Colleagues, here is v1.0 of the agenda for the WG meeting in Reykjavik. Please note this is subject to last-minute tweaking (running order, timings, etc). I don’t expect there will be substantial changes. Famous last words... 1. Administrivia 2. ITU Study Group 20 Update (5 mins) Patrik Faltstrom, Netnod 3. RIOT Summit Report (5 mins) Matthias Waehlisch, Freie Universitaet Berlin 4. Legal, security & ethical aspects of running an IoT network (20 mins) Mirjam Kühne, RIPE NCC RIPE Atlas is a global active measurement infrastructure, maintained by the RIPE NCC based on the voluntary contributions of thousands of probe hosts worldwide. In essence those RIPE Atlas probes are IoT devices that people place in their homes. In this presentation we will present the ethical, security and legal aspects that are put in place in order to support and protect this shared responsibility between the RIPE NCC as the provider or the platform and the users. 5. Building a smart house and you want to do it yourself? (20 mins) Jan Zorz Jan is building a house and since he wanted to build a smart one, he went through the process of testing and experimenting with different IOT devices communicating over different protocols wireless, as well as through hardware and software choices of open source home automation software. Alongside the process of connecting all the dots, privacy concerns also arise and it's time to have a proper discussion about these issues. 6. Spinning CPEs: collaborative work on CPE IoT protection (20 mins) Jelte Jansen, SIDN Labs Peter Steinhäuser, Embedd In this joint presentation, Peter Steinhäuser (Embedd) and Jelte Jansen (SIDN Labs) discuss their work on home network protection, including related standardization work, SPIN in OpenWRT, and an interactive SPIN demo. 7. A Residential IoT Unquarantine Playbook (20 mins) Michael Richardson, Sandelman Software Works Increased use of automated IoT security mechanisms such as the Manufacturer Usage Description means that devices will increasingly be "taken offline" for possible violations of stated security policy. Detection of a possible violations is just a first step. There are a number of additional steps necessary to return the device to correct operation. For residential IoT devices, agency, the only clear organization that the resident has a relationship with is the Internet (access) Service Provider (ISP). The ISP helpdesk will inevitably take the call and needs to pass the call off to a manufacturer or other entity, providing as much information as possible in an automated way. This presentation is about the process (the playbook) to be followed, and it attempts to identify which steps of the protocol can be automated with existing and/or up-coming protocols, and where there are gaps that could be automated. 8. AOB