IETF Logo Mail Archive

Re: [Suit] suit-firmware-encryption-00

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Mon, 31 May 2021 15:15 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA4EB3A1B84 for <suit@ietfa.amsl.com>; Mon, 31 May 2021 08:15:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=N2eS64fL; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=N2eS64fL
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YJVxABmitlOc for <suit@ietfa.amsl.com>; Mon, 31 May 2021 08:15:30 -0700 (PDT)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2086.outbound.protection.outlook.com [40.107.22.86]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 852E83A1B82 for <suit@ietf.org>; Mon, 31 May 2021 08:15:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NfyKfmyEoff40KsP8HNRLA5STnYkWKNnxwsiNuBfZek=; b=N2eS64fLvz8+48NpNtHovBCkRhTp6TLLgRGFAn+G0f+HvGafyYsJgY2q3M+jSbtX56R+GddZVuALPUdN7YArd7gmN87548yskoeo2ssFmOiGi6PFaOGVuRx6zokNTY334ZFK+QxHJQQdxJPUb6i4qWb/AwFou7ZPD3vK5pPw7zU=
Received: from AM5PR0202CA0013.eurprd02.prod.outlook.com (2603:10a6:203:69::23) by AS8PR08MB7208.eurprd08.prod.outlook.com (2603:10a6:20b:407::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.22; Mon, 31 May 2021 15:15:28 +0000
Received: from VE1EUR03FT039.eop-EUR03.prod.protection.outlook.com (2603:10a6:203:69:cafe::99) by AM5PR0202CA0013.outlook.office365.com (2603:10a6:203:69::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.20 via Frontend Transport; Mon, 31 May 2021 15:15:28 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=pass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by VE1EUR03FT039.mail.protection.outlook.com (10.152.19.196) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4150.30 via Frontend Transport; Mon, 31 May 2021 15:15:27 +0000
Received: ("Tessian outbound f02dc08cb398:v93"); Mon, 31 May 2021 15:15:27 +0000
X-CR-MTA-TID: 64aa7808
Received: from f56cc3790019.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 6ABB1CC5-F635-4BAD-924D-BC1F6C120998.1; Mon, 31 May 2021 15:15:21 +0000
Received: from EUR02-AM5-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id f56cc3790019.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Mon, 31 May 2021 15:15:21 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Zl38Qu+lvTxmXhJh2yFVkj8dcmWIJxok8NgHjRymFW0guXOmiA36lI1xHW7rlr6I3w+5rhKYMbJFqxrGUxwPc0W9iLm3qhDYOahONs7tRPt2c4w0YTJGMFiwX7R17KCIDt8SX3kTOxulOkh7MayqWEi0XNVIRMMKuGBMy50WTspkabGTvUT3lMZSuZjBmWsRghMTxrg34BM+7PiUM+4UH5cjtxYLbI7skDZKBr+3dh7TRiHJ9oSuVI55ExVNhJs6IBpDEh2Xr9yms916p1brxFJEW3G9965QGpFu0vKXpYIYmpw68XxisrU2lQl61pC5oJ85WO1oGa3LmkQaC+e5Gg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NfyKfmyEoff40KsP8HNRLA5STnYkWKNnxwsiNuBfZek=; b=kJ56noLSzmP3dTnnMF4QoRY1MvB7yweYaUb+aeh2VzzvPk2OA3uTY6vfrWaJJLPonBcHM7S6LY4eiy9ZjDf65qqL3iNAxMrvwuV9iz3Po8c2O7vWVE5RzDV3HYSj4zx182BJZ0MvpiAiCB8ZhvU0oowXHXdKs8GUBVvWgA7cn3iVPOrUSgSeDTTNIikuL897jX/I+O1uF4F8m/WJU7e4cOY6MVFTIDzCnkiPeEkyRDfkmjaw9JgE5ja5GRM8yiJTtzKrL6K/eKVz1wq38Lcv6MvQmfywE/Pi/N+XbF1qmSlw4amYYkFp3i3oH52HCGRl0NjSbRVdBofSUHMalE3PZA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NfyKfmyEoff40KsP8HNRLA5STnYkWKNnxwsiNuBfZek=; b=N2eS64fLvz8+48NpNtHovBCkRhTp6TLLgRGFAn+G0f+HvGafyYsJgY2q3M+jSbtX56R+GddZVuALPUdN7YArd7gmN87548yskoeo2ssFmOiGi6PFaOGVuRx6zokNTY334ZFK+QxHJQQdxJPUb6i4qWb/AwFou7ZPD3vK5pPw7zU=
Received: from DBBPR08MB5915.eurprd08.prod.outlook.com (2603:10a6:10:20d::17) by DB6PR0802MB2216.eurprd08.prod.outlook.com (2603:10a6:4:85::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.30; Mon, 31 May 2021 15:15:19 +0000
Received: from DBBPR08MB5915.eurprd08.prod.outlook.com ([fe80::3405:8699:991d:b2e9]) by DBBPR08MB5915.eurprd08.prod.outlook.com ([fe80::3405:8699:991d:b2e9%9]) with mapi id 15.20.4173.030; Mon, 31 May 2021 15:15:19 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>, "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] suit-firmware-encryption-00
Thread-Index: AQHXUy5z1Ad5u0DPwEu0kJVAnV+BYar9qIzw
Date: Mon, 31 May 2021 15:15:19 +0000
Message-ID: <DBBPR08MB5915CEC125579D78C108D540FA3F9@DBBPR08MB5915.eurprd08.prod.outlook.com>
References: <19586.1622075797@localhost>
In-Reply-To: <19586.1622075797@localhost>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ts-tracking-id: 5F54674AABDDE644AFDFDF0ED43BB777.0
x-checkrecipientchecked: true
Authentication-Results-Original: sandelman.ca; dkim=none (message not signed) header.d=none; sandelman.ca; dmarc=none action=none header.from=arm.com;
x-originating-ip: [80.92.119.239]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-Correlation-Id: 9cba4ce8-1726-419d-4cb7-08d92446ec44
x-ms-traffictypediagnostic: DB6PR0802MB2216:|AS8PR08MB7208:
X-Microsoft-Antispam-PRVS: <AS8PR08MB72080CD303ED8441E744A253FA3F9@AS8PR08MB7208.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:9508;OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: VSnWrxsQOvrdVGzFIxY5W1HdBO4neYriTj1GIg9+iuWg8HSS5bUSQ/znNzn93WPnvyMbL5Usvh7EzIpWN8iXZ+ZGmlWqOwokh21TTo7NFXIQUFxV8Gq+L7krv2bozAgQOKv2z9J6vDhoxyOPLYncFfxxKq2S1c2/98gTFqfe16HvXMXn2WJCA41lJ/Yqzvh4ryALA2ThdoJKOFdWTAT2wYd5/TqqfX8x/SlhqZdyVfY6PP79UFIu8WgmT5vl7RCShk5LUIOePauWGrB4Ux8HmmlhAiQloyuNHLBYItfC5nDfB5o7Ol17mDFF724OY/I3pwuEU2nZ7KdUSC08wN6P8NDqN6GZBTFZ3/ik6c9/mnWgJdF7E0f18mUSwm3Z11TCaBGa6cA2v7tonMelHL1wLrFBfgmi71+P9oW530tl515EMKE6h3baZLfn3461to5vFdf4FJSZZ6p3J8YjFvuXsG1YLptvm2d998dyZc4L+4vZ7J5quNihstJx+UnYp5kzBWzzmnTGBCCy8aaWPyWJFiqeKNvmgcaVk2naMLJoT4qb2toIrZd5iWgBviEyUTiNKHuXmadGoRj7tD8VRxGtU1Gb4xqoHWaTb/4ikxNQZ0jnvWxT3XTg+0pJprOHOlscVKk12A0N6TLdx87+zPUNT7FxDjTG0a/UlAZqEpQbwBFf5OQQga7FxVeAFGmXhXYsBnFWmneLd0LA2yZaPihTNouHY1juyuAc89+XZ3xvBXclmP0l2J7ZKx4DF/rr9J42
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DBBPR08MB5915.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(39850400004)(376002)(396003)(136003)(346002)(7696005)(186003)(8936002)(71200400001)(55016002)(26005)(8676002)(53546011)(6506007)(9686003)(2906002)(33656002)(966005)(76116006)(66946007)(5660300002)(66476007)(316002)(64756008)(66446008)(66556008)(38100700002)(52536014)(110136005)(122000001)(66574015)(83380400001)(478600001)(86362001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: =?utf-8?B?LzRMNHVOZnJHTXNVVkdHT2VrUkJoMUJhcEFiL3VJMlNuTU0rOWYyOGpmU0ov?= =?utf-8?B?Q1pFS0llTkFENDdBL2xBNDMwNXZidnptR2xvREw3VjBzN0ZhY21FMGhUQlp2?= =?utf-8?B?V0FIdFR4Y0tvUFNBNjljWXBiUzJZcENyRGFITU9aTnJkSm9YUmpFeWNkS2JV?= =?utf-8?B?SWdtb09tUzk3dHQ3TWhjaC9HY0tkbUdNdDhJOWdOUU1LQjZjdnVNcHF2WHd3?= =?utf-8?B?NmV4TmlHOU94UStIOHhzc1VHWTJ2R282aGcxUHNwUkszcTBIcGcyendmRHFG?= =?utf-8?B?ekNnWWpHVm40TldoUG1iWUE4L0JFVFU0eTJGd05yWklPbFBQZHRUQjdadHdD?= =?utf-8?B?d1NpaTQ1dnhJSTQrL214VXpRZnozOXIvT1I2TzlLN2NzdXQxM2NVU1QwaHoy?= =?utf-8?B?eEY0VjY4WXhGWC85Y0gyMC83Rk45VVdIV1h2c0N5QkhhMVMrV2ErVGwyRXBk?= =?utf-8?B?RFpXZkZucmF1bGhXYlR6V0dXOVhPL3NYZ1NyNmNpRnlKOU5FWnJYaEJGR1ZR?= =?utf-8?B?bHJFTkwyWlNWU1ZlYlhTTmtrZlh3SkRmZFdDbFdneU55UVNIVWhHYytMVHE0?= =?utf-8?B?dDF5RkhXd2ttTVUyVjVQd0JJS0kzL1pneHVrOWlrL2hBMDVOTitJMVNFQ3k3?= =?utf-8?B?R1g0T2R6MHZENmlkMXhpVDhtK1kyZ3FwV3o0cWtKZ2FZNzNieTkvWlMwL0RN?= =?utf-8?B?VGlQaVFDcnJGaWZqdXVnZDNpMWNHRmxJTlF1YTJNUmNWdFN2R0ZwVDdBNXdP?= =?utf-8?B?NUZBcmpZTjhrNmlKSlJLeHhoL0l2TEhPSUYxSG8xWTNLdmdCMkl3cWdKZVoz?= =?utf-8?B?YlgyUWxPeDJiZVhoRXJ6RmtUM1dLa0R1YXUveUFLMEhjb1BNN2VUU0VOc0VB?= =?utf-8?B?dHo1cVh3dzBhdU5DNkpPWFBDRVZQdzkvenFvRGdiTERjYStmMmRJdzRGaXJt?= =?utf-8?B?cjQ4N2RrMEN4NDVsWndreHVDc1lFQmFHa2RsSHBNVFZKdkNFaG1ranpCclFK?= =?utf-8?B?UnRYVVk1UFJ5RGk3Y0NRUnZEeUJqUURtQmtCRHU1SmhMYU9kZlhHaGxXdldr?= =?utf-8?B?dFV4ZUhEU1RVbXF3ZW9yME1LV044b21CYkE3aVdHRFVnbXByeEp4UmdIWmlM?= =?utf-8?B?TlhSRDRhd0Q1WEEyTW9pZzJVSzNibDZldjJ6SW5kNEhpWWt6T09NZ0VheGJl?= =?utf-8?B?RlFYWGQ0L1djN1VTcUpvRThaU1d4Zk9FQzNURXI5VWVpeFJyczgrdFNiaERC?= =?utf-8?B?VDVlc3JQUmtkbmd1ckh5b0IzRzhMejRIaU1HMjhFRUIvcndFVUUwTmVIWXBy?= =?utf-8?B?aHd4QmR4c1dkOHYwdTVYR3B5d3E2eDBjWTRQSTNoVVNrRnhVU1BKd2F1WW5W?= =?utf-8?B?cDZGUU1QVEpLNGRTalREeVprNEJqRkJFQXEzaGtZS2djTHdWbCtBRkh2aUNw?= =?utf-8?B?M01jdGZFVnVwYUpMOWQ2Z0JjWXpydjU3cmV4OXByakhvV2hvZmg2S2o1dm91?= =?utf-8?B?cTZqbTVTU3lCVjBCNDYwaGZiclRYa2szelFjeW5FSFRMakdGaG9oTk90d2VY?= =?utf-8?B?aWQwRGNIdXdwQ0ZvOXZKZEEyaEVzS09vQzFxOVBDK2wxbXMxeDJ2N1MrTE5u?= =?utf-8?B?c0pITWtpMXpnR0w2TE9oT0wzaWYwYW5GL0swTWNkTURHTXN0YnNPSlRQajBN?= =?utf-8?B?RUVvT2p6NW9ZMmk2Wlh6bERpcXVPQVN3MVE2c2FkYWFSODc1MGdZdEdXVUlQ?= =?utf-8?Q?eACAS9oLJA9I5oYuZlHE1XiS6EnEqxd+fo+GNUD?=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR0802MB2216
Original-Authentication-Results: sandelman.ca; dkim=none (message not signed) header.d=none; sandelman.ca; dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: VE1EUR03FT039.eop-EUR03.prod.protection.outlook.com
X-MS-Office365-Filtering-Correlation-Id-Prvs: b524b226-a575-4280-8b45-08d92446e773
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: u+71igXbG1da5MR7pVCg6+i/RkGbQdI7MdK/fFQcJ0udrd2/RfpAeIGgI9sLw6QmzNUVvsGdcnQJmkg0fsDayQ5TDOuP5SfdNRVBkIcB4tsQr1iKyoSupFWeO5g/MkCgL6UNBVW/Kx7K1zzqo5gSAIl+fS4ND83xIMJqxY+kip0dRIdiE+ygDjIa7DnMnNVNzxDESu6SlcJiPW5Y8pfLmfmFujEZototL81TPTLHmh0lRSgLB5s16lc+vLR0Y930bJE7KttP4938h4xBdHP8ZHYNH4zzpAgrhaYkwxBt0PWqvOXU4H4/nR1w6DJ1znu9do9bjkHZz10XfwFBnfiS9NL6iltaUkyQ/BN1Gkc/Z0XIMNr+4f8xCjZqsV0W5MREysPmO4SA3XtlELL7FTVsUby2azWlz/E1Hj9nb6Y3QlhvgubbLFSLdiguK6GGpSpXpzLJubPKnqdPWLE0gwsvovcZoUwxZfO5nw/v0/O4/MBKO85UXw6KzUWI4u3rN4/8LHAC+jIlvJ7phmMaGxKm30d7Cp16ZZ0t/TUZNJct94+DRE6BbmeF0ObHvORycd3hWbr51swXQztVQ6wTIQexB8m/0y3vUP702E8TJ91zoa5Yj3ZKP5SjSSJN1uKvuZbT84IJtSlwKG5rZanGp6JWMkZANr7mSuUBmBxhsoW/iguSlgrDqqYbGISdDWTBccDiJ4QBCKW/9wZzAUwGyxFPnQnSNRv1haatRuukbk8PKjxPWCdth8L70oyQXRtzABiyiPA8/nN7zUBZG//nfL0DKk4voCijOu1jwKVMheYeACB5ff8Xr/UOro0m0TPaUOYv
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(4636009)(136003)(346002)(376002)(396003)(39850400004)(36840700001)(46966006)(2906002)(5660300002)(26005)(55016002)(356005)(9686003)(8676002)(186003)(33656002)(53546011)(336012)(316002)(70206006)(36860700001)(6506007)(8936002)(70586007)(81166007)(82740400003)(86362001)(52536014)(478600001)(7696005)(966005)(82310400003)(66574015)(47076005)(83380400001)(110136005); DIR:OUT; SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 31 May 2021 15:15:27.8126 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 9cba4ce8-1726-419d-4cb7-08d92446ec44
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: VE1EUR03FT039.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR08MB7208
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/BG6dDL7ZRcN9LNWBV11c9ckBCJk>
Subject: Re: [Suit] suit-firmware-encryption-00
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 May 2021 15:15:36 -0000

Hi Michael,

Thanks for your quick feedback!

A few responses below.

-----Original Message-----
From: Suit <suit-bounces@ietf.org> On Behalf Of Michael Richardson
Sent: Thursday, May 27, 2021 2:37 AM
To: suit@ietf.org
Subject: [Suit] suit-firmware-encryption-00


I have read draft-tschofenig-suit-firmware-encryption-00 and I think that the WG should adopt it.  It fits within the charter as it is within what would have been done in the manifest document.

Some comments:

1) I found this sentence really awkward:
     In addition to offering protection against modification, which is
     provided by a digital signature or a message authentication code, the
     firmware image may also be confidentiality protected using
     encryption.

Maybe:
     the
     firmware image may also be afforded confidentiality using
     encryption.

[Hannes] Fixed.


2) "This might be done to protect
   confidential information or prevent discovery of vulnerabilities
   through reverse engineering."

   this screams security through obscurity.   I know that some people still
   think that this is important, so I guess I would just drop the claim.
   There are also some significant public policy issues around declining
   access to review and audit code, including defending against insertion
   of malware at the source, or by National Security Letter.
   (consider SolarWind situation)
   I would like some text in the Security Considerations about this.

[Hannes] There may be many reasons why encryption is useful but in the referenced sentence we have been thinking about ROP. I changed the text.

The issues you mention are also important but are probably unrelated to encryption itself. If you manage to compromise a company that is responsible for distributing software/firmware updates then there will be a problem.

I agree that there are also challenges with certification schemes that prevent developers from seeing the source code (or from publishing the source code). That's yet another issue.

3) Are the terms CEK and KEK from RFC3394?  I didn't find it there.
   I wonder how they play out as acronyms in languages without a soft-C
   sound... where both come out as "kay eh kay" (CEK) and "kay eh kay" (KEK)...
   It's bad enough in DNSSEC with Zee Ess Kay vs Zed Ess Kay...

[Hannes] Russ responded to this point and I added references.

4) "However, the COSE_recipient structure can contain the same CEK
   encrypted with many different KEKs if needed to reach all of the
   authorized recipients."

   This is exactly like how DVDCSS works, and how the dvdcss breach occured
   when a KEK was all zeros.  Something to think about.
   It seems that the HPKE version would not suffer from this mishap?

[Hannes] With HPKE this is not possible because the KEK is the DHE-derived key. With AES-KW you could still pick a KEY that consists of all zeros. You could also pick a CEK that consists of all zeros. I will add text to the security consideration section.


5) We had a discussion about how to have a complete CDDL during the meeting
   yesterday.   I think that this version has the complete CDDL shown?
   There isn't that much copy and pasted from 8152(bis), and I think it's
   clearer like it is.  It just needs to be noted what is coming from 8152.
   If 8152bis-bis *CHANGED* COSE_Encrypt in an incompatible way, then we'd
   still be pointing at 8152bis until we updated this document.

[Hannes] I have followed the suggestion Henk provided at the last IETF meeting and copied the CDDL from COSE and then removed the parts that are not needed by this specification. When Russ reviewed the CDDL he made further suggestions on how to improve the structure because the nested structure (whereby the same names are used for the structures) made it difficult to refer to the relevant elements.

6) should the pseudo-code in section 4, starting with "CEK = random()", be a
   figure?

[Hannes] Fixed.

7) irtf-cfrg-hpke says it is in state awaiting IRSG reviews.   Does that mean
   it is close to being published?

[Hannes] I thought so. In any case, the spec is being used by MLS and TLS ESNI for which running code already exists.

8) The new HPKE methods defines here might be generally useful outside of
   firmware-encryption.   I don't propose to change the document in a way to
   make it generic, but are there any applicability that we need to import?

[Hannes] Yes, that's true. Maybe we should extract the HPKE-part. Need to think about it a bit more...

9) Given that:
   "Both cases require some upfront communication interaction, which is
   not part of the SUIT manifest."

   do we need to say anything about this communication?

[Hannes] We say something about it in the architecture document. I have added a reference.

   Can an ECDH be part of an IDevID?

[Hannes] You should be able to answer that question...

   Would manufacturers be tempted to use the same ECDH in every device?
   In all devices made on a particular day?

[Hannes] No, I don't think so. I would assume that manufacturers are going to provision these keys in the factory to the device (like they would do with other keys as well).

Ciao
Hannes

PS: Here is the updated draft:
Htmlized:       https://datatracker.ietf.org/doc/html/draft-tschofenig-suit-firmware-encryption
Diff:           https://www.ietf.org/rfcdiff?url2=draft-tschofenig-suit-firmware-encryption-01


--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [











--
Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide




IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.8.7 | Report a Bug | By Email