Re: [Iot-directorate] Iotdir telechat review of draft-ietf-suit-architecture-13

Brendan Moran <Brendan.Moran@arm.com> Wed, 21 October 2020 11:25 UTC

Return-Path: <Brendan.Moran@arm.com>
X-Original-To: iot-directorate@ietfa.amsl.com
Delivered-To: iot-directorate@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 59E8E3A13DB; Wed, 21 Oct 2020 04:25:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=6pbN5qUh; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=6pbN5qUh
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 94YSv60RGQLo; Wed, 21 Oct 2020 04:25:30 -0700 (PDT)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2073.outbound.protection.outlook.com [40.107.21.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8B0FB3A1758; Wed, 21 Oct 2020 04:25:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PK8gAvVzrUvkrn7UmToXqIbsh9Ov+UYctd6kh81EhsA=; b=6pbN5qUhOGB3NC+/hwRkbujsLYFSbB3IC70EcKaIGtF2rBNlsVx7ZRBKAhwZqvl64gLtYfwWexMXXqk1Rv/pOGZkjeP/QpXGOszE0miCukCtjFAUrVWui/gXu/pHL1DI2P7069pLd+wxlFEVpVO4hgcyuUD3riDXJIAapJimwbE=
Received: from AM6P192CA0098.EURP192.PROD.OUTLOOK.COM (2603:10a6:209:8d::39) by AM0PR08MB3601.eurprd08.prod.outlook.com (2603:10a6:208:e1::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3499.18; Wed, 21 Oct 2020 11:25:26 +0000
Received: from AM5EUR03FT021.eop-EUR03.prod.protection.outlook.com (2603:10a6:209:8d:cafe::ef) by AM6P192CA0098.outlook.office365.com (2603:10a6:209:8d::39) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3499.18 via Frontend Transport; Wed, 21 Oct 2020 11:25:26 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=pass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM5EUR03FT021.mail.protection.outlook.com (10.152.16.105) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3499.18 via Frontend Transport; Wed, 21 Oct 2020 11:25:26 +0000
Received: ("Tessian outbound 7c188528bfe0:v64"); Wed, 21 Oct 2020 11:25:26 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: 375483a64f8c9012
X-CR-MTA-TID: 64aa7808
Received: from a4d68cba534a.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id CA655F9B-79C2-4108-92B3-57C207228583.1; Wed, 21 Oct 2020 11:25:18 +0000
Received: from EUR01-DB5-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id a4d68cba534a.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Wed, 21 Oct 2020 11:25:18 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YXwJv81womJ/p9GBCH5/0Ld9oi22nxqPH5CpSMgk/lnrOxPd/NEfIPoz8BYGggLz61vW6sptgzPo0IoigcOwvWkSo3BHtyezPmcx0dApEUzeQpnJVSgLRY/ZbdjkAvimQVC/GNMM+gjR0py5vKXAPmE+Og31BMgcGWCDT8auAxsXAoODhQa28tLS7QX01OEX0rV/0W05I1mUhxzvCglGL5jGXKnzOOJucHa+DjrbOQeTz039ZmTI9Ftb/P5Etz4lLB3yh37V046uNSpZ+EbeuG+ZLvoYYtCiqs0+1YQP/D9ZXNYNg7s81J9EXVL5yKRMJxQLMqfelbjX2jc7rJX6Sg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PK8gAvVzrUvkrn7UmToXqIbsh9Ov+UYctd6kh81EhsA=; b=nw9nfqYYc25Pqz2q2YFgGzexkEYKRa5FLmZQpVg52HXp4M9OB5UuVq5sTMme9YsLTTbyG792awRT05Lv+RBdnR6shGjYpBqnNG3AEazz4abQpJv87Whazt1R2PV5SNLy4fTZJ7A00ujsrruV1/jkoWNTv9GaRNdk6ZywbT4vMR8XpZtI6zndU5sSI6wCmJWSP/f/8RlEYbVAX3xiANNne+Jg5GpzOqe3usWrsdSXGs+Rdlu6Q0N4pwe4YrlpycVBwFM9wncOFTOOX8z8S/aVIl1KzMHhCtll9huIRwoO/5P7Pc/0PTk+auYm492jeS4AN6uHB4iCeHdrsidb96126A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PK8gAvVzrUvkrn7UmToXqIbsh9Ov+UYctd6kh81EhsA=; b=6pbN5qUhOGB3NC+/hwRkbujsLYFSbB3IC70EcKaIGtF2rBNlsVx7ZRBKAhwZqvl64gLtYfwWexMXXqk1Rv/pOGZkjeP/QpXGOszE0miCukCtjFAUrVWui/gXu/pHL1DI2P7069pLd+wxlFEVpVO4hgcyuUD3riDXJIAapJimwbE=
Received: from AM6PR08MB4738.eurprd08.prod.outlook.com (2603:10a6:20b:cf::10) by AM6PR08MB4707.eurprd08.prod.outlook.com (2603:10a6:20b:c2::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3477.20; Wed, 21 Oct 2020 11:25:18 +0000
Received: from AM6PR08MB4738.eurprd08.prod.outlook.com ([fe80::a846:c58b:3911:cf72]) by AM6PR08MB4738.eurprd08.prod.outlook.com ([fe80::a846:c58b:3911:cf72%7]) with mapi id 15.20.3477.029; Wed, 21 Oct 2020 11:25:17 +0000
From: Brendan Moran <Brendan.Moran@arm.com>
To: Mohit Sethi <mohit.m.sethi@ericsson.com>
CC: "iot-directorate@ietf.org" <iot-directorate@ietf.org>, "draft-ietf-suit-architecture.all@ietf.org" <draft-ietf-suit-architecture.all@ietf.org>, suit <suit@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>
Thread-Topic: Iotdir telechat review of draft-ietf-suit-architecture-13
Thread-Index: AQHWpxNhoi3jUNkkjU2aKHROuU5c26mh642A
Date: Wed, 21 Oct 2020 11:25:17 +0000
Message-ID: <E1B6E6AF-1B77-4F3A-BF61-6280FF78B7A1@arm.com>
References: <160322042890.10508.3396812732418590187@ietfa.amsl.com>
In-Reply-To: <160322042890.10508.3396812732418590187@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3608.120.23.2.1)
Authentication-Results-Original: ericsson.com; dkim=none (message not signed) header.d=none; ericsson.com; dmarc=none action=none header.from=arm.com;
x-originating-ip: [217.140.106.55]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: 0ec4e7d6-0c0c-452f-1f7f-08d875b4023b
x-ms-traffictypediagnostic: AM6PR08MB4707:|AM0PR08MB3601:
X-Microsoft-Antispam-PRVS: <AM0PR08MB360177224C7D367C1BD2185CEA1C0@AM0PR08MB3601.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:10000;OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: qi7VZm0Bmiqfx9YFhZAaQ2mjNCwUQuvTrHLD7Tbmz4uCIOP988vyg+X1YKWVxyq3u/xC0D2/NzszmTXKH4JDiVjE57eY56hafCKdjWiNxFERMT2WBI/woCTuHXvNuJhNu6M2BzNhUdv+q3fUdfn6vn0m0Yy/xz0twn9djGoL6xT1CCyikiox6gE+y/3jcXFEopRNl7fjK8jkjxIKlxlKGZXk/+TXLHfRy1Upk2VsPhoP64tIi84ePovt4fVPIOkF/xnyUdPhe/dUl04DJqZbi7xn+Kt50YKpMbcK+rrSlXCwmc0xbYKQeMhLz5AXsVrAhZWsxoNZbU1YRI1i5dnFiw==
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM6PR08MB4738.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(346002)(376002)(136003)(366004)(39860400002)(396003)(76116006)(33656002)(6916009)(8936002)(478600001)(54906003)(71200400001)(8676002)(83380400001)(316002)(6512007)(26005)(66574015)(186003)(2616005)(66556008)(64756008)(4326008)(66476007)(66446008)(91956017)(6486002)(2906002)(6506007)(86362001)(5660300002)(66946007)(36756003)(53546011); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: 6HjrgeG1HkbX3AHqJrYd+FXtS/hvGs9mMoIRO1jNg+CS2BnyWMOzDlcImRIl0nk4dNAC6SdTomNXKkF3z/Uf2KFAH8SCWAYJuPahmaGDnsxpDoLJ4+31EQ4QU+YthiHRv6Ho32hrDqoA/9CHXtF+HyHEl98qtq1qiwhyTgAaAhnMP21VjEyZbE+MEwubtq2yUZ388bgNFHmstV6V+4JbLebWmKMVdIqZO+/LqxCn+gM1KN9qeLQE8FGiFgEgzJnUU9JBxTHSiyuWJqiCY86qAYJQIIlhUkKwD0a5sOV26lQChrUZ6X/MFSk7EDgapJ44AlbC37zKQ/P6WsiXoPilc9UEoNnWSBdisaD/QHOBZcFI1VovbGwL1BZB5t4VQk3NID70cCGZImEMNcheQDy9ddYJNslRgxedZ1PH1ZAYtph0lJyykhDg5i8GgxG/4klZQSmQ4M+l3GN8KsTDvIFm9orSfLelIWBIbOnEbC68ytpiafodd3Iv2JgcQmkrDz/08CctYn/bv3AiZOnOjBXJELXkd0oPig/Bmj3F809pv5dX8d2gmlb/pv9DxluW4uxtFzlHfP+eBNVxXYDc/3FC0pbOiNAd1rgLMzxVxzZdQqY2G9Bjlc7Yc1h5APZySCTMxBT8Q+D4Dzx5MZsRJUp49w==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <BFFDA53AC4B6E947BC32ED459A43B293@eurprd08.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB4707
Original-Authentication-Results: ericsson.com; dkim=none (message not signed) header.d=none; ericsson.com; dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT021.eop-EUR03.prod.protection.outlook.com
X-MS-Office365-Filtering-Correlation-Id-Prvs: ccb51253-ae9e-4ad8-f215-08d875b3fd1f
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 5OlCKbekYqocP4Y+ER+i0xuUJ1H4phekETi7EzTRegv3Pf56oVJarbIwXraRVZW+BjCW5y/bd6jq9NHuo9AP1CDE7OXMVEGxCqSFq3sUWU716X4OlQqojhP9EemMKUn6L61xRwazb9EY31m+Kn8xn4d03pG+FDXXjew39K+rtPqROYIwPaBiuPuUO3XpYOyIvOguNQQ8OB/jP5ri4jpifZyFHMjlZKMYyJLTNR+NCXu3KPxGV3mKhkEJU7D4jfHtfZ30747ZfC2vmhoI5EO3tZyDBE2rnfaqOI9guGG9S2P2LFbmB4uroXT9ttgnJj0AvmEKaxDb7i8lpFiI1cKgFLTMBS9PCIb0Af7442UabIGP6meAdQ/VR/bO1B4F8nLk5qUYIqmq9Ryca41rdSG1Ng==
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(4636009)(39860400002)(136003)(376002)(346002)(396003)(46966005)(356005)(81166007)(2906002)(70586007)(47076004)(70206006)(82740400003)(33656002)(6506007)(82310400003)(336012)(6862004)(5660300002)(83380400001)(66574015)(2616005)(478600001)(6486002)(86362001)(54906003)(53546011)(316002)(36906005)(6512007)(450100002)(26005)(186003)(4326008)(8676002)(36756003)(8936002); DIR:OUT; SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Oct 2020 11:25:26.3534 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 0ec4e7d6-0c0c-452f-1f7f-08d875b4023b
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: AM5EUR03FT021.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR08MB3601
Archived-At: <https://mailarchive.ietf.org/arch/msg/iot-directorate/3BarHpzz2DLZr7Dr5RWHp61E9lw>
Subject: Re: [Iot-directorate] Iotdir telechat review of draft-ietf-suit-architecture-13
X-BeenThere: iot-directorate@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Mailing list for the IoT Directorate Members <iot-directorate.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/iot-directorate>, <mailto:iot-directorate-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/iot-directorate/>
List-Post: <mailto:iot-directorate@ietf.org>
List-Help: <mailto:iot-directorate-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/iot-directorate>, <mailto:iot-directorate-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Oct 2020 11:25:32 -0000

Hi Mohit,

Thank you for reviewing this draft.

I’ve taken the majority of comments onboard.

> The draft uses TAs for trusted applications (TAs). But RFC 6024 referenced by
> this document uses TAs for Trust anchors. Can we avoid using TA abbreviations
> for trusted applications for ?


This draft also references the TEEP Architecture, which defines TA as Trusted Application, which causes an acronym collision. The only sane way I can see to escape this is to define any collided acronyms locally so that it’s clear what they reference. This is what we have done.

Because TA is defined in the terminology section, re-defined in the section where it is used, used only in the same paragraph as the one in which it is defined, and not used in a way that could be construed as ambiguous with Trust Anchor, I think that this is sufficiently clear and I would prefer not to change it.

Best Regards,
Brendan


> On 20 Oct 2020, at 20:00, Mohit Sethi via Datatracker <noreply@ietf.org> wrote:
>
> Reviewer: Mohit Sethi
> Review result: Ready with Nits
>
> Thanks for the well written document.
>
> I wonder if you want to state the difference between software and firmware
> update. Are they the same thing for this document? The text in the draft at
> some point says "Moreover, this architecture is not limited to managing
> software updates". But most of the other text talks about "firmware updates".
>
> Abstract: "Vulnerabilities with Internet of Things (IoT) devices" ->
> "Vulnerabilities in Internet of Things (IoT) devices"
>
> How about rephrasing the text: "are expected to work automatically, i.e.
> without user involvement. Automatic updates that do not require human
> intervention are key to a scalable solution for fixing software
> vulnerabilities." to "are o a large extent expected to work automatically, i.e.
> with minimal human interaction. Automatic updates that require minimal or no
> interaction are key to a ....". The reason for requesting this change is
> simple: in many scenarios you would want user approval before the actual
> update. For example, updating lights at night during dinner is perhaps not
> ideal. The draft does discuss the importance of device operator approval in
> some circumstances so updating the text would make sense.
>
> "programming language uses and the sandbox the software is executed in."->
> "programming language used...".
>
> "Ensuring an energy efficient design of a battery-powered IoT devices because a
> firmware update -> "...of a battery-powered IoT device because..."
>
> I think most readers will be more familiar with the term Original Equipment
> Manufacture (OEM) rather than Original Design Manufacturer (ODM). I understand
> that ARM has a slightly complicated ecosystem and business model. So perhaps
> the text could say "in some cases, the OEM or the ODM act as a TPA and may
> decide to remain in full control...."
>
> "edge computing device" -> "edge computing devices"
>
> "Updating updates over the Internet" -> "Sending updates over the Internet"
> sounds a bit better
>
> "the status tracker client need to be made aware of the availability of a" ->
> "...the status tracker client needs to be informed about the availability of
> a....."
>
> "what devices qualify for a firmware update" -> "which devices qualify for a
> firmware update"
>
> "are only two approaches recovering from an invalid firmware" -> " are only two
> approaches for recovering from an invalid firmware"
>
> I am not familiar with non-relocatable code. I think this is somewhat explained
> later on as "execute in place" but perhaps adding a few sentences here
> explaining non-relocatable code wouldn't hurt.
>
> Perhaps replace "keyed message digests" with more standard "HMAC" and add a
> reference to RFC 2104
>
> stray closing parenthesis -> "protection was applied)"
>
> "Hence, then the firmware image is updated" -> "Hence, when the firmware image
> is updated"
>
> Not sure how to interpret "mutually-distrustful delivery". I guess I understand
> that the firmware author and user both want to prevent revealing some
> information to the other party. But can we not use "mutually-distrustful
> delivery"?
>
> The draft uses TAs for trusted applications (TAs). But RFC 6024 referenced by
> this document uses TAs for Trust anchors. Can we avoid using TA abbreviations
> for trusted applications for ?
>
>

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.