[Suit] Martin Duke's No Objection on draft-ietf-suit-architecture-14: (with COMMENT)
Martin Duke via Datatracker <noreply@ietf.org> Wed, 28 October 2020 20:46 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: suit@ietf.org
Delivered-To: suit@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 09B953A0AF6; Wed, 28 Oct 2020 13:46:50 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Martin Duke via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-suit-architecture@ietf.org, suit-chairs@ietf.org, suit@ietf.org, Russ Housley <housley@vigilsec.com>, housley@vigilsec.com
X-Test-IDTracker: no
X-IETF-IDTracker: 7.21.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Martin Duke <martin.h.duke@gmail.com>
Message-ID: <160391800951.12311.11084767911661234444@ietfa.amsl.com>
Date: Wed, 28 Oct 2020 13:46:50 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/FyNFEvScfQo8oyc5FzW4lnIbSMg>
Subject: [Suit] Martin Duke's No Objection on draft-ietf-suit-architecture-14: (with COMMENT)
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Oct 2020 20:46:52 -0000
Martin Duke has entered the following ballot position for draft-ietf-suit-architecture-14: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-suit-architecture/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thank you for engaging with the TSVART review. I think Bob's criticism that certain aspects of what is critical, vs. nice-to-have are ambiguous. For example, in Section 1: "The firmware update process has to ensure that - The firmware image is authenticated and integrity protected. Attempts to flash a maliciously modified firmware image or an image from an unknown, untrusted source must be prevented. In examples this document uses asymmetric cryptography because it is the preferred approach by many IoT deployments. The use of symmetric credentials is also supported and can be used by very constrained IoT devices. - The firmware image can be confidentiality protected so that attempts by an adversary to recover the plaintext binary can be mitigated or at least made more difficult. Obtaining the firmware is often one of the first steps to mount an attack since it gives the adversary valuable insights into the software libraries used, configuration settings and generic functionality. Even though reverse engineering the binary can be a tedious process modern reverse engineering frameworks have made this task a lot easier." The construction of this excerpt suggests that confidentiality is mandatory, but I gather from the thread that it is not. If it is mandatory, than please change the second bullet to read "The firmware image is confidentiality protected..." If it is not mandatory, I would just combine the first bullet and the opening clause, and make the second bullet an independent paragraph.
- [Suit] Martin Duke's No Objection on draft-ietf-s… Martin Duke via Datatracker