You are here: Home > Participate > Join a Discussion > RIPE Forum
RIPE Forum v1.4.1

Best Current Operational Practices (BCOP) Task Force

Threaded
Collapse

[bcop] Initiative to create a RIPE BCOP discussion document on proactively mitigating IoT attacks in CPE

User Image

Sandoche BALAKRICHENAN

2019-06-14 10:22:37 CET

Dear all,

The origin for this initiative came from the ICANN SSAC document on DNS 
and IoT : https://www.icann.org/en/system/files/files/sac-105-en.pdf

As RIPE IoT chairs, we asked (in the RIPE IoT mailing list) whether we 
should prepare a Best Current Operational Practice (BCOP) document in 
RIPE scope for proactively mitigating IoT attacks.

 From both the Academy and the Industry, we got interests to contribute 
to this work. Possible contributors name can be found at the end of this 
mail:

Thanks for your input on how to proceed further:

 1. Do you think the topic is useful for the RIPE community? If yes, any
    guidance on how to proceed further will be appreciated.
 2. Should this discussion be initiated in the RIPE IoT WG and not in
    the BCOP task force?
 3. Anyone in this mailing list would be interested in contributing or
    provided references to people who will be interested to contribute?


People who have already expressed interest in contributing:

*From the Academy: *

 1. Andrzej Duda  (http://duda.imag.fr/)
 2. Maciej Korczynski (http://mkorczynski.com/)

*From the Industry:*

 1. Ad Bresser (SPIN product manager)
 2. Eliott Lear (CISCO)
 3. Jacques Latour (CIRA - The Canadian Internet registry)
 4. Peter Steinhauser (Embedd.com)
 5. Possiblity from CZNIC  (Czech Internet registry) who are involved in
    Turris router project

Sandoche.


User Image

Sylvain BAYA

2019-06-14 13:25:55 CET

Hi all,

Le vendredi 14 juin 2019, sandoche Balakrichenan
<sandoche.balakrichenan _at_ afnic _dot_ fr
sandoche.balakrichenan _at_ afnic _dot_ fr>> a écrit :

    Dear all,

    The origin for this initiative came from the ICANN SSAC document on
    DNS and IoT :
    https://www.icann.org/en/system/files/files/sac-105-en.pdf
    

    As RIPE IoT chairs, we asked (in the RIPE IoT mailing list) whether
    we should prepare a Best Current Operational Practice (BCOP)
    document in RIPE scope for proactively mitigating IoT attacks.

    From both the Academy and the Industry, we got interests to
    contribute to this work. Possible contributors name can be found  at
    the end of this mail:

    Thanks for your input on how to proceed further:

     1. Do you think the topic is useful for the RIPE community? If yes,
        any guidance on how to proceed further will be appreciated.

Dear Sandoche, 
Thanks for this initiative.

...IMHO, the usefulness of this kind of topic is based on fact and we
can easily gather these facts in every communities around the Internet
ecosystem ; including the RIPE Community.

Internet Society have shared a blog post [1] about the collaborative
security. Maybe you are following a similar security approach :-/

 This week i heard about an hidden microphone [2] inside an IoT home
equipment, distributed in France... 

For reference, you have a blog [3] about how the RIPE Atlas network “of
IoT” could be used as a “BCOP” for the IoT industry :-) 

     1. Should this discussion be initiated in the RIPE IoT WG and not
        in the BCOP task force?

Surely the two WG matter. But if you need useful information about IoT,
the IoT WG with its community is the appropriate place to go...

...let's say, you can prepare a survey for them, and include most of
them in the process ; amongst other collaborative|inclusive possible
actions...
__
[1] https://www.internetsociety.org/collaborativesecurity/approach/
 •
 https://www.internetsociety.org/collaborativesecurity/

[2]: In French
— https://www.numerama.com/tech/526115-monsieur-cuisine-connect-lidl-sexplique-sur-laffaire-du-micro-cache.html

[3]: https://labs.ripe.net/Members/kistel/ripe-atlas-probes-as-iot-devices


     1. Anyone in this mailing list would be interested in contributing
        or provided references to people who will be interested to
        contribute?


    People who have already expressed interest in contributing:

    *From the Academy: *

     1. Andrzej Duda  (http://duda.imag.fr/)
     2. Maciej Korczynski (http://mkorczynski.com/)

    *From the Industry:*

     1. Ad Bresser (SPIN product manager)
     2. Eliott Lear (CISCO)
     3. Jacques Latour (CIRA - The Canadian Internet registry)
     4. Peter Steinhauser (Embedd.com)
     5. Possiblity from CZNIC  (Czech Internet registry) who are
        involved in Turris router project

    Sandoche.


I'm new here, then i hope this helps :-)
 
Regards,
--sb.
__
http://www.chretiennement.org

Jan Zorz

2019-06-15 01:51:46 CET

Hi,

Sounds like a great idea. Should we put you on BCOP TF agenda for 
Rotterdam meeting and we discuss it there?

Cheers, Jan

On 14/06/2019 04:22, sandoche Balakrichenan wrote:
> Dear all,
> 
> The origin for this initiative came from the ICANN SSAC document on DNS 
> and IoT : https://www.icann.org/en/system/files/files/sac-105-en.pdf
> 
> As RIPE IoT chairs, we asked (in the RIPE IoT mailing list) whether we 
> should prepare a Best Current Operational Practice (BCOP) document in 
> RIPE scope for proactively mitigating IoT attacks.
> 
>  From both the Academy and the Industry, we got interests to contribute 
> to this work. Possible contributors name can be found at the end of this 
> mail:
> 
> Thanks for your input on how to proceed further:
> 
>  1. Do you think the topic is useful for the RIPE community? If yes, any
>     guidance on how to proceed further will be appreciated.
>  2. Should this discussion be initiated in the RIPE IoT WG and not in
>     the BCOP task force?
>  3. Anyone in this mailing list would be interested in contributing or
>     provided references to people who will be interested to contribute?
> 
> 
> People who have already expressed interest in contributing:
> 
> *From the Academy: *
> 
>  1. Andrzej Duda  (http://duda.imag.fr/)
>  2. Maciej Korczynski (http://mkorczynski.com/)
> 
> *From the Industry:*
> 
>  1. Ad Bresser (SPIN product manager)
>  2. Eliott Lear (CISCO)
>  3. Jacques Latour (CIRA - The Canadian Internet registry)
>  4. Peter Steinhauser (Embedd.com)
>  5. Possiblity from CZNIC  (Czech Internet registry) who are involved in
>     Turris router project
> 
> Sandoche.
> 
> 


-- 
Jan Zorz
Internet Society
mailto:<zorz _at_ isoc _dot_ org>
------------------------------------------
"Time is a lake, not a river..." - African
User Image

Sandoche BALAKRICHENAN

2019-06-17 09:43:56 CET

Hi Sylvain,

Thanks for your inputs. We will be taking a look at your references.

Sandoche.

On 14/06/2019 13:25, Sylvain BAYA wrote:
> Hi all,
>
> Le vendredi 14 juin 2019, sandoche Balakrichenan
> <sandoche.balakrichenan _at_ afnic _dot_ fr
> sandoche.balakrichenan _at_ afnic _dot_ fr>> a écrit :
>
>     Dear all,
>
>     The origin for this initiative came from the ICANN SSAC document
>     on DNS and IoT :
>     https://www.icann.org/en/system/files/files/sac-105-en.pdf
>     
>
>     As RIPE IoT chairs, we asked (in the RIPE IoT mailing list)
>     whether we should prepare a Best Current Operational Practice
>     (BCOP) document in RIPE scope for proactively mitigating IoT attacks.
>
>     From both the Academy and the Industry, we got interests to
>     contribute to this work. Possible contributors name can be found 
>     at the end of this mail:
>
>     Thanks for your input on how to proceed further:
>
>      1. Do you think the topic is useful for the RIPE community? If
>         yes, any guidance on how to proceed further will be appreciated.
>
> Dear Sandoche, 
> Thanks for this initiative.
>
> ...IMHO, the usefulness of this kind of topic is based on fact and we
> can easily gather these facts in every communities around the Internet
> ecosystem ; including the RIPE Community.
>
> Internet Society have shared a blog post [1] about the collaborative
> security. Maybe you are following a similar security approach :-/
>
>  This week i heard about an hidden microphone [2] inside an IoT home
> equipment, distributed in France... 
>
> For reference, you have a blog [3] about how the RIPE Atlas network
> “of IoT” could be used as a “BCOP” for the IoT industry :-) 
>
>      1. Should this discussion be initiated in the RIPE IoT WG and not
>         in the BCOP task force?
>
> Surely the two WG matter. But if you need useful information about
> IoT, the IoT WG with its community is the appropriate place to go...
>
> ...let's say, you can prepare a survey for them, and include most of
> them in the process ; amongst other collaborative|inclusive possible
> actions...
> __
> [1] https://www.internetsociety.org/collaborativesecurity/approach/
>  •
>  https://www.internetsociety.org/collaborativesecurity/
> 
> [2]: In French
> — https://www.numerama.com/tech/526115-monsieur-cuisine-connect-lidl-sexplique-sur-laffaire-du-micro-cache.html
> 
> [3]: https://labs.ripe.net/Members/kistel/ripe-atlas-probes-as-iot-devices
> 
>
>      1. Anyone in this mailing list would be interested in
>         contributing or provided references to people who will be
>         interested to contribute?
>
>
>     People who have already expressed interest in contributing:
>
>     *From the Academy: *
>
>      1. Andrzej Duda  (http://duda.imag.fr/)
>      2. Maciej Korczynski (http://mkorczynski.com/)
>
>     *From the Industry:*
>
>      1. Ad Bresser (SPIN product manager)
>      2. Eliott Lear (CISCO)
>      3. Jacques Latour (CIRA - The Canadian Internet registry)
>      4. Peter Steinhauser (Embedd.com)
>      5. Possiblity from CZNIC  (Czech Internet registry) who are
>         involved in Turris router project
>
>     Sandoche.
>
>
> I'm new here, then i hope this helps :-)
>  
> Regards,
> --sb.
> __
> http://www.chretiennement.org
>

User Image

Sandoche BALAKRICHENAN

2019-06-17 09:47:00 CET

Hi Jan,

I feel that if we are able to group the concerned contributors and get
together an initial draft, we should include that for discussion in the
BCOP TF.

I will get back to you in mid-september with updates.

Sandoche.

On 15/06/2019 01:51, Jan Zorz wrote:
> Hi,
>
> Sounds like a great idea. Should we put you on BCOP TF agenda for 
> Rotterdam meeting and we discuss it there?
>
> Cheers, Jan
>
> On 14/06/2019 04:22, sandoche Balakrichenan wrote:
>> Dear all,
>>
>> The origin for this initiative came from the ICANN SSAC document on DNS 
>> and IoT : https://www.icann.org/en/system/files/files/sac-105-en.pdf
>>
>> As RIPE IoT chairs, we asked (in the RIPE IoT mailing list) whether we 
>> should prepare a Best Current Operational Practice (BCOP) document in 
>> RIPE scope for proactively mitigating IoT attacks.
>>
>>  From both the Academy and the Industry, we got interests to contribute 
>> to this work. Possible contributors name can be found at the end of this 
>> mail:
>>
>> Thanks for your input on how to proceed further:
>>
>>  1. Do you think the topic is useful for the RIPE community? If yes, any
>>     guidance on how to proceed further will be appreciated.
>>  2. Should this discussion be initiated in the RIPE IoT WG and not in
>>     the BCOP task force?
>>  3. Anyone in this mailing list would be interested in contributing or
>>     provided references to people who will be interested to contribute?
>>
>>
>> People who have already expressed interest in contributing:
>>
>> *From the Academy: *
>>
>>  1. Andrzej Duda  (http://duda.imag.fr/)
>>  2. Maciej Korczynski (http://mkorczynski.com/)
>>
>> *From the Industry:*
>>
>>  1. Ad Bresser (SPIN product manager)
>>  2. Eliott Lear (CISCO)
>>  3. Jacques Latour (CIRA - The Canadian Internet registry)
>>  4. Peter Steinhauser (Embedd.com)
>>  5. Possiblity from CZNIC  (Czech Internet registry) who are involved in
>>     Turris router project
>>
>> Sandoche.
>>
>>
>