Skip to main content

You're viewing an archived page. It is no longer being updated.

IoT Working Group Minutes - RIPE 83

Date: 23 November 2021, 14:30 – 15:30 (UTC+1)
WG Chairs: Constanze Dietrich, Sandoche Balkrichenan
Scribe: Karla Liddle-White
Status: Final

1. Introduction

IoT WG Co-chairs Constanze Dietrich and Sandoche Balkrichenan welcomed attendees to the session.

Sandoche noted that they had appreciated feedback on the Working Group’s activities, that the Charter had been discussed and it had been noted that it was quite broad. He said that they were open to feedback and these topics can be discussed in the AOB or on the mailing list. Constanze introduced the presentation topics and said that if there were no topics raised in the AOB they would extend the Q&A for each presentation.  

2. User Compliance and Remediation Success after IoT Malware Notifications

Elsa Turcios Rodriguez, TU Delft

Elsa presented on a research collaboration with an ISP that looked at user compliance and remediation after IoT malware notifications. The researchers looked at three groups: consumers in a walled garden, users notified by email and a control group. She went through the background methodology, results takeaways, and limitations. She noted that in the walled garden group, 92% of the issues were cleaned up, versus 82% in the email group. And if the user’s device was infected with competing malware, this reduced the probability of remediation by 54%.

You can find the presentation at:

Constanze Dietrich asked what the ISP thought about the research and what their key takeaways were.

Elsa replied that the ISP learned that users were willing to act and even though the advice was generic it could help people.

Constanze Dietrich followed up her question by asking if the ISP continued to follow the walled garden approach or email notifications.

Enya said that in COVID-19 times when more people were working at home, the ISP was only using email notifications but now they had come back to a walled garden approach and were using quarantine methods again.

Michael Richardson asked if any users had IPv6, whether the ISP was able to identify the IPv6 end points and if so whether traditional SLAAC or Privacy Enhanced Addresses were used. 

Enya said that they did not look at how many customers had IPv6 and that the report they received from the shadow server said that there around half were using IPv6.

Jim Read asked for thoughts on how to get a bigger sample size, for say for the whole of TU Delft’s campus net.

Enya replied that ideally from her experience, it was good to have one partner ISP and that you wouldn’t find ISPs owned by a university. She said that it was nice in her experience if the ISP contacted their users and asked the questions, she said that if they posed questions as researchers, it wouldn’t have worked as well as it did. 

Joey Boon, SURF, asked how the ISP detected the malware, he assumed it was through abuse reports.

Enya said that to her knowledge it was through the shadow server reports.

Michael Richardon asked whether Mirai was still out there in 2021, and if so how many instances or how many instances per capita there were. 

Enya said that she recently looked into reports and Mirai is still a threat. She noted that she didn’t have the numbers but in a majority of reports it was an important threat and that in the Netherlands there was a time last year that GS snatch was on top but then it was Mirai.

3. RIPE NCC IoT Update 2021

Marco Hogewoning, RIPE NCC

Marco provided an update on legislative and political developments that affect the IoT space. He spoke about recent EU legislation and considered what role the RIPE community could play in potentially steering alignment and best practices as many countries seek international standards on IoT matters.

You can find the presentation at:

Michael Richardson, Sandelman Software Works, asked whether BEREC would examine the legal question of who is responsible for malware and attacks that originate on the modem or would this fall under RED.

Marco said that this was a good question and that if he had asked the BEREC stakeholders, the regulators, they would point to the legislation, the parliaments, the governments who built the regulations whose role it is to execute and enforce the laws. He said that RED had a framework for who’s responsible, for example if you sold something it had to be compliant, so you would have to talk to the people who import it and the people who manufacture it. Marco continued to say that RED had clear guidance – that if you build something you are responsible and they will confiscate and destroy it and that is your loss. He said that it was a hard one and a good question but in this case, it would be directed to the legislators.

Dmitry Kohmanyuk, UA ccTDL, asked if there were similar developments in non-EU countries.

Marco replied that they did see it between the Arab states, and every country had similar laws like the radio equipment directive. He said that Russia was quite advanced into looking at possibilities to enforcing compliance. He said that trying to legislate against products manufactured in another country was really hard and again this is why you would see so many people flocking to alignment within the ITU and World Trade organisation to look into the possibilities to get rid of unsafe devices and get manufacturers to do the right thing. He continued that they do see international debate on what the right thing is as that also does not immediately see consensus and that internationally speaking this was a tough space and difficult to align on.

Sandoche Balkrichenan asked why, with reference to ITU, there was an exception to LoraWAN.

Marco said that it was not so much an exception, he said that in the past they had seen ITU take work that had been done by a private consortium and turn it into recommendations. He said that by exceptions he meant that it wasn’t really focussed on transport and networks. LoraWAN was one of the things that focused on the lower transport layers but the specifics of taking an industry construction standard and rebranding it into an ITU recommendation is certainly not unique. He said that he also saw this at other levels.

Constanze asked what the working group could do and who they they could talk to about best practices and policy proposals who would have some kind of influence.

Marco replied that it was another good question and that in the end you would want to solve it with multistakeholders. He said that they would need to attract other stakeholders as well – there was government and industry interest in this and if they all agreed that there was a problem, what remit did RIPE potentially have to solve the problem. He said that the guidelines were a start but there were other ways for the group to provide the forum. He continued that it may need to go to the IETF or they could see what ITU or BEREC were doing. He said that part of their role was seeing what the industry was already working on and to talk to those people as it’s a continuous effort and he knew it was disappointing but he didn’t have any deliverables but a dialogue was a good start.

Constanze asked about the radio directive that was nearly in place, she asked whether Marco knew any specific company that’s affected by it.

Marco noted that it would be quite extensive so any radio device that connects to the Internet, everything that had a wifi connection was potentially in scope. He said the clause said it had to have regular updates and some vendors do that and some don’t. RED bypasses it by saying that they can finger point all they like against each other but ultimately the point of sale is responsible for it to be compliant –RED leaves it for the industry to sort out.  


Ruediger Volk pondered Marco’s remark that IoT was a device connected to the Internet and he said he would like to point to the presentation about the mobile operators being outside the public Internet and that it is getting huge and global and spreading outside the EU regulations or other regulators.

Marco replied that the legal text says the Internet and that you could start a whole legal discussion on whether something is the Internet or not. He asked whether it was the Internet that used IP or worked off network and actually it might be a nice one to take over into the Cooperation WG later on. What makes the Internet, the Internet? He said that he was not a lawyer and that they should leave that discussion to the lawyers to figure out how it worked. 

Constanze finished the session by thanking presenters Marco and Elsa, everyone who attended the WG and the RIPE Meeting organisers.

End of session.