Re: [Suit] Firmware Update Paper

Michael Richardson <mcr+ietf@sandelman.ca> Tue, 03 December 2019 21:57 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 42465120044 for <suit@ietfa.amsl.com>; Tue, 3 Dec 2019 13:57:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SphHSvGaHaHU for <suit@ietfa.amsl.com>; Tue, 3 Dec 2019 13:57:08 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8BC7512003E for <suit@ietf.org>; Tue, 3 Dec 2019 13:57:08 -0800 (PST)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 9D7DF3818F; Tue, 3 Dec 2019 16:53:30 -0500 (EST)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id B0F71784; Tue, 3 Dec 2019 16:57:06 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
to: Emmanuel Baccelli <Emmanuel.Baccelli@inria.fr>, "suit\@ietf.org" <suit@ietf.org>, Brendan Moran <Brendan.Moran@arm.com>
In-Reply-To: <23912.1575379400@localhost>
References: <VI1PR08MB53600B1D1A194F49B67B90DFFAC60@VI1PR08MB5360.eurprd08.prod.outlook.com> <20191127203651.GA117656@davidb.org> <CANK0pbaWkn7w2swRgkOqsTubE1os=rDo2BLjrTZ5eW6ePv3WnA@mail.gmail.com> <20191129183627.GA16289@davidb.org> <DB6PR0801MB1879D9742622EA0AE08A8B72EA430@DB6PR0801MB1879.eurprd08.prod.outlook.com> <CABNHR1yEFvgEzHjBhpqTW-FX+LQTVYuSJE_9SP9OMwzjWsdORQ@mail.gmail.com> <CANK0pbaf8TTtMOSKHD0D-73+MCzSdjk7p+6hVO0WzpSxhF2fVg@mail.gmail.com> <23912.1575379400@localhost>
X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature"
Date: Tue, 03 Dec 2019 16:57:06 -0500
Message-ID: <5735.1575410226@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/0RvuQjiD0-SQ29_KSHdx5GUiimI>
Subject: Re: [Suit] Firmware Update Paper
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Dec 2019 21:57:10 -0000

Michael Richardson <mcr@sandelman.ca> wrote:
    > Emmanuel Baccelli <Emmanuel.Baccelli@inria.fr> wrote:
    >> in the paper [1] for our experiements we used CoAP as transport, over UDP,
    >> 6LoWPAN and IEEE 802.15.4 low power radio.

    > CoAP Block Mode?

Hi, I know that you answered, and I actually posted my question before I had
finished all of the paper :-)
(That's a new kind of pie chart you've used...)

As I understand it, in the pure-CoAP scenario you provided an endpoint to
which the SUIT manifest was pushed (using Block1).   The target device then
evaluated the manifest, and if it validated and was new, then it downloaded
the new firmware.

Similarly, the same thing was done with a LwM2M-OTA situation.
Neither situation had any transport security (DTLS), and relied upon the
verification of the manifest.  So we had end-to-end integrity, but no
privacy.

Of course, the 802.15.4 network could have L2 security... did you have that?
I'm asking because it's an additional crypto load.

At this point quite a number of people would like to standardized some
transport for SUIT manifests for use in some situations like you have described.
That was deemed outside the scope for the current SUIT effort (and I agreed
with the reasons at the time), and I wouldn't expect everyone to agree to use
it.   Some have expected OCF or another to do something here.

I wonder if there is interest in doing things at the IETF?

--
Michael Richardson <mcr+IETF@sandelman.ca>ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-