Re: [Suit] SUIT rechartering: proposed text
Russ Housley <housley@vigilsec.com> Mon, 12 July 2021 20:44 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 47B323A0D04 for <suit@ietfa.amsl.com>; Mon, 12 Jul 2021 13:44:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cY1gZKcqXrLE for <suit@ietfa.amsl.com>; Mon, 12 Jul 2021 13:44:07 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4C9873A0D42 for <suit@ietf.org>; Mon, 12 Jul 2021 13:43:46 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id F15833005DF for <suit@ietf.org>; Mon, 12 Jul 2021 16:43:45 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id UHmVPIbmSzrs for <suit@ietf.org>; Mon, 12 Jul 2021 16:43:40 -0400 (EDT)
Received: from a860b60074bd.fios-router.home (pool-141-156-161-153.washdc.fios.verizon.net [141.156.161.153]) by mail.smeinc.net (Postfix) with ESMTPSA id 86606300C79 for <suit@ietf.org>; Mon, 12 Jul 2021 16:43:40 -0400 (EDT)
From: Russ Housley <housley@vigilsec.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.21\))
Date: Mon, 12 Jul 2021 16:43:39 -0400
References: <66D84CE5-22E6-44F0-8239-8A5832326219@arm.com> <3E7D5E5B-03EE-4EDD-A951-FB119F72DDE8@arm.com> <16339.1613515194@localhost> <E4B87013-1498-463F-98C0-5FF13344C3EA@arm.com>
To: suit <suit@ietf.org>
In-Reply-To: <E4B87013-1498-463F-98C0-5FF13344C3EA@arm.com>
Message-Id: <6FC3F38A-B067-4180-ACD9-A121162EA459@vigilsec.com>
X-Mailer: Apple Mail (2.3445.104.21)
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/Nvm00R10-5qRhhRRFiSYnuucz24>
Subject: Re: [Suit] SUIT rechartering: proposed text
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Jul 2021 20:44:09 -0000
Putting the text provided by Brendan and a bit of context to the work that has alrady been done by the WG, I propose the following re-charter text. Review and comment most welcome. Russ = = = = = = = = Vulnerabilities in Internet of Things (IoT) devices have raised the need for a secure firmware update mechanism that is also suitable for constrained devices. Security experts, researchers, and regulators recommend that all IoT devices be equipped with such a mechanism. While there are many proprietary firmware update mechanisms in use today, there is no modern interoperable approach allowing secure updates to firmware in IoT devices. In June 2016, the Internet Architecture Board organized a workshop on 'Internet of Things (IoT) Software Update (IOTSU)', and RFC 8240 documents various requirements and challenges that are specific to IoT devices. A firmware update solution consists of several components, including: * A mechanism to transport firmware images to compatible devices. * A manifest that provides meta-data about the firmware image (such as a firmware package identifier, the hardware the package needs to run, and dependencies on other firmware packages), as well as cryptographic information for protecting the firmware image in an end-to-end fashion. * The firmware image itself. The SUIT WG will focus on defining a firmware update solution (taking into account past learnings from RFC 4108 and other proprietary firmware update solutions) that will be usable on Class 1 (as defined in RFC 7228) devices, i.e., devices with ~10 KiB RAM and ~100 KiB flash. The solution may apply to more capable devices as well. The SUIT WG will not define any new transport or discovery mechanisms, but may describe how to use existing mechanisms within the architecture. The SUIT WG was already completed work on two documents: * An IoT firmware update architecture that includes a description of the involved entities, security threats, and assumptions. * An information model for the SUIT manifest. Now that the information model is complete, the SUIT WG will has selected the CBOR serialization formats and the associated COSE cryptographic mechanisms to encode the SUIT manifest. The SUIT WG may consider a small number of additional formats in the future; however, to reduce the complexity of a firmware management solution, a very small number of formats is preferred. To support a wide range of deployment scenarios, the formats are expected to be expressive enough to allow the use of different firmware sources and permission models. The SUIT WG does not aim to create a standard for a generic application software update mechanism, but instead the SUIT WG focus on firmware development practices in the embedded industry. Software update solutions that target updating software other than the firmware binaries (e.g., applications) are also out of scope. To support the SUIT manifest format, the SUIT WG will also define formats and protocols that enable a Status Tracker to determine if a particular manifest could be successfully deployed to a device and determine if an operation was successful. The SUIT WG will specify names or numbers will enable the use of SUIT manifests, their precursors, and their successors within existing or future protocols. The SUIT WG will aim to maintain a close relationship with silicon vendors and OEMs that develop IoT operating systems. The SUIT WG aims to publish several additional documents, namely: * A SUIT manifest format specification using CBOR. * A firmware encryption specification for use with SUIT manifests. * A secure for IoT device to reporting on firmware update status. * A SUIT manifest extension to include a MUD file as defined in RFC 8520.
- [Suit] SUIT rechartering: proposed text Brendan Moran
- Re: [Suit] SUIT rechartering: proposed text Michael Richardson
- Re: [Suit] SUIT rechartering: proposed text Brendan Moran
- Re: [Suit] SUIT rechartering: proposed text Russ Housley
- Re: [Suit] SUIT rechartering: proposed text Russ Housley
- Re: [Suit] SUIT rechartering: proposed text Michael Richardson
- Re: [Suit] SUIT rechartering: proposed text Dave Thaler
- Re: [Suit] SUIT rechartering: proposed text Waltermire, David A. (Fed)
- Re: [Suit] SUIT rechartering: proposed text Russ Housley
- Re: [Suit] SUIT rechartering: proposed text Dave Thaler
- Re: [Suit] SUIT rechartering: proposed text Russ Housley
- Re: [Suit] SUIT rechartering: proposed text Dave Thaler
- Re: [Suit] SUIT rechartering: proposed text Waltermire, David A. (Fed)
- Re: [Suit] SUIT rechartering: proposed text Michael Richardson
- Re: [Suit] SUIT rechartering: proposed text Dave Thaler
- Re: [Suit] SUIT rechartering: proposed text Michael Richardson
- Re: [Suit] SUIT rechartering: proposed text Russ Housley
- Re: [Suit] SUIT rechartering: proposed text Dave Thaler
- Re: [Suit] SUIT rechartering: proposed text Russ Housley
- Re: [Suit] SUIT rechartering: proposed text Brendan Moran
- Re: [Suit] SUIT rechartering: proposed text Russ Housley
- Re: [Suit] SUIT rechartering: proposed text Michael Richardson
- Re: [Suit] SUIT rechartering: proposed text Ira McDonald
- Re: [Suit] SUIT rechartering: proposed text Dave Thaler
- Re: [Suit] SUIT rechartering: proposed text Russ Housley
- Re: [Suit] SUIT rechartering: proposed text Russ Housley
- Re: [Suit] SUIT rechartering: proposed text Michael Richardson
- Re: [Suit] SUIT rechartering: proposed text Dave Thaler
- Re: [Suit] SUIT rechartering: proposed text Michael Richardson
- Re: [Suit] SUIT rechartering: proposed text Roman Danyliw
- Re: [Suit] SUIT rechartering: proposed text Roman Danyliw
- Re: [Suit] SUIT rechartering: proposed text Russ Housley
- Re: [Suit] SUIT rechartering: proposed text Michael Richardson
- Re: [Suit] SUIT rechartering: proposed text Michael Richardson
- Re: [Suit] SUIT rechartering: proposed text Roman Danyliw
- Re: [Suit] SUIT rechartering: proposed text Roman Danyliw
- Re: [Suit] SUIT rechartering: proposed text Russ Housley
- Re: [Suit] SUIT rechartering: proposed text Roman Danyliw