IRC log of wot-sec on 2021-02-15

Timestamps are in UTC.

13:02:51 [RRSAgent]
RRSAgent has joined #wot-sec
13:02:51 [RRSAgent]
logging to https://www.w3.org/2021/02/15-wot-sec-irc
13:03:02 [kaz]
Meeting: WoT Security
13:03:03 [citrullin]
citrullin has joined #wot-sec
13:03:07 [kaz]
chair: McCool
13:03:30 [kaz]
present+ Kaz_Ashimura, Cristiano_Aguzzi, Michael_Mcool, Oliver_Pfaff
13:03:33 [citrullin]
Can someone send me the webex link?
13:04:29 [citrullin]
present+ Philipp-Alexander_Blum
13:05:12 [cris_]
cris_ has joined #wot-sec
13:05:44 [McCool]
McCool has joined #wot-sec
13:06:25 [McCool]
agenda: https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#15_February_2021
13:08:21 [kaz]
scribenick: cris_
13:08:39 [cris_]
topic: previous minutes
13:09:44 [cris_]
mc: we discussed management API on scripting api. We need some text to describe what is out of the scope in scripting api
13:09:59 [kaz]
i|discussed|-> https://www.w3.org/2021/02/01-wot-sec-minutes.html Feb-1|
13:10:36 [cris_]
... I also opened an issue in discovery. we'll look at it next
13:10:47 [cris_]
s/next/later/
13:11:03 [cris_]
... finally APA
13:11:14 [kaz]
present+ Tomoaki_Mizushima
13:11:19 [cris_]
... any objections for accepting the minutes?
13:11:32 [cris_]
... ok we'll publish these
13:11:36 [cris_]
... any updates?
13:11:40 [cris_]
... none
13:11:49 [cris_]
topic: issues
13:12:12 [cris_]
mc: I'll go through open issues in the security repo
13:13:18 [cris_]
mc: Lagally want a writeup about canocalization of TDs. It is related to #166
13:15:28 [cris_]
cris: I opened some issues about security and management apis on scripting api, we could check them out
13:16:41 [cris_]
mc: yeah true, meanwhile I notice some problems with the published minutes. Links has a trailing column which cause an error
13:17:12 [cris_]
s/has a/have a/
13:17:44 [cris_]
kaz: fixing
13:18:03 [cris_]
mc: Ok we'll check them later.
13:18:18 [cris_]
topic issue 166
13:18:38 [cris_]
kaz: btw links fixed
13:19:15 [kaz]
-> https://github.com/w3c/wot-security/issues/166 wot-security issue 166 - Add integrity protection (proof section) to TDs
13:19:25 [kaz]
rrsagent, make log public
13:19:30 [kaz]
rrsagent, draft minutes
13:19:30 [RRSAgent]
I have made the request to generate https://www.w3.org/2021/02/15-wot-sec-minutes.html kaz
13:19:56 [cris_]
mc: we disscussed about minimum requirement for constraint devices. We focus about the minimum memory requirement to handle a TD. We nailed down the discussion to the size of the TD.
13:20:21 [citrullin]
+q Still having an issue to find use-cases where it makes sense to process TDs on constrained devices.
13:20:31 [cris_]
... we concluded to have a min size of 64Kb
13:20:38 [citrullin]
+q
13:23:24 [cris_]
mc: the problem is signing needs canonicalization but smal devices might not be able to perform the process.
13:26:05 [cris_]
cris: canonicalization could happen at development time.
13:26:43 [cris_]
mc: we could even make canonicalization part of the sign process but it will burden a constraint device.
13:29:22 [cris_]
philipp: 64kb might not be enough.
13:29:42 [cris_]
mc: we found libraries capable to handle our requirements in 64Kb
13:29:45 [cris_]
q?
13:30:22 [McCool]
https://github.com/w3c/wot-testing/blob/main/events/2021.03.Online/reference/hw.md
13:30:33 [cris_]
mc: we could move this question to the profile call
13:30:47 [kaz]
s/https/-> https/
13:31:06 [kaz]
s/hw.md/hw.md WoT Reference Platform/
13:33:40 [cris_]
mc: the trouble with small devices is that we might not have a communication hardware stack. however we were able to implement wot in small devices like esp32
13:35:02 [cris_]
Philipp: I currently working with XXX that has ZZZ RAM and I have able to expose a TD. However, consuming a TD is surely too much.
13:35:18 [cris_]
s/XXX/Nordic NRF-52832/
13:35:33 [cris_]
s/ZZZ/32 Kb/
13:36:19 [cris_]
cris: why consuming a TD is too much? can you read it in streaming mode?
13:36:46 [cris_]
Philipp: I need to parse JSON which kinda heavy.
13:36:56 [cris_]
... plus I don't see the use case for this
13:37:12 [cris_]
... btw the Nordic has also hardware accelaration
13:37:32 [cris_]
... for signing and maybe SSL
13:38:23 [cris_]
cris: I agree that the use case is a little bit off.
13:39:55 [cris_]
... using a JSON streaming parse you might be able to consume a TD
13:40:25 [citrullin]
Agree, that sounds more reasonable.
13:40:31 [cris_]
mc: Intresting, about validation process I'm noting down that before signing a TD should be valid
13:40:54 [cris_]
s/parse/parser/
13:41:54 [cris_]
mc: I think there's some use cases for consuming TDs in sensors. I'm noting down a peer-to-peer pairing example in issue #166
13:45:20 [cris_]
cris: btw canonicalization could help streaming parser to optimize searching of particular conditions
13:45:27 [cris_]
mc: true, noting that down
13:46:03 [cris_]
... also having standard semantic types could be useful.
13:47:43 [cris_]
... related to the peer-to-peer example we could even think about filter parameters in the direct discovery process.
13:49:10 [cris_]
... in short if you know exactly what you're looking for you could extract it without having the whole TD in memory
13:51:56 [cris_]
... does this description convince you, Philipp?
13:52:23 [cris_]
Philipp: Probably I need to read more about business environments but yes
13:52:33 [cris_]
... streaming makes for sure sense
13:52:40 [cris_]
... a lot things to think about
13:53:22 [cris_]
mc: we still have a lot of todos here. One is to survey hardware accelerators. TDs should be compatible whit such a hardware
13:53:41 [cris_]
... Philipp could you please do this? at least for you device?
13:53:53 [cris_]
Philipp: ok
13:54:58 [cris_]
mc: chain of proof is flexible about the algorithm used. So we just need to choose one according to the survey
13:55:09 [kaz]
rrsagent, make log public
13:55:40 [cris_]
topic: Geolocation
13:57:06 [McCool]
https://github.com/w3c/wot-discovery/pull/114
13:57:08 [cris_]
mc: working on #114
13:59:54 [cris_]
... there's a section about privacy. I have to be careful when sharing locations. It can be even inferred by a registration in a particular TD
14:00:27 [kaz]
rrsagent, draft minutes
14:00:27 [RRSAgent]
I have made the request to generate https://www.w3.org/2021/02/15-wot-sec-minutes.html kaz
14:00:42 [cris_]
... also history about a location could be used to infer velocity and learn about the fact the user was on a vehicle or not.
14:01:37 [kaz]
rrsagent, draft minutes
14:01:37 [RRSAgent]
I have made the request to generate https://www.w3.org/2021/02/15-wot-sec-minutes.html kaz
14:02:48 [kaz]
[adjourned]
14:02:50 [kaz]
rrsagent, draft minutes
14:02:50 [RRSAgent]
I have made the request to generate https://www.w3.org/2021/02/15-wot-sec-minutes.html kaz
14:03:15 [cris_]
https://github.com/w3c/wot-scripting-api/issues/299
14:03:34 [cris_]
https://github.com/w3c/wot-scripting-api/pull/289#issuecomment-775182073
14:03:45 [cris_]
https://github.com/w3c/wot-scripting-api/issues/298
14:04:48 [McCool]
ok, great
14:04:56 [McCool]
captured, we can discuss more next time
14:05:11 [McCool]
thanks a lot, ttyl
14:05:17 [cris_]
nice! see you in the next call
14:55:20 [citrullin]
citrullin has joined #wot-sec
15:39:35 [Zakim]
Zakim has left #wot-sec