IETF Logo Mail Archive

Re: [saag] draft-moore-iot-bcp-00 (Best Current Practices for Securing Internet of Things (IoT) Devices)

Adam Montville <adam.w.montville@gmail.com> Tue, 08 November 2016 16:24 UTC

Return-Path: <adam.w.montville@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 368FF1294CC for <saag@ietfa.amsl.com>; Tue, 8 Nov 2016 08:24:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cqDEfk7A3jWZ for <saag@ietfa.amsl.com>; Tue, 8 Nov 2016 08:24:06 -0800 (PST)
Received: from mail-yw0-x22a.google.com (mail-yw0-x22a.google.com [IPv6:2607:f8b0:4002:c05::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C6925129434 for <saag@ietf.org>; Tue, 8 Nov 2016 08:24:06 -0800 (PST)
Received: by mail-yw0-x22a.google.com with SMTP id l124so180810704ywb.3 for <saag@ietf.org>; Tue, 08 Nov 2016 08:24:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=vZeyKTISpyft3a2gPemHtSQrV0z+76tvEr80aCBZ36U=; b=EuO2vu2F797nfBTWbWcsj0Aon4lTLcuOYTODVi3rMMeXKDhH/p4RaT2akMW1REjpwK 6plLD8julm5fpCRbQmEHyD2/myN0OBLruVZHO8fBCtVM5mdBcGdmGScH6/4j1yYU4eMI vNmGPlQvazp1tqTvbBoaNObYFcBVvJmxTvSfPmRHJMhym551ReEhVY/keiNCrVelvVL+ bY/VhyhbpirEX+5MTm60pDRr72+cwnlSdPGl3ltOQOPiakVrxwZrFAQgpnPsyeFX2fLe Ft5d9ml2VcyddWdyeohX/1sdToV5IpILAc7LzqEny3pVMmo4xNVGXOFLBc1ltoQSJHE2 nWEQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=vZeyKTISpyft3a2gPemHtSQrV0z+76tvEr80aCBZ36U=; b=T2l6E0ftaOvpPP4/hOBdSm/WXI2Zbw7SEOrGsEqe0uBpyDCj1d9IJPGlOqxJhzFACt jB2d4JdVU8hSbPDQIlv+LAXpG4DfI8nVulbkOYDWhYUCY6hWMy2yJYEOHtDilTLBw8IB qfaH9p13bV5CIdJqwkm2snE65uWr+qTc2aeX0wie3tsaSPUm3yptuc+CShglTR1kTswN zZu9lRH8186LSxAC8f9W6Yo/v4ix9djDzb/+ChcAofXr7hAEt9Z174ubbDb4PFC6HcYT dWjicTXHwGL0xvfIiOYo9Nn5AccCdwZDhX6TepkRg3D44W8MlMUw/4CAMc7fGqqDWQT+ 2GIQ==
X-Gm-Message-State: ABUngvcxBa/wk6QIxAaoBaH9mteTbonvQF87/B3chilZUizZ1Y7GuiFBbo+bY5J52TzSHiINJErFPey0UMlCZg==
X-Received: by 10.202.237.7 with SMTP id l7mr8247049oih.152.1478622245963; Tue, 08 Nov 2016 08:24:05 -0800 (PST)
MIME-Version: 1.0
References: <63ae04d9-9a31-498c-3333-2801a72338f0@network-heretics.com> <ff6dae39-a277-ea87-9b1a-643400c8742b@ericsson.com> <68453f17719b45a3afe0ee8607acd420@HE1PR9003MB0234.MGDPHG.emi.philips.com>
In-Reply-To: <68453f17719b45a3afe0ee8607acd420@HE1PR9003MB0234.MGDPHG.emi.philips.com>
From: Adam Montville <adam.w.montville@gmail.com>
Date: Tue, 08 Nov 2016 16:23:55 +0000
Message-ID: <CACknUNUKKa=W5YxHzw0HKPMfiA2DjvMfC5iViHUXUQ=guJQ5qw@mail.gmail.com>
To: "Garcia Morchon O, Oscar" <oscar.garcia@philips.com>, Ari Keränen <ari.keranen@ericsson.com>, Keith Moore <moore@network-heretics.com>, "saag@ietf.org" <saag@ietf.org>
Content-Type: multipart/alternative; boundary="001a113d2d1aba4b690540cc91d3"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/a1wp3_vme4-TB6AhKwrjhpjAIyM>
Subject: Re: [saag] draft-moore-iot-bcp-00 (Best Current Practices for Securing Internet of Things (IoT) Devices)
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Nov 2016 16:24:09 -0000

Would it be worthwhile to add this to the saag agenda, or is there
otherwise some session for discussing the plethora of IoT security related
material?

On Tue, Nov 8, 2016 at 10:04 AM Garcia Morchon O, Oscar <
oscar.garcia@philips.com> wrote:

> Hi Ari, Keith,
>
> indeed, the purpose is similar of the draft in the T2TRG is similar. It is
> clear is that having a document in which we describe which aspects should
> be considered is very relevant.
>
> We are in the process of further updating our draft --  comments are
> welcome.
>
> Regards, Oscar.
>
> -----Original Message-----
> From: saag [mailto:saag-bounces@ietf.org] On Behalf Of Ari Keränen
> Sent: Tuesday, November 08, 2016 9:44 AM
> To: Keith Moore; saag@ietf.org
> Subject: Re: [saag] draft-moore-iot-bcp-00 (Best Current Practices for
> Securing Internet of Things (IoT) Devices)
>
> Hi,
>
> Also at the Thing-to-Thing Research Group we have a draft about security
> considerations for IoT:
> https://tools.ietf.org/html/draft-irtf-t2trg-iot-seccons
>
>
> Cheers,
> Ari
>
> On 05/11/16 03:25, Keith Moore wrote:
> > Stephen Farrell suggested I bring this draft to your attention. This was
> > a rush job as the authors just started talking about this last Friday,
> > but it was written in response to recent DDoS attacks that utilized
> > easily-compromised IoT devices.   I'm sure there are missing pieces
> > (I've identified a few since -00) and sections that could be stated
> > better (like the title of section 2.3.2), but hopefully this is a useful
> > start.
> >
> > https://datatracker.ietf.org/doc/draft-moore-iot-security-bcp/
> >
> > Keith
> >
> >
>
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag
>
> ________________________________
> The information contained in this message may be confidential and legally
> protected under applicable law. The message is intended solely for the
> addressee(s). If you are not the intended recipient, you are hereby
> notified that any use, forwarding, dissemination, or reproduction of this
> message is strictly prohibited and may be unlawful. If you are not the
> intended recipient, please contact the sender by return e-mail and destroy
> all copies of the original message.
>
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag
>

v2.23.0 | Report a Bug | By Email