IETF Logo Mail Archive

[Suit] Integrated payload sizes

Brendan Moran <Brendan.Moran@arm.com> Tue, 19 November 2019 15:05 UTC

Return-Path: <Brendan.Moran@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6DB1F12092A for <suit@ietfa.amsl.com>; Tue, 19 Nov 2019 07:05:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=zzAOcd/N; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=armh.onmicrosoft.com header.b=ojVjY8Ct
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pI4PhTHeKlsc for <suit@ietfa.amsl.com>; Tue, 19 Nov 2019 07:05:40 -0800 (PST)
Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-eopbgr40056.outbound.protection.outlook.com [40.107.4.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ED0551200F5 for <suit@ietf.org>; Tue, 19 Nov 2019 07:05:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UF71mhUhcv4I10eSt5N9/bm6q2J8KbL2wIEJaWZ0PLU=; b=zzAOcd/NCgk+oYRs3RD1bQQ9REyZMKgiNUQA4cjhOyHODshsjK5qwhn7GRvkUKAC9Hx6kFPZjfPRkaf6fxcvZY6Wx3FI1m54F5mqBJecxBngVXVjHzi4i438XdvuwQrQo+9amRlybGyOJG91OTUQOUoIbIfI2pJPnjHgumRaXo8=
Received: from VI1PR08CA0127.eurprd08.prod.outlook.com (2603:10a6:800:d4::29) by AM0PR08MB4291.eurprd08.prod.outlook.com (2603:10a6:208:13b::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2451.27; Tue, 19 Nov 2019 15:05:35 +0000
Received: from DB5EUR03FT024.eop-EUR03.prod.protection.outlook.com (2a01:111:f400:7e0a::203) by VI1PR08CA0127.outlook.office365.com (2603:10a6:800:d4::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2451.23 via Frontend Transport; Tue, 19 Nov 2019 15:05:35 +0000
Authentication-Results: spf=fail (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=none action=none header.from=arm.com;
Received-SPF: Fail (protection.outlook.com: domain of arm.com does not designate 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by DB5EUR03FT024.mail.protection.outlook.com (10.152.20.67) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2451.23 via Frontend Transport; Tue, 19 Nov 2019 15:05:34 +0000
Received: ("Tessian outbound dbe0f0961e8c:v33"); Tue, 19 Nov 2019 15:05:34 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: 8d3cd3a8e58c43fd
X-CR-MTA-TID: 64aa7808
Received: from c596c62d38da.1 (ip-172-16-0-2.eu-west-1.compute.internal [104.47.9.56]) by 64aa7808-outbound-1.mta.getcheckrecipient.com id F0AA2F74-1FBB-4585-8371-03DCFD1EBE83.1; Tue, 19 Nov 2019 15:05:29 +0000
Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-ve1eur03lp2056.outbound.protection.outlook.com [104.47.9.56]) by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id c596c62d38da.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384); Tue, 19 Nov 2019 15:05:29 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XSL+fh4Tk37dnm9+IW/eupeuAMjz/0CHgOB++93xaUxquTXDrYKmFU1KWMam0caLT9Z7irrydCrc//3pDM3byO+kr4QdsH6AIGabpjxa+pMGbzcYx9yWb3NsmgUDoBrx0KkMtePhdZLe7TblNZ47DT5EVfBgTrucBjTekuHVCNCFTBRTQ8hAJT4RFguF38jfUEFqplC47ixTA4T6B9srT5+Su5IwUSltWUV8mnhLL4suFpk1EnpH2y4oW24SigNNhuGerDgoZaTxqYGjYQZmyYhlsmWVRpUxkxihm9lQescjW8A9RDHiP7RI2uUyoHRldRSJ4rhL+Zj/pNZmE3YBYg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Kcxaivqco90ZWymhowktu6wJXZ0K0pqDskBESFt6Cpk=; b=TZiNy3Ks/mQDw4I+H/KSX4uvjibRrZ6lrLooluYL7nLCxBwnhHnCvSlH3OJIwhu2UHJc9bKzXkF6Uvdxzptj0A9K/zVd0bnt+jNX5cITAj2So3aU3y+NEfL8Eu+C3d0uWReX2EBfTUfWA0QMETWXLxjMxDNy9xMK7kg76WfNkHdFJcRUumYRI2kBwtbTazGJDraiU6BpkT8pRRQEziAe2qjiuWV439EwAaR7H7TY5/r8s/AVN4Swa3g9tSwI35/hw7kyaRAy1LnRzIF/2hwxQadCBMM/MId66TCHD+1CenSEz5gRx1ioQo4LZFxbgKkyNueaGLYIZABf0VpOcnm9+w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Kcxaivqco90ZWymhowktu6wJXZ0K0pqDskBESFt6Cpk=; b=ojVjY8CtKXuVeFYmbtcHy+Z2tvFTgBc0dVvCfmlEGMLeuXymZ5yjZPNVw0Dx4cP4b+yqLXlFs53su25enUSS1av2W6fIzS1wWsHMuMD9svTnI21PdL5tZF4YJdE8mU8SSvWoOEsoD4sHA0zfCbQPSbnXn0r9Iocc4gU5giZVL0U=
Received: from DB6PR0801MB1879.eurprd08.prod.outlook.com (10.168.84.137) by DB6PR0801MB1845.eurprd08.prod.outlook.com (10.169.226.18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2451.22; Tue, 19 Nov 2019 15:05:27 +0000
Received: from DB6PR0801MB1879.eurprd08.prod.outlook.com ([fe80::81c3:481c:2371:9637]) by DB6PR0801MB1879.eurprd08.prod.outlook.com ([fe80::81c3:481c:2371:9637%9]) with mapi id 15.20.2451.031; Tue, 19 Nov 2019 15:05:27 +0000
From: Brendan Moran <Brendan.Moran@arm.com>
To: suit <suit@ietf.org>
Thread-Topic: Integrated payload sizes
Thread-Index: AQHVnurHAP30iPXVekajoUfE4+3BRg==
Date: Tue, 19 Nov 2019 15:05:27 +0000
Message-ID: <6DD147FC-FD5E-4043-B09F-5988D2D71B20@arm.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3601.0.10)
Authentication-Results-Original: spf=none (sender IP is ) smtp.mailfrom=Brendan.Moran@arm.com;
x-originating-ip: [217.140.106.51]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: 3693095e-2957-4659-c916-08d76d01edee
X-MS-TrafficTypeDiagnostic: DB6PR0801MB1845:|AM0PR08MB4291:
X-MS-Exchange-PUrlCount: 1
X-Microsoft-Antispam-PRVS: <AM0PR08MB429185F936A79A046A528F4BEA4C0@AM0PR08MB4291.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
x-ms-oob-tlc-oobclassifiers: OLM:10000;OLM:10000;
x-forefront-prvs: 022649CC2C
X-Forefront-Antispam-Report-Untrusted: SFV:NSPM; SFS:(10009020)(4636009)(366004)(396003)(39860400002)(346002)(136003)(376002)(199004)(189003)(51444003)(6916009)(486006)(102836004)(966005)(478600001)(14454004)(66446008)(66946007)(66556008)(8936002)(66476007)(99286004)(64756008)(50226002)(316002)(33656002)(8676002)(36756003)(5660300002)(25786009)(81156014)(91956017)(3480700005)(76116006)(81166006)(186003)(6506007)(6116002)(3846002)(7736002)(2616005)(476003)(66066001)(86362001)(2906002)(6512007)(236005)(6436002)(54896002)(6306002)(606006)(14444005)(256004)(6486002)(7116003)(71190400001)(71200400001)(26005); DIR:OUT; SFP:1101; SCL:1; SRVR:DB6PR0801MB1845; H:DB6PR0801MB1879.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: muZUZVRruARVMr+njTCkhOV8BdRRk+jC0YwTBWbjHUH9R/yDSLvk5soLgwLXeQyOjy32BWxGdJiheY7UiQVpqglcJVHa8tCBGlxECq4691wrrndIeYqOWqSqIn/MtP53yjb9UHem0GsdzVxNd1GT7L8MHWW4f7rNQ8sbfprciYnFQK9G+4kwEAYfLs4momE1jeXUMyWOW5jAtqrQtyGrczIji6Ky6a3bAhlHaXSNcHNhMd/S2qAui0oLyiXKv8O88JHuxRSSrW+AYK7YTwHqH8++SpISoQn53oqQfW/WqWU4dKjM7C7x5alEaoEXd/hvPhbvDCtRPP9uqKF1hlP+BpGfJ9kvvjdHAVX7Kz9A9wgqv6l+71qqfNCr1J2h3P7YTRMiNSVRPMwpNbMHUbQW8NB49FDB6x0SORBtbAXBvw3Mvb9GcizuW4Se1vEQI6JFmrvdNEn7Wxt7OklfEL+LeyB0xVVg/kc7x0Z9cY8rmpo=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_6DD147FCFD5E4043B09F5988D2D71B20armcom_"
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR0801MB1845
Original-Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Brendan.Moran@arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: DB5EUR03FT024.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:63.35.35.123; IPV:CAL; SCL:-1; CTRY:IE; EFV:NLI; SFV:NSPM; SFS:(10009020)(4636009)(136003)(376002)(39860400002)(396003)(346002)(1110001)(339900001)(40434004)(199004)(189003)(51444003)(6506007)(33656002)(6916009)(76130400001)(478600001)(14444005)(99286004)(45080400002)(5024004)(33964004)(6512007)(50226002)(236005)(26005)(26826003)(70206006)(14454004)(36756003)(7736002)(966005)(30436002)(70586007)(81156014)(8676002)(81166006)(66066001)(86362001)(336012)(6486002)(8936002)(186003)(486006)(5660300002)(22756006)(7116003)(606006)(102836004)(3480700005)(316002)(16586007)(6116002)(476003)(25786009)(2616005)(54896002)(71190400001)(6306002)(356004)(126002)(105606002)(4546004)(3846002)(2906002); DIR:OUT; SFP:1101; SCL:1; SRVR:AM0PR08MB4291; H:64aa7808-outbound-1.mta.getcheckrecipient.com; FPR:; SPF:Fail; LANG:en; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; A:1; MX:1;
X-MS-Office365-Filtering-Correlation-Id-Prvs: 0fbda8a3-2ecf-422a-7ac8-08d76d01e993
X-Forefront-PRVS: 022649CC2C
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: O20eZe7f0BTh1+IxfJ1QYvTAmM9jZWElUwWuPzYyPFBadUtY5fL1PT/iFZ13/BPTWALjbjUIJdYomWfZbItx/dk3l0KRJWNBYbvLB+tTIyKuXNSYhMjwBTWbASXi+va9NVFDeX85VDJb6V93Ho2bBvPaX0lnfisua0BAKvbC+hPSglTOAOBFnbLYMSdOUB2och+CSTdQ3QNBHThRUXa77Yvu6KwHYBRWRYBL1A8JqSywbRbjl8c8L4Qxb5IYDYP6noZFO25Y7NpAGjpHyVyUVfom4V4a8ZI16onjkWyHdKz5QAei9V2jxifGv6U7qgJ04ltbWJrR2xvEEzD9dwWBPzjOYUHJOr384dHxouSL3yEwG7P36FuxhU/AcM7CU5GRzuSTQKSeIilno9w68Eftg/5iArnk/UaDY0DCNoLXZPK/osJm6PfkioA05mZ9NG2iQlqpcFMkRgFZgZLPKBS+AsFMgh4Eje0quBtH7Dda7eQ=
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Nov 2019 15:05:34.9728 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 3693095e-2957-4659-c916-08d76d01edee
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR08MB4291
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/kXWoj6MeyMC0N7QlVhVQHiafDzo>
Subject: [Suit] Integrated payload sizes
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Nov 2019 15:05:43 -0000

Having considered the payload size question a bit more, I think that I’m now in the position to make a recommendation to the list on setting minimum required payload sizes.

The suit-information-model is supposed to contain requirements in abstract and not in specific. Therefore, I think that the suit-information-model should contain the sections listed below.

These changes are present in a PR on the suit-wg GitHub: https://github.com/suit-wg/information-model/pull/5

I don’t currently see a good reason to set a minimum manifest buffer size (which would belong in draft-ietf-suit-manifest), however that is a discussion that can continue independent of the information model if there are objections.

Best Regards,
Brendan

An explicit TOC/TOU threat, which is the root of this discussion.

### THREAT.MFST.TOCTOU: Modification of manifest between authentication and use {#threat-mfst-toctou}

Classification: All Types

If an attacker can modify a manifest after it is authenticated (Time Of Check) but before it is used (Time Of Use), then the attacker can place any content whatsoever in the manifest.

Mitigated by: [REQ.SEC.MFST.CONST](#req-sec-mfst-const)

A requirement to keep the manifest immutable between check and use.

### REQ.SEC.MFST.CONST: Manifest kept immutable between check and use {#req-sec-mfst-const}

The manifest MUST be held immutable between its time of check and time of use. To make this guarantee, the manifest MUST fit within an internal memory or a secure memory. The recipient SHOULD defend the manifest from tampering by code or hardware resident in the recipient, for example other processes or debuggers.

If an application requires that the manifest is verified before storing it, then this means the manifest MUST fit in RAM.

Mitigates: [THREAT.MFST.TOCTOU](#threat-mfst-toctou)


A note about what kind of payloads constitute a “small payload"

### USER_STORY.MFST.IMG: Payload in Manifest {#user-story-mfst-img}

As an operator of devices on a constrained network, I would like the manifest to be able to include a small payload in the same packet so that I can reduce network traffic.

Small payloads may include, for example, wrapped encryption keys, encoded configuration, public keys, {{RFC8392}} CBOR Web Tokens, or X.509 certificates.

Satisfied by: [REQ.USE.PAYLOAD](#req-use-payload)


A note about expected uses of integrated payloads and a note about the security requirement for maintaining the integrity of the manifest between ToC and ToU.

### REQ.USE.PAYLOAD: Payload in Manifest Superstructure {#req-use-payload}

It MUST be possible to place a payload in the same structure as the manifest. This MAY place the payload in the same packet as the manifest.

Integrated payloads may include, for example, wrapped encryption keys, encoded configuration, public keys, {{RFC8392}} CBOR Web Tokens, or X.509 certificates.

See also: [REQ.SEC.MFST.CONST](#req-sec-mfst-const).

Satisfies: [USER_STORY.MFST.IMG](#user-story-mfst-img)

Implemented by: [Payload](#manifest-element-payload)


IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email