Re: [Suit] HR Review: Firmware Update Architecture for IoT Devices
David Brown <david.brown@linaro.org> Wed, 11 July 2018 23:58 UTC
Return-Path: <david.brown@linaro.org>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E1C1130E73 for <suit@ietfa.amsl.com>; Wed, 11 Jul 2018 16:58:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=linaro.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WUusfg7BPXAK for <suit@ietfa.amsl.com>; Wed, 11 Jul 2018 16:58:15 -0700 (PDT)
Received: from mail-io0-x234.google.com (mail-io0-x234.google.com [IPv6:2607:f8b0:4001:c06::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 585F5124BE5 for <suit@ietf.org>; Wed, 11 Jul 2018 16:58:15 -0700 (PDT)
Received: by mail-io0-x234.google.com with SMTP id q9-v6so26158647ioj.8 for <suit@ietf.org>; Wed, 11 Jul 2018 16:58:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:content-transfer-encoding:in-reply-to :user-agent; bh=drRegDy4OFUpsNmKYxmVMCQ3m5/kPTjocdXhM6i5v70=; b=Ol6MO9O6l1Vz8gTD6Mde3QuBM+rR1+jEsb20ehGIStx9O38KHeDI8/FxmkUc1DHSi/ 7DZBO8EPtPDuU8n3wUbLkKzHyWFJuJ+gJZ47uJhXtW1yoRxw2A/Ji4+GBorBDWtBK/Es jO3G3Apvoa57uykM832HqcRHtbc+kPxWKeedc=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:content-transfer-encoding :in-reply-to:user-agent; bh=drRegDy4OFUpsNmKYxmVMCQ3m5/kPTjocdXhM6i5v70=; b=IOIy8snE2th7hwGPW7vn/FHG766sKbNrNBL2q0nW54gj0sqcNUx7GH3LNKCY9ctDfc fwxlD6cmx6vZ/tmYRUQDRy5Zmdx8wI6B+uK1YbRLobv2tigpn1Qw3iya/A1/tRrc+TTQ Xnzt4ef0Gi0PcHpaiFNdS/3tHT1FRN+MuAKsROgwyOLmu1XKC3hJh/q66YLKO+szq/Jh FLLCPIHtUL/fbfYnDt38xSZzf/r7no4Ay9KP7AQ8mnm+VwdvNBkfqNmA8ZjS/boqkL2L S/aAbHRx4nYiOleaixBRZdeujDlEi6kvVWpnCi7I8ib8Cs9aEyzDQ2LpvFBJH3vrtmxE lWRg==
X-Gm-Message-State: AOUpUlEF2zPd53vp/tRLdE6Dl9U6vJsHSXBSB5b+FcoYlrmyhfpm4EVu 0AUm8NcrXSN08l8XEF3c/6vwPiVvU+I=
X-Google-Smtp-Source: AAOMgpcYb8Nv8NxmwI6IBFgxRp2MuzK9Vaax4YdvPq6n1pgTl6T/Twan2YAtrFSl2Mg4mO1+wk9RWA==
X-Received: by 2002:a5e:df42:: with SMTP id g2-v6mr903555ioq.327.1531353494599; Wed, 11 Jul 2018 16:58:14 -0700 (PDT)
Received: from davidb.org ([2601:283:4300:987c:6245:cbff:fe6d:5400]) by smtp.gmail.com with ESMTPSA id r20-v6sm5642213iog.85.2018.07.11.16.58.13 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 11 Jul 2018 16:58:14 -0700 (PDT)
Date: Wed, 11 Jul 2018 17:58:12 -0600
From: David Brown <david.brown@linaro.org>
To: Gurshabad Grover <gurshabad@cis-india.org>
Cc: suit@ietf.org, hrpc@irtf.org, Sandeep Jha <sandeepkjha18@gmail.com>
Message-ID: <20180711235812.GB20649@davidb.org>
References: <11993b06-5da6-e397-3457-de6ecec87bb4@cis-india.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <11993b06-5da6-e397-3457-de6ecec87bb4@cis-india.org>
User-Agent: Mutt/1.9.4 (2018-02-28)
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/DmkTTf0v7FhE5cUcARrPOhkWrLU>
Subject: Re: [Suit] HR Review: Firmware Update Architecture for IoT Devices
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Jul 2018 23:58:18 -0000
On Thu, Jul 12, 2018 at 03:00:48AM +0530, Gurshabad Grover wrote: >#Additional suggestions > >Section 3.9 of [SUIT-ARCH] talks about multiple authorizations wherein >an unnecessary distinction has been made between critical infrastructure >and non-critical infrastructure. Even in non-critical infrastructure, >operators would want to the ability to install updates according to >their own preferences. In such scenarios, forced installations may >violate user’s control of the device. Accordingly, we propose that the >device operator SHOULD have the authority to accept or reject firmware >updates. This depends a lot on who the device operator is referring to. From a security perspective, the vendor may wish to make certain types of security updates mandatory. As stated earlier, for devices say in a factory, or installed on a water meter, it is unclear who the device operator is. An organization installing water meeting IoT devices is unlikely to allow the individual consumers of water to have any authority as to whether firmware is installed. Realistically, calling this mandatory in the spec would mostly just result in that criteria of the spec being ignored. One challenge with SUIT, in general, is that those producing these end-use devices have little motivation to comply with the spec. The benefits gained to them are resources (such as reference code) and infrastructure that wouldn't have to be implemented. They have little reason to not modify any behavior of the code that doesn't suit their own requirements. Although there may be good reasons to desire that decisions like this be granted to certain parties, the SUIT documents have little authority for enforce them. David
- [Suit] HR Review: Firmware Update Architecture fo… Gurshabad Grover
- Re: [Suit] HR Review: Firmware Update Architectur… Dave Thaler
- Re: [Suit] HR Review: Firmware Update Architectur… David Brown
- Re: [Suit] HR Review: Firmware Update Architectur… David Brown
- Re: [Suit] HR Review: Firmware Update Architectur… Gurshabad Grover
- Re: [Suit] HR Review: Firmware Update Architectur… Gurshabad Grover
- Re: [Suit] HR Review: Firmware Update Architectur… Kvamtrø
- Re: [Suit] HR Review: Firmware Update Architectur… Russ Housley
- Re: [Suit] HR Review: Firmware Update Architectur… Gurshabad Grover
- Re: [Suit] HR Review: Firmware Update Architectur… Brendan Moran
- Re: [Suit] HR Review: Firmware Update Architectur… Gurshabad Grover