Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

TTE wglc redo #41

Open
wants to merge 15 commits into
base: main
Choose a base branch
from
Prev Previous commit
Next Next commit
slight rewriting of Introduction
  • Loading branch information
mcr committed Oct 18, 2022
commit 45641f4835589741a4ad81f5c93e767267e3842d
14 changes: 6 additions & 8 deletions draft-ietf-anima-constrained-join-proxy.md
Original file line number Diff line number Diff line change
@@ -114,25 +114,23 @@ CoAP can be run with the Datagram Transport Layer Security (DTLS) {{RFC6347}} as
This is known as the "coaps" scheme.
A constrained version of EST, using Coap and DTLS, is described in {{RFC9148}}.

The {{I-D.ietf-anima-constrained-voucher}} extends {{RFC9148}} with BRSKI artifacts such as voucher, request voucher, and the protocol extensions for constrained Pledges.
The {{I-D.ietf-anima-constrained-voucher}} extends {{RFC9148}} with BRSKI artifacts such as voucher, request voucher, and the protocol extensions for constrained Pledges that use CoAP.

DTLS is a client-server protocol relying on the underlying IP layer to perform the routing between the DTLS Client and the DTLS Server.
However, the Pledge will not be IP routable over the mesh network
However, in networks that require authentication, such as those using {{RFC4944}},
the Pledge will not be IP routable over the mesh network
until it is authenticated to the mesh network. A new Pledge can only
initially use a link-local IPv6 address to communicate with a
mesh neighbor [RFC6775] until it receives the necessary network
configuration parameters. The Pledge receives these configuration
parameters from the Registrar. When the Registrar is not a direct
neighbor of the Registrar but several hops away, the Pledge
discovers a neighbor constrained Join Proxy, which transmits the DTLS
protected request coming from the Pledge
to the Registrar. The constrained Join Proxy must be enrolled
discovers a neighbor that is operating the constrained Join Proxy, which
forwards DTLS protected messages between Pledge and Registrar.
The constrained Join Proxy must be enrolled
previously such that the
message from constrained Join Proxy to Registrar can be routed over
one or more hops.

During enrollment, a DTLS connection is required between Pledge and Registrar.

An enrolled Pledge can act as constrained Join Proxy between other Pledges and the enrolling Registrar.

This document specifies a new form of constrained Join Proxy and protocol to act as intermediary between Pledge and Registrar to relay DTLS messages between Pledge and Registrar. Two modes of the constrained Join Proxy are specified: