<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <p>Hi Eliot, <br>
    </p>
    <p>Thanks for the response. My comments inline:<br>
    </p>
    <div class="moz-cite-prefix">On 07/06/2019 09:29, Eliot Lear wrote:<br>
    </div>
    <blockquote type="cite"
      cite="mid:96aca81f-1517-b2ad-9e4c-6323d3632ce5@ofcourseimright.com">
      <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
      <p>Hi Ad & Sandoche,</p>
      <p>Good that SSAC has published something.  There really are some
        big challenges here for IoT.  In the area of DNS, one challenge
        is that in order to limit attacks, you really do want the
        network to limit access to services, and that means knowing
        which domains the device should be speaking to.</p>
    </blockquote>
    <p>The SPIN project from SIDN (<a
href="https://www.sidnlabs.nl/en/news-and-blogs/redesigning-spin-to-a-reference-platform-for-secure-and-privacy-enabled-iot-home-networks">https://www.sidnlabs.nl/en/news-and-blogs/redesigning-spin-to-a-reference-platform-for-secure-and-privacy-enabled-iot-home-networks</a>),
      seems to be a possible solution.</p>
    <p>Also, there is another plugin from Princeton <span style="color:
        rgb(17, 17, 17); font-family: "PT Serif", STZhongsong,
        华文中宋, "Microsoft Yahei", serif; font-size: 16px;
        font-style: normal; font-variant-ligatures: normal;
        font-variant-caps: normal; font-weight: 400; letter-spacing:
        normal; orphans: 2; text-align: start; text-indent: 0px;
        text-transform: none; white-space: normal; widows: 2;
        word-spacing: 0px; -webkit-text-stroke-width: 0px;
        background-color: rgb(255, 255, 255); text-decoration-style:
        initial; text-decoration-color: initial; display: inline
        !important; float: none;">that lets one to inspect IoT traffic
        in your home network right from the browser:</span><br>
      <span style="color: rgb(17, 17, 17); font-family: "PT
        Serif", STZhongsong, 华文中宋, "Microsoft Yahei",
        serif; font-size: 16px; font-style: normal;
        font-variant-ligatures: normal; font-variant-caps: normal;
        font-weight: 400; letter-spacing: normal; orphans: 2;
        text-align: start; text-indent: 0px; text-transform: none;
        white-space: normal; widows: 2; word-spacing: 0px;
        -webkit-text-stroke-width: 0px; background-color: rgb(255, 255,
        255); text-decoration-style: initial; text-decoration-color:
        initial; display: inline !important; float: none;"><a
          href="https://iot-inspector.princeton.edu/blog/post/getting-started/">https://iot-inspector.princeton.edu/blog/post/getting-started/</a></span></p>
    <p><a href="https://iot-inspector.princeton.edu/blog/">https://iot-inspector.princeton.edu/blog/</a></p>
    <br>
    <blockquote type="cite"
      cite="mid:96aca81f-1517-b2ad-9e4c-6323d3632ce5@ofcourseimright.com">
      <p>  That creates some challenges.  That means some sort of
        consistency with regard to DNS query responses to the device and
        to the enforcement point.  The ultimate approach to that is
        coordination between the resolver and the enforcement point, but
        snooping has worked in the past.  And so you can see some DoH
        challenges if IoT devices implement that capability prematurely.</p>
      <br>
    </blockquote>
    <p>==> Is this a topic that our group can focus on and maybe
      prepare a RIPE BCP (Best Current Practice) or BCOP (Best Current
      Operation Practice) document like the document prepared by ICANN
      SSAC for the RIPE community?<br>
    </p>
    <p>Please send your views.</p>
    <p>Sandoche.<br>
    </p>
  </body>
</html>