Re: [Suit] WG: WGLC on draft-ietf-suit-firmware-encryption-14 due on September 11, 2023
Hannes Tschofenig <hannes.tschofenig@gmx.net> Mon, 11 September 2023 13:58 UTC
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1985BC151083 for <suit@ietfa.amsl.com>; Mon, 11 Sep 2023 06:58:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.197
X-Spam-Level:
X-Spam-Status: No, score=-7.197 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.091, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmx.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cxlgPObdeYr6 for <suit@ietfa.amsl.com>; Mon, 11 Sep 2023 06:58:10 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.21]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 891DFC14F74A for <suit@ietf.org>; Mon, 11 Sep 2023 06:58:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=s31663417; t=1694440684; x=1695045484; i=hannes.tschofenig@gmx.net; bh=81AU0KtL1GGT54Uqft+0BvYitogCRH4vwtPPVfY7u4o=; h=X-UI-Sender-Class:Date:Subject:To:References:From:In-Reply-To; b=YDMN4cigxo1rPIy9hqRaqK1RT1zuzG0rJduo7N0v5JLDMXZqaZTf5xy6Elol9gbHVRppcJ0 8V4TjEyc9tP4RJTa1Z6DJJZZ4ofIHT2Pq1yIWkayL1aCAWZUNeN4KroOvUZRUmlliQwKOZnVa A0GoUqFQqavTyVAnkNH8/QEuGki5EnvnP7GRHwwG9mHOLBBtKAbA+Pr7HusEBZPzhQC9htoiQ Iy+1gN/4SZkhetxfDdGlERYgyOgCNZhKYANhbG+3KpselfpbTLafgxsJvYZO1bQVh2KCVH5FO S5uRn7ixuEPR34lKwyz/12PdT7b/Miw0fl36sLuJ0FEoGDGpZFCQ==
X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a
Received: from [172.16.254.195] ([195.149.218.225]) by mail.gmx.net (mrgmx105 [212.227.17.168]) with ESMTPSA (Nemesis) id 1M26r3-1qdDW91iQL-002b43; Mon, 11 Sep 2023 15:58:04 +0200
Message-ID: <6ecb8ce2-95ff-4e49-497f-f21bfaf41306@gmx.net>
Date: Mon, 11 Sep 2023 15:58:03 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.15.0
To: Michael Richardson <mcr+ietf@sandelman.ca>, suit@ietf.org
References: <MW4PR09MB988694F9A88981948F4290B4F0E0A@MW4PR09MB9886.namprd09.prod.outlook.com> <GV2PR10MB7438B53F9EA845B2B78BB17BEEE6A@GV2PR10MB7438.EURPRD10.PROD.OUTLOOK.COM> <23882.1694384458@localhost>
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
In-Reply-To: <23882.1694384458@localhost>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
X-Provags-ID: V03:K1:gSpqlHctHtMn+3+6pTPwArktbj5lx8ixMwUfAjtaJjAFSugjSJG C37PS9m2vc+OZjdhwkxWb528WggkwJ7jVVadvYcFOZCli3J0vO8nS9T2AJso6Eq39kOxoiB /zR8UKtHb5FVNY0srjHyfDbWc3rNZHoHS8lR+Taip9auxbIH0bSyodPYliImTtVTkbsz6/M XhTCnCybfSLL3jGQHFm0w==
UI-OutboundReport: notjunk:1;M01:P0:i18g5F0gvf0=;U2Yrw4lcw/5ZhaW7TLQ8EEv7LKH HqN0n1MOxcjhUIcAPRLqKhyV28Y/3miExEB2oAiiwGKHf2YOnIeDeyJ26GVy5gLqrhPJJPYRH jutnoD8CBwXQIphplXof7h4TIClEOIy9ER1qTeY6060Tb5jkmlDh8IscVVuxt1FvEoyMkHxa7 m3hKVqWRTmy0kekHUL2E87EIWArZy2fJN66OnzC1zrVDUpMsBap9y0qUB4FfeI5pF2FxIf77z zwsyMm8wGK3QU7BdAfLIIYwJyhT1LQa7mfMcuufSz/CrRcS7ilTs6/sr88wVJABEejfZI5K0p dd1tsjwt6d38lCc3w5z1rMnIL0F2jreTS9M4TQcE4uVFJCGzM2UXlvfrOsXIncdvfd6fciTkk VK6+HBs+/sr7ZRqbou315lQEB2APAPKNzTCtnXtKu0ulFOJGS/N7pDjgpCzErQ+CEE4DYb+o6 Rs9qj+mPiiaO9jSJBMhds2tmgNjr+fRDf1jgJu05BXZnBds9RnhA7bgRvzNZO98mHe370nQNw s6173PvmREj0tyaev2hp/C7rGdf8i1JqgXSRFkdesmkMPbvBGwQSOuYs6cFMPXCsUNdD0WO+6 bLZvrDs4p2vo1rkzVmhJdAu00sPzPJq7C1gxU3212qhGSG7OVUkYs1gCjQ50KvJTrGk6HTWjQ NQQTihyQVZtk79VHAu+5awWl7QaDqNAbM/ZW6oh4gY0dl3rYorK52YDNjcsQZrW2CoCMaw6bS qPcDz2fog+/QlFusGf4tnzr/96wUm0qjH7u1Mu5KU9UDbwXpAEeLxKo0Sxb0VHebXyXoPDFZD YI3b7voEb6XMsqlZ+DmQl+fatlcrVgsBZc0q3n6HZmcKCblhJ1bq8En2Itn+ahS35Yg4NVyzS defyPUf9mdsh9YE2+mEBar4IGMWyRqGZJ7mfmR8VmLlxqaKRDAbNOVWZ2hbbvJwAS70Yddc1z y0jHzLMsGlDfmKhSIEk26BI7hPw=
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/RDQTHoYb24zsZn8lE6PyMVftaSA>
Subject: Re: [Suit] WG: WGLC on draft-ietf-suit-firmware-encryption-14 due on September 11, 2023
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Sep 2023 13:58:12 -0000
Hi Michael,
thanks for reviewing the draft.
Am 11.09.2023 um 00:20 schrieb Michael Richardson:
> Hi, I re-read draft-ietf-suit-firmware-encryption-14.
> My comments below are entirely of an editorial nature.
>
> 1. Figure one has a data flow from right to left.
> My brain would prefer left-to-right, but if you want to do it this way,
> then can you add arrows to the lines so that the payload+manifest clearly
> flows *to* the devices?
Makes sense.
>
> 2. The lack of any standard way to "obtains information about the
> recipients and their keys from the distribution system."
>
> should probably be more clearly noted.
There are standardized device management solutions available. So, that's
not a problem.
> 3. "The author treats the distribution system as the initial recipient"
> this is also not-standardized, and I think might involve some kind of
> integration with a sales channel.
This is not standardized, as far as I know. However, this is the area of
classical Web APIs.
>
> An upside of this intermediate step is that:
> - distribution system can inspect the contents
> - distribution system does not need to disclose which devices are involved.
> (or where they are, or how they are named)
Correct.
>
> } If the author and distributor are separate entities, then the author
> } must delegate encryption rights to the distributor. By the principle
>
> they are clearly depicted as different entities. I wonder if you mean the
> author and sender are different entities?
I re-worded the text since it was indeed not clear.
>
> It seems like model 1 (replaces the COSE_Encrypt, signs again) is just for
> discussion, and has not been really adopted.
In practice, this is how it is done today.
> I would rather that this was
> part of the security considerations, if it is not really a choice.
It is a real choice.
> This model also implies that the devices are able to trust the distributor,
> so they have had their trust anchors updated, which also means that the
> distributor has actual control over the devices, and is able to survive the
> business failure of the author.
Correct.
>
> } Since
> } a device will typically only support one of the content key
> } distribution algorithms, the distribution system needs to know a
>
> I think this refers to AES-KW vs ES-DH, vs model 1/2 above.
Yes. Correct.
>
> } the distribution system needs to know about
> } the properties of the deployed devices
>
> how does this distribution system know this? Is it derivable from the content
> that the author/sender provides, or does it require configuration?
If the distribution system, which is more than a file server, encrypts
the payload it needs to know what content key distribution method the
device supports based on the keys it maintains for the devices.
>
> } RFC Editor's Note (TBD1): The value for the suit-parameter-
> } encryption-info parameter is set to 19, as the proposed value.]
>
> I suggest: TBD19 if IANA has not yet done their thing.
I don't think we need to worry about the IANA registrations here.
>
> } Another attack concerns battery exhaustion. An attacker may swap
> } detached payloads and thereby force the device to process a wrong
>
> wow, this just jumps into the middle of a protocol description.
> This paragraph and the next one seem like Security Considerations to me.
> The availability of the digest is protocol, but the reasons for it can/should
> be SC.
You are correct. I re-arranged the text.
> } Many other methods are specified in the literature, and even
> } supported by COSE.
>
> okay, but I guess, think, that AES-KW and ES-DH provide for 99% of the target
> cases then?
Yes.
>
> AES-KW, combined with distribution doing re-encrypt, implies that the
> distribution system has access to the KEK for every device.
Yes.
> Is the KEK not
> unique per-device? 6.1.2 implies it might not always be.
Ideally, it is unique per device. Of course, practice is often different.
>
> I suggest that the different ways of using AES-KW, with common KEK across
> devices, vs per-device KEK be clearly named and listed a different options.
> And then third option of different CEKs!
Let me think about given the versions different names.
>
> I think that 6.2.2, "same encrypted payload", the CEK is the same, but the
> CEK is encrypted multiple times with different KEKs, derived from the
> different ES-DH operations, because every device has a different g^y?
Yes.
>
> Is there a case where all devices have the same g^y?
No, not in this document. Should there be?
>
> Ditto comment about PIC becoming more and more common, and anyway, compile to
> two different slots.
Where is PIC becoming more popular? Which RTOS supports PIC?
> There is also a situation where the secondary image
> space is not directly addresseable ("external flash").
We support this use case.
> Even cases where the
> image is loaded into RAM before being executable, and the "flash" is more disk-like.
This is supported as well but here we are also talking about corner
cases because most constrained IoT devices don't have so much ram to fit
the firmware image into it.
>
> I think this section 7 could be an appendix.
> sections 7.1/7.2 seems more of a standard statement, and contains BCP14
> language.
What would be the benefit of moving the text to the appendix?
>
> Thanks for including examples with private keys. I think you can mark those
> pieces as code blocks so they are more easily extracted.
What would be the best way of doing it here?
>
> } To provide high security for AES Key Wrap, it is important that the
> } KEK is of high entropy, and that implementations protect the KEK from
> } disclosure. Compromise of the KEK may result in the disclosure of
> } all key data protected with that KEK.
>
> I believe that protecting firmware from disclosure is a low-value activity.
> (Others disagree: but I continue to believe they have IPR violations to hide)
>
> HOWEVER, one of the useful things for suit-firmware-encryption is for
> configuration data. That could even include application identity keys.
> Keeping application credentials across hardware replacements is probably an
> important simplication for IoT ecosystems.
>
> I believe that one could have multiple KEKs: that the firmware-encryption one
> might be different from the configuration encryption one. This is worth
> mentioning.
Good idea. Added text.
>
> On the whole I found the SC section far far too short, and I've indicated
> some text that I think could move there. I think that the SC should review
> the 5 (6?) possible ways to use CEKs, KEKs, and ES-DH keys, providing some
> guidance on which might be appropriate to different uses, or at least, laying
> out the different properties in a more easily digested table-like format.
I have restructured the text a bit and made the security consideration
section even shorter.
Let me think about the "table" idea.
>
> I also think that it would be good to collect the set of "no standard exists
> for..." into a single place, maybe bullet pointed, as that will more clearly
> tell people where they need to come up with answers.
Ok.
>
> Again, I believe that my comments are all of an editorial nature, and that in fact
> nothing should stop deployment of this specification.
>
I appreciate your feedback, which makes the document read better.
Ciao
Hannes
- [Suit] WGLC on draft-ietf-suit-firmware-encryptio… Waltermire, David A. (Fed)
- Re: [Suit] WG: WGLC on draft-ietf-suit-firmware-e… Christian Amsüss
- Re: [Suit] WG: WGLC on draft-ietf-suit-firmware-e… Hannes Tschofenig
- Re: [Suit] WGLC on draft-ietf-suit-firmware-encry… Russ Housley
- Re: [Suit] WGLC on draft-ietf-suit-firmware-encry… dthaler1968
- Re: [Suit] WGLC on draft-ietf-suit-firmware-encry… Marco Tiloca
- Re: [Suit] WGLC on draft-ietf-suit-firmware-encry… Russ Housley
- Re: [Suit] WGLC on draft-ietf-suit-firmware-encry… Hannes Tschofenig
- Re: [Suit] WGLC on draft-ietf-suit-firmware-encry… Hannes Tschofenig
- Re: [Suit] WGLC on draft-ietf-suit-firmware-encry… Marco Tiloca
- Re: [Suit] WGLC on draft-ietf-suit-firmware-encry… Hannes Tschofenig
- Re: [Suit] WG: WGLC on draft-ietf-suit-firmware-e… Michael Richardson
- Re: [Suit] WG: WGLC on draft-ietf-suit-firmware-e… Michael Richardson
- Re: [Suit] WG: WGLC on draft-ietf-suit-firmware-e… Hannes Tschofenig
- Re: [Suit] WG: WGLC on draft-ietf-suit-firmware-e… Michael Richardson
- Re: [Suit] WGLC on draft-ietf-suit-firmware-encry… Dave Thaler
- Re: [Suit] WG: WGLC on draft-ietf-suit-firmware-e… David Brown
- Re: [Suit] WG: WGLC on draft-ietf-suit-firmware-e… Tschofenig, Hannes
- Re: [Suit] WG: WGLC on draft-ietf-suit-firmware-e… David Brown
- Re: [Suit] WG: WGLC on draft-ietf-suit-firmware-e… Michael Richardson
- Re: [Suit] WG: WGLC on draft-ietf-suit-firmware-e… David Brown