Re: [saag] draft-moore-iot-bcp-00 (Best Current Practices for Securing Internet of Things (IoT) Devices)
Natasha Rooney <nrooney@gsma.com> Mon, 07 November 2016 13:41 UTC
Return-Path: <nrooney@gsma.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B81CF129619 for <saag@ietfa.amsl.com>; Mon, 7 Nov 2016 05:41:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Level:
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=gsmasso.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R7kTyi4aIKnG for <saag@ietfa.amsl.com>; Mon, 7 Nov 2016 05:41:43 -0800 (PST)
Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-eopbgr40055.outbound.protection.outlook.com [40.107.4.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8BFD41295AF for <saag@ietf.org>; Mon, 7 Nov 2016 05:41:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=GSMASSO.onmicrosoft.com; s=selector1-gsma-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Yq560ipY9UPnG9DgJ8qmNaLtIG6Od0ngxmiwY5Z0foo=; b=JVLRtx7Si/uCxlthwqx5ekr5QL+Zl09MgKfLpRcdN2eTchGUXIgSOgxwOeE4g20yBdrRhaLygGU/HBs29G7vRLLBE11fYeIPv+z/qzyQCM9DOTJ0x9ATiVx5l378IJWIUId7CqRC4tvfdfbNwBZbsj4BD0c67uTHfMbHBn5SQfs=
Received: from VI1PR0401MB2064.eurprd04.prod.outlook.com (10.166.141.138) by VI1PR0401MB2061.eurprd04.prod.outlook.com (10.166.141.135) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.707.6; Mon, 7 Nov 2016 13:41:38 +0000
Received: from VI1PR0401MB2064.eurprd04.prod.outlook.com ([10.166.141.138]) by VI1PR0401MB2064.eurprd04.prod.outlook.com ([10.166.141.138]) with mapi id 15.01.0707.006; Mon, 7 Nov 2016 13:41:38 +0000
From: Natasha Rooney <nrooney@gsma.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Thread-Topic: [saag] draft-moore-iot-bcp-00 (Best Current Practices for Securing Internet of Things (IoT) Devices)
Thread-Index: AQHSNwOd418Z+/nxoUCvigY2dlEx6aDNWRAAgAAmBgCAAAw2AA==
Date: Mon, 07 Nov 2016 13:41:38 +0000
Message-ID: <A07E9CF1-C23A-4100-8703-3759665D02FE@gsma.com>
References: <63ae04d9-9a31-498c-3333-2801a72338f0@network-heretics.com> <ED86D1E0-37C2-40C4-81E2-381639CD0B8D@gsma.com> <9079214d-4a36-7883-122e-c36374cb9c72@gmx.net>
In-Reply-To: <9079214d-4a36-7883-122e-c36374cb9c72@gmx.net>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3251)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=nrooney@gsma.com;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [51.6.68.18]
x-ms-office365-filtering-correlation-id: 493153e6-392f-4038-9e0d-08d40713cccb
x-microsoft-exchange-diagnostics: 1; VI1PR0401MB2061; 7:e0wnYAAfUNsk3TcmJpE/AnoDovy/ts32EoB8I6IxciZfSFhNB1DpTRLYvbhmleLYPB/McPr1V/wZrhwqpa1qOOW2ZhkCzFB81iEfHcex79fWczbgRavMfR7be9X5IBQV6YyK8jdEgVZ6xUys7SXEWRSovJFz1Uafb4Y0eL9vFjuf5tkH79ZNbG6XhPFzeg6tVuv0CxTwaJyBVP89rup5jVg9bG0dYraOAiPU9u6ZTqkb7HmKPqG42BJpCaJ9BnEH/mdw+4E9D7QJaghxwhvqGAohnXfTJm7mCEklFyif7QCicQ+3e8225bL9djFBnyFaOkwS5xhdO4Ukbplqm7voHWLcsc3o9bImTssj0W2HPHI=
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:VI1PR0401MB2061;
x-microsoft-antispam-prvs: <VI1PR0401MB20610BE3FE62CFA436FF748FC3A70@VI1PR0401MB2061.eurprd04.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(278428928389397)(120809045254105)(192374486261705)(248736688235697)(160794256991155)(21532816269658);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6045074)(6060229)(6040176)(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(6061226)(6046074); SRVR:VI1PR0401MB2061; BCL:0; PCL:0; RULEID:; SRVR:VI1PR0401MB2061;
x-forefront-prvs: 0119DC3B5E
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(7916002)(189002)(377454003)(24454002)(199003)(7736002)(50986999)(101416001)(83716003)(7846002)(81166006)(81156014)(6916009)(122556002)(8676002)(36756003)(76176999)(66066001)(92566002)(16236675004)(86362001)(8936002)(10400500002)(5002640100001)(106356001)(106116001)(105586002)(110136003)(3280700002)(4326007)(11100500001)(2906002)(189998001)(2900100001)(230783001)(97736004)(33656002)(5660300001)(3660700001)(19617315012)(82746002)(5890100001)(57306001)(50226002)(15975445007)(77096005)(586003)(2950100002)(6116002)(102836003)(3846002)(7906003)(87936001)(68736007)(19580395003)(19580405001)(104396002); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR0401MB2061; H:VI1PR0401MB2064.eurprd04.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: gsma.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_A07E9CF1C23A410087033759665D02FEgsmacom_"
MIME-Version: 1.0
X-OriginatorOrg: gsma.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Nov 2016 13:41:38.6340 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72a4ff82-fec3-469d-aafb-ac8276216699
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0401MB2061
X-MS-Exchange-CrossPremises-AuthAs: Internal
X-MS-Exchange-CrossPremises-AuthMechanism: 04
X-MS-Exchange-CrossPremises-AuthSource: VI1PR0401MB2064.eurprd04.prod.outlook.com
X-MS-Exchange-CrossPremises-SCL: 1
X-MS-Exchange-CrossPremises-messagesource: StoreDriver
X-MS-Exchange-CrossPremises-BCC:
X-MS-Exchange-CrossPremises-originalclientipaddress: 51.6.68.18
X-MS-Exchange-CrossPremises-avstamp-service: 1.0
X-MS-Exchange-CrossPremises-disclaimer-hash: 78ca8040c6722e32c2f5b0a45bf37e74b9409d645a53be96aa19958e0cee0f00
X-MS-Exchange-CrossPremises-antispam-scancontext: DIR:Originating; SFV:NSPM; SKIP:0;
X-MS-Exchange-CrossPremises-processed-by-journaling: Journal Agent
X-OrganizationHeadersPreserved: VI1PR0401MB2061.eurprd04.prod.outlook.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/u9A5pq5W1iwDXcKWe0hTh6JqoQM>
Cc: Keith Moore <moore@network-heretics.com>, saag <saag@ietf.org>
Subject: Re: [saag] draft-moore-iot-bcp-00 (Best Current Practices for Securing Internet of Things (IoT) Devices)
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Nov 2016 13:41:46 -0000
Hey Hannes! The Connected Living team here at GSMA wrote them. If you wish to send in suggestions let me know off-list, I’ll connect you with the right person. Natasha On 7 Nov 2016, at 12:57, Hannes Tschofenig <hannes.tschofenig@gmx.net<mailto:hannes.tschofenig@gmx.net>> wrote: Hi Natasha, thanks for pointing us to this GSMA effort. Could you provide a little bit of feedback on who wrote these documents? Ciao Hannes On 11/07/2016 11:41 AM, Natasha Rooney wrote: Hi Keith, The Connected Living team here at GSMA recently published the IOT Security Guidelines (including a self-assessment scheme) for the same purpose as your draft but with a wider focus (mobile operator networks, service providers and applications). The guidelines may provide some input to the draft. http://www.gsma.com/connectedliving/future-iot-networks/iot-security-guidelines/ Thanks! Natasha On 5 Nov 2016, at 01:25, Keith Moore <moore@network-heretics.com <mailto:moore@network-heretics.com>> wrote: Stephen Farrell suggested I bring this draft to your attention. This was a rush job as the authors just started talking about this last Friday, but it was written in response to recent DDoS attacks that utilized easily-compromised IoT devices. I'm sure there are missing pieces (I've identified a few since -00) and sections that could be stated better (like the title of section 2.3.2), but hopefully this is a useful start. https://datatracker.ietf.org/doc/draft-moore-iot-security-bcp/ Keith _______________________________________________ saag mailing list saag@ietf.org https://www.ietf.org/mailman/listinfo/saag This email and its attachments are intended for the above named only and may be confidential. If they have come to you in error you must take no action based on them, nor must you copy or show them to anyone; please reply to this email or call +44 207 356 0600 and highlight the error. _______________________________________________ saag mailing list saag@ietf.org<mailto:saag@ietf.org> https://www.ietf.org/mailman/listinfo/saag This email and its attachments are intended for the above named only and may be confidential. If they have come to you in error you must take no action based on them, nor must you copy or show them to anyone; please reply to this email or call +44 207 356 0600 and highlight the error.
- [saag] draft-moore-iot-bcp-00 (Best Current Pract… Keith Moore
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Natasha Rooney
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Hannes Tschofenig
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Natasha Rooney
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Ira McDonald
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Ronald del Rosario
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Loganaden Velvindron
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Ari Keränen
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Watson Ladd
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Hannes Tschofenig
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Garcia Morchon O, Oscar
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Adam Montville
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Michael Richardson
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Garcia Morchon O, Oscar
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Ben Laurie
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Ben Laurie
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Peter Gutmann
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Adrian Hope-Bailie
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Eliot Lear
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Peter Gutmann
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Jeffrey Walton
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Jeffrey Walton
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Hannes Tschofenig
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Carsten Bormann
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… Peter Gutmann
- Re: [saag] draft-moore-iot-bcp-00 (Best Current P… kathleen.moriarty.ietf