IETF Logo Mail Archive

Re: [saag] draft-moore-iot-bcp-00 (Best Current Practices for Securing Internet of Things (IoT) Devices)

Hannes Tschofenig <hannes.tschofenig@gmx.net> Mon, 07 November 2016 12:58 UTC

Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 508061294A0 for <saag@ietfa.amsl.com>; Mon, 7 Nov 2016 04:58:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.598
X-Spam-Level:
X-Spam-Status: No, score=-3.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_SORBS_SPAM=0.5, RP_MATCHES_RCVD=-1.497, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8S6OH0b-x75q for <saag@ietfa.amsl.com>; Mon, 7 Nov 2016 04:58:09 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.22]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 362B812947C for <saag@ietf.org>; Mon, 7 Nov 2016 04:58:06 -0800 (PST)
Received: from [192.168.91.155] ([80.92.115.71]) by mail.gmx.com (mrgmx103) with ESMTPSA (Nemesis) id 0MarAM-1cO0Am2vpS-00KM5E; Mon, 07 Nov 2016 13:57:58 +0100
To: Natasha Rooney <nrooney@gsma.com>, Keith Moore <moore@network-heretics.com>
References: <63ae04d9-9a31-498c-3333-2801a72338f0@network-heretics.com> <ED86D1E0-37C2-40C4-81E2-381639CD0B8D@gsma.com>
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Openpgp: id=071A97A9ECBADCA8E31E678554D9CEEF4D776BC9
Message-ID: <9079214d-4a36-7883-122e-c36374cb9c72@gmx.net>
Date: Mon, 07 Nov 2016 13:57:56 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <ED86D1E0-37C2-40C4-81E2-381639CD0B8D@gsma.com>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="ncKeqclJ3tqnt8bLvPvHMo8msxlFHICJU"
X-Provags-ID: V03:K0:Y2BIuCezwTyRTc/fmhM2MZxEfxTA5HEmNdS7c/HXVPOW3RmWDa4 YCIKM1X2lN322AF77bawmO39WvODXM8O8hP+sCwm33U5eR2CdzEJZ0VOlJ7wBtQGRySxqfz WUQwXhRQz2trRZnUEb14CnW5bbAmy3MIxwU/glqPX7n5sURE62YW/XXC6/dBE9SbXx1LCCr p85htYRg6EwyBDs9FgvXg==
X-UI-Out-Filterresults: notjunk:1;V01:K0:3SHvjHz/45U=:E5t/fpNc0Sdti1DTEdjKs6 IKknM6juYQhPNcINzHLAXxOHbXROUtSXXArts2c7dmm5pbRoJGXYA3p5KHROxvjSTAJlxu8QD tMai50MvqZTldoXAV4xxkf2LGsJqBBOwjqm5vw2KufM4MxuQ3G8cjOtkI0norAH4nscmXIAAF WIKJHZfaF1zbefONQpfSimlgeeYVzx1F11B2NanEupHOqOc93eSfvtOI2Jih9gzJ63fDBe/Ly bxPKz1RRfoRHZOl9tJC2oT1+iL1Vi9Y/RLmN/4wLrvhXa5ALFjvWOgTchh8jo9UzojBDTspVX Flq5a62hLf2dZjXc/hka1qnLV77WUWSnRGTePcKI1Z2acSsxfAOSA6HQbv1R8ktltmh9uh4k1 m7OXS33nAQY085hMYoahEdOd6j09vtmb7Ic5WO91bRN68utmf14hdHOb/zOlPM6hk0Fj3IY9L a3Z+O/EN8v1U/JyVlHbNboh5rOSHo4Bvqo2kyl7F6R7a+GuDlY2gf45FtsyT/mql5pwtGDVth PEjP/ycnX9hj+jQBYXnLjrOV6D/iVvYqccTGfg9dVA/IfxaOLBIFY3QENKi2uFjLBRw6rLKk8 nC6orTVCEOrZzXG+/h+XhQEV3ZPlKkMXiljuuJ/A+uJ4N4ttu6FCSGTdJ6F6U9E5InnsddPlA hL+9T7Qoi/FwONc4BBupddQLz/oLc9fDfiG3ooy+ZOBGf+I94Xnu8ova9TM6PJCK6m/VyQmTU AhSeu5IlLO2csgLL2c0YsetE5dKdCBp/7OyVTKNgh67Kg5TbOAB0Dm/Q1tY=
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/qzGJQoxoVCtvWpN5edT8G1y249g>
Cc: saag <saag@ietf.org>
Subject: Re: [saag] draft-moore-iot-bcp-00 (Best Current Practices for Securing Internet of Things (IoT) Devices)
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Nov 2016 12:58:10 -0000

Hi Natasha,

thanks for pointing us to this GSMA effort.

Could you provide a little bit of feedback on who wrote these documents?

Ciao
Hannes


On 11/07/2016 11:41 AM, Natasha Rooney wrote:
> Hi Keith,
> 
> The Connected Living team here at GSMA recently published the IOT
> Security Guidelines (including a self-assessment scheme) for the same
> purpose as your draft but with a wider focus (mobile operator networks,
> service providers and applications). The guidelines may provide some
> input to the draft.
> 
> http://www.gsma.com/connectedliving/future-iot-networks/iot-security-guidelines/
> 
> Thanks!
> 
> Natasha
> 
> 
>> On 5 Nov 2016, at 01:25, Keith Moore <moore@network-heretics.com
>> <mailto:moore@network-heretics.com>> wrote:
>>
>> Stephen Farrell suggested I bring this draft to your attention. This
>> was a rush job as the authors just started talking about this last
>> Friday, but it was written in response to recent DDoS attacks that
>> utilized easily-compromised IoT devices.   I'm sure there are missing
>> pieces (I've identified a few since -00) and sections that could be
>> stated better (like the title of section 2.3.2), but hopefully this is
>> a useful start.
>>
>> https://datatracker.ietf.org/doc/draft-moore-iot-security-bcp/
>>
>> Keith
>>
>>
>> _______________________________________________
>> saag mailing list
>> saag@ietf.org
>> https://www.ietf.org/mailman/listinfo/saag
> 
> This email and its attachments are intended for the above named only and
> may be confidential. If they have come to you in error you must take no
> action based on them, nor must you copy or show them to anyone; please
> reply to this email or call +44 207 356 0600 and highlight the error.
> 
> 
> 
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag
>

v2.23.0 | Report a Bug | By Email