Re: [Iot-onboarding] some straw-man charter text for an IoT Operational Security WG

Kent Watsen <> Wed, 04 September 2019 16:18 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id EFC721200B9; Wed, 4 Sep 2019 09:18:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id ZxPbbc5xLtGx; Wed, 4 Sep 2019 09:18:32 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 90685120912; Wed, 4 Sep 2019 09:18:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=6gbrjpgwjskckoa6a5zn6fwqkn67xbtw;; t=1567613910; h=From:Message-Id:Content-Type:Mime-Version:Subject:Date:In-Reply-To:Cc:To:References:Feedback-ID; bh=pOJpy6xK2PpZ5rwoXmTz+U+lgFlomcHLF6sqzn8e3P0=; b=XNyLHfSCoS9DcdgNnlFrtyqZlIc9Co9HkMDEMMCA/lduRwotNt1rJLP2faWRm3Qn PXPwXudeRQj7KUvmsoFzQMc4KyBXDeGNUPMQf228VgaT7z7aqEUkJOooCgju8WDSwGu O1Ke4J54RUN4xYC6rrJboc2TXjLJopxvPcp0M9A4=
From: Kent Watsen <>
Message-ID: <>
Content-Type: multipart/alternative; boundary="Apple-Mail=_562AB405-328D-4ACF-B980-170526FC1774"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Wed, 4 Sep 2019 16:18:30 +0000
In-Reply-To: <>
To: Michael Richardson <>
References: <> <> <>
X-Mailer: Apple Mail (2.3445.104.11)
X-SES-Outgoing: 2019.09.04-
Archived-At: <>
Subject: Re: [Iot-onboarding] some straw-man charter text for an IoT Operational Security WG
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IoT onboarding mechanisms <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 04 Sep 2019 16:18:34 -0000

> Kent: I am feeling a bit of "my protocol vs your protocol" in your reply.

Fair point.  I just want to ensure what you say at bottom...

>      It is not my intention to do that.  I think that we did an awesome
>      job getting to the commonalities with 8366.  I'm not sure that this
>      is as visible to others.

Indeed, as witnessed by the plethora of activity brought forth since.  :thumbs-up:

> Yes, but is that really appropriate?  Are the right people there in ANIMA,
> and is it actually disruptive to the ANIMA effort beyond onboarding?
> In particular the constrained document is not getting enough attention.

Unsure.  It's a blurred line to me where ANIMA stops and this might begin...

> Sure.  I put it there so that people could find it.

Okay, but folks should know that, while produced by NETCONF WG, it really has nothing to do with NETCONF protocol.

>> and later the text says that it's "not limited
>> to just that protocol" (being BRSKI), but the general tone, and
>> specifically the Milestones, are very BRSKI-specific.
> I would very much like to have more, but I don't know what the next steps for
> SZTP are.

Mapping to DTLS, CBOR, CoAP, and MUD would be a good milestones.  Unsure how many drafts that might entail.  Each topic is likely a small document, since it's mostly mapping onto other existing work.

> I actually rather believe that SZTP is probably a better starting point for a
> cloudless solution.
> If SZTP can do a better job for constrained environments, it is *precisely*
> this kind of stuff that I'd like to have in this group.

Yes, it would be good if this group could cast a wide net.

> I'm okay with the WG producing 3 or 4 mechanisms

Perfect.   Importantly, some of these mechanisms can be run in parallel, as they offer similar level of security, and hence a DoS doesn't result in a degradation attack.

> (and then, of course, an
> n+1th in four years to converge them, applying
> Some have attributed this method to Scott Bradner, imaging a meadow of
> many wild flowers.

Never heard the meadow part before, but the "wild" part seems apt.  ;)