### Scribe Kiran Mahhjijani (with help from Michael Richardson) ## MINUTES 23:00 Administrivia (5 min; chairs) 23:05 Requirements and Scenarios for Industry Internet Addressing https://datatracker.ietf.org/doc/draft-km-industrial-internet-requirements/ (10+5 min; Kiran Makhijani) MCR asks: Need to suck OT folks in, and we should publish a spec and get some feedback. (and invoke Cunningham's Law: the best way to the an answer on the Internet, is to post the wrong answer) Kiran: Yes, this seems like a good start. Can bring people in from OT? Carsten: We should be planning ahead, and components that we can supply now. Address sizes is not a new problem, and we have discussed in various WGs, 6LoWPAN is a pretty good solution, and we should look at whether these can be used in OT networks. Some sort of gateway between IT and OT networks will be necessary. Kiran: I look at that at the interface level. But, we need to understand data at a more meaningful level. Network layer will come in use. Carsten: We could define IP over Modbus, but applications on those networks would not be able to make use of that. Perhaps we need to define a framework. Henk: Lots of barriers between the factory floor and the cloud. We need to capture the problem statements. Eliot: Both said, if they build, they will come (or scream at us). But, when it comes to TLS, they (OPCUA) didn't do that, which was probably not a great choice. We should ask why they did that? Ask questions like: You have overlapping technology, why did you decide to build it, what problems does it solve that we were not solving? Could have an interim meeting with this group and (IIC?) Could have a liaison with them. Henk: Need to cut the line. Kiran, please take this to the list and progress this. 23:20 Involuntary Ownership Transfer of IoT devices: problem statement https://datatracker.ietf.org/doc/draft-richardson-iotops-iot-iot (7+8 min; Michael Richardson) Henk: Omission of policy at some point has to be addressed. Eliot: Tackled this issue some time ago on my blog post. Take inventory on how it works. MCR: If we deploy MUD everywhere, then the MUD controller could (really need a protocol here) Eliot: Let's not make this about MUD. Brendan: A solution to this problem is desparately needed to fix some real humanitarian problems (e.g., domestic violence) 23:35 Different aspects of onboarding for IoT/Edge Devices https://datatracker.ietf.org/doc/draft-nordmark-iotops-onboarding (10+5 min; Erik Nordmark) Hannes: Question from chat on how EVE (Edge Virtualization Engine) works. Erik: Please look at github Hannes: Is EVE like other onboarding solutions, or is it something different? Erik: . Somehow related to FIDO. If you have more specific questions, then please ping me. Links: https://www.tfir.io/erik-nordmark-explains-edge-virtualization-engine-eve/, https://www.lfedge.org/projects/eve/ https://github.com/lf-edge/eve 23:50 A summary of security-enabling technologies for IoT devices https://datatracker.ietf.org/doc/draft-moran-iot-nets/ (10+5 min; Brendan Moran) Eliot suggests that this might be covered in https://csrc.nist.gov/publications/detail/nistir/8259/final This is the type of work we would like to adopt to say how the architecture works. Dave: the security of IOT deployments should conform to recommendations (whatever those be). There are 4 different set of parties but have to work together. What kind of document should this be - BCP/informational, etc? 00:05 EAP Usability https://datatracker.ietf.org/doc/draft-dekok-emu-eap-usability/ (5+5 min; Alan DeKok) Eliot: every problem we have heard in user space we hear in IoT space. If you are amenable to removing user name from EAP (??). Alan: create a well known name EAP.ARPA for these kind of provisioning of names and authenticators have an idea. 00:15 Challenges with addressing in IoT networks (5+5 min; Toerless Eckert) Henk: Interesting problem space and summary --> presentation in rtgarea and intarea for solution. Michael: Started a flame thread a decade ago about how to get address space that they don't want to route. If I need IP connectivity, but not Internet connectivity then I should be able to allocate a /56 for each device. But this is too expensive, so they just use ULA, which is free. This seems to keep going around in circles. Not suggesting that this work should be done in IOTOPs, but if we care about this problem in Assemblies then we need to get this work done somewhere. Toerless: Perhaps a problem statement might raise some awareness? Henk: This space would benefit from precise statements that perhaps could be merged later. 00:25 Secure Zero Touch Provisioning (SZTP) at IOTOPS (10+5 min; Kent Watsen) Kent: This is being discussed in NETCONF. Toerless: One thing that I like about NETCONF, I like that it is controlled by the NETCONF server rather than the client. I was surprised by this solution, in that it seemed less modular. Kent: This is an interesting question, but tried to make it more generic. I have been following the work in ANIMA, and there have been lots of pages written. Toerless: I wasn't considering BRSKI, I was more interested about the design of sZTP. Kent: The reason that I brought up BRSKI is because it is a separated module where as sZTP is more integrated. ----- Henk: I would like to discuss the route to the path for adoption WGs. If you think that you work is interesting then you can come directly to the chairs. Also, having discussion on the IOTOPs mailing list makes chairs notice such work. The third choice is about naming drafts (to include "iotops" in the name). Toerless: Can also add documents to the data tracker? Henk: Editors of documents have to do at least one of the above steps to demonstrate interest in their drafts to be adopted by the WG.