You are here: Home > Participate > Join a Discussion > RIPE Forum
RIPE Forum v1.4.1

IoT Working Group

Threaded
Collapse

[iot-wg] IoT BCOP TF Document - Call for comments

User Image

Sandoche BALAKRICHENAN

2020-10-13 16:09:29 CET

Dear all,

The IoT BCOP TF (/Jim Reid, Eliott Lear, Michael Richardson, Phil 
Stanhope, Peter Steinhäuser, Jelte Jansen, Jan Zorz, Sandoche 
Balakrichenan/) has been meeting almost every friday since RIPE 80 to 
produce the document titled : /"Architectural Considerations for IoT 
Device Security in the Home - //A guide for ISPs specifying CPE 
devices"/.  The intention is to publish the final version of this 
document as RIPE Best Current Operational Practice (BCOP) document in 
the IoT scope.

A Pdf format of the document is attached. Thanks for sending your 
comments on this document to the mailing list.

Constanze & Sandoche (IoT WG Chairs)





User Image

Peter Steinhaeuser

2020-10-22 10:26:20 CET

Sandoche, thanks a lot for sending the document to the list asking for comments! 

Some reviewers voiced the opinion that it is more of a technical report than a (draft) BCOP. 
Any thoughts, opinions from the WG members would be greatly appreciated!

Thanks,
Peter

> Am 13.10.2020 um 16:09 schrieb sandoche Balakrichenan <sandoche.balakrichenan _at_ afnic _dot_ fr>:
> 
> Dear all, 
> 
> The IoT BCOP TF (Jim Reid, Eliott Lear, Michael Richardson, Phil Stanhope, Peter Steinhäuser, Jelte Jansen, Jan Zorz, Sandoche Balakrichenan) has been meeting almost every friday since RIPE 80 to produce the document titled : "Architectural Considerations for IoT Device Security in the Home - A guide for ISPs specifying CPE devices".  The intention is to publish the final version of this document as RIPE Best Current Operational Practice (BCOP) document in the IoT scope.
> 
> A Pdf format of the document is attached. Thanks for sending your comments on this document to the mailing list. 
> 
> Constanze & Sandoche (IoT WG Chairs)
> 
> 
> 

Michael Richardson

2020-10-23 16:24:38 CET

<#secure method=pgpmime mode=sign>

    sb> The IoT BCOP TF (/Jim Reid, Eliott Lear, Michael Richardson, Phil
    sb> Stanhope, Peter Steinhäuser, Jelte Jansen, Jan Zorz, Sandoche
    sb> Balakrichenan/) has been meeting almost every friday since RIPE 80 to
    sb> produce the document titled : /"Architectural Considerations for IoT
    sb> Device Security in the Home - //A guide for ISPs specifying CPE
    sb> devices"/.  The intention is to publish the final version of this
    sb> document as RIPE Best Current Operational Practice (BCOP) document in
    sb> the IoT scope.

Some feedback that we have received is that the document isn't able to
provide clear guidance that would make it a BCOP.  It is perhaps more of a
technical report.

An initial goal had been to be able to say what ISPs are currently doing with IoT
devices, and thereby enable those who are writing RFPs to know what kind of
things they might expect to be able to ask for.  But, it's still too soon for
that.

So a question is: what category should we put on this document?




--
Michael Richardson <mcr+IETF _at_ sandelman _dot_ ca>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide





User Image

Eric van Uden

2020-10-26 14:18:02 CET

Hi Sandoche,

It`s always good that we as an industry take security considerations 
seriously. Thus, we can´t ignore the European movements regulating the use 
of CPE on the customer side. The  “BEREC Guidelines on Common Approaches 
to the Identification of the Network Termination Point in different 
Network Topologies” has to be taken into account. The European NRA`s are 
(in most cases) following these guidelines.

For me this means that IoT security should be implemented in as little as 
possible devices connection the consumer to the internet - one device if 
at all possible thus avoiding stacked router scenarios that add 
unnecessary complexity and possibly even more IoT security issues.

See: 
https://berec.europa.eu/eng/document_register/subject_matter/berec/regulatory_best_practices/guidelines/9033-berec-guidelines-on-common-approaches-to-the-identification-of-the-network-termination-point-in-different-network-topologies 




Best regards,

Eric van Uden

AVM ICT GmbH
Country Manager Netherlands
Mr. van Coothlaan 10
6602 GT Wijchen
Nederland
Phone +31 24 6485381
Mobile +31 622 948356
e.vanuden _at_ avm _dot_ de

Bezoek onze website op http://nl.avm.de/   , vind ons leuk op Facebook of 
bekijk onze Google +-pagina en Youtube-kanaal.

AVM GmbH for International Communication Technology, Alt-Moabit 95, 10559 
Berlin, Germany
HRB 48220 AG Charlottenburg, CEO (Geschäftsführer): Johannes Nill 



Von:    "sandoche Balakrichenan" <sandoche.balakrichenan _at_ afnic _dot_ fr>
An:     "RIPE IoT WG" <iot-wg _at_ ripe _dot_ net>
Datum:  13-10-2020 16:29
Betreff:        [iot-wg] IoT BCOP TF Document - Call for comments
Gesendet von:   "iot-wg" <iot-wg-bounces _at_ ripe _dot_ net>



Dear all, 
The IoT BCOP TF (Jim Reid, Eliott Lear, Michael Richardson, Phil Stanhope, 
Peter Steinhäuser, Jelte Jansen, Jan Zorz, Sandoche Balakrichenan) has 
been meeting almost every friday since RIPE 80 to produce the document 
titled : "Architectural Considerations for IoT Device Security in the Home 
- A guide for ISPs specifying CPE devices".  The intention is to publish 
the final version of this document as RIPE Best Current Operational 
Practice (BCOP) document in the IoT scope.
A Pdf format of the document is attached. Thanks for sending your comments 
on this document to the mailing list. 
Constanze & Sandoche (IoT WG Chairs)



[attachment "ripe-iot-bcop-v2-1.pdf" deleted by Eric van Uden/AVM] 
_______________________________________________
iot-wg mailing list
iot-wg _at_ ripe _dot_ net
https://lists.ripe.net/mailman/listinfo/iot-wg



User Image

Eric van Uden

2020-10-26 14:33:35 CET

Hi Eliot,

I´m refering to the Stacked Router concept, so one CPE instead of two 
(stacked) In this case, the CPE





Best regards,

Eric van Uden

AVM ICT GmbH
Country Manager Netherlands
Mr. van Coothlaan 10
6602 GT Wijchen
Nederland
Phone +31 24 6485381
Mobile +31 622 948356
e.vanuden _at_ avm _dot_ de

Bezoek onze website op http://nl.avm.de/   , vind ons leuk op Facebook of 
bekijk onze Google +-pagina en Youtube-kanaal.

AVM GmbH for International Communication Technology, Alt-Moabit 95, 10559 
Berlin, Germany
HRB 48220 AG Charlottenburg, CEO (Geschäftsführer): Johannes Nill 



Von:    "Eliot Lear" <lear _at_ ofcourseimright _dot_ com>
An:     e.vanuden _at_ avm _dot_ de, "sandoche Balakrichenan" 
<sandoche.balakrichenan _at_ afnic _dot_ fr>
Kopie:  iot-wg _at_ ripe _dot_ net
Datum:  26-10-2020 14:21
Betreff:        Re: [iot-wg] IoT BCOP TF Document - Call for comments



Hi Eric,
On 26.10.20 14:18, Eric van Uden via iot-wg wrote:

For me this means that IoT security should be implemented in as little as 
possible devices connection the consumer to the internet - one device if 
at all possible thus avoiding stacked router scenarios that add 
unnecessary complexity and possibly even more IoT security issues. 

Precisely which device would you expect that to be: The CPE or the IOT 
device?
Eliot


Michael Richardson

2020-10-26 15:38:34 CET

Eric van Uden via iot-wg <iot-wg _at_ ripe _dot_ net> wrote:
    > For me this means that IoT security should be implemented in as little as
    > possible devices connection the consumer to the internet - one device if
    > at all possible thus avoiding stacked router scenarios that add
    > unnecessary complexity and possibly even more IoT security issues.

Fewer devices are better, but on the other hand, getting it done is also
important.  Sometimes better is in the way of good enough?

--
Michael Richardson <mcr+IETF _at_ sandelman _dot_ ca>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide




Eliot Lear

2020-10-26 16:08:53 CET

Hi Eric,

On 26.10.20 14:33, Eric van Uden via iot-wg wrote:
> Hi Eliot,
>
> I´m refering to the Stacked Router concept, so one CPE instead of two
> (stacked) In this case, the CPE


Thanks.  It is better for a single provider to interface with the user. 
Stacked CPE should certainly not be required, but nor should it be
prohibited.  If I don't like the pizza box my provider gives me, I might
want to put something in front of it.  In that case, the maker of that
something might take responsibility for communicating with me about what
is going on in my network.  This has an impact as to whether or not
everything can be done in, say, TR.369.

Does this make sense?

Eliot




User Image

Eric van Uden

2020-10-26 16:34:46 CET

Hi Eliot,

I have to confess, at the moment I have no experience with TR369. I am 
glad that I understand TR69 a little. ;-) What I do know about TR369 is 
that it is a good basis to keep a better eye on things in the future and 
to make decisions based on the information from the CPE.


Best regards,

Eric van Uden

AVM ICT GmbH
Country Manager Netherlands
Mr. van Coothlaan 10
6602 GT Wijchen
Nederland
Phone +31 24 6485381
Mobile +31 622 948356
e.vanuden _at_ avm _dot_ de

Bezoek onze website op http://nl.avm.de/   , vind ons leuk op Facebook of 
bekijk onze Google +-pagina en Youtube-kanaal.

AVM GmbH for International Communication Technology, Alt-Moabit 95, 10559 
Berlin, Germany
HRB 48220 AG Charlottenburg, CEO (Geschäftsführer): Johannes Nill 



Von:    "Eliot Lear" <lear _at_ lear _dot_ ch>
An:     e.vanuden _at_ avm _dot_ de
Kopie:  iot-wg _at_ ripe _dot_ net
Datum:  26-10-2020 16:08
Betreff:        Re: [iot-wg] IoT BCOP TF Document - Call for comments



Hi Eric,
On 26.10.20 14:33, Eric van Uden via iot-wg wrote:
Hi Eliot, 

I´m refering to the Stacked Router concept, so one CPE instead of two 
(stacked) In this case, the CPE 

Thanks.  It is better for a single provider to interface with the user.  
Stacked CPE should certainly not be required, but nor should it be 
prohibited.  If I don't like the pizza box my provider gives me, I might 
want to put something in front of it.  In that case, the maker of that 
something might take responsibility for communicating with me about what 
is going on in my network.  This has an impact as to whether or not 
everything can be done in, say, TR.369.
Does this make sense?
Eliot





User Image

Peter Steinhaeuser

2020-10-27 09:13:34 CET

Hi Eric,

besides the more modern protocol design (TR-369 uses the same latest TR-181 datamodel on the CPE like TR-069) the major difference is that TR-369 allows several „controllers“ with different levels of access while TR-069 only knows one „controller“ - the ACS. Because of this design it’s possible that i.e. a smartphone app the customer uses acts as one possible controller for a TR-369 enabled CPE.

- Peter

> Am 26.10.2020 um 16:34 schrieb Eric van Uden via iot-wg <iot-wg _at_ ripe _dot_ net>:
> 
> Hi Eliot, 
> 
> I have to confess, at the moment I have no experience with TR369. I am glad that I understand TR69 a little. ;-) What I do know about TR369 is that it is a good basis to keep a better eye on things in the future and to make decisions based on the information from the CPE. 
> 
> 
> Best regards, 
> 
> Eric van Uden 
> 
> AVM ICT GmbH 
> Country Manager Netherlands 
> Mr. van Coothlaan 10 
> 6602 GT Wijchen 
> Nederland 
> Phone +31 24 6485381 
> Mobile +31 622 948356 
> e.vanuden _at_ avm _dot_ de 
> 
> Bezoek onze website op http://nl.avm.de/    , vind ons leuk op Facebook  of bekijk onze Google +-pagina  en Youtube-kanaal.  
> 
> AVM GmbH for International Communication Technology, Alt-Moabit 95, 10559 Berlin, Germany 
> HRB 48220 AG Charlottenburg, CEO (Geschäftsführer): Johannes Nill 
> 
> 
> 
> Von:        "Eliot Lear" <lear _at_ lear _dot_ ch> 
> An:        e.vanuden _at_ avm _dot_ de 
> Kopie:        iot-wg _at_ ripe _dot_ net 
> Datum:        26-10-2020 16:08 
> Betreff:        Re: [iot-wg] IoT BCOP TF Document - Call for comments 
> 
> 
> 
> Hi Eric, 
> On 26.10.20 14:33, Eric van Uden via iot-wg wrote: 
> Hi Eliot, 
> 
> I´m refering to the Stacked Router concept, so one CPE instead of two (stacked) In this case, the CPE 
> 
> Thanks.  It is better for a single provider to interface with the user.  Stacked CPE should certainly not be required, but nor should it be prohibited.  If I don't like the pizza box my provider gives me, I might want to put something in front of it.  In that case, the maker of that something might take responsibility for communicating with me about what is going on in my network.  This has an impact as to whether or not everything can be done in, say, TR.369. 
> Does this make sense? 
> Eliot 
> 
> 
> 
> 
> _______________________________________________
> iot-wg mailing list
> iot-wg _at_ ripe _dot_ net
> https://lists.ripe.net/mailman/listinfo/iot-wg



Peter Steinhäuser, CEO
embeDD GmbH · Alter Postplatz 2 · 6370 Stans · Switzerland
Phone: +41 (41) 784 95 85 · Fax: +41 (41) 784 95 64