10:07:43 <RRSAgent> RRSAgent has joined #wot-arch
10:07:47 <RRSAgent> logging to https://www.w3.org/2023/04/13-wot-arch-irc
10:08:53 <kaz> present+ Kaz_Ashimura, Michael_Lagally, Ege_Korkan, Kunihiko_Toumura, Michael_McCool, Ryuichi_Matsukura, Tomoaki_Mizushim
10:09:00 <ryuichi> ryuichi has joined #wot-arch
10:09:58 <kaz> present- Tomoaki_Mizushim
10:10:03 <kaz> present+ Tomoaki_Mizushima
10:11:32 <kaz> scribenick: Ege
10:11:43 <kaz> rrsagent, make log public
10:11:47 <kaz> rrsagent, draft minutes
10:11:48 <RRSAgent> I have made the request to generate https://www.w3.org/2023/04/13-wot-arch-minutes.html kaz
10:11:55 <mlagally> mlagally has joined #wot-arch
10:12:01 <ktoumura> ktoumura has joined #wot-arch
10:12:12 <Ege> topic: Minutes Review
10:12:18 <kaz> agenda: https://www.w3.org/WoT/IG/wiki/WG_WoT_Architecture_WebConf#Architecture_April_13th.2C_2023
10:12:26 <kaz> -> https://www.w3.org/2023/04/06-wot-arch-minutes.html Apr-6
10:12:40 <Ege> ml: anything to change?
10:13:40 <Ege> mm: there is an unintended pr merged, I think. I need to check what happened
10:15:05 <Ege> mm: fine with me
10:15:12 <Ege> ml: minutes are approved
10:15:18 <kaz> i|fine|-> https://github.com/w3c/wot-architecture/issues/903 issue 903 - Verify DTLS textual changes|
10:15:36 <kaz> i/fine wi/ml: what about the minutes themselves?/
10:15:44 <kaz> i/what/sribenick: kaz/
10:15:50 <kaz> i/fine/scribenick: Ege/
10:15:53 <Ege> topic: At Risk Assertions Presentation
10:15:56 <kaz> rrsagent, draft minutes
10:15:58 <RRSAgent> I have made the request to generate https://www.w3.org/2023/04/13-wot-arch-minutes.html kaz
10:16:18 <kaz> chair: Lagally
10:16:30 <kaz> s/sribe/scribe/
10:16:32 <kaz> rrsagent, draft minutes
10:16:34 <RRSAgent> I have made the request to generate https://www.w3.org/2023/04/13-wot-arch-minutes.html kaz
10:16:44 <kaz> meeting: WoT Architecture
10:16:54 <Ege> mm: there has been some updates already, we will have PRs to merge before testfest
10:17:16 <kaz> i|there|-> https://docs.google.com/presentation/d/16Ow5rPjnojdl693pqkOhoc5bNCBIMOYZvJQC9wHZGsk/edit?usp=sharing Slides on Architecture at-risk features|
10:17:20 <kaz> rrsagent, draft minutes
10:17:21 <RRSAgent> I have made the request to generate https://www.w3.org/2023/04/13-wot-arch-minutes.html kaz
10:17:41 <Ege> mm: here are the atrisk features
10:17:45 <Ege> ... we have 9 left
10:18:21 <Ege> ... I have removed from list one assertion
10:18:24 <mlagally> q+
10:18:31 <Ege> ... they are all under security or privacy
10:19:21 <Ege> ml: was it implemented or not needed?
10:19:24 <Ege> mm: it was implemented
10:19:35 <Ege> ... also I have created some relevant issues
10:20:14 <Ege> mm: there are some that are easy to implement
10:20:43 <Ege> ... some are difficult and some need more explanation
10:21:38 <Ege> q+
10:21:57 <Ege> subtopic: segmented network
10:21:58 <Ege> ack ml
10:22:14 <Ege> mm: this is about segmenting the network instead of device
10:22:54 <Ege> ... this is system level security
10:23:19 <mlagally> q+
10:23:49 <Ege> ek: we do not have any optional assertions, not relevant for testfest
10:24:08 <Ege> ml: I do not understand the first slide
10:24:21 <kaz> q+
10:24:26 <Ege> ml: we should change the first sentence without changing the meaning
10:24:33 <Ege> mm: in the context it makes sense
10:25:13 <Ege> ml: at least a comma
10:25:50 <Ege> ml: what does implicit access control mean?
10:26:03 <Ege> mm: not the device but the network providing access control
10:26:48 <Ege> ml: what do we try to do here? Isolate entities in the network?
10:27:27 <Ege> mm: these are mitigations to risks
10:27:56 <kaz> q?
10:29:15 <kaz> ack e
10:29:17 <kaz> ack ml
10:29:58 <Ege> ek: happens with smart speakers a lot
10:30:39 <Ege> ack k
10:31:39 <kaz> kaz: note that
10:32:21 <Ege> subtopic: arch-security-consideration-tls-recommended-priv
10:32:42 <Ege> mm: it is a bit annoying but possible
10:32:54 <kaz> s/that/that one of the main purposes of the Dev Meeting is clarifying what we really meant for each assertion. Given we ourselves are not 100% sure about some of the assertions, we should add further clarification (e.g., as Editor's Notes) back to the specifications./
10:33:07 <kaz> i/one of/scribenick: kaz/
10:33:13 <Ege> ... professional developments generally do it
10:33:14 <kaz> i/it is a/scribenick: Ege/
10:33:17 <Ege> q+
10:33:56 <Ege> ek: I have added that saywot implements it
10:34:06 <kaz> ack k
10:34:08 <kaz> ack e
10:34:12 <Ege> subtopic: arch-security-consideration-use-psk
10:34:21 <Ege> mm: we have a wording issue here
10:35:18 <Ege> ... we should use certificates
10:35:34 <Ege> ... if we cannot change it editorially, we should change it to informative
10:36:19 <Ege> subtopic: arch-security-consideration-dtls-1-3
10:36:35 <Ege> mm: dtls 1.3 disallows some crypto suites
10:36:51 <Ege> s/dtls/tls
10:37:02 <Ege> ... however no libraries for dtls exist yet
10:37:05 <Ege> q+
10:37:15 <mlagally> q+
10:37:53 <kaz> q?
10:38:32 <Ege> ek: http/3 uses quic over udp so we can get more adoption
10:39:07 <Ege> mm: interesting, let's follow up
10:39:15 <kaz> s/quic/QUIC/
10:39:20 <kaz> s/udp/UDP/
10:39:30 <kaz> ack e
10:39:32 <Ege> ml: it is good to have at least dtls 1.2
10:39:32 <kaz> ack ml
10:39:40 <kaz> s/dtls/DTLS/
10:39:48 <Ege> mm: we have that one passing already, this is a bit of a stretch goal
10:40:41 <Ege> ml: how about recommending DTLS 1.2?
10:40:50 <Ege> mm: it has known problems
10:42:26 <Ege> subtopic: arch-security-consideration-use-hal
10:42:41 <Ege> mm: we should have more of this, since avoid direct is linked to it
10:43:55 <Ege> subtopic: arch-security-consideration-hal-refuse-unsafe
10:44:32 <Ege> mm: I have this problem at home where a led strip and if brightness of all leds are at full, you have hardware problems
10:44:40 <Ege> ... HAL should restrict it
10:45:20 <kaz> q+
10:45:37 <Ege> ml: this is a fuzzy assertion, difficult to implement and understand
10:45:58 <Ege> q+
10:46:14 <Ege> mm: we can make it informative
10:46:41 <kaz> ack k
10:46:58 <Ege> kaz: we have to explain what a HAL is
10:47:08 <Ege> mm: we can add informative text here
10:47:31 <kaz> s/we have/Also unsure about what "Hardware Abstraction Layer" means. We have/
10:48:03 <kaz> a/a HAL is/"Hardware Abstraction Layer" means here./
10:48:09 <kaz> rrsagent, draft minutes
10:48:10 <RRSAgent> I have made the request to generate https://www.w3.org/2023/04/13-wot-arch-minutes.html kaz
10:48:38 <mlagally> q+
10:49:33 <Ege> ek: we have to approach these recommendations better for the next charter
10:51:27 <Ege> ml: we should avoid this discussion for the next charter
10:51:38 <kaz> q?
10:51:44 <kaz> ack e
10:51:45 <kaz> ack m
10:51:59 <Ege> subtopic: arch-security-consideration-secure-update
10:52:56 <Ege> mm: We need TLS or other secure mechanisms to do the update
10:54:11 <Ege> ml: how about removing post manufacturing
10:54:11 <Ege> mm: this is about after deployment
10:54:39 <Ege> subtopic: arch-security-consideration-communication-platform
10:55:31 <Ege> mm: there is a wording issue here, it should be a platformq
10:55:41 <Ege> mm: ege's comment makes sense here
10:56:31 <kaz> q?
10:56:33 <Ege> mm: I think that the implementation that does this is my ocf device
10:56:46 <Ege> subtopic: arch-privacy-consideration-explicit-pii
10:57:10 <Ege> mm: just the fact that TDs exist, have a risk of identifying a person
10:57:58 <Ege> mm: this can be satisfied by TDD implementations
10:59:38 <Ege> topic: PRs
10:59:44 <Ege> subtopic: PR 902
11:00:40 <Ege> ml: can we merge this or needs review?
11:01:04 <Ege> ml: also should we generate manual csv file?
11:01:53 <kaz> q+
11:03:02 <Ege> ek: how to prepare for developer meetup next time. This needs to be decided
11:03:25 <Ege> mm: for discovery, we can look in the first 10 minutes if others join
11:04:04 <kaz> ack k
11:04:49 <Ege> kaz: so when to have this discussion about this preparation work
11:04:59 <kaz> s/this/the/
11:05:12 <kaz> s/so when/we're already out of time, so when/
11:08:41 <kaz> rrsagent, draft minutes
11:08:43 <RRSAgent> I have made the request to generate https://www.w3.org/2023/04/13-wot-arch-minutes.html kaz
13:33:25 <Zakim> Zakim has left #wot-arch