IETF Logo Mail Archive

Re: [Suit] SUIT rechartering: proposed text

Michael Richardson <mcr+ietf@sandelman.ca> Fri, 05 November 2021 18:02 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 233BD3A140E for <suit@ietfa.amsl.com>; Fri, 5 Nov 2021 11:02:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4FeagpweXfms for <suit@ietfa.amsl.com>; Fri, 5 Nov 2021 11:02:08 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EFB643A143E for <suit@ietf.org>; Fri, 5 Nov 2021 11:01:40 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 68B2118169; Fri, 5 Nov 2021 14:03:19 -0400 (EDT)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id TTqptwt64uXl; Fri, 5 Nov 2021 14:03:17 -0400 (EDT)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id E912E18175; Fri, 5 Nov 2021 14:03:16 -0400 (EDT)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 14385C7D; Fri, 5 Nov 2021 14:01:36 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Roman Danyliw <rdd@cert.org>, suit <suit@ietf.org>
In-Reply-To: <BN1P110MB09392FD7D48EA9BC8990E76EDC8E9@BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM>
References: <66D84CE5-22E6-44F0-8239-8A5832326219@arm.com> <3E7D5E5B-03EE-4EDD-A951-FB119F72DDE8@arm.com> <16339.1613515194@localhost> <E4B87013-1498-463F-98C0-5FF13344C3EA@arm.com> <6FC3F38A-B067-4180-ACD9-A121162EA459@vigilsec.com> <26718.1626138395@localhost> <MN2PR09MB4841BA0A0CC978E70A09A509F0119@MN2PR09MB4841.namprd09.prod.outlook.com> <67F117E7-28F2-45F3-BC4C-AC8116BCB69F@vigilsec.com> <SN6PR2101MB0943178F1E627E78A1343AE8A3E59@SN6PR2101MB0943.namprd21.prod.outlook.com> <50B65F80-808D-4591-9D4D-2346796DA204@vigilsec.com> <1944E3C3-9348-4574-AE26-4133BFD932B0@vigilsec.com> <CH2PR21MB1464AC4D50A932EC45A3B369A3EF9@CH2PR21MB1464.namprd21.prod.outlook.com> <3944F4E6-9644-4D23-9DB0-B0AC0490AB51@vigilsec.com> <A460F3FC-0EC6-4B8F-9D8C-D40AC841E602@arm.com> <20192.1628612087@localhost> <CAN40gSsvPrnMzUrQASo7nmJJKYGjNm=GNtOd9v9+a7Ni1waCCQ@mail.gmail.com> <CH2PR21MB1464E5F803ED4E22B6D90DD3A3F79@CH2PR21MB1464.namprd21.prod.outlook.com> <2002841D-85D6-41AB-B214-963174485119@vigilsec.com> <8 A3FC35F-E993-4899-9213-A2DCA8D1F857@vigilsec.com> <14164.1635718187@localhost> <CH2PR21MB1464F4A4AF1CA934E80AD3EAA3899@CH2PR21MB1464.namprd21.prod.outlook.com> <28736.1635721372@localhost> <BN1P110MB09392FD7D48EA9BC8990E76EDC8E9@BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Fri, 05 Nov 2021 14:01:36 -0400
Message-ID: <20325.1636135296@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/CWIH-FWab2dP4qUYNshwtb6sXIE>
Subject: Re: [Suit] SUIT rechartering: proposed text
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Nov 2021 18:02:19 -0000

Roman Danyliw <rdd@cert.org> wrote:
    >> -----Original Message-----
    >> From: Suit <suit-bounces@ietf.org> On Behalf Of Michael Richardson
    >> Sent: Sunday, October 31, 2021 7:03 PM
    >> To: suit <suit@ietf.org>
    >> Subject: Re: [Suit] SUIT rechartering: proposed text
    >>
    >>
    >> Dave Thaler <dthaler@microsoft.com> wrote:
    >> > To respond to Michael: As for report on firmware update status,
    >> > we have https://datatracker.ietf.org/doc/draft-ietf-suit-report/
    >> > which is already a WG document.
    >>
    >> This is a data format, but lacks a transport, or a security model.
    >>
    >> I think that it should be interacting with (i.e. being embedded in) the RATS
    >> integration and/or the SBOM report in order for this to get signed.

    > Is that a charter or document feedback?

Good question.

We have two transport issues: getting images to devices, and getting status
back from the devices.

The architecture document speaks of status trackers as well as distribution
systems, and I understand that in some deployments this is already a
thing. In other places, there is nothing. (or nothing standard)

draft-ietf-suit-report provides a standard content for reporting.
It does not provide a transport to communicating that report to a status tracker.

The ICN work that I mentioned in the thread is a really good standards based
greenfield solution for distribution.   We should adopt that work and
standardize it as an option for those who have nothing else.
At the other end of the spectrum, we'll have devices that will do https:// to
the cloud to yank their image.

Many people would like some intermediate situations to save bandwidth and
speed up deployment:  it could be as simple as HTTP-authenticated https:
proxy to a port 3128 squid3 cache.

Even with all that work, we are lacking a standard status tracker and
transport for this suit-report.

So you are asking: is the problem that the charter isn't simple enough that
suit-report would satisfy it, or is suit-report not tall enough to satisfy
the charter.

My opinion is neither: there is a document missing, and perhaps the charter
needs to more explicitely say that.

--
Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide

v2.23.0 | Report a Bug | By Email