IETF Logo Mail Archive

Re: [Suit] SUIT rechartering: proposed text

Russ Housley <housley@vigilsec.com> Sun, 31 October 2021 20:27 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D199F3A040A for <suit@ietfa.amsl.com>; Sun, 31 Oct 2021 13:27:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tW96wcEkJU6b for <suit@ietfa.amsl.com>; Sun, 31 Oct 2021 13:27:03 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4D1723A03FA for <suit@ietf.org>; Sun, 31 Oct 2021 13:27:03 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 7435C300AE0 for <suit@ietf.org>; Sun, 31 Oct 2021 16:27:04 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id nB_T1GjptQm1 for <suit@ietf.org>; Sun, 31 Oct 2021 16:27:02 -0400 (EDT)
Received: from a860b60074bd.fios-router.home (pool-141-156-161-153.washdc.fios.verizon.net [141.156.161.153]) by mail.smeinc.net (Postfix) with ESMTPSA id DBE70300A1C for <suit@ietf.org>; Sun, 31 Oct 2021 16:27:02 -0400 (EDT)
From: Russ Housley <housley@vigilsec.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.21\))
Date: Sun, 31 Oct 2021 16:27:00 -0400
References: <66D84CE5-22E6-44F0-8239-8A5832326219@arm.com> <3E7D5E5B-03EE-4EDD-A951-FB119F72DDE8@arm.com> <16339.1613515194@localhost> <E4B87013-1498-463F-98C0-5FF13344C3EA@arm.com> <6FC3F38A-B067-4180-ACD9-A121162EA459@vigilsec.com> <26718.1626138395@localhost> <MN2PR09MB4841BA0A0CC978E70A09A509F0119@MN2PR09MB4841.namprd09.prod.outlook.com> <67F117E7-28F2-45F3-BC4C-AC8116BCB69F@vigilsec.com> <SN6PR2101MB0943178F1E627E78A1343AE8A3E59@SN6PR2101MB0943.namprd21.prod.outlook.com> <50B65F80-808D-4591-9D4D-2346796DA204@vigilsec.com> <1944E3C3-9348-4574-AE26-4133BFD932B0@vigilsec.com> <CH2PR21MB1464AC4D50A932EC45A3B369A3EF9@CH2PR21MB1464.namprd21.prod.outlook.com> <3944F4E6-9644-4D23-9DB0-B0AC0490AB51@vigilsec.com> <A460F3FC-0EC6-4B8F-9D8C-D40AC841E602@arm.com> <20192.1628612087@localhost> <CAN40gSsvPrnMzUrQASo7nmJJKYGjNm=GNtOd9v9+a7Ni1waCCQ@mail.gmail.com> <CH2PR21MB1464E5F803ED4E22B6D90DD3A3F79@CH2PR21MB1464.namprd21.prod.outlook.com> <2002841D-85D6-41AB-B214-963174485119@vigilsec.com>
To: suit <suit@ietf.org>
In-Reply-To: <2002841D-85D6-41AB-B214-963174485119@vigilsec.com>
Message-Id: <8A3FC35F-E993-4899-9213-A2DCA8D1F857@vigilsec.com>
X-Mailer: Apple Mail (2.3445.104.21)
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/AHTJrcY0uVeV9nxbjML3N2pj8lE>
Subject: Re: [Suit] SUIT rechartering: proposed text
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 31 Oct 2021 20:27:06 -0000

Dear SUIT WG:

I have not seen any new comments since August.  I would like to send this to the IESG.  Any last minute concerns?

For the WG Chairs,
  Russ

= = = = = = = =

Vulnerabilities in Internet of Things (IoT) devices have raised the need
for a secure firmware update mechanism that is also suitable for constrained
devices.  Security experts, researchers, and regulators recommend that all IoT
devices be equipped with such a mechanism.  While there are many proprietary
firmware update mechanisms in use today, there is no modern interoperable
approach allowing secure updates to firmware in IoT devices. In June 2016,
the Internet Architecture Board organized a workshop on 'Internet
of Things (IoT) Software Update (IOTSU)', and RFC 8240 documents various
requirements and challenges that are specific to IoT devices.

A firmware update solution consists of several components, including:
* A mechanism to transport firmware images to compatible devices.
* A manifest that provides meta-data about the firmware image (such as a
  firmware package identifier, the hardware the package needs to run, and
  dependencies on other firmware packages), as well as cryptographic
  information for protecting the firmware image in an end-to-end fashion.
* The firmware image itself.

The SUIT WG is defining a firmware update solution (taking into account past
learnings from RFC 4108 and other proprietary firmware update solutions) that
are usable on Class 1 (as defined in RFC 7228) devices, i.e., devices with
~10 KiB RAM and ~100 KiB flash.  The solution may apply to more capable devices
as well.  The SUIT WG is not defining any new transport or discovery mechanisms,
but may describe how to use existing mechanisms within the architecture.

The SUIT WG has already completed work on two documents:
* An IoT firmware update architecture.
* An information model for the SUIT manifest.

Now that the information model is complete, the SUIT WG has selected the CBOR
serialization format and the associated COSE cryptographic mechanisms to
encode the SUIT manifest. The SUIT WG may consider a small number of additional
formats in the future; however, to reduce the complexity of a firmware
management solution, a very small number of formats is preferred to enable SUIT
maifest integration and interoperability with other IoT technologies and
ecosystems.  To support a wide range of deployment scenarios, the formats are
expected to be expressive enough to allow the use of different firmware sources
and permission models.

To support the SUIT manifest format, the SUIT WG is also defining formats
that enable a SUIT Status Tracker to determine if a particular manifest
could be successfully deployed to a device and determine if an operation
was successful.

In addition, the SUIT WG will work with the RATS WG to specify claims related
to the SUIT Status Tracker that can be used to provide evidence in support of
the architecture that has already been defined by the RATS WG.

The SUIT WG will continue to work with silicon vendors and OEMs that
develop IoT operating systems to produce implementations based on SUIT
WG specifications.  In particular, the SUIT WG plans to continue to
participate in IETF Hackathons.

The SUIT WG document deliverables are:
* A SUIT manifest format specification using CBOR.
* Extensions to the SUIT manifest for optional capabilities, including
  firmware encryption.
* A secure method for an IoT device to report on firmware update status.
* A SUIT manifest extension to include a MUD file as defined in RFC 8520.

In addition, either the SUIT WG or the RATS WG will produce:
* A set of claims for attesting to firmware update status.

v2.23.0 | Report a Bug | By Email