[wot-security] minutes - 13 September 2021 from Kazuyuki Ashimura on 2022-01-10 (public-wot-ig@w3.org from January 2022)

From: Kazuyuki Ashimura <ashimura@w3.org>
Date: Mon, 10 Jan 2022 17:39:07 +0900
To: public-wot-ig@w3.org, public-wot-wg@w3.org
Message-ID: <87o84k0ytw.wl-ashimura@w3.org>
available at:
  https://www.w3.org/2021/09/13-wot-sec-minutes.html

also as text below.

Thanks a lot for taking the minutes, Philipp!

Kazuyuki

---
   [1]W3C

      [1] https://www.w3.org/

                              WoT Security

13 September 2021

   [2]Agenda. [3]IRC log.

      [2] https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#13_September_2021
      [3] https://www.w3.org/2021/09/13-wot-sec-irc

Attendees

   Present
          Jan_Romann, Kaz_Ashimura, Michael_McCool, Philipp_Blum,
          Tomoaki_Mizushima

   Regrets
          -

   Chair
          McCool

   Scribe
          citrullin

Contents

    1. [4]Minutes review
    2. [5]Signatures
    3. [6]Contributions
    4. [7]TD Signatures, Key Management and Object security

Meeting minutes

  Minutes review

   McCool: I don't see any issues. Any comments or objections?

   McCool: We discussed the signature and key topic in the TD call
   as well.
   … no objections. Minutes get published.

  Signatures

   <kaz> [8]wot-security-best-practices Issue 14 - TD Signatures,
   Key Management, and Object Security

      [8] https://github.com/w3c/wot-security-best-practices/issues/14

   <kaz> [9]related wot-thing-description Issue 1151 (which is
   already closed) - WIP: TD Signatures

      [9] https://github.com/w3c/wot-thing-description/pull/1151

   McCool: Kaz has done the first action item. I haven't done the
   second one yet. My next step to make a PR for signature. The
   content is already there, it just need to get migrated.

   McCool: I think we should reach out before the F2F.

   McCool: I just updated the readme. I merge it.

   [10]Readme update

     [10] https://github.com/w3c/wot-ejs/pull/1

   McCool: We should have a link to github.io in the readme.

   McCool adds the link to the readme.

   McCool: It will not work for now, I am going to add the
   index.html for it.

   [11]Add link PR

     [11] https://github.com/w3c/wot-ejs/pull/2

  Contributions

   McCool: Philipp, if you can add a contribution to
   wot-security-best-practices document's Acknowledgements
   section, that would be good.

   Philipp: Will do.

  TD Signatures, Key Management and Object security

   McCool: We should look into COSE, JOSE. We haven't played with
   it much yet.

   [12]wot-security-best-practices Issue 14

     [12] https://github.com/w3c/wot-security-best-practices/issues/14

   McCool adds a comment to the issue.

   Jan: If we use multicast in coap, we also have the problem with
   unencrypted traffic.

   McCool explains some of the security issues to jr.

   McCool: We have a section in the best practice document for the
   thing description directories.

   McCool: Our short term goal is to get the security best
   practice document in a state we can publish it.

   <McCool> [13]https://www.w3.org/TR/did-core/

     [13] https://www.w3.org/TR/did-core/

   Some explanation about the current state of IoT security and
   issues we have to solve. (for jr)

   <kaz> [adjourned]


    Minutes manually created (not a transcript), formatted by
    [14]scribe.perl version 136 (Thu May 27 13:50:24 2021 UTC).

     [14] https://w3c.github.io/scribe2/scribedoc.html
Received on Monday, 10 January 2022 08:39:16 UTC