Thanks for sending the report.
The intention of the report is to "trigger and facilitate dialogue in
the broader ICANN community". Could we take any topics from this report
for discussion for the RIPE community? Some of the topics i find
relevant to us from section 5 of this report are :
1. IoT measurements
2. Security and transparency libraries for IoT devices
3. Dissemination and training
4. Proactively mitigating IoT attacks (e.g; envision security systems in
edge networks such as using MUD (Manufacturer Usage Descriptio)
On 05/06/2019 15:26, Ad Bresser wrote:
>> Hi,>> Â>> For the ones that are interested.>> Â>> The ICANN SSAC (Security and Stability Advisory Committee), published:>> SAC105 The DNS and the Internet of Things: Opportunities, Risks, and > Challenges>> https://www.icann.org/en/system/files/files/sac-105-en.pdf Â>> Â>> Kind regards,>> Â>> Ad Bresser>>> _______________________________________________> iot-wg mailing list> iot-wg _at_ ripe _dot_ net> https://lists.ripe.net/mailman/listinfo/iot-wg
2019-06-07 14:33:50 CET
Thanks for the response. My comments inline:
On 07/06/2019 09:29, Eliot Lear wrote:
>> Hi Ad & Sandoche,>> Good that SSAC has published something.Â There really are some big > challenges here for IoT.Â In the area of DNS, one challenge is that > in order to limit attacks, you really do want the network to limit > access to services, and that means knowing which domains the device > should be speaking to.>
The SPIN project from SIDN
seems to be a possible solution.
Also, there is another plugin from Princeton that lets one to inspect
IoT traffic in your home network right from the browser:
https://iot-inspector.princeton.edu/blog/post/getting-started/https://iot-inspector.princeton.edu/blog/> Â That creates some challenges.Â That means some sort of consistency > with regard to DNS query responses to the device and to the > enforcement point.Â The ultimate approach to that is coordination > between the resolver and the enforcement point, but snooping has > worked in the past.Â And so you can see some DoH challenges if IoT > devices implement that capability prematurely.>>
==> Is this a topic that our group can focus on and maybe prepare a RIPE
BCP (Best Current Practice) or BCOP (Best Current Operation Practice)
document like the document prepared by ICANN SSAC for the RIPE community?
Please send your views.
2019-06-07 17:05:25 CET
On 07/06/2019 15:52, Eliot Lear wrote:
>>>>> ==> Is this a topic that our group can focus on and maybe prepare a >> RIPE BCP (Best Current Practice) or BCOP (Best Current Operation >> Practice) document like the document prepared by ICANN SSAC for the >> RIPE community?>>>> I think there is room for at least documenting the issues.Â Where that > happens to me is less important than that it happens ;-)>>>
==> I know that you have been involved in a similar effort on IoT device
onboarding : https://github.com/iot-onboarding/catalog
Maybe we could start something similar in github or a similar place
where everyone can contribute.
Just want to know the views of others in the group, if any.