IETF Logo Mail Archive

Re: [Suit] suit-firmware-encryption-00

Brendan Moran <Brendan.Moran@arm.com> Wed, 02 June 2021 12:45 UTC

Return-Path: <Brendan.Moran@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2800C3A41C6 for <suit@ietfa.amsl.com>; Wed, 2 Jun 2021 05:45:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=xGkLRV3e; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=xGkLRV3e
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iRs2PTNys0O1 for <suit@ietfa.amsl.com>; Wed, 2 Jun 2021 05:44:56 -0700 (PDT)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2052.outbound.protection.outlook.com [40.107.22.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2BA683A41C4 for <suit@ietf.org>; Wed, 2 Jun 2021 05:44:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Hi6/HcyiRnkyZhLGHpqfF7kPFwz+Y+r/s4QyRLNOGqg=; b=xGkLRV3e5snWUEMj6z8xBNQvFKl6FCPtRvB1liO2hY/BBLwpBu4FsZkVABltKPyCXyf/H8dqWCzHAFqXCg8IGLBIrT8xbhCDyX939TGzEUGC527qbhaHxS+LL8B5WvCBitioDxylv1nd9zU/TJVot52MaYctPVvmlOB6NstWvVY=
Received: from AM6P194CA0054.EURP194.PROD.OUTLOOK.COM (2603:10a6:209:84::31) by DB7PR08MB3323.eurprd08.prod.outlook.com (2603:10a6:5:1c::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.22; Wed, 2 Jun 2021 12:44:52 +0000
Received: from AM5EUR03FT022.eop-EUR03.prod.protection.outlook.com (2603:10a6:209:84:cafe::13) by AM6P194CA0054.outlook.office365.com (2603:10a6:209:84::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4195.15 via Frontend Transport; Wed, 2 Jun 2021 12:44:52 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=pass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM5EUR03FT022.mail.protection.outlook.com (10.152.16.79) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4150.30 via Frontend Transport; Wed, 2 Jun 2021 12:44:52 +0000
Received: ("Tessian outbound bf434e582664:v93"); Wed, 02 Jun 2021 12:43:51 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: eca4dfadff2135f2
X-CR-MTA-TID: 64aa7808
Received: from fc462429ce4e.2 by 64aa7808-outbound-1.mta.getcheckrecipient.com id F36DD913-BD94-4F36-BDF7-4A83D70F873C.1; Wed, 02 Jun 2021 12:43:39 +0000
Received: from EUR05-AM6-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id fc462429ce4e.2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Wed, 02 Jun 2021 12:43:39 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=F++tTmnQRebYnHiK1TINwNHgDnB61/touv7sBHRTOyJ3+WUVaFV0mZyl0tM2a/jFpStRsrqlhgnqxGq4PB9ClmtR5lvnVB7pgPQgjPMmLHuMv3TJqOIETiMj4btUCwTu+OcSK8yrGULxlOJj/2wKckLa6xDLII+1sFpQRAQr/5OU3pZZoF0BJr9z0kIvNIsaGgJknaOgH4zp499t6nxPR7YUrrtbJ+1jdm/16FhHcAuJsp+IcJn6OBrEE/SiYc7u2ryI9a4PWoxMprrCquSvD8wIdZxr08d0F1orMV7KeM4DQG+MVEXzhs+qs7IaDbF3VCvs5DBPz+q0FAouyPKMSg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Hi6/HcyiRnkyZhLGHpqfF7kPFwz+Y+r/s4QyRLNOGqg=; b=jCUIvcVFy2ukOxZArIwZ+8k0tMr7mfL17ylH1BTj9Baizo5nlJreRlcPrvVLJU3UMLDcBi+Kk6ROV6a4rR0S2Ec5fmGjdq0OitW+uurVfgdKHUFaF8SOR9bvWzYnTMIME3Yw/MIFFQSx2JCAGNZ01sKql3YVMonT2KM/8hQldvZOstNll9Mi3jUrTZDj7eQTvbVrRgFJgaAhhCE9Eh593J0uUCRSNLnAomyRn1LO0RnlWdo68yn98NYzh+fmcv2/hdLHIYi4cZnF9P308qqM0Z24A0uwzIlp52QDkj0jrDh+Ut+E3nQ4Zr11rMCpTAxxwXJ+zTT8oUGpQu1cxWhmyQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Hi6/HcyiRnkyZhLGHpqfF7kPFwz+Y+r/s4QyRLNOGqg=; b=xGkLRV3e5snWUEMj6z8xBNQvFKl6FCPtRvB1liO2hY/BBLwpBu4FsZkVABltKPyCXyf/H8dqWCzHAFqXCg8IGLBIrT8xbhCDyX939TGzEUGC527qbhaHxS+LL8B5WvCBitioDxylv1nd9zU/TJVot52MaYctPVvmlOB6NstWvVY=
Received: from DBAPR08MB5576.eurprd08.prod.outlook.com (2603:10a6:10:1ae::11) by DB6PR0801MB1670.eurprd08.prod.outlook.com (2603:10a6:4:37::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.21; Wed, 2 Jun 2021 12:43:38 +0000
Received: from DBAPR08MB5576.eurprd08.prod.outlook.com ([fe80::488c:be63:d9fe:b0e0]) by DBAPR08MB5576.eurprd08.prod.outlook.com ([fe80::488c:be63:d9fe:b0e0%7]) with mapi id 15.20.4173.030; Wed, 2 Jun 2021 12:43:38 +0000
From: Brendan Moran <Brendan.Moran@arm.com>
To: "dick@reliableenergyanalytics.com" <dick@reliableenergyanalytics.com>
CC: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, Russ Housley <housley@vigilsec.com>, Michael Richardson <mcr+ietf@sandelman.ca>, "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] suit-firmware-encryption-00
Thread-Index: AQHXUy5zvx3nHIfq0kuzjZIH4a2amqr9uSuAgAAS7gCAAAUmgIAAAfoAgAABRQCAAADUAIAAAxaAgAAvdwCAAADOgIAA9f8AgAAOUACAABoAgIAABCqAgAGITYA=
Date: Wed, 02 Jun 2021 12:43:37 +0000
Message-ID: <D8BD5D2C-AD75-4D03-AFE9-37D96016E3B7@arm.com>
References: <19586.1622075797@localhost> <DBBPR08MB5915CEC125579D78C108D540FA3F9@DBBPR08MB5915.eurprd08.prod.outlook.com> <F6C86CC2-3AF8-4CC5-BB47-AC6579DAA0C4@vigilsec.com> <13894.1622479289@localhost> <64BDF7A0-4B70-4EB3-A764-2BD6CAA3921A@vigilsec.com> <132601d7563d$7097f680$51c7e380$@reliableenergyanalytics.com> <E2D893E5-8462-4F69-88D0-29167B6DB1B3@vigilsec.com> <140a01d7563f$65d2a130$3177e390$@reliableenergyanalytics.com> <DBBPR08MB591549CB964EA7E18C8640C2FA3F9@DBBPR08MB5915.eurprd08.prod.outlook.com> <18b401d75657$880bfef0$9823fcd0$@reliableenergyanalytics.com> <DBBPR08MB59158723623695EB0473637FFA3E9@DBBPR08MB5915.eurprd08.prod.outlook.com> <223201d756d9$af8bddb0$0ea39910$@reliableenergyanalytics.com> <DBBPR08MB5915C1F5529E8801DF5AFD09FA3E9@DBBPR08MB5915.eurprd08.prod.outlook.com> <272401d756e8$c446ba90$4cd42fb0$@reliableenergyanalytics.com>
In-Reply-To: <272401d756e8$c446ba90$4cd42fb0$@reliableenergyanalytics.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3654.100.0.2.22)
Authentication-Results-Original: reliableenergyanalytics.com; dkim=none (message not signed) header.d=none;reliableenergyanalytics.com; dmarc=none action=none header.from=arm.com;
x-originating-ip: [80.7.184.196]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-Correlation-Id: b6823a00-ae06-4a52-844c-08d925c4377d
x-ms-traffictypediagnostic: DB6PR0801MB1670:|DB7PR08MB3323:
x-ms-exchange-transport-forked: True
X-Microsoft-Antispam-PRVS: <DB7PR08MB332382D7B2238F89FEB942C9EA3D9@DB7PR08MB3323.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:9508;OLM:9508;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: +fLs3Dw+RUmk+jdnY+gU6Rv/lyHMJTISYxAuDPkqmyCI5EGGeXdFvbw/N+PY/EHq9096vnzJue9MT1TiX6qYUl7Mtf83+1T+uwGKkgxn0hlWSC6b6HcNR/R3fGUyqnZ//4LI64MOs2jr6OvIKLoEmKWBQ+CIr1it7tPRV7tSJ2Dfg8tdrO4oIhnSnSDc+eWk5qLE8HKtEzhjmeNssnRrJWfH49b7ncsSNFU/TqkmQG8PXHQILfZwPgTy6+PnWVPv0eH5Y0WpX81N2CsmuVYoSwzGeYWKpT8x9auY9Qfu7xeRM+9NAHPda+ncgMI2i7lWMb1IbqVmo0lW8oU1AnlWLCB2BNWOJ5kV0HiQJ4zAE1INgPMWgzQyqhSKUxmkEY9m53Rb/DE4032tMUNEaIVAnnFwWxcpoAa/29hAepLGNoeVs3oynX17CmYqD1NkbZvm4i7Ln1aTo/89gDaKz6iNgT7E92USLCz9I+r1djFgBg6P/GWBnetGhiWH1zTR/3O3LF+Nv35UpFRhbnn+RAHrcomhd7rEATL2tREWj96EXDFyfeysgUpm1Ph/bg9T2bcXSW8cIa2PQTrrYMXfXoREPBuPC+/HXUfBNeFSF/vpK2Lt7fDT4+A/YjbwKhzabzB7K9BppcDOmGJlbZfbdl2AVvXG429QGQLMYc9S2987Z127WjfqQ+uqrPY41V/jbTkX5O0syCg5EyqZ4jqoye4T9UprgvJQWaqwjfcKrEev9BWrVYJiQPdDi6qClc6bLUH9SOPphZm49/hyjy3mG0j3zWp10+jwToxjxWBMzarK65xysV8TJYQN2LLMgugYeL2N
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DBAPR08MB5576.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(39850400004)(366004)(376002)(396003)(136003)(346002)(6506007)(30864003)(2906002)(66946007)(36756003)(76116006)(91956017)(53546011)(122000001)(66446008)(8676002)(66556008)(66574015)(478600001)(38100700002)(64756008)(66476007)(6512007)(33656002)(4326008)(8936002)(71200400001)(26005)(2616005)(316002)(86362001)(5660300002)(54906003)(186003)(6916009)(83380400001)(6486002)(966005)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: tZKIGwWzAxDZDBZ+D10ApUd0+aEbMhd8rBpSS3uerTnYOSxcSW9edY2UZ7l4L82zXzEjSWkw4l4kvE6IcU+VCS00tCdtEZ5crGwbyhKSAIzFkZoxbY/fLm/8+Xe1DTpWBUO3WkJiNyrAi9BZ6bzBgf5TBFCoNpqYcOniQPXseC5Vdo28tOO72PsApC3xfpY8avQDs10IVxhirblijQgrgtSC/ZTYuXf6wv7qmO6V8K/H7bXLJ6ym+5EU3lu6qtn+VoAvAftMJsprtSoUXw6pFG06W1xfbonsSMnmmQnzbuL2PkNGguYhWr8z3SL3CpKei+gyYiUDxzJSzw25PJ+CpMxjQsXZHLKYSC/s8cDFEoXkvhwX47v85Cv+hNv56AMDkDnH1h3lIzwRF9dw+ErPAKt1KbMF5k7HwmQc5Wyrj/lpyAaZroWRB8OFWx3mqCx+5WK4RUhYt/xY7RSozuugiROlGvZtg5cQVfGbgBSNIJXoxZEFLQ8kpiRvf1Kz2VPULya3RrLDY6bxm1FE1fOlaVORSjQSm8aLQ5YZLC/7ZMQxM9fh/2luQ627rebtlMg0ElRn6ATCSNPWfBnbm09kVNJlSZidAOJHUlyOZQ5CDDyEJVL5EZ//88RoJJaTuABn3oNSQ9KG0O350wjerhF8qRFd7GWoJD5iN498yAKaEmd8rTGR2M3SyEU8ZFPLa1DTpzLM/POLlVLR136zj2xiqIVOhyKiZB4itLXlr5WnayHln0EhusUNFcIK2DRuGxOeJuM9cFQuEyEgUEg974Gdrvt9UMAdGj3nV/2T0OgV/SY2CYPE4wdI8X6r6ldDiVL86HzIwqSB1jFBf3qBf5BrirksPK99UKJkZScAnB/RVaU50/VsLccMwLHsw5BZPjBymgFzuQrWkkXQa3Zt1sjZrMQa6KYyLbiXKFd2F9/wh9lQ3izkj4nRzdN5m2t6ziNRBPqFllh9mQ3E8/Eaxryxnfci/WkMCasO5BS6SkSqHdwuXngk1AK7YIIbKinkR9N7yrcP99/vtaFBVhsrdihJEvkcSvcYmDl777BcuDl77ui2gKzJu76a8OWOYHr7PqzGkh29hsM71+eNdwSj9y1AEvc68QfX+7X11JIfiVS38DVfBw2gQ++CZ2mKRirdqZ6BfFagAOTyddMtexYCayVScesFym3iCi4NQA8n9Kfy7QrqTDbUcJeDlNeE/Gi86Sro/hfIjgfzLo1WdnZ7Yj4YNIpxHAx942tcb5sSkZamY9DuHMkPRKEnVp0kXyUiK4zAFpos+MGZu5A91j4sVx8wc3mRDwfpOiMqU6x+srNexoLO9WECJEzkELtDLohgXI2k
Content-Type: text/plain; charset="utf-8"
Content-ID: <E6C9AFD49514434FA0B4E64E86EFC655@eurprd08.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR0801MB1670
Original-Authentication-Results: reliableenergyanalytics.com; dkim=none (message not signed) header.d=none;reliableenergyanalytics.com; dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT022.eop-EUR03.prod.protection.outlook.com
X-MS-Office365-Filtering-Correlation-Id-Prvs: d1a0c6ed-6d83-457a-2462-08d925c40b2b
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: BatCdW96pL7nrVrcc+XzkaEBkHbYaM9cWOscS+WI8Ws+mEEienfe2KKT5LWQZSkbJ20sdAy6J3VB4HJMCzq51yElAYb/uHOeZvHTTYnj4uLvKq+41DxNStGOWWCerrABZERrfZ2l+VSVW4iPPDKvO+7PKM3MEQdTxkopvrKRTHD4zwTdXo4b71+mOAZdd26D5+PQFuvnvs5YGtZ0mMZefi2xlIiqF+iV4XV55Rh2hm+kz3tKTqnnG7fRWwsRMGdw3EMcd93HljAW0TJAyGPCbc02dzA9Tb4ABVHiQMn+05itFUVvkwukTHTHCG/KUxurgt2jE975eJJVDPaZgyn8Qh0GUPj+QCq+G/+8b6ZZnXWwJrevWL5g3a2Id80xFhq3tFhPp0X9xNzIF2QeXAS+J4N6fgxSZALE9BpGlkStwnAluV8W5PTz3FmYrukmRp2qNGGhvoGpFAcnMwjFYLy02HQIx1Tjijf/HhG+X8NB/67gl9PYxnQYL62ImBL0Us8L4TirTO+xqyVPnEesg3ebIwEv9NipoWxET5EXpkuAeHD61whWwaKSiiyXO+tjixVCG92bkouzl/qfQzOvgfMzPL4xJGbYysyIZLEsyRk4S8aTXKacruLnt1bUXGeiu21qGJJmqZ/yI6NiYubPh8/9ZP9/FK79s6fG2WbEc/XYM1hKEilHmyLFA3NBOEn8eSoQzc+QN6S5Z5UBCwxa2ci5MMG/YDenKnQsbzm1NE5qQrxMvkBAEV3+oX78LnT8wCMVUDMNT6y+KU2nKigthnHGPBZZAzVvRkbMl+NkctY4FHZVJoYq9FRoYXdImPFpBny2
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(4636009)(39850400004)(376002)(346002)(396003)(136003)(36840700001)(46966006)(478600001)(966005)(356005)(30864003)(53546011)(82310400003)(66574015)(47076005)(83380400001)(6862004)(6506007)(6486002)(36756003)(316002)(36860700001)(2616005)(186003)(33656002)(8936002)(6512007)(26005)(2906002)(5660300002)(70206006)(82740400003)(81166007)(54906003)(70586007)(336012)(8676002)(86362001)(4326008); DIR:OUT; SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Jun 2021 12:44:52.3696 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: b6823a00-ae06-4a52-844c-08d925c4377d
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: AM5EUR03FT022.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR08MB3323
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/5K5tmudGu_zbKHBoRrD7z6SPBAA>
Subject: Re: [Suit] suit-firmware-encryption-00
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Jun 2021 12:45:01 -0000


> On 1 Jun 2021, at 14:19, Dick Brooks <dick@reliableenergyanalytics.com> wrote:
>
> Hannes,
>
> Will the SUIT manifest contain an attestation of a clean malware scan that
> can be verifiably validated for the encrypted software in hand? That would
> help, if a malware scan is not an option.

Please bear in mind what a manifest is. It’s not a declaration of anything at all. It’s a set of instructions to a device to perform certain operations that will result in an installed firmware image. That’s not quite compatible with an attestation of a malware scan. However, what you could do is require multiple signatures: the manifest could be rejected if it is not signed by both the firmware author (and/or any other relevant authorities) and the malware scanning provider. This requires no changes to the manifest specification as it stands.

> The other issue that needs to be addressed is the ability for a software
> consumer to verify that the signing party of a software object has been
> given authorization to sign code on behalf of a software source supplier
> (VENDOR ID) in the manifest, using a standard method - something similar to
> DNS CAA records, but for digital signatures, e.g. maybe DNS DSA records.

This concept (without DNS) already incorporated into SUIT. The SUIT Delegation chains allow a trust anchor to delegate authority. The delegation of authority for any given component identifier is left out-of-scope int he SUIT manifest, but can be achieved using a fairly simple ACL.

Key-lookup systems (like DNS CAA) are explicitly avoided because they require interactive operations, which are expensive on constrained networks.

> Ref: "Vendor ID is not intended to be a human-readable element.  It is
> intended for binary match/mismatch comparison only."
>
> Thanks,
>
> Dick Brooks

Best Regards,

Brendan



> Never trust software, always verify and report! T
> http://www.reliableenergyanalytics.com
> Email: dick@reliableenergyanalytics.com
> Tel: +1 978-696-1788
>
> -----Original Message-----
> From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
> Sent: Tuesday, June 1, 2021 9:05 AM
> To: dick@reliableenergyanalytics.com; 'Russ Housley' <housley@vigilsec.com>
> Cc: 'Michael Richardson' <mcr+ietf@sandelman.ca>; suit@ietf.org
> Subject: RE: [Suit] suit-firmware-encryption-00
>
> It is a challenge.
>
> The SUIT manifest provides the capabilities to give authorized parties extra
> information (via the manifest meta-data and software description*) while
> providing less info to adversaries.
>
> (*): I am assuming that the info offered via MUD, COSWID, and the textual
> description is of any help to you. If it is not, then you need to let us
> know what other pieces of information will have to be included in the
> manifest to become valuable to make the risk assessment.
>
> Ciao
> Hannes
>
> -----Original Message-----
> From: Dick Brooks <dick@reliableenergyanalytics.com>
> Sent: Tuesday, June 1, 2021 1:32 PM
> To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>; 'Russ Housley'
> <housley@vigilsec.com>
> Cc: 'Michael Richardson' <mcr+ietf@sandelman.ca>; suit@ietf.org
> Subject: RE: [Suit] suit-firmware-encryption-00
>
> Hannes,
>
> I definitely see your point, it seems the real problem to solve is:
> - How do we (1) prevent the bad guys from discovering SW details (source
> code) from binaries while simultaneously (2) providing end use customers the
> ability to conduct malware scans, and other risk management functions?
>
> If we encrypt a binary distribution we achieve 1 but not 2 If we do not
> encrypt we achieve 2, but not 1
>
> Are we really looking at a mutually exclusive choice?
>
> Both of these objectives are trying to achieve the same thing: Keep the bad
> guys from causing harm.
>
> Thanks,
>
> Dick Brooks
>
> Never trust software, always verify and report! T
> http://www.reliableenergyanalytics.com
> Email: dick@reliableenergyanalytics.com
> Tel: +1 978-696-1788
>
> -----Original Message-----
> From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
> Sent: Tuesday, June 1, 2021 6:40 AM
> To: dick@reliableenergyanalytics.com; 'Russ Housley' <housley@vigilsec.com>
> Cc: 'Michael Richardson' <mcr+ietf@sandelman.ca>; suit@ietf.org
> Subject: RE: [Suit] suit-firmware-encryption-00
>
> Dick, I understand your line of argument.
>
> At the same time I want to create awareness for the attacker point of view.
> They need to get access to plaintext firmware of an embedded device (unless
> the attacker already knows what the source was used). This is why there are
> advanced disassemblers available (such as IDA Pro, Binary Ninja, and Ghidra
> -- to name a few).
>
> As a way forward I am proposing to use the additional data carried in the
> manifest for doing the SCRM risk assessment step. I believe that this should
> work.
>
> Ciao
> Hannes
>
> -----Original Message-----
> From: Dick Brooks <dick@reliableenergyanalytics.com>
> Sent: Monday, May 31, 2021 10:00 PM
> To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>; 'Russ Housley'
> <housley@vigilsec.com>
> Cc: 'Michael Richardson' <mcr+ietf@sandelman.ca>; suit@ietf.org
> Subject: RE: [Suit] suit-firmware-encryption-00
>
> Thanks, Hannes. I just submitted a concern regarding the problem encryption
> creates for malware scanning, which is one of the SCRM risk assessment
> steps, performed before installation
>
> Thanks,
>
> Dick Brooks
>
> Never trust software, always verify and report! T
> http://www.reliableenergyanalytics.com
> Email: dick@reliableenergyanalytics.com
> Tel: +1 978-696-1788
>
> -----Original Message-----
> From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
> Sent: Monday, May 31, 2021 3:57 PM
> To: dick@reliableenergyanalytics.com; 'Russ Housley' <housley@vigilsec.com>
> Cc: 'Michael Richardson' <mcr+ietf@sandelman.ca>; suit@ietf.org
> Subject: RE: [Suit] suit-firmware-encryption-00
>
> Hi Dick,
>
> with the SUIT manifest format I hope we can make information available to
> trusted third parties (MUD, COSWID and alike) and at the same time use
> encrypted binaries. Having access to the plaintext binary is essential for
> adversaries to mount attacks. (Happy to give a tutorial about how this
> works.)
>
> Like-wise differential updates may make it difficult for SCRM vendors to
> make their analysis but the information in the manifest can help them.
>
> Severable fields allows to remove information from the manifest before it is
> sent to the device. This reduces overhead and prevents untrusted parties
> from gathering information from the manifest.
>
> Ciao
> Hannes
>
> -----Original Message-----
> From: Dick Brooks <dick@reliableenergyanalytics.com>
> Sent: Monday, May 31, 2021 7:07 PM
> To: 'Russ Housley' <housley@vigilsec.com>
> Cc: 'Michael Richardson' <mcr+ietf@sandelman.ca>; Hannes Tschofenig
> <Hannes.Tschofenig@arm.com>; suit@ietf.org
> Subject: RE: [Suit] suit-firmware-encryption-00
>
> I agree, Russ.
>
> Parties subject to the 5/12 Executive Order
> (https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/ex
> ecutive-order-on-improving-the-nations-cybersecurity/) will likely want to
> perform a proactive SCRM risk assessment prior to installation, if my
> interpretation of the EO is accurate.
>
> Thanks,
>
> Dick Brooks
>
> Never trust software, always verify and report! T
> http://www.reliableenergyanalytics.com
> Email: dick@reliableenergyanalytics.com
> Tel: +1 978-696-1788
>
> -----Original Message-----
> From: Russ Housley <housley@vigilsec.com>
> Sent: Monday, May 31, 2021 12:56 PM
> To: Dick Brooks <dick@reliableenergyanalytics.com>
> Cc: Michael Richardson <mcr+ietf@sandelman.ca>; Hannes Tschofenig
> <Hannes.Tschofenig@arm.com>; suit@ietf.org
> Subject: Re: [Suit] suit-firmware-encryption-00
>
> Dick:
>
> Yes, and there are other use cases that require encryption.
>
> Russ
>
>
>> On May 31, 2021, at 12:53 PM, Dick Brooks
> <dick@reliableenergyanalytics.com> wrote:
>>
>> " If a trustworthy party in the middle of the distribution path is
>> able to detect a problem with cleartext (but signed) firmware, they
>> can report a vulnerability and refuse to pass the update along."
>>
>> This is precisely the function SCRM vendors are performing today.
>> Encrypting a binary object would be an impediment to software supply
>> chain risk assessment functions in place today.
>>
>> Thanks,
>>
>> Dick Brooks
>>
>> Never trust software, always verify and report! T
>> http://www.reliableenergyanalytics.com
>> Email: dick@reliableenergyanalytics.com
>> Tel: +1 978-696-1788
>>
>> -----Original Message-----
>> From: Suit <suit-bounces@ietf.org> On Behalf Of Russ Housley
>> Sent: Monday, May 31, 2021 12:49 PM
>> To: Michael Richardson <mcr+ietf@sandelman.ca>
>> Cc: Hannes Tschofenig <Hannes.Tschofenig@arm.com>; suit@ietf.org
>> Subject: Re: [Suit] suit-firmware-encryption-00
>>
>> Michael:
>>
>>>>> I agree that there are also challenges with certification schemes
>>>>> that prevent developers from seeing the source code (or from
>>>>> publishing the source code). That's yet another issue.
>>>
>>>> SUIT is using signature for the authentication and integrity of the
>>>> firmware.  If the signature remains in place, a party in the middle
>>>> of the distribution cannot insert any malware.
>>>
>>> The encryption of the firmware keeps third parties from auditing the
>>> software updates to determine if malware has been inserted at the
>> "factory"
>>> Both white and black hats are currently using binary diff systems to
>>> look at patches.  Black hats use this to develop exploits in the gap
>>> between 9am EST and 9am PST!
>>> I am suggesting that this is a "Security Consideration"
>>
>> Yes, this is a reasonable thing to add to the Security Considerations.
>>
>> If a trustworthy party in the middle of the distribution path is able
>> to detect a problem with cleartext (but signed) firmware, they can
>> report a vulnerability and refuse to pass the update along.
>>
>> Russ
>> _______________________________________________
>> Suit mailing list
>> Suit@ietf.org
>> https://www.ietf.org/mailman/listinfo/suit
>>
>
>
> IMPORTANT NOTICE: The contents of this email and any attachments are
> confidential and may also be privileged. If you are not the intended
> recipient, please notify the sender immediately and do not disclose the
> contents to any other person, use it for any purpose, or store or copy the
> information in any medium. Thank you.
>
> IMPORTANT NOTICE: The contents of this email and any attachments are
> confidential and may also be privileged. If you are not the intended
> recipient, please notify the sender immediately and do not disclose the
> contents to any other person, use it for any purpose, or store or copy the
> information in any medium. Thank you.
>
> IMPORTANT NOTICE: The contents of this email and any attachments are
> confidential and may also be privileged. If you are not the intended
> recipient, please notify the sender immediately and do not disclose the
> contents to any other person, use it for any purpose, or store or copy the
> information in any medium. Thank you.
>
> _______________________________________________
> Suit mailing list
> Suit@ietf.org
> https://www.ietf.org/mailman/listinfo/suit

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email