IETF Logo Mail Archive

[T2TRG] Quick Doodle T2TRG security topics (Re: New topic for T2TRG?)

Carsten Bormann <cabo@tzi.org> Mon, 20 December 2021 09:40 UTC

Return-Path: <cabo@tzi.org>
X-Original-To: t2trg@ietfa.amsl.com
Delivered-To: t2trg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A8C983A078E for <t2trg@ietfa.amsl.com>; Mon, 20 Dec 2021 01:40:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o1g8RP-iVV0H for <t2trg@ietfa.amsl.com>; Mon, 20 Dec 2021 01:40:23 -0800 (PST)
Received: from gabriel-smtp.zfn.uni-bremen.de (gabriel-smtp.zfn.uni-bremen.de [IPv6:2001:638:708:32::15]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 404A73A0788 for <t2trg@irtf.org>; Mon, 20 Dec 2021 01:40:22 -0800 (PST)
Received: from [192.168.217.118] (p5089a436.dip0.t-ipconnect.de [80.137.164.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by gabriel-smtp.zfn.uni-bremen.de (Postfix) with ESMTPSA id 4JHZM641gVzDCm8; Mon, 20 Dec 2021 10:40:18 +0100 (CET)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.7\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <AM4PR0701MB21955D1AB35A1A335B5EFDD0F4669@AM4PR0701MB2195.eurprd07.prod.outlook.com>
Date: Mon, 20 Dec 2021 10:40:18 +0100
Cc: "t2trg@irtf.org" <t2trg@irtf.org>, "core@ietf.org" <core@ietf.org>
X-Mao-Original-Outgoing-Id: 661686018.002265-b39d317f38754abfc304e79ad978ac26
Content-Transfer-Encoding: quoted-printable
Message-Id: <97ED3090-7BBA-4ED8-B50B-26C5AC863EB5@tzi.org>
References: <YYkUABLfpU/SRaxX@hephaistos.amsuess.com> <YYqfI38dg8035RLn@hephaistos.amsuess.com> <YZPGVxFc7AvdYXNB@hephaistos.amsuess.com> <AM4PR0701MB21955D1AB35A1A335B5EFDD0F4669@AM4PR0701MB2195.eurprd07.prod.outlook.com>
To: "Apple Inc." <goran.selander@ericsson.com>
X-Mailer: Apple Mail (2.3608.120.23.2.7)
Archived-At: <https://mailarchive.ietf.org/arch/msg/t2trg/a5pGXzSU4KIywO8BzUtHOfpFDIg>
Subject: [T2TRG] Quick Doodle T2TRG security topics (Re: New topic for T2TRG?)
X-BeenThere: t2trg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IRTF Thing-to-Thing Research Group <t2trg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/t2trg>, <mailto:t2trg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/t2trg/>
List-Post: <mailto:t2trg@irtf.org>
List-Help: <mailto:t2trg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/t2trg>, <mailto:t2trg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Dec 2021 09:40:29 -0000

I assume most people are mostly in holiday mode already.
We did want to have a chat this year about setting up a T2TRG activity around research issues in securing IoT (tentatively called “seccore”), similar to WISHI, but probably with a different core group of people attending.
Some background for that in Göran's mail cited below.

I have put up 9 potential meeting slots this week:
https://doodle.com/poll/7e76k335hd6d28k3

If you are interested, please choose slots you can still make.
I plan to close this COB US today, so please click quickly.

This week’s meeting is mostly for planning and, first and foremost, discussing the scope we want to communicate.
The actual first meeting of a seccore activity would probably then be in 2022W2, but that is one of the things we want to discuss this week.

That link was https://doodle.com/poll/7e76k335hd6d28k3 ...

Grüße, Carsten


> On 2021-11-29, at 17:15, Göran Selander <goran.selander@ericsson.com> wrote:
> 
> Dear T2TRG,
>  
> As reported from the CoRE applications side meeting below, there seems to be an interest in progressing topics in the area of security for constrained RESTful environments, and a proposal to host that work in T2TRG.
>  
> * What?
>  
> CoAP can be used in various settings beyond simple REST. How do we adapt existing security requirements and solutions to these new modes of operation? Some work of this kind is already in progress in the IETF but some issues go beyond the individual IETF WGs, or could benefit from additional contributions from a wider audience, reviews and information sharing.
> Examples include:
> - Rekeying with PFS vs. stateless operations [2]
> - Firmware updates using group communication
> - Efficient and secure tunnelling of CoAP in CoAP
> - Notifications surviving rekeying
> - Progressing pub-sub with CoAP
>  
>  
>  
> * Why?
>  
> To progress applications of CoAP in different security settings which "touch standardization in the IETF" [1] but are not necessarily in scope of a single working group like CoRE, ACE, SUIT, COSE, LAKE, etc.
>  
>  
> * How?
>  
> Through a "sister" of WISHI:  A recurring meeting series under the T2TRG umbrella about topics on security for constrained RESTful environments. Working name: seccore (which apparently may mean "dryness" in some Italian context; not intended as a characterization of the content :-)  Frequency and topics open for discussion.
>  
>  
> * Comments?
>  
> What do people think?
>  
> Should we try to have a first meeting before the upcoming holiday season?
>  
>  
> Göran
>  
> [1] Thing-to-Thing (t2trg) - (ietf.org)
> [2] [core] KUDOS, PFS and operations considerations (ietf.org)
>  
>  
>  
> From: core <core-bounces@ietf.org> on behalf of Christian Amsüss <christian@amsuess.com>
> Date: Tuesday, 16 November 2021 at 15:57
> To: core@ietf.org <core@ietf.org>
> Subject: Re: [core] CoRE applications side meetings (pubsub / dynlink)?
> 
> Hello,
> 
> On Tue, Nov 09, 2021 at 05:17:39PM +0100, Christian Amsüss wrote:
> > based on the feedback that arrived, a small group will meet tomorrow
> > (Thursday) 10:00 UTC in the hackathon area to look through some
> > applications (pubsub, problem-details), possibly doing examples or check
> > out how things align with current CoRAL.
> 
> the small group was not all that small and very lively -- thanks
> everyone for participating!
> 
> I've attached the minutes here in case the pad we used[1] goes away.
> 
> While we figure out how to best make more of the CoRE ecosystem publicly
> visible at coap.technology, we can already start collecting material at
> the wiki[2].
> 
> Best regards
> Christian
> 
> [1]: https://notes.ietf.org/GaM_PWd2TnmY0DrTe6DdQA?view
> [2]: https://protect2.fireeye.com/v1/url?k=f4bbca08-ab20f04d-f4bb8a93-867b36d1634c-1b783ca428431080&q=1&e=a3621d21-f226-4875-acd7-faaf5c694f88&u=https%3A%2F%2Fgithub.com%2Fcore-wg%2Fwiki%2Fwiki
> 
> -- 
> To use raw power is to make yourself infinitely vulnerable to greater powers.
>   -- Bene Gesserit axiom

v2.23.0 | Report a Bug | By Email