Re: [Suit] SUIT Architecture document review

Dave Thaler <dthaler@microsoft.com> Tue, 08 October 2019 23:34 UTC

Return-Path: <dthaler@microsoft.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8435D120046 for <suit@ietfa.amsl.com>; Tue, 8 Oct 2019 16:34:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I8EzX-uS0AP4 for <suit@ietfa.amsl.com>; Tue, 8 Oct 2019 16:33:59 -0700 (PDT)
Received: from NAM01-BN3-obe.outbound.protection.outlook.com (mail-eopbgr740121.outbound.protection.outlook.com [40.107.74.121]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A9B0C1200D6 for <suit@ietf.org>; Tue, 8 Oct 2019 16:33:58 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FkOSHvRmjbGoVExsU8fewfMeKCuh10jJleXMFcsDJ0tTKh5QRqsqQb++Fn0JitaaRRtCuMMLpR9IA3eR4hgj/xaA9Opqlb96G/wuE16f5o2a4ZNqEFj/0sa/Ldb+z6w3yQmnbcmEw+A+qEPbPTqD72kS7ChWlKVKyqCpWcJBREYLkNQfkbjap6+uzUoBLFGSB/hUAuao1qNiA5IlxYJ49CjsMeQmCb4T4NnJbqDu1MtPQb1YfQ/d+bmVURJ6OFwlMKKgbe7kYAsxYRK5Bo53p7rrJkNnMnu0zJqeNyaW2VvHUtq9BZsSj/u2WJaEMjUZvl2dkGezgnKUHiQuGMyL2g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ceClYQKtuBTVM1VrBBdL1E2LKoYbIMPv0BVbkcz2nhQ=; b=M7hFCEYXQopxE4h3PeD0H3+d9t+RID3/EKWilDRyWp542QjMbkNPsL/fZ5fBIgynNWdlnH40fwYq8xbPOXw/tD7dOXJu6JH+8AbyuMpYUL6mSgX71qabueOzx1WbwuzPr6W07UpWoBQLk6p1PUQxJib1TSqJPgEvNoyN0PIw9XrSrtS2RUHgzloHJYW245gQHH5p3+lekRIG1toKPfkQHlIslkVKIJOBjXqHuh6ytukfHt2kS72DHnmYkbTWEaZlrgteDdDuunHnQLeNytfFqUtqiV0R1pfqlIlvH8HZ1eyMH17r4bBrYp0x1fzUltmlOg/v3D3a+5dDK8ZDX7df1g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ceClYQKtuBTVM1VrBBdL1E2LKoYbIMPv0BVbkcz2nhQ=; b=Gc32IeXz1hMHooSjQWkJDUcau2xToJMQnCFa3B8Ki96c8YmPcW7Z4+oqHfTDdhMMSGrGevrwDBEoi/BPPoMt6caZ7avvqnAx8lFRd+XvCz+g43uIR8vquDkhdOI2EPNt35lAVMM5jDZIdK8Ph5U9O5T9xXGfWmlSK4naEC55+XE=
Received: from MWHPR21MB0784.namprd21.prod.outlook.com (10.173.51.150) by MWHPR21MB0173.namprd21.prod.outlook.com (10.173.52.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2347.9; Tue, 8 Oct 2019 23:33:56 +0000
Received: from MWHPR21MB0784.namprd21.prod.outlook.com ([fe80::5d43:ff3f:d4e9:c39c]) by MWHPR21MB0784.namprd21.prod.outlook.com ([fe80::5d43:ff3f:d4e9:c39c%11]) with mapi id 15.20.2367.000; Tue, 8 Oct 2019 23:33:56 +0000
From: Dave Thaler <dthaler@microsoft.com>
To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>, "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] SUIT Architecture document review
Thread-Index: AQHVfi5LRYHDdbc6wEm4whQI71yzd6dRZT3w
Date: Tue, 8 Oct 2019 23:33:56 +0000
Message-ID: <MWHPR21MB07846EBADE58DF9915E8DB82A39A0@MWHPR21MB0784.namprd21.prod.outlook.com>
References: <CAHbuEH6h7Ojc1RDLqGDOvKCqcB6UWu4sg-cozsLFnDsZPm+xCg@mail.gmail.com>
In-Reply-To: <CAHbuEH6h7Ojc1RDLqGDOvKCqcB6UWu4sg-cozsLFnDsZPm+xCg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Owner=dthaler@ntdev.microsoft.com; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2019-10-08T23:33:47.2726332Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Application=Microsoft Azure Information Protection; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=f701c086-694a-4498-a6a8-90f004bf41c6; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Extended_MSFT_Method=Automatic
authentication-results: spf=none (sender IP is ) smtp.mailfrom=dthaler@microsoft.com;
x-originating-ip: [2001:4898:80e8:0:f26f:757d:aa20:51f1]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 18f9c90b-0f18-44c3-926e-08d74c47fcb5
x-ms-office365-filtering-ht: Tenant
x-ms-traffictypediagnostic: MWHPR21MB0173:
x-ms-exchange-purlcount: 1
x-microsoft-antispam-prvs: <MWHPR21MB0173ACB50A28CE311422B6D8A39A0@MWHPR21MB0173.namprd21.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-forefront-prvs: 01842C458A
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(4636009)(396003)(376002)(366004)(39860400002)(136003)(346002)(51444003)(199004)(189003)(5660300002)(7696005)(14444005)(86362001)(53546011)(102836004)(66476007)(6506007)(66446008)(2906002)(14454004)(256004)(33656002)(64756008)(11346002)(66946007)(446003)(186003)(46003)(66556008)(478600001)(10290500003)(25786009)(110136005)(66574012)(71200400001)(9686003)(52536014)(6306002)(236005)(966005)(6246003)(316002)(22452003)(55016002)(606006)(54896002)(76176011)(71190400001)(2501003)(10090500001)(6436002)(8936002)(8990500004)(81156014)(476003)(486006)(81166006)(8676002)(99286004)(76116006)(6116002)(790700001)(74316002)(229853002)(7736002); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR21MB0173; H:MWHPR21MB0784.namprd21.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 9YRgaPXCcGIY2LqXQzS1MyAiPqAcafBIJi9k3eritDcjZak7sUgps9Cym4M7VriDKqEmZhBYxCxrBboKuzEnk107L/KKuY9ZuZaqiEwnC/Ve48oxgSaEO9HYfiOHqagWwiyxiyUwUQmC3YzWDkKvdbMynsWlDNLvqOuOC1va9v+zdihKc6fg2nYygB7DzW2WBJ7ND1pfXvclbNFLgw+mgQqgjSGF4Lg10yZ6JgkeKH5FevYtjUIhK1lWogxBJld6OrJjjyKXpj9mPUuRS74EMM8giwNdAV+Re0DvhNE35535COx4xn/M3iI12RIm+pFFYTMpGXWtJHNm9OyGHPJJYr7kqukk9GuYVLIoIT7U+ko8kOzOXpVw4BHj5hKXGZf9JVTaFbdVzISd9sh5p1lwuEGT/f+p1U//V7GFJpaK4vPgskJg72urG0RcUs4IpLQDWua9EBA6JGHTrUBxgNSA0Q==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_MWHPR21MB07846EBADE58DF9915E8DB82A39A0MWHPR21MB0784namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 18f9c90b-0f18-44c3-926e-08d74c47fcb5
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Oct 2019 23:33:56.0742 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: r399f74HTx+6ObGdrUq/I6ERBdvdJ5lbCZLgdSjiWo1qzjbUfp8weswxjg/0YeEiYRpKxMREpjxnXdNeZ1wX9vDPElhUySXLhAoGbBojY74=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR21MB0173
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/JSSa0l-OAq2q3vRxDrE1WberheE>
Subject: Re: [Suit] SUIT Architecture document review
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Oct 2019 23:34:03 -0000

Thanks Kathleen, I added this as a github issue on the doc:
https://github.com/suit-wg/architecture/issues/5

Dave

From: Suit <suit-bounces@ietf.org> On Behalf Of Kathleen Moriarty
Sent: Tuesday, October 8, 2019 4:15 PM
To: suit@ietf.org
Subject: [Suit] SUIT Architecture document review

Hello,

I know I am late with a review, but since it has not gone to IETF last call yet, I'd like to submit these comments.  I know another version is expected soon, so some of these comments/nits may have been addressed already.

The document as a whole reads very well, thanks for all your work on it.  I do hope it enjoys wide adoption.

Abstract:
I thought one of the goals was to update firmware for IoT, but also to scale up to larger systems as well.  The abstract seems very specific to constrained devices.  Should the language be adjusted or has the focus changed?

Introduction:
If the scope does include larger devices, then this is a problem for them as well for both security and inconsistency across platforms.  It's harder than it needs to be and that's amplified when you think about IoT.

Section 2:
For the Firmware definition, is the last sentence referring to both "firmware" and "image" as interchangeable or something else?  I think adjusting the last couple of sentences may be helpful to some readers.

Section 3.2:
If not link, network, or transport layer security, what does this rely upon?  If it is object-level security and I am assuming it is, please state that explicitly possibly referring to where confidentiality protection is specified.

Section 3.3:

Current text:
"The use of post-quantum secure signature mechanisms, such as hash-
   based signatures, should be explored."
Since this is the architecture document, if they are defined elsewhere, the document should point to that rather than saying "should be explored".

Some other well received architecture documents provided pointers to the related documents that filled out stated components of the architecture.  If the WG were to hold this to be published until other document were complete, this could provide the same mapping between the requirements, architecture, and implementation of the architecture with the various specifications.

Section 3.6
I think this is the first time "fw" is used.  Maybe just spell out firmware with a search and replace?

Section 3.11:
Typo in the following sentence:
   "TEEs may obtain TAs from different authors and those TAs may
   require personalization data, such as payment information, to be
   securely be conveyed to the TEE."
s/to be securely be conveyed/to be securely conveyed/

Section 4;
Typo in the following sentence:
   "The credential used to must be directly or indirectly
   related to the trust anchor installed at the device by the Trust
   Provisioning Authority."
s/The credential used to must/The credential used must/

Section 8
This says downloads can be large, so I think that's to accommodate more than IoT, is that right and the abstract/intro can be updated?

The following sentence is readable, but super long:
   If the application image contains the firmware consumer
   functionality, as described above, then it is necessary that a
   working image is left on the device to ensure that the bootloader can
   roll back to a working firmware image to re-do the firmware download
   since the bootloader itself does not have enough functionality to
   fetch a firmware image plus manifest from a firmware server over the
   Internet.
Perhaps break it up?

Security considerations:
Should this mention the end-to-end encryption?  Is it provided at the object level?

Also, if the intent is to scale above constrained devices, the text should state that as this section also specifies IoT.

Thank you for all of your work on the document.  It's easy to read and comprehensive.

Best regards,
Kathleen