IETF Logo Mail Archive

Re: [Suit] SUIT rechartering: proposed text

Roman Danyliw <rdd@cert.org> Fri, 05 November 2021 15:31 UTC

Return-Path: <rdd@cert.org>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 297C73A104D for <suit@ietfa.amsl.com>; Fri, 5 Nov 2021 08:31:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=seicmu.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MpHaKSSRFNSD for <suit@ietfa.amsl.com>; Fri, 5 Nov 2021 08:31:10 -0700 (PDT)
Received: from USG02-BN3-obe.outbound.protection.office365.us (mail-bn3usg02on072a.outbound.protection.office365.us [IPv6:2001:489a:2202:c::72a]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E581E3A104C for <suit@ietf.org>; Fri, 5 Nov 2021 08:31:09 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=DBKkE4DUf7BQ+Nd9lcKbq9YluR2PaD8UYwM4QkcrLDFX1HE5MxY/LXURNFb+doNdmVeHEEb45+QxkioXuk/ZU0is1eckqJHONwVGxCk10fRCW3oWd+kqI1562rpF/pcqWcauSPQWuEDxgCGeSTWSpQZev0GP9kisHZ3Yar+XYLVdp/ASjBEZI0z5Fy0yfWbs99xAyqmp0Rp+gtWgr0ypqHl1P/rMFAwlVYm5tbYmbF9hsBvTEuClmlMS4OcReLZnDp9av1R/Z6kHuXaNreQXJj1iBlAGLzii86s6PaIpQZVFV4eRP+JRnYyV4P+u2C/hUZySG/HlZki1gpawpeslpg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=BUx46RbtPeR/CIV5f03RJvUOD6ACqn6inkvQiWsVc2M=; b=srIXIYi9yhqUyxlQ6vP+AeXYSV2JDABnSLKEPzYfP38fFITka7DbowqgpgcZOgI0YCuPkLu9g5JcJS7jeQe9HgBGllvkcFMBfHDWOcUSEP1R+RMu4iX3xhRe2fDWIDEdlHs/Gbf3ctaSlsbj/NMwzsbMxBQI8ysuXy2aXEIJC84KCacBhpfX7NF2l8uh9n7/8e1bpmK4LiWZ6XzbJJWBxL865GNMpd7zmqRSZrzDOx13y0B1KNu2dZyIc3j3aATLhlfaAWfTGYfsKzuVmnO1iD4ZuJA7bhqgJLN3cqO5SEyPPLWGQ52NoZ+P95duPLqwLMnXCLfSniyH4WPbkqDnZA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cert.org; dmarc=pass action=none header.from=cert.org; dkim=pass header.d=cert.org; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seicmu.onmicrosoft.com; s=selector1-seicmu-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BUx46RbtPeR/CIV5f03RJvUOD6ACqn6inkvQiWsVc2M=; b=KwqTP/9A1w/Xd61tKgugtrZYu968YJHLgLTR+A2/6qW+5s50hRU9GMhecT073k0NUPAhFZpe+Shkm/0F0d8SKCDRbfh7fzyEfOHW8uB6GdQazLvXYR8mXIbH7Fcilgla9GPyoysZ03hOeWdVe61DV7qVRqbo/+F6qbKPxCQFqVU=
Received: from BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:134::12) by BN1P110MB0883.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:135::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4628.18; Fri, 5 Nov 2021 15:31:04 +0000
Received: from BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM ([fe80::4463:48d1:9769:567f]) by BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM ([fe80::4463:48d1:9769:567f%6]) with mapi id 15.20.4649.017; Fri, 5 Nov 2021 15:31:04 +0000
From: Roman Danyliw <rdd@cert.org>
To: Russ Housley <housley@vigilsec.com>, suit <suit@ietf.org>
Thread-Topic: [Suit] SUIT rechartering: proposed text
Thread-Index: AQHXBIFCYdPbq2i4MU2UU0mwBdcWBqpbCE+AgACrygCA5PDNAIAAD0eAgABJdoCABbYOgIAGNsuAgATLooCAABhQAIAMxcoAgAMvKoCABLADAIAHEPaAgAB4T4CAAARFAIAAARaAgAABMACAgR8ZAIAHZXpw
Date: Fri, 05 Nov 2021 15:31:04 +0000
Message-ID: <BN1P110MB093911A420389098A6444B29DC8E9@BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM>
References: <66D84CE5-22E6-44F0-8239-8A5832326219@arm.com> <3E7D5E5B-03EE-4EDD-A951-FB119F72DDE8@arm.com> <16339.1613515194@localhost> <E4B87013-1498-463F-98C0-5FF13344C3EA@arm.com> <6FC3F38A-B067-4180-ACD9-A121162EA459@vigilsec.com> <26718.1626138395@localhost> <MN2PR09MB4841BA0A0CC978E70A09A509F0119@MN2PR09MB4841.namprd09.prod.outlook.com> <67F117E7-28F2-45F3-BC4C-AC8116BCB69F@vigilsec.com> <SN6PR2101MB0943178F1E627E78A1343AE8A3E59@SN6PR2101MB0943.namprd21.prod.outlook.com> <50B65F80-808D-4591-9D4D-2346796DA204@vigilsec.com> <1944E3C3-9348-4574-AE26-4133BFD932B0@vigilsec.com> <CH2PR21MB1464AC4D50A932EC45A3B369A3EF9@CH2PR21MB1464.namprd21.prod.outlook.com> <3944F4E6-9644-4D23-9DB0-B0AC0490AB51@vigilsec.com> <A460F3FC-0EC6-4B8F-9D8C-D40AC841E602@arm.com> <20192.1628612087@localhost> <CAN40gSsvPrnMzUrQASo7nmJJKYGjNm=GNtOd9v9+a7Ni1waCCQ@mail.gmail.com> <CH2PR21MB1464E5F803ED4E22B6D90DD3A3F79@CH2PR21MB1464.namprd21.prod.outlook.com> <2002841D-85D6-41AB-B214-963174485119@vigilsec.com> <8A3FC35F-E993-4899-9213-A2DCA8D1F857@vigilsec.com>
In-Reply-To: <8A3FC35F-E993-4899-9213-A2DCA8D1F857@vigilsec.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: vigilsec.com; dkim=none (message not signed) header.d=none;vigilsec.com; dmarc=none action=none header.from=cert.org;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 741e554e-3726-44e4-9223-08d9a07147d3
x-ms-traffictypediagnostic: BN1P110MB0883:
x-microsoft-antispam-prvs: <BN1P110MB08836DBCD8D68390E910E8BCDC8E9@BN1P110MB0883.NAMP110.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: DsIGK+boyFCfx11skwoDGFWBlNX9VIGQ4PSSumdrH2Efuos0eeg3M4sNj09zciQOlNHEH/Ws4cw/nECl6egq6NXsaiIYU2x3tsc1d/cuiwIfDiWRozUkbagAEy34ro4G+zAgVjkg1Je2i9bl25gQiHceDfjNj6OkxP5NiI4lauNHxivoxmC9ZmckAi4zQCvmP4k/z4rFEjqVXn37ltK07KdWb3zKmg78h8UtKDcNMZHg3e4nDrgGjIG6k4qPl6+08SRIEW///Njj3xm/0H0LTwrGCTc0QDhY4NV6kSqXPOhgTz0N6r7bXFZTMkK59ddqc07b5j8vdYZODLYZuLj4lNpxqO6a0NGFxbzufyCKGH2MQWmjb1aeN+Q/SEjUpRHgwbm7UWNqC1uVSWl+hzpIlZybh1ove7o24opp+7Ku61DEE/3+WYJ7fGu33jf+K0PzqstYiBIMx5TY1AcuiAvLsJrWdlvFHfeG6iMAfqQJxmngqbvGM1XfDbpmfYTjiGVYHvXUkkFLE5jbnsjkX1M+DQin9g0TkY6cv0p52uqOxwMTWb3jJ9GYpGtXOs/CWt9NbTxKqogZkIigAZ/VZ6bbsRyrtCp/NSQa0Zxws6f+PuiTNifdrZfLn+zsHkyLcL4s0keW1j/wbTzUAstsLOGXbhT5228c7mKbBVuQd8q4edt+7UJJ6HOlAXkwLXgb7nTDH8D12wewgtrvm8zk9fO3Mw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(366004)(186003)(66574015)(2906002)(76116006)(26005)(66556008)(38100700002)(83380400001)(66446008)(64756008)(498600001)(9686003)(55016002)(66476007)(7696005)(66946007)(52536014)(6506007)(122000001)(38070700005)(53546011)(966005)(8676002)(86362001)(8936002)(110136005)(71200400001)(5660300002)(82960400001)(33656002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: AWYhKzzhJE8Emv+1Nrd//0sjsEcnH0k8pnruyJRXBZyyB1s9cr2fqKFzMsM4nTp9YGcFfDyHoxwfG91K/L4lAwKV3KAsP65fNiM2EWW3Owe871dmYrX08RLpVLwVIfMu6oXlIJjEyDHv3NObJZq2UvnBFRBgggQGjjI/0sdw1resNjqZgQKUz8HMqRs2tPHg9o9wPpG5g4sv4r9ruF6FrROA2glTqiiCsdx2dMEldQ94yZX/VoTo2IPRXJLm907RljyPIq0QDO8LjLfgulZXy+SVthmoxcptA4bInbXPl4Uu1K/ix1FyIovfOEjMUxzFu4unzx0iKnZGomtd2fhiJVaAyjXUHdkmSzPJ2p/PMrQ7AEltE42FNdD64jXkRGj5SFKXSsW/ryEQnxslK5IRw60umItNEtKiHFcZF+GF0yhT3smbvd+3crJwh2D0U3b3i1dlQf1JoS0CSnNisKkm3yDiSIkiTSg0fZddz3iY/ACBxuiXh7M3BZFi384uem5y0pFGRvuTmrSwkbNxzgPBtcdpdJ78IFQ/BQxAEL9LzJU7OqeRs/4JL2dosXEiToUM1E7BLtwbrUzdSlHy78gfJ8odWeXpk8rrMs1qCeR0gCaXuuw0gUUm3eQT2aRtRzL5qz9VSu9t0dqYJOFvjL2BhRWerUO77mqxksxeU+ex/iGzxDLL5AedVBz9FoL64X/4yYeQo2ir1hhDWujrkkmT5w==
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: cert.org
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 741e554e-3726-44e4-9223-08d9a07147d3
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Nov 2021 15:31:04.5083 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 95a9dce2-04f2-4043-995d-1ec3861911c6
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN1P110MB0883
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/kaqfk8oUX0TWx-CRsQkwrVNFSG0>
Subject: Re: [Suit] SUIT rechartering: proposed text
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Nov 2021 15:31:16 -0000

Hi!

To make it easier to reference it and perform diffs against prior text, I've upload the charter text from the WG into the datatracker.  

For the full text, see https://datatracker.ietf.org/doc/charter-ietf-suit/

For the diff from the last approved charter, see https://www.ietf.org/rfcdiff?url1=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fcharter-ietf-suit%2Fwithmilestones-01.txt&url2=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fcharter-ietf-suit%2Fwithmilestones-01-00.txt

I support the spirit of the additional scope.  We need tighten up some of the language to get it through the review process.

(a) Editorial.  Be clearer on the motivation.

OLD
To support the SUIT manifest format, the SUIT WG is also defining formats that
enable a SUIT Status Tracker to determine if a particular manifest could be
successfully deployed to a device and determine if an operation was successful.

NEW
To enable the SUIT Status Tracker, the SUIT WG is also defining extensions to determine if a particular manifest could be successfully deployed to a device and determine if an operation was successful.

(b) We need to be consistent on the approach taken to describe the scope of extensions.  Specifically:

-- We have both a generic clause for scope on "Extensions to the SUIT manifest for optional capabilities ...", but then the bullet concludes with a specific instance with " ... including firmware encryption".

-- There is a stand-alone bullet on making a MUD extension, "A SUIT manifest extension to include a MUD file as defined in RFC 8520"

Should we have both caveated support of optional capabilities?  Is there a threshold we need, say "... when there is broad applicability"?  or limited to specific applications/utility?

Should we enumerate the extensions were already want to work on here (firmware encryption, MUD, Software IDs/SBOM, multiple trust domains?)

(c) Should be provide a milestone for deciding on where the joint RATS-SUIT work will happen?

(d) We also need milestones for the new scope.  Judging from what's in the current document list (https://datatracker.ietf.org/wg/suit/documents/) is that:

(previously defined, still open milestone)
Feb 2022  Submit an initial manifest serialization format to the IESG for publication as a Proposed Standard.

(new milestones)
MMM-YYYY Submit a SUIT Manifest firmware encryption extension document to the IESG for publication as a Proposed Standard (draft-ietf-suit-firmware-encryption)
MMM-YYYY Submit a SUIT ??? (draft-ietf-suit-report-00)
MMM-YYYY Submit a SUIT Manifest MUD extension document to the IESG for publication as a Proposed Standard (draft-moran-suit-mud)
MMM-YYYY Submit a SUIT Manifest extension that enables support for multiple domains document to the IESG for publication as a Proposed Standard (draft-moran-suit-trust-domains)
MMM-YYYY Submit a SUIT Manifest extension for ??? to the IESG for publication as a Proposed Standard (draft-moran-suit-update-management)

The currently unadopted document could also have a corresponding milestone of "Adopt ..."

Regards,
Roman

> -----Original Message-----
> From: Suit <suit-bounces@ietf.org> On Behalf Of Russ Housley
> Sent: Sunday, October 31, 2021 4:27 PM
> To: suit <suit@ietf.org>
> Subject: Re: [Suit] SUIT rechartering: proposed text
> 
> Dear SUIT WG:
> 
> I have not seen any new comments since August.  I would like to send this to
> the IESG.  Any last minute concerns?
> 
> For the WG Chairs,
>   Russ
> 
> = = = = = = = =
> 
> Vulnerabilities in Internet of Things (IoT) devices have raised the need for a
> secure firmware update mechanism that is also suitable for constrained
> devices.  Security experts, researchers, and regulators recommend that all IoT
> devices be equipped with such a mechanism.  While there are many proprietary
> firmware update mechanisms in use today, there is no modern interoperable
> approach allowing secure updates to firmware in IoT devices. In June 2016, the
> Internet Architecture Board organized a workshop on 'Internet of Things (IoT)
> Software Update (IOTSU)', and RFC 8240 documents various requirements and
> challenges that are specific to IoT devices.
> 
> A firmware update solution consists of several components, including:
> * A mechanism to transport firmware images to compatible devices.
> * A manifest that provides meta-data about the firmware image (such as a
>   firmware package identifier, the hardware the package needs to run, and
>   dependencies on other firmware packages), as well as cryptographic
>   information for protecting the firmware image in an end-to-end fashion.
> * The firmware image itself.
> 
> The SUIT WG is defining a firmware update solution (taking into account past
> learnings from RFC 4108 and other proprietary firmware update solutions) that
> are usable on Class 1 (as defined in RFC 7228) devices, i.e., devices with
> ~10 KiB RAM and ~100 KiB flash.  The solution may apply to more capable
> devices as well.  The SUIT WG is not defining any new transport or discovery
> mechanisms, but may describe how to use existing mechanisms within the
> architecture.
> 
> The SUIT WG has already completed work on two documents:
> * An IoT firmware update architecture.
> * An information model for the SUIT manifest.
> 
> Now that the information model is complete, the SUIT WG has selected the
> CBOR serialization format and the associated COSE cryptographic mechanisms
> to encode the SUIT manifest. The SUIT WG may consider a small number of
> additional formats in the future; however, to reduce the complexity of a
> firmware management solution, a very small number of formats is preferred to
> enable SUIT maifest integration and interoperability with other IoT
> technologies and ecosystems.  To support a wide range of deployment
> scenarios, the formats are expected to be expressive enough to allow the use of
> different firmware sources and permission models.
> 
> To support the SUIT manifest format, the SUIT WG is also defining formats that
> enable a SUIT Status Tracker to determine if a particular manifest could be
> successfully deployed to a device and determine if an operation was successful.
> 
> In addition, the SUIT WG will work with the RATS WG to specify claims related
> to the SUIT Status Tracker that can be used to provide evidence in support of
> the architecture that has already been defined by the RATS WG.
> 
> The SUIT WG will continue to work with silicon vendors and OEMs that develop
> IoT operating systems to produce implementations based on SUIT WG
> specifications.  In particular, the SUIT WG plans to continue to participate in
> IETF Hackathons.
> 
> The SUIT WG document deliverables are:
> * A SUIT manifest format specification using CBOR.
> * Extensions to the SUIT manifest for optional capabilities, including
>   firmware encryption.
> * A secure method for an IoT device to report on firmware update status.
> * A SUIT manifest extension to include a MUD file as defined in RFC 8520.
> 
> In addition, either the SUIT WG or the RATS WG will produce:
> * A set of claims for attesting to firmware update status.
> 
> _______________________________________________
> Suit mailing list
> Suit@ietf.org
> https://www.ietf.org/mailman/listinfo/suit

v2.23.0 | Report a Bug | By Email