Return-Path: X-Original-To: suit@ietfa.amsl.com Delivered-To: suit@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A432B130E54; Wed, 11 Jul 2018 22:57:31 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 972jmA4QmSju; Wed, 11 Jul 2018 22:57:28 -0700 (PDT) Received: from smarthost1.greenhost.nl (smarthost1.greenhost.nl [195.190.28.92]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E76E7130E0F; Wed, 11 Jul 2018 22:57:27 -0700 (PDT) Received: from smtp.greenhost.nl ([213.108.110.112]) by smarthost1.greenhost.nl with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from ) id 1fdUbV-0006s6-QC; Thu, 12 Jul 2018 07:57:26 +0200 To: David Brown , Dave Thaler Cc: "suit@ietf.org" , "hrpc@irtf.org" , Sandeep Jha References: <11993b06-5da6-e397-3457-de6ecec87bb4@cis-india.org> <20180711235039.GA20649@davidb.org> From: Gurshabad Grover Openpgp: preference=signencrypt Autocrypt: addr=gurshabad@cis-india.org; keydata= xsFNBFriroIBEADfyDpCD8eborMUMXKtZzjo4t2KzrAlUVYgE/TFtrwUP+4Xw4dzakDIzST8 sVYmlXIWhM5NBBTZSQ190vsxrkbi0xxLcXYM2olZEtqkJ8zONZeZLBeGvcfMymtHqD4jHwYb Zm7OXnS45fWDL+HOoMP/VCwEn098rYfnllIkYQD1Gc28Ig+ywjGg8y5p0qMmmmhm2ckgLjnG MJX8t273MSc8wsn/UYH922yif3MQXmrzqgnRl9hRzf90SKqAw38bw7wccb55pIItloKYsi0r zYBKJSOPXn91Z21TpOSTy21M0MZYEAlDn1zeea+q8TggfHNWxOXoKrIm1pqZFRz0k+8i2siJ AHf8bRm/fhukA6szZ6b2nNPxjkAmOv9zvGu6RZGbmeLvQYVBSSnZ67ayZrkKwn7KIyAV6hQM /bVnD8eEZ2tZ0S8lxoZFYSNeMGt2b6WelFZO97/LbjxaJUHd9K8g5H0MwqN1NXoBxRwllVRC 3sVHVoWTBqnKo8qplzvQEAto69PpvuxxKTOFEJeQqmn1b/fo3sLRb4YiIg8Ax+Np7Huzzjk6 vKKgpIwIN7yEUj/ReWi/UA/W4wSg3XkcqTf7h73crnN/1At0PdgozbDV2UbcApaldStP4DfG UiQl0/7MiYLKapDDuSahmoeH3xrNnrzS9BAfuGHezzDbMyPLXQARAQABzSpHdXJzaGFiYWQg R3JvdmVyIDxndXJzaGFiYWRAY2lzLWluZGlhLm9yZz7CwX0EEwEIACcFAlriroICGyMFCQlm AYAFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQrbl/X+ubfC7/bQ//YQv7zqQE433xxsN/ 3GYKoOFccBy3WvV4DxrTskJ3n3k5lfcZolbc8TQksQOTzyerNt2ZA7fsGZa7eFSW+xR4Yq3/ C9o+5FOoHGhyZhb+x17MILhmyvyUNSj7SdKrRISgurMbV2Vv8LxmTcdrK6CdFF6JLH+opzU1 NlRKwZqROPgbYZEB2QFIUbGfgh2I5AXNyV2XbT7fagfkHk+v9AUV7POP2H1+AZ1xq6iFTm2o 9ufNZsp2bInsDohcVBKC3aH2cnFMjvIXpNoUOx8vb5A2xW0aBUTTJDB/uZw53WOg3kehrCNb ZkML3FnDZLRuu1e8DSWmwk5YIoDzt5bMCgfUwb0C6Q+JuM8lC+8CEEa9qamLc+fhvFAzcrWp VWuSaVeLdhe5NxmtlRYNZdGuKy6sRHjwsEWlwzRylhm74fiDR3aA1eIFsfmYLd4z+i1Fp23Y dHJf7/Gor2CmOxphog9DEA9WCuORXfx4De7hoMKwW4gWKw1A8B12Cv4EOkXmCsWsOnfDEarr 2Yl6elxkhQRfKjAesXb0cezRzZgwsWIsbeYsuWFF7Xi6IzUJ27lxU3p5PcyY8O8aDYOn+pu0 YFJ7s3u2VRRgptVZJmkcN3WTApXSHY8fGl5xAakM/bqFJj9uj5zlMnFN2EplC6/mQkfYfy2f siaGTP/GQV4OSuOeuMLOwU0EWuKuggEQAJ4lAzB72gHw4+rbyxmQNNVmvgYVZPjFtO/MQdYi x1QwRP/gxxqPqTd/ZwQvmPGzXRKw10B7uKSRk6YP12+IG0mXJwHGp9q5CWJE0XNGqX3UWbAc KIzxqPNpsf8e6Bv7jdW0YwLBxJ+RW0NNL6uAxz0sr2frbnS+EZB3cU+zOZzp/9YfTUZO2lxF NzgJoErKe/HLp7aBeJXBBcwO0LQlIT80rTZx2KihBa/Ww/y9E9gV/HacJu/Ncb6E/G3e4xGj 9w9L+UW43q01wy+FSUKy9FLc7D40WqQsj8SXZEpl84SyLcJRoX3mtj59bX2SAN2VB2BAksTu qCh00IcIUGfyHziu5PwUWYM96gOhDSocP4wSeiQ8TwLzaffllz2qhdI296a9lCIYIeWVytEd NU9jJ3RbzXAgE0pnDauNXDaQv1FS5jYi8rlslJUxKnrS69BFNjM5RqQ16Cm0C4rKL7/a8wHC r4VjcjSCM8Lzv8YOOitJ9Yt4Y8SVfO5s3YvxcdSr56nX0W3B1kGbG1GpqWTzOgXzGF5bIsbV 7SPecwUs9ShvmLmZzDUxIQ68n4zj3lMZn5I+pP+Ew6nAAiuSmKdr5cygnCH/NVJzil07t+X4 uR6oKHBhuMFYF1c6Wxk36m+EZz5ZHFaT4rN0WDIJdAEqRzD0Z56V6ansDF8y+ksh0SHlABEB AAHCwWUEGAEIAA8FAlriroICGwwFCQlmAYAACgkQrbl/X+ubfC50rhAAloTaq/fZC1gtiVtU wOB+00gEkjgmzt+rLkW+l2EySTST7tje57W83UZwzCX746B2O//Bqardxz9R1Vr0VFiwHA8g 3qeBqPqiv1WoQch/iZ5d/1MxK4A9xDag1uyqLR8RuGlZ8lATmcP3IabKiuiBV4MlFZ7V2Ib6 5ToPf28xxSyjMzTjQObIG0e009uHlu2z+iQVshLyoyVVAOWWa88D6iuBDC/EtBRjlpjLAjuR YhWVYX6KHdVUijKMHN2RqjpX5O2wPL7NcMY/wsTq7EteUeI75hxFvargRXkEt1XR8t52LC0u IE2OjpzY5re/ROUbfsqL8trjAOrSJ+Fx5H8AYl9JaoVxohhxDZgNtgNtPbh/8Nnlf9daj/bh lZcTBO98XLQwMnyHGPdyhIodpWPq2C09Ys3TkQsbcdMMB1pqnEK5Vz1zIKkEEX7QVsLdrz7C 2CFsauc/9PHj+4njCHslXtzBOiVu5FXTnbCwPrLJs5iEUkUCb6qtE/2mSCTrAanzOTTOmqiM cnNTI1Tj0ht462S9VypppQnKCv8shGxXG7BadZTv+pNCA/WfB2kk1sS3ZwB0wBWX4p41fxs+ ArM9ew2SzQ/vBrEfO7ljPfZZmBqH4t/vgAZBnOtTxCGlPEIJqiMqtGHRqIqpiR20QfxEUuXI MfMfa9QJpisdNmqoUyc= Message-ID: Date: Thu, 12 Jul 2018 11:27:23 +0530 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0 MIME-Version: 1.0 In-Reply-To: <20180711235039.GA20649@davidb.org> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="5kIwHbsoyG4SPmgE7x8ftcOPUeVL2Za39" X-Virus-Scanned: by clamav at smarthost1.samage.net X-Scan-Signature: 9484ae446d4f83cee8bf28db5146d16c Archived-At: Subject: Re: [Suit] HR Review: Firmware Update Architecture for IoT Devices X-BeenThere: suit@ietf.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: Software Updates for Internet of Things List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Jul 2018 05:57:32 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --5kIwHbsoyG4SPmgE7x8ftcOPUeVL2Za39 Content-Type: multipart/mixed; boundary="KqBvltYsfTLPLXKHLJhYcIyAb8fimHECm"; protected-headers="v1" From: Gurshabad Grover To: David Brown , Dave Thaler Cc: "suit@ietf.org" , "hrpc@irtf.org" , Sandeep Jha Message-ID: Subject: Re: [Suit] HR Review: Firmware Update Architecture for IoT Devices References: <11993b06-5da6-e397-3457-de6ecec87bb4@cis-india.org> <20180711235039.GA20649@davidb.org> In-Reply-To: <20180711235039.GA20649@davidb.org> --KqBvltYsfTLPLXKHLJhYcIyAb8fimHECm Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Content-Language: en-US Hi, Thank you both for your responses and the examples. In light of those, my thoughts on the encryption recommendation are given below. Also some comments in-line. Overall, I think the requirement level of encryption of firmware image is not sufficiently clear in the drafts. The ambiguity makes it seem like it is truly OPTIONAL, i.e. it expresses no preference for encryption. In my opinion, there is a privacy and security advantage in encrypting the firmware image. Accordingly, the drafts should use the word "SHOULD" or "RECOMMENDED" for it, which would imply that "there may exist valid reasons in particular circumstances to ignore [it], but the full implications must be understood and carefully weighed before choosing a different course." [RFC2119] An alternative may be to demarcate the requirement level based on whether the target device supports decryption. But, my suspicion is that this may lead to tricky grounds elsewhere. On Thursday 12 July 2018 03:37 AM, Dave Thaler wrote: > I believe the argument for it not being mandatory is that many IoT devi= ces are not associated with > humans. For example, factory devices are owned by the factory not a hu= man. Can you elaborate > on what the concern is for such devices that would warrant mandatory en= cryption? Your comment > seems focused on devices associated with humans, and so I cannot tell w= hether your comment > applies more generally to all use cases that are in scope for the draft= s. Thanks, Dave. I completely agree with you in that the privacy concern is more pertinent for devices directly associated with humans (which I understand are also in the scope of the drafts). The concern is less pressing for devices in (say) a factory, where only the security concern may be applicable, i.e. unintentional exposure of device information (including version) to observers and eavesdroppersmay increase the facility's susceptibility to attacks. On Thursday 12 July 2018 05:20 AM, David Brown wrote: > In addition, the range of devices covered by these drafts include > those with insufficient capabilities to support encryption. Thanks, David. I agree.Hope the clarification suffices. I'm thinking about the other questions you posed, and will try to get back soon. Gurshabad --KqBvltYsfTLPLXKHLJhYcIyAb8fimHECm-- --5kIwHbsoyG4SPmgE7x8ftcOPUeVL2Za39 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJbRu3DAAoJEK25f1/rm3wuMuYP/RnZDBUViQo9+o1gAifJ2nxN t6t7ZmdkmuQqSj1K8XLN8KmcIcE6fOGw+56owq3Fwy5S5tfrw9uhKsUuHJQFxU11 zj2Vxbgd4Id3s/SlNt6iGeQRqmKRiJiNg8w3/akcMf8LygRJ04Q5ClnDn19zpY+n hm0Z7rANGf4EJAx0Rtv5GBKeow9uSaOCVlNPymXmzLXiGYV2QTGIBZ4ea4CUKWOH ycoHSpIIBbEDgF7l848pW8CByPtuEcd3xuSkYY4in5+s24abD2zImA7lXi/N/1Xq +lcVBvHeU+Qbm1SS4oGIqrRLrfZ+RbzLAyKz4tnN59Yx5VkYQ0ZKpCFzm0pDwCIu UDMmeTXM99LJqKGQPyRzUNd7F5lVcqUWjB/8aA99vwoGdkPRjw7oN2Gv+KQefbhc h/b1cVTRUdHiPkCuJJYBF3PHpEvFCs0KoSqj2eK9M525KRgSv8yf96WoKhDhopJx nWz4LqFK59qe2+FlqQpBd8UbOl3sB3Yy5OdUCMwanuJ70rwhpuxwggGBoxnsyPEf bFdJGfygBkGBb6J/TiXbo9rOSVyxwRSv/HNRRZswAyP3g5R0ZWcZInzo+PD49ptl Z5EWwxF2TQBGd5Zyn6zt146vnO4b+2cwxtdS8I+AqwNvhdKBtm7J2vUh3gWpRIpF vpMydfV3/1Gnxey9/Zrm =xC8u -----END PGP SIGNATURE----- --5kIwHbsoyG4SPmgE7x8ftcOPUeVL2Za39--