IETF Logo Mail Archive

Re: [Suit] suit-firmware-encryption-00

Michael Richardson <mcr+ietf@sandelman.ca> Mon, 31 May 2021 16:41 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D8763A1E28 for <suit@ietfa.amsl.com>; Mon, 31 May 2021 09:41:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Mdb8nPJyYv1u for <suit@ietfa.amsl.com>; Mon, 31 May 2021 09:41:33 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B13393A1E27 for <suit@ietf.org>; Mon, 31 May 2021 09:41:33 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 79AB438C44; Mon, 31 May 2021 12:41:46 -0400 (EDT)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id UMsObpiZ34NH; Mon, 31 May 2021 12:41:44 -0400 (EDT)
Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id 44E5238C43; Mon, 31 May 2021 12:41:44 -0400 (EDT)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 98E3726C; Mon, 31 May 2021 12:41:29 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Russ Housley <housley@vigilsec.com>, "suit@ietf.org" <suit@ietf.org>, Hannes Tschofenig <Hannes.Tschofenig@arm.com>
In-Reply-To: <F6C86CC2-3AF8-4CC5-BB47-AC6579DAA0C4@vigilsec.com>
References: <19586.1622075797@localhost> <DBBPR08MB5915CEC125579D78C108D540FA3F9@DBBPR08MB5915.eurprd08.prod.outlook.com> <F6C86CC2-3AF8-4CC5-BB47-AC6579DAA0C4@vigilsec.com>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Mon, 31 May 2021 12:41:29 -0400
Message-ID: <13894.1622479289@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/kj3XO6Egs0nM3HwhoKXJ03JEDdY>
Subject: Re: [Suit] suit-firmware-encryption-00
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 May 2021 16:41:39 -0000

Russ Housley <housley@vigilsec.com> wrote:
    >> I agree that there are also challenges with certification schemes that
    >> prevent developers from seeing the source code (or from publishing the
    >> source code). That's yet another issue.

    > SUIT is using signature for the authentication and integrity of the
    > firmware.  If the signature remains in place, a party in the middle of
    > the distribution cannot insert any malware.

The encryption of the firmware keeps third parties from auditing the software
updates to determine if malware has been inserted at the "factory"
Both white and black hats are currently using binary diff systems to look at
patches.  Black hats use this to develop exploits in the gap between 9am EST
and 9am PST!
I am suggesting that this is a "Security Consideration"

    >> Can an ECDH be part of an IDevID?
    >>
    >> [Hannes] You should be able to answer that question...

    > Are you aware of anyone that is putting key agreement public keys in
    > the IDevID?  I thought everyone was using signature keys.

Yes, that was the point of my question.

--
Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide

v2.23.0 | Report a Bug | By Email