IETF Logo Mail Archive

Re: [Suit] SUIT rechartering: proposed text

Russ Housley <housley@vigilsec.com> Tue, 10 August 2021 13:37 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E9CD13A0AA5 for <suit@ietfa.amsl.com>; Tue, 10 Aug 2021 06:37:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.888
X-Spam-Level:
X-Spam-Status: No, score=-1.888 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, T_SPF_TEMPERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V2qebuwlBTZT for <suit@ietfa.amsl.com>; Tue, 10 Aug 2021 06:37:10 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6A0303A0AA3 for <suit@ietf.org>; Tue, 10 Aug 2021 06:37:10 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id E8ABB300C9A for <suit@ietf.org>; Tue, 10 Aug 2021 09:37:09 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id bMvg1Cpx3sdF for <suit@ietf.org>; Tue, 10 Aug 2021 09:37:08 -0400 (EDT)
Received: from a860b60074bd.fios-router.home (pool-141-156-161-153.washdc.fios.verizon.net [141.156.161.153]) by mail.smeinc.net (Postfix) with ESMTPSA id 9E9EA300B54; Tue, 10 Aug 2021 09:37:08 -0400 (EDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.21\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <A460F3FC-0EC6-4B8F-9D8C-D40AC841E602@arm.com>
Date: Tue, 10 Aug 2021 09:37:07 -0400
Cc: suit <suit@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <64550B21-A0F8-489A-ACDC-C6F058CD6FE3@vigilsec.com>
References: <66D84CE5-22E6-44F0-8239-8A5832326219@arm.com> <3E7D5E5B-03EE-4EDD-A951-FB119F72DDE8@arm.com> <16339.1613515194@localhost> <E4B87013-1498-463F-98C0-5FF13344C3EA@arm.com> <6FC3F38A-B067-4180-ACD9-A121162EA459@vigilsec.com> <26718.1626138395@localhost> <MN2PR09MB4841BA0A0CC978E70A09A509F0119@MN2PR09MB4841.namprd09.prod.outlook.com> <67F117E7-28F2-45F3-BC4C-AC8116BCB69F@vigilsec.com> <SN6PR2101MB0943178F1E627E78A1343AE8A3E59@SN6PR2101MB0943.namprd21.prod.outlook.com> <50B65F80-808D-4591-9D4D-2346796DA204@vigilsec.com> <1944E3C3-9348-4574-AE26-4133BFD932B0@vigilsec.com> <CH2PR21MB1464AC4D50A932EC45A3B369A3EF9@CH2PR21MB1464.namprd21.prod.outlook.com> <3944F4E6-9644-4D23-9DB0-B0AC0490AB51@vigilsec.com> <A460F3FC-0EC6-4B8F-9D8C-D40AC841E602@arm.com>
To: Brendan Moran <Brendan.Moran@arm.com>
X-Mailer: Apple Mail (2.3445.104.21)
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/S7vohVFuKrGedMx_kbDZ4LhvepY>
Subject: Re: [Suit] SUIT rechartering: proposed text
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Aug 2021 13:37:16 -0000


> On Aug 10, 2021, at 5:04 AM, Brendan Moran <Brendan.Moran@arm.com> wrote:
> 
> I’m slightly concerned by one paragraph:
> 
>>> The SUIT WG does not aim to create a standard for a generic application software update mechanism, but instead the SUIT WG is focusing on firmware development practices in the embedded industry. Software update solutions that target updating software other than the firmware binaries (e.g., applications) are also out of scope.
> 
> This is a concern because, in the manifest format, we say that the primary goal is firmware update, but it’s still usable for software update. If this paragraph of the charter remains as-is, then the manifest format appears to go counter to the charter. I would argue that this paragraph appears to prohibit the development of support for TEEP.
> 
> Should we consider alternate phrasing?

This is largely unchanged from the current charter, which says:

This group does not aim to create a standard for a generic application software
update mechanism, but instead this group will focus on firmware development
practices in the embedded industry. Software update solutions that target
updating software other than the firmware binaries (e.g., applications) are
also out of scope.

I do not think SUIT manifest is counter to this paragraph.  It makes no attempt to replace Windows software update or the Red Hat Update Agent to name two among many.

That said, can suggest alternate text that more accurately scopes the firmware update effort?

Russ

v2.23.0 | Report a Bug | By Email