I think that Michaels' suggestion of an informal group, invite only, chatham house rules is excellent. Within the DNS community this existed for many years (I wasn't a direct participant). It was led by folks like Andrew Sullivan (now Internet Society CEO) and others. Inside Baseball what they termed it ... because they'd use IETF meeting or NANOG meetings to then get to the closest baseball game, have a series of meetings, etc. Always Chatham House rules. I know similar groups exist in the DDoS fighters space -- with some overlap to the DNS operators because of amplification attacks, etc. Always discussing sensitive matters, so Chatham House rules definitely apply. I'm certain that there are those at RIPE now (or previously) who could provide guidance on how comms were established, etc. I know I was in the room with folks who brokered contacts with other key players during the Oct 2016 Dyn attack as an example. -phil On Thu, Jul 7, 2022 at 6:00 AM <iot-wg-request@ripe.net> wrote:

Send iot-wg mailing list submissions to iot-wg@ripe.net

To subscribe or unsubscribe via the World Wide Web, visit https://lists.ripe.net/mailman/listinfo/iot-wg or, via email, send a message with subject or body 'help' to iot-wg-request@ripe.net

You can reach the person managing the list at iot-wg-owner@ripe.net

When replying, please edit your Subject line so it is more specific than "Re: Contents of iot-wg digest..."

Today's Topics:

1. Re: the vague IoT/RIPE-NCC training question (Michael Richardson)

----------------------------------------------------------------------

Message: 1 Date: Wed, 06 Jul 2022 13:10:59 -0400 From: Michael Richardson <mcr+ietf@sandelman.ca> To: =?utf-8?Q?Peter_Steinh=C3=A4user?= <ps@embedd.com>, IoT WG RIPE <iot-wg@ripe.net> Subject: Re: [iot-wg] the vague IoT/RIPE-NCC training question Message-ID: <27027.1657127459@localhost> Content-Type: text/plain; charset="utf-8"

{did we sort out who are the new co-chairs?}

Peter Steinh?user <ps@embedd.com> wrote: > Regarding your initial topic about the NCC training offerings I tend to stand on Jim?s > side. Nevertheless I think this WG could:

> 1) Identify IoT aspects that affect ISPs from the broad field of topcis, as you already > mentioned a bit further below. @Daniel: I salute your comment, I think that?s we > should focus on.

> 2) Work on RIPE documents, i.e. like the BCOP document we were working on. Such > documents then could found a base for trainings, if done by the RIPE NCC or third > parties tends to be seen.

Any other thoughts?

> Getting engagement from the ISPs seems a tricky matter. Inside prpl currently IoT is > not a relevant topic, at least none of the major ISPs seems to have brought it up, yet. > Talking to IXPs as well could give us broader view. Although they have not direct control > about the end user?s CPEs they can get seriously affected by DDoS attacks and > should have a good interest in prevention.

This concern is what originally motivated CIRA to engage in the SHG project. What we really have is a major, industry-wide, tragedy of the commons https://en.wikipedia.org/wiki/Tragedy_of_the_commons situation. The entities most affected by poor security and resulting DDoS attacks are not the entities able to affect change. The ones who could affect change do not have the resources and/or motivation to do so.

>> So, what would I like to see: >> >> 1) increase connection with RIPE NCC with organizations like >> iotsecurityfoundation.org. IoTSF is among the few places I've found which >> are not about hype or marketing, who seem to have real connections to both >> places/people technical and people/places regulatory. Like the IETF, though, >> we need more participation of operators.... not just the airy-fairy senior >> security architects from various ISPs, but actual people in the >> trenches.

Let me ask a question here. Is there a means by which the RIPE NCC can (or is already) be in the loop for reports about DDoS attacks on ISPs and critical (European) infrastructure? I don't mean *me*, or the IOT-WG. I understand that this kind of thing is often confidential. I am asking if the RIPE NCC can act as an air-gap firewall, exfiltrating important aspects of the incidents. We can only fix things that we can measure! Also: _tell me how you will measure me, and I'll tell you how I will act_

>> Is there an opportunity to collect wisdom together? >> Maybe some kind of symposium of operators and openwrt developers could >> happen. OpenWRT has had conferences, although often not that well advertised >> in advance. pprlFoundation sometimes has conferences I think. The >> WBAlliance does stuff, but alas, 90% of what I see is total marketing.

One approach might be a small colloquium of operators/developers meeting under Chatham House rules. I'm sure that I could get IoTSF to host such a thing in London, but there may be better times/places at which the right people are already there. Note that for the conversation to be genuine it couldn't be open to the public, but a report would be generated.

-- Michael Richardson <mcr+IETF@sandelman.ca> . o O ( IPv6 I?T consulting ) Sandelman Software Works Inc, Ottawa and Worldwide