Dear all and Michael, I am piggybacking on Michael's last mail on the IoT BCOP document. We have been discussing this topic for a while and we need to go further. Last time, we discussed there was a brief consensus for this subject within RIPE Scope : "/Best Current Operational Practice (BCOP) document in RIPE scope for proactively mitigating IoT attacks/". If there is an alternative opinion, *please express*. There were proposals from Eliot and others, that we should begin with an *outline*. The initial outline was as follows: ------- The threat Some background on device capabilities and limitations Who can do what to improve the situation? Devices CPE gear Upstreams IoT Manufacturers Consumers (let's not ask much) ------- The functionality for controlling the home network traffic would typically include: Insight in all the devices connected to the home network. Possibility to block traffic. End-user friendly GUI and traffic management possibility. Option to have the traffic management outsourced (e.g. to an ISP). Blocking of compromised IoT devices. ------- We could have discussion on the following points: 1. Outline 2. Volunteers (who wish to contribute) 3. Champions (who will lead the work) - We could limit the number of Champions 4. A deadline These are my two cents. Please feel free with your feedback/contributions. Sandoche.