[Fud] Charter Text
Hannes Tschofenig <hannes.tschofenig@gmx.net> Fri, 21 July 2017 21:53 UTC
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: fud@ietfa.amsl.com
Delivered-To: fud@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CFCF21201F2 for <fud@ietfa.amsl.com>; Fri, 21 Jul 2017 14:53:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.621
X-Spam-Level:
X-Spam-Status: No, score=-2.621 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KgDp7vfywWdt for <fud@ietfa.amsl.com>; Fri, 21 Jul 2017 14:53:01 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ED69C124B0A for <fud@ietf.org>; Fri, 21 Jul 2017 14:53:00 -0700 (PDT)
Received: from [192.168.91.200] ([80.92.121.224]) by mail.gmx.com (mrgmx102 [212.227.17.168]) with ESMTPSA (Nemesis) id 0MEtba-1dN4zI3FCk-00G3iE for <fud@ietf.org>; Fri, 21 Jul 2017 23:52:58 +0200
To: fud@ietf.org
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Openpgp: id=071A97A9ECBADCA8E31E678554D9CEEF4D776BC9
Message-ID: <8f8528da-d1eb-08c7-b3fe-b1f4febed595@gmx.net>
Date: Fri, 21 Jul 2017 23:52:40 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Provags-ID: V03:K0:00x4nnI0uOiI9DlNLt2ExYEnoqCN8h5BadoN/h1LDr9FmT1iFso RQEf0QeMLYvn4UASG/hpXnig0ZrD0ktPFfSjeGu2JQTD1c1DW3QpjzMIwur6Ii2yRtnHXZZ sSii5/z1zUsba1IG/6zOqDVVRs4gaxrF7uspysf3r56+F1U4Kglry18rGtzSJCZPS+1TKXn U/KVubW0Wv1wRgR1hvKcg==
X-UI-Out-Filterresults: notjunk:1;V01:K0:GoYiBjFXnrk=:90mEgt4nc04JfI8SAF+MQ6 0h6arULtbhAOuFsDBVhoS2iDivGsS9nVJMvj8aEygwNg+eWGpZkKoYr174IfZC3Yf5R32/wwS 7jnFlfTxjWlbNvGeeWQBIBxlpXU/WyOw2JzuYydK+WSxj+psWGKkeDx970Gs15UhAfLcJL0Oz XUHxS37brvFRSSZY0jbQYC0tQD99VSmoKEeNtEIGIyF93dJVH8nx/nwJwr+kEW2CW+QHfUVR+ jQDOf9coM5BNSEh5gvULEJXCyRwqaZfrNgxbsRR+VV85WPxDD8ZdkzWw1B8vaY6iSFBzogvaX MY6QFuAs3XE0lAFxcELU1hL6ir6+Ax+v5ByS7lDyqVf5q/9Sn+b/Oix4mcTbb/eQ6SahcXRZZ HqKcriI8m4KWlnABPj3PBs1JV2DSXyFg4O/fWSLdfMyvILtJvBGKkZ6MMcrDxHxcxJmY51T9E U9126Tz11gUsBUHHF/+wxklCNXzoTgjMjsjNVH+OLhGAIrtxi7Awm3kbKgLPLpClRtch1CIMJ pwXBo4iIooBxXNiMZ069VxbtTkKP9nSZaFbIEg6dfZWD+k13sjhug5Q2qienf7XK+G68Hg6rm RNKhN6X8FZrCqAq3w2ikfRtSiKsu7utWW2dpOsjT59iHtMrREBBHQkK0r3tm8iL1cajvkRN1D CwriLZtaxXzWMScu+0MwWz6jHGcM/FExIPlv7GH5KY8dZSdM5599+fjzLDM005UgryYS0thef 0U23/opr6uwxlC+P1jGl6vK3diJio6sr7PwF0Q1npuYoeY+dAjPgKWB8fKBdG5Pb+5C/U7ary 3eQF3bX3Nel2d8yM4YnwfFzoYMITMnVXuAdruty9043JqCS1Mc=
Archived-At: <https://mailarchive.ietf.org/arch/msg/fud/0kzIEC0xwZWeZP18-zSfCODuq50>
Subject: [Fud] Charter Text
X-BeenThere: fud@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: FUD - Firmware Updating Description <fud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/fud>, <mailto:fud-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/fud/>
List-Post: <mailto:fud@ietf.org>
List-Help: <mailto:fud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/fud>, <mailto:fud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Jul 2017 21:53:03 -0000
Here is a strawman proposal for a charter text. Suggestions welcome! ---- Firmware Updating Description (FUD) Vulnerabilities with Internet of Things (IoT) devices have raised the need for a secure firmware update mechanism that is also suitable for constrained devices. Security experts, researchers and regulators recommend that all IoT devices are equipped with such a mechanism. While there are many proprietary firmware update mechanisms in use today there is a lack of an modern interoperable approach of securely updating IoT devices. A firmware update solution consists of several components, including a mechanism to transport firmware images to IoT devices and a manifest that provides meta-data about the firmware image as well as cryptographic information for protecting the firmware image in an end-to-end fashion. With RFC 4018 the IETF standardized a manifest format that uses the Cryptographic Message Syntax (CMS) to protect firmware packages. Since the publication of RFC 4108 more than 10 years have passed and more experience with IoT deployments have lead to additional functionality requiring the work done with RFC 4108 to be revisited. The purpose of this group is to standardize a version 2 of RFC 4108 that reflects best current practices. This group will not define any transport mechanism. In 2016 the Internet Architecture Board organized a workshop on 'Internet of Things (IoT) Software Update (IOTSU)', which took place at Trinity College Dublin, Ireland on the 13th and 14th of June, 2016. The main goal of the workshop was to foster a discussion on requirements, challenges and solutions for bringing software and firmware updates to IoT devices. This workshop also made clear that there are challenges with lack of regulatory requirements, and misaligned incentives. It is nevertheless seen as important to standardize the building blocks that help interested parties to implement and deploy a solid firmware update mechanism. In particular this group aims to publish two documents, namely * an IoT firmware update architecture that includes a description of the involved entities, security threats and assumptions, and * the manifest format itself. This group does not aim to standardize a generic software update mechanism used by rich operating systems, like Linux, but instead focuses on software development practices in the embedded industry. This group will aim to develop a close relationship with silicon vendors and OEMs that develop IoT operating systems. Milestones Dec 2017 Submit "Architecture" document as WG item. Dec 2017 Submit "Manifest Format" specification as WG item. Jul 2018 Submit "Architecture" to the IESG for publication as an Informational RFC. Nov 2018 Submit "Manifest Format" to the IESG for publication as a Proposed Standard. Additional calendar items: Mar 2018 Release initial version of the manifest creation tools as open source. Apr 2018 Release first version of manifest test tool suite as open source. Jun 2018 Release first IoT OS implementation of firmware update mechanisms as open source.
- [Fud] Charter Text Hannes Tschofenig
- Re: [Fud] Charter Text Emmanuel Baccelli
- Re: [Fud] Charter Text Olaf Bergmann
- Re: [Fud] Charter Text Hannes Tschofenig
- Re: [Fud] Charter Text Hannes Tschofenig
- Re: [Fud] Charter Text Olaf Bergmann
- Re: [Fud] Charter Text Hannes Tschofenig
- Re: [Fud] Charter Text Olaf Bergmann
- Re: [Fud] Charter Text Carsten Bormann
- Re: [Fud] Charter Text Thomas Eichinger
- Re: [Fud] Charter Text Russ Housley
- Re: [Fud] Charter Text Hannes Tschofenig
- Re: [Fud] Charter Text Hannes Tschofenig
- Re: [Fud] Charter Text Hannes Tschofenig
- Re: [Fud] Charter Text Russ Housley