Re: [6tisch] xxx-bootstrap

Göran Selander <> Fri, 02 December 2016 15:13 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 3A55612948A for <>; Fri, 2 Dec 2016 07:13:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.221
X-Spam-Status: No, score=-4.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id wy3kI3XTPuNo for <>; Fri, 2 Dec 2016 07:13:12 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 0C7F01294B4 for <>; Fri, 2 Dec 2016 07:13:11 -0800 (PST)
X-AuditID: c1b4fb25-ec9d598000007ee2-a2-58418f86ca1a
Received: from (Unknown_Domain []) by (Symantec Mail Security) with SMTP id A9.77.32482.68F81485; Fri, 2 Dec 2016 16:13:10 +0100 (CET)
Received: from ([]) by ([]) with mapi id 14.03.0319.002; Fri, 2 Dec 2016 16:12:44 +0100
From: Göran Selander <>
To: "" <>, Michael Richardson <>
Thread-Topic: [6tisch] xxx-bootstrap
Thread-Index: AQHSSuDPU1xNoBfYBUWdkIQa1WBi/qDyKnSAgACSKYCAAgqwgA==
Date: Fri, 02 Dec 2016 15:12:44 +0000
Message-ID: <>
References: <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
user-agent: Microsoft-MacOutlook/
x-originating-ip: []
Content-Type: text/plain; charset="utf-8"
Content-ID: <>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrCIsWRmVeSWpSXmKPExsUyM2K7lm5bv2OEwaT3ghbL7vYxWzzav4rN oudQP7vFksOLGB1YPJYs+cnkceDAbiaPljl7mD1ONGxnD2CJ4rJJSc3JLEst0rdL4Mr4d/MU U8ETwYpD+0+zNzCuEOxi5OSQEDCROD3lOXsXIxeHkMA6RonO1pMsEM5iRol7HRtZQarYBFwk HjQ8YgKxRQRyJd61zGEHsZkF3CUePfrIAmILCyhLnLy6mQ2iRkXi9vRdjBC2k0TPjilgNgtQ fNLFNrBeXgELidnf3kAtm8Ao8WRiM9gyTgFLiee9HWCDGAXEJL6fWsMEsUxc4taT+UwQZwtI LNlznhnCFpV4+fgfWK+ogJ7E7CkN7BBxJYnGJU+A4hxAvZoS63fpQ4yxlthw8wkLhK0oMaX7 IdQ9ghInZz5hmcAoPgvJtlkI3bOQdM9C0j0LSfcCRtZVjKLFqcVJuelGxnqpRZnJxcX5eXp5 qSWbGIFxeXDLb9UdjJffOB5iFOBgVOLhLehxjBBiTSwrrsw9xCjBwawkwuvcDRTiTUmsrEot yo8vKs1JLT7EKM3BoiTOa7byfriQQHpiSWp2ampBahFMlomDU6qB0VQkkePHtEe2h3Z1hB83 CAtyzuNaIz71qOucj9NUF89UOef5vrPYVFEs7+Lt9O03nnp+l68/XfpAYWfzd+3ejFaP+d7r tyZvOLIgouTOy8PhwbUWW3avenT/havYlT1q0zvmLvvP/GDWhcZTP8+HT3wkNdHVbvXbkhz7 L7tnM/RN75309KBGVZ8SS3FGoqEWc1FxIgCz4VLUxwIAAA==
Archived-At: <>
Cc: 6tisch <>, sandeep kumar <>
Subject: Re: [6tisch] xxx-bootstrap
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Discuss link layer model for Deterministic IPv6 over the TSCH mode of IEEE 802.15.4e, and impacts on RPL and 6LoWPAN such as resource allocation" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 02 Dec 2016 15:13:14 -0000

Hi Peter,

On 2016-12-01 10:01, "6tisch on behalf of peter van der Stok"
< on behalf of> wrote:

>I am not sure about understanding EDHOC, but may be that is not

EDHOC is a key exchange protocol, analogous to the TLS handshake, but with
less features. It allows authentication based on pre-shared keys, raw
public keys or X.509 certificates. The protocol messages are encoded in
CBOR and using COSE, and not bound to a specific protocol layer. The EDHOC
protocol messages may be carried with CoAP and this has two advantages:

- EDHOC can be run between JN and JCE without the JN and JCE knowing each
others IP addresses using the same construction as with OSCOAP end-to-end
in the minimal security draft.

- CoAP and COSE are used both by OSCOAP and EDHOC, and the additional code
footprint for EDHOC will be small.

If you are interested in a simple lightweight enrolment protocol, EDHOC
and OSCOAP may be used for that. For authentication of enrolment using
e.g. manufacturer certificates, you may run EDHOC and OSCOAP in sequence
and carry the PKCS#10 in the OSCOAP request and the certificate issued
with the OSCOAP response, in total 2 round-trips (not considering
additional messages for delayed responses, CoAP response code 2.06 etc.).
For PSK authenticated enrolment it may suffice with one round-trip, the
OSCOAP request/response. These examples are JN-initiated, but similar
setup is possible for the JCE-initiated variant.

Note that this would not at all be as elaborate as the anima work, but
just as a comparison.

Have a nice week-end!