Markdown Version | Session Recording

Session Date/Time: 24 Jul 2025 10:00

iotops

Summary

The iotops working group meeting at IETF 123 covered several topics related to IoT device operations and security. Presentations included updates on the comparison of CoAP security protocols, mud URL handling, mud file licensing, mud queries for device identification, and DNS security and privacy guidelines for IoT. Discussions revolved around technical details, potential improvements, and the scope of these efforts.

Key Discussion Points

• CoAP Security Protocols Comparison:

  • The document is with the authors to respond to the AD's review, which included requests for more motivation, operational considerations, and clarification of terminology.
  • The working group showed rough consensus to keep the references informative rather than normative.

• Mud URLs:

  • Discussion on updating mud files versus URLs for device firmware updates.
  • Concerns were raised about the security of obtaining mud URLs via DHCP and LLDP.
  • A proposed solution involves restricting changes to only the last component of the URL for subsequent updates after initial trust-on-first-use.
  • A question arose regarding the impact of this document normatively updating RFC 8520.

• Mud File Licensing:

  • The presenter requested feedback on the right way to express ownership and license type information in mud files.
  • Question about the right way to use YANG augment for describing licenses.
  • Suggestion to update the draft based on SPDX 3.0 and clarify the requirements.
  • Discussion about a generalization mechanism that doesn't require the use of augment at all.

• Mud Queries:

  • Discussion about how to identify IoT devices on a network using their I-dev IDs.
  • The proposal involves devices responding to TLS connections over IPv6 link-local.
  • Concerns were raised about the need for devices to implement server functionality and the potential complexity of TLS.
  • Suggestion for a simpler protocol and potential use cases beyond mud.
  • Opinion poll: "Do you give a flying rats about this", 13 Yes, 7 No Opinion, 35 Yes.

• DNS Security and Privacy Guidelines for IoT:

  • Discussion on the unique DNS security and privacy challenges posed by IoT devices, including resource constraints, lack of security agents, and predictable query patterns.
  • Vulnerabilities found in a study of 30 IoT devices were presented, including lack of support for secure DNS standards, poor source port randomization, and fingerprinting susceptibility.
  • Debate arose about whether all these problems were really privacy or security problems and the nature of smart homes versus generic devices.
  • Mitigation strategies were discussed, including encrypted protocols, resolver discovery mechanisms, DNSSEC validation, and serv-stale.

Decisions and Action Items

• CoAP Security Protocols Comparison: Authors will answer the AD review and submit version 10.
• Mud File Licensing:
  • Update the draft based on SPDX 3.0.
  • Check with YANG experts regarding the use of YANG augment.
• Mud Queries: Continue the discussion on the mailing list. Michael to consider potential use cases beyond mud. Co-author offers welcome.
• DNS Security and Privacy Guidelines for IoT: Discuss more intelligence on the network resolver and DNS mitigation via mailing list, as well as discuss questions in the chat.

Next Steps

• Continue discussions on the mailing lists for all documents.
• Address the action items listed above.
• Prepare for IETF Last Call for the CoAP Security Protocols Comparison document after addressing the AD review.