[Iot-directorate] consumer IoT Standard EN 303 645 update
Michael Richardson <mcr+ietf@sandelman.ca> Thu, 28 May 2020 14:10 UTC
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: iot-directorate@ietfa.amsl.com
Delivered-To: iot-directorate@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9DC423A0F01 for <iot-directorate@ietfa.amsl.com>; Thu, 28 May 2020 07:10:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.44
X-Spam-Level:
X-Spam-Status: No, score=-0.44 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RDNS_NONE=0.793, SPF_HELO_NONE=0.001, SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dJcWU3eDIuEI for <iot-directorate@ietfa.amsl.com>; Thu, 28 May 2020 07:10:45 -0700 (PDT)
Received: from tuna.sandelman.ca (unknown [209.87.249.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 100D63A1001 for <iot-directorate@ietf.org>; Thu, 28 May 2020 07:10:22 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 23C4538A24 for <iot-directorate@ietf.org>; Thu, 28 May 2020 10:08:04 -0400 (EDT)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 32OvOBEKQN60 for <iot-directorate@ietf.org>; Thu, 28 May 2020 10:08:03 -0400 (EDT)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 43D7338A20 for <iot-directorate@ietf.org>; Thu, 28 May 2020 10:08:03 -0400 (EDT)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 03F45213 for <iot-directorate@ietf.org>; Thu, 28 May 2020 10:10:21 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: iot-directorate@ietf.org
In-Reply-To: <messages/2711026899@3.basecamp.com>
References: <messages/2711026899@3.basecamp.com>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Thu, 28 May 2020 10:10:20 -0400
Message-ID: <29967.1590675020@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/iot-directorate/gCLJR2zl4J-yAmShQ6x8LuSn8V4>
Subject: [Iot-directorate] consumer IoT Standard EN 303 645 update
X-BeenThere: iot-directorate@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Mailing list for the IoT Directorate Members <iot-directorate.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/iot-directorate>, <mailto:iot-directorate-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/iot-directorate/>
List-Post: <mailto:iot-directorate@ietf.org>
List-Help: <mailto:iot-directorate-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/iot-directorate>, <mailto:iot-directorate-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 May 2020 14:10:52 -0000
from IoTSF: EN 303 645 is currently going through NSOs (National Standards Organisations) for voting - the voting deadline is June 9th - public draft is available at: https://www.etsi.org/deliver/etsi_en/303600_303699/303645/02.01.00_30/en_303645v020100v.pdf IoTSF has supported this work since inception and we have sent a letter of support as part of the official process. For those unfamiliar with prior work, the objectives of EN 303 645 / TS 103 645 were as follows: 1. Bring together widely considered good practice in security for consumer IoT devices in a set of high-level, outcome-focused provisions. Focus on technical controls and organisational policies that matter most in addressing the most significant and widespread security shortcomings. 2. Consider a baseline level of security, to protect against elementary attacks on fundamental design weaknesses. (That means a focus should be on protecting against scenarios involving automatic remote attacks (e.g. botnets), rather than sophisticated targeted attacks requiring physical access to the device.) 3. Avoid creating an unacceptable burden for small businesses. 4. Take into account that innovation is progressing rapidly in this space and build in flexibility where possible 5. Provisions must be appropriate for the full spectrum of “consumer IoT”. What else? • DCMS will present an update on the status of this at the forthcoming plenary on Jul 8th (see calendar IoTSF Plenary 27 - Virtual - IoTSF Plenary ) • There is an ETSI webinar session which is free to join on June 11th. I would encourage members of the Assurance Working Group to attend if possible https://www.etsi.org/events/1653-etsi-security-week-2020#pane-2/ -- Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
- [Iot-directorate] consumer IoT Standard EN 303 64… Michael Richardson