Re: [Suit] WG Last Call for draft-ietf-suit-information-model-03
Dave Thaler <dthaler@microsoft.com> Wed, 21 August 2019 01:58 UTC
Return-Path: <dthaler@microsoft.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5C793120019 for <suit@ietfa.amsl.com>; Tue, 20 Aug 2019 18:58:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RYnxA8P8MVFo for <suit@ietfa.amsl.com>; Tue, 20 Aug 2019 18:58:01 -0700 (PDT)
Received: from NAM03-DM3-obe.outbound.protection.outlook.com (mail-eopbgr800113.outbound.protection.outlook.com [40.107.80.113]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8E513120096 for <suit@ietf.org>; Tue, 20 Aug 2019 18:58:01 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BwIo02oTzNe2GEww0Xtd9qfKzypLpHtBatwWFpmRguSFriphMCZ0SPYqgUoNQLA3lYn21T9J8MH60gh5Z8V64xqOfj9Vhwm3m5WaUiu17yoBPxb4u5HKBbZME6ovQCeYiCYGidJCDKoRW1SqzRxrYpqBZ6u9iAgRYE4CsWdimxfXNXHpNyvt/s5EEqwmq5hIcokdb5DTVvFG4WgZGgyoPzQCYJ6XPFyV2HXJlWR9v/Mbkr+GMjgVEomVjDnIRLrhbiHdJSQIvQ34DjAAPqiRokxA4U3VwkKXtci0V4rKWAbtF/pd/IWCZQbBVAuPS4zHh5QExamxd9P0sFpawO4FZQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2u24vwPtlTpBsYh3qKGn7seichEDlb/I8OUNDxjHfRA=; b=IsIYjbe2eQevQRPcoqlZO6+10FBaMdWyx8HNFJYlB64VNn4KtewdcML0UZqqFdLuHAJsZ8/EDxQ3MjsG+x2bJ59q4/aQ1yFodgO1LIwNrKvnibbBaQ4Pi/hUDJEZfstzi6rXPwHz5DYVkhfXtomxEAnLlVwjjKYEW3fkM/N9UXLA3OvemoQReX/AfAjvkjQdCNFUmp9pifKiHHk4iA668IQ0WVJcFx6e6ZKvyj+vQ0c7QrGRWvnYhs5wjHo5AJQ1Pk67V7QtEBrtDcbUSCZbpDAa2tse+hisHqWngw/aMbUP/n+XjuHHP7K31p4OrwHTC4A/vx/c8lHLq+kz8cEvIQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2u24vwPtlTpBsYh3qKGn7seichEDlb/I8OUNDxjHfRA=; b=AoVo4feRwpvCh+qY/74xQ3g7jNntUFaErKV/MNENYvKs7RRZkwg24pQIJRunjK4u1J/J95G42TietZzSJnqtugJeMpLU5Cr9R4+cm465a+hSsXJgs+cxOZ7pqXUVIxP4cbJX6+9nTRCD9jiSaCBLMrfaNJ3cDsWDLC+7DcI4/rQ=
Received: from MWHPR21MB0784.namprd21.prod.outlook.com (10.173.51.150) by MWHPR21MB0141.namprd21.prod.outlook.com (10.173.52.11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2178.11; Wed, 21 Aug 2019 01:57:59 +0000
Received: from MWHPR21MB0784.namprd21.prod.outlook.com ([fe80::7557:658b:9d96:b97a]) by MWHPR21MB0784.namprd21.prod.outlook.com ([fe80::7557:658b:9d96:b97a%3]) with mapi id 15.20.2220.000; Wed, 21 Aug 2019 01:57:59 +0000
From: Dave Thaler <dthaler@microsoft.com>
To: suit <suit@ietf.org>
Thread-Topic: [Suit] WG Last Call for draft-ietf-suit-information-model-03
Thread-Index: AQHVUV5EL4u78nRG+kC5E4XwzIrtpacE4mZA
Date: Wed, 21 Aug 2019 01:57:59 +0000
Message-ID: <MWHPR21MB0784A14AD820829C1EED701EA3AA0@MWHPR21MB0784.namprd21.prod.outlook.com>
References: <1A7783A0-E05D-434D-8E10-C71D3CF94D18@vigilsec.com>
In-Reply-To: <1A7783A0-E05D-434D-8E10-C71D3CF94D18@vigilsec.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Owner=dthaler@ntdev.microsoft.com; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2019-08-21T01:57:56.8818117Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Application=Microsoft Azure Information Protection; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=33185a6d-7b82-4b38-9f26-ab9e8d3c4949; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Extended_MSFT_Method=Automatic
authentication-results: spf=none (sender IP is ) smtp.mailfrom=dthaler@microsoft.com;
x-originating-ip: [2001:4898:80e8:3:2e5e:f817:a3c3:804c]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 80f45d0b-dd79-40ac-ef72-08d725dafe84
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600158)(711020)(4605104)(1401327)(4618075)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:MWHPR21MB0141;
x-ms-traffictypediagnostic: MWHPR21MB0141:
x-ms-exchange-purlcount: 3
x-microsoft-antispam-prvs: <MWHPR21MB0141F78152993E49EE778DCAA3AA0@MWHPR21MB0141.namprd21.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-forefront-prvs: 0136C1DDA4
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(4636009)(396003)(39860400002)(376002)(366004)(346002)(136003)(13464003)(189003)(199004)(53936002)(66446008)(64756008)(66556008)(66476007)(966005)(10090500001)(6916009)(46003)(7736002)(52536014)(66946007)(76116006)(86362001)(5660300002)(6306002)(55016002)(478600001)(6246003)(14454004)(6436002)(25786009)(9686003)(10290500003)(66574012)(2906002)(22452003)(99286004)(6506007)(229853002)(76176011)(81166006)(7696005)(256004)(14444005)(81156014)(53546011)(102836004)(186003)(316002)(71190400001)(486006)(305945005)(8676002)(8990500004)(33656002)(8936002)(74316002)(6116002)(71200400001)(476003)(446003)(11346002); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR21MB0141; H:MWHPR21MB0784.namprd21.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: SEQqXBT6fEikG6aE1LvBC9y3X4kFvvNrWlUO08ndlTdBmFsew6QcYmI/TSN3dV4V9Gf5LVujGKysCW50oPH5MhuwFmUwZDUUjrxXZdXSjYArLXF0jFgjIjIebACVDfkLXxkitHJbjmxqBgjRMYSt816CVY/5q5nIu6Qt/22RImKDkASGfbhH+L8pfZn2zEyuhiOQiYljqgJCYzRhM3KIoZQY/tk1n0S3VPlim307uOXMu7YvwUwzcujEOPl/fvVqLwMSNifDuVOYugcV4PVsskH0ZBz6h8osiC2XcOlBvzWfsdClax7CQhhvJROVK/YbBMxO1vIYIhY9ARQJomcmiL6ECR76SElK4Nz2eSj0BKbXndV9DVui8t+xkms+m35wZUiLHPyAfo8zcIWTexb74BoV6iSC1N6ZxuHuwjquYbU=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 80f45d0b-dd79-40ac-ef72-08d725dafe84
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Aug 2019 01:57:59.7888 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: FQY3oC1iGrGCDGe+DbUnJxaJ6GxIivWsU4oENmy2hrTPb0DXV0drjOPjIt7eAxzhs5IaClW7qk0Qw3OtAmNoGqOh/9Qnk2ERliX3nLZydyA=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR21MB0141
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/5WsW5u5mDt9QTgQ3D5jkM9hWVFk>
Subject: Re: [Suit] WG Last Call for draft-ietf-suit-information-model-03
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Aug 2019 01:58:04 -0000
My comments on this document are in the marked up PDF copy at https://www.microsoft.com/en-us/research/uploads/prod/2017/05/draft-ietf-suit-information-model-03.pdf Most are simple editorial nits. Other comments include: * The UUID RFC (4122) does not use a "prefix". Instead it uses namespace IDs, which is what I think the draft is talking about. * Need to address the issue of how UUIDs are "matched". I recommend saying binary match (regardless of whether they're serialized as strings or 16-octet fields, since serialization is out of scope for this doc). Point is that it would be a problem if a format serialized as strings and said to compare case insensitively. This doc is acting as the security requirements/threat model and so needs to state this as the requirement in 3.3 and 3.4. * Various terminology ("root of trust", "firmware authority", etc.) needs updating to be consistent with the arch doc. * Sections 4.2.11 and 4.4.3 are, in my opinion, about a Device Operator role, not a Network Operator role as the text currently says. * Section 4.4.3 is about a network operator but the language needs tweaking to actually apply to that role. * COSE and CMS are only used informatively, not normatively, and so should be moved to the Informative References. See the PDF for the full context and details of my comments above, but that's a quick summary. Dave -----Original Message----- From: Suit <suit-bounces@ietf.org> On Behalf Of Russ Housley Sent: Monday, August 12, 2019 10:30 AM To: suit <suit@ietf.org> Subject: [Suit] WG Last Call for draft-ietf-suit-information-model-03 This is the SUIT WG Last Call for "Firmware Updates for Internet of Things Devices - An Information Model for Manifests” <draft-ietf-suit-information-model-03>. Please review the document and send your comments to the list by 6 September 2019. This is longer than usual to accommodate vacation season. The datatracker page for the document is https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-suit-information-model%2F&data=02%7C01%7Cdthaler%40microsoft.com%7C8f95a824d19c4eae363608d71f7565f1%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637012461397594909&sdata=hKlq9oUNqEz5XrOre3mYa8QdCoYshPQIeQqHkMqZH5I%3D&reserved=0 Thanks, Russ & Dave & Dave _______________________________________________ Suit mailing list Suit@ietf.org https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fsuit&data=02%7C01%7Cdthaler%40microsoft.com%7C8f95a824d19c4eae363608d71f7565f1%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637012461397594909&sdata=2o48ERtnDJ9ptKvhPWaPNO9pP5C620wEq%2BwpiT5eRbQ%3D&reserved=0
- [Suit] WG Last Call for draft-ietf-suit-informati… Russ Housley
- Re: [Suit] WG Last Call for draft-ietf-suit-infor… Dave Thaler
- Re: [Suit] WG Last Call for draft-ietf-suit-infor… Brendan Moran
- Re: [Suit] WG Last Call for draft-ietf-suit-infor… Brendan Moran