[6tisch] Progress zero-touch document

Mališa Vučinić <malisa.vucinic@inria.fr> Tue, 02 April 2019 12:55 UTC

Return-Path: <malisa.vucinic@inria.fr>
X-Original-To: 6tisch@ietfa.amsl.com
Delivered-To: 6tisch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 195D71200FF for <6tisch@ietfa.amsl.com>; Tue, 2 Apr 2019 05:55:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.921
X-Spam-Level:
X-Spam-Status: No, score=-5.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FROM_EXCESS_BASE64=0.979, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z63FmWQ1zf5d for <6tisch@ietfa.amsl.com>; Tue, 2 Apr 2019 05:55:22 -0700 (PDT)
Received: from mail3-relais-sop.national.inria.fr (mail3-relais-sop.national.inria.fr [192.134.164.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EA3681200F9 for <6tisch@ietf.org>; Tue, 2 Apr 2019 05:55:20 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="5.60,300,1549926000"; d="scan'208";a="301527427"
Received: from wifi-pro-83-211.paris.inria.fr ([128.93.83.211]) by mail3-relais-sop.national.inria.fr with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 02 Apr 2019 14:55:18 +0200
From: =?utf-8?B?TWFsacWhYSBWdcSNaW5pxIc=?= <malisa.vucinic@inria.fr>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\))
Date: Tue, 2 Apr 2019 14:55:17 +0200
Cc: 6tisch <6tisch@ietf.org>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Message-Id: <800982CD-FCE1-48AC-A4BB-0FE249685806@inria.fr>
X-Mailer: Apple Mail (2.3445.102.3)
Archived-At: <https://mailarchive.ietf.org/arch/msg/6tisch/N9vhLuLp3Gr9qXVXYhwF8WKaUpY>
Subject: [6tisch] Progress zero-touch document
X-BeenThere: 6tisch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discuss link layer model for Deterministic IPv6 over the TSCH mode of IEEE 802.15.4e, and impacts on RPL and 6LoWPAN such as resource allocation" <6tisch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tisch>, <mailto:6tisch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6tisch/>
List-Post: <mailto:6tisch@ietf.org>
List-Help: <mailto:6tisch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tisch>, <mailto:6tisch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Apr 2019 12:55:25 -0000

Michael, all,

With the EDHOC specification finally seeing progress (see [1]), it seems like a good time to restart the work on zero touch and progress the adopted working group document.

Reading the current version of draft-ietf-6tisch-dtsecurity-zerotouch-join-03, it seems that there are many options available, including the choice between DTLS and EDHOC for authentication. Many available options may pose interoperability challenges and also add unnecessary code complexity. Given that the working group decided on using OSCORE during network access [2], as well as for application purposes [3], the implementation of the 6TiSCH stack includes the CBOR/COSE primitives in the footprint, as well as the support to go through an application-layer proxy as specified in [2]. EDHOC protocol is built on these primitives, can be easily carried within messages specified in [2] for network access to go through an application-layer proxy, and is quite efficient when it comes to the encoding overhead using CBOR resulting in a small number of L2 frames to complete the key exchange. It seems as a natural way forward for the working group to focus on using EDHOC in [4].

Therefore, I would like to propose to keep track of the EDHOC progress and to work on a more streamlined zero-touch solution. Doing these changes in [4] seems to make the most sense at this point. 

What are your thoughts on this?

Mališa

[1] https://mailarchive.ietf.org/arch/msg/secdispatch/Kz_6y6Jq4HsWxglsUHafWjXIm0c
[2] https://datatracker.ietf.org/doc/draft-ietf-6tisch-minimal-security/
[3] https://datatracker.ietf.org/doc/draft-ietf-6tisch-architecture/
[4] https://datatracker.ietf.org/doc/draft-ietf-6tisch-dtsecurity-zerotouch-join/