IRC log of wot-sec on 2021-02-15
Timestamps are in UTC.
- 13:02:51 [RRSAgent]
- RRSAgent has joined #wot-sec
- 13:02:51 [RRSAgent]
- logging to https://www.w3.org/2021/02/15-wot-sec-irc
- 13:03:02 [kaz]
- Meeting: WoT Security
- 13:03:03 [citrullin]
- citrullin has joined #wot-sec
- 13:03:07 [kaz]
- chair: McCool
- 13:03:30 [kaz]
- present+ Kaz_Ashimura, Cristiano_Aguzzi, Michael_Mcool, Oliver_Pfaff
- 13:03:33 [citrullin]
- Can someone send me the webex link?
- 13:04:29 [citrullin]
- present+ Philipp-Alexander_Blum
- 13:05:12 [cris_]
- cris_ has joined #wot-sec
- 13:05:44 [McCool]
- McCool has joined #wot-sec
- 13:06:25 [McCool]
- agenda: https://www.w3.org/WoT/IG/wiki/IG_Security_WebConf#15_February_2021
- 13:08:21 [kaz]
- scribenick: cris_
- 13:08:39 [cris_]
- topic: previous minutes
- 13:09:44 [cris_]
- mc: we discussed management API on scripting api. We need some text to describe what is out of the scope in scripting api
- 13:09:59 [kaz]
- i|discussed|-> https://www.w3.org/2021/02/01-wot-sec-minutes.html Feb-1|
- 13:10:36 [cris_]
- ... I also opened an issue in discovery. we'll look at it next
- 13:10:47 [cris_]
- s/next/later/
- 13:11:03 [cris_]
- ... finally APA
- 13:11:14 [kaz]
- present+ Tomoaki_Mizushima
- 13:11:19 [cris_]
- ... any objections for accepting the minutes?
- 13:11:32 [cris_]
- ... ok we'll publish these
- 13:11:36 [cris_]
- ... any updates?
- 13:11:40 [cris_]
- ... none
- 13:11:49 [cris_]
- topic: issues
- 13:12:12 [cris_]
- mc: I'll go through open issues in the security repo
- 13:13:18 [cris_]
- mc: Lagally want a writeup about canocalization of TDs. It is related to #166
- 13:15:28 [cris_]
- cris: I opened some issues about security and management apis on scripting api, we could check them out
- 13:16:41 [cris_]
- mc: yeah true, meanwhile I notice some problems with the published minutes. Links has a trailing column which cause an error
- 13:17:12 [cris_]
- s/has a/have a/
- 13:17:44 [cris_]
- kaz: fixing
- 13:18:03 [cris_]
- mc: Ok we'll check them later.
- 13:18:18 [cris_]
- topic issue 166
- 13:18:38 [cris_]
- kaz: btw links fixed
- 13:19:15 [kaz]
- -> https://github.com/w3c/wot-security/issues/166 wot-security issue 166 - Add integrity protection (proof section) to TDs
- 13:19:25 [kaz]
- rrsagent, make log public
- 13:19:30 [kaz]
- rrsagent, draft minutes
- 13:19:30 [RRSAgent]
- I have made the request to generate https://www.w3.org/2021/02/15-wot-sec-minutes.html kaz
- 13:19:56 [cris_]
- mc: we disscussed about minimum requirement for constraint devices. We focus about the minimum memory requirement to handle a TD. We nailed down the discussion to the size of the TD.
- 13:20:21 [citrullin]
- +q Still having an issue to find use-cases where it makes sense to process TDs on constrained devices.
- 13:20:31 [cris_]
- ... we concluded to have a min size of 64Kb
- 13:20:38 [citrullin]
- +q
- 13:23:24 [cris_]
- mc: the problem is signing needs canonicalization but smal devices might not be able to perform the process.
- 13:26:05 [cris_]
- cris: canonicalization could happen at development time.
- 13:26:43 [cris_]
- mc: we could even make canonicalization part of the sign process but it will burden a constraint device.
- 13:29:22 [cris_]
- philipp: 64kb might not be enough.
- 13:29:42 [cris_]
- mc: we found libraries capable to handle our requirements in 64Kb
- 13:29:45 [cris_]
- q?
- 13:30:22 [McCool]
- https://github.com/w3c/wot-testing/blob/main/events/2021.03.Online/reference/hw.md
- 13:30:33 [cris_]
- mc: we could move this question to the profile call
- 13:30:47 [kaz]
- s/https/-> https/
- 13:31:06 [kaz]
- s/hw.md/hw.md WoT Reference Platform/
- 13:33:40 [cris_]
- mc: the trouble with small devices is that we might not have a communication hardware stack. however we were able to implement wot in small devices like esp32
- 13:35:02 [cris_]
- Philipp: I currently working with XXX that has ZZZ RAM and I have able to expose a TD. However, consuming a TD is surely too much.
- 13:35:18 [cris_]
- s/XXX/Nordic NRF-52832/
- 13:35:33 [cris_]
- s/ZZZ/32 Kb/
- 13:36:19 [cris_]
- cris: why consuming a TD is too much? can you read it in streaming mode?
- 13:36:46 [cris_]
- Philipp: I need to parse JSON which kinda heavy.
- 13:36:56 [cris_]
- ... plus I don't see the use case for this
- 13:37:12 [cris_]
- ... btw the Nordic has also hardware accelaration
- 13:37:32 [cris_]
- ... for signing and maybe SSL
- 13:38:23 [cris_]
- cris: I agree that the use case is a little bit off.
- 13:39:55 [cris_]
- ... using a JSON streaming parse you might be able to consume a TD
- 13:40:25 [citrullin]
- Agree, that sounds more reasonable.
- 13:40:31 [cris_]
- mc: Intresting, about validation process I'm noting down that before signing a TD should be valid
- 13:40:54 [cris_]
- s/parse/parser/
- 13:41:54 [cris_]
- mc: I think there's some use cases for consuming TDs in sensors. I'm noting down a peer-to-peer pairing example in issue #166
- 13:45:20 [cris_]
- cris: btw canonicalization could help streaming parser to optimize searching of particular conditions
- 13:45:27 [cris_]
- mc: true, noting that down
- 13:46:03 [cris_]
- ... also having standard semantic types could be useful.
- 13:47:43 [cris_]
- ... related to the peer-to-peer example we could even think about filter parameters in the direct discovery process.
- 13:49:10 [cris_]
- ... in short if you know exactly what you're looking for you could extract it without having the whole TD in memory
- 13:51:56 [cris_]
- ... does this description convince you, Philipp?
- 13:52:23 [cris_]
- Philipp: Probably I need to read more about business environments but yes
- 13:52:33 [cris_]
- ... streaming makes for sure sense
- 13:52:40 [cris_]
- ... a lot things to think about
- 13:53:22 [cris_]
- mc: we still have a lot of todos here. One is to survey hardware accelerators. TDs should be compatible whit such a hardware
- 13:53:41 [cris_]
- ... Philipp could you please do this? at least for you device?
- 13:53:53 [cris_]
- Philipp: ok
- 13:54:58 [cris_]
- mc: chain of proof is flexible about the algorithm used. So we just need to choose one according to the survey
- 13:55:09 [kaz]
- rrsagent, make log public
- 13:55:40 [cris_]
- topic: Geolocation
- 13:57:06 [McCool]
- https://github.com/w3c/wot-discovery/pull/114
- 13:57:08 [cris_]
- mc: working on #114
- 13:59:54 [cris_]
- ... there's a section about privacy. I have to be careful when sharing locations. It can be even inferred by a registration in a particular TD
- 14:00:27 [kaz]
- rrsagent, draft minutes
- 14:00:27 [RRSAgent]
- I have made the request to generate https://www.w3.org/2021/02/15-wot-sec-minutes.html kaz
- 14:00:42 [cris_]
- ... also history about a location could be used to infer velocity and learn about the fact the user was on a vehicle or not.
- 14:01:37 [kaz]
- rrsagent, draft minutes
- 14:01:37 [RRSAgent]
- I have made the request to generate https://www.w3.org/2021/02/15-wot-sec-minutes.html kaz
- 14:02:48 [kaz]
- [adjourned]
- 14:02:50 [kaz]
- rrsagent, draft minutes
- 14:02:50 [RRSAgent]
- I have made the request to generate https://www.w3.org/2021/02/15-wot-sec-minutes.html kaz
- 14:03:15 [cris_]
- https://github.com/w3c/wot-scripting-api/issues/299
- 14:03:34 [cris_]
- https://github.com/w3c/wot-scripting-api/pull/289#issuecomment-775182073
- 14:03:45 [cris_]
- https://github.com/w3c/wot-scripting-api/issues/298
- 14:04:48 [McCool]
- ok, great
- 14:04:56 [McCool]
- captured, we can discuss more next time
- 14:05:11 [McCool]
- thanks a lot, ttyl
- 14:05:17 [cris_]
- nice! see you in the next call
- 14:55:20 [citrullin]
- citrullin has joined #wot-sec
- 15:39:35 [Zakim]
- Zakim has left #wot-sec