idnits 2.17.1 draft-ietf-6tisch-enrollment-enhanced-beacon-14.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (21 February 2020) is 1525 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'BCP14' is defined on line 419, but no explicit reference was found in the text -- Possible downref: Non-RFC (?) normative reference: ref. 'ieee802154' ** Downref: Normative reference to an Informational RFC: RFC 8137 -- Duplicate reference: RFC8174, mentioned in 'RFC8174', was also mentioned in 'BCP14'. == Outdated reference: A later version (-20) exists of draft-ietf-6lo-backbone-router-17 == Outdated reference: A later version (-30) exists of draft-ietf-6tisch-architecture-28 == Outdated reference: A later version (-10) exists of draft-ietf-roll-enrollment-priority-00 Summary: 1 error (**), 0 flaws (~~), 5 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 6tisch Working Group D. Dujovne 3 Internet-Draft Universidad Diego Portales 4 Intended status: Standards Track M. Richardson 5 Expires: 24 August 2020 Sandelman Software Works 6 21 February 2020 8 IEEE 802.15.4 Information Element encapsulation of 6TiSCH Join and 9 Enrollment Information 10 draft-ietf-6tisch-enrollment-enhanced-beacon-14 12 Abstract 14 In TSCH mode of IEEE STD 802.15.4, opportunities for broadcasts are 15 limited to specific times and specific channels. Routers in a Time- 16 Slotted Channel Hopping (TSCH) network transmit Enhanced Beacon (EB) 17 frames to announce the presence of the network. This document 18 provides a mechanism by which additional information critical for new 19 nodes (pledges) and long sleeping nodes may be carried within the 20 Enhanced Beacon in order to conserve use of broadcast opportunities. 22 Status of This Memo 24 This Internet-Draft is submitted in full conformance with the 25 provisions of BCP 78 and BCP 79. 27 Internet-Drafts are working documents of the Internet Engineering 28 Task Force (IETF). Note that other groups may also distribute 29 working documents as Internet-Drafts. The list of current Internet- 30 Drafts is at https://datatracker.ietf.org/drafts/current/. 32 Internet-Drafts are draft documents valid for a maximum of six months 33 and may be updated, replaced, or obsoleted by other documents at any 34 time. It is inappropriate to use Internet-Drafts as reference 35 material or to cite them other than as "work in progress." 37 This Internet-Draft will expire on 24 August 2020. 39 Copyright Notice 41 Copyright (c) 2020 IETF Trust and the persons identified as the 42 document authors. All rights reserved. 44 This document is subject to BCP 78 and the IETF Trust's Legal 45 Provisions Relating to IETF Documents (https://trustee.ietf.org/ 46 license-info) in effect on the date of publication of this document. 47 Please review these documents carefully, as they describe your rights 48 and restrictions with respect to this document. Code Components 49 extracted from this document must include Simplified BSD License text 50 as described in Section 4.e of the Trust Legal Provisions and are 51 provided without warranty as described in the Simplified BSD License. 53 Table of Contents 55 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 56 1.1. Use of BCP 14 Terminology . . . . . . . . . . . . . . . . 2 57 1.2. Layer-2 Synchronization . . . . . . . . . . . . . . . . . 3 58 1.3. Layer-3 synchronization: IPv6 Router Solicitations and 59 Advertisements . . . . . . . . . . . . . . . . . . . . . 3 60 1.4. Layer-2 Selection . . . . . . . . . . . . . . . . . . . . 4 61 2. Protocol Definition . . . . . . . . . . . . . . . . . . . . . 5 62 3. Security Considerations . . . . . . . . . . . . . . . . . . . 8 63 4. Privacy Considerations . . . . . . . . . . . . . . . . . . . 9 64 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 65 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 9 66 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 9 67 7.1. Normative References . . . . . . . . . . . . . . . . . . 9 68 7.2. Informative References . . . . . . . . . . . . . . . . . 10 69 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 11 71 1. Introduction 73 [RFC7554] describes the use of the Time-Slotted Channel Hopping 74 (TSCH) mode of [ieee802154]. 76 In TSCH mode of IEEE STD 802.15.4, opportunities for broadcasts are 77 limited to specific times and specific channels. Routers in a Time- 78 Slotted Channel Hopping (TSCH) network transmit Enhanced Beacon (EB) 79 frames during broadcast slots in order to announce the time and 80 channel schedule. 82 This document defines a new IETF Information Element (IE) subtype to 83 place into the Enhanced Beacon (EB) to provide join and enrollment 84 information to prospective pledges in a more efficient way. 86 The following sub-sections explain the problem being solved, which 87 justify carrying the join and enrollement information in the EB. 89 1.1. Use of BCP 14 Terminology 91 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 92 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 93 "OPTIONAL" in this document are to be interpreted as described in 94 BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all 95 capitals, as shown here. 97 Other terminology can be found in [I-D.ietf-6tisch-architecture] in 98 section 2.1. 100 1.2. Layer-2 Synchronization 102 As explained in section 6 of [RFC8180], the Enhanced Beacon (EB) has 103 a number of purposes: synchronization of the Absolute Slot Number 104 (ASN) and Join Metric, carrying the timeslot template identifier, 105 carrying the channel hopping sequence identifier, and indicating the 106 TSCH SlotFrame. 108 An EB announces the existence of a TSCH network, and of the nodes 109 already joined to that network. Receiving an EB allows a Joining 110 Node (pledge) to learn about the network and synchronize to it. 112 The EB may also be used as a means for a node already part of the 113 network to re-synchronize [RFC7554]. 115 There are a limited number of timeslots designated as broadcast slots 116 by each router in the network. Considering 10ms slots and a slot- 117 frame length of 100, these slots are rare and could result in only 1 118 slot per second for broadcasts, which needs to be used for the 119 beacon. Additional broadcasts for Router Advertisements (RA), or 120 Neighbor Discovery (ND) could even more scarce. 122 1.3. Layer-3 synchronization: IPv6 Router Solicitations and 123 Advertisements 125 At layer 3, [RFC4861] defines a mechanism by which nodes learn about 126 routers by receiving multicast Router Advertisements (RA). If no RA 127 is received within a set time, then a Router Solicitation (RS) may be 128 transmitted as a multicast, to which an RA will be received, usually 129 unicast. 131 Although [RFC6775] reduces the amount of multicast necessary to do 132 address resolution via Neighbor Solicitation (NS) messages, it still 133 requires multicast of either RAs or RSes. This is an expensive 134 operation for two reasons: there are few multicast timeslots for 135 unsolicited RAs; and if a pledge node does not receive an RA, and 136 decides to transmit an RS, a broadcast aloha slot (see [RFC7554] 137 section A.5) is consumed with unencrypted traffic. [RFC6775] already 138 allows for a unicast reply to such an RS. 140 This is a particularly acute issue for the join process for the 141 following reasons: 143 1. Use of a multicast slot by even a non-malicious unauthenticated 144 node for a Router Solicitation (RS) may overwhelm that time slot. 146 2. It may require many seconds of on-time before a new pledge 147 receives a Router Advertisement (RA) that it can use. 149 3. A new pledge may have to receive many Enhanced Beacons (EB) 150 before it can pick an appropriate network and/or closest Join 151 Assistant to attach to. If it must remain in the receive state 152 for an RA as well as find the Enhanced Beacon (EB), then the 153 process may take dozens of seconds, even minutes for each 154 enrollment attempt that it needs to make. 156 1.4. Layer-2 Selection 158 In a complex Low-power and Lossy Networks (LLN), multiple LLNs may be 159 connected together by backbone routers ( technology such as 160 [I-D.ietf-6lo-backbone-router]), resulting in an area that is 161 serviced by multiple distinct Layer-2 instances. These are called 162 Personal Area Networks (PAN). Each instance will have a separate 163 Layer-2 security profile, and will be distinguished by a different 164 PANID. The PANID is part of the [ieee802154] layer-2 header: it is a 165 16-bit value which is chosen to be unique, and it contributes context 166 to the layer-2 security mechanisms. The PANID provides a context 167 similar to the ESSID does in 802.11 networking, and can be conceived 168 of in a similar fashion as the 802.3 ethernet VLAN tag in that it 169 provides context for all layer-2 addresses. 171 A device which is already enrolled in a network may find after a long 172 sleep that it needs to resynchronize to the Layer 2 network. The 173 enrollment keys that it has will be specific to a PANID, but it may 174 have more than one set of keys. Such a device may wish to connect to 175 a PAN that is experiencing less congestion, or which has a shalower 176 ([RFC6550]) Routing Protocol for LLNs (RPL) tree. It may even 177 observe PANs for which it does not have keys, but which is believes 178 it may have credentials that would allow it to join. 180 In order to identify which PANs are part of the same backbone 181 network, the network ID is introduced in this extension. PANs that 182 are part of the same backbone will be configured to use the same 183 network ID. For [RFC6550] RPL networks, configuration of the network 184 ID can be done with an configuration option, which is the subject of 185 future work. 187 In order to provide some input to the choice of which PAN to use, the 188 PAN priority field has been added. This lists the relative priority 189 for the PAN among different PANs. Every Enhanced Beacon from a given 190 PAN will likely have the same PAN priority. Determination of the the 191 PAN priority is the subject of future work; but it is expected that 192 it will be calculated by an algorithm in the 6LBR, possibly involving 193 communication between 6LBRs over the backbone network. 195 The [RFC6550] parent selection process can only operate within a 196 single PAN, because it depends upon receiving RPL DIO messages from 197 all available parents. As part of the PAN selection process, the 198 device may wish to know how deep in the LLN mesh it will be if it 199 joins a particular PAN, and the rank priority field provides an 200 estimation of what the rank of each announcer is. Once the device 201 synchronizes to a particular PAN's TSCH schedule then it may receive 202 DIOs that are richer in their diversity than this value. How this 203 value will be used in practice is the subject of future research, and 204 the interpretation of this value of the structure is considered 205 experimental. 207 2. Protocol Definition 209 [RFC8137] creates a registry for new IETF IE subtypes. This document 210 allocates a new subtype. 212 The new IE subtype structure is as follows. As explained in 213 [RFC8137] the length of the Sub-Type Content can be calculated from 214 the container, so no length information is necessary. 216 1 2 3 217 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 218 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 219 | TBD-XXX |R|P| res | proxy prio | rank priority | 220 +-+-+-+-+-+-+-+-+-+-------------+-------------+-----------------+ 221 | pan priority | | 222 +---------------+ + 223 | Join Proxy Interface-ID | 224 + (present if P=1) + 225 | | 226 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 227 | | | 228 +-+-+-+-+-+-+-+-+ + 229 | network ID | 230 + variable length, up to 16 bytes + 231 ~ ~ 232 + + 233 | | 234 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 235 | | 236 +-+-+-+-+-+-+-+-+ 238 Figure 1: IE subtype structure 240 res: reserved bits MUST be ignored upon receipt, and SHOULD be set 241 to 0 when sending. 243 R: The Router Advertisement R-flag is set if the sending node will 244 act as a Router for host-only nodes relying on stateless address 245 auto-configuration (SLAAC) to get their global IPv6 address. 246 Those hosts MUST send a unicast Router Solicitation message in 247 order to receive a RA with the Prefix Information Option. 249 In most cases, every node sending a beacon will set this flag, and 250 in a typical mesh, this will be every single node. When this bit 251 is not set, it might indicate that this node may be under 252 provisioned, or may have no additional slots for additional nodes. 253 This could make this node more interesting to an attacker. 255 P: If the Proxy Address P-flag is set, then the Join Proxy Interface 256 ID bit field is present. Otherwise, it is not provided. 258 This bit only indicates if another part of the structure is 259 present, and has little security or privacy impact. 261 proxy priority (proxy prio): This field indicates the willingness of 262 the sender to act as join proxy. Lower value indicates greater 263 willingness to act as a Join Proxy as described in 264 [I-D.ietf-6tisch-minimal-security]. Values range from 0x00 (most 265 willing) to 0x7e (least willing). A priority of 0x7f indicates 266 that the announcer should never be considered as a viable 267 enrollment proxy. Only unenrolled pledges look at this value. 269 Lower values in this field indicate that the transmitter may have 270 more capacity to handle unencrypted traffic. A higher value may 271 indicate that the transmitter is low on neighbor cache entries, or 272 other resources. Ongoing work such as 273 [I-D.ietf-roll-enrollment-priority] documents one way to set this 274 field. 276 rank priority: The rank "priority" is set by the IPv6 LLN Router 277 (6LR) which sent the beacon and is an indication of how willing 278 this 6LR is to serve as an RPL [RFC6550] parent within a 279 particular network ID. Lower values indicate more willingness, 280 and higher values indicate less willingness. This value is 281 calculated by each 6LR according to algorithms specific to the 282 routing metrics used by the RPL ([RFC6550]). The exact process is 283 a subject of significant research work. It will typically be 284 calculated from the RPL rank, and it may include some 285 modifications based upon current number of children, or number of 286 neighbor cache entries available. Pledges MUST ignore this value. 287 It helps enrolled devices only to compare connection points. 289 An attacker can use this value to determine which nodes are 290 potentially more interesting. Nodes which are less willingness to 291 be parents likely have more traffic, and an attacker could use 292 this information to determine which nodes would be more 293 interesting to attack or disrupt. 295 pan priority: The pan priority is a value set by the Destination- 296 Oriented Directed Acyclic Graph (DODAG) root (see [RFC6550], 297 typically, the 6LBR) to indicate the relative priority of this LLN 298 compared to those with different PANIDs that the operator might 299 control. This value may be used as part of the enrollment 300 priority, but typically is used by devices which have already 301 enrolled, and need to determine which PAN to pick when resuming 302 from a long sleep. Unenrolled pledges MAY consider this value 303 when selecting a PAN to join. Enrolled devices MAY consider this 304 value when looking for an eligible parent device. Lower values 305 indicate a higher willingness to accept new nodes. 307 An attacker can use this value, along with the observed PANID in 308 the Beacon to determine which PANIDs have more network resources, 309 and may have more interesting traffic. 311 Join Proxy Interface ID: If the P bit is set, then 64 bits (8 bytes) 312 of address are present. This field provides the Interface ID 313 (IID) of the Link-Local address of the Join Proxy. The associated 314 prefix is well-known as fe80::/64. If this field is not present, 315 then IID is derived from the layer-2 address of the sender as per 316 SLAAC ([RFC4662]). 318 This field communicates the Interface ID bits that should be used 319 for this node's layer-3 address, if it should not be derived from 320 the layer-2 address. Communication with the Join Proxy occurs in 321 the clear. This field avoids the need for an additional service- 322 discovery process for the case where the L3 address is not derived 323 from the L2 address. An attacker will see both L2 and L3 324 addresses, so this field provides no new information. 326 network ID: This is a variable length field, up to 16-bytes in size 327 that uniquely identifies this network, potentially among many 328 networks that are operating in the same frequencies in overlapping 329 physical space. The length of this field can be calculated as 330 being whatever is left in the Information Element. 332 In a 6tisch network, where RPL [RFC6550] is used as the mesh 333 routing protocol, the network ID can be constructed from a 334 truncated SHA256 hash of the prefix (/64) of the network. This 335 will be done by the RPL DODAG root and communicated by the RPL 336 Configuration Option payloads, so it is not calculated more than 337 once. This is just a suggestion for a default algorithm: it may 338 be set in any convenience way that results in a non-identifing 339 value. In some LLNs where multiple PANIDs may lead to the same 340 management device (the Join Registrar/Coordinator - JRC), then a 341 common value that is the same across all the PANs MUST be 342 configured. Pledges that see the same networkID will not waste 343 time attempting to enroll multiple times with the same network 344 that when the network has multiple attachment points. 346 If the network ID is derived as suggested, then it will be an 347 opaque, seemingly random value, and will not directly reveal any 348 information about the network. An attacker can match this value 349 across many transmissions to map the extent of a network beyond 350 what the PANID might already provide. 352 3. Security Considerations 354 All of the contents of this Information Element are transmitted in 355 the clear. The content of the Enhanced Beacon is not encrypted. 356 This is a restriction in the cryptographic architecture of the 357 802.15.4 mechanism. In order to decrypt or do integrity checking of 358 layer-2 frames in TSCH, the TSCH Absolute Slot Number (ASN) is 359 needed. The Enhanced Beacon provides the ASN to new (and long- 360 sleeping) nodes. 362 The sensitivity of each field is described within the description of 363 each field. 365 The Enhanced Beacon is authenticated at the layer-2 level using 366 802.15.4 mechanisms using the network-wide keying material. Nodes 367 which are enrolled will have the network-wide keying material and can 368 validate the beacon. 370 Pledges which have not yet enrolled are unable to authenticate the 371 beacons, and will be forced to temporarily take the contents on 372 faith. After enrollment, a newly enrolled node will be able to 373 return to the beacon and validate it. 375 In addition to the enrollment and join information described in this 376 document, the Enhanced Beacon contains a description of the TSCH 377 schedule to be used by the transmitter of this packet. The schedule 378 can provide an attacker with a list of channels and frequencies on 379 which communication will occur. Knowledge of this can help an 380 attacker to more efficiently jam communications, although there is 381 future work being considered to make some of the schedule less 382 visible. Encrypting the schedule does not prevent an attacker from 383 jamming, but rather increases the energy cost of doing that jamming. 385 4. Privacy Considerations 387 The use of a network ID may reveal information about the network. 388 The use of a SHA256 hash of the DODAGID (see [RFC6550]), rather than 389 using the DODAGID itself directly provides some privacy for the the 390 addresses used within the network, as the DODAGID is usually the IPv6 391 address of the root of the RPL mesh. 393 An interloper with a radio sniffer would be able to use the network 394 ID to map out the extent of the mesh network. 396 5. IANA Considerations 398 IANA is asked to assign a new number TBD-XXX from Registry "IEEE Std 399 802.15.4 IETF IE Subtype IDs" as defined by [RFC8137]. 401 This entry should be called 6tisch-Join-Info, and should refer to 402 this document. 404 Value Subtype-ID Reference 405 ---- ---------- ----------- 406 TBD-XXX 6tisch-Join-Inbfo [this document] 408 6. Acknowledgements 410 Thomas Watteyne provided extensive editorial comments on the 411 document. Carles Gomez Montenegro generated a detailed review of the 412 document at WGLC. Tim Evens provided a number of useful editorial 413 suggestions. 415 7. References 417 7.1. Normative References 419 [BCP14] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 420 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 421 May 2017, . 423 [I-D.ietf-6tisch-minimal-security] 424 Vucinic, M., Simon, J., Pister, K., and M. Richardson, 425 "Constrained Join Protocol (CoJP) for 6TiSCH", Work in 426 Progress, Internet-Draft, draft-ietf-6tisch-minimal- 427 security-15, 10 December 2019, . 431 [ieee802154] 432 IEEE standard for Information Technology, ., "IEEE Std. 434 802.15.4, Part. 15.4: Wireless Medium Access Control (MAC) 435 and Physical Layer (PHY) Specifications for Low-Rate 436 Wireless Personal Area Networks", 2015, 437 . 440 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 441 Requirement Levels", BCP 14, RFC 2119, 442 DOI 10.17487/RFC2119, March 1997, 443 . 445 [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, 446 "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, 447 DOI 10.17487/RFC4861, September 2007, 448 . 450 [RFC6775] Shelby, Z., Ed., Chakrabarti, S., Nordmark, E., and C. 451 Bormann, "Neighbor Discovery Optimization for IPv6 over 452 Low-Power Wireless Personal Area Networks (6LoWPANs)", 453 RFC 6775, DOI 10.17487/RFC6775, November 2012, 454 . 456 [RFC8137] Kivinen, T. and P. Kinney, "IEEE 802.15.4 Information 457 Element for the IETF", RFC 8137, DOI 10.17487/RFC8137, May 458 2017, . 460 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 461 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 462 May 2017, . 464 7.2. Informative References 466 [I-D.ietf-6lo-backbone-router] 467 Thubert, P., Perkins, C., and E. Levy-Abegnoli, "IPv6 468 Backbone Router", Work in Progress, Internet-Draft, draft- 469 ietf-6lo-backbone-router-17, 20 February 2020, 470 . 473 [I-D.ietf-6tisch-architecture] 474 Thubert, P., "An Architecture for IPv6 over the TSCH mode 475 of IEEE 802.15.4", Work in Progress, Internet-Draft, 476 draft-ietf-6tisch-architecture-28, 29 October 2019, 477 . 480 [I-D.ietf-roll-enrollment-priority] 481 Richardson, M., "Enabling secure network enrollment in RPL 482 networks", Work in Progress, Internet-Draft, draft-ietf- 483 roll-enrollment-priority-00, 16 September 2019, 484 . 487 [RFC4662] Roach, A. B., Campbell, B., and J. Rosenberg, "A Session 488 Initiation Protocol (SIP) Event Notification Extension for 489 Resource Lists", RFC 4662, DOI 10.17487/RFC4662, August 490 2006, . 492 [RFC6550] Winter, T., Ed., Thubert, P., Ed., Brandt, A., Hui, J., 493 Kelsey, R., Levis, P., Pister, K., Struik, R., Vasseur, 494 JP., and R. Alexander, "RPL: IPv6 Routing Protocol for 495 Low-Power and Lossy Networks", RFC 6550, 496 DOI 10.17487/RFC6550, March 2012, 497 . 499 [RFC7554] Watteyne, T., Ed., Palattella, M., and L. Grieco, "Using 500 IEEE 802.15.4e Time-Slotted Channel Hopping (TSCH) in the 501 Internet of Things (IoT): Problem Statement", RFC 7554, 502 DOI 10.17487/RFC7554, May 2015, 503 . 505 [RFC8180] Vilajosana, X., Ed., Pister, K., and T. Watteyne, "Minimal 506 IPv6 over the TSCH Mode of IEEE 802.15.4e (6TiSCH) 507 Configuration", BCP 210, RFC 8180, DOI 10.17487/RFC8180, 508 May 2017, . 510 Authors' Addresses 512 Diego Dujovne (editor) 513 Universidad Diego Portales 514 Escuela de Informatica y Telecomunicaciones, Av. Ejercito 441 515 Santiago, Region Metropolitana 516 Chile 518 Phone: +56 (2) 676-8121 519 Email: diego.dujovne@mail.udp.cl 521 Michael Richardson 522 Sandelman Software Works 524 Email: mcr+ietf@sandelman.ca