Re: [smartobjectdir] Call for Review of draft-iab-smart-object-architecture-04.txt, "Architectural Considerations in Smart Object Networking"

Steve Crocker <steve@shinkuro.com> Fri, 29 August 2014 11:33 UTC

Return-Path: <Steve@shinkuro.com>
X-Original-To: smartobjectdir@ietfa.amsl.com
Delivered-To: smartobjectdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1563B1A0110; Fri, 29 Aug 2014 04:33:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.46
X-Spam-Level:
X-Spam-Status: No, score=0.46 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, HELO_EQ_DSL=1.129, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.668, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id waxlKXTu1L6W; Fri, 29 Aug 2014 04:33:00 -0700 (PDT)
Received: from execdsl.com (remote.shinkuro.com [50.56.68.178]) by ietfa.amsl.com (Postfix) with ESMTP id A8F871A0011; Fri, 29 Aug 2014 04:32:59 -0700 (PDT)
Received: from dummy.name; Fri, 29 Aug 2014 11:32:59 +0000
Content-Type: multipart/alternative; boundary="Apple-Mail=_2D5DB18E-9977-4EBE-A027-AE4097538322"
Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\))
From: Steve Crocker <steve@shinkuro.com>
In-Reply-To: <49EFDAD1-D7A3-4A6D-A2E3-AF603671B1CF@gmail.com>
Date: Fri, 29 Aug 2014 07:27:55 -0400
Message-Id: <081C75F2-2034-47D8-A5AE-5B86F0F795B1@shinkuro.com>
References: <D1D25EE7-9B6F-47BD-9D39-3EC8B9288D98@iab.org> <49EFDAD1-D7A3-4A6D-A2E3-AF603671B1CF@gmail.com>
To: Ralph Droms <rdroms.ietf@gmail.com>, IAB <iab@iab.org>, IETF SmartObjectDir <smartobjectdir@ietf.org>
X-Mailer: Apple Mail (2.1874)
Archived-At: http://mailarchive.ietf.org/arch/msg/smartobjectdir/DVV86DQoIWPS7BV0p7U6IWKEfwE
X-Mailman-Approved-At: Fri, 29 Aug 2014 08:04:49 -0700
Cc: "Stephen D. Crocker" <steve@shinkuro.com>, IETF <ietf@ietf.org>, IETF Announce <ietf-announce@ietf.org>
Subject: Re: [smartobjectdir] Call for Review of draft-iab-smart-object-architecture-04.txt, "Architectural Considerations in Smart Object Networking"
X-BeenThere: smartobjectdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <smartobjectdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/smartobjectdir>, <mailto:smartobjectdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/smartobjectdir/>
List-Post: <mailto:smartobjectdir@ietf.org>
List-Help: <mailto:smartobjectdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/smartobjectdir>, <mailto:smartobjectdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Aug 2014 11:33:01 -0000

Another “security” dimension that’s increasingly relevant is whether the design, configuration or operation might lead to unintended storms.  For a recent example of such a problem, see:

http://www.washingtonpost.com/blogs/capital-weather-gang/wp/2014/08/26/national-weather-service-website-taken-down-by-overzealous-android-app/

In February this year, the US National Science Foundation sponsored a workshop on Interdisciplinary Pathways towards a More Secure Internet.  The report included several recommendation, two of which seem relevant here.

Create a Framework for Managing Software Updates

The Internet of Things will challenge our current channels for distributing security updates. An environment must be developed for distributing security patches that scales to a world where almost everything is connected to the Internet and many “things” are largely unattended.


Enhance the Security of the Internet of Things by Identifying Enclaves

The security challenges posed by the emerging Internet of Things should be addressed now, to prepare before it is fully upon us. By identifying specific use segments, or “enclaves,” Internet of Things infrastructure stakeholders can address the security requirements and devise event remediations for that enclave.
Steve



On Aug 29, 2014, at 7:12 AM, Ralph Droms <rdroms.ietf@gmail.com> wrote:

> The security section is especially handwavey ... especially considering security is probably more important for smart objects while there are fewer resources available for implementing security in smart objects than elsewhere.
> 
> Here's a useful take on the security issue that might provide some guidance for additional tet in the security section: http://trac.tools.ietf.org/wg/ace/trac/wiki/Questions
> 
> If the IAB is not prepared to undertake recommendations on security at this time, in my opinion security should be tagged as a topic for future work in addition to the pointers to earlier work.
> 
> - Ralph
> 
> On Aug 27, 2014, at 2:18 PM 8/27/14, IAB Chair <iab-chair@iab.org> wrote:
> 
>> This is a call for review of "Architectural Considerations in Smart Object Networking" prior to potential approval as an IAB stream RFC.
>> 
>> The document is available for inspection here: https://datatracker.ietf.org/doc/draft-iab-smart-object-architecture/
>> 
>> The Call for Review will last until 24 September 2014.  Please send comments to iab@iab.org.
>> 
>> On behalf of the IAB,
>>  Russ Housley
>>  IAB Chair
>> 
>