Dear all, Below is the DRAFT minutes received from RIPE. Thanks for providing us the comments on the draft before 14/06/2020. The plan is to publish the minutes on the website in two weeks period. ---- **** ------- ** *1) Administrivia * This presentation is available here: https://ripe80.ripe.net/presentations/34-RIPE-80-IoT-WG.pdf There were no changes to the agenda. The minutes from RIPE 79 were approved. It was noted that at RIPE 79, a group of volunteers had formed to develop on an outline document ona RIPE scope for proactively mitigating IoT attacks. They werecurrently working on a draft and would share this on the mailing list. *2) WG co-chair appointment* Jim Reid The presentation is available here: https://ripe80.ripe.net/archives/video/367/ Jim said his term as WG co-chair was ending and there were twoexcellent candidatesto replace him.However, as they had both received equal support, there was no clear consensus on who should be chosen. According to the WG’s selection process, if consensus was not able to be reached, the RIPE Chair would make this decision. Hans Petter Holen, RIPE Chair, said he would review the mailing list and announce his decision in the closing plenary. Jim thanked both candidates for standing and said he was sure either of them would do a great job. Benedikt Stockebrand, Stepladder IT, suggested theyconsiderhavingthree chairs. Jim said the view of both Sandoche and himself was that the workload was not enough to justify this. However, if the WG wanted to have three chairs, it could update the selection process to allow for a third chair. *3) RIPE NCC IoT Update * Marco Hogewoning, RIPE NCC This presentation is available here: https://ripe80.ripe.net/presentations/23-RIPE80-IoT-WG_comms.pdf Luna, no affiliation, asked if one’s voice used for Google Assistant, Siri and Alexa was searchable and whetherthis would be considered Personal Identifying Information (PII) in the future. Marco saidthis was still uncertain. Jim added that “PII”was an American legal term; the official term used in the European region was“Personal Data”. Jim asked whathad been happening at the ITU regarding IoT. Marco Hogewoning said there were several topics under discussion:the NewIP proposal(which might have its own component in IoT), some attempts at standardising incident and accident reporting, and some developments in authorisation and authentication methodology based on blockchain. *4) Preparing SMEs for IoT Security Standards and Regulation* Stacie Hoffman, Oxford Information Labs This presentation is available here: https://ripe80.ripe.net/presentations/44-RIPE80_Hoffmann.pdf Paul Rendek, DSTREAM GROUP, asked how theywere planning to reach out to small and medium enterprises. Stacie said they would carry out a marketing campaignand they were working with a company to build a strategy for this. Theywerealso using their own network of contacts in the IoT Security Foundation and innovation centers. Stacie said if anyone in the audience knewof networks that would like to contribute, they would be open to this. Blake Willis, iBrowse, asked if they were planning to use conformity logos and stamps. Stacie replied that they were not working on this specifically, but there was another workstream thatwas developing an IoT security compliance framework. Paul asked if links to this material could be sent tothe IoT Working Group when it was available. Paul Steinhäuser, embeDD GmbH, asked how the vulnerability informationwould be used. Stacie said the platform was meant to be a way to report vulnerabilities to a company and for the company to communicate with the reporterto solve it. For now, there were no plans to use this information beyond the platform. *5) AOB * There were no AOBs. End of session.