IETF Logo Mail Archive

Re: [Suit] WG Last Call for draft-ietf-suit-information-model-03

Brendan Moran <Brendan.Moran@arm.com> Fri, 25 October 2019 09:32 UTC

Return-Path: <Brendan.Moran@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 88AF512022E for <suit@ietfa.amsl.com>; Fri, 25 Oct 2019 02:32:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=E+1HrEe4; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=armh.onmicrosoft.com header.b=Irxzfdb5
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zRCMufRDgrZD for <suit@ietfa.amsl.com>; Fri, 25 Oct 2019 02:32:24 -0700 (PDT)
Received: from EUR03-AM5-obe.outbound.protection.outlook.com (mail-eopbgr30049.outbound.protection.outlook.com [40.107.3.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2FF2F120074 for <suit@ietf.org>; Fri, 25 Oct 2019 02:32:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RM2j5ydzpr7VUlZmE6X8np7cAPqLvlZGyiuWu6OrrrI=; b=E+1HrEe4pluw4WhUZQZlLv52cPNep037vWzEl3kmydVyOIuGPLF5KXNEiQhVpQFdc5wzoNspVJEE1UVdewEUR72ioRFwc+8qLGujt1Xnuasnml74jwAY50v6R/+BsnCOSPPsxT018i+stRCejLDKnziP0a3uzHttHvcdMcolw8Y=
Received: from DB6PR0801CA0056.eurprd08.prod.outlook.com (2603:10a6:4:2b::24) by DB7PR08MB3338.eurprd08.prod.outlook.com (2603:10a6:5:1b::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2387.23; Fri, 25 Oct 2019 09:32:20 +0000
Received: from AM5EUR03FT048.eop-EUR03.prod.protection.outlook.com (2a01:111:f400:7e08::207) by DB6PR0801CA0056.outlook.office365.com (2603:10a6:4:2b::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2387.20 via Frontend Transport; Fri, 25 Oct 2019 09:32:20 +0000
Authentication-Results: spf=fail (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=none action=none header.from=arm.com;
Received-SPF: Fail (protection.outlook.com: domain of arm.com does not designate 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM5EUR03FT048.mail.protection.outlook.com (10.152.17.177) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2387.20 via Frontend Transport; Fri, 25 Oct 2019 09:32:20 +0000
Received: ("Tessian outbound 081de437afc7:v33"); Fri, 25 Oct 2019 09:32:20 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: a0e905692dce6f21
X-CR-MTA-TID: 64aa7808
Received: from 3456de408692.1 (cr-mta-lb-1.cr-mta-net [104.47.1.56]) by 64aa7808-outbound-1.mta.getcheckrecipient.com id C71DCEFF-3785-45A1-B532-02358560F385.1; Fri, 25 Oct 2019 09:32:15 +0000
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-ve1eur01lp2056.outbound.protection.outlook.com [104.47.1.56]) by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 3456de408692.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Fri, 25 Oct 2019 09:32:15 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=X1HGyrg/6jHw7ZWkCz9woLL17M1sbikZrxquotHXbAT+qLJj7nnoa4lfp8tNG69lxbW+Gq3qwNNDo/QBhBsUrb/+3n/l/YJImqhgs7VrDX5Uitg0PhguYbAbOklwkteKJ/7ht+iv0qyA0mt28SKwrnCRQgCwOTdeRMej9tfMS/+479x3nA/Nyv55/exM0m8MUBN5GE7WUWr8ztdf8sltgCXz1gw1BaJ7k6d7o9U/dyeMQE2MHxRQaeI2YMC9Q3yucqS88sNdRoQCgPthN/n4dcL2hEbqQbm820wqIZgQgwRST1Ru3O4fxOnVBIjP4ukhHL4nBkMHf/EZwT/Fh2oteg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=bQh+sEEatyNrXHN92ncUKUG9CJmsyKUOMu1dbtJ/BqQ=; b=B6fp4DRj0ZOk9cuhuzP0VcAyaG+Hfcqhe1LCok1hhuBzOvJq3erX7nPVP0Gj3O7qKR8IP4oujJL0CWDV7nm9G7A64tVsI7hBunlhfBZ6E+24rNDbYqOSpHllfIKYTh0mMAH5bvGEVWPlMAOygM16FH/aTiG78ddNpe7udOxkK+zqjdypOxN3Cu+jzCcN2pkP1nDOhGEAxqwkR3eLwsSiadlQSiX9MrMpN64CQQgFJ7kmO0F8O/neuwmb282vRNdpw9lTFZdLKH5KH0EELlxcVdcdjjssaLh8DbFWaPf62g8Nn7sIFabwwO8XjW/6qSIuW2mrr+zbW2spqgQzVS4B+w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=bQh+sEEatyNrXHN92ncUKUG9CJmsyKUOMu1dbtJ/BqQ=; b=Irxzfdb5bYMI2N2H+hQkjzWOxn90SH8R7O/Op6ZjfGQlZkIE23shUz6k8Ya7p/QduV+IasFsmbZ0kjdVujUyHqhtOvjQmUFlRjAhjATm/EkE2CDIbGnZzJAplr9IIx1npVDsOp/IoFC5sl2827o0S9pLuJlDemA3xUvUkKQC/Io=
Received: from VI1PR0801MB1887.eurprd08.prod.outlook.com (10.173.71.150) by VI1PR0801MB2063.eurprd08.prod.outlook.com (10.173.75.17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2387.23; Fri, 25 Oct 2019 09:32:13 +0000
Received: from VI1PR0801MB1887.eurprd08.prod.outlook.com ([fe80::75f8:488:9a64:1080]) by VI1PR0801MB1887.eurprd08.prod.outlook.com ([fe80::75f8:488:9a64:1080%10]) with mapi id 15.20.2387.021; Fri, 25 Oct 2019 09:32:13 +0000
From: Brendan Moran <Brendan.Moran@arm.com>
To: suit <suit@ietf.org>
Thread-Topic: [Suit] WG Last Call for draft-ietf-suit-information-model-03
Thread-Index: AQHVUV5EbzJav9cOckeLEVXxZBz77KcE5PqAgGCLWICABhsaAA==
Date: Fri, 25 Oct 2019 09:32:13 +0000
Message-ID: <5254F129-6A34-45D4-8432-EC31AD726310@arm.com>
References: <1A7783A0-E05D-434D-8E10-C71D3CF94D18@vigilsec.com> <MWHPR21MB0784A14AD820829C1EED701EA3AA0@MWHPR21MB0784.namprd21.prod.outlook.com> <9BA65A44-E4EF-42CD-BACE-C39DDB0AB8FC@arm.com>
In-Reply-To: <9BA65A44-E4EF-42CD-BACE-C39DDB0AB8FC@arm.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3594.4.19)
Authentication-Results-Original: spf=none (sender IP is ) smtp.mailfrom=Brendan.Moran@arm.com;
x-originating-ip: [217.140.106.52]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: a0f8df7f-8645-44ea-3e27-08d7592e3bfd
X-MS-TrafficTypeDiagnostic: VI1PR0801MB2063:|DB7PR08MB3338:
X-MS-Exchange-PUrlCount: 4
X-Microsoft-Antispam-PRVS: <DB7PR08MB3338C455AAE97E29B58A3F54EA650@DB7PR08MB3338.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
x-ms-oob-tlc-oobclassifiers: OLM:9508;OLM:9508;
x-forefront-prvs: 02015246A9
X-Forefront-Antispam-Report-Untrusted: SFV:NSPM; SFS:(10009020)(4636009)(136003)(376002)(366004)(346002)(39860400002)(396003)(199004)(189003)(13464003)(8936002)(2906002)(14454004)(50226002)(3846002)(6116002)(66574012)(76176011)(36756003)(66556008)(6506007)(446003)(53546011)(2616005)(66446008)(6436002)(11346002)(486006)(26005)(102836004)(99286004)(64756008)(91956017)(71200400001)(76116006)(71190400001)(186003)(5660300002)(6512007)(6246003)(256004)(305945005)(14444005)(6306002)(7736002)(81156014)(8676002)(86362001)(25786009)(316002)(81166006)(33656002)(966005)(478600001)(229853002)(66066001)(6916009)(6486002)(45080400002)(476003)(66946007)(66476007); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR0801MB2063; H:VI1PR0801MB1887.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: pp5excjOkk+aLg+/xvpTQWb5yYx9W3PAyRjYqckxOJVdGO/DCiplL+iCt7iFvllYqPrGYaT/zMpmu5XBwea4OpaVgdX55/u/Mq4mx01H8FPRcRmtegWS+Wtgw68A3ItNNOnel4902LuVBVdLHSslHBMF9wHBtN2ueDOi6QjkxYMDAfOUBL2a0ZJepmgd2wi1Xjvx2UjBXAFF0N6UeMzXj9r8G6JGlKvwaR4hMNnjEKA13F4V94jGYJcfIcTyUwnb/9zk9WKguG+/CVT34EiSQqeq1dRmI5VbMJzsp6bwkzv+CAr9zel/83a6F9+AkCTHqC4qLIfv7Pp4BlSWMvvreif0P/fhHdenkpBLgdPwEh1XJRv1IgE9DcQfOODN7NT+fqSTbqPEyZzwAJaGwULFS2EErwIWhrdh+fUn++4qhxRnIO3KusCqKED2zJTDznyjOakGwoL0TigkHG4O2Ls/yJzB40FNCYN+pOz3hUjpCks=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <5EF101CE28ACA342B65EA7A759B54594@eurprd08.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0801MB2063
Original-Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Brendan.Moran@arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT048.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:63.35.35.123; IPV:CAL; SCL:-1; CTRY:IE; EFV:NLI; SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(346002)(396003)(376002)(136003)(1110001)(339900001)(13464003)(40434004)(199004)(189003)(81166006)(316002)(436003)(356004)(50466002)(476003)(86362001)(8676002)(36906005)(25786009)(33656002)(6486002)(6306002)(305945005)(14444005)(5024004)(6512007)(7736002)(6246003)(966005)(6916009)(70586007)(81156014)(22756006)(45080400002)(47776003)(478600001)(26826003)(66066001)(229853002)(76176011)(66574012)(36756003)(2486003)(8936002)(2906002)(3846002)(50226002)(23676004)(70206006)(14454004)(6116002)(186003)(5660300002)(126002)(76130400001)(105606002)(6506007)(99286004)(336012)(2616005)(446003)(102836004)(486006)(53546011)(11346002)(26005); DIR:OUT; SFP:1101; SCL:1; SRVR:DB7PR08MB3338; H:64aa7808-outbound-1.mta.getcheckrecipient.com; FPR:; SPF:Fail; LANG:en; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; A:1; MX:1;
X-MS-Office365-Filtering-Correlation-Id-Prvs: 748193bb-5144-49b4-e189-08d7592e3796
X-Forefront-PRVS: 02015246A9
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: MPYw2b4TiyLCrWSfc7tpBpVDMA3Zjvk/uHkPmU+a62r0V/Tx8iw4o6oocKTQ/4CwnnoSHWEEwf/d5gxOA0olwo7QX5cx9MAujl3FY5ITvwA5Y5q0fJL7BuY0byDawIf+czrw718x3JdfG3f59nyqQBvW/CDL3E25o2Kr7lfHbxy/XGkV968DcLj7fpdrS0JjlYbeT2T81lZxARveB/0pli2Ywp2Ym1aL5+9pvwC4e5JwLT4m7464AoiL7wWIpN+/I0ObrruWf+s/QsVSlBtkHGy3D8xgX1X+RQo98/gxZ9mtaW/3WsaAzIZEAno4+ASzaghTYhALKpHfIyVWDOU+IRE11NAbUgNt/mlO/ZsYpMYzPTpwJfOh17RvVMpe91PX3NkncbJbJmHlOF7Pa5kgGRkpbDDHSXqJzP7bLPcx1iB8QHKzIVfMFzQf4/DayO9u/m0m4zN/0SZIguhLL7VpvX2fwLZnEYWg86PLjzMpawk=
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Oct 2019 09:32:20.5464 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: a0f8df7f-8645-44ea-3e27-08d7592e3bfd
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR08MB3338
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/5CePAZOV8PRajltb6Yg3p5LugB0>
Subject: Re: [Suit] WG Last Call for draft-ietf-suit-information-model-03
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Oct 2019 09:32:28 -0000

I have incorporated Dave’s feedback on the changeset linked below. If there is any additional commentary, I would be happy to incorporate it. Otherwise, I will submit the current version as draft-ietf-suit-information-model-04.

Best Regards,
Brendan


> On 21 Oct 2019, at 13:17, Brendan Moran <Brendan.Moran@arm.com> wrote:
>
> Hi Dave,
>
> Thank you very much for your review of the information model. I have incorporated your comments and I have added some additional information regarding the end-to-end security model. The changes are in a Pull Request on the suit-wg GitHub:
>
> https://github.com/suit-wg/information-model/pull/4
>
> Input is welcome!
>
> Brendan
>
>> On 21 Aug 2019, at 02:57, Dave Thaler <dthaler=40microsoft.com@dmarc.ietf.org> wrote:
>>
>> My comments on this document are in the marked up PDF copy at
>> https://www.microsoft.com/en-us/research/uploads/prod/2017/05/draft-ietf-suit-information-model-03.pdf
>> Most are simple editorial nits.
>>
>> Other comments include:
>> * The UUID RFC (4122) does not use a "prefix".  Instead it uses namespace IDs, which is what I think the draft is talking about.
>> * Need to address the issue of how UUIDs are "matched".   I recommend saying binary match (regardless of whether they're serialized as strings or 16-octet fields, since serialization is out of scope for this doc).  Point is that it would be a problem if a format serialized as strings and said to compare case insensitively.  This doc is acting as the security requirements/threat model and so needs to state this as the requirement in 3.3 and 3.4.
>> * Various terminology ("root of trust", "firmware authority", etc.) needs updating to be consistent with the arch doc.
>> * Sections 4.2.11 and 4.4.3 are, in my opinion, about a Device Operator role, not a Network Operator role as the text currently says.
>> * Section 4.4.3 is about a network operator but the language needs tweaking to actually apply to that role.
>> * COSE and CMS are only used informatively, not normatively, and so should be moved to the Informative References.
>>
>> See the PDF for the full context and details of my comments above, but that's a quick summary.
>>
>> Dave
>>
>> -----Original Message-----
>> From: Suit <suit-bounces@ietf.org> On Behalf Of Russ Housley
>> Sent: Monday, August 12, 2019 10:30 AM
>> To: suit <suit@ietf.org>
>> Subject: [Suit] WG Last Call for draft-ietf-suit-information-model-03
>>
>> This is the SUIT WG Last Call for "Firmware Updates for Internet of Things Devices - An Information Model for Manifests” <draft-ietf-suit-information-model-03>.  Please review the document and send your comments to the list by 6 September 2019.  This is longer than usual to accommodate vacation season.
>>
>> The datatracker page for the document is https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-suit-information-model%2F&amp;data=02%7C01%7Cdthaler%40microsoft.com%7C8f95a824d19c4eae363608d71f7565f1%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637012461397594909&amp;sdata=hKlq9oUNqEz5XrOre3mYa8QdCoYshPQIeQqHkMqZH5I%3D&amp;reserved=0
>>
>> Thanks,
>> Russ & Dave & Dave
>>
>> _______________________________________________
>> Suit mailing list
>> Suit@ietf.org
>> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fsuit&amp;data=02%7C01%7Cdthaler%40microsoft.com%7C8f95a824d19c4eae363608d71f7565f1%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637012461397594909&amp;sdata=2o48ERtnDJ9ptKvhPWaPNO9pP5C620wEq%2BwpiT5eRbQ%3D&amp;reserved=0
>> _______________________________________________
>> Suit mailing list
>> Suit@ietf.org
>> https://www.ietf.org/mailman/listinfo/suit
>

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email