Re: [Suit] SUIT Architecture document review

Michael Richardson <> Wed, 16 October 2019 15:47 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 62CF61207FD for <>; Wed, 16 Oct 2019 08:47:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 1.436
X-Spam-Level: *
X-Spam-Status: No, score=1.436 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_SBL_CSS=3.335, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Zz2NQv57KFLt for <>; Wed, 16 Oct 2019 08:47:34 -0700 (PDT)
Received: from ( [IPv6:2a01:7e00::f03c:91ff:feae:de77]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 4EE6712022E for <>; Wed, 16 Oct 2019 08:47:33 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTPS id 8F4ED1F455; Wed, 16 Oct 2019 15:47:31 +0000 (UTC)
Received: by (Postfix, from userid 179) id D6CF6D34; Wed, 16 Oct 2019 17:48:24 +0200 (CEST)
From: Michael Richardson <>
To: Henk Birkholz <>
cc: Hannes Tschofenig <>, Kathleen Moriarty <>, "suit\" <>
In-reply-to: <>
References: <> <> <> <>
Comments: In-reply-to Henk Birkholz <> message dated "Wed, 16 Oct 2019 16:41:04 +0200."
X-Mailer: MH-E 8.6; nmh 1.6; GNU Emacs 24.5.1
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature"
Date: Wed, 16 Oct 2019 17:48:24 +0200
Message-ID: <>
Archived-At: <>
Subject: Re: [Suit] SUIT Architecture document review
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 16 Oct 2019 15:47:35 -0000

Henk Birkholz <> wrote:
    > That said, in theory the SUIT manifest could be used to update basically
    > things of any size - not only constrained nodes. But I agree with your point
    > that this is just a "title" problem. There are solutions, such as package
    > systems,  in place that would require a quite more complex and elaborate
    > attestation infrastructure and that is not the scope SUIT is targeting, I
    > think.

An Android IoT device is effectively an RPI running Android code.
Yes, it has a Linux kernel and file system, and yes, it can load "apps", but
in practice, one would always want to replace the entire system as a unit.

A Mozilla IoT device is also an RPI running Raspbian, with nodejs running
the application code.  It has apt for packaging, etc. and that's useful
during development, but shipping that would be dumb.  Ship a signed file
system image.

Just remember that RPIs are as big and powerful as the laptop you had ten
years ago.

    > m2c: wrt to number of secrets and endorsements that would have to be
    > maintained per device we also want to be as minimalist as we can be while
    > remaining feasible, I think.

Michael Richardson <>ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-