Meeting minutes
Minutes Review
<kaz> Apr-6
Lagally: anything to change?
McCool: there is an unintended pr merged, I think. I need to check what happened
<kaz> issue 903 - Verify DTLS textual changes
Lagally: what about the minutes themselves?
McCool: fine with me
Lagally: minutes are approved
At Risk Assertions Presentation
<kaz> Slides on Architecture at-risk features
McCool: there has been some updates already, we will have PRs to merge before testfest
McCool: here are the atrisk features
… we have 9 left
… I have removed from list one assertion
… they are all under security or privacy
Lagally: was it implemented or not needed?
McCool: it was implemented
… also I have created some relevant issues
McCool: there are some that are easy to implement
… some are difficult and some need more explanation
segmented network
McCool: this is about segmenting the network instead of device
… this is system level security
Ege: we do not have any optional assertions, not relevant for testfest
Lagally: I do not understand the first slide
Lagally: we should change the first sentence without changing the meaning
McCool: in the context it makes sense
Lagally: at least a comma
Lagally: what does implicit access control mean?
McCool: not the device but the network providing access control
Lagally: what do we try to do here? Isolate entities in the network?
McCool: these are mitigations to risks
Ege: happens with smart speakers a lot
Kaz: note that one of the main purposes of the Dev Meeting is clarifying what we really meant for each assertion. Given we ourselves are not 100% sure about some of the assertions, we should add further clarification (e.g., as Editor's Notes) back to the specifications.
arch-security-consideration-tls-recommended-priv
McCool: it is a bit annoying but possible
… professional developments generally do it
Ege: I have added that saywot implements it
arch-security-consideration-use-psk
McCool: we have a wording issue here
… we should use certificates
… if we cannot change it editorially, we should change it to informative
arch-security-consideration-dtls-1-3
McCool: tls 1.3 disallows some crypto suites
… however no libraries for dtls exist yet
Ege: http/3 uses QUIC over UDP so we can get more adoption
McCool: interesting, let's follow up
Lagally: it is good to have at least DTLS 1.2
McCool: we have that one passing already, this is a bit of a stretch goal
Lagally: how about recommending DTLS 1.2?
McCool: it has known problems
arch-security-consideration-use-hal
McCool: we should have more of this, since avoid direct is linked to it
arch-security-consideration-hal-refuse-unsafe
McCool: I have this problem at home where a led strip and if brightness of all leds are at full, you have hardware problems
… "HAL (Hardware Abstraction Layer)" should restrict it
Lagally: this is a fuzzy assertion, difficult to implement and understand
McCool: we can make it informative
Kaz: Also unsure about what "Hardware Abstraction Layer" means. We have to explain what a "Hardware Abstraction Layer" means here.
McCool: we can add informative text here
Ege: we have to approach these recommendations better for the next charter
Lagally: we should avoid this discussion for the next charter
arch-security-consideration-secure-update
McCool: We need TLS or other secure mechanisms to do the update
Lagally: how about removing post manufacturing
McCool: this is about after deployment
arch-security-consideration-communication-platform
McCool: there is a wording issue here, it should be a platformq
McCool: ege's comment makes sense here
McCool: I think that the implementation that does this is my ocf device
arch-privacy-consideration-explicit-pii
McCool: just the fact that TDs exist, have a risk of identifying a person
McCool: this can be satisfied by TDD implementations
PRs
PR 902
Lagally: can we merge this or needs review?
Lagally: also should we generate manual csv file?
Ege: how to prepare for developer meetup next time. This needs to be decided
McCool: for discovery, we can look in the first 10 minutes if others join
Kaz: we're already out of time, so when to have the discussion about this preparation work
Lagally: Let's continue the discussion during the next Architecture call.