IETF Logo Mail Archive

Re: [Suit] WG: WGLC on draft-ietf-suit-firmware-encryption-14 due on September 11, 2023

Michael Richardson <mcr+ietf@sandelman.ca> Mon, 11 September 2023 19:14 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A7CC0C15C523 for <suit@ietfa.amsl.com>; Mon, 11 Sep 2023 12:14:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.407
X-Spam-Level:
X-Spam-Status: No, score=-4.407 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sandelman.ca
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FmPwVru80ErX for <suit@ietfa.amsl.com>; Mon, 11 Sep 2023 12:14:10 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 787A8C151093 for <suit@ietf.org>; Mon, 11 Sep 2023 12:14:10 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 6367938EC8; Mon, 11 Sep 2023 15:14:09 -0400 (EDT)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id GJHf_wjS3V7a; Mon, 11 Sep 2023 15:14:06 -0400 (EDT)
Received: from sandelman.ca (unknown [IPv6:2607:f0b0:f:2:812:88ff:fe79:302e]) by tuna.sandelman.ca (Postfix) with ESMTP id 9F6E638EC6; Mon, 11 Sep 2023 15:14:06 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sandelman.ca; s=mail; t=1694459646; bh=cNR+7XjwTvSQP3PsdOi73gAEkmOLRkJQjNGePgO6Ch8=; h=From:To:cc:Subject:In-Reply-To:References:Date:From; b=QhjeCW3qPVbtN8EU7yRMdIYsxF6Nu6x7AfDCkrKhg7haetnLGvmXejt5z+U06+IEp U22/AsQuaRW7hUdSn7JLMf4k5msbOJ1ewc3a47n9bS9RjIqv/rJfmOJOcMnVrlNlY4 RS+MGPZvtD0RrVNwYIsIBOqHAriYenz9Te7cWLtKATezaPuu4OK2vJWV8Zw41XMyFz ka0yv0E/5dGn2S6UT0RE9SQFBxGUBzQR713rExknR2p9I0rkxlAsN6nPp604nDYYZj C2h1jqJgGDLc4tRtK7+vV288BneK4z5462KNzRgBmY5oY8Hf03UqcVEEyYHyZpHloL jxj+ASk3QLLhg==
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 9AFC7499; Mon, 11 Sep 2023 15:14:06 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
cc: suit@ietf.org
In-Reply-To: <6ecb8ce2-95ff-4e49-497f-f21bfaf41306@gmx.net>
References: <MW4PR09MB988694F9A88981948F4290B4F0E0A@MW4PR09MB9886.namprd09.prod.outlook.com> <GV2PR10MB7438B53F9EA845B2B78BB17BEEE6A@GV2PR10MB7438.EURPRD10.PROD.OUTLOOK.COM> <23882.1694384458@localhost> <6ecb8ce2-95ff-4e49-497f-f21bfaf41306@gmx.net>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 27.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Mon, 11 Sep 2023 15:14:06 -0400
Message-ID: <8856.1694459646@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/TMAp4lXECLmJv02wmlOguT6LFtA>
Subject: Re: [Suit] WG: WGLC on draft-ietf-suit-firmware-encryption-14 due on September 11, 2023
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Sep 2023 19:14:14 -0000

Hannes Tschofenig <hannes.tschofenig@gmx.net> wrote:
    >> 3. "The author treats the distribution system as the initial recipient"
    >> this is also not-standardized, and I think might involve some kind of
    >> integration with a sales channel.

    > This is not standardized, as far as I know. However, this is the area of
    > classical Web APIs.

My point in listing it as out-of-scope being that it requires a decision for
someone trying to produce a complete solution.  This is also a place where
other bodies (OPC, Thread, MATTER, ...) could well have a profiling role to play.

    >> } the distribution system needs to know about
    >> } the properties of the deployed devices
    >>
    >> how does this distribution system know this? Is it derivable from the content
    >> that the author/sender provides, or does it require configuration?

    > If the distribution system, which is more than a file server, encrypts
    > the payload it needs to know what content key distribution method the
    > device supports based on the keys it maintains for the devices.

Yes, but how does it know what key distribution methods the device supports?
Assume that we have a distribution system that is installed and maintained by
the OwnerOperator of the network.  For instance a campus or enterprise
network, or a *building* automation network.  The intent is for this
distribution system to provide firmware update services for a variety of
device types (maybe several dozen different types) from a variety of
manufacturers.

    >> I suggest that the different ways of using AES-KW, with common KEK across
    >> devices, vs per-device KEK be clearly named and listed a different options.
    >> And then third option of different CEKs!

    > Let me think about given the versions different names.

1. Per-device-type symmetric key. (PDTSK?)
2. Per-device symmetric key, singly-encrypted firmware. (PDSKS)
3. Per-device symmetric key, unique-encrypted firmware  (PDSKU)
4. Per-device ES, singly encrypted firmware. (PDESS)
5. Per-device ES, unique-encrypted firmware. (PDESU)

{PDTSK makes me think Saskatoon. Also Pacific Daylight Time.
But, I'm known for my whimsical naming.}

    >> Is there a case where all devices have the same g^y?

    > No, not in this document. Should there be?

I'd rather that there was not!   Some people might think it simpler.
That would be:
6. Per-device-type ES. Singly Encrypted firmware.

    >> Ditto comment about PIC becoming more and more common, and anyway, compile to
    >> two different slots.

    > Where is PIC becoming more popular? Which RTOS supports PIC?

My impression is that it is often default for RIOS-OS, and/or RISC-V.
My impression is that the problem has usually been compiler support.

    >> I think this section 7 could be an appendix.
    >> sections 7.1/7.2 seems more of a standard statement, and contains BCP14
    >> language.

    > What would be the benefit of moving the text to the appendix?

Not everyone needs to know, and it seems that it buries section 7.1/7.2.

    >> Thanks for including examples with private keys. I think you can mark those
    >> pieces as code blocks so they are more easily extracted.

> What would be the best way of doing it here?

In kramdown, you would use ~~~~ xxxx I think.
In xml2rfc, CODE BEGINS filename.


--
Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide

v2.23.0 | Report a Bug | By Email