Re: [Iot-onboarding] [Mud] Some new stuff for

Michael Richardson <> Thu, 26 March 2020 16:48 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id A27F63A0474; Thu, 26 Mar 2020 09:48:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Klkx6U1LgKeg; Thu, 26 Mar 2020 09:48:34 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id D67F73A0D3F; Thu, 26 Mar 2020 09:48:33 -0700 (PDT)
Received: from ( [IPv6:2607:f0b0:f:2::247]) by (Postfix) with ESMTP id 4261E38981; Thu, 26 Mar 2020 12:47:07 -0400 (EDT)
Received: from localhost (localhost [IPv6:::1]) by (Postfix) with ESMTP id 60858DCB; Thu, 26 Mar 2020 12:48:32 -0400 (EDT)
From: Michael Richardson <>
To:,, Carsten Bormann <>, Hannes Tschofenig <>
In-Reply-To: <>
References: <> <> <17397.1585086427@localhost> <> <> <27885.1585179569@localhost> <> <>
X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 25.1.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature"
Date: Thu, 26 Mar 2020 12:48:32 -0400
Message-ID: <24244.1585241312@localhost>
Archived-At: <>
Subject: Re: [Iot-onboarding] [Mud] Some new stuff for
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IoT onboarding mechanisms <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 26 Mar 2020 16:48:37 -0000

Eliot Lear <> wrote:
    > So there’s one aspect that my early draft glosses over.  Great.  You
    > have a URL, whatever it is.  The manufacturer is likely to want to
    > authenticate you.  What’s the tooling flow?  I think it’s something
    > like this:

    > MUD URL picked up by mud manager
    > Mud manager retrieves mud file, dispatches URL of the SBOM to an SBOM
    > consumer of some form that we’ll just call an SBOM manager for the
    > moment.
    > SBOM manager resolves URL first time.
    > It has no token to use.

Let me ask clarification question:
  1) SBOM manager is an operator mechanism.
  2) talks to Manufacturer's server to resolve SBOM link to content

  - so manufacturer needs login to get SBOM content?

  - why is the SBOM private?  Cereal boxes print the contents.  There was a
        lot of moaning about this in certain sectors, but it clearly has been
        a good thing.

  - if I agree that SBOM could be private, the operator isn't the only entity
    that needs to see the SBOM.  The auditor needs to see it too.

    > User must register.  Requires a browser interaction of some form,
    > presumably with OAUTH.  Perfectly reasonable when the SBOM lives in the
    > cloud.  OR Token is received out of band for this service, either from
    > the device itself, or from the manufacturer service if one is
    > registered through that (requires browser interaction).
    > There is a token. Authenticate with that and retrieve.

But, I'll go with your belief that the SBOM is private, and can only be
revealed to entities that can proove they own the device.

Presumably, the firmware updates will also be available only under the same
criteria.  It seems that this needs to be solved *anyway*.  Certainly, big
BFR vendors that I know, don't let me have updated firmware unless can show
them I have a maintenance agreement.  If we are going to do automated
remediation with firmware updates (using SUIT of course), then we need that
relationship already, and so I think it would make sense to use the same

Now, if you did the onboarding with BRSKI, you'd have a voucher from the
manufacturer pinning the domain registrar with the serial number, and that
could be proof of ownership.  One could use the voucher as proof of

How one maps the certificate that is pinned (the domain registrar cert), to
the general organization is a non-obvious mapping, but I can see relatively
easy ways to map things.
Further, if the vendor has strong supply chain integration, then they already
know who their operators are.

But, in less supply chain integrations, the MASA can record the TLS Client
Certificate (and CA) used by the Registrar, and this can provide a way to
build the same kind of database of operators.

This does require that the manufacturer do some coordination, and maybe there
are issues with outsourcing the SBOM server.  This sounds like OAUTH2, but
based upon the TXAUTH BOF, maybe it's not enough to easily do that without a
human browser involved, but it still seems solvable to me.

    > I am thinking that when a token is received out of band for access to a
    > resource, that is a generic exchange that goes well beyond this use
    > case.  Carsten, Hannes, do you have views on any of this?

I also think that maybe the SBOM URL could have some token in it.
That seems pretty brittle though.

Michael Richardson <>ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-