Minutes IETF111: iotops
minutes-111-iotops-00

### Scribe
Kiran Mahhjijani
(with help from Michael Richardson)

## MINUTES

23:00   Administrivia
        (5 min; chairs)

23:05   Requirements and Scenarios for Industry Internet Addressing
        https://datatracker.ietf.org/doc/draft-km-industrial-internet-requirements/
        (10+5 min; Kiran Makhijani)

MCR asks: Need to suck OT folks in, and we should publish a spec and get some
feedback. (and invoke Cunningham's Law: the best way to the an answer on the
Internet, is to post the wrong answer)

Kiran: Yes, this seems like a good start.  Can bring people in from OT?

Carsten: We should be planning ahead, and components that we can supply now. 
Address sizes is not a new problem, and we have discussed in various WGs,
6LoWPAN is a pretty good solution, and we should look at whether these can be
used in OT networks.  Some sort of gateway between IT and OT networks will be
necessary.

Kiran: I look at that at the interface level. But, we need to understand data
at a more meaningful level.  Network layer will come in use.

Carsten: We could define IP over Modbus, but applications on those networks
would not be able to make use of that.  Perhaps we need to define a framework.

Henk: Lots of barriers between the factory floor and the cloud.  We need to
capture the problem statements.

Eliot: Both said, if they build, they will come (or scream at us).  But, when
it comes to TLS, they (OPCUA) didn't do that, which was probably not a great
choice.  We should ask why they did that?  Ask questions like: You have
overlapping technology, why did you decide to build it, what problems does it
solve that we were not solving?  Could have an interim meeting with this group
and (IIC?)  Could have a liaison with them.

Henk: Need to cut the line.  Kiran, please take this to the list and progress
this.

23:20   Involuntary Ownership Transfer of IoT devices: problem statement
        https://datatracker.ietf.org/doc/draft-richardson-iotops-iot-iot
        (7+8 min; Michael Richardson)

Henk: Omission of policy at some point has to be addressed.

Eliot: Tackled this issue some time ago on my blog post. Take inventory on how
it works.

MCR: If we deploy MUD everywhere, then the MUD controller could (really need a
protocol here)

Eliot: Let's not make this about MUD.

Brendan: A solution to this problem is desparately needed to fix some real
humanitarian problems (e.g., domestic violence)

23:35   Different aspects of onboarding for IoT/Edge Devices
        https://datatracker.ietf.org/doc/draft-nordmark-iotops-onboarding
        (10+5 min; Erik Nordmark)

Hannes: Question from chat on how EVE (Edge Virtualization Engine) works.

Erik: Please look at github

Hannes: Is EVE like other onboarding solutions, or is it something different?

Erik: <I missed the first part of the answer>.  Somehow related to FIDO.  If
you have more specific questions, then please ping me.

Links:
https://www.tfir.io/erik-nordmark-explains-edge-virtualization-engine-eve/,
https://www.lfedge.org/projects/eve/ https://github.com/lf-edge/eve

23:50   A summary of security-enabling technologies for IoT devices
        https://datatracker.ietf.org/doc/draft-moran-iot-nets/
        (10+5 min; Brendan Moran)

Eliot suggests that this might be covered in
https://csrc.nist.gov/publications/detail/nistir/8259/final
    This is the type of work we would like to adopt to say how the architecture
    works.

Dave: the security of IOT deployments should conform to recommendations
(whatever those be). There are 4 different set of parties but have to work
together.
    What kind of document should this be - BCP/informational, etc?

00:05   EAP Usability
        https://datatracker.ietf.org/doc/draft-dekok-emu-eap-usability/
        (5+5 min; Alan DeKok)
Eliot: every problem we have heard in user space we hear in IoT space. If you
are amenable to removing user name from EAP (??).

Alan: create a well known name EAP.ARPA for these kind of provisioning of names
and authenticators have an idea.

00:15   Challenges with addressing in IoT networks
        (5+5 min; Toerless Eckert)

Henk: Interesting problem space and summary --> presentation in rtgarea and
intarea for solution.

Michael: Started a flame thread a decade ago about how to get address space
that they don't want to route.  If I need IP connectivity, but not Internet
connectivity then I should be able to allocate a /56 for each device.  But this
is too expensive, so they just use ULA, which is free.  This seems to keep
going around in circles.  Not suggesting that this work should be done in
IOTOPs, but if we care about this problem in Assemblies then we need to get
this work done somewhere.

Toerless: Perhaps a problem statement might raise some awareness?

Henk: This space would benefit from precise statements that perhaps could be
merged later.

    00:25   Secure Zero Touch Provisioning (SZTP) at IOTOPS
        (10+5 min; Kent Watsen)

Kent: This is being discussed in NETCONF.

Toerless: One thing that I like about NETCONF, I like that it is controlled by
the NETCONF server rather than the client.  I was surprised by this solution,
in that it seemed less modular.

Kent: This is an interesting question, but tried to make it more generic.  I
have been following the work in ANIMA, and there have been lots of pages
written.

Toerless: I wasn't considering BRSKI, I was more interested about the design of
sZTP.

Kent: The reason that I brought up BRSKI is because it is a separated module
where as sZTP is more integrated.

-----

Henk: I would like to discuss the route to the path for adoption WGs.  If you
think that you work is interesting then you can come directly to the chairs. 
Also, having discussion on the IOTOPs mailing list makes chairs notice such
work.  The third choice is about naming drafts (to include "iotops" in the
name).

Toerless: Can also add documents to the data tracker?

Henk: Editors of documents have to do at least one of the above steps to
demonstrate interest in their drafts to be adopted by the WG.