Specify blacklist parameter for Parameter Update Request messages from JRC to JP

Tag: WGLC

Tero Kivinen wrote (https://mailarchive.ietf.org/arch/msg/6tisch/jTAFrLJfp6qfJ3t5UuKBJW3P2RI):

On the other hand blacklisting someone who has failed joining process is also good idea, but this stateless method does not allow it and then one joining node which have any kind of misconfuguration will simply consume network resources all the time, with repeated tries to join the network.

While blacklisting does not add much in terms of security, as source addresses can be spoofed, I agree that it's beneficial to have blacklisting as a feature in case of misconfiguration, for performance reasons. I think that the JRC should be the one who decides if a given address should be blacklisted, from the amount of traffic it receives and other information it possesses.

How about we add a CoJP parameter "blacklist" that can be signaled in Parameter Update Request messages that carries a list of blacklisted addresses. The JRC sends this at any time to JP(s) over their secure channel, and JP can then filter these frames in hardware for example, since many chips support this already. What do you think?

Sounds good. So this would not be part of joining message, but completely separate message from JRC to JP directly?