Re: [Suit] draft-ietf-suit-architecture-01

David Brown <david.brown@linaro.org> Tue, 03 July 2018 15:59 UTC

Return-Path: <david.brown@linaro.org>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 19393130F17 for <suit@ietfa.amsl.com>; Tue, 3 Jul 2018 08:59:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.989
X-Spam-Level:
X-Spam-Status: No, score=-1.989 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=linaro.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pjVWmt00fh4d for <suit@ietfa.amsl.com>; Tue, 3 Jul 2018 08:59:20 -0700 (PDT)
Received: from mail-io0-x232.google.com (mail-io0-x232.google.com [IPv6:2607:f8b0:4001:c06::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CF875130F50 for <suit@ietf.org>; Tue, 3 Jul 2018 08:59:12 -0700 (PDT)
Received: by mail-io0-x232.google.com with SMTP id r24-v6so2180615ioh.9 for <suit@ietf.org>; Tue, 03 Jul 2018 08:59:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=user-agent:date:subject:from:to:message-id:thread-topic:references :in-reply-to:mime-version; bh=Pqw5fIyeUXibV3Dq3yRmvzEapmmLz2nYw64qe6xX9eQ=; b=IF2NF7TM/2Sh2HNdzmoa6PYpEBHqRxONALcj/Y6ZzhVXe9x7SG5xfh9ZOlA+/AQAES N62/FNquB0xLdnZfhuMPhcqurwIgfKAIIbUFiE9EFzSBwxqTvIoxW7Wa6ykvWWXRxYOo 0Y7IvFSmqgyYqlQDVx4epV9kh7rLXdDNroX8s=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:user-agent:date:subject:from:to:message-id :thread-topic:references:in-reply-to:mime-version; bh=Pqw5fIyeUXibV3Dq3yRmvzEapmmLz2nYw64qe6xX9eQ=; b=cL2qd0GTUbwFa2nnoyGOvrwCJAcjlBWycSDiKfuYVCEH+7Ik9IKyQTCl/7Od3vFfGu hCbv3T6naO0eWHvyC1lai586soMlyLuyAX/a0xBuq4WZJvh3+eNDyFA8QoNMecTEMsnS sS9RA94rrcyimFRd0zAbCuipV4BXRpUTQ5WDh4lp7DtVeMyOe4hYCOCkzCEE/hxNhboX 65WzwdUHV3bt7xTzED546rJkVqEO7dVV0aIk9LoguKcaMO0QkH0TanrDSf1N4ozAQtc5 2iH2DcKrVTJkSN6wDCPWrhU2xK7VgtJHEFSpE+pXe+qi5Aekv0ZycZh8uasQX+0veYDE 8zqg==
X-Gm-Message-State: APt69E1KhBM+zDceARM55okbIGZn0E2pcvIexCQ7H2Ea4CuqLdnrMd5j zAdp0+14NgU/feR5OVElQOgMXlvjdEU=
X-Google-Smtp-Source: AAOMgpeRwe5Q4zfL3bW+bNoNkTVMj74AD7VT7QBlCXpDwXUsYUknjFjQ0RzOamJFuhbnVlzfpKXbEw==
X-Received: by 2002:a6b:5b0b:: with SMTP id v11-v6mr12115089ioh.39.1530633551868; Tue, 03 Jul 2018 08:59:11 -0700 (PDT)
Received: from [10.0.1.3] ([2601:283:4300:987c:f101:524c:be51:e7ad]) by smtp.gmail.com with ESMTPSA id u132-v6sm908344itb.20.2018.07.03.08.59.11 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 03 Jul 2018 08:59:11 -0700 (PDT)
User-Agent: Microsoft-MacOutlook/10.e.1.180613
Date: Tue, 03 Jul 2018 09:59:10 -0600
From: David Brown <david.brown@linaro.org>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, Denis <denis.ietf@free.fr>, "suit@ietf.org" <suit@ietf.org>
Message-ID: <CD3C4129-5F07-406A-B688-ECF773B4371C@linaro.org>
Thread-Topic: [Suit] draft-ietf-suit-architecture-01
References: <VI1PR0801MB2112A08944328EE625D4DE5CFA430@VI1PR0801MB2112.eurprd08.prod.outlook.com> <ec04d5da-0b76-f4d7-c548-e69579530856@free.fr> <VI1PR0801MB21127B3F43736CA592FD52B5FA420@VI1PR0801MB2112.eurprd08.prod.outlook.com>
In-Reply-To: <VI1PR0801MB21127B3F43736CA592FD52B5FA420@VI1PR0801MB2112.eurprd08.prod.outlook.com>
Mime-version: 1.0
Content-type: multipart/alternative; boundary="B_3613456751_1025036741"
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/Hs1KEGfhs53eNqOhnw344EW8Fxw>
Subject: Re: [Suit] draft-ietf-suit-architecture-01
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Jul 2018 15:59:26 -0000

I had an interesting conversation with someone building a device (a battery powered device, where network traffic is expensive). When they update the firmware, they keep the previous version around, and have an ability to roll back to that version in case there are issues.

 

I presented the argument that the correct answer is to re-release the older firmware, with a new higher monotonic value. Their counterargument was that this was costly in terms of power, because it requires the image to be resent.

 

I think the best answer here is to have them issue a new manifest that describes this old image (the one kept around), that has a new monotonic value. That way, only the manifest has to be sent (something has to be sent to tell the device to revert the image anyway). I think this model is covered in our current docs, since we don’t really define how a “built-in” image is referred to.

 

But, this does make me realize that there are times that things can be spelled out clearly, usually for security reasons, that end up getting disabled due to what someone thinks is a practical reason. I agree that preventing rollback is important for security, but I’ve found myself arguing against these practical cases multiple times.

 

I wonder if it would be worth writing up a use case to capture this particular revert case, and how that can be addressed with the model we currently have.

 

David

 

From: Suit <suit-bounces@ietf.org> on behalf of Hannes Tschofenig <Hannes.Tschofenig@arm.com>
Date: Tuesday, July 3, 2018 at 8:59 AM
To: Denis <denis.ietf@free.fr>, "suit@ietf.org" <suit@ietf.org>
Subject: Re: [Suit] draft-ietf-suit-architecture-01

 

Hi Denis, 

 

I think the risk of installing an old firmware version is covered in the information model document, which goes into the details of what a manifest has to contain. See Section 3.2.1 of https://tools.ietf.org/html/draft-ietf-suit-information-model-01

 

There are essentially three types of documents the working group is aiming to produce: an architecture document, the information model for the manifest and one or multiple serialization formats. You have been looking at the architecture but the appropriate document to read is the information model spec. 

 

Ciao

Hannes

 

From: Suit [mailto:suit-bounces@ietf.org] On Behalf Of Denis
Sent: 03 July 2018 11:59
To: suit@ietf.org
Subject: Re: [Suit] draft-ietf-suit-architecture-01

 

Hannes,

It is well known that software updates are often done to address a security issue. The same applies 
to firmware updates. The current draft is lacking to address protections against the downloading of 
an old firmware version. The threat should be mentioned in the security considerations section.

The main body of the document should mention mechanisms to prevent the replay of an old version 
of the firmware.

Denis



Hi all, 

 

I have just submitted version -01 of the architecture document. I have incorporate feedback from the working group, such as 
New terminology, 
Updates on the operating modes 
New architecture figures, 
New use cases (by David Brown)
 

Here is the new version: 

https://tools.ietf.org/html/draft-ietf-suit-architecture-01

 

Here is the diff: 

https://tools.ietf.org/rfcdiff?url2=draft-ietf-suit-architecture-01.txt

 

Feedback is appreciated. 

 

Ciao

Hannes

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. 



_______________________________________________
Suit mailing list
Suit@ietf.org
https://www.ietf.org/mailman/listinfo/suit
 

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. _______________________________________________ Suit mailing list Suit@ietf.org https://www.ietf.org/mailman/listinfo/suit