IRC log of wot-sec on 2017-09-18

Timestamps are in UTC.

12:04:43 [RRSAgent]
RRSAgent has joined #wot-sec
12:04:43 [RRSAgent]
logging to http://www.w3.org/2017/09/18-wot-sec-irc
12:05:04 [kaz]
Meeting: WoT IG - Security
12:05:28 [kaz]
present: Kaz_Ashimura, Elena_Reshetova, Michael_McCool, Zoltan_Kis
12:05:33 [kaz]
scribenick: kaz
12:06:10 [kaz]
-> https://www.w3.org/2017/09/11-wot-sec-minutes.html prev minutes
12:06:51 [kaz]
Agenda: https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#Agenda
12:07:18 [kaz]
er: wondering about the workshop thing
12:07:29 [kaz]
mm: IEEE S&P
12:07:36 [kaz]
... will discuss
12:08:00 [kaz]
topic: Agenda
12:08:18 [kaz]
[[
12:08:19 [kaz]
WoT Security and Privacy Considerations
12:08:19 [kaz]
Document status and issue review
12:08:19 [kaz]
Security sections in other documents
12:08:19 [kaz]
Document status and issue review
12:08:19 [kaz]
IoT Conference workshop update
12:08:21 [kaz]
NDSS proposal accepted
12:08:23 [kaz]
IEEE S&P deadline: Sept 20
12:08:25 [kaz]
Other work items
12:08:27 [kaz]
]]
12:08:31 [kaz]
mm: workshop first
12:08:37 [kaz]
topic: Workshop update
12:09:10 [barryleiba]
barryleiba has joined #wot-sec
12:09:16 [kaz]
mm: NDSS proposal
12:09:22 [kaz]
... submitted one
12:09:40 [kaz]
... Decentralized IoT Security and Standards
12:09:47 [kaz]
present+ Barry_Leiba
12:10:00 [kaz]
mm: submitted in parallel
12:10:10 [kaz]
... had a meeting
12:10:23 [kaz]
... to merge the two propodals
12:10:28 [kaz]
s/propodals/proposals/
12:10:38 [kaz]
... fundamental issue for WoT is interoperability
12:10:49 [kaz]
... security for multiple interoperable implementations
12:10:57 [kaz]
... added a couple of topics
12:11:07 [kaz]
... 3 points
12:11:28 [kaz]
... Carsten, co-Chair
12:11:50 [kaz]
... similar proposal on TLS
12:12:08 [kaz]
... not our primary objective
12:12:28 [kaz]
... not optimal but still worth presenting our paper
12:12:36 [kaz]
... get discussion there
12:12:47 [kaz]
... could get people interested there
12:12:54 [kaz]
... networking purposes
12:13:23 [kaz]
... question is if we would like to submit a proposal for IEEE S&P as well
12:13:28 [kaz]
... deadline Sep. 20
12:13:47 [kaz]
s/submitted one/submitted one and accepted/
12:13:56 [kaz]
... can tune it up
12:14:03 [kaz]
... but should I?
12:14:13 [kaz]
br: think we should
12:14:25 [kaz]
... target which help our work
12:14:37 [kaz]
mm: right
12:14:41 [kaz]
... but some concern
12:14:49 [kaz]
... keep it different from NDSS
12:15:34 [kaz]
... any other comments?
12:16:06 [kaz]
... can submit a proposal asis
12:16:12 [kaz]
... more security people anyhow
12:16:18 [kaz]
... any suggestions?
12:16:26 [kaz]
... will circulate the proposal
12:16:40 [kaz]
... need to wrap up the proposal within 48h
12:16:51 [kaz]
... you can edit the proposal on Google doc
12:16:58 [kaz]
... let me know about your Google account
12:17:16 [kaz]
... will send invitation to you
12:17:28 [barryleiba]
@McCool My Google Docs account is barryleiba@gmail.com
12:17:28 [kaz]
... so we'll do this
12:18:05 [kaz]
topic: PR
12:18:16 [kaz]
-> https://github.com/w3c/wot-security/pull/8 Elena's PR
12:18:23 [kaz]
er: goes through it
12:18:45 [kaz]
... had discussion with Matthias the other day
12:19:33 [kaz]
... adding pictures
12:19:46 [kaz]
mm: rendered version?
12:21:19 [kaz]
https://rawgit.com/ereshetova/wot-security/working/index.html
12:21:59 [kaz]
kaz: does the above rawgit work fine?
12:22:04 [kaz]
mm: fine
12:22:19 [kaz]
... contents extracted from the TD draft
12:22:34 [kaz]
... will work on the pull request
12:23:23 [kaz]
... one document for security
12:23:36 [kaz]
... summary within TD, etc.
12:24:46 [kaz]
er: when to have more concrete content?
12:24:57 [kaz]
mm: Thing Description management
12:25:23 [kaz]
... threat model should go here (Recommended Security Practices)
12:25:37 [kaz]
... publish this as a Note
12:25:44 [kaz]
... and put the threat model into it
12:26:36 [kaz]
er: no text under 2.3 yet
12:26:43 [kaz]
... 2.3 Determining a suitable security architecture
12:27:16 [kaz]
mm: we should put the material here inline
12:27:32 [kaz]
... need TODOs as Editor's Note
12:28:08 [kaz]
er: this is a working branch, not the main branch
12:28:19 [kaz]
mm: pull request on the working branch
12:28:45 [kaz]
... will add a tag
12:29:52 [kaz]
... (adds a tag, "TDmaterial" to the working branch content)
12:30:36 [kaz]
... (also a branch, "TDmaterial")
12:31:13 [kaz]
... (and add a comment to the pull request)
12:31:37 [kaz]
... OK, but we probably want to pull back in the TD material, so I branched as TDmaterial"
12:31:49 [kaz]
s/and/merges the pull request 8 and/
12:33:19 [kaz]
mm: any procedure to add Elena as an Editor
12:33:36 [kaz]
s/Editor/Editor?/
12:33:46 [kaz]
zk: you can create a pull request for that?
12:33:49 [kaz]
mm: ok
12:34:09 [kaz]
... will create a pull request then
12:34:58 [kaz]
... we can update the link for the threat model
12:35:34 [kaz]
er: can we keep the threat model content a separate file?
12:36:42 [kaz]
mm: there is a trade-off
12:37:32 [kaz]
... also should think about the references
12:38:05 [kaz]
... some of the references should go into the draft
12:38:28 [kaz]
-> https://github.com/w3c/wot-security/blob/master/wot-security-references.md references
12:38:46 [kaz]
mm: will create a pull request to put the thread model inline
12:39:59 [kaz]
... note that I'm working on the master branch and the working branch
12:40:37 [kaz]
... on the working branch, will put the contents from the MD files into the index.html file
12:41:24 [kaz]
... let's see an example of the TD repo
12:41:53 [kaz]
... or the architecture
12:42:22 [kaz]
-> https://w3c.github.io/wot-architecture/ Arechitecture draft on GitHub
12:43:09 [kaz]
mm: we have summary in the main docs
12:43:46 [kaz]
... remove the Editor's note and put text that we're working on a separate security doc
12:44:48 [kaz]
mm: let's go back to the prev minutes
12:44:51 [kaz]
-> https://www.w3.org/2017/09/11-wot-sec-minutes.html prev minutes
12:44:58 [kaz]
mm: CSS file for a WG Note
12:45:38 [kaz]
kaz: still investigating
12:47:04 [kaz]
... but we can put NOTE instead of WD/ED for respec
12:47:15 [kaz]
mm: will also see that
12:47:45 [kaz]
... can we accept the minutes?
12:47:51 [kaz]
(no objections)
12:47:54 [kaz]
mm: ok
12:48:22 [kaz]
-> https://www.w3.org/TR/EARL10-Schema/ example of WG Note
12:49:21 [kaz]
i/let's/topic: Previous minutes/
12:50:09 [kaz]
topic: Security draft
12:50:15 [kaz]
mm: Abstract is missing
12:50:34 [kaz]
... Elena, do you want to put a stab?
12:51:13 [kaz]
... it's the first thing people will read
12:52:12 [kaz]
... we should submit pull requests for the structure and the individual sections
12:52:34 [kaz]
... each section can have one pull request
12:52:49 [kaz]
... will do mechanical edit to include MD file content
12:53:09 [kaz]
... and Elena will look into the Abstract
12:53:23 [kaz]
... and then section restructure
12:53:43 [kaz]
... if there is any conflict, we'll sort that out
12:54:52 [kaz]
er: comments welcome for the structure
12:55:01 [kaz]
mm: where the best practices come from
12:56:57 [barryleiba]
barryleiba has left #wot-sec
13:02:39 [kaz]
https://rawgit.com/ereshetova/wot-security/working/index.html#threat-model-and-security-objectives
13:05:47 [kaz]
[adjourned]
13:05:54 [kaz]
rrsagent, make log public
13:06:01 [kaz]
rrsagent, draft minutes
13:06:01 [RRSAgent]
I have made the request to generate http://www.w3.org/2017/09/18-wot-sec-minutes.html kaz
14:22:34 [Zakim]
Zakim has left #wot-sec