IETF Logo Mail Archive

Re: [Suit] SUIT rechartering: proposed text

Michael Richardson <mcr+ietf@sandelman.ca> Tue, 13 July 2021 01:06 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 890B63A0C8A for <suit@ietfa.amsl.com>; Mon, 12 Jul 2021 18:06:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bVUSASFFZWvb for <suit@ietfa.amsl.com>; Mon, 12 Jul 2021 18:06:43 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A8F3A3A0C83 for <suit@ietf.org>; Mon, 12 Jul 2021 18:06:43 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 99AD538B30; Mon, 12 Jul 2021 21:09:32 -0400 (EDT)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 6CtKV934q9wR; Mon, 12 Jul 2021 21:09:28 -0400 (EDT)
Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id D40AD38B2A; Mon, 12 Jul 2021 21:09:27 -0400 (EDT)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id B05E894B; Mon, 12 Jul 2021 21:06:35 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Russ Housley <housley@vigilsec.com>, suit <suit@ietf.org>
In-Reply-To: <6FC3F38A-B067-4180-ACD9-A121162EA459@vigilsec.com>
References: <66D84CE5-22E6-44F0-8239-8A5832326219@arm.com> <3E7D5E5B-03EE-4EDD-A951-FB119F72DDE8@arm.com> <16339.1613515194@localhost> <E4B87013-1498-463F-98C0-5FF13344C3EA@arm.com> <6FC3F38A-B067-4180-ACD9-A121162EA459@vigilsec.com>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Mon, 12 Jul 2021 21:06:35 -0400
Message-ID: <26718.1626138395@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/FfRS9urDBSK4Up79h7spoLA71fg>
Subject: Re: [Suit] SUIT rechartering: proposed text
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Jul 2021 01:06:50 -0000

Russ Housley <housley@vigilsec.com> wrote:
    > Putting the text provided by Brendan and a bit of context to the work
    > that has alrady been done by the WG, I propose the following re-charter
    > text.

I guess my only comment is that the wording and the tense does not reflect
the work that has already been done.

    } The SUIT WG has focused on defining a firmware update solution,
    } that took into account learnings from RFC 4108 and other proprietary
    } firmware update solutions. The solution is usable on Class 1 (as defined
    } in RFC 7228) devices, i.e., devices with ~10 KiB RAM and ~100 KiB
    } flash.  The solution easily applies to more capable devices as well.  The
    } SUIT WG has not defined any new transport or discovery mechanisms, but
    } is still considering how to use existing mechanisms within the architecture.

...

    > The SUIT WG was already completed work on two documents: * An IoT
    > firmware update architecture that includes a description of the
    > involved entities, security threats, and assumptions.  * An information
    > model for the SUIT manifest.

    } Now that the information model is complete, and the SUIT WG has
    } selected the CBOR serialization formats and the associated COSE
    } cryptographic mechanisms to encode the SUIT manifest, the SUIT WG will
    } now consider a small number of additional formats in the future.
    } However, to reduce the complexity of a firmware management solution, a very
    } small number of formats is preferred. To support a wide range of
    } deployment scenarios, the formats have been designed to be expressive enough
    } to allow the use of different firmware sources and permission models.

no change:
    > The SUIT WG does not aim to create a standard for a generic application
    > software update mechanism, but instead the SUIT WG focus on firmware
    > development practices in the embedded industry. Software update
    > solutions that target updating software other than the firmware
    > binaries (e.g., applications) are also out of scope.

    > To support the SUIT manifest format, the SUIT WG will also define
    > formats and protocols that enable a Status Tracker to determine if a
    > particular manifest could be successfully deployed to a device and
    > determine if an operation was successful.

:
    > The SUIT WG will specify names or numbers will enable the use of SUIT
    > manifests, their precursors, and their successors within existing or
    > future protocols.

I don't know what this means anymore.

    } The SUIT WG continutes to maintain a close relationship with silicon
    } vendors and OEMs that develop IoT operating systems.

    > The SUIT WG aims to publish several additional documents, namely: * A
    > SUIT manifest format specification using CBOR.  * A firmware encryption
    > specification for use with SUIT manifests.  * A secure for IoT device
    > to reporting on firmware update status.  * A SUIT manifest extension to
    > include a MUD file as defined in RFC 8520.

Maybe past tense for some of these?

I think that at this point, we need some explanation of why the WG isn't done
yet.

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [


--
Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide

v2.23.0 | Report a Bug | By Email