IETF Logo Mail Archive

[6tisch] 6tisch join requirements for 6top

Michael Richardson <mcr+ietf@sandelman.ca> Mon, 17 November 2014 19:42 UTC

Return-Path: <mcr@sandelman.ca>
X-Original-To: 6tisch@ietfa.amsl.com
Delivered-To: 6tisch@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 693071A1B65 for <6tisch@ietfa.amsl.com>; Mon, 17 Nov 2014 11:42:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.895
X-Spam-Level:
X-Spam-Status: No, score=-1.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_51=0.6, RP_MATCHES_RCVD=-0.594, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hituw3SxqQAU for <6tisch@ietfa.amsl.com>; Mon, 17 Nov 2014 11:42:31 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EC3B11A1B60 for <6tisch@ietf.org>; Mon, 17 Nov 2014 11:42:30 -0800 (PST)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id EB44220012; Mon, 17 Nov 2014 14:44:54 -0500 (EST)
Received: by sandelman.ca (Postfix, from userid 179) id 74A78637F5; Mon, 17 Nov 2014 14:42:29 -0500 (EST)
Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id 5A96863745; Mon, 17 Nov 2014 14:42:29 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: "Raghuram Sudhaakar (rsudhaak)" <rsudhaak@cisco.com>, "6tisch@ietf.org" <6tisch@ietf.org>
In-Reply-To: <CADJ9OA_LFkGDuyG_0bf=07d7cvC9FNRr5cMGTmYw2PR=g9XQHA@mail.gmail.com>
References: <D0876D12.C03C%rsudhaak@cisco.com> <32412.1415737868@sandelman.ca> <D087B62D.C081%rsudhaak@cisco.com> <10653.1415740821@sandelman.ca> <CADJ9OA_LFkGDuyG_0bf=07d7cvC9FNRr5cMGTmYw2PR=g9XQHA@mail.gmail.com>
X-Mailer: MH-E 8.2; nmh 1.3-dev; GNU Emacs 23.4.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha1"; protocol="application/pgp-signature"
Date: Mon, 17 Nov 2014 14:42:29 -0500
Message-ID: <8193.1416253349@sandelman.ca>
Sender: mcr@sandelman.ca
Archived-At: http://mailarchive.ietf.org/arch/msg/6tisch/rPi-gX7izTX4B1Pd6wVvMtEiLHI
Cc: Robert Moskowitz <rgm@htt-consult.com>, Tero Kivinen <kivinen@iki.fi>
Subject: [6tisch] 6tisch join requirements for 6top
X-BeenThere: 6tisch@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discuss link layer model for Deterministic IPv6 over the TSCH mode of IEEE 802.15.4e, and impacts on RPL and 6LoWPAN such as resource allocation" <6tisch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tisch>, <mailto:6tisch-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/6tisch/>
List-Post: <mailto:6tisch@ietf.org>
List-Help: <mailto:6tisch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tisch>, <mailto:6tisch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Nov 2014 19:42:33 -0000

These are the things that we need to have for the 6top interface for joining.
While some craters have shown up in the architecture, some of the details are
still very solid. I am interested in making the terminology clearer and I
imagine that we have to have some IANA Considerations.
I hope to learn to write these things down in YANG.

joining node interface:
1) an enum (registry) saying what kind of network security is to be used.
   a) NO_SECURITY = 0 
   b) network-wide MIC/key, to be used directly.
   c) a network-wide "PSK", to be used with 802.15.9 mode DTLS (DHE_PSK),
      unclear to me how broadcast/multicasts are keyed,I hope to read
      the 15.9 documents.
   d) a network-wide "PSK", to be used with 802.15.9 mode IKEv2
       (Shared key message integrity code. ditto about broadcast)
   f) a PK method: to be used with 802.15.9 mode DTLS (ECDSA),
   g) a PK method: to be used with 802.15.9 mode IKEv2 (ECDSA)
      I thought that 7296 would have rolled in the signature-auth work.
      I want to specify the ECDSA authentication methods.
   h) ditto above, s/IKEv2/HIP/
   i) perhaps a code for using draft-piro-6tisch-security-issues-02 
   -- I'm unclear how MLE works at this point.

2) a space for an ECDSA PKIX certificate.  from 6top's point of view, this is
   around 300 opaque bytes.  We should be transfering DER, not base64 encoded
   certificates!
3) a way to indicate if (2) replaces the devices' IDevID, or if it is in fact
   the LDevID.   From a RESTful point of view, it would be best if a POST
   to (2) returned the URI of the new certificate. It could be a FIFO
   (so the oldest certificate gets silently dropped), or it could be an error
   if the device is full.
   That same RESTful view would then want to get a list of certificates, 
   with the IDevID one being listed, and one could delete it explicitely.

4) for the PSK methods, a place to put the PSK. An opaque space of around 
   128 ytes. Again, we should return a URI, and be able to list them.
   we might not want to support GET on this resource.

5) the PANID of the production network
6) "GO" flag.
   A way to tell the device that provisioning is over, and it should 
   probably restart and join the real network with the real credentials.
   
======= Join Assistant

7) a toggle which enables a node to become a join assistant.
   This might return an error if the node is incapable or unwilling to do
   that.

8) a ULA to use to announce in the RA for joining nodes.  So
   128bits+prefixlen.  A device with multiple interfaces should configure
   different 64-bit prefixes.  

9) some details about the enhanced beacon the join ssistant should transmit, 
   which I am not qualified to specify.
10) the well-known beacon key to use for the join network. (Defaulting to
   "6TISCHJOIN") 
11) the address of the JCE, for the ACL about who can contact joining nodes.

-- 
]               Never tell me the odds!                 | ipv6 mesh networks [ 
]   Michael Richardson, Sandelman Software Works        | network architect  [ 
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [

v2.23.0 | Report a Bug | By Email