**Session Date/Time:** 09 Nov 2023 16:00 # iotops ## Summary The iotops meeting covered several key areas related to IoT operations, including updates on baseline requirements mapping, TLS/DTLS profiles for IoT, and device onboarding protocols. The discussion focused on identifying gaps in current standards, exploring potential solutions, and coordinating efforts across different organizations. ## Key Discussion Points * **Baseline Requirements Mapping:** Brandon presented updates to the draft mapping of baseline security requirements for consumer IoT devices, incorporating the ETSI cyber security requirements. A key question was whether the existing mappings are comprehensive enough. Several attendees volunteered to review the updated draft. * **TLS/DTLS Profiles for IoT:** Discussion on the validity of certificates in constrained IoT environments without reliable time sources, specifically regarding certificate expiry. The use of OCSP stapling and alternative revocation mechanisms was also discussed, as well as the key usage and subject name fields. Several attendees volunteered to review the updated draft. * **Device Onboarding (Nipsey):** Bert Brinkman presented Nipsey, a framework for standardizing the application-to-network interface for device onboarding, including device identity management and communication APIs. Discussions included potential charter fit of Nipsey within the iotops working group and how Nipsey handles different radio technologies. * **FIDO Device Onboard (FDO):** Jeff Cooper presented an update on FIDO Device Onboard (FDO), an onboarding protocol. A specification for incorporating FDO credentials into a TPM was presented. * **General Discussion:** * Need for review and input on X.509 certificate profile document ## Decisions and Action Items * **Action Item:** Brandon to summarize updates to the baseline requirements ID and send it to the mailing list. * **Action Item:** Hanz, Michael, and others (as indicated by anonymous poll) to review Brandon's baseline requirements draft. * **Action Item:** Thomas, Dave, Elliott, and others to review the updated TLS/DTLS profile draft. * **Action Item:** Francesca to incorporate the points made in the meeting in future revisions. * **Decision:** Consider a registry where people share how X.509 certificates are used. * **Action Item:** Bert Brinkman to share examples of Nipsey. * **Action Item:** Warren to look into charter of iotops and see if Nipsey could fit. * **Action Item:** Jeff to send a mail to the list of the pointer to the FTO TPM document he wants reviewed. * **Action Item:** Michael to review the FTO TPM documents. ## Next Steps * Continue reviewing and refining the baseline requirements mapping draft. * Continue refining the TLS/DTLS profiles for IoT draft, incorporating feedback from the meeting. * Continue discussion on Nipsey, including its charter fit within the iotops working group and potential refinements to address different radio technologies. * Coordinate with Nick regarding anti PMs.