IRC log of wot-sec on 2023-09-04
Timestamps are in UTC.
- 12:01:07 [RRSAgent]
- RRSAgent has joined #wot-sec
- 12:01:11 [RRSAgent]
- logging to https://www.w3.org/2023/09/04-wot-sec-irc
- 12:01:11 [kaz]
- meeting: WoT Security
- 12:59:08 [kaz]
- present+ Kaz_Ashimura, Michael_McCool
- 13:00:50 [luca_barbato]
- luca_barbato has joined #wot-sec
- 13:01:17 [McCool]
- McCool has joined #wot-sec
- 13:01:48 [kaz]
- present+ Luca_Barbato
- 13:03:58 [Mizushima]
- Mizushima has joined #wot-sec
- 13:04:29 [kaz]
- agenda: https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#4_September_2023
- 13:05:29 [kaz]
- present+ Tomoaki_Mizushima
- 13:06:24 [kaz]
- scribenick: luca_barbato
- 13:06:24 [luca_barbato]
- scribenick: luca_barbato
- 13:06:31 [luca_barbato]
- topic: Minutes
- 13:07:04 [kaz]
- -> https://www.w3.org/2023/08/07-wot-sec-minutes.html Aug-7
- 13:07:33 [luca_barbato]
- mm: We agreed to review the minutes offline, but let's go over it to recap what we left last month
- 13:08:17 [luca_barbato]
- mm: <approved>
- 13:08:22 [luca_barbato]
- topic: PRs
- 13:08:38 [luca_barbato]
- mm: 4 PR pending
- 13:08:54 [luca_barbato]
- subtopic: PR 226
- 13:08:56 [McCool]
- https://github.com/w3c/wot-security/pull/226
- 13:09:30 [kaz]
- s|https://github.com/w3c/wot-security/pull/226|-">https://github.com/w3c/wot-security/pull/226|-> https://github.com/w3c/wot-security/pull/226 PR 226 - Migrate to new ReSpec profile|
- 13:09:51 [luca_barbato]
- It updates the respec version and address its lints
- 13:10:11 [luca_barbato]
- s/It/mm: It
- 13:10:29 [luca_barbato]
- subtopic: PR 225
- 13:10:31 [McCool]
- https://github.com/w3c/wot-security/pull/225
- 13:12:14 [luca_barbato]
- mm: It add a section about DDoS next to the current DoS section
- 13:12:30 [kaz]
- s|https://github.com/w3c/wot-security/pull/225|-">https://github.com/w3c/wot-security/pull/225|-> https://github.com/w3c/wot-security/pull/225 PR 225 - Add DDoS Threats|
- 13:12:47 [luca_barbato]
- mm: I added the definition and then added few examples
- 13:14:07 [luca_barbato]
- mm: I'd like to have more people to review it
- 13:14:20 [luca_barbato]
- subtopic: PR 224
- 13:14:24 [McCool]
- https://github.com/w3c/wot-security/pull/224
- 13:15:31 [kaz]
- s|https://github.com/w3c/wot-security/pull/224|-">https://github.com/w3c/wot-security/pull/224|-> https://github.com/w3c/wot-security/pull/224 PR 224 - Add anchors to threats|
- 13:16:01 [luca_barbato]
- q+
- 13:16:34 [luca_barbato]
- mm: I would not merge this pr since it adds additional overhead and might desync
- 13:18:40 [luca_barbato]
- lb: I agree, might be good to ask the respec developers to improve the usability
- 13:19:36 [luca_barbato]
- mm: <closed with comment>
- 13:20:30 [luca_barbato]
- topic: TPAC Agenda
- 13:21:36 [kaz]
- -> https://www.w3.org/WoT/IG/wiki/Main_WoT_WebConf/2023_WoT_TPAC_Agenda TPAC WoT agenda wiki
- 13:22:47 [luca_barbato]
- mm: My intention is to have a small slide deck and then go over the documents
- 13:25:17 [luca_barbato]
- mm: <Edits the wiki to link the documents>
- 13:26:04 [kaz]
- -> https://github.com/w3c/wot/blob/main/planning/Security/README.md wot/planning/Security/README.md
- 13:26:29 [luca_barbato]
- q+
- 13:27:24 [luca_barbato]
- lb: The items in the list probably will go over the 30min alloted
- 13:32:26 [luca_barbato]
- mm: <maps the section to a time budget to leave 10min for discussion>
- 13:32:32 [kaz]
- q+
- 13:32:35 [kaz]
- ack lu
- 13:33:05 [luca_barbato]
- lb: We aren't many in the TF, we should take the TPAC as chance to enlist more people
- 13:34:10 [kaz]
- ack k
- 13:35:38 [kaz]
- kaz: we need to think about deployment environment for actual IoT services
- 13:35:54 [kaz]
- s/services/services like smart homes, smart buildings and smart cities/
- 13:36:00 [kaz]
- ack k
- 13:36:01 [kaz]
- q+
- 13:36:07 [luca_barbato]
- mm: It true, but we aren't going to do that during the TPAC
- 13:36:29 [kaz]
- ack k
- 13:36:40 [luca_barbato]
- kaz: We could at least reading an issue about detailed security constraints/scenarios
- 13:36:51 [kaz]
- i/we need to/scribenick: kaz/
- 13:37:02 [kaz]
- i/It true/scribenick: luca_barbato/
- 13:37:16 [kaz]
- s/It true/It's true/
- 13:39:18 [luca_barbato]
- mm: Security is quite horizontal, that applies to most use-cases
- 13:39:21 [luca_barbato]
- q+
- 13:40:50 [luca_barbato]
- mm: <Adds to the wiki a set of proposals to be discussed at TPAC>
- 13:46:48 [luca_barbato]
- lb: I'm concerned about the relationship between the Security TF and the Use-Case TF
- 13:47:37 [luca_barbato]
- lb: Most of the RECs we produce rely on already ratified protocols that bring by themselves security considerations
- 13:48:03 [luca_barbato]
- lb: Most of the historical security concerns come from bad deployments and this is hard to fix
- 13:50:13 [luca_barbato]
- mm: Also the Profile TF might bring security constraints and signal them over profiles as well
- 13:50:31 [luca_barbato]
- lb: It is a good idea IMHO and we could discuss that to TPAC as well
- 13:52:07 [luca_barbato]
- mm: Security experts are busy and valueble, we would use their time to review the other TF outputs
- 13:53:19 [luca_barbato]
- mm: <Adds that to the Call to action section in the wiki>
- 13:56:07 [kaz]
- -> https://www.w3.org/WoT/IG/wiki/Main_WoT_WebConf/2023_WoT_TPAC_Agenda#Security_and_Privacy "Security and Privacy" on the TPAC WoT agenda wiki
- 13:57:44 [kaz]
- [adjourned]
- 13:57:49 [kaz]
- rrsagent, make log public
- 13:58:01 [kaz]
- rrsagent, draft minutes
- 13:58:02 [RRSAgent]
- I have made the request to generate https://www.w3.org/2023/09/04-wot-sec-minutes.html kaz
- 16:11:08 [Zakim]
- Zakim has left #wot-sec
- 19:17:30 [kaz]
- kaz has joined #wot-sec