Re: [Suit] draft-ietf-suit-architecture-01
Hannes Tschofenig <Hannes.Tschofenig@arm.com> Wed, 18 July 2018 11:37 UTC
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5CC98130E0F for <suit@ietfa.amsl.com>; Wed, 18 Jul 2018 04:37:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4qnvKu_I_2PZ for <suit@ietfa.amsl.com>; Wed, 18 Jul 2018 04:37:53 -0700 (PDT)
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-he1eur01on0630.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe1e::630]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AD102130E15 for <suit@ietf.org>; Wed, 18 Jul 2018 04:37:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tx8dl6D7hUcsr2z5aASAfUJF1/qhhSJokBqg7zsey/8=; b=FYvPJTS39UELmJ1WW9KU14ph6IG+f/PX8Vvn6P1B5wYY4clfEowxC+1DiOCRLs3j15zMzVpz44mqpKel1T/3Fu/fBf4L0wl0yLyj4QP/YhyiKXYipkmC/aqqfD8XOZm+snX8y5bpr5o4i8lvTSvMHZmTsZD8tSFclovzuMrIOEk=
Received: from VI1PR0801MB2112.eurprd08.prod.outlook.com (10.173.75.16) by VI1PR0801MB1565.eurprd08.prod.outlook.com (10.167.210.155) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.952.18; Wed, 18 Jul 2018 11:37:49 +0000
Received: from VI1PR0801MB2112.eurprd08.prod.outlook.com ([fe80::3549:bcde:85fc:e3db]) by VI1PR0801MB2112.eurprd08.prod.outlook.com ([fe80::3549:bcde:85fc:e3db%10]) with mapi id 15.20.0952.021; Wed, 18 Jul 2018 11:37:49 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Denis <denis.ietf@free.fr>, "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] draft-ietf-suit-architecture-01
Thread-Index: AdQSN1i2C+DHj0ciRqGC4Jr4K4DFEwAfRaCAAApbDoAAJG/XAALGnTgQ
Date: Wed, 18 Jul 2018 11:37:48 +0000
Message-ID: <VI1PR0801MB2112BEE239B0BCAF93978C70FA530@VI1PR0801MB2112.eurprd08.prod.outlook.com>
References: <VI1PR0801MB2112A08944328EE625D4DE5CFA430@VI1PR0801MB2112.eurprd08.prod.outlook.com> <ec04d5da-0b76-f4d7-c548-e69579530856@free.fr> <VI1PR0801MB21127B3F43736CA592FD52B5FA420@VI1PR0801MB2112.eurprd08.prod.outlook.com> <fb5f56bb-9779-2ac6-8211-58947c7e0ae4@free.fr>
In-Reply-To: <fb5f56bb-9779-2ac6-8211-58947c7e0ae4@free.fr>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com;
x-originating-ip: [31.133.157.45]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; VI1PR0801MB1565; 7:yDnloARzh0BNgiMDhhy2kDoUtQ5HMmVIN9+aBzYz5viFonWxcTKTzBFLMyFoPBWWVunDgQ5XGPTkpv41hGNBk6Y7vRYd84INnDjAItAEeyJ8P6imcvJPHHVaJcZ+GOllqxUWWAph3HPsUrJap5/uyeFhDGWWub+llY8PiOjK0026IkiKAZcAfrTY3nwdmb69UqgTnu3ElOYQHufdoSGUj/dQI8o4JVhp7QOU6EkLZ0E+MlX+0mvdmnjSjgjDcd+2
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 7ddae194-c597-4109-db5a-08d5eca2e3af
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:(223705240517415); BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989117)(5600053)(711020)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(48565401081)(2017052603328)(7153060)(7193020); SRVR:VI1PR0801MB1565;
x-ms-traffictypediagnostic: VI1PR0801MB1565:
x-microsoft-antispam-prvs: <VI1PR0801MB1565405C8670A06AB039BCFBFA530@VI1PR0801MB1565.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(191636701735510)(192374486261705)(223705240517415)(21748063052155);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(3231311)(944501410)(52105095)(10201501046)(93006095)(93001095)(3002001)(6055026)(149027)(150027)(6041310)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123560045)(20161123558120)(6072148)(201708071742011)(7699016); SRVR:VI1PR0801MB1565; BCL:0; PCL:0; RULEID:; SRVR:VI1PR0801MB1565;
x-forefront-prvs: 0737B96801
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(396003)(136003)(39860400002)(346002)(366004)(376002)(53754006)(189003)(199004)(40434004)(476003)(5660300001)(966005)(4000630100001)(25786009)(106356001)(72206003)(66066001)(86362001)(53936002)(105586002)(6246003)(256004)(55016002)(6306002)(9686003)(14444005)(6436002)(236005)(54896002)(99286004)(229853002)(5250100002)(14454004)(11346002)(478600001)(2501003)(5024004)(486006)(790700001)(110136005)(93886005)(74316002)(3846002)(6116002)(7736002)(33656002)(8936002)(102836004)(316002)(81166006)(8676002)(81156014)(2900100001)(68736007)(2906002)(26005)(7696005)(6506007)(186003)(53546011)(76176011)(606006)(446003)(97736004)(15866825006); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR0801MB1565; H:VI1PR0801MB2112.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: jc32tQyEBs0N+LYBh2Qlkq5Z8YTDp88UYkkJmfzm4AG/bCNG4VykUiQXBdcGixUvAGiCnb5pYBa1kzEPdpMrzpE8mkZnjEp+ojiLsFNn9aeTm3d6y58xQxJs2o3FEFKtqUA6zCbUaFZ7JTMF/RAsy0cBLHl3jmggreqr1vU0mkf194wjAa+0zdQ+8DvVgIEsFOUCIOgyWHnUWej/EXIbmx4NluSYPTv57pMxz6YV5DIrgIU6bSwgJM8X44ljoaoskkRqmWGnpiHzNjdv7PCZIY8h6K84n/p2ZQBIXFrxqHUJqCXqeVLBlELgqIHAehSKnJbPtJA6PDnS/FelrVN7GRRrYQjrJthc0t9qlEqquBo=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_VI1PR0801MB2112BEE239B0BCAF93978C70FA530VI1PR0801MB2112_"
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 7ddae194-c597-4109-db5a-08d5eca2e3af
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Jul 2018 11:37:49.0462 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0801MB1565
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/A26AjBEHtOfro2GwRWIu98jPcfs>
Subject: Re: [Suit] draft-ietf-suit-architecture-01
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Jul 2018 11:37:59 -0000
Good idea. I will do that. From: Denis [mailto:denis.ietf@free.fr] Sent: 04 July 2018 04:19 To: Hannes Tschofenig; suit@ietf.org Subject: Re: [Suit] draft-ietf-suit-architecture-01 Hannes, In the security considerations section, it would be worthwhile to indicate that the threats are addressed in details in section 3.2 (Threat Descriptions) from [I-D.ietf-suit-information-model]. Denis Hi Denis, I think the risk of installing an old firmware version is covered in the information model document, which goes into the details of what a manifest has to contain. See Section 3.2.1 of https://tools.ietf.org/html/draft-ietf-suit-information-model-01 There are essentially three types of documents the working group is aiming to produce: an architecture document, the information model for the manifest and one or multiple serialization formats. You have been looking at the architecture but the appropriate document to read is the information model spec. Ciao Hannes From: Suit [mailto:suit-bounces@ietf.org] On Behalf Of Denis Sent: 03 July 2018 11:59 To: suit@ietf.org<mailto:suit@ietf.org> Subject: Re: [Suit] draft-ietf-suit-architecture-01 Hannes, It is well known that software updates are often done to address a security issue. The same applies to firmware updates. The current draft is lacking to address protections against the downloading of an old firmware version. The threat should be mentioned in the security considerations section. The main body of the document should mention mechanisms to prevent the replay of an old version of the firmware. Denis Hi all, I have just submitted version -01 of the architecture document. I have incorporate feedback from the working group, such as * New terminology, * Updates on the operating modes * New architecture figures, * New use cases (by David Brown) Here is the new version: https://tools.ietf.org/html/draft-ietf-suit-architecture-01 Here is the diff: https://tools.ietf.org/rfcdiff?url2=draft-ietf-suit-architecture-01.txt Feedback is appreciated. Ciao Hannes IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. _______________________________________________ Suit mailing list Suit@ietf.org<mailto:Suit@ietf.org> https://www.ietf.org/mailman/listinfo/suit IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
- [Suit] draft-ietf-suit-architecture-01 Hannes Tschofenig
- Re: [Suit] draft-ietf-suit-architecture-01 Brendan Moran
- Re: [Suit] draft-ietf-suit-architecture-01 Denis
- Re: [Suit] draft-ietf-suit-architecture-01 Hannes Tschofenig
- Re: [Suit] draft-ietf-suit-architecture-01 David Brown
- Re: [Suit] draft-ietf-suit-architecture-01 Hannes Tschofenig
- Re: [Suit] draft-ietf-suit-architecture-01 Denis
- Re: [Suit] draft-ietf-suit-architecture-01 Brendan Moran
- Re: [Suit] draft-ietf-suit-architecture-01 David Brown
- Re: [Suit] draft-ietf-suit-architecture-01 Hannes Tschofenig
- Re: [Suit] draft-ietf-suit-architecture-01 Michael Richardson