Re: [Fud] Charter Text

Hannes Tschofenig <hannes.tschofenig@gmx.net> Wed, 13 September 2017 14:47 UTC

Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: fud@ietfa.amsl.com
Delivered-To: fud@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E21A132DFB for <fud@ietfa.amsl.com>; Wed, 13 Sep 2017 07:47:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.4
X-Spam-Level:
X-Spam-Status: No, score=-5.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k3GoUiuEXGuC for <fud@ietfa.amsl.com>; Wed, 13 Sep 2017 07:46:58 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DFBE0132949 for <fud@ietf.org>; Wed, 13 Sep 2017 07:46:57 -0700 (PDT)
Received: from [192.168.91.203] ([131.111.5.143]) by mail.gmx.com (mrgmx001 [212.227.17.190]) with ESMTPSA (Nemesis) id 0McmFl-1e9Oo835Hd-00HyjZ; Wed, 13 Sep 2017 16:46:53 +0200
To: Russ Housley <housley@vigilsec.com>
Cc: fud@ietf.org
References: <8f8528da-d1eb-08c7-b3fe-b1f4febed595@gmx.net> <C2FC414A-7DF9-4293-91D4-C050CB591440@vigilsec.com>
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Openpgp: id=071A97A9ECBADCA8E31E678554D9CEEF4D776BC9
Message-ID: <4666e022-7b57-29e8-28b9-21a7f193f26f@gmx.net>
Date: Wed, 13 Sep 2017 16:46:52 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1
MIME-Version: 1.0
In-Reply-To: <C2FC414A-7DF9-4293-91D4-C050CB591440@vigilsec.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Provags-ID: V03:K0:oXvmrvZuqp554DHWYuG9taGE+nZGdcxj95+SZTql6qpW88E5LrL XQpEgCRSgjuAm/S/eC39KTfaXSJ+5AbukZZa1YhENn3KmxcKXB87sP0LxRv1UJdO8b8xgvw eLuHA42NTDBAcZb/BxB2/UFsxQyxJ8mSN5PGHBlSJAbtutllJSK7urQOSSY6TxMoWp0DurK lnApMzWfMORkjAnbJe2Ng==
X-UI-Out-Filterresults: notjunk:1;V01:K0:okH3xaIxLHk=:EKg4hyGWCcIsNPfey2uRCq /Hj8+n53zK9rLyKT1IZnhLelXeb9j/Ye+MLumQBVyOlz5w2VcEhi9Vh3Q78U7Gz/NMBr90H2C NJQTzbfZ04M3J5fMFy0GxOGafr7+fiJ8jDVg2hPV3wN32aT8geOc1hQgarD1Aft1RYaTognSN 1F8ZOnN9zdpSMSVX9Cfn/UYIotxTmoQVgDCjr1+04iweYC1q/2kFdDVBfRFJU/7vRD7OefgGl kI7bkC/OHkItlfnxt7dSO9gbAf9tcK6TEdJx+3wbl+0HzioX+zpibgFCLGLsChmAPEzb/H6Ba L2bksJDC9AM6uaawbj8pyT/M6knBKCtC3UuAtU/d1mz/9qRqtcXsmv9MGKt44WukM9QmlLRRC y/0DqMOVFte2oBAK7faCuP2AiUehWWCGWxpCjOekbP6oaLSosyd9RG7eM74aeNvRY9++0dXqz hE0bHQkmyc7aS+i9xeyAQFfmwAPaoHkrq2By9mXTC3ovNPrzjtrlUsDa2MUEMeCNQeHjy3lAw d/nJ6r/cZp3Kp2INJ0seEngHI6yN0/mEWw4cRuNf6b7jShIIi3t+vHJGnAZhIIz1t26YZ2JzT WYlrTSl3tgN6Ci+3jQxhhdH5wrtuh475+bhhupfVFKlPYuQUmchhT4UjGtOhvYgFH5nWZFgEk zeJ/iW6Ocq5XuiJcB5+LRTD3BeCaPPA9tnsDfNbtfqSWl58ybZ4pP2mC9rdXcyTp7Mgv/URny H8jgycIu4DM0tM3uje8SFkQK8GwtY/DZV3wUXvJ6Nf/d8vhSZ0DOK27qpDzmZQVB0d+Z4NO6u Fl6N/wxhFlIHrp1oUdks0JiOb/fP2UxuuHZqOto2ZhB9OzlT5w=
Archived-At: <https://mailarchive.ietf.org/arch/msg/fud/jlXfaoSV4nbt579sdyRrLa8Tmkg>
Subject: Re: [Fud] Charter Text
X-BeenThere: fud@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: FUD - Firmware Updating Description <fud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/fud>, <mailto:fud-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/fud/>
List-Post: <mailto:fud@ietf.org>
List-Help: <mailto:fud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/fud>, <mailto:fud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Sep 2017 14:47:00 -0000

Hi Russ,

thanks for your feedback.

A few remarks below:

On 08/14/2017 03:05 PM, Russ Housley wrote:
> I'm jumping into this conversation after vacation.  I have read the whole thread to date before composing this note.
> 
> 
>> Firmware Updating Description (FUD)
> 
> The page that Kathleen set up call this group Firmware UpDate (FUD).
> 
> 
>> Vulnerabilities with Internet of Things (IoT) devices have raised the
>> need for a secure firmware update mechanism that is also suitable for
>> constrained devices. Security experts, researchers and regulators
>> recommend that all IoT devices are equipped with such a mechanism. While
>> there are many proprietary firmware update mechanisms in use today there
>> is a lack of an modern interoperable approach of securely updating IoT
>> devices.
>>
>> A firmware update solution consists of several components, including a
>> mechanism to transport firmware images to IoT devices and a manifest
>> that provides meta-data about the firmware image as well as
>> cryptographic information for protecting the firmware image in an
>> end-to-end fashion. With RFC 4018 the IETF standardized a manifest
>> format that uses the Cryptographic Message Syntax (CMS) to protect
>> firmware packages.
> 
> There are some vital pieces of information that need to be conveyed, but from the above text, it is not clear to me whether they are expected to be in the manifest and meta-data.  The vital data includes:
> 
>    - a firmware package identifier;
>    - whether the package is a patch or upgrade;
>    - the hardware the package needs to run;
>    - dependencies on other firmware packages; and
>    - if the package is encrypted to protect intellectual property, the key needed to decrypt it.
> 
-----

The above-listed information is expected to be included in the manifest.
Maybe the paragraph should be expanded in the following way:

A firmware update solution consists of several components, including
* a mechanism to transport firmware images to IoT devices,
* a manifest that provides meta-data about the firmware image (such as a
firmware package identifier, the hardware the package needs to run,
dependencies on other firmware packages, etc.) as well as
cryptographic information for protecting the firmware image in an
end-to-end fashion, and
* the firmware image itself.
With RFC 4018 the IETF standardized a manifest format that uses the
Cryptographic Message Syntax (CMS) to protect firmware packages.

-----
Do you think that this is better text?

> 
>> Since the publication of RFC 4108 more than 10 years have passed and
>> more experience with IoT deployments have lead to additional
>> functionality requiring the work done with RFC 4108 to be revisited. The
>> purpose of this group is to standardize a version 2 of RFC 4108 that
>> reflects best current practices. This group will not define any
>> transport mechanism.
>>
>> In 2016 the Internet Architecture Board organized a workshop on
>> 'Internet of Things (IoT) Software Update (IOTSU)', which took place at
>> Trinity College Dublin, Ireland on the 13th and 14th of June, 2016. The
> 
> 13-14 June 2016
OK.


> 
>> main goal of the workshop was to foster a discussion on requirements,
>> challenges and solutions for bringing software and firmware updates to
>> IoT devices. This workshop also made clear that there are challenges
>> with lack of regulatory requirements, and misaligned incentives. It is
>> nevertheless seen as important to standardize the building blocks that
>> help interested parties to implement and deploy a solid firmware update
>> mechanism.
>>
>> In particular this group aims to publish two documents, namely
>> * an IoT firmware update architecture that includes a description of
>> the involved entities, security threats and assumptions, and
>> * the manifest format itself.
> 
> The text a few paragraphs ago made me think that rfc4108bis was an output.  Why is it not here?
> 
>> This group does not aim to standardize a generic software update
>> mechanism used by rich operating systems, like Linux, but instead
>> focuses on software development practices in the embedded industry.
> 
> This should be expanded to make it clear that JavaScript is not a goal either.
> 

Good point.

-----

This group does not aim to standardize a generic software update
mechanism used by rich operating systems, like Linux, but instead
focuses on software development practices in the embedded industry.
Software update solutions that aim to take the features of scripting
languages, such as JavaScript variants like JerryScript, into account
are also outside the scope of this group.

-----

>> This group will aim to develop a close relationship with silicon vendors
>> and OEMs that develop IoT operating systems.
>>
>> Milestones
>>
>> Dec 2017     Submit "Architecture" document as WG item.
>>
>> Dec 2017     Submit "Manifest Format" specification as WG item.
>>
>> Jul 2018    Submit "Architecture" to the IESG for publication as an
>> Informational RFC.
>>
>> Nov 2018     Submit "Manifest Format" to the IESG for publication as a
>> Proposed Standard.
> 
> The text a few paragraphs ago made me think that rfc4108bis was an output.  Why is it not here?
I didn't use the term "rfc4108bis" but instead called it "manifest format".

Ciao
Hannes

> Russ
>