Re: [T2TRG] [saag] New Version Notification for draft-irtf-t2trg-iot-seccons-02.txt
Barry Raveendran Greene <bgreene@senki.org> Tue, 04 April 2017 14:22 UTC
Return-Path: <bgreene@senki.org>
X-Original-To: t2trg@ietfa.amsl.com
Delivered-To: t2trg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 166D21296AC for <t2trg@ietfa.amsl.com>; Tue, 4 Apr 2017 07:22:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.619
X-Spam-Level:
X-Spam-Status: No, score=-2.619 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fr3SHfwu-f5L for <t2trg@ietfa.amsl.com>; Tue, 4 Apr 2017 07:22:05 -0700 (PDT)
Received: from smtp157.dfw.emailsrvr.com (smtp157.dfw.emailsrvr.com [67.192.241.157]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8A8A71294EE for <T2TRG@irtf.org>; Tue, 4 Apr 2017 07:22:05 -0700 (PDT)
Received: from smtp12.relay.dfw1a.emailsrvr.com (localhost [127.0.0.1]) by smtp12.relay.dfw1a.emailsrvr.com (SMTP Server) with ESMTP id DE2C140287; Tue, 4 Apr 2017 10:22:04 -0400 (EDT)
X-Auth-ID: bgreene@senki.org
Received: by smtp12.relay.dfw1a.emailsrvr.com (Authenticated sender: bgreene-AT-senki.org) with ESMTPSA id 5B774402BF; Tue, 4 Apr 2017 10:22:04 -0400 (EDT)
X-Sender-Id: bgreene@senki.org
Received: from [172.16.1.5] (c-73-92-124-43.hsd1.ca.comcast.net [73.92.124.43]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:587 (trex/5.7.12); Tue, 04 Apr 2017 10:22:04 -0400
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
From: Barry Raveendran Greene <bgreene@senki.org>
In-Reply-To: <483ad18f-5ded-96e0-3008-1d0eb38f5566@cisco.com>
Date: Tue, 04 Apr 2017 07:22:03 -0700
Cc: "Garcia-Morchon O, Oscar" <oscar.garcia-morchon@philips.com>, "T2TRG@irtf.org" <T2TRG@irtf.org>, "saag@ietf.org" <saag@ietf.org>, Mohit Sethi <mohit.m.sethi@ericsson.com>, "Kumar, Sandeep" <sandeep.kumar@philips.com>
Content-Transfer-Encoding: quoted-printable
Message-Id: <0DC0BAC2-C6BA-4D15-9343-60642BBD93C7@senki.org>
References: <149096223256.21673.7096150636636687245.idtracker@ietfa.amsl.com> <1546ba0e65e946b681ccec46f2abcd8c@DB5PR9001MB0165.MGDPHG.emi.philips.com> <483ad18f-5ded-96e0-3008-1d0eb38f5566@cisco.com>
To: Eliot Lear <lear@cisco.com>
X-Mailer: Apple Mail (2.3259)
Archived-At: <https://mailarchive.ietf.org/arch/msg/t2trg/JXnBGBE10C_TOvRBw_kSmUcku6Q>
Subject: Re: [T2TRG] [saag] New Version Notification for draft-irtf-t2trg-iot-seccons-02.txt
X-BeenThere: t2trg@irtf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IRTF Thing-to-Thing \(T2T\) Research-Group-in-creation" <t2trg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/t2trg>, <mailto:t2trg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/t2trg/>
List-Post: <mailto:t2trg@irtf.org>
List-Help: <mailto:t2trg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/t2trg>, <mailto:t2trg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Apr 2017 14:22:08 -0000
Hi Team, I agree with Eliot. The draft is disconnected with reality. I attend a lot of “IoT Hack-a-thons” out in Asia (my wife is usually a judge). These are always huge events whose participation exceeds the organizer’s expectations. At no time do I see any of the teams ever think about security. The few times I offer to give “mini-IoT security workshops” get little interest. Why? Because everyone is focused on the IoT coding for the function - not the lifecycle. The reality with IoT devices is that drafts like this are idea, but don’t match reality. I’m now thinking a head what we have to do on the Network in Operators when my “rate of customer infection” goes from 20% - 30% (today) to 70% - 80%. Connected Appliances with a +10 year lifecycle with the owners not maintaining them, is a new world for us. I survey of all the IoT Security “standards” and “guidelines” assumes we can remediate the violated IoT device. I put forward for the IETF that we cannot assume remediation. We have to assume that we cannot remediate. Hence, we need other tools in the network to mitigate the risk. Barry > On Apr 4, 2017, at 3:32 AM, Eliot Lear <lear@cisco.com> wrote: > > Hi Oscar, > > While I appreciate the draft, there is an elephant in the room. Not a > day passes when we hear of yet another compromise of a so-called "IoT" > system. Sometimes these compromises are trivial, and sometimes they are > involved. At the end of the day, the sheer quantity of Things mandates > some form of network-level protection that the draft should discuss, to > protect those devices from attack. As was mentioned in the f2f, what if > Bob turns out to be, or becomes evil, or is otherwise 0wn3d by Chuck? > > Eliot > > > On 4/3/17 9:10 AM, Garcia-Morchon O, Oscar wrote: >> Hi, >> >> we have submitted a new version of the Internet Draft on security considerations for the IoT. >> Comments are welcome. >> >> https://tools.ietf.org/html/draft-irtf-t2trg-iot-seccons-02 >> >> Regards, Oscar. >> >> -----Original Message----- >> From: internet-drafts@ietf.org [mailto:internet-drafts@ietf.org] >> Sent: Friday, March 31, 2017 2:11 PM >> To: Mohit Sethi <mohit@piuha.net>; Kumar, Sandeep <sandeep.kumar@philips.com>; Kumar, Sandeep <sandeep.kumar@philips.com>; Garcia-Morchon O, Oscar <oscar.garcia-morchon@philips.com>; irtf-chair@irtf.org; t2trg-chairs@ietf.org >> Subject: New Version Notification for draft-irtf-t2trg-iot-seccons-02.txt >> >> >> A new version of I-D, draft-irtf-t2trg-iot-seccons-02.txt >> has been successfully submitted by Oscar Garcia-Morchon and posted to the IETF repository. >> >> Name:draft-irtf-t2trg-iot-seccons >> Revision:02 >> Title:State of the Art and Challenges for the Internet of Things >> Document date:2017-03-31 >> Group:t2trg >> Pages:56 >> URL: https://www.ietf.org/internet-drafts/draft-irtf-t2trg-iot-seccons-02.txt >> Status: https://datatracker.ietf.org/doc/draft-irtf-t2trg-iot-seccons/ >> Htmlized: https://tools.ietf.org/html/draft-irtf-t2trg-iot-seccons-02 >> Htmlized: https://datatracker.ietf.org/doc/html/draft-irtf-t2trg-iot-seccons-02 >> Diff: https://www.ietf.org/rfcdiff?url2=draft-irtf-t2trg-iot-seccons-02 >> >> Abstract: >> The Internet of Things concept refers to the usage of standard >> Internet protocols to allow for human-to-thing or thing-to-thing >> communication. The security needs are well-recognized and and many >> standardization steps have been taken, for example, specification of >> CoAP over DTLS. However, security challenges still exist and there >> are some use cases that lack a suitable solution. This document >> first provides an overview of security architecture, its deployment >> model, security needs in the context of the lifecycle of a thing, as >> well as the state of the art on IoT security. Then, we discuss the >> concept of security profiles for the successful roll-out of secure >> IoT applications and describe remaining security challenges in the >> IoT. >> >> >> >> >> Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. >> >> The IETF Secretariat >> >> >> ________________________________ >> The information contained in this message may be confidential and legally protected under applicable law. The message is intended solely for the addressee(s). If you are not the intended recipient, you are hereby notified that any use, forwarding, dissemination, or reproduction of this message is strictly prohibited and may be unlawful. If you are not the intended recipient, please contact the sender by return e-mail and destroy all copies of the original message. >> _______________________________________________ >> T2TRG mailing list >> T2TRG@irtf.org >> https://www.irtf.org/mailman/listinfo/t2trg >> > > > _______________________________________________ > saag mailing list > saag@ietf.org > https://www.ietf.org/mailman/listinfo/saag
- Re: [T2TRG] [saag] New Version Notification for d… Garcia-Morchon O, Oscar
- Re: [T2TRG] New Version Notification for draft-ir… Garcia-Morchon O, Oscar
- Re: [T2TRG] New Version Notification for draft-ir… Eliot Lear
- Re: [T2TRG] [saag] New Version Notification for d… Barry Raveendran Greene
- Re: [T2TRG] [saag] New Version Notification for d… Peter Gutmann
- Re: [T2TRG] [saag] New Version Notification for d… Barry Raveendran Greene
- Re: [T2TRG] [saag] New Version Notification for d… Garcia-Morchon O, Oscar
- Re: [T2TRG] [saag] New Version Notification for d… Garcia-Morchon O, Oscar
- Re: [T2TRG] New Version Notification for draft-ir… Garcia-Morchon O, Oscar
- Re: [T2TRG] New Version Notification for draft-ir… Eliot Lear
- Re: [T2TRG] [saag] New Version Notification for d… Peter Gutmann
- Re: [T2TRG] [saag] New Version Notification for d… Thorsten Dahm