[iot-wg] The DNS and the Internet of Things: Opportunities, Risks, and Challenges

Hi Eliot,

Thanks for the response. My comments inline:

On 07/06/2019 09:29, Eliot Lear wrote:
>
> Hi Ad & Sandoche,
>
> Good that SSAC has published something.  There really are some big 
> challenges here for IoT.  In the area of DNS, one challenge is that 
> in order to limit attacks, you really do want the network to limit 
> access to services, and that means knowing which domains the device 
> should be speaking to.
>
The SPIN project from SIDN 
(https://www.sidnlabs.nl/en/news-and-blogs/redesigning-spin-to-a-reference-platform-for-secure-and-privacy-enabled-iot-home-networks), 
seems to be a possible solution.

Also, there is another plugin from Princeton that lets one to inspect 
IoT traffic in your home network right from the browser:
https://iot-inspector.princeton.edu/blog/post/getting-started/

https://iot-inspector.princeton.edu/blog/


>   That creates some challenges.  That means some sort of consistency 
> with regard to DNS query responses to the device and to the 
> enforcement point.  The ultimate approach to that is coordination 
> between the resolver and the enforcement point, but snooping has 
> worked in the past.  And so you can see some DoH challenges if IoT 
> devices implement that capability prematurely.
>
>
==> Is this a topic that our group can focus on and maybe prepare a RIPE 
BCP (Best Current Practice) or BCOP (Best Current Operation Practice) 
document like the document prepared by ICANN SSAC for the RIPE community?

Please send your views.

Sandoche.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </ripe/mail/archives/iot-wg/attachments/20190607/b320ba79/attachment.html>