►
From YouTube: IETF112-IOTOPS-20211112-1600
Description
IOTOPS meeting session at IETF112
2021/11/12 1600
https://datatracker.ietf.org/meeting/112/proceedings/
A
A
So
it's
at
the
top
of
the
hour,
oh
yeah
and
meek.
Echo
now
understands
that
I
can
talk
to
it.
Welcome
everybody
to
the
last
session
slot
in
the
iitf
105
meeting,
unfortunately
not
in
a
local
physical
location,
but
probably
from
your
home
and
office
spaces
good
morning
good
evening,
and
maybe
a
good
somewhere
in
the
world.
This
is
the
iot
operations
meeting,
I'm
hank
burkholz,
I'm
one
of
your
co-chair
and
alexa.
You
can
see
our
video
is
also
with
us
here.
A
We
are
sharing
this
cool
space
for
people
to
talk
about
the
operations
of
iot,
the
internet
of
things,
and
we
have,
I
guess,
actually
again
a
very
full
agenda
today.
We
always
try
to
enable
discussion
here,
but
sometimes
where
the
schedule
is
for
it
is
so
so
let
us
go
through
the
movements
here.
This
session
is
being
recorded.
Please
be
aware
of
that.
You
are
operating
under
the
iatf
note.
A
Well,
so
everything
you
can
you
say
here
should
be
okay
with
your
ipr
interests
also
be
nice
to
each
other.
There
is
an
anti-harassment
and
code
of
conduct
policy.
Of
course,
at
the
bottom
of
this
slide,
you
can
see
a
few
bcps
if
you're
not
familiar
with
these,
just
just
think
about
if
you
are
recorded
here,
this
will
be
captured
by
the
internet
society
and
the
itf
itself.
A
Next
slide
is
this
here,
so
I
don't
have
to
say
next
slide
is
so
great,
so
yeah.
If
you
have
some
problems
with
this
again,
there
has
been
recent
activities.
There
is
an
ombudsman
that
you
can
talk
to.
I
don't
know
if
I
think
we
have
a
very
chill
crowd
here,
so
that
is
probably
just
just
fyi,
but
if
you
have
a
problem,
there's
always
somebody
to
speak
to.
So
we
are
very
welcoming
community
here
and
can
deal
with
conflicts.
A
Then,
if
your
first
time
here,
please
mute
your
mics.
This
is
an
auto
feature
for
me.
Echo
luckily
try
to
use
a
headphone
to
reduce
feedback
when
you're
talking
to
the
group
and
if
you
have
other
issues,
I
think
that's
the
most
interesting
thing
here
at
the
bottom.
There's
an
issue
tracker
for
the
meetings
that
you
can
give
some
feedback
on.
A
So
we
have
again
our
twitch
lives,
alexia
and
me
that's
alexi
and
me
we
have
not
assigned
javascribe.
Let
me
look
if
there
is
somebody
on
jabba,
yes,
carson
is
there
and
so
michael.
If
you
could
have
a
look
at
the
chats
most
java,
people
are
now
linked
into
big
echo.
So
if
there's
something
noteworthy
on
the
chat,
maybe
you
might
be
able
to
capture
that
also
minutes
are
taken
and
can
be
edited
and
viewed
by
everybody
live
here
via
the
link
other
meetings
materials.
A
Apparently
you
want
to
meet
echo
because
you're
here
we
have
again
full
agenda.
So
I'm
already
taking
up
three
minutes
of
my
five
minutes
and
the
first
presentation
is
coming
up,
but
I
actually
do
not
know
how
to
pronounce
that
name
be
chat.
A
Maybe
you
can
unmute
yourself
already
and
I
can
start
to
share
your
slides
soon,
but
there's
also
some
from
iotsf
have
nick
presenting
here.
So
michael
is
a
misnomer.
Unfortunately,
he's
just
the
orchestrator
of
this
presentation
then
later
in
the
time
frame,
we
have
a
framework
for
integrated
literature
and
networks.
I
think
that
wasn't
has
been
highlighted
already
on
the
list
and
it
might
be
a
50-minute
talk
and
then
elliot
will
come
in
insecure
talk
about
some
midlife
crisis.
A
Of
course
not
his,
but
iot
devices
have
a
life
cycle
and
in
the
midst
of
it
something
might
happen.
So
this
will
be
our
topic
for
today.
Maybe
there's
some
open
mic
at
the
end.
I
think
we
have
a
last
minute
presenter
that
might
be
roy
williams,
I'm
not
sure
if
he
presented
some
slides,
but
I
think
he
has
some
news
on
how
signing
in
the
iot
might
take
a
a
strong
direction.
A
So
I
will,
when
it
comes
and
remind
him
that
he
might
have
15
minutes
and
not
20
of
these.
So
now
let
me
try
to
share
the
first
presentation.
B
B
Hello
good
morning,
folks,
well
some
of
you
good
afternoon,
maybe
or
even
good
night
yeah,
I'm
going
to
talk
about
hardware
based
authentication.
B
My
co-author
is
the
dirk
von
hugo
or
maybe
the
real
pronunciation
is
dirk.
B
He
is
currently
vacationing
in
somewhere
in
africa,
and
this
yours
truly
has
to
present
it
next
slide.
Please.
B
Yeah,
what
is
this
hardware
based?
Iot
authentication?
This
is
actually
somebody
we
are
stealing
from
somebody.
I'm
gonna
show
the
next
slide.
The
main
idea
comes
from
him,
and
so
we
basically
the
next
generation
type
of
communication,
characterized
by
diverse
applications
connecting
in
a
heterogeneous
environment.
B
All
sorts
of
technologies
are
going
to
be
used
and
actually
currently
being
used
for
in
in
such
an
environment,
especially
6g
we're
talking
about
authentication
models
based
on
human
intervention,
8.1x
and
so
on,
do
not
fit
well
in
in
the
next
generation
communication
era.
So
what
we
need
is
the
hardware
what
we
called
it.
Hardware-Based
authentication
quote:
unquote,
it
could
be
maybe
there's
a
better
name.
B
So
currently
there's
a
project
edited
at
11
sensing
wireless
lan
sensing
project,
and
we,
as
we
are
closely
following
that
project
and
very
actively
being
pursued
basically
doing
wireless
lan
signal
to
do
the
sensing,
and
so
it
could
be.
It
could
be
a
good
proper
framework
for
for
us,
especially
in
the
wi-fi
wi-fi
for
wi-fi,
enabled
devices,
and
we
saw
some
efforts
in
3gpp
to
trying
to
do
the
same
thing
using
5g
or
6g
signal
next.
C
B
Yeah,
this
is
the
the
reference
we
got.
This
idea
from
professor
henning
schulzner.
Maybe
some
of
you
know
him
the
ieee
future
networks
webinar
he
gave
in
february
earlier
this
year.
So
he
talked
about
these
things
and
we
need
them.
New
include
for
including
new
devices
into
a
home
personal
network.
B
For
these
types
of
scenarios,
should,
I
admit,
a
smart,
teapot,
blinking,
red
and
blue
here
is
a
list
of
device,
manifests.
Add
them
to
the
network,
admit
the
device
I
just
touched:
blinking
device
admit
the
blinking
device,
I'm
pointing
the
camera
at.
So
it's
very
high
level
scenarios
admit
the
play
the
device
playing
a
melody.
B
Now,
what
we
need
key
technologies
do
we
have
them
in
place,
wi-fi
sensing
is,
is
being
worked
out
and
it
and
we
could
probably
have
a
5g
60
sensing
also,
and
these
are
being
worked
out
and
the
other
one
is.
I
think
we
need
ai
or
neural
network
models
that
will
take
this
raw
sensing
data
and
is
going
to
generate
higher
level
things.
We
are
looking
for.
B
So
and
there's
a
lot
of
work
going
on
here,
also
actually
in
our
draft,
we
mentioned
many
papers
doing
work
in
in
these
also
enough
references
about
wi-fi
sensing
project
and
all
that,
so
I
suggest
you
look
and
lo
you
check
with
our
draft,
and
so
of
course
we
need
also
the
you
know:
proofing
making
sense
sensing
resilient
to
proofing
and
adverse
general
conditions
present
in
the
presence
of
noise
and
interference
from
other
technologies.
B
This
is,
I
guess,
a
nicer
play
work
and
it
could
also
be
embellished
by
ietf
work
in
the
future
as
well.
Next
slide
next
slide.
B
Now
again,
our
our
aim
is
to
introduce
this
idea
and
actually
we
didn't
know
any
any
similar
work
in
ietf.
We
recently
found
out.
There
is
some
like
e-oob
project
or
there's
a
draft
in
emu,
it's
quite
relevant
to
this
project.
We
are
studying
that
currently
and
then
they
have
a
paper
and
there
they
have
some
results
about
the
camera
data
processing
as
well.
That
seems
to
be
very
relevant
too.
B
So
those
are
the
things
we
are
currently
looking
into
and
if
there's
others
we
don't
know,
please
let
us
know
so
we
have
this
draft
just
introduced
the
idea
and
also
gives
a
lot
of
literature
survey.
B
We
we
we
had
a
mailing
list,
pid
lock,
which
was
established
before
we
have
re-uh
re-engineered,
if
you
might
call
it
to
to
this
purpose,
to
discuss
hardware-based
authentication.
So
we
invite
people
who
are
not
on
that
list.
Please
join
subscribe
to
the
list
and
let's
have
good
discussions
there
and
let's
try
to
see
if
this
work
should
advance
in
ietf.
B
A
D
Yeah
next
slide:
please
we
kick
started
the
discussion
about
industry,
iot
or
industry
networks
and
their
integration
with
id
technologies
last
time
in
itf11,
and
there
were
two
major
feedbacks
that
we
received,
that
we
should
have
a
framework
to
work
on
and
we
should
find
the
right
stakeholders.
D
So,
instead
of
continuing
with
the
same
document,
we
created
a
new
framework,
specific
document
just
to
have
broader
perspective,
and
it
is
at
a
very
high
level.
I
just
want
to
share
my
mindset
or
thoughts,
how
we
approach
this
document
and
looking
for
feedback
and
then,
of
course,
some
kind
of
engagement
with
other
people
in
terms
of
reviewing
collaboration
and
coordination.
D
And
the
motivation
is
pretty
much
the
same,
that
we
talked
about
last
time
that,
to
what
extent
we
can
use
I.t
technologies
and
integrate
it
with
industry
networks
and
cloudification
virtual
plc,
integration
of
different
kind
of
media
technologies,
whether
they
are
field
buses,
ethernet
or
tsn-
how
to
integrate
those
together.
D
And
this
is
the
high
level
structure
of
the
framework.
We
tried
to
divide
the
document
into
three
parts.
First
thing
was
just
to
give
it
a
name
that
what
it
is,
an
integrated
industrial
industry
network
and
describe
and
identify
different
components
and
interfaces
that
will
make
more
sense
from
people
who
are
familiar
from
the
iedf
background.
D
D
What
kind
of
interfaces
are
required
or
protocols
that
will
come
into
picture
when
you
have
interactions
between
cloud
and
a
factory
site,
and
for
that
we
leveraged
the
ldn
nomenclature,
which
is
defined
in
rfc
879,
and
our
main
focus
was
just
to
align,
stay
aligned
with
industry
control
architecture,
and
that
was
very
difficult
to
find,
and
we
already,
we
have
also
identified
some
kind
of
cooperation,
how
we
can
work
with
some
well-known
organizations
and
reach
out
to
them
for
feedback
and
comments.
Next
slide.
D
And
it
was
very
hard
to
find
a
good
architecture,
but
in
general,
this
purdue
model
is
quite
prevalent
in
the
industry.
It
talks
about
how
industry
verticals
are
divided
into
five
levels
and
where
how
they
do
exchange
of
information
from
level
three
to
level
four,
for
example,
when
you're
going
out
from
ot
world
to
id
world
where
you
have
gateways
and
servers,
something
like
hmi
and
mes
scud
and
scada
house
card
interfaces
with
the
id
level
protocol.
D
So
there
is
a
translation
of
security
zones
from
l3
to
l4
and
then,
when
you
actually
go
up
to
the
enterprise
or
business
level,
applications
then,
which
is
normally
you're
in
the
cloud
or
the
enterprise
security
zone.
So
there
are
three
different
security
zones
and
we
wanted
to
preserve
this
model
that
when
we
build
the
framework,
we
are
not
jumping
directly
from
l5
to
l0.
D
D
And
we
did
this
by
using
the
ldn
model,
so
a
simple
case
will
be
on
a
site
one.
I
have
level
0
to
level
4
functions
and
then
it
interfaces
with
site
c,
which
is
my
enterprise
zone
and
it
has
business
applications.
This
will
have
an
interface
like
internet
and
what
I'm
showing
here
is
there
are
a
lot
of
things
happening
here.
Actually,
so
there
is
what
I
say:
bp
are
my
boundary
protocols.
D
Let's
say
I
want
to
host
l1
l2
l3,
something
like
virtualized
plc
in
an
enterprise
zone
and
your
actuators
and
sensors
are
still
on
the
factory
side.
You
want
to
have
some
kind
of
remote
control,
then.
Hopefully
there
is
some
kind
of
low
latency
infrastructure
like
that
net
in
place.
So
how
would
we
interact
between
that?
D
D
There
are
even
on
top
of
it,
there's
multiple
layers,
so
there
is
no
easier
way
to
describe
the
architecture
from
some
of
someone
who's
looking
into
the
ot,
so
I
tend
to,
and
so
I
was
leaning
on
the
figure
on
the
right
hand
side.
So,
let's
not
try
to
get
into
each
and
every
minute
function.
This
is
not
going
to
help
us,
so
what
we
can
do
is
we
can
stick
to
these
interfaces
and,
let's
not
think
about
an
end,
to
end
connections
between
l5
and
l0.
D
We
can
think
of
our
disconnectivity
as
a
segmented
interface,
so
you
will
have
some
communication
at
l0
to
l3,
and
then
you
honor
some
policies
and
then
so
on.
So
you
go
on
and
build
this
segment,
and
if
these
issues
we
talked
about,
when
I
say
inside
protocol,
this
is
a
terminology
from
ldn,
and
this
refers
to
our
industry
zone,
and
we
talked
about
certain
issues
that
today
everything
is
encapsulated
at
the
application
level,
so
actual
data
or
what
your
sensor,
how
your
sensor
is
communicated.
D
It
is
at
the
application
level,
past
tcp
or
udp.
So
this
way
your
policies
are
pretty.
They
are
much
larger
because
you
have
to
look
deeper
into
the
packet
to
figure
out
what
traffic
should
go
where.
So.
This
is
one
of
the
issues
that
we
could
simplify
in
this
architecture.
D
Then
I
talked
a
lot
about
these
zones
and
firewalls
are
pretty
stateful
and
how
you
configure
them
is
quite
a
challenge.
Second
thing
is
that
most
of
these
zones
are
somewhat
physically
separated
and
isolated
from
each
other.
If
we
talk
about
cloud
cloudification
and
softwareization,
we
have
to
think
about
the
security
model
slightly
differently
and
how
we
provisions
the
firewalls,
and
if
the
scale
goes
up,
then
we
cannot
have
firewalls
with
every
single
flow
of
traffic.
D
So
so
canonical
format
for
architecture
in
id
technology
is
that
we
must
have
a
management
plane,
a
control
plane
and
a
data
plane.
So
from
the
management
perspective,
obviously
we
should
focus
on
some
of
the
autonomous
things,
and
most
of
the
things
I
was
thinking
about
is
the
device
management
that
how
will
you
make
sure
that
devices
are
well
known
within
that
management
plane
of
that
industry
zone?
They
are
onboarded,
they
are
secure
and
they
are
trusted,
and
how
do
you
distribute
policies
from
management
plane?
D
All
the
way
down,
control
plane
is
very
somewhat
integrated
with
the
kind
of
data
plane
we
come
up
with,
and
I
alluded
to
it
last
time
that
it
will
be
quite
beneficial
to
think
of
a
data
plane
which
is
more
optimized
for
industry
networks
and
obviously
it
is
not
possible
to
use
something
like
traditional
ip
protocols
or
encapsulations.
D
It
is
just
too
intensive,
and
one
of
the
problem
is
that
we
just
don't
have
actuators
and
motors
on
the
floor.
Every
such
device
has
some
kind
of
sensors
associated
with
them,
and
those
sensors
are
emitting
data.
The
data
is
pretty
short
and
the
frequency
is
high
if
we
start
encapsulating
everything
with
traditional
protocols,
it
is
going
to
consume
lot
of
bandwidth,
which
may
not
be
suitable
next.
D
So
if
you
and
now,
if
you
go
deeper
into
this
architecture,
we
can
split
the
framework
from
three
different
perspectives.
First
part
is
the
device
side
and
defining
the
end.
Point
itself
will
be
an
interesting
work.
For
example,
what
is
my
virtual
plc?
How
do
we
identify
this
virtual
plc
if
it
is
somewhere
in
the
cloud?
How
do
I
access
it
or
how
I'm
going
to
allow
that
virtual
plc
to
talk
to
my
sensor?
D
Digital
twins,
nmrg
folks,
are
already
talking
about
it.
So
it's
not
that
researchy
from
idf
perspective
and
if
we
have
to
develop
an
instance
for
a
digital
twin
for
a
part
of
the
system
subsystem
on
the
factory
floor.
How
will
we
identify
that?
Will
that
be
an
end
point
in
itself
or
we
represent
as
a
network,
and
then
physical
plcs
are
always
attached
to
the
sensor?
D
D
So
trust
has
another
interesting
part
that
I
think
from
the
industry
floor
perspective.
We
should
be
more
concerned
about
the
data
that
is
coming
into
the
device
like
I'm
sending
a
command
to
change
the
pressure
or
move
the
motor
in
a
particular
direction.
D
A
I'm
just
highlighting
that
you
have
three
minutes
left,
so
maybe
you
want
some
different
to
some
discussion
or
questions.
Please
take
care
of
that
so
moving
on
okay,.
D
This
way
I
keep.
The
second
part
was
identifying
the
network
thing
and
I,
I
think
one
good
starting
point
will
be
to
look
at
a
shake
header,
but
I
found
the
rule
pretty.
I
don't
know
if
we
can
use
the
rule
id
directly,
but
then,
on
top
of
that,
we
need
to
have
some
kind
of
communication
patterns
that
opc
ua
uses
and
safety
is
one
of
the
differentiating
factor
between
id
and
ot
networks.
So
we
should
think
about
some
of
the
solutions
from
the
safety
perspective.
Also
next
slide.
D
We
can
jump
this
one
next
one,
and
so
these
are
the
three
critical
organizations
that
I
thought
could
be
relevant
and
we
can
work
with
iic.
We
already
had
a
meeting
ua,
I'm
not
sure,
but
it's
might
be
relevant
and
I
spoke
to
a
few
people
and
they
say
that
we
should
talk
to
ieee
6
822
project.
They
are
working
on
some
of
the
profiles
similar
to
what
we
are
working
on.
So
this
was
my
last
slide.
Thank
you.
D
A
So
anybody
who
likes
to
contribute
or
have
questions
can
of
course,
erase
this
on
the
list.
I
I
think
the
the
digital
twin
term
can
be
specialized
a
little
bit,
but
we
don't
have
a
lot
of
time
actually
to
be
honest
to
to
really
dive
into
this,
and
we
want
to
leave
the
discussion
at
the
end
here.
So
I'm
I'm
I'm
sharing
the
next
next
and
sorry
for
mixing
up
the
agenda
before
that
was
apparently
my
fault.
So
next
up
should
be
the
the
names
are
really
cool.
C
Hi,
can
you
hear
me
yes,
yeah,
perfect
great,
thank
you,
okay,
I'll,
try
and
do
this
in
less
than
the
15
to
give
us
a
little
time
to
discuss.
So
what
I'm
going
to
present
today
is
work.
That's
been
ongoing
within
the
iot
security
foundation
and
specifically
with
under
a
collaborative
project
called
many
secured,
which
is
looking
at
iot
security,
but
from
the
specific
perspective
of
the
gateway,
and
so
within
that
work.
C
C
Sort
of
like
from
the
browser
where
obviously
an
iot
device
is
a
is
essentially
a
special
case
of
a
local
web
server,
and
this
work
I
mean
there's
20
or
so
people
that
are
sort
of
like
dipping
it
out,
but
the
the
the
majority
of
it
has
come
from
myself.
Younger
sema
from
signify
and
christian
and
michael,
have
been
part
of
the
discussions
who
both,
I
believe
are
on
this
call
next
slide,
please
so
yeah.
Fundamentally,
what
is
the
problem?
E
C
C
Sent
to
you
know,
192.168.1.22.254
and
it's
an
unencrypted
connection
next
slide
pretty
similar
if
it's
vodafone
next
slide,
and
so
the
first
two
examples
are
examples
of
connecting
to
the
router.
But
there
is
a
large
majority
of
iot
devices,
of
which,
like
a
webcam,
is
a
typical
one,
which
pretty
good
much
give
you
the
same
instruction
next
slide
and
the
next
ones.
C
I
think
I've
just
pulled
off
a
comcast
example,
but
again
it's
a
different
subnet,
but
every
single
one
of
these
user
documentations
is
pushing
you
towards
an
unsecured
web
browser
and
insert
your
password
and
do
the
configuration
next
slide.
C
C
You
essentially
got
the
same
problem.
The
browser
is
giving
a
very
strong
indication
as
a
user
that
something
is
not
right.
Next
slide,
please.
So
why
is
it
this
way
so
fundamentally
from
what
we've
seen?
Basically,
the
the
technology
gives
you
an
option,
can
either
be
secure
or
usable
that
you
can't
be
bugs
next
time.
C
So
take
the
example
from
the
phillips.
So
this
is.
This
is
exactly
the
philips
hue
a
hub
example.
So
there
is
a
certificate
there,
but
obviously,
in
this
case
the
certificate
is
signed
by
a
route
and
that
route
is
phillips.
But
you
know
what
is
the
problem
here?
The
problem
here,
of
course,
is
the
route
is
not
signed
by
the
approved
routes
in
most
browsers
and
sort
of
conferred
by
the
the
ca
browser
forum
next
slide.
C
So
you
won't
see
the
animation
here,
because
it's
on
a
pdf
form
and
the
issue
is
as
a
user,
your
if
you
do,
try
and
put
a
certificate
there,
and
we
cannot.
We
can
have
a
discussion
in
a
minute
if
you
like
about
well
how
secure
is
that
certificate?
But
you
know
if
there
is
a
certificate
that
it
will.
C
C
You
you
about
three
clicks
through
the
advanced,
but
but
because
it's
so
unusable,
most
manufacturers
are
not
promoting
it
because
it
bluntly
it
just
generates
loads
of
support
calls
because
users
are
being
sent
somewhere
and
they
don't
understand
how
to
deal
with
it
next
slide,
and
it's
quite
interesting
to
look
at
this
from
a
slightly
different
perspective.
So
most
government
agencies,
I
know
the
the
uk
iot
security
recommendations,
the
etsy
iot
security
recommendations
and
there's
ones
in
the
us
and
the
ones
of
singapore
et
cetera.
C
They
all
have
fundamentally
the
same
guidance
so
using
the
etsy
one
as
an
example,
provision
5.5
asks
you
very
specifically.
C
You
know
please
communicate
securely
next
slide
and,
interestingly,
in
a
completely
different
section,
which
is
on
the
section
about
don't
use
default,
passwords,
there's
provision
5.3.1,
which
says
pl,
please
get
the
the
users
to
authenticate
the
device
using
best
practice
now.
The
issue
here
to
be
blunt
here
is:
if
you're,
coming
in
from
a
browser
which
is
the
norm,
because
it's
easy,
we
just
genuinely
don't
know
what
best
practice
is
or
or
we
haven't
managed
to
work
out
next
slide.
C
And
yeah
so
yeah
saying
the
same
thing
here,
so
you
know
https
is
best
practice
when
trying
to
create
a
secure
connection
from
a
browser.
But
how
do
you
do
that?
How
do
you
do
that
for
a
local
resource?
How
do
you
get
the
certificate
on
there?
What
does
it
mean?
These
are
the
fundamental
sort
of
problems
we're
trying
to
look
into
next
slide.
C
So
just
there
is
a
solution
that
does
work
and
that's
build
an
app
and
quite
a
few
iot
vendors
and
router
vendors
do
do
this
and
this
does
solve
the
problem
because
within
the
app
you
can
provision
some
routes
that
allows
you
to
bootstrap
a
certificate
and
the
protocol
might
be
running
tls
but
and-
and
you
know,
the
the
rendering
ui
could
be
html
based
or
could
be
something
else.
So,
but
fundamentally,
there
is
a
way
of
actually
bootstrapping
that
secure
connection
by
building
an
app,
but
there.
F
C
C
The
white
paper
that
I'll
talk
about
in
a
minute
we've
listed
at
least
eight,
but
you
know
fundamentally
it's
not
the
way
I
see
it
cut
to
the
chase.
You
know
I
always
give
the
example.
I'm
a
consumer,
I
buy
five
light
bulbs.
Those
five
light
bulbs
come
from
five
different
manufacturers.
C
If
I
have
to
install
a
different
app
to
sort
of
like
manage
every
single
one
of
those
devices,
then
something
is
fundamentally
broken.
That's
from
a
usability
perspective,
there's
also
all
sorts
of
security
implications.
C
So
so
we've
been
talking
about
the
problem
for
a
while
and
we've
been
looking
at
it
and
seeing
what
we
can
do
about
it,
I'm
just
going
to
do
a
brief
summary
of
sort
of
more
or
less
where
we've
got
to
next
slide.
C
So
we've
published
a
white
paper,
it's
accessible
on
that
uri.
It
doesn't
really
talk
about
the
solution.
It
really
is
an
attempt
just
to
sort
of
raise
the
profile
of
the
problem
and
try
and
get
people's
understanding
about
it,
because
the
problem
a
lot
of
us
have
had
in
this
area
is,
is-
and
I
think
michael
would
testify
to
this.
C
It
takes
quite
a
long
time
to
convince
someone
there's
a
problem
here,
and
so
this
is
part
of
this
initiative
just
to
sort
of
like
raise
a
profile
and
simplify
the
communication
such
that
we
can
start
moving
forward
towards
a
sensible
solution.
C
Next
slide,
and
just
aside
like
this,
is
like
a
surface
level
of
analysis
that
exists
in
some
of
the
documents.
But
if
you
actually
look
at
what
is
really
happening
at
the
moment,
there's
about
six
different
classes
of
certificate
that
are
are
issued
to
a
a
browser
which
is
being
used
into
a
career.
Everything
from
there
is
no
certificate
there,
which
is
obviously
not
ideal,
because
there's
there's
no
encryption
there,
there's
no
sense
of
trust.
C
C
You
know
they
install
non-device
unique
certificates
there,
which
in
theory
does
allow
you
to
encrypt
the
connection,
if
you
click
through
all
those
warnings,
but
there's
all
sorts
of
weaknesses
there
and
that,
obviously
you
can
speak
to
certificate
and
copy
the
certificate
etc,
because
there's
no
underlying
route
and
then
there's
sort
of
like
a
gradation
of
of
of
sophistication
of
the
certificate
to
version
six
which
is
okay.
This
is
the
classic
ca.
You
know
it's
a
ca.
C
Browser
approved
root,
sign
certificate
as
you'd
find
on
the
normal
internet,
but
you've
got
to
ask
yourself:
should
we
really
be
using
that
for
an
iot
device,
and
then
we
could
possibly
also
look
at
non-certificate
methods
of
triggering
this
next
slide,
and
so
why
bother?
I
think
we
should
this
video
speaks
to
itself.
I
mean
why,
because
fundamentally,
a
relatively
incentivized
hacker
on
the
way
that
motors
are
currently
configured
and
iot
devices
are
currently
configured.
C
It's
pretty
easy
to
get
at
those
passwords
to
then
attack
the
router
and
fundamentally
as
it
stands
at
the
moment.
This
is
the
antithesis
of
a
zero
trust
architecture
you're.
Basically,
assuming
everything
in
the
home
is
trusted,
or,
indeed,
enterprise,
using
browsers
the
way
they're
currently
being
used
in
the
market
at
the
moment
next
slide.
C
Work
on
this
sort
of
I
looked
at
some
of
the
work
that
plex
has
done
this
already,
which
is
basically
a
method
of
bootstrapping,
the
provisioning
of
a
classic
certificate
to
an
individual
device
on
the
next
slide.
C
So
christian's
done
quite
a
lot
of
work.
On
this
I
mean
I
put
a
link
in
there
to
some
of
his
sort
of
like
provisioning
demos
and
just
some
snippets
of
the
of
the
sequence
flows
that
we've
tried
to
distill.
From
that.
I
think
it's
it's
promising
christian
jobs.
C
You've
talked
to
detail
a
lot
better,
but
there
are
some
implementation
issues
specifically
to
do
with
dns
bind
protection
which
which
does
call
into
question
whether
this
is
really
the
ideal
solution
sort
of
like
that
can
be
applied
at
scale,
but
it's
definitely
an
area
to
be
looked
at
next
slide
and
then
just
cherry
picking
a
few
of
the
others
that
are
in
the
provisional
solution
stock
at
the
moment.
C
Get
how
does
it
get
there
and
maybe
there's
a
role
for
the
gateway
or
other
entity
on
the
internal
network,
an
application
cetera
to
essentially
be
the
the
the
roots,
the
root
ca
that
and
actually
be
part
of
the
both
the
issuing
of
the
name
and
the
issuing
of
the
certificate
next
line,
and
I
think,
to
some
extent
there
may
be
some
sort
of
resonance
there
with
sort
of
what
some
of
the
work,
michael
and
others
have
done
on
the
brewski
stuff,
because
it
definitely
isn't
in
a
similar
sort
of
field.
C
I'm
looking
at
a
similar
approach
next
slide,
so
next
steps.
So
where
are
we
so
we
published
problem
statements,
there's
a
load
of
work
in
terms
of
requirements
and
sort
of
like
software
solutions
that
we're
looking
to
publish
in
the
next
few
weeks
just
needs
a
little
bit
of
polishing
and
then
we're
also
hoping
to
move
this
of
like
the
underlying
working
model
into
into
the
open
and
running
it
all
off
an
open,
github
repo.
C
On
our
side,
we
keep
needling,
certainly
on
the
uk
side,
some
of
the
government
agencies
to
try
and
get
their
attention
on
it,
because
we
think
it's
important
and
I
think
it's
the
profile
needs
raising
to
create
a
sense
of
urgency
about
creating
a
solution,
but
then
also
obviously
key
to
all
of
this
is
experimentation.
C
Thinking
about
an
enhanced
browser,
the
current
browser
sort
of
like
method
in
the
way
that
it's
set
up
with
the
with
the
with
the
ca
weeks,
is
not
sufficient
to
solve
this
problem.
C
That's
it!
Thank
you.
A
And
thank
you
and
I
think
you
sparked
already
a
a
intensive
discussion
on
the
chat
here.
I
hope
this
continues
on
the
list.
A
Please
enhance
your
arguments
a
little
bit
with
some
emails
to
to
reiterate
the
next
steps,
but
I
have
to
make
sure
that
eliot
now
gets
his
discussion
time
and
for
that
I
will
squeeze
roy
into
all
of
this,
and
I
have
to
find
that
slides.
But
there's
only.
F
Three
slides
hi,
so
thanks
hank,
I
assume
everybody
can
hear
me
yeah,
so
I
got
back
from
vacation,
so
I
quickly
called
it
together.
This
is
a
a
hot
topic
at
the
moment
for
the
industry
at
large
and
it
has
some
intersections
into
this
space.
So
I
thought
I'd
present
a
discussion
here
and
ask
for
comments
next
slide.
Please.
F
So
problem
space
we're
working
at
a
an
attempt
to
secure
the
supply
chain
and
the
us
governments
with
their
executive
order,
has
is
kind
of
mandating
some
changes
globally
for
all
companies
that
want
to
sell
to
the
us
government,
and
I
think
other
governments
are
going
to
follow
that
pretty
soon
so
we're
looking
at
a
software
building
materials
and
microsoft
has
decided
that
our
form
of
this
will
have
signed
software
billables
materials
ubiquitous
across
the
company.
F
So
we're
working
through
that
as
part
of
this,
the
actual
s-bomb
really
just
is
basically
a
claim
of
what
we
produced
and
you
kind
of
need,
attestations
and
vulnerability
databases
to
be
all
sucked
into
this,
which
is
why
there's
a
large
discussion
on
infrastructure
around
this
and
how
soon
we
can
bring
things
up
some
of
the
attestation
basically
intersects
with
some
of
the
discussion,
the
rats
community
and
some
other
things
that
are
coming
from
google,
that
we
need
to
cover
over
next
slide.
F
I
really
want
to
focus
on
signing
in
this
discussion,
specifically
the
landscape
of
software
with
materials.
Is
I
put
iot
devices
here,
but
it
really
needs
to
flow
from
firmware
to
services,
to
ios,
to
os's
to
large
applications
and
what
is
required
and
what
the
form
of
these
things
are
going
to
look
like
is
still
highly
in
flux
as
part
of
signing.
Of
course,
we
need
to
solve
the
identity.
What
sort
of
identity
technology
we're
going
to
use?
F
Some
technology
allows
us
to
migrate
if
we
decide
over
time
because
it's
going
to
change
the
requirements
of
iot
devices
and
and
so
forth
kind
of
put
pressure
on
our
existing
technologies
like
do
we
use
our
same
pk
cs7
mechanisms
or
cross
sign
things
and
and
generate
cryptographic
timestamps,
I
don't
know
whether
that's
a
great
fit
in
in
the
space
and
we
we're
starting
to
look
at
other
alternatives,
and
the
lifetime
brings
up
an
interesting
problem
space
for
us,
some
of
our
products
last
10
to
15
years
and
a
certificate
based
approach
most
of
the
certificates.
F
F
F
The
second
one
is
jws
and
then
the
third
one
is
google's
pushing
a
dead,
simple
signing
effort
which
we're
not
too
sure
has
been
completely
flushed
through
and
we're
not
entirely
happy
with
where
it
sits
at
this
point.
F
F
A
These
will
have
to
move
to
the
list
because
we
squeezed
to
in
an
elliott,
really
deserves
this
time,
but
but
I
think
yeah,
I
think
the
choices
you
highlighted
well,
that's
one
that
the
iot
space
might
be
very
happy
about.
So
so,
let's
see
how
this
will
work
out.
Please
keep
us
updated.
I
I
switched
to
to
eliot
now
and
he
has
an
interesting
topic
and
thank
you,
roy
and
hi
elliot
sorry
for
that.
Yeah.
E
Actually,
I
wish
we
had
more
time
to
talk
about
roy's
topic
as
well.
It's
very
interesting
topic,
so
thanks
very
much
hank
today
I
wanted
to
talk
about
an
iot
midlife
crisis.
E
So
what
you're
looking
at
is
actually
a
game
that
you
can
buy
someone
when
they
turn
you
know
into
their
midlife.
It's
called
midlife
crisis
next
slide,
please.
So
we've
spent
a
lot
of
time
in
iot,
as
we
are
chatting
right
now
doing
so
on
onboarding
all
the
way
on
the
left.
E
We
spent
some
amount
of
time
on
credential
renewal,
whether
it's
ace
aces
and
even
on
the
slide.
But
you
know
you
could
imagine
some
stuff
going
on
in
ace.
We
certainly
have
est.
There
are
all
sorts
of
ways
that
we
talk
about
credential
renewal
and
on
the
right
side
right.
You
know
people
don't
spend
any
time
thinking
about
decommissioning,
even
though
it's
turning
out
to
be
a
big
problem
when
I'm
not
even
going
to
get
to
that
today.
E
That's
end
of
life
crisis
right,
but
just
today
it's
midlife
crisis,
I'm
sort
of
in
the
middle
there
to
talk
about
the
transfer
next
slide.
Please
so
you
know
the
big
problem
here
is
you
you
somebody's
moving,
let's
say
or
the
device
is
being
transferred.
E
My
favorite
example
is
the
house,
though,
where
you're
moving
and
now
you
put
in
all
of
this
lovely
iot
stuff
and
the
next
guy
moves
in
and
how
does
it
know,
how
does
the
next
guy,
even
how
does?
How
is
the
xy
able
to
associate
this
stuff
with
it's
with
his
or
her
network?
Next
slide?
Please.
E
And
by
the
way,
if,
if
people
are
moving
in
right,
you
might
not
have
the
cooperation
of
the
person
who
moved
out
here.
We
have
a
demonstration
of
that
where
somebody
got
moved
out.
I
don't
know
by
jumping
out
a
window
so
now
that
stuff,
you
know
that
that
maybe
was
put
in
by
the
landlord,
for
instance,
now
needs
to
be
transferred
to
the
next
or
or
reowned
or
re-accessed
by
the
next
person
and
we're
talking
about
things
like
heaters.
E
E
Okay,
next
slide,
please,
and
when
the
next
guy
comes
in
there
you're
you're
lucky.
If
you
have
the
manual
you
know,
maybe
you're
able
to
you
know,
look
the
manual
up
online
right,
maybe
not,
but
you're,
certainly
not
even
going
to
hit.
You
know.
You
know
when
I
mention
the
reset
button.
If
it
says
push
the
reset
button,
if
the
thing
is
in
the
ceiling,
good
luck
right
so
finding
the
reset
button-
maybe
that's
not
possible,
based
on
where
it
is
so.
What
do
you
do
right
next
slide?
Please.
E
So
there
are
two
challenges.
The
first
is
knowing
that
these
things
are
in
your
environment.
Already,
you
may
not
know
when
you
move
in
a
perfect
example,
might
be
a
sprinkler
system
right,
which
has
a
very
conventional
front-end
user
interface,
but
doesn't
indicate
at
all
that
it
has
an
iot
interface.
Maybe
that
iot
interface
is
even
a
3g
interface.
So
it's
not
even
interacting
with
your
local.
G
E
The
person
was
defenestrated
right,
but
comes
back
right
because
it
didn't
get
survived
and
decides
to
play
with
your
sprinkler
system
remotely
right.
So
these
are.
These
are
actually
some
serious.
You
know
issues
if
and
and
worse
if
it's
your
door
lock
right
now,
at
least
your
door
lock,
you
probably
will
replace
if
you
don't
know
how
to
control
it
if
you're
smart
right.
E
But
if
you
don't
understand
the
interface,
who
knows
so,
then
you
know
so
so
it's
a
matter
of
discovering,
what's
there
and
figuring
out
what
to
do
with
them
once
you've
discovered
them
right.
Can
you
is
a
reset
button,
a
reasonable
thing
in
a
consumer
space,
maybe
sometimes
in
an
enterprise
space,
say
in
rented
space,
not
at
all
next
slide.
Please.
E
That's
it
so
one
of
the
things
I'm
looking
for
is
what
does
good
look
like,
because
I'm
not
sure
that
we
have
a
shared
vision
as
to
what
good
looks
like
in
this
space,
particularly
in
the
home
than
in
the
enterprise
and
elsewhere.
So
hank
asked
me
to
make
sure
this
is
interactive.
I'm
asking
you
please
make
sure
this
is
interactive
and
with
that
I'll
stop.
F
E
I'm
I'm
just
beginning
to
talk
with
them,
so
we
we
I've
certainly
talked
to
people
like
phillips
before
we've
talked
to
siemens
before
a
little
bit
in
this
context,
and
everybody
has
a
slightly
different
version
of
this.
Some
people
will
say,
for
instance,
in
the
rental
market.
E
Maybe
you
know
it's
the
it's
the
owner,
who
maintains
ultimate
control
and
manages
the
shift
of
of
of
of
who's
allowed
to
access?
What
and
in
the
cloud
right
that
that
that
adds
a
whole
different
dimension
to
this
problem
right,
because
if
that
access
is
controlled
in
the
cloud
from
one
transferring
from
one
person
to
another,
the
the
cloud
registration
has
to
occur.
So
everybody's
all
over
the
map.
On
this
from
what
I
can
gather.
H
Hi
elliot
so
I
think
thank
you
for
actually
continuing.
I
think
last
time's
conversation
about
ownership
transfer
and
I
think
that's
a
really
good
question
about
a
good.
H
In
my
mind,
one
of
the
things
that
good
would
be
would
be
some
kind
of
a
protocol
that
allows
you
to
collect
the
essentially
statements
of
I
assert
control
over
device
into
a
single
place
so
that
you
know
that
could
be
handed
over
by
the
lawyer,
whether
or
not
the
their
regardless
of
how
the
previous
owner
was
removed,
and
that
would
be
essentially
a
condition.
H
You
know
that
same
way,
you
get
sales,
you
get
keys,
you
get
other
stuff
through
the
lawyer
and
if
they
don't
give
it
to
you,
then
there's
issues
right,
and
I
think
that
would
be
the
interesting
thing
to
get
that
collection
of
statements
that
allow
you
to
essentially
these
these
ownership
vouchers
that
allow
you
to
do
things.
G
Yep,
thank
you
so
very
interesting
problem.
I
think
the
discovery
one
is
is
one
of
the
most
interesting
ones,
because
once
a
device
has,
you
know
been
left
in
the
house
and
the
original
wi-fi
router
went
away
and
it's
no
longer
connected
anything,
there's
not
much.
You
can
do
there.
You
know
again,
if
it's
a
light,
you
know
up
above
me
or
something
like
that
and
I'm
the
new
owner-
and
I
won't
know
sending
out
a
ping
saying
I'm
lost.
Please
you
know.
G
Reconnect
me
is,
is
hard
to
do
unless
you
mandate
that
they
also
go
push
the
discovery
button.
Otherwise
somebody
outside
my
house
might
actually
you
know,
pick
up
and
be
able
to
control
my
lights
because
the
device
was
considered
itself
lost
and
let
anybody
register
it
so
that
problem
is
in
particularly
a
hard
one
to
solve,
and
good
luck.
I
Okay,
I
get
some
echo
when
I
start
talking
so
yeah.
This
is
an
important
problem
right
and
I
can
try
to
draw
some
parallels
for
what's
going
on
in
the
physical
space
and
if
you
look
at
sort
of
getting
the
keys
to
the
house
yeah
at
least
you
know
how
many
doors
you
have
that
have
locks
on
them
and
you
can
assume
that
the
people
that
are
selling
the
house
are
giving
you
the
keys.
There
are
some
things
that
you
either
have
to
say.
I
So
if
you
then
take
well,
I
have
I
have
these
things
that
are
stored
elsewhere.
Well,
there
might
be
some
parallels
in
an
apartment
building
that
the
owner
of
the
apartment
building
has
a
master
key
right.
So,
even
if
somebody
leads
through
the
window,
it
doesn't
return
the
keys
whatever
they
can
actually
take
care
of
it
and
take
it
over
right.
I
And
you
can
view
that
as
okay
should
I
escrow
the
credentials
for
these
devices
somewhere,
because
it's
an
apartment
building
or
should
I
escrow
the
method
by
which
I
can
reset
them
and
and
how
can
I
actually
make
sure
that
you
have
the
whole
inventory
as
opposed
to
there's
some?
You
know
smoke
detector
that
can
remotely
be
triggered
that
you
didn't
actually
know
about,
but
there's
clearly
some
unsolvable
problems
in
this
space,
but.
D
I
Think
that
sort
of
trying
to
train
with
what
are
the
use
cases,
because
normally
people
don't
like
escorting
credentials
for
good
reasons,
but
but
for
rentals.
It
might
be
the
only
way
of
handling
this
thing
and
commercial
might
have
similar
things
that
I
want
to
keep
track
of
all
of
my
keys
somewhere
in
a
vault
for
my
enterprise
in
the
cloud.
I
So
wouldn't
I
want
to
do
the
same
thing
for
the
the
things
that's
in
my
factory
right,
keep
them
in
a
vault
somewhere
or
someone
else
can
come
and
pick
them
up,
and
you
only
have
to
grant
access
to
that
wall,
but
that
clearly,
it's
probably
not
going
to
work
for
a
consumer
type
thing.
So
interesting
problem.
A
Thanks
eric,
so
I
would
love
to
see
some
of
the
problem
statements
associated
with
the
existing
building
blocks
and
gaps,
but
I
can
see
vessels
in
the
line
and,
and
then
edit
has
this
camera
on
so
where's
really
quick.
I
think
elliott
also
wants
to
have
some
final
remarks.
G
Yeah,
I
just
had
a
crazy
bad
idea,
so
I
thought
they
throw
it
out
there
right
if
iot
devices
actually
within
a
within
an
infrastructure,
we're
able
to
at
least
communicate
with
each
other
that
they
know
each
other
and
that's
all
they
really
need
to
do.
Then,
when
new
owner
comes
in,
they
can
say
you
know,
I
found
the
refrigerator.
I
know
it's
an
iot
device
and
they
can
ask
it
sort
of
what
else
is
around
that
used
to
be
part
of
the
the
previously
existing
network.
That's
a
bad.
E
E
Thanks
elliot
okay,
so
I
think
we
all
agree.
This
is
a
this
is
a
problem
and
I
think
the
way
that
we
normally
do
these
sorts
of
things
in
this
organization
is
we
document
out.
E
You
know
what
we
think
the
world
sort
of
looks
like
sort
of
the
the
scenarios
of
life
in
a
life
in
a
consumer
space.
What
happens
when
I
sell
my
car
and
to
somebody
else?
For
instance,
you
know-
and
there
are
opportunities
here
like
cars-
are
pretty
big
ticket
items,
so
so
it
becomes
a
little
bit
of
a
you
know.
Sometimes
big
ticket
items
have
easier
solutions
for
this,
whereas
you
know
a
thermostat
might
might
not
be
as
big
enough
ticket
item.
E
Like
you
know,
we
don't
really
like
the
idea
of
of
doing
some
sort
of
key
escrow
right,
because
the
whoever's
escrowing
is
probably
not
doing
it
well,
for
instance,
as
when
we
can
document
that
out
and
then
once
we
have
some
principles,
we
might
even
start
talking
about
mechanisms.
E
E
So
what
I'm
looking
for,
I
think,
are
a
couple
of
co-authors
to
work
on
this,
maybe
even
a
small
design
team
of
people
who
would
be
interested
and
then,
if
we
can
get
that
going,
what
I
propose
to
do
is
to
come
back
to
you
in
march,
with
my
con,
my
co-conspirators
at
that
point
to
say:
here's
what
we
think:
here's
where
we
think
we
are
probably
we'll
get
to
the
point
where
we've
documented
the
scenarios-
maybe
we've
even
got
a
few
principles
at
that
point
and
we'll
see
how
far
we
got
that's
my
proposal,
thoughts.
A
So
we're
at
the
top
of
the
hour,
but
thoughts
are
always
welcome.
So
if
there
are
co-conspirators
that
want
to
speak
out
right
now,
that's
a
chance,
but
also
of
course,
this
is
something
you
can
contact
elliot
or
the
list
with
and
practically
we
are
at
the
top
of
the
hour.
But
I
want
to
encourage
that
exact
plan.
So,
from
a
chairs
point
of
view,
I
think
elliot
is
absolutely
correct.
This
is
a
good
space
for
that
and
also
looking
at
the
attended
list.
There
might
be
some
potential
co-conspirators.
A
Thank
you
all
and
thank
you
elliot.
Thank
you
all
the
presenters
for
yeah
for
attending
here
yeah.
This
was
a
cool
itf.
It
was
more
stressful
than
usual.
I
think
I
don't
know
why,
because
I'm
in
the
eu
that
should
not
be
so
hard,
but
thank
you
all
for
being
here
in
your
time
zones.
Thank
you
all
for
attending
here
and
see
you
all
in
march,
hopefully
with
some
cabalish
design
team
that
comes
up
with
good
things.