IETF Logo Mail Archive

Re: [Suit] Suit manifest with variable recipients

Brendan Moran <Brendan.Moran@arm.com> Tue, 20 July 2021 09:59 UTC

Return-Path: <Brendan.Moran@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A98153A1B5B for <suit@ietfa.amsl.com>; Tue, 20 Jul 2021 02:59:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=pinUDR3A; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=pinUDR3A
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6m76tB8PxcEg for <suit@ietfa.amsl.com>; Tue, 20 Jul 2021 02:59:15 -0700 (PDT)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70049.outbound.protection.outlook.com [40.107.7.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8BE5F3A1B5A for <suit@ietf.org>; Tue, 20 Jul 2021 02:59:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=V2Q8tbvlqN65kOd0n7rdJLFyVUXPOri2DT8JHXFbym4=; b=pinUDR3AJa8EIINotW7rg3Ke5PmGlQCy8jchuOCKBSGhSXiW/NHbb3Yzm53G0ZMqgoRkebW4jsw3tyFP/jjwQ9gppuYJ2cg2fItQGkcwL3QLjFYDHYF9fFd5Je4/HbDodF4xUtSP6RjmhdzRdB0dbtWNlx2jJaruiBA3X+4OB0k=
Received: from AS8PR04CA0103.eurprd04.prod.outlook.com (2603:10a6:20b:31e::18) by PA4PR08MB6095.eurprd08.prod.outlook.com (2603:10a6:102:ec::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4331.21; Tue, 20 Jul 2021 09:59:11 +0000
Received: from AM5EUR03FT022.eop-EUR03.prod.protection.outlook.com (2603:10a6:20b:31e:cafe::63) by AS8PR04CA0103.outlook.office365.com (2603:10a6:20b:31e::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4331.21 via Frontend Transport; Tue, 20 Jul 2021 09:59:11 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=pass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM5EUR03FT022.mail.protection.outlook.com (10.152.16.79) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4331.21 via Frontend Transport; Tue, 20 Jul 2021 09:59:11 +0000
Received: ("Tessian outbound 809237f40a36:v99"); Tue, 20 Jul 2021 09:59:10 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: 662e4ca81fbc7c77
X-CR-MTA-TID: 64aa7808
Received: from 46cd3bd75ad5.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id C6C2994B-2CEE-4B82-96BE-FF4BC07EF8F3.1; Tue, 20 Jul 2021 09:58:50 +0000
Received: from EUR05-VI1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 46cd3bd75ad5.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Tue, 20 Jul 2021 09:58:50 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=iKt8Fwue4c8S7J0ybh02If/J1TUe1GWlgLMQbLt9+vc/pS6ahmnzujvlhIyogLxYXEkun6bX1sn165B7S6PSpyIu3AFCV7kCD8DCBIbFVCr4vIvhzKX41XU8EdzOMIh0bz0RGR/nFotAaXheykq8vVlMRs66B4ElWGIu2Y6pPdPMDI0fIJF1ZuoyNjJDn5Ol1PJPK5d23StWW87ONMNOSDknKaQJtHeSFjdNjReb4waxHpARjX7dCWfDRGegz3EWQbYbS/uUhKtkSptxJQ60coLuPHLj+8gfxwgQF3RqyhJS68gWyPIvOnAHnA83p/m6Y6ycxDkzvLiiiNcX6wkwuw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=V2Q8tbvlqN65kOd0n7rdJLFyVUXPOri2DT8JHXFbym4=; b=AD6A3gzuj5ddKrog1KfNe6a7sDoIw+lCwBsr9xpBDg5cHB17t78BZIkKIAodOhBpSuakm3MItB1L5Gjh9Ep8zbMwhG8BU9pRmKNUy+04CQK1GUd5INgE/FyfWxTmKjJ+MYXkewJ/FuP1z/ZjEf1xj535mDJLiC9xRvjyXaC/CglyJ49pJNDdmdHHHAqh3/VUr58eMrvQmp6sK/ks5lJqNO0lEo8t7yOK3qIJvU7qHXlKzhBnQMFXBfvk8cmVyCr6bqI6d3cPslqEzRKSvUfct/Jk76nRPvCkseCOsAeehIXkvs14yaNPOcqzfZOuAfDwvC+bXb9X19ERjhe0lxjHwQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=V2Q8tbvlqN65kOd0n7rdJLFyVUXPOri2DT8JHXFbym4=; b=pinUDR3AJa8EIINotW7rg3Ke5PmGlQCy8jchuOCKBSGhSXiW/NHbb3Yzm53G0ZMqgoRkebW4jsw3tyFP/jjwQ9gppuYJ2cg2fItQGkcwL3QLjFYDHYF9fFd5Je4/HbDodF4xUtSP6RjmhdzRdB0dbtWNlx2jJaruiBA3X+4OB0k=
Received: from DBAPR08MB5576.eurprd08.prod.outlook.com (2603:10a6:10:1ae::11) by DB8PR08MB5498.eurprd08.prod.outlook.com (2603:10a6:10:11c::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4331.23; Tue, 20 Jul 2021 09:58:48 +0000
Received: from DBAPR08MB5576.eurprd08.prod.outlook.com ([fe80::f4d7:fc24:6a91:25a4]) by DBAPR08MB5576.eurprd08.prod.outlook.com ([fe80::f4d7:fc24:6a91:25a4%7]) with mapi id 15.20.4331.034; Tue, 20 Jul 2021 09:58:48 +0000
From: Brendan Moran <Brendan.Moran@arm.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
CC: suit <suit@ietf.org>
Thread-Topic: [Suit] Suit manifest with variable recipients
Thread-Index: AQHXd1zMssEUvRyoaECAi77KD/QJ+KtAGN4AgAuUEQA=
Date: Tue, 20 Jul 2021 09:58:47 +0000
Message-ID: <4B4235A6-3965-4FBD-AEA8-E16C900C4A0C@arm.com>
References: <F51C5D05-043E-4F07-9A4C-7044646192E3@arm.com> <27551.1626138598@localhost>
In-Reply-To: <27551.1626138598@localhost>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3654.100.0.2.22)
Authentication-Results-Original: sandelman.ca; dkim=none (message not signed) header.d=none; sandelman.ca; dmarc=none action=none header.from=arm.com;
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-Correlation-Id: 468496d3-c4e9-495e-9f1f-08d94b650613
x-ms-traffictypediagnostic: DB8PR08MB5498:|PA4PR08MB6095:
X-Microsoft-Antispam-PRVS: <PA4PR08MB609559F50E574EB15784ECE7EAE29@PA4PR08MB6095.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:10000;OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: goBtH2pimkyD22TxS+ggwg3JycmPh0/55IEcag6QMr3gsu3cjJRUXrCGZ9zmv2bKUmdoFpZJZDTHCJy8XR3oU+PImEWL1+t6mY0vlcXvV19wnG83rpDndeZkKl/A5+3Kzf2uwbeXMv/Y/yYIPk2AjcGUJ5/5Wg+Rtz5bLUXZvtFBV8pOC0Igs7YQ/mkFaRDcKP+Cde5UDaQ5ljQU74+svAHoiXChB/wF7eMFcULivZPyOVypDLb4O2VZAysBgOhAWgxaBn4CtysO7fpMBozTA4+6Gq6wf8qx3YNE/f9f4ZU7Jaa6rQMQQXBdZrZaFjK7g32hEUnxGZ6iqgoXvnDfYgA5kHiGX7Rwr7XCYHbC/FYMIUDCs29wtuZyKe7gu6CKtpI6W3fJEAPnyT+NyL73IGFzhtssEMeagKzOhf1pZgQOOT6rkM9Ak79BVjD3Ft2ZL6ny/TdZ8Z3Kf5y5D1dvNwwPE7oUkrbuKk9z21ucyryV4ks9QKN8VyxBD+RGCAG2l7JAjICn78zhH92TbXwcGFs6H9LQlnEeAYak8emjlbn+B9p01Y3kfbLIzt/0KnmAwbXDP4stAHxFA6dS0Ekufop/31sMqtyGrb2Kik/aiEDKd+T+701C7Jz1DTY2Ay0+cnrhMygSoe1uJQhJBW9IBA1KHqYZO7LaqzCtxj6kxIKoz3rOzi7bjCgG0OtzsUrbaQ61dJD5h+F35CtlEfRDP7yPbzA523okTVdJQA/HN1Y7eJgxMtDPN73VXUX1qe9P
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DBAPR08MB5576.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(136003)(366004)(376002)(39850400004)(346002)(396003)(36756003)(6512007)(6506007)(6486002)(38100700002)(76116006)(66574015)(316002)(83380400001)(91956017)(186003)(2616005)(53546011)(71200400001)(4326008)(66446008)(26005)(8676002)(66946007)(8936002)(5660300002)(66556008)(33656002)(122000001)(2906002)(86362001)(478600001)(64756008)(66476007)(38070700004)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: wcnSvyq9dmZYXMa7R9iNV/bmNilhcgSEDYPvkpJ84bl24ha2K7UGCgtMZXZiJoG3o1u9airWCPIj276Ai7VZV8RzLStjjIIJA1Kw5tETeYmURvIZpkaHef4OJRogx25yGgKaUxSernHxvLYJZENoE1++1drTN9Q/sqSWr3uN4ce/PC4ZEcscfjui2+hw7dRfMWUn87qwh/P7lyw1+zXPVZrhX/fYBqCYDspHyThwptIqj6gxESH0kp8YRYRZp86d6s+tQXGJJqjgHKgGKDpVj4Wb1qNWABGPxFaORviigp0VW5iYemDovUTEJRNrwUfJrL5KS/07zPoWvpezOxhDPHsUcDhEm0rZWqSzRYwlshdNAy69N8hve9FkAmjQSAoszPA5olc3bTGciAp/SYVPyRM/xNNXCLx+PqX788f1fq479EnFWbEW36GIKcn08tL/aZZoAW3hy2NS3PqCKldBDxzrrkJi99E+2iVnEVeXPLuMoRYRe/6t6xc2uumpIM8KtHU17eaaG54RyygEh4Lw2XNYfebW+D45BFcHvEIPTpY+G+Nh/KWEQiKjoNbStKWD+N3OzBl047w0g2J5ItlCP7gn1alv/srQVfF0z1Sk8XCAxxWk+j7WD6UeufDDZheuxfWWqFCUy7vSzKpD6vwYBbmVtQweAjXD2Ik7eY3Gvtxe+Jy6iAuHAhLT7prU7Bbasqej7nTiZYOw91iM2unG/JGq63djPLDmaUQazA6NlsdU6x9/8Y4LEAZOr5kB0k+lHeL0CnLsZ+24zvkWquUU96eRkyBxU1m7RoegvRJ34ECjb10vLlswlPcFbjlReWH3YUfllW4/8pdYa/o1Ma99h23v2gaCqqHlRhEUBOm/mwwGPABVmW25ZxD4vZwm+zWvxDTjy/q9pKKdFwRbmQ7iQ777NhLtoR5cXzT29mh/1L6FfOCZRNp5jpHIZABKGDgB/6xpljhngJ5yh6BL77LEFjQ4krW+te0vVZxHMjhGdXeGPxGBCcX17976zHkzLsJZI+L7jxRRznYjVUoUwf0E1gZ06/Bn+G+lGkvfW5Gi6ZdidxXV+KBNkCuyqJw6tkeXn+0pFp1VmPzXWZ6L4oXqj1kGnM/UY8aEZ9iu90ohxS5xor4Q5aiUEwEYOCl0BBtQ6cZM2aNhtG6GV68QSMkixJFJxicozhtbc/BGqrkc6JANNj7K5xf3sykUMtrdijzKRlfWco+dr0WwGIfB9sfSB6gsasxnEjGn9XbmIJAhNHF+HwmlgxgSYA1KTPxB+nCR6E6PI37GLQkm31d64kMvkER/tqqbkAtDIWT73rj6qsnEuo9E994UinrL0k4Z62V0
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <178BB4A166E47D409A8CB67C29207EC0@eurprd08.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB8PR08MB5498
Original-Authentication-Results: sandelman.ca; dkim=none (message not signed) header.d=none; sandelman.ca; dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT022.eop-EUR03.prod.protection.outlook.com
X-MS-Office365-Filtering-Correlation-Id-Prvs: 88d299f6-fa61-464f-40d9-08d94b64f82e
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: zQUrPhPv1Z6Z0iaoBDFCKA825/2XyrxebA6hN98AhEDXkAYIpsEkaZo9OyqxUxXe3TefxdgNVybFof6knIBGSnawY03/0Se2nzT2lvMXl/M5xqXxw+AhvPS9ll2QAtmCuAVCZa7qsxPK8mt3HYHss1H1e1kNGzwaS5NAxwZiQhxpSejQLrlYRzpbkKgI2lnIeD0uPOi3+AHNU7n8/a6eA+VYDFI+9XZ6H4WF959NAP1ipLhj1bGuVB0q4gSOYKR2Pjzjdykm3zppcgDQ0fpFnP8Vv2BbY1/dccLZrnSk1UVhN3+qPr8nnWKnLoqmJeHceWvwS2UBwIPLVbbmhc8yYcLXHCCqvtmUS/jQFYA5YIaWAEWREKFSGoVJ8SyaqMJxMPHTCcJfA9ZyyLX8iwGcHOEW47gVWs2gdOYVBqIJ+9PT2/EY0MJIagVwkETrSkzVWo5B/kz76eOdxvHpPAz42pb/GmXwLBUFXt8VidulDFWvDyr9YzKEyPlib26XOw5t3hAYLXdkwdlQXmKXWqKhRettru8tmTBlUMrUUCPrTIFIvj8xhc6KU749CFfl8muMWx6S5jsAefDgvdIiqkxjbVHsC0BVyuxxaRvgJVX+W9S/YiZzK9pbLs/f4w7bKcl+8Az2GZ4WP2s6JqU4li7Z7+PKWs5PsPgviUKUP7cPY+kklPa3TnuN8UNoic5syEwCaL6IHabCq990QiiRzIURzw==
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(4636009)(46966006)(36840700001)(36860700001)(36756003)(47076005)(316002)(82310400003)(8936002)(336012)(6862004)(186003)(81166007)(86362001)(70206006)(70586007)(4326008)(26005)(6506007)(6486002)(508600001)(33656002)(53546011)(66574015)(2616005)(6512007)(2906002)(8676002)(356005)(5660300002)(83380400001); DIR:OUT; SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Jul 2021 09:59:11.4525 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 468496d3-c4e9-495e-9f1f-08d94b650613
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: AM5EUR03FT022.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PA4PR08MB6095
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/5SxfSf2cr6hEJxkk4AZCPbkW9iw>
Subject: Re: [Suit] Suit manifest with variable recipients
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Jul 2021 09:59:21 -0000

There is another possibility that I don’t think we’ve discussed. It has some pros and a really big con. For the sake of completeness, here it is: We keep the COSE_Encrypt exactly as it is and allow standard manifest overrides via dependencies. This is good because it means that only authorised parties can edit the recipients list. This is bad because it means that the unused recipients structures cannot be severed.


I do have a big concern about the existing proposals: It is not possible to detect tampering with the recipients list. An on-path attacker could remove one or many devices from the recipients list. This would not be flagged as corruption because all signatures and digests are still correct. This would appear exactly as though the target device was not authorised to receive the update. This gives an on-path attacker an elevation of privilege because they can now control the recipients list without the explicit rights to do so. This is different from a normal denial of service attack; it is far less detectable.

For example, suppose a Firmware Author provides firmware to many Device Operators. Under normal DoS conditions, the location of an on-path attacker dictates how much control they have: if they are between the Firmware Author and the Device Operator, then either all the Device Operator’s devices are upgraded, or none of them are. If they are between the Device Operator and the Recipient (Device), then they can control whether that specific device is upgraded. This attack is detectable and not scalable.

However in our situation, an on-path attacker upstream of the Device Operator gains fine-grained control of which of the Device Operator’s devices are upgraded. This is scalable and difficult to detect. A Device Operator would need to communicate with the Firmware Author to determine why certain devices were not upgraded before the attack was discovered, giving attackers a window of opportunity. Depending on implementation details, competency, level of automation, and any other coincident attacks launched by the threat actor, this window could be longer or shorter.




I don’t believe that this is inline with our goals, however this specific threat is not listed in the threat model within draft-ietf-suit-information-model—evidence that threat models are living documents, I suppose! Perhaps this threat should be discussed in draft-ietf-suit-firmware-encryption?


I think the solution, though less than ideal, is to place some metadata in the manifest about the COSE_Encrypt within the manifest. In short, if COSE_Encrypt is external to the manifest, it must be authenticated by the manifest. If it is altered by an authorised party, that must be explicit and authenticated as well.


I can see two possible implementations for this:
1) manifest override. A digest of the COSE_Encrypt is placed in the manifest. This digest can be replaced by an authorised party by creating a dependent manifest that overrides it. This approach suggests that we should add the facility to digest integrated payloads/images as Øyvind requested..

2) COSE_Sign: If the COSE_Encrypt (actually a COSE_Encrypt_Tagged in this case) is overridden, then it must be replaced with a COSE_Sign_tagged containing the altered COSE_Encrypt. This initially seems less complex, but 1) reuses existing code paths, whereas 2) requires the creation of new ones.

I think we should consider requiring a digest of the COSE_Encrypt to be verified in advance of using the COSE_Encrypt in order to detect tampering. However if the COSE_Encrypt has been tampered with, but the resulting key is still usable, there’s no reason to halt installation. This presents an unusual problem: the verification of COSE_Encrypt is more important at the distribution level than at the Recipient level. At the Recipient level, it’s most important for reporting purposes.

The “correct” answer for this issue is not immediately clear to me.

Best Regards,
Brendan

> On 13 Jul 2021, at 02:09, Michael Richardson <mcr+ietf@sandelman.ca> wrote:
>
>
> Brendan Moran <Brendan.Moran@arm.com> wrote:
>> The result is that COSE_Recipients MUST be held outside of the
>> manifest’s chain of trust. This complicates matters somewhat. It would
>> be better if most of the COSE_Encrypt was held under the trust umbrella
>> while the COSE_Recipients were held outside the umbrella. However, COSE
>> does not support detached Recipient lists. This may be a failing of
>> COSE, and perhaps it should be discussed there. In the interim,
>> however, SUIT needs to move forward with some solution to deploying
>> variable recipient lists.
>
> I think it is reasonable that SUIT give COSE a clear set of requirements.
> (Let's not do CBOR packed goof again)
>
>> I can see several options:
>
>
>> Option 1: Place the COSE_Encrypt outside the manifest, reference it by
>> URI (remote) or Integer (envelope) Modify
>> suit-parameter-encryption-info to take a tstr (URI) or integer
>> (Envelope Reference)
>
>> This means that all devices supporting the encryption-info parameter
>> MUST support both integrated, detached local, and detached remote
>> modes. I don’t think this is really in the spirit of SUIT.
>
> I see your point.
>
>> Option 2: Place the COSE_Encrypt outside the manifest, reference it by
>> Integer (envelope) Add a new suit-parameter-encryption-info-detached
>> that takes the integer (Envelope Reference)
>
>> This has the benefit of being unambiguous. However, it creates a new
>> problem: what happens if both the
>> suit-parameter-encryption-info-detached and the
>> suit-parameter-encryption-info are set? Does there need to be a rule
>> that one explicitly unsets the other? How does that work with
>> permissions?
>
> It sounds to me that either it's invalid (manifest rejected outright), or one
> simply has a higher priority than the other.
>
>> Option 3: Abuse COSE slightly: Place a COSE_Encrypt0 in the
>> manifest. Place a list of recipients outside the manifest.
>
>> This has the benefit of being what we actually want, but it probably
>> won’t play nice with COSE libraries.
>
> I think that few devices will have totally generic COSE libraries anyway.
> Encoders can cope.
>
>
> --
> Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
>           Sandelman Software Works Inc, Ottawa and Worldwide
>
>
>
>

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email