IETF Logo Mail Archive

Re: [Suit] Benjamin Kaduk's No Objection on draft-ietf-suit-architecture-14: (with COMMENT)

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Fri, 20 November 2020 06:27 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A5FB73A1912; Thu, 19 Nov 2020 22:27:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=4a6ZKG+k; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=4a6ZKG+k
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yUJ6r5XhYCBr; Thu, 19 Nov 2020 22:27:46 -0800 (PST)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2076.outbound.protection.outlook.com [40.107.22.76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 69ACC3A1908; Thu, 19 Nov 2020 22:27:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5+SG28QQivxo4qF3M4mIlzze2Mv2BnT+T/9Dbp1bNo0=; b=4a6ZKG+k6S64P74iOWpw+EtdkZeug9R4oTgV/qNXRqrCn0iqOPIFW1hauwE2ur2u0GNl8SnL2eiVNqAomh10n4QsvIH0DFMv3DmVSgS1ONQxeRfmAV/PRjW8ntiQDbOWV0drF9JH7i0QTm2MJvqdNpCK3/ln9qm3T7Au1pBzhrU=
Received: from AM6P194CA0012.EURP194.PROD.OUTLOOK.COM (2603:10a6:209:90::25) by VE1PR08MB5245.eurprd08.prod.outlook.com (2603:10a6:803:10a::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3589.21; Fri, 20 Nov 2020 06:27:41 +0000
Received: from VE1EUR03FT018.eop-EUR03.prod.protection.outlook.com (2603:10a6:209:90:cafe::61) by AM6P194CA0012.outlook.office365.com (2603:10a6:209:90::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3589.20 via Frontend Transport; Fri, 20 Nov 2020 06:27:41 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=pass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by VE1EUR03FT018.mail.protection.outlook.com (10.152.18.135) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3589.20 via Frontend Transport; Fri, 20 Nov 2020 06:27:40 +0000
Received: ("Tessian outbound fcd5bc555ddc:v71"); Fri, 20 Nov 2020 06:27:40 +0000
X-CR-MTA-TID: 64aa7808
Received: from 7787a7b07ac1.2 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 573EEFE0-A321-4B17-BD0A-AFE897270079.1; Fri, 20 Nov 2020 06:27:35 +0000
Received: from EUR02-HE1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 7787a7b07ac1.2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Fri, 20 Nov 2020 06:27:35 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SErsAA8qMExbJd5Tm5MKKCX9yywXAYltmUXiPqEJhCwWZ2KPgLQS5qqu006z2Rewp7vc9sNBwYUTUDi9th+7FVvb8iOvLTpLoBZPJJbxZtCMFJQkwlT87dUL/XDKf7uviaF/YspHywRhi7DbavBtQ4/C29k4bo0htGUX92B8tW9PUmHrxHfN2BcOCYKTq6MQgquMBeu9hIDBJztyuio/XmGBFEI+rD7RYjB1OIJ0QFiMwcACcSW8FBjOosv/1A5YZ56K2OHOlSCQDP+v82zApVYThgB/xbwvSeiGs1Q2PuLfqfnNSILOSWnT3iR1B0v9C9ZoalhmM2LY6C7nXxr/yA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5+SG28QQivxo4qF3M4mIlzze2Mv2BnT+T/9Dbp1bNo0=; b=I6pdcJiXOf7YIfKj1ibN+89Wko+6MjonTrPR6VvWuKA/OxU3VfXU+malxgQ2dWJO5jK7lGMqPTQGJHs/72DIHe5lMaxasYaZL3OxmUzdMt0s5+rtVxqb+hVJW+NkYYnlwis69+C5eXyx82mIUxOS/Dhmf+zsQdiCE3Z7nOohvO7FMViC8g/k23qvnzNXWow6OHJ7IvFJCjfW9Ws/bQN0T3wv7WfpIqSGUn6wrmTlkI1L9EXxaTvSd9iKfOYU+Tn/Vf7MsR7YyFodpf9WYIdtFcb67qP1g/y6RT650KHM4wRKu9VyC2xcHHQ1fN2CNB1bmQAaz/XEOUZiEmUVQJ3YwA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5+SG28QQivxo4qF3M4mIlzze2Mv2BnT+T/9Dbp1bNo0=; b=4a6ZKG+k6S64P74iOWpw+EtdkZeug9R4oTgV/qNXRqrCn0iqOPIFW1hauwE2ur2u0GNl8SnL2eiVNqAomh10n4QsvIH0DFMv3DmVSgS1ONQxeRfmAV/PRjW8ntiQDbOWV0drF9JH7i0QTm2MJvqdNpCK3/ln9qm3T7Au1pBzhrU=
Received: from AM0PR08MB3716.eurprd08.prod.outlook.com (2603:10a6:208:106::13) by AM8PR08MB5810.eurprd08.prod.outlook.com (2603:10a6:20b:1d2::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3589.22; Fri, 20 Nov 2020 06:27:32 +0000
Received: from AM0PR08MB3716.eurprd08.prod.outlook.com ([fe80::a80c:38e:8da2:8b48]) by AM0PR08MB3716.eurprd08.prod.outlook.com ([fe80::a80c:38e:8da2:8b48%7]) with mapi id 15.20.3564.028; Fri, 20 Nov 2020 06:27:32 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Benjamin Kaduk <kaduk@mit.edu>, Brendan Moran <Brendan.Moran@arm.com>
CC: Russ Housley <housley@vigilsec.com>, "suit-chairs@ietf.org" <suit-chairs@ietf.org>, suit <suit@ietf.org>, The IESG <iesg@ietf.org>, "draft-ietf-suit-architecture@ietf.org" <draft-ietf-suit-architecture@ietf.org>
Thread-Topic: [Suit] Benjamin Kaduk's No Objection on draft-ietf-suit-architecture-14: (with COMMENT)
Thread-Index: AQHWs1eESdPahh/YtU6TGxVrOWgGpKnOhzwAgADbPACAAT9/UA==
Date: Fri, 20 Nov 2020 06:27:32 +0000
Message-ID: <AM0PR08MB3716FA7FACA424191B3B8E76FAFF0@AM0PR08MB3716.eurprd08.prod.outlook.com>
References: <160456913386.24093.10722400425795162498@ietfa.amsl.com> <AB676068-F487-4366-9986-B97690CA35F8@arm.com> <20201119111024.GD39170@kduck.mit.edu>
In-Reply-To: <20201119111024.GD39170@kduck.mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ts-tracking-id: 6252368010759143AA16C492AEFE47E5.0
x-checkrecipientchecked: true
Authentication-Results-Original: mit.edu; dkim=none (message not signed) header.d=none;mit.edu; dmarc=none action=none header.from=arm.com;
x-originating-ip: [80.92.118.246]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: 538c4582-9998-4599-f5a3-08d88d1d6211
x-ms-traffictypediagnostic: AM8PR08MB5810:|VE1PR08MB5245:
x-ms-exchange-transport-forked: True
X-Microsoft-Antispam-PRVS: <VE1PR08MB5245049BD611471810E4FEA4FAFF0@VE1PR08MB5245.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:3513;OLM:3513;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: boOzynlx45w+h+IUbYS3AZsaFGWPvntGL5tRFW0Lilx9uz+af32d8PlDUnLjPUPdg5yNPMEk885mN8XwoYQ0VTUYScdYuGuWeD6Ev9OQYF6uGGQo2y+5N/ByXqLhAU6xjTPHvyc9DLxulxVTZxVSXBdMRMpQBS3UAIfSuaOfVAPugeGIPitSoYYcPks7qb51OGOjEgcxvoMHY3OudLMtTU3LXnki4OJ/fi4jmgMbUAGP/XJS0YMACVUPgCBHixVlv7zeZUIwppuCBZL1wHztqQK0R4lX/YvrXebg3iS0HwR+cz87lu4cPeZ8nRXiLrLhOkBh7fFPPzBbz8cVAQU0r7RQIGN+DmsdFbY1qC9B44lfSTapyuq1Bq9CkWRFweTt4GEv/6Od2XC1+6ec5Eyr4w==
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR08MB3716.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(136003)(346002)(39840400004)(376002)(366004)(33656002)(30864003)(2906002)(966005)(6636002)(71200400001)(53546011)(6506007)(64756008)(83380400001)(478600001)(66446008)(8676002)(7696005)(8936002)(54906003)(66556008)(110136005)(26005)(86362001)(52536014)(9686003)(55016002)(76116006)(66476007)(186003)(5660300002)(316002)(66946007)(4326008); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: M0ahrssdH6n6TjlgKMxVJlCqFFDYIyGyD2jDc6Iq6RrnBG/IH1p/Kdt/4WlbNBGgQ3t2d8W/+1Rr4nluhMrsT6gmD7HAF98aNFlL+xLpfZx2NOhXbtp08s+eegYyivO0cJeu9o/xSxE9laz7t5OIHJ/paxqC7qIxTuzdbVm390ntazguSqL0elOBlUUMfFVxSLRUxYDTDJK32ozCf9Y+EehBeUolKvxw6V0CBZSznj6zhbeUbUf6zZvhG2QTNQ5oEu8okrVY2LxTaNDNmaeXwI5nxHRJJoBYyuqwD5/PuzmFblIAY3I7XlQlXlsgpVbLtu8DYBGU/9IHU+s20o2hP+D0uGwT3McR7ib/6Td9LXt0uX61rYhmcevqEPb2kqzuT8ZEPCzYpq9e0NIXCoUSQFgLuNF8uwyyPhxN3Ycw2U/BjvLooFxgLNwoyhi7UlK08Z/UFc7g/DnpKxV//fE0MHqK3rKQHoswlPp0kSXFLfocfnA25t31lTCZVSSkr6JqHAz8lIHSVy5mf8C2acemjTNNIPraG4NTT4luZ1Vr7Nq95Ob0pYQkSRBnz8rb7e9j9iqxiYqNyky6OPgUclMIT38bwKe1doHxE+bJI2UOc2bTQMS01hn8xwWfxOz9WzkquM854zwR6gVOTpHM0oKKMg==
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM8PR08MB5810
Original-Authentication-Results: mit.edu; dkim=none (message not signed) header.d=none;mit.edu; dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: VE1EUR03FT018.eop-EUR03.prod.protection.outlook.com
X-MS-Office365-Filtering-Correlation-Id-Prvs: d743f0cb-5d12-47bb-0551-08d88d1d5cf4
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: Z6Vc2s72X182JGvI1FS5JoHknUx3FZ0E9vR2BOWC1ilWvoL45tHA6XrSORxCnEBx6qB+auNSJhDpDpZ5BVX5x/7NQXvhj9seIfk9NFBz2cqjwMbtiyq5GUpDhiRan/UWjrVwZr9ao4fcZJQdJjhcLbf+yLY86VKBuy+Vpttzje9RIMuC/Ocb0Po0eSSydwGG2ko8zVTQtMbC1vWmdWW6zl4x+xPzwGy158Ev2f4Fo677czj1XIRZKnTVbvwimVTu4SxlziWQGtKcoZ/WAhu3PG3huYRCO/4EVB9M2vTQYPLUNrHFrQheA2H8LwkSekl2HJG9D5LfSS26Hxqz6EurG31WK3YsoxyDLzpABma+/pBrejmf+y3A5PEJc1XfeBu+ODzaqei8wUv4g5I4lMxj+MwpbLf/tuCCWRaWKADKN4Kj5uW9CzVEav4rZw6jGQYt7K+gjpIbPKVagJSxSlhKgZNNPHqxmDi7VCR0k6TWkMQ=
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(4636009)(396003)(346002)(39840400004)(376002)(136003)(46966005)(8936002)(478600001)(70206006)(4326008)(70586007)(82310400003)(8676002)(83380400001)(54906003)(110136005)(7696005)(6636002)(186003)(47076004)(316002)(52536014)(86362001)(966005)(450100002)(356005)(55016002)(5660300002)(336012)(2906002)(6506007)(30864003)(26005)(81166007)(53546011)(33656002)(9686003); DIR:OUT; SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Nov 2020 06:27:40.8378 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 538c4582-9998-4599-f5a3-08d88d1d6211
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: VE1EUR03FT018.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VE1PR08MB5245
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/1JmNo5rliUp5gYQH6gwqIftKLuo>
Subject: Re: [Suit] Benjamin Kaduk's No Objection on draft-ietf-suit-architecture-14: (with COMMENT)
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Nov 2020 06:27:49 -0000

Hi Ben

Thanks for your review and for your PR with the proposed changes.

I have created PRs to address some of your remarks:
https://github.com/suit-wg/architecture/pull/16
https://github.com/suit-wg/architecture/pull/17

I have addressed the remark below in PR #16:

"
Section 1

   otherwise difficult.  Firmware updates
   for IoT devices are expected to work automatically, i.e. without user
   involvement.  Conversely, IoT devices are expected to account for
   user preferences and consent when scheduling updates.  Automatic

I can't quite tell if the "Conversely" case is intending to refer to IoT
or non-IoT devices.
"

The remark below is addressed in PR#16:

"
   The firmware update process has to ensure that

   -  The firmware image is authenticated and integrity protected.
      [...]

   -  The firmware image can be confidentiality protected so that
      attempts by an adversary to recover the plaintext binary can be
      [...]

Perhaps it's just because Bob Briscoe's comments are fresh in my mind,
but there seems to be something of a mismatch across these texts -- we
"have to ensure" that the firmware *is* authenticated and integrity
protected, but only that the image *can be* confidentiality protected.
Is it really the case that we can ensure that an update process *can be*
confidentiality protected, or is the confidentiality requirement more of
a requirement on the architecture than on actual deployment?
"

The comment below is addressed in PR#17:

"
   While the IETF standardization work has been focused on the manifest
   format, a fully interoperable solution needs more than a standardized
   manifest.  For example, protocols for transferring firmware images
   and manifests to the device need to be available as well as the
   status tracker functionality.  Devices also require a mechanism to
   discover the status tracker(s) and/or firmware servers, for example
   using pre-configured hostnames or [RFC6763] DNS-SD.  These building
   blocks have been developed by various organizations under the
   umbrella of an IoT device management solution.  The LwM2M protocol is
   one IoT device management protocol.

We might put some forward references to things we do cover (like status
tracker(s)), and a reference for LwM2M as well.
"

I did not make changes regarding this comment because I couldn't find text that claimed that the status tracker on the device is uncommon.

"
Section 3

   Hence, the following components are necessary on a device for a
   firmware update solution:
   [...]
   -  a status tracker.

Earlier we said that having the status tracker on the device was fairly
uncommon.
"

The issue about post-quantum crypto is being discussed separately.

Regarding the comment below I still have to think about how to best address it.
Flash memory wears out but there are different flash memories and there are flash controllers trying to prevent uneven wear-out.
I have to think about what the draft should discuss regarding the implications of execute in place (XIP) with respect to the wear of flash memory.

"
Does the XIP case mean that repeated firmware updates would have
potential to cause undue wear on the fixed flash cells that hold the
firmware image?  If so, this might be noted in the security
considerations.
"

Ciao
Hannes

-----Original Message-----
From: Suit <suit-bounces@ietf.org> On Behalf Of Benjamin Kaduk
Sent: Thursday, November 19, 2020 12:10 PM
To: Brendan Moran <Brendan.Moran@arm.com>
Cc: Russ Housley <housley@vigilsec.com>; suit-chairs@ietf.org; suit <suit@ietf.org>; The IESG <iesg@ietf.org>; draft-ietf-suit-architecture@ietf.org
Subject: Re: [Suit] Benjamin Kaduk's No Objection on draft-ietf-suit-architecture-14: (with COMMENT)

Hi Brendan,

Thanks for the extra reference and discussion about the timescale estimates for quantum computers and integer factorization.  (And for accepting most of my other comments.)  I see now how the factorization-by-annealing reference was intended to be used, and had not been paying close enough attention to know the 5640-qbit and doubling-every-two-years numbers for D-Wave.

If I was going to suggest a change to the text, it would be quite small, perhaps something like "based on current research [quantum-factorization] and the trend in quantum annealing capacity".

Thanks again,

Ben

On Wed, Nov 18, 2020 at 10:05:44PM +0000, Brendan Moran wrote:
> We will take on board the majority of these comments.
>
> WRT the PQC time horizon, quantum annealing attacks on RSA are dependent commercial quantum annealers.
>
> The paper in nature shows the factorisation of 376,289 in 94 qubits. In fact, other researchers have factored 1,005,973 with only 89 qubits [1]. With this second algorithm, characterised as O(log^2(N)), RSA-768 would require 147,454 qubits. D-Wave has shipped quantum computers with 5640 qubits already. They have a historical average of doubling the number of qubits every two years. Based on this trajectory, they should be shipping a quantum computer that can break RSA-768 in approximately 2030 (log_2(147454/5640)) = 4.7 => 9.4 years. RSA-2048, then, would be broken between 2 and 4 years later, and RSA-4096 a mere 2 years after that.
>
> This is a naive analysis. However, it is intended to show that a scalable general purpose quantum computer is not the only threat to current cryptographic techniques, that the time horizon is not long, and that urgent action is required to ensure that devices with long lifetimes account for EITHER cryptographic agility or quantum safety, preferably the latter, since quantum safe algorithms require much more data than classical asymmetric crypto and, therefore, require extra considerations, particularly when used in constrained IoT.
>
> Obviously, the hole in this analysis is that RSA is not common in IoT. I have not yet found equivalent research that shows how a quantum annealer could attack ECDSA or EDDSA. I assume that there are research teams working on this. We should prepare ourselves for the potential of that particular revelation.
>
> We have not gone into this detail in the architecture because it seems both orthogonal to the general discussion in the architecture, extremely time-sensitive, and extremely algorithm-sensitive. It will be an irrelevant prediction and analysis within a handful of years.
>
> Best Regards,
> Brendan
>
> [1] https://link.springer.com/article/10.1007/s11433-018-9307-1
>
>
> > On 5 Nov 2020, at 09:38, Benjamin Kaduk via Datatracker <noreply@ietf.org> wrote:
> >
> > Benjamin Kaduk has entered the following ballot position for
> > draft-ietf-suit-architecture-14: No Objection
> >
> > When responding, please keep the subject line intact and reply to
> > all email addresses included in the To and CC lines. (Feel free to
> > cut this introductory paragraph, however.)
> >
> >
> > Please refer to
> > https://www.ietf.org/iesg/statement/discuss-criteria.html
> > for more information about IESG DISCUSS and COMMENT positions.
> >
> >
> > The document, along with other ballot positions, can be found here:
> > https://datatracker.ietf.org/doc/draft-ietf-suit-architecture/
> >
> >
> >
> > --------------------------------------------------------------------
> > --
> > COMMENT:
> > --------------------------------------------------------------------
> > --
> >
> > Does the XIP case mean that repeated firmware updates would have
> > potential to cause undue wear on the fixed flash cells that hold the
> > firmware image?  If so, this might be noted in the security
> > considerations.
> >
> > I am not sure that I have fully digested Bob Briscoe's detailed
> > review comments, but it seems like we may want to continue to
> > reflect on which portions of the architecture will be optional to
> > implement, and how we might indicate that in the document.
> >
> > I also made a pull request for some editorial nits at
> > https://github.com/suit-wg/architecture/pull/15 .
> >
> > Section 1
> >
> >   otherwise difficult.  Firmware updates
> >   for IoT devices are expected to work automatically, i.e. without user
> >   involvement.  Conversely, IoT devices are expected to account for
> >   user preferences and consent when scheduling updates.  Automatic
> >
> > I can't quite tell if the "Conversely" case is intending to refer to
> > IoT or non-IoT devices.
> >
> >   The firmware update process has to ensure that
> >
> >   -  The firmware image is authenticated and integrity protected.
> >      [...]
> >
> >   -  The firmware image can be confidentiality protected so that
> >      attempts by an adversary to recover the plaintext binary can be
> >      [...]
> >
> > Perhaps it's just because Bob Briscoe's comments are fresh in my
> > mind, but there seems to be something of a mismatch across these
> > texts -- we "have to ensure" that the firmware *is* authenticated
> > and integrity protected, but only that the image *can be* confidentiality protected.
> > Is it really the case that we can ensure that an update process *can
> > be* confidentiality protected, or is the confidentiality requirement
> > more of a requirement on the architecture than on actual deployment?
> >
> >   While the IETF standardization work has been focused on the manifest
> >   format, a fully interoperable solution needs more than a standardized
> >   manifest.  For example, protocols for transferring firmware images
> >   and manifests to the device need to be available as well as the
> >   status tracker functionality.  Devices also require a mechanism to
> >   discover the status tracker(s) and/or firmware servers, for example
> >   using pre-configured hostnames or [RFC6763] DNS-SD.  These building
> >   blocks have been developed by various organizations under the
> >   umbrella of an IoT device management solution.  The LwM2M protocol is
> >   one IoT device management protocol.
> >
> > We might put some forward references to things we do cover (like
> > status tracker(s)), and a reference for LwM2M as well.
> >
> > Section 3
> >
> >   Hence, the following components are necessary on a device for a
> >   firmware update solution:
> >   [...]
> >   -  a status tracker.
> >
> > Earlier we said that having the status tracker on the device was
> > fairly uncommon.
> >
> > Section 7
> >
> >   time horizon for quantum-accelerated key extraction.  The worst-case
> >   estimate, at time of writing, for the time horizon to key extraction
> >   with quantum acceleration is approximately 2030, based on current
> >   research [quantum-factorization].
> >
> > I'm not sure that I see how the reference suports the "approximately
> > 2030" statement.
> >
> >
> >
>
> IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

_______________________________________________
Suit mailing list
Suit@ietf.org
https://www.ietf.org/mailman/listinfo/suit
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email