Protocol (CoJP) enables a pledge to securely join a 6TiSCH network and obtain network parameters over a secure channel. In the minimal setup with pre-shared keys defined in [I-D.ietf-6tisch-minimal-security], CoJP can operate with a single round trip exchange. ===================================================== Section 3.1: 6TiSCH Stack - add Constrained Join Protocol in the Figure above CoAP. Use “Constrained Join Protocol” instead of “Minimal Security Framework for 6TiSCH”. - Description of DTLS seems as a remnant. I would stress OSCORE here as the primacy choice with DTLS also being an option for applications. [PT>] [PT>] This gives : +--------+--------+ | CoJP | Applis | +--------+--------+--------------+-----+ | CoAP / OSCORE | 6LoWPAN ND | RPL | +-----------------+--------------+-----+ | UDP | ICMPv6 | +-----------------+--------------------+ | IPv6 | +--------------------------------------+----------------------+ | 6LoWPAN HC / 6LoRH HC | Scheduling Functions | +--------------------------------------+----------------------+ | 6top (to be IEEE Std 802.15.12) inc. 6top protocol | +-------------------------------------------------------------+ | IEEE Std 802.15.4 TSCH | +-------------------------------------------------------------+ Nit: Swap Applis and CoJP to have control plane "kind of" on the left side :-). [PT>] OK Security Considerations in WIP-19: As detailed in Section 6, a pledge that wishes to join the 6TiSCH network must participate to a join process to obtain its security keys. Nits: Replace "must participate to a join process" with "must trigger the join protocol". [PT>] OK, but “must use” then. You do not trigger a protocol, you trigger its operation. The join process can be zero-touch and leverage ANIMA procedures, as detailed in the 6tisch Zero-Touch Secure Join protocol [I-D.ietf-6tisch-dtsecurity-zerotouch-join]. Alternatively, the join process can be one-touch, in which case the pledge is provisioned with a preshared key (PSK), and uses CoJP as specified in [I-D.ietf-6tisch-minimal-security]. Proposal to replace the paragraph above with: The join protocol used in 6TiSCH is Constrained Join Protocol (CoJP). In the minimal setting defined in [I-D.ietf-6tisch-minimal-security], the authentication is based on a pre-shared key, based on which a secure session is derived. CoJP exchange may also be preceded with a zero-touch handshake [I-D.ietf-6tisch-dtsecurity-zerotouch-join] in order to enable pledge joining based on certificates and/or inter-domain communication.
_______________________________________________ 6tisch mailing list [email protected] https://www.ietf.org/mailman/listinfo/6tisch
