Re: [Fud] Comment on draft-moran-fud-manifest-00

Brendan Moran <Brendan.Moran@arm.com> Wed, 13 September 2017 21:02 UTC

Return-Path: <Brendan.Moran@arm.com>
X-Original-To: fud@ietfa.amsl.com
Delivered-To: fud@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA21513305C for <fud@ietfa.amsl.com>; Wed, 13 Sep 2017 14:02:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.699
X-Spam-Level:
X-Spam-Status: No, score=-4.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0xS_4WUgUMbd for <fud@ietfa.amsl.com>; Wed, 13 Sep 2017 14:02:06 -0700 (PDT)
Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-eopbgr10045.outbound.protection.outlook.com [40.107.1.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DDAF413293A for <fud@ietf.org>; Wed, 13 Sep 2017 14:02:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=NEIhSkLT+1EakWnKEJkKpR7I4uIqO0Kwr+Gtnzbhpkg=; b=Dpl9ucamcmlcGZUuMP0ROEb1ByzQHgYsq7rteV3z47FZd92m/31hqRdYZgF9V0nHkN9Ak6WEsZE7/xZZteHzYF0yFilZXPLBVAScGNIDiXuA6jIuKz1GPWCUEpNNNvdutGnnoYVKHC+G0E1MsUowVoz8V0V4L8aCvHgddHr597M=
Received: from AM4PR08MB2836.eurprd08.prod.outlook.com (10.171.191.30) by AM4PR08MB1171.eurprd08.prod.outlook.com (10.167.92.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.35.12; Wed, 13 Sep 2017 21:02:02 +0000
Received: from AM4PR08MB2836.eurprd08.prod.outlook.com ([fe80::a9dd:f699:8eb0:48da]) by AM4PR08MB2836.eurprd08.prod.outlook.com ([fe80::a9dd:f699:8eb0:48da%13]) with mapi id 15.20.0013.012; Wed, 13 Sep 2017 21:02:03 +0000
From: Brendan Moran <Brendan.Moran@arm.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>, Hannes Tschofenig <hannes.tschofenig@gmx.net>
CC: "fud@ietf.org" <fud@ietf.org>
Thread-Topic: [Fud] Comment on draft-moran-fud-manifest-00
Thread-Index: AQHTGzpw87DvXLX1n0OjsiyXTL7otqKQnvcAgCJqDQCAAFYDgIAAEJec
Date: Wed, 13 Sep 2017 21:02:03 +0000
Message-ID: <AM4PR08MB2836AC6C1608244AE937346AEA6E0@AM4PR08MB2836.eurprd08.prod.outlook.com>
References: <C64FB690-1EB9-46A0-989F-DAC57E1CA819@riot-os.org> <eb247364-e4d6-1c22-c882-0e53df6c2902@gmx.net> <525.1503422326@dooku.sandelman.ca> <3d78ce15-553e-2423-3185-95e789fca3d5@gmx.net>, <28070.1505332741@obiwan.sandelman.ca>
In-Reply-To: <28070.1505332741@obiwan.sandelman.ca>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Brendan.Moran@arm.com;
x-originating-ip: [217.140.96.140]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM4PR08MB1171; 6:utuHtpyiK1JP0wfjDmnUDOUogYzaA5osX04ovJBFT2oJ7pzfVoThMBHfzhuWCxH/wGKmotQOkBqYZFowxBnUhbLv3esDnlwdrLCI26CXEIpe/O0zYuuU5Yy5lSeZIMNYk7V8Y4mNoNSGOWPmT62Zb1f0gJPShkSbzh6Jqi4AG+wx+6Lgj4nlJ6/i7nshRu7U37eSK4vxePWpBf8JWwQmsXu0aFVTJO6tTJzMvn70iZuPItxeFw3tUON97fy91XRxe4cKtjNl4kVhp3SXf/fTD4lYZfTtFxNRz53YILyZzD9s+3WnaBikEK8cr8Qe2ugV7CoI7Fr7A5ykcM1O0DjjuQ==; 5:IwFS5GyRtUahLfEls99BVNKha6ljcMugtmnq3zJVBLC92yGOnQ75LIbx6QPO+4x3MiLmC9p37V9w7wun2eGCzy4Co3blY2TedLj4tPkpAodCMxC9kEjIF2QwTY9CO5SzklS79XQ0GU9sip/QFJPnwA==; 24:qxqWOevojk0wM1jPkClc5ajDfICMZpZiEM7gSZYOdnxpL0QvwSxknoNlW7PO7X5uJ6b6sghTMLwq1BRV+H+RbEWkuLD3995qcGX88ouHpqM=; 7:RLwku1yjmmdsP3viIXKwLVeaHVi1djRt+l/+eRMcYsXeG/untpEpx3Jxht1qkFitTkDRdbXQrt+8K177GSLJxs6OdmuPAvQ1SuWxeVMyZgjLh49XY3TBQaxMeqm6Pxszqn5SqouusamkJ7WrTnnaSE4tiGwPYH6HWPBl3GyqtfJJdoWqUZgVZqzjV+WtRC6SIurTboJvbcoaSq99NvjijtwzLikZzeU6oFcPERVRpM4=
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 6a12ab31-3086-4866-0f66-08d4faeaaf00
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(300000502095)(300135100095)(22001)(2017030254152)(48565401081)(300000503095)(300135400095)(2017052603199)(201703131423075)(201703031133081)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:AM4PR08MB1171;
x-ms-traffictypediagnostic: AM4PR08MB1171:
x-exchange-antispam-report-test: UriScan:(158342451672863)(248736688235697);
x-microsoft-antispam-prvs: <AM4PR08MB117170DC1B8FA18FB5DEED82EA6E0@AM4PR08MB1171.eurprd08.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(93006095)(93001095)(100000703101)(100105400095)(3002001)(10201501046)(6055026)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123555025)(20161123560025)(20161123564025)(20161123562025)(20161123558100)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:AM4PR08MB1171; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:AM4PR08MB1171;
x-forefront-prvs: 042957ACD7
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(39860400002)(346002)(376002)(199003)(377454003)(189002)(24454002)(51444003)(40434004)(97736004)(6436002)(2906002)(106356001)(6246003)(54356999)(76176999)(50986999)(2950100002)(189998001)(105586002)(5890100001)(54896002)(5250100002)(53936002)(93886005)(9686003)(6116002)(230783001)(3846002)(102836003)(6506006)(101416001)(99286003)(55016002)(68736007)(66066001)(14454004)(478600001)(8676002)(3660700001)(7736002)(7696004)(8936002)(229853002)(81166006)(81156014)(74316002)(5660300001)(4326008)(72206003)(86362001)(33656002)(53546010)(3280700002)(2900100001)(25786009)(316002); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR08MB1171; H:AM4PR08MB2836.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_AM4PR08MB2836AC6C1608244AE937346AEA6E0AM4PR08MB2836eurp_"
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Sep 2017 21:02:03.0921 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR08MB1171
Archived-At: <https://mailarchive.ietf.org/arch/msg/fud/l8xsdEJextyLy-tJqKmt6xJCHm8>
Subject: Re: [Fud] Comment on draft-moran-fud-manifest-00
X-BeenThere: fud@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: FUD - Firmware Updating Description <fud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/fud>, <mailto:fud-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/fud/>
List-Post: <mailto:fud@ietf.org>
List-Help: <mailto:fud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/fud>, <mailto:fud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Sep 2017 21:02:09 -0000

I think this comes down to a matter of configuration. Devices need to be configured to either:

  1.  require at least one signature to match
  2.  require all signatures to match


I don't see a reason not to support both modes of operation.


Brendan

________________________________
From: Fud <fud-bounces@ietf.org> on behalf of Michael Richardson <mcr+ietf@sandelman.ca>
Sent: Wednesday, September 13, 2017 8:59:01 PM
To: Hannes Tschofenig
Cc: fud@ietf.org
Subject: Re: [Fud] Comment on draft-moran-fud-manifest-00


Hannes Tschofenig <hannes.tschofenig@gmx.net> wrote:
    > and regulator "agreed" on deploying a specific firmware update for a
    > medical device. I think that this is a too heavy for an IoT device and
    > too much policy for the device to consider. While this is not
    > impossible

I agree with you, and that's situation (b) that I described.

    > to do (even with the proposed manifest format) I believe it is more
    > likely that the party providing the firmware update to the IoT device
    > will make that policy decision (which will typically involve humans).

    >> b) devices have a built-in policy that will accept updates on from Z
    >> (the regulator)
    >> Z has a policy where it only reviews things once X and Y
    >> have signed.  Applying the signature from Z may remove the signature
    >> from X and Y (that's a space optimization only).
    >> As the device does not recognize X or Y, it would ignore those
    >> signatures.

The question is, can the signatures from X and Y *remain* for the purposes
of auditing?  Removing them then becomes an option, rather than a requirement.


--
Michael Richardson <mcr+IETF@sandelman.ca>ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-



IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.