Hi Michael, all, Fantastic (continued) work! It's a pleasure to continue following in more-or-less personal capacity. In this same role I am following preparations for the annual global Internet Governance Forum (IGF) and Canadian Internet Governance Forum (CIGF). This includes following the intersessional efforts of the global IGF's 'Best Practice Forum on Data and New Technologies.' They are seeking input on issues that Michael's/CIRALabs work and these guidelines for IoT manufacturers seems to align with. I recommend we (and indeed, have gone ahead and,) connect the dots on these two efforts and perhaps we can highlight some great work in I* organizations in the work of the IGF BPF?
Thanks, Taylor R.W. Bentley Telecommunications and Internet Policy Specialist Innovation, Science and Economic Development Canada / Government of Canada [email protected] / Tel: 613-292-9998 / TTY: 1-866-694-8389 Spécialiste des politiques de telecommunications et d'Internet Innovation, Sciences et Développement économique Canada / Gouvernement du Canada [email protected] / Tél. : 613-292-9998 / ATS : 1-866-694-8389 p.s.--> Here's the callout from the UNSec support (truly exceptional individuals) for the BPF: Dear All, The BPF Data and New Technologies is collecting examples of how stakeholders address the challenges related to collecting and using users’ data. The case studies will feed into the BPF's discussions and its workshop as part of the IGF 2020 intersessional work and the virtual IGF2020 meeting in November. The BPF is interested in examples of • applications (deployed or under development) that use users’ data to provide benefit to the user, and the measures that should avoid that the collected data may be used to harms the users. • frameworks, guidelines, and policies that address challenges and aim to ensure that users whose data is being collected and used, can benefit from their data and do not risk to be harmed. The BPF is interested in case studies that are related as well as unrelated to the COVID-19 pandemic. Details on the call for contributions can be found here https://www.intgovforum.org/multilingual/content/bpf-data-new-technologies-case-studies . We would appreciate to receive your case study by the end of this week - Friday 25 September. In preparation of the call for contributions, the BPF discussed what could be potential issues and put them together in a ‘Data and New Technologies Issues card’. The issues card can help with putting together a case study. For more information, please check the BPF Data and New Technologies webpage. Kind Regards The BPF Data and New Technologies coordinating team, Titti, Emanuela, Wim -----Original Message----- From: Mud <[email protected]> On Behalf Of Michael Richardson Sent: September 24, 2020 11:20 AM To: [email protected]; [email protected] Subject: [Mud] changes to draft-richardson-opsawg-mud-iot-dns-considerations-03.txt Another thread is active at: https://mailarchive.ietf.org/arch/msg/opsawg/04UY5rDs_ojh97_edY-a4xBPZT4 I meant to wait to post this email until there had been some discussion about the acceptable-urls document. From 2018 onwards I have been working with CIRALabs on an IoT security system for home gateways. This first two revisions of the effort were very much MUD focused, and this document was written to capture my experiences with DNS lookups vs MUD names in MUD files. This document was presented at the IETF107 virtual interim meeting in April. The slides are at: https://www.ietf.org/proceedings/interim-2020-opsawg-01/slides/slides-interim-2020-opsawg-01-sessa-operational-considerations-for-use-of-dns-in-iot-devices-wslide-numbers-00 As a big part of the advice is to use the local resolver, whether via Do53, DoT or DoH, it was suggested that this advice might be better given by the Adaptive DNS Discovery (ADD). Perhaps that made more sense when it was the Applications Doing DNS BOF though. A number of discussions about this document over the summer with the ADD chairs revealed that the document does not belong in the ADD WG. The -03 version contains mostly minor editorial changes. I've decided that, even as a BCP, that it seems to still be using BCP14 language, and so should include the boilerplate. I would like the OPSAWG to consider adopting this MUD related document. It changes no bits on the wire changes to MUD or semantic changes (like my other document), rather this is guidance to IoT manufacturers. Name: draft-richardson-opsawg-mud-iot-dns-considerations Revision: 03 Title: Operational Considerations for use of DNS in IoT devices Document date: 2020-09-22 Group: Individual Submission Pages: 13 URL: https://www.ietf.org/id/draft-richardson-opsawg-mud-iot-dns-considerations-03.txt Status: https://datatracker.ietf.org/doc/draft-richardson-opsawg-mud-iot-dns-considerations/ Html: https://www.ietf.org/id/draft-richardson-opsawg-mud-iot-dns-considerations-03.html Htmlized: https://tools.ietf.org/html/draft-richardson-opsawg-mud-iot-dns-considerations-03 Diff: https://www.ietf.org/rfcdiff?url2=draft-richardson-opsawg-mud-iot-dns-considerations-03 Abstract: This document details concerns about how Internet of Things devices use IP addresses and DNS names. The issue becomes acute as network operators begin deploying RFC8520 Manufacturer Usage Description (MUD) definitions to control device access. This document explains the problem through a series of examples of what can go wrong, and then provides some advice on how a device manufacturer can best make deal with these issues. The recommendations have an impact upon device and network protocol design. {RFC-EDITOR, please remove. Markdown and issue tracker for this document is at https://github.com/mcr/iot-mud-dns-considerations.git } -- Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide _______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
