IETF Logo Mail Archive

[Suit] CALL FOR ADOPTION: draft-tschofenig-suit-firmware-encryption-00

Dave Thaler <dthaler@microsoft.com> Tue, 25 May 2021 16:34 UTC

Return-Path: <dthaler@microsoft.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A50653A145B for <suit@ietfa.amsl.com>; Tue, 25 May 2021 09:34:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Level:
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.698, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VvlEhee7yL4N for <suit@ietfa.amsl.com>; Tue, 25 May 2021 09:34:28 -0700 (PDT)
Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2138.outbound.protection.outlook.com [40.107.94.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E65543A145A for <suit@ietf.org>; Tue, 25 May 2021 09:34:27 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=UvCHD6UZmtd9/oBTaxUbay7tjrvLOD89BDpVZsxt588H1PO05N/8AuDqy3Mhg9iQ5RkJsg5dxax4f6h6WiLnPTizK+xW6bh0IfnsS+XziMO+qY+PtuV0gYQzyoVzldO7ZET+o4rKDqhQHvPswVsxnlewJoyDaNQKNYBIWIeld0/jrCSfoGzAhyS9I0OSEt8YEFRV4f8XF/QtALnLLHSL/mR0azKo41uu8h5lOJHFG15BWS4D+Uk6AfzGAi6+1gRyQ4qqmqTMGAg84rBIVdoQiUbexS+oS20GGdaYdjjeRpvVppZ3kFrVZYLoGyN47+auOY0DCEBPgPegzBJNFA6ZAA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DZQGJvERZK6XONfrBv9T4gEmjkMJvf8UpCschisgW9Y=; b=nkOlbv6a0AvjgfUzoBGetkd1Sq3guPjgJPWMs9qMMWUvwsvmpBHtYwdgOvRP465yTIKCfXHVMPJPRsBFm8iLR83qE9HjDTbWBk7mZE339d9I/Iny1IIB3X1XNgMpcj54BxiVeqcgI+3aZYY+quKDmsz1+GbgmJH8b3tHlGkqkj2Tg0AmVjw1n3RWnW5wXRQfAhpHBwoYMnPkYxVwVXlmvhowNz6fGOxYV3l0YDpuqDFxzCzC0eOnj5VEXCkLZrnnNc5yjYHQzwY3JdtpBa5KXBoZ3KOaaYeOk/vJWTTOZ069yHj3o6gYfrDyLYg9puSPeHFNjanb2dJJi1Ro/49lGw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DZQGJvERZK6XONfrBv9T4gEmjkMJvf8UpCschisgW9Y=; b=R7Sxwp0BWtYzWuyrhyr63PuybFJIwBSIeDzoyWLY+j6ZGWXMaRCJuplhj3MWqY+U3BEiwUzv/lAX5s6FCGV552f8nwdxrsDwZQKTlvb1xqCn52UDWjjwi67p153n4dV0D3gLTsBIOd485UNKFvvbXiBBA/Xc0VyU6v0idgZtk0g=
Received: from BYAPR21MB1736.namprd21.prod.outlook.com (2603:10b6:a02:ca::18) by BY5PR21MB1474.namprd21.prod.outlook.com (2603:10b6:a03:21f::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4195.3; Tue, 25 May 2021 16:34:26 +0000
Received: from BYAPR21MB1736.namprd21.prod.outlook.com ([fe80::f0e0:2fd9:341b:205]) by BYAPR21MB1736.namprd21.prod.outlook.com ([fe80::f0e0:2fd9:341b:205%4]) with mapi id 15.20.4195.002; Tue, 25 May 2021 16:34:26 +0000
From: Dave Thaler <dthaler@microsoft.com>
To: "suit@ietf.org" <suit@ietf.org>
Thread-Topic: CALL FOR ADOPTION: draft-tschofenig-suit-firmware-encryption-00
Thread-Index: AddRg3fQaFjYe9FrTJSvertDodlLAg==
Date: Tue, 25 May 2021 16:34:26 +0000
Message-ID: <BYAPR21MB17367676E79695C128DFB7E2A3259@BYAPR21MB1736.namprd21.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=8af80bd5-e1c8-42df-b5a7-2101bda064cc; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2021-05-25T16:31:42Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=microsoft.com;
x-originating-ip: [2601:600:9700:15e:f519:3329:159b:f2de]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: ac0cbcf9-0dba-42ae-c41c-08d91f9af625
x-microsoft-antispam-prvs: <BY5PR21MB14740B80DD650ED18257412EA3259@BY5PR21MB1474.namprd21.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 60YfKdjYPJj1dWkzm9P9OuXE9Og14IzSbskPtqm1K1/+7bbkQwK5ne7JhM65iTTzirpOZq84QxWs376C6Iz7jC90UdEX2KVfqVEhIHKMYEpJZZecdMLMyepccU/TfvQ8AA2bF9eut0tuew72NcKnmiwkeC1jiL/nUJ48pufVxhgh/NsaJlbw7irYPgDdXO0sCFcGrSTYPrFjMzQCZpQRi/+n+NSnfIzfymc4lAWnASwCySWFXR4dyq0x8YGei2CovXXFyDhHaJgqz8wkiAKznA7Dstz7YD+Ac/sRk5IS19/U2qeBfIoa4RlMzMb9i07NqAYVM2wk6LVrtfZVe/5ENzcQm/RSb6GnzHtWJhn+1yv9kvMyaGyLdiB6Se22d5q2MAXvh5bMgBV3DJyg6YgcizRWaqae2OnCpysLVq2+3s//gX1lDNMVFYZ7y0hsxuTfWX4dFFVheD7PNVVIHRuQbpAXcvjXc4e9ps2b+aZ8ONaf/A9N93qozVXeTUSRNL7K7/JIAX4DwZf/cESJIqTZgn9Ei8IQDzUrgy+He3/JGbUKPgup1NVL4ApffzdKOY1/jaNOfiXDLdM6J9cQCj2N/pCc6xfZwcYBrzUZrLbJ75rQu1DPfEGe98ptoSQzm7kNj/YMV7KWjdiPX3It1BKVTNA3XNnGByRXXqOpUDHU3qfnaZzul+e9bwh1w0GYizejynFB6CSMLKQs+qwLh/5Jwg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BYAPR21MB1736.namprd21.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(9686003)(8936002)(8676002)(71200400001)(10290500003)(5660300002)(7696005)(166002)(6506007)(186003)(2906002)(8990500004)(122000001)(83380400001)(53546011)(66476007)(316002)(52536014)(66556008)(66946007)(6916009)(66446008)(82960400001)(82950400001)(64756008)(76116006)(38100700002)(478600001)(966005)(33656002)(55016002)(86362001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 2
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?mcA/vbl2BcU90cUt/oz0OXUmeALNSawJiIOnigiI58M2xPkZOYeL9Db8/1wq?= =?us-ascii?Q?JiWI3SuQLrf1qkrc9TWjyhNro0FYMokLQyP7q/iTkKijDgdMGtNhZJdezhbw?= =?us-ascii?Q?m1+dGtRrl1qe25DpGXpjYlQTnwZLK+gjAE4EvQYoU7DHDNtXkr4FhjmT7hZz?= =?us-ascii?Q?R1bFzIsKeeJNrkIIhI4AyxOKI6SPL7aZRluhvPp74D7gQiyIUBIMFZGbPh7F?= =?us-ascii?Q?6+I2KH2Dfgd2mOCa6hNaxxaPQjVQ/4ieDsmJMN6aA8cuEN5EsCYNA8J2HkXy?= =?us-ascii?Q?Us+GD8tILwHBw+4/+Pd3W2wqAKU2a808HxJO//M/jyKRY1QZt8Z3S3xl74B4?= =?us-ascii?Q?+u1kPOoqGchFtpXr0DJpFAAWukdqdYitTt5jTAZmJv0vBKGlhmzYOxHdr7Ig?= =?us-ascii?Q?1qkGwhJfB69Q3aWIa+uFy6jLNqSfKcbty9DynWhYeOFhcFAJbTwXON5XTFLS?= =?us-ascii?Q?n4TeI3+paH89iqrPdeg0s64Xv2jBFxE4WlovzEfdjAS08I+Q23Zn5Hpu8Wy9?= =?us-ascii?Q?RnPz5fj6fZCPcwFOKSHONrxsMilt5H/N/ynv9EaMbyymTTCluk9FR9qP5oMz?= =?us-ascii?Q?0F3c5FzPc5La7SIrHPMe+TtzrVhvnLAwiqC9evyWAx+hLv6NEsRVQM0QqsmL?= =?us-ascii?Q?udXN0ugDLdtzGe5JniPFX321tCfMjQsJr+diGQwzWtkBCZoQfCVgr8TWG4nh?= =?us-ascii?Q?Lcri3PDIAenf6jBbNXZ5l6YjY3w/NIWVM85bgZwKkJ1wHCsjUUERA/DqzjlE?= =?us-ascii?Q?DNTSweP31GvO9xmG2wXgKimSD8ZvUwd3TU3XBnQrka+UKTrbYJ+NKr4AI+4/?= =?us-ascii?Q?onO704G/0IODQy/JwpnrFo03dta9qSm3U+WiEiGR77RdSf8inHIEfXmdtKP7?= =?us-ascii?Q?2EREzHVCb0/gVVWbwF33EBTAa0cfawKKkynJ7uT6TmbOj01O8CMoqbDZigs+?= =?us-ascii?Q?EyXnuo48yK3lyEEwOHQHOVYsHS/vO+4Q1gZ7UQs1?=
x-ms-exchange-antispam-messagedata-1: QWtV3ftU7I53IdK7WiDndExvLTyzwc6U2mdtgzhXEMVQSk2PJQI0DoLwiOUdn9f+b/FmzssedepqhHdVlRz5AP/mFEAGd5kkM+vRLGL8Ae9UBCXW9NuEcle49Dy7vqEUBPh+MzZfbQbAFawL13dxF39opHSFOIa6zV1VLQea59izWwGXyPE/eC+3IzHf0S3TqzBxN1VdvMaSjs25JPluL0tYNfRyphpHk3vcvHG4Ytp0eQgRWDLxFABuBHjhGgwZTBfXPwl18ENbem/UHyGMB6xKYm17hCklGF/Yze1qFeU7P4vprN8ItXdJGKvTVGI9apPFPeHmFUm5QAs4qGTQrONNf6vKYPma5YlbuLJPdGdEn3t0jWx9zTPAbJvP3UkWyAac+1zwFCr7K5yP/bSxJbAU
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_BYAPR21MB17367676E79695C128DFB7E2A3259BYAPR21MB1736namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BYAPR21MB1736.namprd21.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ac0cbcf9-0dba-42ae-c41c-08d91f9af625
X-MS-Exchange-CrossTenant-originalarrivaltime: 25 May 2021 16:34:26.3001 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: tdgNDOTWUaMVTSH6nX0M2FcCbgyKSFw+rNEboGxVsBgyCxEL+TpbhZwERomz4lumz4RJX+Dp6GNrnreQGRrBVnb0VV74hngtRyCEMCMyfFA=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR21MB1474
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/gU8FiJWrvv1OSICoz0xyfqk1q4E>
Subject: [Suit] CALL FOR ADOPTION: draft-tschofenig-suit-firmware-encryption-00
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 May 2021 16:34:33 -0000

This email begins a 3-week call for adoption of draft-tschofenig-suit-firmware-encryption
to complete on June 15th.

The document was discussed in the interim meeting today and within the meeting attendees
there was support for adoption, and we previously agreed that this would be within the scope
of the existing charter.

Please speak up before June 15th if you have any concerns with adopting.

We hope folks will use this as an opportunity to review the document either way and post
technical comments to the list.
https://datatracker.ietf.org/doc/html/draft-tschofenig-suit-firmware-encryption<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-tschofenig-suit-firmware-encryption&data=04%7C01%7Cdthaler%40microsoft.com%7C7f9d7b308faf4c3dbfd108d91f716dd9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637575394861209432%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0&sdata=8gaBeyYbHpDsyPAx%2F2wIh%2BmxD%2FBXv78ZWV8dB3Svwqk%3D&reserved=0>

Dave

From: Suit <suit-bounces@ietf.org> On Behalf Of Hannes Tschofenig
Sent: Tuesday, May 25, 2021 4:37 AM
To: suit@ietf.org
Subject: [Suit] draft-tschofenig-suit-firmware-encryption-00

Hi all,

At the last IETF meeting I presented the hackathon results of the firmware encryption work. I talked through some of the challenges in implementing firmware encryption with COSE and the group decided to put the guidance of firmware encryption into a separate document.

Here is a first write-up of the firmware encryption for SUIT using AES-Key Wrap and HPKE. This is a first version and still incomplete. The solution for AES Key Wrap is in better shape (thanks to Russ) than the HPKE-based version. Unlike what I presented at the last IETF meeting this document uses HPKE for the public key encryption mechanism. There is code available for HPKE even though it is a fairly recent development in the CFRG. HPKE is used with the TLS ESNI and the MLS work.

I wanted to submit this snapshot for the virtual interim meeting today.

Here is the draft:
https://datatracker.ietf.org/doc/html/draft-tschofenig-suit-firmware-encryption<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-tschofenig-suit-firmware-encryption&data=04%7C01%7Cdthaler%40microsoft.com%7C7f9d7b308faf4c3dbfd108d91f716dd9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637575394861209432%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0&sdata=8gaBeyYbHpDsyPAx%2F2wIh%2BmxD%2FBXv78ZWV8dB3Svwqk%3D&reserved=0>

Ciao
Hannes

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.8.7 | Report a Bug | By Email