draft-ietf-6tisch-enrollment-enhanced-beacon-14.txt   rfc9032.txt 
6tisch Working Group D. Dujovne Internet Engineering Task Force (IETF) D. Dujovne, Ed.
Internet-Draft Universidad Diego Portales Request for Comments: 9032 Universidad Diego Portales
Intended status: Standards Track M. Richardson Category: Standards Track M. Richardson
Expires: 24 August 2020 Sandelman Software Works ISSN: 2070-1721 Sandelman Software Works
21 February 2020 May 2021
IEEE 802.15.4 Information Element encapsulation of 6TiSCH Join and Encapsulation of 6TiSCH Join and Enrollment Information Elements
Enrollment Information
draft-ietf-6tisch-enrollment-enhanced-beacon-14
Abstract Abstract
In TSCH mode of IEEE STD 802.15.4, opportunities for broadcasts are In the Time-Slotted Channel Hopping (TSCH) mode of IEEE Std 802.15.4,
limited to specific times and specific channels. Routers in a Time- opportunities for broadcasts are limited to specific times and
Slotted Channel Hopping (TSCH) network transmit Enhanced Beacon (EB) specific channels. Routers in a TSCH network transmit Enhanced
frames to announce the presence of the network. This document Beacon (EB) frames to announce the presence of the network. This
provides a mechanism by which additional information critical for new document provides a mechanism by which additional information
nodes (pledges) and long sleeping nodes may be carried within the critical for new nodes (pledges) and long-sleeping nodes may be
Enhanced Beacon in order to conserve use of broadcast opportunities. carried within the EB in order to conserve use of broadcast
opportunities.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This is an Internet Standards Track document.
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months This document is a product of the Internet Engineering Task Force
and may be updated, replaced, or obsoleted by other documents at any (IETF). It represents the consensus of the IETF community. It has
time. It is inappropriate to use Internet-Drafts as reference received public review and has been approved for publication by the
material or to cite them other than as "work in progress." Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 7841.
This Internet-Draft will expire on 24 August 2020. Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
https://www.rfc-editor.org/info/rfc9032.
Copyright Notice Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the Copyright (c) 2021 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/ Provisions Relating to IETF Documents
license-info) in effect on the date of publication of this document. (https://trustee.ietf.org/license-info) in effect on the date of
Please review these documents carefully, as they describe your rights publication of this document. Please review these documents
and restrictions with respect to this document. Code Components carefully, as they describe your rights and restrictions with respect
extracted from this document must include Simplified BSD License text to this document. Code Components extracted from this document must
as described in Section 4.e of the Trust Legal Provisions and are include Simplified BSD License text as described in Section 4.e of
provided without warranty as described in the Simplified BSD License. the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction
1.1. Use of BCP 14 Terminology . . . . . . . . . . . . . . . . 2 1.1. Terminology
1.2. Layer-2 Synchronization . . . . . . . . . . . . . . . . . 3 1.2. Layer 2 Synchronization
1.3. Layer-3 synchronization: IPv6 Router Solicitations and 1.3. Layer 3 Synchronization: IPv6 Router Solicitations and
Advertisements . . . . . . . . . . . . . . . . . . . . . 3 Advertisements
1.4. Layer-2 Selection . . . . . . . . . . . . . . . . . . . . 4 1.4. Layer 2 Selection
2. Protocol Definition . . . . . . . . . . . . . . . . . . . . . 5 2. Protocol Definition
3. Security Considerations . . . . . . . . . . . . . . . . . . . 8 3. Security Considerations
4. Privacy Considerations . . . . . . . . . . . . . . . . . . . 9 4. Privacy Considerations
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 5. IANA Considerations
6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 9 6. References
7. References . . . . . . . . . . . . . . . . . . . . . . . . . 9 6.1. Normative References
7.1. Normative References . . . . . . . . . . . . . . . . . . 9 6.2. Informative References
7.2. Informative References . . . . . . . . . . . . . . . . . 10 Acknowledgments
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 11 Authors' Addresses
1. Introduction 1. Introduction
[RFC7554] describes the use of the Time-Slotted Channel Hopping [RFC7554] describes the use of the Time-Slotted Channel Hopping
(TSCH) mode of [ieee802154]. (TSCH) mode of [IEEE.802.15.4].
In TSCH mode of IEEE STD 802.15.4, opportunities for broadcasts are In TSCH mode of IEEE Std 802.15.4, opportunities for broadcasts are
limited to specific times and specific channels. Routers in a Time- limited to specific times and specific channels. Routers in a TSCH
Slotted Channel Hopping (TSCH) network transmit Enhanced Beacon (EB) network transmit Enhanced Beacon (EB) frames during broadcast slots
frames during broadcast slots in order to announce the time and in order to announce the time and channel schedule.
channel schedule.
This document defines a new IETF Information Element (IE) subtype to This document defines a new IETF Information Element (IE) subtype to
place into the Enhanced Beacon (EB) to provide join and enrollment place into the EB to provide join and enrollment information to
information to prospective pledges in a more efficient way. prospective pledges in a more efficient way.
The following sub-sections explain the problem being solved, which The following subsections explain the problem being solved, which
justify carrying the join and enrollement information in the EB. justifies carrying the join and enrollment information in the EB.
1.1. Use of BCP 14 Terminology 1.1. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in "OPTIONAL" in this document are to be interpreted as described in
BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here. capitals, as shown here.
Other terminology can be found in [I-D.ietf-6tisch-architecture] in Other terminology can be found in Section 2.1 of [RFC9030].
section 2.1.
1.2. Layer-2 Synchronization 1.2. Layer 2 Synchronization
As explained in section 6 of [RFC8180], the Enhanced Beacon (EB) has As explained in Section 4.5.2 of [RFC8180], the EB has a number of
a number of purposes: synchronization of the Absolute Slot Number purposes: it carries synchronization information such as the Absolute
(ASN) and Join Metric, carrying the timeslot template identifier, Slot Number (ASN) and Join Metric and identifiers for the timeslot
carrying the channel hopping sequence identifier, and indicating the template and the channel hopping sequence, and it indicates the TSCH
TSCH SlotFrame. slotframe.
An EB announces the existence of a TSCH network, and of the nodes An EB announces the existence of a TSCH network and the nodes already
already joined to that network. Receiving an EB allows a Joining joined to that network. Receiving an EB allows a Joining Node
Node (pledge) to learn about the network and synchronize to it. (pledge) to learn about the network and to synchronize with it.
The EB may also be used as a means for a node already part of the The EB may also be used as a means for a node already part of the
network to re-synchronize [RFC7554]. network to resynchronize [RFC7554].
There are a limited number of timeslots designated as broadcast slots There are a limited number of timeslots designated as broadcast slots
by each router in the network. Considering 10ms slots and a slot- by each router in the network. Considering 10 ms slots and a
frame length of 100, these slots are rare and could result in only 1 slotframe length of 100, these slots are rare and could result in
slot per second for broadcasts, which needs to be used for the only 1 slot per second for broadcasts, which needs to be used for the
beacon. Additional broadcasts for Router Advertisements (RA), or beacon. Additional broadcasts for Router Advertisements (RA) or
Neighbor Discovery (ND) could even more scarce. Neighbor Discovery (ND) could be even more scarce.
1.3. Layer-3 synchronization: IPv6 Router Solicitations and 1.3. Layer 3 Synchronization: IPv6 Router Solicitations and
Advertisements Advertisements
At layer 3, [RFC4861] defines a mechanism by which nodes learn about At Layer 3, [RFC4861] defines a mechanism by which nodes learn about
routers by receiving multicast Router Advertisements (RA). If no RA routers by receiving multicast RAs. If no RA is received within a
is received within a set time, then a Router Solicitation (RS) may be set time, then a Router Solicitation (RS) may be transmitted as a
transmitted as a multicast, to which an RA will be received, usually multicast, to which an RA will be received, usually unicast.
unicast.
Although [RFC6775] reduces the amount of multicast necessary to do Although [RFC6775] reduces the amount of multicast necessary for
address resolution via Neighbor Solicitation (NS) messages, it still address resolution via Neighbor Solicitation (NS) messages, it still
requires multicast of either RAs or RSes. This is an expensive requires multicast of either RAs or RSes. This is an expensive
operation for two reasons: there are few multicast timeslots for operation for two reasons: there are few multicast timeslots for
unsolicited RAs; and if a pledge node does not receive an RA, and unsolicited RAs; and if a pledge node does not receive an RA, and
decides to transmit an RS, a broadcast aloha slot (see [RFC7554] decides to transmit an RS, a broadcast Aloha slot (see Appendix A.5
section A.5) is consumed with unencrypted traffic. [RFC6775] already of [RFC7554]) is consumed with unencrypted traffic. [RFC6775]
allows for a unicast reply to such an RS. already allows for a unicast reply to such an RS.
This is a particularly acute issue for the join process for the This is a particularly acute issue for the join process for the
following reasons: following reasons:
1. Use of a multicast slot by even a non-malicious unauthenticated 1. Use of a multicast slot by even a non-malicious unauthenticated
node for a Router Solicitation (RS) may overwhelm that time slot. node for a Router Solicitation (RS) may overwhelm that timeslot.
2. It may require many seconds of on-time before a new pledge 2. It may require many seconds of on-time before a new pledge
receives a Router Advertisement (RA) that it can use. receives a Router Advertisement (RA) that it can use.
3. A new pledge may have to receive many Enhanced Beacons (EB) 3. A new pledge may have to receive many EBs before it can pick an
before it can pick an appropriate network and/or closest Join appropriate network and/or closest Join Proxy to attach to. If
Assistant to attach to. If it must remain in the receive state it must remain in the receive state for an RA as well as find the
for an RA as well as find the Enhanced Beacon (EB), then the EB, then the process may take dozens of seconds, even minutes for
process may take dozens of seconds, even minutes for each each enrollment attempt that it needs to make.
enrollment attempt that it needs to make.
1.4. Layer-2 Selection 1.4. Layer 2 Selection
In a complex Low-power and Lossy Networks (LLN), multiple LLNs may be In a complex Low-power and Lossy Network (LLN), multiple LLNs may be
connected together by backbone routers ( technology such as connected together by Backbone Routers (technology such as
[I-D.ietf-6lo-backbone-router]), resulting in an area that is [RFC8929]), resulting in an area that is serviced by multiple,
serviced by multiple distinct Layer-2 instances. These are called distinct Layer 2 instances. These are called Personal Area Networks
Personal Area Networks (PAN). Each instance will have a separate (PANs). Each instance will have a separate Layer 2 security profile
Layer-2 security profile, and will be distinguished by a different and will be distinguished by a different PANID. The PANID is part of
PANID. The PANID is part of the [ieee802154] layer-2 header: it is a the Layer 2 header as defined in [IEEE.802.15.4]: it is a 16-bit
16-bit value which is chosen to be unique, and it contributes context value that is chosen to be unique, and it contributes context to the
to the layer-2 security mechanisms. The PANID provides a context Layer 2 security mechanisms. The PANID provides a context similar to
similar to the ESSID does in 802.11 networking, and can be conceived the Extended Service Set ID (ESSID) in 802.11 networking and can be
of in a similar fashion as the 802.3 ethernet VLAN tag in that it considered similar to the 802.3 Ethernet VLAN tag in that it provides
provides context for all layer-2 addresses. context for all Layer 2 addresses.
A device which is already enrolled in a network may find after a long A device that is already enrolled in a network may find after a long
sleep that it needs to resynchronize to the Layer 2 network. The sleep that it needs to resynchronize with the Layer 2 network. The
enrollment keys that it has will be specific to a PANID, but it may device's enrollment keys will be specific to a PANID, but the device
have more than one set of keys. Such a device may wish to connect to may have more than one set of keys. Such a device may wish to
a PAN that is experiencing less congestion, or which has a shalower connect to a PAN that is experiencing less congestion or that has a
([RFC6550]) Routing Protocol for LLNs (RPL) tree. It may even shallower Routing Protocol for LLNs (RPL) tree [RFC6550]. It may
observe PANs for which it does not have keys, but which is believes even observe PANs for which it does not have keys, but for which it
it may have credentials that would allow it to join. believes it may have credentials that would allow it to join.
In order to identify which PANs are part of the same backbone In order to identify which PANs are part of the same backbone
network, the network ID is introduced in this extension. PANs that network, the network ID is introduced in this extension. PANs that
are part of the same backbone will be configured to use the same are part of the same backbone will be configured to use the same
network ID. For [RFC6550] RPL networks, configuration of the network network ID. For RPL networks [RFC6550], configuration of the network
ID can be done with an configuration option, which is the subject of ID can be done with a configuration option, which is the subject of
future work. future work.
In order to provide some input to the choice of which PAN to use, the In order to provide some input to the choice of which PAN to use, the
PAN priority field has been added. This lists the relative priority PAN priority field has been added. This lists the relative priority
for the PAN among different PANs. Every Enhanced Beacon from a given for the PAN among different PANs. Every EB from a given PAN will
PAN will likely have the same PAN priority. Determination of the the likely have the same PAN priority. Determination of the PAN priority
PAN priority is the subject of future work; but it is expected that is the subject of future work; but it is expected that it will be
it will be calculated by an algorithm in the 6LBR, possibly involving calculated by an algorithm in the 6LoWPAN Border Router (6LBR),
communication between 6LBRs over the backbone network. possibly involving communication between 6LBRs over the backbone
network.
The [RFC6550] parent selection process can only operate within a The parent selection process [RFC6550] can only operate within a
single PAN, because it depends upon receiving RPL DIO messages from single PAN because it depends upon receiving RPL DIO messages from
all available parents. As part of the PAN selection process, the all available parents. As part of the PAN selection process, the
device may wish to know how deep in the LLN mesh it will be if it device may wish to know how deep in the LLN mesh it will be if it
joins a particular PAN, and the rank priority field provides an joins a particular PAN, and the rank priority field provides an
estimation of what the rank of each announcer is. Once the device estimation of each announcer's rank. Once the device synchronizes
synchronizes to a particular PAN's TSCH schedule then it may receive with a particular PAN's TSCH schedule, it may receive DIOs that are
DIOs that are richer in their diversity than this value. How this richer in their diversity than this value. The use of this value in
value will be used in practice is the subject of future research, and practice is the subject of future research, and the interpretation of
the interpretation of this value of the structure is considered this value of the structure is considered experimental.
experimental.
2. Protocol Definition 2. Protocol Definition
[RFC8137] creates a registry for new IETF IE subtypes. This document [RFC8137] creates a registry for new IETF IE subtypes. This document
allocates a new subtype. allocates a new subtype.
The new IE subtype structure is as follows. As explained in The new IE subtype structure is as follows. As explained in
[RFC8137] the length of the Sub-Type Content can be calculated from [RFC8137], the length of the subtype content can be calculated from
the container, so no length information is necessary. the container, so no length information is necessary.
1 2 3 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| TBD-XXX |R|P| res | proxy prio | rank priority | | 2 |R|P| res | proxy prio | rank priority |
+-+-+-+-+-+-+-+-+-+-------------+-------------+-----------------+ +-+-+-+-+-+-+-+-+-+-------------+-------------+-----------------+
| pan priority | | | PAN priority | |
+---------------+ + +---------------+ +
| Join Proxy Interface-ID | | Join Proxy Interface ID |
+ (present if P=1) + + (present if P=1) +
| | | |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | | | |
+-+-+-+-+-+-+-+-+ + +-+-+-+-+-+-+-+-+ +
| network ID | | network ID |
+ variable length, up to 16 bytes + + variable length, up to 16 bytes +
~ ~ ~ ~
+ + + +
| | | |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
Figure 1: IE subtype structure Figure 1: IE Subtype Structure
res: reserved bits MUST be ignored upon receipt, and SHOULD be set res: Reserved bits MUST be ignored upon receipt and SHOULD be set to
to 0 when sending. 0 when sending.
R: The Router Advertisement R-flag is set if the sending node will R: The RA R-flag is set if the sending node will act as a router for
act as a Router for host-only nodes relying on stateless address host-only nodes relying on stateless address auto-configuration
auto-configuration (SLAAC) to get their global IPv6 address. (SLAAC) to get their global IPv6 address. Those hosts MUST send a
Those hosts MUST send a unicast Router Solicitation message in unicast RS message in order to receive an RA with the Prefix
order to receive a RA with the Prefix Information Option. Information Option.
In most cases, every node sending a beacon will set this flag, and In most cases, every node sending a beacon will set this flag, and
in a typical mesh, this will be every single node. When this bit in a typical mesh, this will be every single node. When this bit
is not set, it might indicate that this node may be under is not set, it might indicate that this node may be under
provisioned, or may have no additional slots for additional nodes. provisioned or that it may have no additional slots for additional
This could make this node more interesting to an attacker. nodes. This could make this node more interesting to an attacker.
P: If the Proxy Address P-flag is set, then the Join Proxy Interface P: If the Proxy Address P-flag is set, then the Join Proxy Interface
ID bit field is present. Otherwise, it is not provided. ID bit field is present. Otherwise, it is not provided.
This bit only indicates if another part of the structure is This bit only indicates if another part of the structure is
present, and has little security or privacy impact. present, and it has little security or privacy impact.
proxy priority (proxy prio): This field indicates the willingness of proxy prio (proxy priority): This field indicates the willingness of
the sender to act as join proxy. Lower value indicates greater the sender to act as a Join Proxy. Lower value indicates greater
willingness to act as a Join Proxy as described in willingness to act as a Join Proxy as described in [RFC9031].
[I-D.ietf-6tisch-minimal-security]. Values range from 0x00 (most Values range from 0x00 (most willing) to 0x7e (least willing). A
willing) to 0x7e (least willing). A priority of 0x7f indicates priority of 0x7f indicates that the announcer should never be
that the announcer should never be considered as a viable considered as a viable Join Proxy. Only unenrolled pledges look
enrollment proxy. Only unenrolled pledges look at this value. at this value.
Lower values in this field indicate that the transmitter may have Lower values in this field indicate that the transmitter may have
more capacity to handle unencrypted traffic. A higher value may more capacity to handle unencrypted traffic. A higher value may
indicate that the transmitter is low on neighbor cache entries, or indicate that the transmitter is low on neighbor cache entries or
other resources. Ongoing work such as other resources. Ongoing work such as [NETWORK-ENROLLMENT]
[I-D.ietf-roll-enrollment-priority] documents one way to set this documents one way to set this field.
field.
rank priority: The rank "priority" is set by the IPv6 LLN Router rank priority: The rank priority is set by the IPv6 LLN Router (6LR)
(6LR) which sent the beacon and is an indication of how willing that sent the beacon and is an indication of how willing this 6LR
this 6LR is to serve as an RPL [RFC6550] parent within a is to serve as a RPL parent [RFC6550] within a particular network
particular network ID. Lower values indicate more willingness, ID. Lower values indicate more willingness, and higher values
and higher values indicate less willingness. This value is indicate less willingness. This value is calculated by each 6LR
calculated by each 6LR according to algorithms specific to the according to algorithms specific to the routing metrics used by
routing metrics used by the RPL ([RFC6550]). The exact process is the RPL [RFC6550]. The exact process is a subject of significant
a subject of significant research work. It will typically be research work. It will typically be calculated from the RPL rank,
calculated from the RPL rank, and it may include some and it may include some modifications based upon current number of
modifications based upon current number of children, or number of children or the number of neighbor cache entries available.
neighbor cache entries available. Pledges MUST ignore this value. Pledges MUST ignore this value. It helps enrolled devices only to
It helps enrolled devices only to compare connection points. compare connection points.
An attacker can use this value to determine which nodes are An attacker can use this value to determine which nodes are
potentially more interesting. Nodes which are less willingness to potentially more interesting. Nodes that are less willing to be
be parents likely have more traffic, and an attacker could use parents likely have more traffic, and an attacker could use this
this information to determine which nodes would be more information to determine which nodes would be more interesting to
interesting to attack or disrupt. attack or disrupt.
pan priority: The pan priority is a value set by the Destination- PAN priority: The PAN priority is a value set by the Destination-
Oriented Directed Acyclic Graph (DODAG) root (see [RFC6550], Oriented Directed Acyclic Graph (DODAG) root (see [RFC6550],
typically, the 6LBR) to indicate the relative priority of this LLN typically the 6LBR) to indicate the relative priority of this LLN
compared to those with different PANIDs that the operator might compared to those with different PANIDs that the operator might
control. This value may be used as part of the enrollment control. This value may be used as part of the enrollment
priority, but typically is used by devices which have already priority, but typically it is used by devices that have already
enrolled, and need to determine which PAN to pick when resuming enrolled and need to determine which PAN to pick when resuming
from a long sleep. Unenrolled pledges MAY consider this value from a long sleep. Unenrolled pledges MAY consider this value
when selecting a PAN to join. Enrolled devices MAY consider this when selecting a PAN to join. Enrolled devices MAY consider this
value when looking for an eligible parent device. Lower values value when looking for an eligible parent device. Lower values
indicate a higher willingness to accept new nodes. indicate more willingness to accept new nodes.
An attacker can use this value, along with the observed PANID in An attacker can use this value, along with the observed PANID in
the Beacon to determine which PANIDs have more network resources, the EB to determine which PANIDs have more network resources, and
and may have more interesting traffic. may have more interesting traffic.
Join Proxy Interface ID: If the P bit is set, then 64 bits (8 bytes) Join Proxy Interface ID: If the P bit is set, then 64 bits (8 bytes)
of address are present. This field provides the Interface ID of address are present. This field provides the Interface ID
(IID) of the Link-Local address of the Join Proxy. The associated (IID) of the link-local address of the Join Proxy. The associated
prefix is well-known as fe80::/64. If this field is not present, prefix is well-known as fe80::/64. If this field is not present,
then IID is derived from the layer-2 address of the sender as per then IID is derived from the Layer 2 address of the sender per
SLAAC ([RFC4662]). SLAAC [RFC4862].
This field communicates the Interface ID bits that should be used This field communicates the IID bits that should be used for this
for this node's layer-3 address, if it should not be derived from node's Layer 3 address, if it should not be derived from the Layer
the layer-2 address. Communication with the Join Proxy occurs in 2 address. Communication with the Join Proxy occurs in the clear.
the clear. This field avoids the need for an additional service- This field avoids the need for an additional service-discovery
discovery process for the case where the L3 address is not derived process for the case where the Layer 3 address is not derived from
from the L2 address. An attacker will see both L2 and L3 the Layer 2 address. An attacker will see both Layer 2 and Layer
addresses, so this field provides no new information. 3 addresses, so this field provides no new information.
network ID: This is a variable length field, up to 16-bytes in size network ID: This is a variable length field, up to 16-bytes in size
that uniquely identifies this network, potentially among many that uniquely identifies this network, potentially among many
networks that are operating in the same frequencies in overlapping networks that are operating in the same frequencies in overlapping
physical space. The length of this field can be calculated as physical space. The length of this field can be calculated as
being whatever is left in the Information Element. being whatever is left in the IE.
In a 6tisch network, where RPL [RFC6550] is used as the mesh In a 6TiSCH network, where RPL [RFC6550] is used as the mesh
routing protocol, the network ID can be constructed from a routing protocol, the network ID can be constructed from a
truncated SHA256 hash of the prefix (/64) of the network. This truncated SHA-256 hash of the prefix (/64) of the network. This
will be done by the RPL DODAG root and communicated by the RPL will be done by the RPL DODAG root and communicated by the RPL
Configuration Option payloads, so it is not calculated more than Configuration Option payloads, so it is not calculated more than
once. This is just a suggestion for a default algorithm: it may once. This is just a suggestion for a default algorithm: it may
be set in any convenience way that results in a non-identifing be set in any convenient way that results in a non-identifying
value. In some LLNs where multiple PANIDs may lead to the same value. In some LLNs where multiple PANIDs may lead to the same
management device (the Join Registrar/Coordinator - JRC), then a management device (the Join Registrar/Coordinator (JRC)), then a
common value that is the same across all the PANs MUST be common value that is the same across all the PANs MUST be
configured. Pledges that see the same networkID will not waste configured. Pledges that see the same network ID will not waste
time attempting to enroll multiple times with the same network time attempting to enroll multiple times with the same network
that when the network has multiple attachment points. when the network has multiple attachment points.
If the network ID is derived as suggested, then it will be an If the network ID is derived as suggested, then it will be an
opaque, seemingly random value, and will not directly reveal any opaque, seemingly random value and will not directly reveal any
information about the network. An attacker can match this value information about the network. An attacker can match this value
across many transmissions to map the extent of a network beyond across many transmissions to map the extent of a network beyond
what the PANID might already provide. what the PANID might already provide.
3. Security Considerations 3. Security Considerations
All of the contents of this Information Element are transmitted in All of the contents of this IE are transmitted in the clear. The
the clear. The content of the Enhanced Beacon is not encrypted. content of the EB is not encrypted. This is a restriction in the
This is a restriction in the cryptographic architecture of the cryptographic architecture of the 802.15.4 mechanism. In order to
802.15.4 mechanism. In order to decrypt or do integrity checking of decrypt or do integrity checking of Layer 2 frames in TSCH, the TSCH
layer-2 frames in TSCH, the TSCH Absolute Slot Number (ASN) is ASN is needed. The EB provides the ASN to new (and long-sleeping)
needed. The Enhanced Beacon provides the ASN to new (and long- nodes.
sleeping) nodes.
The sensitivity of each field is described within the description of The sensitivity of each field is described within the description of
each field. each field.
The Enhanced Beacon is authenticated at the layer-2 level using The EB is authenticated at the Layer 2 level using 802.15.4
802.15.4 mechanisms using the network-wide keying material. Nodes mechanisms using the network-wide keying material. Nodes that are
which are enrolled will have the network-wide keying material and can enrolled will have the network-wide keying material and can validate
validate the beacon. the beacon.
Pledges which have not yet enrolled are unable to authenticate the Pledges that have not yet enrolled are unable to authenticate the
beacons, and will be forced to temporarily take the contents on beacons and will be forced to temporarily take the contents on faith.
faith. After enrollment, a newly enrolled node will be able to After enrollment, a newly enrolled node will be able to return to the
return to the beacon and validate it. beacon and validate it.
In addition to the enrollment and join information described in this In addition to the enrollment and join information described in this
document, the Enhanced Beacon contains a description of the TSCH document, the EB contains a description of the TSCH schedule to be
schedule to be used by the transmitter of this packet. The schedule used by the transmitter of this packet. The schedule can provide an
can provide an attacker with a list of channels and frequencies on attacker with a list of channels and frequencies on which
which communication will occur. Knowledge of this can help an communication will occur. Knowledge of this can help an attacker to
attacker to more efficiently jam communications, although there is more efficiently jam communications, although there is future work
future work being considered to make some of the schedule less being considered to make some of the schedule less visible.
visible. Encrypting the schedule does not prevent an attacker from Encrypting the schedule does not prevent an attacker from jamming,
jamming, but rather increases the energy cost of doing that jamming. but rather increases the energy cost of doing that jamming.
4. Privacy Considerations 4. Privacy Considerations
The use of a network ID may reveal information about the network. The use of a network ID may reveal information about the network.
The use of a SHA256 hash of the DODAGID (see [RFC6550]), rather than The use of a SHA-256 hash of the DODAGID (see [RFC6550]), rather than
using the DODAGID itself directly provides some privacy for the the using the DODAGID itself directly provides some privacy for the
addresses used within the network, as the DODAGID is usually the IPv6 addresses used within the network, as the DODAGID is usually the IPv6
address of the root of the RPL mesh. address of the root of the RPL mesh.
An interloper with a radio sniffer would be able to use the network An interloper with a radio sniffer would be able to use the network
ID to map out the extent of the mesh network. ID to map out the extent of the mesh network.
5. IANA Considerations 5. IANA Considerations
IANA is asked to assign a new number TBD-XXX from Registry "IEEE Std IANA has assigned the following value in the "IEEE Std 802.15.4 IETF
802.15.4 IETF IE Subtype IDs" as defined by [RFC8137]. IE Subtype IDs" registry, as defined by [RFC8137].
This entry should be called 6tisch-Join-Info, and should refer to
this document.
Value Subtype-ID Reference
---- ---------- -----------
TBD-XXX 6tisch-Join-Inbfo [this document]
6. Acknowledgements
Thomas Watteyne provided extensive editorial comments on the
document. Carles Gomez Montenegro generated a detailed review of the
document at WGLC. Tim Evens provided a number of useful editorial
suggestions.
7. References
7.1. Normative References +=======+==================+===========+
| Value | Subtype ID | Reference |
+=======+==================+===========+
| 2 | 6tisch-Join-Info | RFC 9032 |
+-------+------------------+-----------+
[BCP14] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC Table 1
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[I-D.ietf-6tisch-minimal-security] 6. References
Vucinic, M., Simon, J., Pister, K., and M. Richardson,
"Constrained Join Protocol (CoJP) for 6TiSCH", Work in
Progress, Internet-Draft, draft-ietf-6tisch-minimal-
security-15, 10 December 2019, <http://www.ietf.org/
internet-drafts/draft-ietf-6tisch-minimal-security-
15.txt>.
[ieee802154] 6.1. Normative References
IEEE standard for Information Technology, ., "IEEE Std.
802.15.4, Part. 15.4: Wireless Medium Access Control (MAC) [IEEE.802.15.4]
and Physical Layer (PHY) Specifications for Low-Rate IEEE, "IEEE Standard for Low-Rate Wireless Networks", IEEE
Wireless Personal Area Networks", 2015, Standard 802.15.4-2015, DOI 10.1109/IEEESTD.2016.7460875,
<http://standards.ieee.org/findstds/ April 2016,
standard/802.15.4-2015.html>. <https://ieeexplore.ieee.org/document/7460875>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman,
"Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861,
DOI 10.17487/RFC4861, September 2007, DOI 10.17487/RFC4861, September 2007,
<https://www.rfc-editor.org/info/rfc4861>. <https://www.rfc-editor.org/info/rfc4861>.
skipping to change at page 10, line 35 skipping to change at line 434
<https://www.rfc-editor.org/info/rfc6775>. <https://www.rfc-editor.org/info/rfc6775>.
[RFC8137] Kivinen, T. and P. Kinney, "IEEE 802.15.4 Information [RFC8137] Kivinen, T. and P. Kinney, "IEEE 802.15.4 Information
Element for the IETF", RFC 8137, DOI 10.17487/RFC8137, May Element for the IETF", RFC 8137, DOI 10.17487/RFC8137, May
2017, <https://www.rfc-editor.org/info/rfc8137>. 2017, <https://www.rfc-editor.org/info/rfc8137>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>. May 2017, <https://www.rfc-editor.org/info/rfc8174>.
7.2. Informative References [RFC9031] Vučinić, M., Ed., Simon, J., Pister, K., and M.
Richardson, "Constrained Join Protocol (CoJP) for 6TiSCH",
[I-D.ietf-6lo-backbone-router] RFC 9031, DOI 10.17487/RFC9031, May 2021,
Thubert, P., Perkins, C., and E. Levy-Abegnoli, "IPv6 <https://www.rfc-editor.org/info/rfc9031>.
Backbone Router", Work in Progress, Internet-Draft, draft-
ietf-6lo-backbone-router-17, 20 February 2020,
<http://www.ietf.org/internet-drafts/draft-ietf-6lo-
backbone-router-17.txt>.
[I-D.ietf-6tisch-architecture] 6.2. Informative References
Thubert, P., "An Architecture for IPv6 over the TSCH mode
of IEEE 802.15.4", Work in Progress, Internet-Draft,
draft-ietf-6tisch-architecture-28, 29 October 2019,
<http://www.ietf.org/internet-drafts/draft-ietf-6tisch-
architecture-28.txt>.
[I-D.ietf-roll-enrollment-priority] [NETWORK-ENROLLMENT]
Richardson, M., "Enabling secure network enrollment in RPL Richardson, M., Jadhav, R. A., Thubert, P., and H. She,
networks", Work in Progress, Internet-Draft, draft-ietf- "Controlling Secure Network Enrollment in RPL networks",
roll-enrollment-priority-00, 16 September 2019, Work in Progress, Internet-Draft, draft-ietf-roll-
<http://www.ietf.org/internet-drafts/draft-ietf-roll- enrollment-priority-04, 7 February 2021,
enrollment-priority-00.txt>. <https://tools.ietf.org/html/draft-ietf-roll-enrollment-
priority-04>.
[RFC4662] Roach, A. B., Campbell, B., and J. Rosenberg, "A Session [RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless
Initiation Protocol (SIP) Event Notification Extension for Address Autoconfiguration", RFC 4862,
Resource Lists", RFC 4662, DOI 10.17487/RFC4662, August DOI 10.17487/RFC4862, September 2007,
2006, <https://www.rfc-editor.org/info/rfc4662>. <https://www.rfc-editor.org/info/rfc4862>.
[RFC6550] Winter, T., Ed., Thubert, P., Ed., Brandt, A., Hui, J., [RFC6550] Winter, T., Ed., Thubert, P., Ed., Brandt, A., Hui, J.,
Kelsey, R., Levis, P., Pister, K., Struik, R., Vasseur, Kelsey, R., Levis, P., Pister, K., Struik, R., Vasseur,
JP., and R. Alexander, "RPL: IPv6 Routing Protocol for JP., and R. Alexander, "RPL: IPv6 Routing Protocol for
Low-Power and Lossy Networks", RFC 6550, Low-Power and Lossy Networks", RFC 6550,
DOI 10.17487/RFC6550, March 2012, DOI 10.17487/RFC6550, March 2012,
<https://www.rfc-editor.org/info/rfc6550>. <https://www.rfc-editor.org/info/rfc6550>.
[RFC7554] Watteyne, T., Ed., Palattella, M., and L. Grieco, "Using [RFC7554] Watteyne, T., Ed., Palattella, M., and L. Grieco, "Using
IEEE 802.15.4e Time-Slotted Channel Hopping (TSCH) in the IEEE 802.15.4e Time-Slotted Channel Hopping (TSCH) in the
Internet of Things (IoT): Problem Statement", RFC 7554, Internet of Things (IoT): Problem Statement", RFC 7554,
DOI 10.17487/RFC7554, May 2015, DOI 10.17487/RFC7554, May 2015,
<https://www.rfc-editor.org/info/rfc7554>. <https://www.rfc-editor.org/info/rfc7554>.
[RFC8180] Vilajosana, X., Ed., Pister, K., and T. Watteyne, "Minimal [RFC8180] Vilajosana, X., Ed., Pister, K., and T. Watteyne, "Minimal
IPv6 over the TSCH Mode of IEEE 802.15.4e (6TiSCH) IPv6 over the TSCH Mode of IEEE 802.15.4e (6TiSCH)
Configuration", BCP 210, RFC 8180, DOI 10.17487/RFC8180, Configuration", BCP 210, RFC 8180, DOI 10.17487/RFC8180,
May 2017, <https://www.rfc-editor.org/info/rfc8180>. May 2017, <https://www.rfc-editor.org/info/rfc8180>.
[RFC8929] Thubert, P., Ed., Perkins, C.E., and E. Levy-Abegnoli,
"IPv6 Backbone Router", RFC 8929, DOI 10.17487/RFC8929,
November 2020, <https://www.rfc-editor.org/info/rfc8929>.
[RFC9030] Thubert, P., Ed., "An Architecture for IPv6 over the Time-
Slotted Channel Hopping Mode of IEEE 802.15.4 (6TiSCH)",
RFC 9030, DOI 10.17487/RFC9030, May 2021,
<https://www.rfc-editor.org/info/rfc9030>.
Acknowledgments
Thomas Watteyne provided extensive editorial comments on the
document. Carles Gomez Montenegro generated a detailed review of the
document at Working Group Last Call. Tim Evens provided a number of
useful editorial suggestions.
Authors' Addresses Authors' Addresses
Diego Dujovne (editor) Diego Dujovne (editor)
Universidad Diego Portales Universidad Diego Portales
Escuela de Informatica y Telecomunicaciones, Av. Ejercito 441 Escuela de Informática y Telecomunicaciones
Santiago, Region Metropolitana Av. Ejército 441
Santiago
Región Metropolitana
Chile Chile
Phone: +56 (2) 676-8121 Phone: +56 (2) 676-8121
Email: diego.dujovne@mail.udp.cl Email: diego.dujovne@mail.udp.cl
Michael Richardson Michael Richardson
Sandelman Software Works Sandelman Software Works
Email: mcr+ietf@sandelman.ca Email: mcr+ietf@sandelman.ca
 End of changes. 79 change blocks. 
285 lines changed or deleted 265 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/