[iot-wg] the vague IoT/RIPE-NCC training question
- Previous message (by thread): [iot-wg] the vague IoT/RIPE-NCC training question
- Next message (by thread): [iot-wg] the vague IoT/RIPE-NCC training question
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
sandoche Balakrichenan
sandoche.balakrichenan at afnic.fr
Tue May 31 08:54:08 CEST 2022
Hi Michael, In addition to security, IMHO RIPE-NCC could focus on the identifiers (Naming & addressing) side of IoT for training. For example, the usage of IPv6 for IoT devices. Identity management in IoT is a core issue which is not much researched or discussed due to the lack of expertise. Sandoche BALAKRICHENAN (Without my Co-Chair hat on) On 30/05/2022 21:40, Michael Richardson wrote: > At RIPE84, recorded at https://ripe84.ripe.net/archives/video/782/ > Jad El Cham asks about training from the RIPE NCC on "IoT". > I watched this today from the archives. I wasn't able to be at the IOT-WG > meeting in person (yes, you saw me there on Monday), because I was at the IoT > Security Foundation's ManySecured WG meetings in London. > Perhaps that makes me more qualified to answer the question? > > First, some nitpicks about this presentation. I couldn't hear Jad El Cham's > name very well, and the lack of slides meant I had to watch the video three > times to understand his question. > https://ripe84.ripe.net/programme/meeting-plan/iot-wg/ > has his name correctly, but: > https://ripe84.ripe.net/archives/#wednesday does *NOT* > > If there were three slides with the questions and thoughts on them, then I > could far better respond to the question. > (Still not sure if the clapping for Marco leaving RIPE was ... "thanks for > all the work", or "thank god you escaped with your sanity...) > > Second, while I share some of Jim's concern about scope creep, in fact there > are many things that the RIPE NCC is uniquely positioned to help with that > would benefit the community, and which probably *does* need a subsidy to get > done correctly. Profit motives being forever next-quarter, 90% of the IoT > security problems (as explained in the previous presentation, the slides at: > https://ripe84.ripe.net/presentations/87-HVIKT-IoT-encounters-ripe.pdf > include his missing slides...) are the result of next quarter thinking > combined with very poor operational controls. > > If we are going to get a handle on the security issues with networks of > devices (routers are the Internet of Internet things) then we need more data > and more sharing of experiences. Back in RIPE79, (Rotterdam), I tried to > start discussion about how ISPs can collaborate better on dealing with > security issues, particularly DDoS caused by distributed malware. > > So, what would I like to see: > > 1) increase connection with RIPE NCC with organizations like > iotsecurityfoundation.org. IoTSF is among the few places I've found which > are not about hype or marketing, who seem to have real connections to both > places/people technical and people/places regulatory. Like the IETF, though, > we need more participation of operators.... not just the airy-fairy senior > security architects from various ISPs, but actual people in the trenches. > > There are dozens of interesting bits of research being done via RIPE Atlas, > telling more IoT types about the results would be a good thing. That could > be in the form of some RIPE (NCC?) person talking about research, or perhaps > for RIPE NCC sponsoring the researcher to present their stuff at a few > conferences, such as the IoTSF conference in October, but also IETF > meetings, RSA(*), Industrial Internet Consortium, The Thing Conference, ... > > btw: I did two training courses in 2020 for IoTSF on default passwords and > software updates. *Manufacturers* are *really* hard to reach. > Educating *operators* about what to *ask for*, and which regulation the > supplier is not-complliant with when they fail, would also be very good. > > 2) RIPE NCC involvement with specifications like: > https://datatracker.ietf.org/wg/mile/about/ > ROLIE RFC 8322 > good intro:https://www.redhat.com/en/blog/red-hat-adopts-rolie-protocol-automated-exchange-security-compliance-assets > GOLIE https://github.com/rolieup/golie > > For instance, how many ISPs how how to set this up? > I have no personal experience. > Would I come to a day-long workshop (Saturday before or after RIPE?)... YES. > This is training content that RIPE NCC could develop, and could provide in > multiple venues for free or for low cost. This is much akin to MANRS, RPKI > training, and I think there has been IX training occur as well. > > ROLIE is not loved by everyone, btw, and there are some alternatives which my > slides from 79 went into, but actually I'm not, alas, qualified at this time > to say much, because I know little myself. > > 3) RIPE (NCC) involvement with regulators on the topic of *privacy* and > *liability* around vulnerability disclosures. > > Some operators, for instance, have told me that in order to avoid > violating the privacy of their customers when it comes to detecting > malware infestations on *their* networks, set up honeypots of (somewhat?) > vulnerable devices and wait for them to get p0wned. > > That's an interesting training course on its own. > > 4) a RIPE reference secure CPE device...? > > I could probably go on for days here with things that could be done. > > Many medium-sized operators have decided they don't like what's available to > them, and have went out to specify/build their own devices. Most bigger > operators have been doing this for more than a decade, but my observation is > that the bigger the operator, the less secure their default device is. > (For instance, we know how many and how poorly some of these devices support IPv6) > > Is there an opportunity to collect wisdom together? > Maybe some kind of symposium of operators and openwrt developers could > happen. OpenWRT has had conferences, although often not that well advertised > in advance. pprlFoundation sometimes has conferences I think. The > WBAlliance does stuff, but alas, 90% of what I see is total marketing. > > 5) I could come with a fifth, but his email is already too long. > :-) > > > > > > -- > Michael Richardson <mcr+IETF at sandelman.ca> . o O ( IPv6 IøT consulting ) > Sandelman Software Works Inc, Ottawa and Worldwide > > > > > > _______________________________________________ > iot-wg mailing list > iot-wg at ripe.net > https://lists.ripe.net/mailman/listinfo/iot-wg > > To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/iot-wg -- Sandoche BALAKRICHENAN Head of R&D Partnerships @ Afnic LoRaWAN Academia WG Chair & RIPE IoT WG Co-Chair
- Previous message (by thread): [iot-wg] the vague IoT/RIPE-NCC training question
- Next message (by thread): [iot-wg] the vague IoT/RIPE-NCC training question
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ iot-wg Archives ]