[Fud] A few questions / observations

"Smith, Ned" <ned.smith@intel.com> Fri, 15 September 2017 15:29 UTC

Return-Path: <ned.smith@intel.com>
X-Original-To: fud@ietfa.amsl.com
Delivered-To: fud@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 0197E132713 for <fud@ietfa.amsl.com>; Fri, 15 Sep 2017 08:29:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.92
X-Spam-Status: No, score=-6.92 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id i5mNmSLMKXu2 for <fud@ietfa.amsl.com>; Fri, 15 Sep 2017 08:29:48 -0700 (PDT)
Received: from mga01.intel.com (mga01.intel.com []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5FE20132153 for <Fud@ietf.org>; Fri, 15 Sep 2017 08:29:45 -0700 (PDT)
Received: from fmsmga001.fm.intel.com ([]) by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 15 Sep 2017 08:29:31 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.42,397,1500966000"; d="scan'208,217";a="1195481079"
Received: from orsmsx102.amr.corp.intel.com ([]) by fmsmga001.fm.intel.com with ESMTP; 15 Sep 2017 08:29:31 -0700
Received: from orsmsx109.amr.corp.intel.com ([]) by ORSMSX102.amr.corp.intel.com ([]) with mapi id 14.03.0319.002; Fri, 15 Sep 2017 08:29:31 -0700
From: "Smith, Ned" <ned.smith@intel.com>
To: "Fud@ietf.org" <Fud@ietf.org>
Thread-Topic: A few questions / observations
Thread-Index: AQHTLjdsLe1oeSwl+Em8FCdFITDsKg==
Date: Fri, 15 Sep 2017 15:29:30 +0000
Message-ID: <D531874E-95BF-4A12-8049-15794BCD1039@intel.com>
Accept-Language: en-US
Content-Language: en-US
user-agent: Microsoft-MacOutlook/f.21.0.170409
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_D531874E95BF4A12804915794BCD1039intelcom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/fud/ML2v6c5Xe949Hl9DASVjj8e_r_w>
Subject: [Fud] A few questions / observations
X-BeenThere: fud@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: FUD - Firmware Updating Description <fud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/fud>, <mailto:fud-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/fud/>
List-Post: <mailto:fud@ietf.org>
List-Help: <mailto:fud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/fud>, <mailto:fud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Sep 2017 15:29:50 -0000

·         Is it possible for the image type to be an existing “manifest” such as “packages” or “bundles”?

·         Is the push model supported (cloud storage pushes update file proactively)?

·         Why was ASN.1 selected as the encoding format? (Why not COSE?)

·         It isn’t clear how the manifest and the image (package / bundle) will share the available A /B storage area. Possibly it is assumed the manifest related operations are to be integrated into an existing SW update capability and be taught to understand the manifest structure. Consider the case where version 1 of a SW update tool understands bundles but it receives a file that contains a manifest. Is it expected that the v1 tool will be able to process the update nevertheless (ignoring the manifest). This assumes the encryption option isn’t being applied of course.

·         The arch didn’t mention integrity as a requirement. Maybe it is implied but it seems possible for a clever attacker to replace one cipher text with a different cipher text unless integrity were mentioned as a goal and steps taken to allow only cipher suites that achieve both objectives.

·         There is no mention of which crypto algorithms will be supported.

·         There are still a few typos.