# IoT Operations   {#iot-operations}

*   Date: Friday, July 29, 2022
*   Time: 12:30 EDT / 16:30 UTC (UTC - 4)
*   Length: 2 hours

*   Meetecho:
    https://meetings.conf.meetecho.com/ietf114/?group=iotops&short=&item=1
*   Jabber: iotops@jabber.ietf.org
*   Notes: https://notes.ietf.org/notes-ietf-114-iotops

### Chairs   {#chairs}

*   Alexey Melnikov alexey.melnikov@isode.com (absent)
*   Henk Birkholz henk.birkholz@sit.fraunhofer.de

### Scribe   {#scribe}

## MINUTES   {#minutes}

Meetecho:  
https://meetings.conf.meetecho.com/ietf114/?group=iotops&short=&item=1  
Jabber: iotops@jabber.ietf.org Notes:  
https://notes.ietf.org/notes-ietf-114-iotops

Chairs: Alexey Melnikov and Henk Birkholz

### 12:30 Administrivia   {#1230---administrivia}

        (5 min; chairs)

Warren on Jabber/Zulip  
Michael on Notes.

### 12:35 Using Attestation in Transport Layer Security (TLS) and Datagram   {#1235---using-attestation-in-transport-layer-security-tls-and-datagram}

        Transport Layer Security (DTLS)
        draft-fossati-tls-attestation-00
        (10 mins; Hannes Tschofenig)

This will be reflections from discussions this week.  
Mention that CCC (confidential computing consortium) meetings are open
to participate in.  
Jari likes document and would like more support for libraries.  
MCR suggests that the title is good, but need to append: "for IoT
devices", and we should do a hackathon on it (mentions 2020 Berlin
Hackathon).

### 12:45 SNAC BOF update   {#1245---snac-bof-update}

        (5 mins; Michael Richardson/Ted Lemon)

https://datatracker.ietf.org/wg/snac and ML.  
Da

### 12:50 The Need for New Authentication Methods for Internet of Things   {#1250---the-need-for-new-authentication-methods-for-internet-of-things}

        draft-hsothers-iotsens-ps-02.txt
        (10+5 mins; Dirk von Hugo/Behcet Sarikaya)

"platinum" vs. "iron" devices: affordable, convenient to install, maybe
not SIM card

Janfred: You mentioned EAP-NOOB, found some issues with it, working on
draft fixing this

Jari: Have read the draft; plenty of prior work from EAP methods; happen
to have worked on the sensing space -- a bit far from actual
application; maybe not the first thing to focus on. Also need security
considerations.

### 13:05 Defined-Trust Transport (DeftT) Protocol for Limited Domains   {#1305---defined-trust-transport-deftt-protocol-for-limited-domains}

        Review of draft-nichols-tsv-defined-trust-transport-00
        (10+5 mins; Kathleen Nichols)

DaveThaler: use of TEEs in IoT is great, and wishes more people would do
this. And wanted review of open source... could go to the CCC
(confidential computing consortium) for review and would like more tech
talks.... if you are looking collaborators, then the CCC might be able
to help. Limited domains... a) some IoT objects roam between networks
--- how do you know if you are in a limited domain, b) how do you do
discovery in the limited domain.

\[\[4 minute network partition break\]\]

Dave:  
There is a number of IoT devices roaming around -- how do you know that
you are in the limited domain; how to talk to my home device from the
airport  
KN: not so much our problem space right now, but we are doing
experiments where we connect limited domains over UDP. Hope eventually
to deal with roaming within a building.  
We are not using DNS...

Van: IPv6 multicast for rendezvous, has exactly the semantic we want,
link-local, self-assigned addresses  
Everybody reconciles their collections; identity; nonce privacy key;
address that's used includs the trustzone (trust domain) identifier.

Dave: so DEFT does its own discovery, no DNS etc.  
how do you know that you are in the limited domain -- threat model:
network untrusted, two entities that need to discover themselves on an
untrusted network.  
When we publish, it shows which domain you are part of  
Publish certificate, doesn't show up in collection (so nobody is
interested) -- give up

Dave: mDNS work on discover without revealing  
Van: trust schema hash in IPv6 address;

BrendanMoran: traffic analysis likely trumps the unlinkability
problem... something to consider if one wants to make communication
invisible.  
 One needs to deal with the stalker problem. That tells everyone at the
Coffee Shop that they are there.  
 -> much of this might make important security considerations

### 13:20 Intra-Network eXposure analyzer Utility Specification   {#1320---intra-network-exposure-analyzer-utility-specification}

        draft-morais-iotops-inxu-01
        (10 mins; Sávyo Morais)

also presented in opsawg, no comments...

### 13:30 A summary of security-enabling technologies for IoT devices.   {#1330---a-summary-of-security-enabling-technologies-for-iot-devices}

        Draft for possible WG adoption: draft-moran-iot-nets-01
        (40 mins; Brendan Moran)

13 people had not read draft, 2 had read draft.  
4 people volunteered to review the document.  
This document will be the basis for a virtual interim, and will inform
the IOTOPS map of work to do.

MCR suggests title: "A Survey of IETF protocols that address IoT
security threats"

14:10 AOB