IRC log of wot-sec on 2021-05-24

Timestamps are in UTC.

12:04:05 [RRSAgent]
RRSAgent has joined #wot-sec
12:04:05 [RRSAgent]
logging to
12:04:51 [citrullin]
citrullin has joined #wot-sec
12:04:54 [kaz]
Meeting: WoT Security
12:05:35 [kaz]
present+ Kaz_Ashimura, Michael_McCool, Phlipp_Blum
12:07:30 [Mizushima]
Mizushima has joined #wot-sec
12:09:21 [kaz]
topic: Minutes
12:09:30 [kaz]
-> May-17
12:09:32 [kaz]
12:10:17 [kaz]
12:10:25 [kaz]
present+ Tomoaki_Mizushima
12:13:41 [kaz]
topic: WoT Security Best Practices
12:14:00 [kaz]
-> wot-security-best-practices Issue 9 - Publish as a Note
12:14:18 [kaz]
kaz: we've never published the document as an official group Note
12:15:28 [kaz]
mm: for the consistency with the GitHub repo's name, we should use "wot-security-best-practices" as the shortname
12:16:01 [kaz]
pb: makes sense
12:16:13 [kaz]
kaz: right
12:16:55 [kaz]
-> McCool adds comments on the Isue 9
12:17:00 [kaz]
12:18:09 [kaz]
rrsagent, make log public
12:18:14 [kaz]
rrsagent, draft minutes
12:18:14 [RRSAgent]
I have made the request to generate kaz
12:19:52 [kaz]
mm: adds "Call for Resolution to publish update" for Security and Privacy within the June vF2F agenda
12:20:53 [kaz]
->,_June_2021#Proposed_Topics Proposed Topics section of the vF2F wiki
12:22:55 [kaz]
-> another comment on the planning to the Issue 9
12:24:29 [kaz]
mm: we need to do some general clean up for the draft
12:24:44 [kaz]
-> wot-security-best-practices ED
12:30:15 [kaz]
mm: (creates a new issue on secure transport)
12:33:49 [kaz]
-> wot-security-best-practices Issue 13 - Update Security Transport
12:34:32 [kaz]
mm: need to talk with Ben about what best practice makes sense here
12:36:20 [kaz]
... we basically recommend OAuth2 flow
12:37:36 [kaz]
... (adds some more comments to Issue 5 as well)
12:37:57 [kaz]
-> wot-security-best-practices Issue 5 - Recommended OAuth2 flows
12:38:54 [kaz]
mm: Section 2.1 of the Best Practices document describes the OAuth2 Flows
12:39:06 [kaz]
-> 2.1 OAuth2 Flows
12:40:59 [kaz]
mm: (creates another Issue on TD Signatures)
12:41:18 [kaz]
-> wot-security-best-practices Issue 14 - TD Signatures
12:46:29 [kaz]
mm: in general, the "object security" section is troublesome since we have no direct experience implementing a system with it
12:47:06 [kaz]
... so maybe we should just remove this section for now...
12:47:30 [kaz]
-> 4. Object Security
12:48:29 [kaz]
kaz: we can leave it as is and add an Editor's Note for the publication of the group Note
12:48:32 [kaz]
mm: yeah
12:49:28 [kaz]
pb: (also like that idea)
12:50:11 [kaz]
mm: regarding the section "5. Secure Update and Post Manufacturing Provisioning"
12:50:37 [kaz]
s/"5. Secure Update and Post Manufacturing Provisioning/7. Summary/
12:50:48 [kaz]
... currently it's empty
12:51:34 [kaz]
-> wot-security-best-practices Issue 15 - Add or Remove Summary Section
12:51:57 [kaz]
mm: and should expand the Acknowledgements section
12:52:32 [kaz]
-> wot-security-best-practices Issue 16 - Expand Acknowledgements
12:52:44 [kaz]
mm: we're not ready for publishing the document yet
12:53:30 [kaz]
... need more improvement
12:53:46 [kaz]
... (adds some more comments to Issue 5 again)
12:54:24 [kaz]
-> McCool's new comments for Issue 5
12:54:58 [kaz]
mm: Move the current OAuth2 review into an appendix
12:54:58 [kaz]
... Pull out the pseudo-RFC2119 recommendations into the main body and reword as necessary...
12:55:44 [kaz]
... (and then make the "call for resolution" for security during vF2F to "initial call for resolution")
12:56:30 [kaz]
->,_June_2021#Proposed_Topics Security and Privacy topics within the Proposed Topics section on the vF2F wiki
12:58:26 [kaz]
mm: would like to see what the acceptable practices for secure transport
12:58:30 [kaz]
12:58:36 [kaz]
rrsagent, draft minutes
12:58:36 [RRSAgent]
I have made the request to generate kaz
12:59:07 [kaz]
Chair: McCool
12:59:08 [kaz]
rrsagent, draft minutes
12:59:08 [RRSAgent]
I have made the request to generate kaz
14:39:17 [Zakim]
Zakim has left #wot-sec