Initiative to create a RIPE BCOP discussion document on proactively mitigating IoT attacks in CPE
Dear all, The origin for this initiative came from the ICANN SSAC document on DNS and IoT : https://www.icann.org/en/system/files/files/sac-105-en.pdf As RIPE IoT chairs, we asked (in the RIPE IoT mailing list) whether we should prepare a Best Current Operational Practice (BCOP) document in RIPE scope for proactively mitigating IoT attacks. From both the Academy and the Industry, we got interests to contribute to this work. Possible contributors name can be found at the end of this mail: Thanks for your input on how to proceed further: 1. Do you think the topic is useful for the RIPE community? If yes, any guidance on how to proceed further will be appreciated. 2. Should this discussion be initiated in the RIPE IoT WG and not in the BCOP task force? 3. Anyone in this mailing list would be interested in contributing or provided references to people who will be interested to contribute? People who have already expressed interest in contributing: *From the Academy: * 1. Andrzej Duda (http://duda.imag.fr/) 2. Maciej Korczynski (http://mkorczynski.com/) *From the Industry:* 1. Ad Bresser (SPIN product manager) 2. Eliott Lear (CISCO) 3. Jacques Latour (CIRA - The Canadian Internet registry) 4. Peter Steinhauser (Embedd.com) 5. Possiblity from CZNIC (Czech Internet registry) who are involved in Turris router project Sandoche.
Hi all, Le vendredi 14 juin 2019, sandoche Balakrichenan <sandoche.balakrichenan@afnic.fr <mailto:sandoche.balakrichenan@afnic.fr>> a écrit : Dear all, The origin for this initiative came from the ICANN SSAC document on DNS and IoT : https://www.icann.org/en/system/files/files/sac-105-en.pdf <https://www.icann.org/en/system/files/files/sac-105-en.pdf> As RIPE IoT chairs, we asked (in the RIPE IoT mailing list) whether we should prepare a Best Current Operational Practice (BCOP) document in RIPE scope for proactively mitigating IoT attacks. From both the Academy and the Industry, we got interests to contribute to this work. Possible contributors name can be found at the end of this mail: Thanks for your input on how to proceed further: 1. Do you think the topic is useful for the RIPE community? If yes, any guidance on how to proceed further will be appreciated. Dear Sandoche, Thanks for this initiative. ...IMHO, the usefulness of this kind of topic is based on fact and we can easily gather these facts in every communities around the Internet ecosystem ; including the RIPE Community. Internet Society have shared a blog post [1] about the collaborative security. Maybe you are following a similar security approach :-/ This week i heard about an hidden microphone [2] inside an IoT home equipment, distributed in France... For reference, you have a blog [3] about how the RIPE Atlas network “of IoT” could be used as a “BCOP” for the IoT industry :-) 1. Should this discussion be initiated in the RIPE IoT WG and not in the BCOP task force? Surely the two WG matter. But if you need useful information about IoT, the IoT WG with its community is the appropriate place to go... ...let's say, you can prepare a survey for them, and include most of them in the process ; amongst other collaborative|inclusive possible actions... __ [1] https://www.internetsociety.org/collaborativesecurity/approach/ <https://www.internetsociety.org/collaborativesecurity/approach/> • https://www.internetsociety.org/collaborativesecurity/ <https://www.internetsociety.org/collaborativesecurity/> [2]: In French — https://www.numerama.com/tech/526115-monsieur-cuisine-connect-lidl-sexplique... <https://www.numerama.com/tech/526115-monsieur-cuisine-connect-lidl-sexplique-sur-laffaire-du-micro-cache.html> [3]: https://labs.ripe.net/Members/kistel/ripe-atlas-probes-as-iot-devices <https://labs.ripe.net/Members/kistel/ripe-atlas-probes-as-iot-devices> 1. Anyone in this mailing list would be interested in contributing or provided references to people who will be interested to contribute? People who have already expressed interest in contributing: *From the Academy: * 1. Andrzej Duda (http://duda.imag.fr/) 2. Maciej Korczynski (http://mkorczynski.com/) *From the Industry:* 1. Ad Bresser (SPIN product manager) 2. Eliott Lear (CISCO) 3. Jacques Latour (CIRA - The Canadian Internet registry) 4. Peter Steinhauser (Embedd.com) 5. Possiblity from CZNIC (Czech Internet registry) who are involved in Turris router project Sandoche. I'm new here, then i hope this helps :-) Regards, --sb. __ http://www.chretiennement.org
Hi Sylvain, Thanks for your inputs. We will be taking a look at your references. Sandoche. On 14/06/2019 13:25, Sylvain BAYA wrote:
Hi all,
Le vendredi 14 juin 2019, sandoche Balakrichenan <sandoche.balakrichenan@afnic.fr <mailto:sandoche.balakrichenan@afnic.fr>> a écrit :
Dear all,
The origin for this initiative came from the ICANN SSAC document on DNS and IoT : https://www.icann.org/en/system/files/files/sac-105-en.pdf <https://www.icann.org/en/system/files/files/sac-105-en.pdf>
As RIPE IoT chairs, we asked (in the RIPE IoT mailing list) whether we should prepare a Best Current Operational Practice (BCOP) document in RIPE scope for proactively mitigating IoT attacks.
From both the Academy and the Industry, we got interests to contribute to this work. Possible contributors name can be found at the end of this mail:
Thanks for your input on how to proceed further:
1. Do you think the topic is useful for the RIPE community? If yes, any guidance on how to proceed further will be appreciated.
Dear Sandoche, Thanks for this initiative.
...IMHO, the usefulness of this kind of topic is based on fact and we can easily gather these facts in every communities around the Internet ecosystem ; including the RIPE Community.
Internet Society have shared a blog post [1] about the collaborative security. Maybe you are following a similar security approach :-/
This week i heard about an hidden microphone [2] inside an IoT home equipment, distributed in France...
For reference, you have a blog [3] about how the RIPE Atlas network “of IoT” could be used as a “BCOP” for the IoT industry :-)
1. Should this discussion be initiated in the RIPE IoT WG and not in the BCOP task force?
Surely the two WG matter. But if you need useful information about IoT, the IoT WG with its community is the appropriate place to go...
...let's say, you can prepare a survey for them, and include most of them in the process ; amongst other collaborative|inclusive possible actions... __ [1] https://www.internetsociety.org/collaborativesecurity/approach/ <https://www.internetsociety.org/collaborativesecurity/approach/> • https://www.internetsociety.org/collaborativesecurity/ <https://www.internetsociety.org/collaborativesecurity/> [2]: In French — https://www.numerama.com/tech/526115-monsieur-cuisine-connect-lidl-sexplique... <https://www.numerama.com/tech/526115-monsieur-cuisine-connect-lidl-sexplique-sur-laffaire-du-micro-cache.html> [3]: https://labs.ripe.net/Members/kistel/ripe-atlas-probes-as-iot-devices <https://labs.ripe.net/Members/kistel/ripe-atlas-probes-as-iot-devices>
1. Anyone in this mailing list would be interested in contributing or provided references to people who will be interested to contribute?
People who have already expressed interest in contributing:
*From the Academy: *
1. Andrzej Duda (http://duda.imag.fr/) 2. Maciej Korczynski (http://mkorczynski.com/)
*From the Industry:*
1. Ad Bresser (SPIN product manager) 2. Eliott Lear (CISCO) 3. Jacques Latour (CIRA - The Canadian Internet registry) 4. Peter Steinhauser (Embedd.com) 5. Possiblity from CZNIC (Czech Internet registry) who are involved in Turris router project
Sandoche.
I'm new here, then i hope this helps :-) Regards, --sb. __ http://www.chretiennement.org
Hi, Sounds like a great idea. Should we put you on BCOP TF agenda for Rotterdam meeting and we discuss it there? Cheers, Jan On 14/06/2019 04:22, sandoche Balakrichenan wrote:
Dear all,
The origin for this initiative came from the ICANN SSAC document on DNS and IoT : https://www.icann.org/en/system/files/files/sac-105-en.pdf
As RIPE IoT chairs, we asked (in the RIPE IoT mailing list) whether we should prepare a Best Current Operational Practice (BCOP) document in RIPE scope for proactively mitigating IoT attacks.
From both the Academy and the Industry, we got interests to contribute to this work. Possible contributors name can be found at the end of this mail:
Thanks for your input on how to proceed further:
1. Do you think the topic is useful for the RIPE community? If yes, any guidance on how to proceed further will be appreciated. 2. Should this discussion be initiated in the RIPE IoT WG and not in the BCOP task force? 3. Anyone in this mailing list would be interested in contributing or provided references to people who will be interested to contribute?
People who have already expressed interest in contributing:
*From the Academy: *
1. Andrzej Duda (http://duda.imag.fr/) 2. Maciej Korczynski (http://mkorczynski.com/)
*From the Industry:*
1. Ad Bresser (SPIN product manager) 2. Eliott Lear (CISCO) 3. Jacques Latour (CIRA - The Canadian Internet registry) 4. Peter Steinhauser (Embedd.com) 5. Possiblity from CZNIC (Czech Internet registry) who are involved in Turris router project
Sandoche.
-- Jan Zorz Internet Society mailto:<zorz@isoc.org> ------------------------------------------ "Time is a lake, not a river..." - African
Hi Jan, I feel that if we are able to group the concerned contributors and get together an initial draft, we should include that for discussion in the BCOP TF. I will get back to you in mid-september with updates. Sandoche. On 15/06/2019 01:51, Jan Zorz wrote:
Hi,
Sounds like a great idea. Should we put you on BCOP TF agenda for Rotterdam meeting and we discuss it there?
Cheers, Jan
On 14/06/2019 04:22, sandoche Balakrichenan wrote:
Dear all,
The origin for this initiative came from the ICANN SSAC document on DNS and IoT : https://www.icann.org/en/system/files/files/sac-105-en.pdf
As RIPE IoT chairs, we asked (in the RIPE IoT mailing list) whether we should prepare a Best Current Operational Practice (BCOP) document in RIPE scope for proactively mitigating IoT attacks.
From both the Academy and the Industry, we got interests to contribute to this work. Possible contributors name can be found at the end of this mail:
Thanks for your input on how to proceed further:
1. Do you think the topic is useful for the RIPE community? If yes, any guidance on how to proceed further will be appreciated. 2. Should this discussion be initiated in the RIPE IoT WG and not in the BCOP task force? 3. Anyone in this mailing list would be interested in contributing or provided references to people who will be interested to contribute?
People who have already expressed interest in contributing:
*From the Academy: *
1. Andrzej Duda (http://duda.imag.fr/) 2. Maciej Korczynski (http://mkorczynski.com/)
*From the Industry:*
1. Ad Bresser (SPIN product manager) 2. Eliott Lear (CISCO) 3. Jacques Latour (CIRA - The Canadian Internet registry) 4. Peter Steinhauser (Embedd.com) 5. Possiblity from CZNIC (Czech Internet registry) who are involved in Turris router project
Sandoche.
participants (4)
-
Jan Zorz -
sandoche Balakrichenan -
Sandoche Balakrichenan
-
Sylvain BAYA