Re: [Suit] Boot vs. Invocation
Henk Birkholz <henk.birkholz@sit.fraunhofer.de> Mon, 03 August 2020 11:06 UTC
Return-Path: <henk.birkholz@sit.fraunhofer.de>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 822C33A0E37 for <suit@ietfa.amsl.com>; Mon, 3 Aug 2020 04:06:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.948
X-Spam-Level:
X-Spam-Status: No, score=-0.948 tagged_above=-999 required=5 tests=[NICE_REPLY_A=-0.949, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2uyh2bR9bDNl for <suit@ietfa.amsl.com>; Mon, 3 Aug 2020 04:06:22 -0700 (PDT)
Received: from mail-edgeS23.fraunhofer.de (mail-edges23.fraunhofer.de [153.97.7.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 121AF3A0E34 for <suit@ietf.org>; Mon, 3 Aug 2020 04:06:21 -0700 (PDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A2FXBQBH7idf/xmnZsBgHgEBCxIMQIM/BoEegTMKhCuRGpolgV0MCwEBAQEBAQEBAQYBARgLCgIEAQEChEoCgjkBJDgTAhABAQYBAQEBAQYEAgKGRQyDU4EDAQEBAQEBAQEBAQEBAQEBAQEBARYCQ1USAR8BAQEDAQEhDwEFNgIZCxgCAiYCAicgEAYBDAYCAQGDIgGCfAQLsV6BMoVSg0mBOgaBDiqGT4I6gmeBHg+BTD8maycPglo+glwBAYEqARIBTYJqgmAEjzyDNaJ0KQeBWoEKgQkEC5MPhVYFCh6CfDaJF4UCBo4pkiafJAIEAgkCFYFqgQtwTSRPgmlQFwINj0QBAoddhURyNwIGAQcBAQMJfI4jAYEQAQE
X-IPAS-Result: A2FXBQBH7idf/xmnZsBgHgEBCxIMQIM/BoEegTMKhCuRGpolgV0MCwEBAQEBAQEBAQYBARgLCgIEAQEChEoCgjkBJDgTAhABAQYBAQEBAQYEAgKGRQyDU4EDAQEBAQEBAQEBAQEBAQEBAQEBARYCQ1USAR8BAQEDAQEhDwEFNgIZCxgCAiYCAicgEAYBDAYCAQGDIgGCfAQLsV6BMoVSg0mBOgaBDiqGT4I6gmeBHg+BTD8maycPglo+glwBAYEqARIBTYJqgmAEjzyDNaJ0KQeBWoEKgQkEC5MPhVYFCh6CfDaJF4UCBo4pkiafJAIEAgkCFYFqgQtwTSRPgmlQFwINj0QBAoddhURyNwIGAQcBAQMJfI4jAYEQAQE
X-IronPort-AV: E=Sophos;i="5.75,429,1589234400"; d="scan'208";a="19427687"
Received: from mail-mtadd25.fraunhofer.de ([192.102.167.25]) by mail-edgeS23.fraunhofer.de with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 03 Aug 2020 13:06:19 +0200
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0BKBgCH7idf/1lIDI1gHgEBCxIMQIM/Bi9vVzAsCoQrkRmaJYFpCwEDAQEBAQEGAQEYCwoCBAEBhEwCgjcCJDgTAhABAQUBAQECAQYEbYVcDIVyAQEEAQEhDwEFNgIZCxgCAiYCAicgEAYBDAYCAQGDIgGDAAuxXoEyhVKDSYE6BoEOKoZPgjqCZ4EeD4FMPyZrJw+CWj6CXAEBgSoBEgFNgmqCYASPPIM1onQpB4FagQqBCQQLkw+FVgUKHoJ8NokXhQIGjimSJp8kAgQCCQIVgWojZ3BNJE+CaVAXAg2PRAECh12FREExNwIGAQcBAQMJfI4jAYEQAQE
X-IronPort-AV: E=Sophos;i="5.75,429,1589234400"; d="scan'208";a="87486537"
Received: from mailext.sit.fraunhofer.de ([141.12.72.89]) by mail-mtaDD25.fraunhofer.de with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 03 Aug 2020 13:06:15 +0200
Received: from mail.sit.fraunhofer.de (mail.sit.fraunhofer.de [141.12.84.171]) by mailext.sit.fraunhofer.de (8.15.2/8.15.2/Debian-10) with ESMTPS id 073B6F0u017271 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA256 bits=128 verify=NOT); Mon, 3 Aug 2020 13:06:15 +0200
Received: from [192.168.16.50] (79.206.156.41) by mail.sit.fraunhofer.de (141.12.84.171) with Microsoft SMTP Server (TLS) id 14.3.487.0; Mon, 3 Aug 2020 13:06:10 +0200
To: Brendan Moran <Brendan.Moran@arm.com>, suit <suit@ietf.org>
References: <9CA92962-0D40-47CF-BB62-DE325D1D0869@arm.com>
From: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
Message-ID: <ad349362-a54f-477d-e4f8-46eb1f3dff68@sit.fraunhofer.de>
Date: Mon, 03 Aug 2020 13:06:09 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0
MIME-Version: 1.0
In-Reply-To: <9CA92962-0D40-47CF-BB62-DE325D1D0869@arm.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Originating-IP: [79.206.156.41]
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/1MGVbjNk9vlna8SGf2Dkf1qgQ_o>
Subject: Re: [Suit] Boot vs. Invocation
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Aug 2020 11:06:26 -0000
Hi Brendan, sounds like a quite targeted way forward (you all know what comes next...). We just have to make sure that this tweak is captured well prominently in the text, as a definition, so it can be referenced in a meaningful manner and reflects the superset of "authenticated boot" and "authenticated TA invocation" well. Cheers, Henk On 03.08.20 13:01, Brendan Moran wrote: > In response to some of Dave T’s comments (specifically, [DT32]) I would like to propose replacing instances of “boot” with “invocation” so that "secure boot" becomes “secure invocation.” This is to make it clearer that SUIT manifests are appropriate for invoking TAs for TEEP. Booting an IoT device securely and running a TA securely are both classes of secure invocation and Dave has raised that it is not obvious that SUIT manifests are appropriate for both. > > Best Regards, > Brendan > > > IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. > _______________________________________________ > Suit mailing list > Suit@ietf.org > https://www.ietf.org/mailman/listinfo/suit >
- [Suit] Boot vs. Invocation Brendan Moran
- Re: [Suit] Boot vs. Invocation Henk Birkholz
- Re: [Suit] Boot vs. Invocation Brendan Moran
- Re: [Suit] Boot vs. Invocation Michael Richardson