Minutes IETF114: iotops: Fri 12:30
minutes-114-iotops-202207291230-00
| Meeting Minutes | IOT Operations (iotops) WG | |
|---|---|---|
| Date and time | 2022-07-29 16:30 | |
| Title | Minutes IETF114: iotops: Fri 12:30 | |
| State | Active | |
| Other versions | markdown | |
| Last updated | 2022-08-05 |
IoT Operations
- Date: Friday, July 29, 2022
- Time: 12:30 EDT / 16:30 UTC (UTC - 4)
-
Length: 2 hours
-
Meetecho:
https://meetings.conf.meetecho.com/ietf114/?group=iotops&short=&item=1 - Jabber: iotops@jabber.ietf.org
- Notes: https://notes.ietf.org/notes-ietf-114-iotops
Chairs
- Alexey Melnikov alexey.melnikov@isode.com (absent)
- Henk Birkholz henk.birkholz@sit.fraunhofer.de
Scribe
MINUTES
Meetecho:
https://meetings.conf.meetecho.com/ietf114/?group=iotops&short=&item=1
Jabber: iotops@jabber.ietf.org Notes:
https://notes.ietf.org/notes-ietf-114-iotops
Chairs: Alexey Melnikov and Henk Birkholz
12:30 Administrivia
(5 min; chairs)
Warren on Jabber/Zulip
Michael on Notes.
12:35 Using Attestation in Transport Layer Security (TLS) and Datagram
Transport Layer Security (DTLS)
draft-fossati-tls-attestation-00
(10 mins; Hannes Tschofenig)
This will be reflections from discussions this week.
Mention that CCC (confidential computing consortium) meetings are open
to participate in.
Jari likes document and would like more support for libraries.
MCR suggests that the title is good, but need to append: "for IoT
devices", and we should do a hackathon on it (mentions 2020 Berlin
Hackathon).
12:45 SNAC BOF update
(5 mins; Michael Richardson/Ted Lemon)
https://datatracker.ietf.org/wg/snac and ML.
Da
12:50 The Need for New Authentication Methods for Internet of Things
draft-hsothers-iotsens-ps-02.txt
(10+5 mins; Dirk von Hugo/Behcet Sarikaya)
"platinum" vs. "iron" devices: affordable, convenient to install, maybe
not SIM card
Janfred: You mentioned EAP-NOOB, found some issues with it, working on
draft fixing this
Jari: Have read the draft; plenty of prior work from EAP methods; happen
to have worked on the sensing space -- a bit far from actual
application; maybe not the first thing to focus on. Also need security
considerations.
13:05 Defined-Trust Transport (DeftT) Protocol for Limited Domains
Review of draft-nichols-tsv-defined-trust-transport-00
(10+5 mins; Kathleen Nichols)
DaveThaler: use of TEEs in IoT is great, and wishes more people would do
this. And wanted review of open source... could go to the CCC
(confidential computing consortium) for review and would like more tech
talks.... if you are looking collaborators, then the CCC might be able
to help. Limited domains... a) some IoT objects roam between networks
--- how do you know if you are in a limited domain, b) how do you do
discovery in the limited domain.
[[4 minute network partition break]]
Dave:
There is a number of IoT devices roaming around -- how do you know that
you are in the limited domain; how to talk to my home device from the
airport
KN: not so much our problem space right now, but we are doing
experiments where we connect limited domains over UDP. Hope eventually
to deal with roaming within a building.
We are not using DNS...
Van: IPv6 multicast for rendezvous, has exactly the semantic we want,
link-local, self-assigned addresses
Everybody reconciles their collections; identity; nonce privacy key;
address that's used includs the trustzone (trust domain) identifier.
Dave: so DEFT does its own discovery, no DNS etc.
how do you know that you are in the limited domain -- threat model:
network untrusted, two entities that need to discover themselves on an
untrusted network.
When we publish, it shows which domain you are part of
Publish certificate, doesn't show up in collection (so nobody is
interested) -- give up
Dave: mDNS work on discover without revealing
Van: trust schema hash in IPv6 address;
BrendanMoran: traffic analysis likely trumps the unlinkability
problem... something to consider if one wants to make communication
invisible.
One needs to deal with the stalker problem. That tells everyone at the
Coffee Shop that they are there.
-> much of this might make important security considerations
13:20 Intra-Network eXposure analyzer Utility Specification
draft-morais-iotops-inxu-01
(10 mins; Sávyo Morais)
also presented in opsawg, no comments...
13:30 A summary of security-enabling technologies for IoT devices.
Draft for possible WG adoption: draft-moran-iot-nets-01
(40 mins; Brendan Moran)
13 people had not read draft, 2 had read draft.
4 people volunteered to review the document.
This document will be the basis for a virtual interim, and will inform
the IOTOPS map of work to do.
MCR suggests title: "A Survey of IETF protocols that address IoT
security threats"
14:10 AOB