[6tisch-security] 6lo-ra-in-ie becoming
Michael Richardson <mcr+ietf@sandelman.ca> Wed, 08 February 2017 19:32 UTC
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: 6tisch-security@ietfa.amsl.com
Delivered-To: 6tisch-security@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8609A129FC6; Wed, 8 Feb 2017 11:32:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mGvvLvU9_R87; Wed, 8 Feb 2017 11:32:52 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A1BD8129418; Wed, 8 Feb 2017 11:32:52 -0800 (PST)
Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id 7CE3D203AE; Wed, 8 Feb 2017 14:53:57 -0500 (EST)
Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 7EDE7636BB; Wed, 8 Feb 2017 14:32:51 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
to: 6tisch@ietf.org
In-Reply-To: <855.1482509287@obiwan.sandelman.ca>
References: <CADJ9OA_nwTeS+nz0+EhNk0pK2QROUHSB3+rMH1NXE9FzvAo5aw@mail.gmail.com> <14596.1479347046@dooku.sandelman.ca> <CADJ9OA95p+MfZMZFkjqDK9VOpWDun3jX_3a-dqROKhuGStkP8g@mail.gmail.com> <360614422818437292b671f00cb498d3@XCH-RCD-001.cisco.com> <855.1482509287@obiwan.sandelman.ca>
X-Mailer: MH-E 8.6; nmh 1.6+dev; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Date: Wed, 08 Feb 2017 14:32:51 -0500
Message-ID: <16477.1486582371@obiwan.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/6tisch-security/jfY8IrYaNwk4NKR808YYJLUchLs>
Cc: 6tisch-security@ietf.org, 6lo@ietf.org
Subject: [6tisch-security] 6lo-ra-in-ie becoming
X-BeenThere: 6tisch-security@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: 6tisch@ietf.org
List-Id: Extended Design Team for 6TiSCH security architecture <6tisch-security.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tisch-security>, <mailto:6tisch-security-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6tisch-security/>
List-Post: <mailto:6tisch-security@ietf.org>
List-Help: <mailto:6tisch-security-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tisch-security>, <mailto:6tisch-security-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Feb 2017 19:32:54 -0000
{6lo is CC'ed to close this question up, but Reply-To: set to 6tisch, as
there isn't anything that is not 6tisch specific left at this point}
I have just posted: draft-richardson-6tisch-join-enhanced-beacon
https://datatracker.ietf.org/doc/draft-richardson-6tisch-join-enhanced-beacon/
The diff isn't very interesting, as it's mostly a forklift upgrade.
This is the result of ongoing discussion to make the zero-touch and one-touch
join processes work together, and to achieve a level of interoperation such
that a zero-touch capable device, which has received a one-touch, could
actually recognize that it needs to do zero-touch.
Further, we are trying to accomodate both one-touch and zero-touch bootstrap
using both pledge initiated communications (the one-touch preference), and
Join Registrar/Coordinator initiated communications. The network shall know
which way it will operate, and the network will announce this in the proposed
enhanced beacon. (ENHANCED. I hope I stamped out all the occurances of that
other E-word, which I will not write here)
This text could go into 6tisch-minimal-security, or it could be a seperate
document. It would have been nice to put it into 6tisch-minimal; but I
sure hope that ship has sailed. Maybe it should Update that?
The R flag is for host-operation of nodes which would otherwise want to
listen for a multicast Router-Advertisement, or initiate one with a multicast
RS. It is hard for me to construct a scenario where the R bit would be zero,
and yet the device is alive enough that it thinks it ought to send beacons.
It could be that some networks do not wish to support attachment of leaf
nodes to all routers though. {previous paragraph probably belongs in document?}
The core is:
1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| TBD-XXX |J|I|R| R E S V | network ID |
+-+-+-+-+-+-+-+-+-+-+-+---------+ |
| network ID |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| network ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
J
: the Join Proxy flag is set if the sending node will operate as a Join Proxy
according to {{I-D.ietf-6tisch-minimal-security}}.
I
: the Initiate Join flag is set if this network supports pledges initiating the
join process themselves according to {{I-D.ietf-6tisch-minimal-security}}. If not set, then the pledge
should do an NS DAD operation ({{RFC6775}} section 4.3, explained in {{I-D.ietf-6tisch-dtsecurity-secure-join}}) and then remain silent, to wait to be contacted.
R
: the Router Advertisement flag is set if the sending node will act as a Router for host-only nodes that need addressing via unicast Router Solicitation messages.
network ID
: this is an opaque 16-byte identifier that uniquely identifies this network,
potentially among many networks that are operating in the same frequencies
in overlapping physical space.
In a 6tisch network, where RPL is used as the mesh routing protocol, the
network ID SHOULD be constructed from a SHA256 hash of the DODAGID of the
network. The result will be a 32-byte hash, and the lower 16-bytes should be
used.
{oh. I show only 8 bytes of network-ID in the picture. Oops. I will grow the
diagram}
--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
-= IPv6 IoT consulting =-
- [6tisch-security] 6lo-ra-in-ie becoming Michael Richardson