IETF Logo Mail Archive

Re: [saag] draft-moore-iot-bcp-00 (Best Current Practices for Securing Internet of Things (IoT) Devices)

Natasha Rooney <nrooney@gsma.com> Mon, 07 November 2016 13:41 UTC

Return-Path: <nrooney@gsma.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B81CF129619 for <saag@ietfa.amsl.com>; Mon, 7 Nov 2016 05:41:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Level:
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=gsmasso.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R7kTyi4aIKnG for <saag@ietfa.amsl.com>; Mon, 7 Nov 2016 05:41:43 -0800 (PST)
Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-eopbgr40055.outbound.protection.outlook.com [40.107.4.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8BFD41295AF for <saag@ietf.org>; Mon, 7 Nov 2016 05:41:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=GSMASSO.onmicrosoft.com; s=selector1-gsma-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Yq560ipY9UPnG9DgJ8qmNaLtIG6Od0ngxmiwY5Z0foo=; b=JVLRtx7Si/uCxlthwqx5ekr5QL+Zl09MgKfLpRcdN2eTchGUXIgSOgxwOeE4g20yBdrRhaLygGU/HBs29G7vRLLBE11fYeIPv+z/qzyQCM9DOTJ0x9ATiVx5l378IJWIUId7CqRC4tvfdfbNwBZbsj4BD0c67uTHfMbHBn5SQfs=
Received: from VI1PR0401MB2064.eurprd04.prod.outlook.com (10.166.141.138) by VI1PR0401MB2061.eurprd04.prod.outlook.com (10.166.141.135) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.707.6; Mon, 7 Nov 2016 13:41:38 +0000
Received: from VI1PR0401MB2064.eurprd04.prod.outlook.com ([10.166.141.138]) by VI1PR0401MB2064.eurprd04.prod.outlook.com ([10.166.141.138]) with mapi id 15.01.0707.006; Mon, 7 Nov 2016 13:41:38 +0000
From: Natasha Rooney <nrooney@gsma.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Thread-Topic: [saag] draft-moore-iot-bcp-00 (Best Current Practices for Securing Internet of Things (IoT) Devices)
Thread-Index: AQHSNwOd418Z+/nxoUCvigY2dlEx6aDNWRAAgAAmBgCAAAw2AA==
Date: Mon, 07 Nov 2016 13:41:38 +0000
Message-ID: <A07E9CF1-C23A-4100-8703-3759665D02FE@gsma.com>
References: <63ae04d9-9a31-498c-3333-2801a72338f0@network-heretics.com> <ED86D1E0-37C2-40C4-81E2-381639CD0B8D@gsma.com> <9079214d-4a36-7883-122e-c36374cb9c72@gmx.net>
In-Reply-To: <9079214d-4a36-7883-122e-c36374cb9c72@gmx.net>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3251)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=nrooney@gsma.com;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [51.6.68.18]
x-ms-office365-filtering-correlation-id: 493153e6-392f-4038-9e0d-08d40713cccb
x-microsoft-exchange-diagnostics: 1; VI1PR0401MB2061; 7:e0wnYAAfUNsk3TcmJpE/AnoDovy/ts32EoB8I6IxciZfSFhNB1DpTRLYvbhmleLYPB/McPr1V/wZrhwqpa1qOOW2ZhkCzFB81iEfHcex79fWczbgRavMfR7be9X5IBQV6YyK8jdEgVZ6xUys7SXEWRSovJFz1Uafb4Y0eL9vFjuf5tkH79ZNbG6XhPFzeg6tVuv0CxTwaJyBVP89rup5jVg9bG0dYraOAiPU9u6ZTqkb7HmKPqG42BJpCaJ9BnEH/mdw+4E9D7QJaghxwhvqGAohnXfTJm7mCEklFyif7QCicQ+3e8225bL9djFBnyFaOkwS5xhdO4Ukbplqm7voHWLcsc3o9bImTssj0W2HPHI=
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:VI1PR0401MB2061;
x-microsoft-antispam-prvs: <VI1PR0401MB20610BE3FE62CFA436FF748FC3A70@VI1PR0401MB2061.eurprd04.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(278428928389397)(120809045254105)(192374486261705)(248736688235697)(160794256991155)(21532816269658);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6045074)(6060229)(6040176)(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(6061226)(6046074); SRVR:VI1PR0401MB2061; BCL:0; PCL:0; RULEID:; SRVR:VI1PR0401MB2061;
x-forefront-prvs: 0119DC3B5E
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(7916002)(189002)(377454003)(24454002)(199003)(7736002)(50986999)(101416001)(83716003)(7846002)(81166006)(81156014)(6916009)(122556002)(8676002)(36756003)(76176999)(66066001)(92566002)(16236675004)(86362001)(8936002)(10400500002)(5002640100001)(106356001)(106116001)(105586002)(110136003)(3280700002)(4326007)(11100500001)(2906002)(189998001)(2900100001)(230783001)(97736004)(33656002)(5660300001)(3660700001)(19617315012)(82746002)(5890100001)(57306001)(50226002)(15975445007)(77096005)(586003)(2950100002)(6116002)(102836003)(3846002)(7906003)(87936001)(68736007)(19580395003)(19580405001)(104396002); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR0401MB2061; H:VI1PR0401MB2064.eurprd04.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: gsma.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_A07E9CF1C23A410087033759665D02FEgsmacom_"
MIME-Version: 1.0
X-OriginatorOrg: gsma.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Nov 2016 13:41:38.6340 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72a4ff82-fec3-469d-aafb-ac8276216699
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0401MB2061
X-MS-Exchange-CrossPremises-AuthAs: Internal
X-MS-Exchange-CrossPremises-AuthMechanism: 04
X-MS-Exchange-CrossPremises-AuthSource: VI1PR0401MB2064.eurprd04.prod.outlook.com
X-MS-Exchange-CrossPremises-SCL: 1
X-MS-Exchange-CrossPremises-messagesource: StoreDriver
X-MS-Exchange-CrossPremises-BCC:
X-MS-Exchange-CrossPremises-originalclientipaddress: 51.6.68.18
X-MS-Exchange-CrossPremises-avstamp-service: 1.0
X-MS-Exchange-CrossPremises-disclaimer-hash: 78ca8040c6722e32c2f5b0a45bf37e74b9409d645a53be96aa19958e0cee0f00
X-MS-Exchange-CrossPremises-antispam-scancontext: DIR:Originating; SFV:NSPM; SKIP:0;
X-MS-Exchange-CrossPremises-processed-by-journaling: Journal Agent
X-OrganizationHeadersPreserved: VI1PR0401MB2061.eurprd04.prod.outlook.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/u9A5pq5W1iwDXcKWe0hTh6JqoQM>
Cc: Keith Moore <moore@network-heretics.com>, saag <saag@ietf.org>
Subject: Re: [saag] draft-moore-iot-bcp-00 (Best Current Practices for Securing Internet of Things (IoT) Devices)
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Nov 2016 13:41:46 -0000

Hey Hannes!

The Connected Living team here at GSMA wrote them. If you wish to send in suggestions let me know off-list, I’ll connect you with the right person.

Natasha

On 7 Nov 2016, at 12:57, Hannes Tschofenig <hannes.tschofenig@gmx.net<mailto:hannes.tschofenig@gmx.net>> wrote:

Hi Natasha,

thanks for pointing us to this GSMA effort.

Could you provide a little bit of feedback on who wrote these documents?

Ciao
Hannes


On 11/07/2016 11:41 AM, Natasha Rooney wrote:
Hi Keith,

The Connected Living team here at GSMA recently published the IOT
Security Guidelines (including a self-assessment scheme) for the same
purpose as your draft but with a wider focus (mobile operator networks,
service providers and applications). The guidelines may provide some
input to the draft.

http://www.gsma.com/connectedliving/future-iot-networks/iot-security-guidelines/

Thanks!

Natasha


On 5 Nov 2016, at 01:25, Keith Moore <moore@network-heretics.com
<mailto:moore@network-heretics.com>> wrote:

Stephen Farrell suggested I bring this draft to your attention. This
was a rush job as the authors just started talking about this last
Friday, but it was written in response to recent DDoS attacks that
utilized easily-compromised IoT devices.   I'm sure there are missing
pieces (I've identified a few since -00) and sections that could be
stated better (like the title of section 2.3.2), but hopefully this is
a useful start.

https://datatracker.ietf.org/doc/draft-moore-iot-security-bcp/

Keith


_______________________________________________
saag mailing list
saag@ietf.org
https://www.ietf.org/mailman/listinfo/saag

This email and its attachments are intended for the above named only and
may be confidential. If they have come to you in error you must take no
action based on them, nor must you copy or show them to anyone; please
reply to this email or call +44 207 356 0600 and highlight the error.



_______________________________________________
saag mailing list
saag@ietf.org<mailto:saag@ietf.org>
https://www.ietf.org/mailman/listinfo/saag


This email and its attachments are intended for the above named only and may be confidential. If they have come to you in error you must take no action based on them, nor must you copy or show them to anyone; please reply to this email or call +44 207 356 0600 and highlight the error.

v2.23.0 | Report a Bug | By Email