Thanks Pascal, looks good! Mališa
On Wed, Dec 12, 2018 at 1:51 PM Pascal Thubert (pthubert) < [email protected]> wrote: > Hello Mališa > > > > Please see below ( I pushed the result in the repo, please let me know if > we are OK now ) > > > > *From:* 6tisch <[email protected]> *On Behalf Of *Mališa Vucinic > *Sent:* mercredi 12 décembre 2018 15:01 > > > *To:* Pascal Thubert (pthubert) <[email protected]> > > *Cc:* Michael Richardson <[email protected]>; [email protected] > > > *Subject:* Re: [6tisch] WGLC for > https://www.ietf.org/id/draft-ietf-6tisch-architecture-17.txt > > > > Hello Pascal, > > > > Most of the resolutions to my comments look good. Couple of nits inline. > > > > Mališa > > > > *[PT>] *I think we need to define an entry for CoJP, similar to 6P. What > about; > > CoJP (Constrained Join Protocol): CoJP is a one-touch join protocol > > defined in the Minimal Security Framework for 6TiSCH > > [I-D.ietf-6tisch-minimal-security]. CoJP requires the > > distribution of preshared keys (PSK), and enables a node > > to join with a single round trip to the JRC via the JP. > > > > How about: > > CoJP (Constrained Join Protocol): CoJP enables a pledge to securely join a > 6TiSCH network by distributing network parameters over a secure channel. > CoJP is defined in the Minimal Security Framework for 6TiSCH > [I-D.ietf-6tisch-minimal-security]. In the minimal setup with pre-shared > keys defined in [I-D.ietf-6tisch-minimal-security], CoJP allows the pledge > to join the network in a single round trip exchange. > > *[PT>] * > > *The second sentence is extraneous, correct?* > > *[PT>] what about* > > > > CoJP (Constrained Join Protocol): The Constrained Join Protocol > > (CoJP) enables a pledge to securely join a 6TiSCH network > > and obtain network parameters over a secure channel. In > > the minimal setup with pre-shared keys defined in > > [I-D.ietf-6tisch-minimal-security], CoJP can operate with > > a single round trip exchange. > > > > ===================================================== > > Section 3.1: 6TiSCH Stack > > > - add Constrained Join Protocol in the Figure above CoAP. Use “Constrained > Join Protocol” instead of “Minimal Security Framework for 6TiSCH”. > > - Description of DTLS seems as a remnant. I would stress OSCORE here as > the primacy choice with DTLS also being an option for applications. > > *[PT>] * > > *[PT>] *This gives : > > > > +--------+--------+ > > | CoJP | Applis | > > +--------+--------+--------------+-----+ > > | CoAP / OSCORE | 6LoWPAN ND | RPL | > > +-----------------+--------------+-----+ > > | UDP | ICMPv6 | > > +-----------------+--------------------+ > > | IPv6 | > > +--------------------------------------+----------------------+ > > | 6LoWPAN HC / 6LoRH HC | Scheduling Functions | > > +--------------------------------------+----------------------+ > > | 6top (to be IEEE Std 802.15.12) inc. 6top protocol | > > +-------------------------------------------------------------+ > > | IEEE Std 802.15.4 TSCH | > > +-------------------------------------------------------------+ > > > > Nit: Swap Applis and CoJP to have control plane "kind of" on the left side > :-). > > > > *[PT>] OK* > > > > Security Considerations in WIP-19: > > As detailed in Section 6, a pledge that wishes to join the 6TiSCH > > network must participate to a join process to obtain its security > > keys. > > > > Nits: Replace "must participate to a join process" with "must trigger the > join protocol". > > *[PT>] * > > *OK, but “must use” then. You do not trigger a protocol, you trigger its > operation.* > > > > The join process can be zero-touch and leverage ANIMA procedures, as > > detailed in the 6tisch Zero-Touch Secure Join protocol > > [I-D.ietf-6tisch-dtsecurity-zerotouch-join]. > > Alternatively, the join process can be one-touch, in which case the > > pledge is provisioned with a preshared key (PSK), and uses CoJP as > > specified in [I-D.ietf-6tisch-minimal-security]. > > > > Proposal to replace the paragraph above with: > > > > The join protocol used in 6TiSCH is Constrained Join Protocol (CoJP). In > the minimal setting defined in [I-D.ietf-6tisch-minimal-security], the > authentication is based on a pre-shared key, based on which a secure > session is derived. CoJP exchange may also be preceded with a zero-touch > handshake [I-D.ietf-6tisch-dtsecurity-zerotouch-join] in order to enable > pledge joining based on certificates and/or inter-domain communication. >
_______________________________________________ 6tisch mailing list [email protected] https://www.ietf.org/mailman/listinfo/6tisch
