Re: [Iotsi] New IoT effort at

Eliot Lear <> Mon, 12 September 2016 17:53 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 3F44E12B01A; Mon, 12 Sep 2016 10:53:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -16.03
X-Spam-Status: No, score=-16.03 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.508, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 3d6R_6aUWxuf; Mon, 12 Sep 2016 10:53:22 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 482E312B01B; Mon, 12 Sep 2016 10:53:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;;; l=4872; q=dns/txt; s=iport; t=1473702801; x=1474912401; h=subject:to:references:cc:from:message-id:date: mime-version:in-reply-to; bh=FG0NWmfHHT+ZkiuI7fQADOhOszyfoJyIVbW//F3MBpw=; b=bbF6BqB/v+y1pUbarpLhXYsBYNALXTs5ut+MbSyYCUBk2BcrkqAkvlVL zg6WLo44BLk00Oa5QmjL5MrEdYrIuwYDmp7wfHJO9V10n5QEQU15xh8Uz VZizziMfir5OP32RQgK6bU2oPfakc6jWXDfEBZ/m4QsI0FMhp2Ji6HhWJ w=;
X-Files: signature.asc : 481
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.30,323,1470700800"; d="asc'?scan'208";a="648443178"
Received: from (HELO ([]) by with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 12 Sep 2016 17:52:56 +0000
Received: from [] ([]) by (8.14.5/8.14.5) with ESMTP id u8CHqtbk004582; Mon, 12 Sep 2016 17:52:55 GMT
To: Hannes Tschofenig <>, Tim Coote <>
References: <> <> <> <> <> <> <> <> <>
From: Eliot Lear <>
Message-ID: <>
Date: Mon, 12 Sep 2016 19:52:57 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Thunderbird/45.3.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="HIcGSc4g8oWl6vxPoMTPNTBuKAxisuIMg"
Archived-At: <>
Cc: "" <>, David Janes <>, Internet Architecture Board <>, Ted Hardie <>
Subject: Re: [Iotsi] New IoT effort at
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Internet of Things Semantic Interoperability Workshop <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 12 Sep 2016 17:53:24 -0000

Hi Hannes,

On 8/23/16 2:03 PM, Hannes Tschofenig wrote:
> Eliot,
> I would like to hear your view on why NEA has been a failure.
I've given this more thought.  Let us distinguish between NEA the
protocol and NEA the concepts.  The concepts are very well deployed,
mostly in the form of mobile device managers (MDNs), including the VPN
module I am using at this very moment.  These sorts of modules tend to
be two-sided vendor specific, meaning that little standardization is
required.  This works well when there are very few types of devices.  It
works less well when we don't even know how to count how many types of
devices there are.


> Ciao
> Hannes
> -----Original Message-----
> From: Eliot Lear []
> Sent: 23 August 2016 13:33
> To: Tim Coote
> Cc: Hannes Tschofenig; David Janes;; Ted Hardie; Internet Architecture Board
> Subject: Re: [Iotsi] New IoT effort at
> Going down...
> On 8/23/16 1:26 PM, Tim Coote wrote:
>> There’s a commercial asymmetry here, which means that Thing Makers may not know what they have released (their focus is on shifting boxes) and any assertion, unless backed up by a legal contract is worth little. Whoever is dropping in hardware based Things may put in a new version or a replacement from a different supplier that claims to be the same as something else. But isn’t.
> I think what you are saying is that there are white label products out there.  It is true that one might simply not ask the question.  I don't find that particularly satisfying, and I know my enterprise friends are even less enthralled.  They need a way to identify what is accessing their networks.
>> My conclusion was that the owner of the service delivered to the customer must define automated tests and behaviour categorisations that are used to accept new components and to identify rogues in production.
> Sure.  That amounts to NEA, perhaps with a protocol tweak here or there.  But the challenge is getting Things to divulge ANY information in a way that doesn't actually place them on
> Eliot
> IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
> _______________________________________________
> Iotsi mailing list