Re: [Suit] WG Last Call for draft-ietf-suit-architecture-04
Mohit Sethi M <mohit.m.sethi@ericsson.com> Wed, 10 April 2019 19:36 UTC
Return-Path: <mohit.m.sethi@ericsson.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 66E6D1205F5 for <suit@ietfa.amsl.com>; Wed, 10 Apr 2019 12:36:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NJ6KrfxpCg6r for <suit@ietfa.amsl.com>; Wed, 10 Apr 2019 12:36:54 -0700 (PDT)
Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-eopbgr00046.outbound.protection.outlook.com [40.107.0.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 96CF9120621 for <suit@ietf.org>; Wed, 10 Apr 2019 12:36:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ulGj59zE16wMv1HyzkvDByROGJWngdl5dUfnBs2Kw8Q=; b=J0Y4pb9Y4TvM6NGPTYVkVu+quBQiQlOv3aHs4cLgApxgbA7d/8f9PEF7W3Ia5APRJKkYjM5/KIHQYHoP6jeRgjkco+4uYk9pc6LX+vxetqDbEgXD+uiVl8oTeO/sqPA7r8ZK4KPV/6nmm9U6LZCWmxuuQtALGicRvgrMJyUVF/I=
Received: from HE1PR0701MB2905.eurprd07.prod.outlook.com (10.168.98.146) by HE1PR0701MB2524.eurprd07.prod.outlook.com (10.168.128.12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1792.12; Wed, 10 Apr 2019 19:36:51 +0000
Received: from HE1PR0701MB2905.eurprd07.prod.outlook.com ([fe80::c9fc:ff6d:5b43:f6e2]) by HE1PR0701MB2905.eurprd07.prod.outlook.com ([fe80::c9fc:ff6d:5b43:f6e2%7]) with mapi id 15.20.1792.009; Wed, 10 Apr 2019 19:36:50 +0000
From: Mohit Sethi M <mohit.m.sethi@ericsson.com>
To: suit <suit@ietf.org>
Thread-Topic: [Suit] WG Last Call for draft-ietf-suit-architecture-04
Thread-Index: AQHU79S+Dl7hhI6fI0mITWGu3u/VsQ==
Date: Wed, 10 Apr 2019 19:36:50 +0000
Message-ID: <1177e4f7-906a-5fe0-0e7f-09b8eed9fd64@ericsson.com>
References: <5D5FB80B-10A5-4DDE-B030-C9F667E8229C@vigilsec.com>
In-Reply-To: <5D5FB80B-10A5-4DDE-B030-C9F667E8229C@vigilsec.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1
x-originating-ip: [89.166.49.243]
x-clientproxiedby: HE1PR0202CA0025.eurprd02.prod.outlook.com (2603:10a6:3:e4::11) To HE1PR0701MB2905.eurprd07.prod.outlook.com (2603:10a6:3:57::18)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=mohit.m.sethi@ericsson.com;
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 0d45713d-2c73-4ed1-fc15-08d6bdebe0a2
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600139)(711020)(4605104)(2017052603328)(7193020); SRVR:HE1PR0701MB2524;
x-ms-traffictypediagnostic: HE1PR0701MB2524:
x-ms-exchange-purlcount: 2
x-microsoft-antispam-prvs: <HE1PR0701MB252451BA99980E22619AAAA5D02E0@HE1PR0701MB2524.eurprd07.prod.outlook.com>
x-forefront-prvs: 00032065B2
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39860400002)(136003)(346002)(366004)(396003)(376002)(189003)(199004)(72854002)(54094003)(81156014)(6486002)(66066001)(99286004)(65956001)(65806001)(76176011)(97736004)(71200400001)(71190400001)(229853002)(53546011)(6506007)(64126003)(6116002)(52116002)(102836004)(2906002)(25786009)(6436002)(386003)(3846002)(7736002)(36756003)(305945005)(66574012)(6246003)(316002)(86362001)(5660300002)(8936002)(81166006)(58126008)(14454004)(966005)(31696002)(8676002)(14444005)(256004)(476003)(105586002)(478600001)(31686004)(106356001)(53936002)(446003)(11346002)(2616005)(6916009)(6512007)(186003)(65826007)(6306002)(486006)(68736007)(26005); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR0701MB2524; H:HE1PR0701MB2905.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: qP/JXOm5gpr+NIOxh81yldwRF+OBzlMzxLKQ2pqf1+qy85TEPrAsEVOeVmHkN/a44u4vlzum41JoUXYmOTQQ2mkfwn+I0k9Kw7TMT3sVwuZYrRhF6xSDnPeds5XT8OuoBBTsCsN9qGqYjfz3YW3847S1I5+Idtc3VMoZZuQhT0x68nWpKSVroPfjZxyFtfeEAd6mnJH5t2euS4DntmMeWmlzw6oJ5kIfCoQSDCKedVXTKfzcTiliLqTNB8cdPw9+o/wQ47e1y1TABoUW1JLNL0UUI/G5RvpqjiM87u3Me7TnGbNosaIpGiyDQkMq7O5pWnbVZPCkQMA9hH+SWX6brESSwrmZcyxFx5yIzFYdK86ZtOPLmlM1LbDgXHgwNUECW4x0e7kqQvTdz/jIrAgsegKPNl4+D4gCouKau832z4I=
Content-Type: text/plain; charset="utf-8"
Content-ID: <7DA73FBA7AD2F545ADEDC9079C946ECB@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 0d45713d-2c73-4ed1-fc15-08d6bdebe0a2
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Apr 2019 19:36:50.8109 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB2524
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/6wAtme9H2QDukBzw9k26cblT9m4>
Subject: Re: [Suit] WG Last Call for draft-ietf-suit-architecture-04
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Apr 2019 19:37:02 -0000
Review of draft-ietf-suit-architecture-04 Overall comments: In Section 2, the text says "Firmware is the more universal term. Both terms are used in this document and are interchangeable." Which is the other term you are referring to? It is not stated in the text? Also, the working group is called Software Update for Internet of Things (SUIT), but the document talks about firmware. It is fine to focus, but wouldn't it make sense to add some information on how they are different and what exactly this document covers. (I am sure there was discussion on the term software vs. firmware. After all, the mailing list was previously called Firmware Update (FUD). Then the documents mentions many requirements about being able to work with small parsers, being friendly to broadcast delivery etc. Wouldn't it help to also say how this architecture would aid that. I am sure that some this would be in the manifest document but it would help to have some relation between the requirements and architecture. Section 7 talks about how this architecture is applicable to existing systems, but the document doesn't describe how are firmwares and manifests are currently distributed. Even though the charter says "This group will focus on defining a firmware update solution (taking into account past learnings from RFC 4108 and other firmware update solutions)", I don't see any text explaining the relationship to current mechanisms. I don't expect some long survey of the present deployment, but just a few lines explaining how are firmware updates done today, and how this architecture is same/different and more light-weight? Minor suggestions: Abstract: The term "solid" is too much of a slang for me. How about robust? 1: Introduction: I wonder if you would consider adding a reference to draft-irtf-t2trg-iot-seccons-16? Perhaps the introduction could begin with "As noted in [iot-seccons], when developing IoT devices, one of the most difficult problems to solve is how to update the firmware on the device." For full disclosure, I am an author of that document. But I do think it makes sense to have it as a reference. 2: Conventions and Terminology "The manifest is protected against modification and provides information about the author." The entity author is defined later. Perhaps this sentence could be made self-contained by rephrasing as "The manifest is protected against modification and provides information about the author of the firmware being updated." For hardware noobs like me, can you please explain the difference between ROM and flash memory. The text says that parts of bootloader may reside in ROM and in flash memory. The text says in the beginning of the section "This document uses the following terms:" but then never uses terms such as HoSA/HeSA in the rest of the document? Are they needed? "For example, in some cases, the Original Design Manufacturer (ODM)," This is a new term for me (and hopefully for some others). I am more used to the term Original Equipment Manufacturer (OEM). Are they different? 3: Requirements " End-to-end security between the author and the device". For me end-to-end security is between machines/devices. Shouldn't it be end-to-end security between the firmware server and the device? This sentence could be re-phrased "One way to achieve this functionality is to provide a minimum of two storage locations for firmware and one bootable location for firmware" Spelling and typos: Section 2: succesfully vs successfully interchangably vs interchangeably Section 8: implemention-specific vs implementation-specific Figure 5 caption "Firmware Upate" vs "Firmware Update" There are multiple uses of British English: "authorisation", etc. I don't have any opinion on this and leave it to the authors and the RFC editor. --Mohit On 3/27/19 11:03 AM, Russ Housley wrote: > This is the SUIT WG Last Call for "A Firmware Update Architecture for Internet of Things Devices” <draft-ietf-suit-architecture-04>. Please review the document and send your comments to the list by 13 April 2019. > > The datatracker page for the document is https://datatracker.ietf.org/doc/draft-ietf-suit-architecture/ > > Thanks, > Russ & Dave & Dave > > _______________________________________________ > Suit mailing list > Suit@ietf.org > https://www.ietf.org/mailman/listinfo/suit
- [Suit] WG Last Call for draft-ietf-suit-architect… Russ Housley
- Re: [Suit] WG Last Call for draft-ietf-suit-archi… Michael Richardson
- Re: [Suit] WG Last Call for draft-ietf-suit-archi… Mohit Sethi M