[iot-wg] Draft RIPE 80 IoT WG Minutes

Dear all,

Below is the DRAFT minutes received from RIPE.  Thanks for providing us 
the comments on the draft  before 14/06/2020.  The plan is to publish 
the minutes on the website in two weeks period.

---- ****  -------

**


*1) Administrivia *

This presentation is available here:

https://ripe80.ripe.net/presentations/34-RIPE-80-IoT-WG.pdf

There were no changes to the agenda.

The minutes from RIPE 79 were approved.

It was noted that at RIPE 79, a group of volunteers had formed to 
develop on an outline document ona RIPE scope for proactively mitigating 
IoT attacks. They werecurrently working on a draft and would share this 
on the mailing list.

*2) WG co-chair appointment*

Jim Reid

The presentation is available here:

https://ripe80.ripe.net/archives/video/367/

Jim said his term as WG co-chair was ending and there were twoexcellent 
candidatesto replace him.However, as they had both received equal 
support, there was no clear consensus on who should be chosen. According 
to the WG’s selection process, if consensus was not able to be reached, 
the RIPE Chair would make this decision.

Hans Petter Holen, RIPE Chair, said he would review the mailing list and 
announce his decision in the closing plenary.

Jim thanked both candidates for standing and said he was sure either of 
them would do a great job.

Benedikt Stockebrand, Stepladder IT, suggested theyconsiderhavingthree 
chairs.

Jim said the view of both Sandoche and himself was that the workload was 
not enough to justify this. However, if the WG wanted to have three 
chairs, it could update the selection process to allow for a third chair.

*3) RIPE NCC IoT Update *

Marco Hogewoning, RIPE NCC


This presentation is available here:

https://ripe80.ripe.net/presentations/23-RIPE80-IoT-WG_comms.pdf

Luna, no affiliation, asked if one’s voice used for Google Assistant, 
Siri and Alexa was searchable and whetherthis would be considered 
Personal Identifying Information (PII) in the future.

Marco saidthis was still uncertain.

Jim added that “PII”was an American legal term; the official term used 
in the European region was“Personal Data”.

Jim asked whathad been happening at the ITU regarding IoT.

Marco Hogewoning said there were several topics under discussion:the 
NewIP proposal(which might have its own component in IoT), some attempts 
at standardising incident and accident reporting, and some developments 
in authorisation and authentication methodology based on blockchain.

*4) Preparing SMEs for IoT Security Standards and Regulation*

Stacie Hoffman, Oxford Information Labs

This presentation is available here:
https://ripe80.ripe.net/presentations/44-RIPE80_Hoffmann.pdf

Paul Rendek, DSTREAM GROUP, asked how theywere planning to reach out to 
small and medium enterprises.

Stacie said they would carry out a marketing campaignand they were 
working with a company to build a strategy for this. Theywerealso using 
their own network of contacts in the IoT Security Foundation and 
innovation centers.

Stacie said if anyone in the audience knewof networks that would like to 
contribute, they would be open to this.

Blake Willis, iBrowse, asked if they were planning to use conformity 
logos and stamps.

Stacie replied that they were not working on this specifically, but 
there was another workstream thatwas developing an IoT security 
compliance framework.

Paul asked if links to this material could be sent tothe IoT Working 
Group when it was available.

Paul Steinhäuser, embeDD GmbH, asked how the vulnerability 
informationwould be used.

Stacie said the platform was meant to be a way to report vulnerabilities 
to a company and for the company to communicate with the reporterto 
solve it. For now, there were no plans to use this information beyond 
the platform.

*5) AOB *

There were no AOBs.

End of session.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </ripe/mail/archives/iot-wg/attachments/20200604/f11902f2/attachment.html>