Re: [Iotsi] New IoT effort at

Eliot Lear <> Tue, 23 August 2016 11:32 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 757DF12D0D1; Tue, 23 Aug 2016 04:32:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -15.07
X-Spam-Status: No, score=-15.07 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.548, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id D6yCr_qjwGuA; Tue, 23 Aug 2016 04:32:44 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 81F6612D0B2; Tue, 23 Aug 2016 04:32:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;;; l=3206; q=dns/txt; s=iport; t=1471951963; x=1473161563; h=subject:to:references:cc:from:message-id:date: mime-version:in-reply-to; bh=QZee3QxZ7mz0L6dlQ2Ru2D02l2QHw2k9TMPqqGoQ/30=; b=X5EEwKiE/GE0jiIZ5j2nEjVJfUzEvlnZHi3M57vTWljv16DeSGZY9SCy lLTHahAwnxK3UrerhjNpcTo5nQQTHOAr8jgPWQ+WqhZ37zbSwHnHcOAJa y19AH+7c5mWRcHkVgbMWsgvJ63GyXIZMxpwHSZjaLnN3i/klV6xpEq8Ay U=;
X-Files: signature.asc : 481
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CzBABuM7xX/xbLJq1UCoMpAQEBAQFyK?= =?us-ascii?q?lK6AxyGAQKCJhACAQEBAQEBAV4nhGABAQQBI1YQCxgqAgJXBg0IAQGIJQiuaJA?= =?us-ascii?q?GAQEBAQEBAQMBAQEBAQEBEg6IJQiCTYQIEIMpgloBBJlIgz6Bc2+JAYI7hx6Fd?= =?us-ascii?q?4RGi3M1H4N8OjSEW4E2AQEB?=
X-IronPort-AV: E=Sophos;i="5.28,565,1464652800"; d="asc'?scan'208";a="685603720"
Received: from (HELO ([]) by with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 23 Aug 2016 11:32:36 +0000
Received: from [] ( []) by (8.14.5/8.14.5) with ESMTP id u7NBWa9s001228; Tue, 23 Aug 2016 11:32:36 GMT
To: Tim Coote <>
References: <> <> <> <> <> <> <>
From: Eliot Lear <>
Message-ID: <>
Date: Tue, 23 Aug 2016 13:32:35 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Thunderbird/45.2.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="s3pbwiQnBuGM844FEVahFesahtGDG04Hr"
Archived-At: <>
Cc: "" <>, David Janes <>, Hannes Tschofenig <>, Ted Hardie <>, Internet Architecture Board <>
Subject: Re: [Iotsi] New IoT effort at
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Internet of Things Semantic Interoperability Workshop <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 23 Aug 2016 11:32:45 -0000

Going down...

On 8/23/16 1:26 PM, Tim Coote wrote:
> There’s a commercial asymmetry here, which means that Thing Makers may not know what they have released (their focus is on shifting boxes) and any assertion, unless backed up by a legal contract is worth little. Whoever is dropping in hardware based Things may put in a new version or a replacement from a different supplier that claims to be the same as something else. But isn’t. 

I think what you are saying is that there are white label products out
there.  It is true that one might simply not ask the question.  I don't
find that particularly satisfying, and I know my enterprise friends are
even less enthralled.  They need a way to identify what is accessing
their networks.

> My conclusion was that the owner of the service delivered to the customer must define automated tests and behaviour categorisations that are used to accept new components and to identify rogues in production.

Sure.  That amounts to NEA, perhaps with a protocol tweak here or
there.  But the challenge is getting Things to divulge ANY information
in a way that doesn't actually place them on