**Session Date/Time:** 20 Mar 2024 03:00 # iotops ## Summary This session of the iotops working group focused on several key areas: terminology standardization for constrained node networks (7228bis), comparison of CoAP security protocols, IoT security summary updates, and problem statements related to IoT deployments in industrial settings. The meeting included discussions around charter relevance, document adoption, and potential future directions for the working group. ## Key Discussion Points * **7228bis (Terminology for Constrained Node Networks):** * Discussion on adopting the document, which defines terminology related to constrained node networks (originally RFC 7228). * Focus on scales for energy availability, software updatability, energy use strategies, and levels of isolation. * Question raised about the document's fit within the existing working group charter. * **Comparison of CoAP Security Protocols:** * Update on the document's progress, addressing feedback from the IoT directorate review. * Discussion on the stability of CTLS (Compact TLS) and whether to proceed with working group last call despite its status as an internet draft. * Decision to move forward with working group last call and monitor the status of CTLS. * **IoT Security Summary:** * Update on the draft that references baseline security requirements documents from different standards bodies (e.g., NIST, ENISA, ETSI). * Discussion on incorporating the EU's Cyber Resilience Act (CRA) into the document. * Concern raised about the potential for the document to become overly focused on European standards if CRA is included. * General consensus on need for more reviews and consideration of whether to reference or explicitly *de-reference* the Cyber Resilience Act (CRA). * **Problem Statements from Carsten Walter:** * Presentation of real-world problems encountered in IoT deployments within industrial, building, and agricultural settings. * Issues highlighted included misleading MDNS name resolution, names sent to name servers, the zone ID, IPv6 support for offline environments, certificate lifetimes, lack of standard certificate level roles, packet sizes, and virtualization. * Discussion on how the iotops working group can serve as a "helicopter landing platform" for these problems. ## Decisions and Action Items * **7228bis:** * Action Item: Carsten to remind chairs in 2 weeks to start the adoption call. * Action Item: Chairs to initiate the adoption call for the document and address potential charter alignment issues in parallel. * **Comparison of CoAP Security Protocols:** * Decision: Move forward with working group last call for the document and await the progress on CTLS, monitoring its status. * Action Item: Solicit appropriate reviews. * **IoT Security Summary:** * Action Item: Brent to assess the relevance and inclusion of the EU Cyber Resilience Act (CRA) and other certification requirements. * Action Item: Chairs to ensure that the document gets additional reviews. * **Problem Statements from Carsten Walter:** * Action Item: Carsten to create a GitHub repository. * Action Item: Carsten to post a summary of his presentation to the iotops mailing list, along with a chosen first problem, so the working group can help identify potential solutions and relevant experts. * Action Item: Working group to assess alignment of submitted problems with the charter. ## Next Steps * Carsten and chairs will work to set up a GitHub repository to capture issues. * Working group will use the mailing list to further discuss problems presented by Carsten Walter. * Chairs will work to secure more reviews of the IoT Security Summary draft. * Adoption call to occur for 7228bis. * Working Group Last Call to occur for Comparison of CoAP Security Protocols.