Re: [Suit] intentional rollback of firmware

Dave Thaler <dthaler@microsoft.com> Wed, 11 December 2019 19:02 UTC

Return-Path: <dthaler@microsoft.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D654B120127 for <suit@ietfa.amsl.com>; Wed, 11 Dec 2019 11:02:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1tkgTS5zL0c3 for <suit@ietfa.amsl.com>; Wed, 11 Dec 2019 11:02:52 -0800 (PST)
Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2100.outbound.protection.outlook.com [40.107.220.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 404C912081F for <suit@ietf.org>; Wed, 11 Dec 2019 11:02:52 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ERr0Rne6Y8Gc7dchf7MJD0NJdQ2AEs85ukgsfAcBeUlVEnWMXkwGYBt+Q43XMskEWafTRsuZjZnH+p8wdvs1IZa/GLrXpcrDzP5Pq61ZD3REX5VgbCQI0HFxTwmSYbGILBZMF9T8aqZAs4uImUtxJz7bfrRMij/59q3hUXLPMaibeV3QahY+jBU8Rx4o/WiF0DiK+hJNCNtzCTv2jmesXJgitLppPdhXP12b94+fpnHDBQU5DdFWOYVaoG9pRBblWUDOfhgFV9OF5UGN4tlS7C5cltX4kwrxgTT8yMMzvNPyZ91wD9k+bb4EH0ZF8L9B2fk60JB3/TZOS1g1Xor/ew==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=lqDYddGQ9zAknAyr7XCMmun09oOLPJYuv2IDO4umQFs=; b=NX798k413ZzAGrWPTYPGJzn/25+8f1hXijPC20TtJV/wLNPR9481Xka5809gv41vQ4JeZixwFCQ45WTbXbUjOBdAKnNp+DPodZ2/BYjDuNweg2fAaiMmIwIQGZ08neLpKmrTjlIkN0cp4FJompBS1Zn92Chv+W3E+OJWY7J+oBaX/RMl3gJIi4uKNAevFlAZBQbAFw8GBCm6Xuu2mfypKyuGoiMQTC3qI9bQsMwKtfV7PFooHwYRZyeZwQlqY/jdL3DzhzNxTr/ZOCPJ6YcCLdd1uRhgLZAb5e7kbnM2zMANQRQ7OtYi8zK/QQ2+q/mrRWJfbqjpKI2tT/PcBgbqBg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=lqDYddGQ9zAknAyr7XCMmun09oOLPJYuv2IDO4umQFs=; b=NRpQQEzCTJ0oqwVzHRQMt0BKl1NSmR5yItIEYO2pRduJmkQGFG6/1ooPS/pABfMlWiWmPTM4S7VTw7mS9w+pxMQeYdTtlIE0TInr8KVRMa7jxJEgINZ4nuMud9uecBWHXbR6tyPkk8bmCRxoK/8tWzX86U+kisdB4J1B6q0KYsE=
Received: from MWHPR21MB0784.namprd21.prod.outlook.com (10.173.51.150) by MWHPR21MB0288.namprd21.prod.outlook.com (10.173.53.18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2538.6; Wed, 11 Dec 2019 19:02:49 +0000
Received: from MWHPR21MB0784.namprd21.prod.outlook.com ([fe80::a116:227:f704:a027]) by MWHPR21MB0784.namprd21.prod.outlook.com ([fe80::a116:227:f704:a027%14]) with mapi id 15.20.2538.012; Wed, 11 Dec 2019 19:02:49 +0000
From: Dave Thaler <dthaler@microsoft.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>, "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] intentional rollback of firmware
Thread-Index: AQHVsFIJU4hNtQUZskaK7C4BDp4Nzqe1RLqwgAAFOACAAABlwA==
Date: Wed, 11 Dec 2019 19:02:49 +0000
Message-ID: <MWHPR21MB0784B97F477AED0ABAC7A305A35A0@MWHPR21MB0784.namprd21.prod.outlook.com>
References: <19658.1576089434@localhost> <MWHPR21MB07843D8D21C1A01336E8EFEBA35A0@MWHPR21MB0784.namprd21.prod.outlook.com> <25447.1576090846@localhost>
In-Reply-To: <25447.1576090846@localhost>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Owner=dthaler@ntdev.microsoft.com; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2019-12-11T19:02:48.4547902Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Application=Microsoft Azure Information Protection; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=96d343ae-fcb6-4692-9898-64c273294eb5; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Extended_MSFT_Method=Automatic
authentication-results: spf=none (sender IP is ) smtp.mailfrom=dthaler@microsoft.com;
x-originating-ip: [73.59.106.235]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: ffb70b2b-1d4d-4d46-2bb3-08d77e6cb79f
x-ms-traffictypediagnostic: MWHPR21MB0288:
x-microsoft-antispam-prvs: <MWHPR21MB02886F6164A24AB0262BB4EFA35A0@MWHPR21MB0288.namprd21.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:962;
x-forefront-prvs: 024847EE92
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(366004)(189003)(199004)(13464003)(5660300002)(8936002)(86362001)(26005)(498600001)(186003)(110136005)(10290500003)(52536014)(7696005)(81166006)(33656002)(81156014)(8676002)(966005)(53546011)(66446008)(6506007)(64756008)(9686003)(55016002)(66946007)(76116006)(2906002)(66476007)(66556008)(71200400001)(8990500004); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR21MB0288; H:MWHPR21MB0784.namprd21.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 7BrUGB3zAfWzIis75r+nQldVRjB0iJqKzeXwrxRYPAoEZG2QfEbOFgl2BVaSd9mfNyXaP+AU8X5A/NHzYgt52bN9cnWXGv4uNEqZRdmQ7zFlmfR9SDWrFArxq4L5mObj25BfSgL5gs9w1sDM9zQuLM81XY++sj0OWOxbTVKZul1PPEvJxbqakSExcCA5O09gXazirHS/knzQPO0TSHhyDv6wJ5oq0autVATQ/99IQUAjJZWOzrmxIzr7wsc4Edhfgn0HncgVc6pXeHnTjqzHVqrVrv6t/5oL11/8GMDCX8FRTAWN9o2IfFg52uvkjoMsBkcDWc3tZWK6VYhJUoP5ReNOU6enFFexJNHlk8vgHoiPRUYHw5x1wzbHU00CBw+sqcwRHrU/LtimWo2kZg+TkOP7fm2LgMUiNH49gmXix0mtQzl5f+ojgXzCZwN8VfqZi6eMJwNe6DCtnesrMIzPulxgjX2DvoKvezzFVfeYPZGwrxztYT2rHANTOWJjtv5xRelWTkJHZ6RUmyDA+9SIV5klgcrSJCbuSXJnYIruGvk=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ffb70b2b-1d4d-4d46-2bb3-08d77e6cb79f
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Dec 2019 19:02:49.7984 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ajsH/bpv3uaxlt5OHESGew//4iCysVFEImIw13vW7FGT4LtoQPTUaplO65d2B8HcmabcTtZC8Z0+mv5PYPmmp4iljGkZB5VFy3AQCRalixQ=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR21MB0288
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/8RlsLSW3qSvfXJTL4XAHnYUMbaQ>
Subject: Re: [Suit] intentional rollback of firmware
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Dec 2019 19:02:55 -0000

I agree with your suggestion.

Dave

-----Original Message-----
From: Suit <suit-bounces@ietf.org> On Behalf Of Michael Richardson
Sent: Wednesday, December 11, 2019 11:01 AM
To: suit@ietf.org
Subject: Re: [Suit] intentional rollback of firmware


Dave Thaler <dthaler@microsoft.com> wrote:
    > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-ietf-suit-information-model-04%23section-4.3.1&amp;data=02%7C01%7Cdthaler%40microsoft.com%7C8da182acd4f042b83d0308d77e6c7328%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637116876569903627&amp;sdata=4yKFRvergdIPAGoZt9zSXNBhP%2BxSlPRRDUpUH%2FOfYR0%3D&amp;reserved=0 says:
    >> Note: This is not a firmware version.  It is a manifest sequence
    >> number.  A firmware version may be rolled back by creating a new
    >> manifest for the old firmware version with a later sequence number.

    > The information model doc is referenced in several places in the
    > architecture, but maybe it should be explicit about the threat model is
    > covered in detail in the information model document.

Thank you for this pointer.
I didn't think I'd find it in the info model, but in hindsight, it makes sense.  It shows that I haven't paid enough attention to the information model document. (Damn WG conflicts. I see it's in WGLC, which I had spaced too)

I want to suggest a tweak to the abstract:

OLD:
   One component of such a firmware update is a concise and machine-
   processable meta-data document, or manifest, that describes the
   firmware image(s) and offers appropriate protection.  This document
   describes the information that must be present in the manifest.

NEW:
   One component of such a firmware update is a concise and machine-
   processable meta-data document, or manifest, that describes the
   firmware image(s) and offers appropriate protection.  This document
   describes a series of security threats, along with the types of
   information that must be present in the manifest in order to deal
   with the threats.



--
Michael Richardson <mcr+IETF@sandelman.ca>ca>, Sandelman Software Works  -= IPv6 IoT consulting =-