[Suit] draft-moran-suit-mud
Russ Housley <housley@vigilsec.com> Wed, 22 December 2021 22:14 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E52B93A0D17 for <suit@ietfa.amsl.com>; Wed, 22 Dec 2021 14:14:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.886
X-Spam-Level:
X-Spam-Status: No, score=-1.886 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vtEMUS_ySI4V for <suit@ietfa.amsl.com>; Wed, 22 Dec 2021 14:14:41 -0800 (PST)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DF8FD3A0D16 for <suit@ietf.org>; Wed, 22 Dec 2021 14:14:40 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 52FFE300C69 for <suit@ietf.org>; Wed, 22 Dec 2021 17:14:43 -0500 (EST)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id M2VhFZ5_Gx67 for <suit@ietf.org>; Wed, 22 Dec 2021 17:14:40 -0500 (EST)
Received: from a860b60074bd.fios-router.home (pool-141-156-161-153.washdc.fios.verizon.net [141.156.161.153]) by mail.smeinc.net (Postfix) with ESMTPSA id 09A633000D0; Wed, 22 Dec 2021 17:14:40 -0500 (EST)
From: Russ Housley <housley@vigilsec.com>
Message-Id: <E51E051D-7DBC-4CBB-AEB7-98D81D9BBF72@vigilsec.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_91C25216-532A-4890-B442-C0FC05D278D7"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.21\))
Date: Wed, 22 Dec 2021 17:14:36 -0500
In-Reply-To: <24CDBD3C-EBB2-4EBF-AF3E-3EC234113623@vigilsec.com>
Cc: suit <suit@ietf.org>
To: Brendan Moran <Brendan.Moran@arm.com>
References: <163976599902.4734.13632661277320591228@ietfa.amsl.com> <24CDBD3C-EBB2-4EBF-AF3E-3EC234113623@vigilsec.com>
X-Mailer: Apple Mail (2.3445.104.21)
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/Q52siNP9MhsKI2jS-FwYQe8qZT0>
Subject: [Suit] draft-moran-suit-mud
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Dec 2021 22:14:47 -0000
Brendan: We were trying to do things in parallel. Now that the re-charter is approved, the adoption of the MUD document can take place. Please post draft-ietf-suit-mud-00. For the SUIT WG Chairs, Russ > On Dec 17, 2021, at 1:33 PM, The IESG <iesg-secretary@ietf.org <mailto:iesg-secretary@ietf.org>> wrote: > > The Software Updates for Internet of Things (suit) WG in the Security > Area of the IETF has been rechartered. For additional information, > please contact the Area Directors or the WG Chairs. > > Software Updates for Internet of Things (suit) > ---------------------------------------------------------------------- > - > Current status: Active WG > > Chairs: > Dave Thaler <dthaler@microsoft.com <mailto:dthaler@microsoft.com>> > David Waltermire <david.waltermire@nist.gov <mailto:david.waltermire@nist.gov>> Russ Housley > <housley@vigilsec.com <mailto:housley@vigilsec.com>> > > Assigned Area Director: > Roman Danyliw <rdd@cert.org <mailto:rdd@cert.org>> > > Security Area Directors: > Benjamin Kaduk <kaduk@mit.edu <mailto:kaduk@mit.edu>> > Roman Danyliw <rdd@cert.org <mailto:rdd@cert.org>> > > Mailing list: > Address: suit@ietf.org <mailto:suit@ietf.org> > To subscribe: > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww>. > ietf.org <http://ietf.org/>%2Fmailman%2Flistinfo%2Fsuit&data=04%7C01%7Cdthaler%40micr > osoft.com <http://osoft.com/>%7C72a959d09aa84170b33f08d9c18e8aaa%7C72f988bf86f141af91ab2d7 > cd011db47%7C1%7C0%7C637753640242000556%7CUnknown%7CTWFpbGZsb3d8eyJWIjo > iMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000& > ;sdata=6V6lh1wdN%2FMIroEcyAt3So2A8ifE46sWFDNMxebzS58%3D&reserved=0 > Archive: > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmail <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmail> > archive.ietf.org <http://archive.ietf.org/>%2Farch%2Fsearch%2F%3Femail_list%3Dsuit&data=04%7C > 01%7Cdthaler%40microsoft.com <http://40microsoft.com/>%7C72a959d09aa84170b33f08d9c18e8aaa%7C72f9 > 88bf86f141af91ab2d7cd011db47%7C1%7C0%7C637753640242000556%7CUnknown%7C > TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVC > I6Mn0%3D%7C3000&sdata=7kAfFvfyMR7y1RSEsSVPVkqlLrxuSpA4J6Ejrc%2FOlk > g%3D&reserved=0 > > Group page: > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdata <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdata> > tracker.ietf.org <http://tracker.ietf.org/>%2Fgroup%2Fsuit%2F&data=04%7C01%7Cdthaler%40micros > oft.com <http://oft.com/>%7C72a959d09aa84170b33f08d9c18e8aaa%7C72f988bf86f141af91ab2d7cd > 011db47%7C1%7C0%7C637753640242000556%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiM > C4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&s > data=nykpu2G3gJbI0uQGo1bnaM6uo8fTN3yJyxdjcWiwlZw%3D&reserved=0 > > Charter: > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdata <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdata> > tracker.ietf.org <http://tracker.ietf.org/>%2Fdoc%2Fcharter-ietf-suit%2F&data=04%7C01%7Cdthal > er%40microsoft.com <http://40microsoft.com/>%7C72a959d09aa84170b33f08d9c18e8aaa%7C72f988bf86f141 > af91ab2d7cd011db47%7C1%7C0%7C637753640242000556%7CUnknown%7CTWFpbGZsb3 > d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7 > C3000&sdata=YnBkFLPYC5Nld83i1STFJnDUDNgmkiy3JCa3JQfwEfA%3D&res > erved=0 > > Vulnerabilities in Internet of Things (IoT) devices have raised the > need for a secure firmware update mechanism that is also suitable for > constrained devices. Security experts, researchers, and regulators > recommend that all IoT devices be equipped with such a mechanism. > While there are many proprietary firmware update mechanisms in use > today, there is no modern interoperable approach allowing secure > updates to firmware in IoT devices. In June 2016, the Internet > Architecture Board organized a workshop on 'Internet of Things (IoT) > Software Update (IOTSU)', and RFC 8240 documents various requirements and challenges that are specific to IoT devices. > > A firmware update solution consists of several components, including: > * A mechanism to transport firmware images to compatible devices. > * A manifest that provides meta-data about the firmware image (such as > a firmware package identifier, the hardware the package needs to run, > and dependencies on other firmware packages), as well as > cryptographic information for protecting the firmware image in an end-to-end fashion. > * The firmware image itself. > > The SUIT WG is defining a firmware update solution (taking into > account past learning from RFC 4108 and other proprietary firmware > update solutions) that are usable on Class 1 (as defined in RFC 7228) > devices, i.e., devices with > ~10 KiB RAM and ~100 KiB flash. The solution may apply to more > capable devices as well. The SUIT WG is not defining any new > transport or discovery mechanisms, but may describe how to use > existing mechanisms within the architecture. > > The SUIT WG has already completed work on two documents: > * An IoT firmware update architecture. > * An information model for the SUIT manifest. > > Now that the information model is complete, the SUIT WG has selected > the CBOR serialization format and the associated COSE cryptographic > mechanisms to encode the SUIT manifest. The SUIT WG may consider a > small number of additional formats in the future; however, to reduce > the complexity of a firmware management solution, a very small number > of formats is preferred to enable SUIT maifest integration and > interoperability with other IoT technologies and ecosystems. To > support a wide range of deployment scenarios, the formats are expected > to be expressive enough to allow the use of different firmware sources and permission models. > > To enable SUIT Status Tracker functionality (per RFC9019), the SUIT WG > is also defining extensions to determine if a particular manifest > could be successfully deployed to a device and determine if an > operation was successful. > > In addition, the SUIT WG will work with the RATS WG to specify claims > related to the SUIT Status Tracker that can be used to provide > evidence in support of the RATS architecture. > > The SUIT WG will continue to work with silicon vendors and OEMs that > develop IoT operating systems to produce implementations based on SUIT > WG specifications. In particular, the SUIT WG plans to continue to > participate in IETF Hackathons. > > The SUIT WG document deliverables are: > * A SUIT manifest format specification using CBOR. > * Extensions to the SUIT manifest for optional capabilities, including: > - firmware encryption, > - trust domains, > - update management, and > - inclusion of a file in the MUD format (RFC 8520). > * A secure method for an IoT device to report on firmware update status. > > In addition, either the SUIT WG or the RATS WG will produce: > * A set of claims for attesting to firmware update status. > > Milestones: > > Dec 2021 - Adopt SUIT Manifest update management document as WG item > > Dec 2021 - Adopt SUIT Manifest trust domains document as WG item > > Dec 2021 - Adopt SUIT Manifest MUD extension document as WG item > > Mar 2022 - Decide with RATS WG in which working group the 'set of > claims for attesting to firmware update status' document should be > produced > > Aug 2022 - Submit firmware encryption document to the IESG for > publication as a Proposed Standard > > Sep 2022 - Submit SUIT Status Tracker document to the IESG for > publication as a Proposed Standard > > Nov 2022 - Submit SUIT Manifest update management document to the > IESG for publication as a Proposed Standard > > Nov 2022 - Submit SUIT Manifest trust domains document to the IESG > for publication as a Proposed Standard > > Dec 2022 - Submit SUIT Manifest MUD extension document to the IESG > for publication as a Proposed Standard >
- [Suit] WG Action: Rechartered Software Updates fo… The IESG
- [Suit] draft-moran-suit-mud Russ Housley