Re: [Suit] WGLC on draft-ietf-suit-firmware-encryption-14 due on September 11, 2023
Dave Thaler <dthaler@microsoft.com> Mon, 11 September 2023 21:38 UTC
Return-Path: <dthaler@microsoft.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E36EC16950F for <suit@ietfa.amsl.com>; Mon, 11 Sep 2023 14:38:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.112
X-Spam-Level:
X-Spam-Status: No, score=-7.112 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ljTG170JTBYU for <suit@ietfa.amsl.com>; Mon, 11 Sep 2023 14:38:56 -0700 (PDT)
Received: from DM6FTOPR00CU001.outbound.protection.outlook.com (mail-centralusazon11020018.outbound.protection.outlook.com [52.101.61.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DF5C4C16950A for <suit@ietf.org>; Mon, 11 Sep 2023 14:38:56 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RiKbtd/EYAre3HlQ09iSuX2ZjkTQ7SwEsGIHGsbMgmJpGQlIWVm8+EDId0qcetJ1lmeRbdclHRETMHnmRUwzTvtUR8cas+UIUFAYT//JAYE1O8+V3/57p3vEvTeRL6H212q8ildskixdNNv5xpB43BkTKFU0Fu3nwBSrdjteGsFmSICLohDdSgQ/THSHanwzFRZmB/UU74AzTT2j0P0XZjWMA1+7EL4G+Luj58nMO7DKownRXGbdekkt/pcSOG6TAsqGAkQ9xg7pqw9WYMo+OnYguS6Al1nzNkW1djDSP5lWbtJk9Zfc8T75GY8LHM3SDObqjCU6zlf0xCN/fgOzmA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=+Pn/nvvPScujRO6ewcCS66S+te6KqIxREwhae6mhrzM=; b=JJsDHcE8wLmjovTU8D8TtxLz0tdNIPEKFsmu882rD/V27QdUFk2yZErMrzuLedJKBCs9ORKliNTgNMU3SjQEuTlZgfc07tblEF2sMXB9Qutp5UzmHRh0ZxQzN6iusVNF0KHFQPjieizYTfJ6OVioK2y4kmVtqPn0vy5TqAe9y4kPYBtAVjIRMAO4VbYCxwTvh/lu0XhGfUc6ogCSPXOqNfNHkwvMlAmaEb/EXsyu1U1LrJosjRn1B0z0asftEiwd8B4fgRsLOTdsfRhDSz25J0JG2Fe310mgG+WaqJbf0TKC5P79WAc4xPvjZMvVmXe8mWimSlNLlubS2UqC1YP7Aw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+Pn/nvvPScujRO6ewcCS66S+te6KqIxREwhae6mhrzM=; b=T+gU+oB3Re4lIcG79YAt7fy8UH4hyAQssS+RYHErXB3Ttg2btVe6Mi9T2zaREH2nZU2YzOKwF38iLuEbNXL+HRHx8XjLQUQkxPKPomDAcybvj0qCluCMouqVY3TIAw+hcQGSia2kakxxvzO+CAPnmLI2ehwDaSqllvn7kv7qQNs=
Received: from PH7PR21MB3878.namprd21.prod.outlook.com (2603:10b6:510:243::22) by MN0PR21MB3535.namprd21.prod.outlook.com (2603:10b6:208:3d0::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6813.5; Mon, 11 Sep 2023 21:38:53 +0000
Received: from PH7PR21MB3878.namprd21.prod.outlook.com ([fe80::ec5c:279e:7bfe:50e9]) by PH7PR21MB3878.namprd21.prod.outlook.com ([fe80::ec5c:279e:7bfe:50e9%3]) with mapi id 15.20.6768.005; Mon, 11 Sep 2023 21:38:53 +0000
From: Dave Thaler <dthaler@microsoft.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>, Russ Housley <housley@vigilsec.com>
CC: suit <suit@ietf.org>, "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>
Thread-Topic: [Suit] WGLC on draft-ietf-suit-firmware-encryption-14 due on September 11, 2023
Thread-Index: AQHZ3cROqODjVmMMJ0OTwsE+PK7RCLAI4wmAgA1PO3A=
Date: Mon, 11 Sep 2023 21:38:53 +0000
Message-ID: <PH7PR21MB3878A6BC10BDB5429892C49BA3F2A@PH7PR21MB3878.namprd21.prod.outlook.com>
References: <MW4PR09MB988694F9A88981948F4290B4F0E0A@MW4PR09MB9886.namprd09.prod.outlook.com> <004401d9dd16$d8895c40$899c14c0$@gmail.com> <1508AED5-7C5C-476E-8697-85B6F6D67ABB@vigilsec.com> <bc4f078c-396f-3ba9-1628-d63e2dc63191@gmx.net>
In-Reply-To: <bc4f078c-396f-3ba9-1628-d63e2dc63191@gmx.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=a22f745a-ffb9-4ea0-b0b2-a13e7244c834; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2023-09-11T21:28:26Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=microsoft.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PH7PR21MB3878:EE_|MN0PR21MB3535:EE_
x-ms-office365-filtering-correlation-id: c0cf68fb-8c15-4f7f-734f-08dbb30f7e8e
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: R3LjnKJNJasIT1GOgLV0bpMdHCSEnjo93A/jABJKmFxq+qbeHw6wAYA6z7OhrCmZyo0GkjrmUOL0JEJZUVNK8vkllFyx+p5K198F+c+phoudIewUQjM9cNbC7YQyF7+uFeOtUp3KQ6xNqiOCLJ5P/z1q67MOtESnSq1EuNlfdPh6UTWSgjnAv5BOZVAebFM255VxYg0on9Z7QcGRJiNx1uJNSFtSA9BFeJY4n4igr7H1DOLI8J5Dz3S3yK4wwiAb/hu+0oymPZn8NIbhYGYWSzrMD5zn8LVGsIIUuN2dJ5C+HakjpDjBdnB7f9eN18/075iEEyjyiAd2/YTx22+w3pd+ydhhum4gK4vCy8dzphdpmKT+peDWfMMUMed/1GLh8NoJ94/YA1aJ6pDDcQ9Kue9yKeCr7YIVp28DczNuyXfxAIU1CXq99rDQZWfk2HgpZu7ryTpMW9SLzrX/Rf0F5F2MlGGIitKZit2k+2VAUyUwiOX9sM8Y15Cftb0xVegTWdP3uJa0QO+Z6d1yCA+rMZ/ok4KSAfzc0XkDnyGOidb9/JnIxfdPMK+lDdxwUCjcaxj0zAzziLdZpcgcjKzU8ZGxHSCVZpkQDKGq2h0Ru3RsLoPZV/CmWTY5lJQ1byRSV0YLe/nZ6iNoSoYI9KLTm4lqRq1Otq5Zs8fe5UrCrsY=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH7PR21MB3878.namprd21.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(346002)(136003)(366004)(39860400002)(376002)(396003)(1800799009)(451199024)(186009)(9686003)(7696005)(71200400001)(478600001)(6506007)(10290500003)(83380400001)(4744005)(2906002)(110136005)(8990500004)(316002)(54906003)(66446008)(52536014)(76116006)(64756008)(66476007)(5660300002)(8676002)(66946007)(41300700001)(8936002)(4326008)(66556008)(122000001)(38100700002)(38070700005)(86362001)(33656002)(55016003)(82960400001)(82950400001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 3FjrssssWP7kVO1fG+OdxhNjukExuWIUlpXGQH6Gvpj6xcyWxXgF9qnvZ5s3HLlTd5E50B42aq+faxZUazhubYleIlEs+g1uOqAFli//a43s+E5jlBbTnGaWdUz75iYpdMwZ/Um09ayQI8vonF532B7DVVeImCkk7Qdn6a4zRyQt2q4IXvRfsC0pwxOgb3NzdUqaIOxDUz+Go54XyJFWuaNMUsaouezFqNu3gudioSSoGsBXDBC60/cxsM+bgu4PGxZZsbjkqTU/UDNetSsKgrsaBgGryMsI664bQPf1gxvK0vJXvJsnDC5hCf2E1fvvYzLvN2v9YZ7Vcm/IKmNEYexmnmQPawYxXehptrQp9a+9a2oju3+GW3SYyZr8oGEjLreOfBmi3tVa2TfON+I1RZXRTEFz2AWcjmT2NW+VC15/e7lFnTiu44M9H5RumYa/NB5+XhXkK4bviVgIlthifWmf2ku68qxEBMf5V0G0f0Wv1WKEcYvwRRD82MsPfbc4DzSX3ftLZpyqGRGNu4F3sstXgWvESh6ymsDrXVWhtZC0HoFYvYfe6Zp1Ji9B+qvO4mu2MtBedVf7LqT+9kIzkYjCsi4WJqXwynT3wZNtldtooQhcgDhI0r10lqAHQp6bQoIFgGc64YHxOhgVrJoPn2Pmi5ceFPqiXb2FVdl9UrAPomqIrUEqrynHbIlXRZWRHnpR8lMUI5a58eEDdyg8Yf+r1HElQPfQSQoNX5d/H7sXEScHzsK73vf3zT7THb0LJDEn3jUlt+YC2ugOnHBH9XuY5XJ+1YgLqGGWtM8ioU33LCyJfiMBY0LWYVSurMeaM7Rbvn+5nxDxKQuAUT1Gbi7LNiB9Y6bWKOJLdFgE0LnrTLv2LzZBkag6kkv/4D9ZqlQiTi/ytX15QHmXzSdea/fECvDgoEqVvJL0Cz9GP68cJmN/Nl7pkX0m2+GlF5wgPt7OXiIt7Fvi+ahWTmogLbnxjWyiyz5Ph4EduOx8uIbE82V+OfUtrwfdvu2RWzSvTTDBFjDNYL3brUy9NEyJpQH4JYlFTJapzcVk4+/C+nFgmN0OciKi+PAuXroCnZ8wjpHs0Rt7h1KiEAP9h8NB4JoVYzcyLpXIC+1+CWadTblbW4ZdCF7YjRGPaW2LHqM14zR78LVmiOMgTnO01Ugmvc3tYywVCcR1r8rDQye26TgMXLKIGdyj0yL+YHsgdPB8zUSKWajwiEXEuRpYxV10ebXs/Q8CTTo3Y2NmwnvlHRyKrNqbJDVmttTodpGBUG68sebMYZt53BhnPA6eCdcuRCSc/lRx50DolsqbbLhlflVgxVgW8JeQ9i8Z7WStzKJWLM2IjSME6JG+B3pP0RAfAJF7xXscMaFiYdgOyo37fRE0qDAUPMnIUx4EhCNHp1QPaFf4G9/ke1o+7QUBLkkuZDJRrgjKV1Y1HpElIHxYSt254VlSmdb7TWMKDIpZ9ZheGmQ21/EVJoL/viP5IbxXK7y845rwVp0JJfZKYXs0uWN2+Bmc7Nv96ktsKenujG/b4LHwddtTnXp3ntB+WIOlAQaIf2GTT6nDc2du8A9ImBYhT36cDxrPr2Qkvqk/JjVbrhgCOu7ID43cPaJCXDHZyPWE207pJnXVwoIAQiQEFQ61z4E7tRgS47GYatlv34OACvW9aRkWNqBastjfvJHkBw==
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH7PR21MB3878.namprd21.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: c0cf68fb-8c15-4f7f-734f-08dbb30f7e8e
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Sep 2023 21:38:53.1916 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 8+UvLm4LMqOONeTrnTyz0IMGmtaTXr/D5o+sCtJumMsdfH9Tb6IBVN3Gf3azpyXqpbKhZZnVCxWkh4VebnBay/9RW9xgmYtmMWOomc+2+8o=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN0PR21MB3535
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/lZfsQAMoOE3FXV7aZ39EUtQWuiE>
Subject: Re: [Suit] WGLC on draft-ietf-suit-firmware-encryption-14 due on September 11, 2023
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Sep 2023 21:38:59 -0000
As I agreed to in the meeting today, I just did a pass over draft-ietf-suit-firmware-encryption-17 to verify that my previous comments on -14 were sufficiently addressed. 6.1.2: > This deployment option is stronly discouraged. An attacker gaining s/stronly/strongly/ 6.1.4 Example: > * Algorithm for payload encryption: AES-GCM-128 Question: Should the example instead use A128CTR now that suit-mti has been changed? Same question on 6.2.5. > Appendix A. A. Full CDDL Redundant "A." Otherwise looks good. Dave
- [Suit] WGLC on draft-ietf-suit-firmware-encryptio… Waltermire, David A. (Fed)
- Re: [Suit] WG: WGLC on draft-ietf-suit-firmware-e… Christian Amsüss
- Re: [Suit] WG: WGLC on draft-ietf-suit-firmware-e… Hannes Tschofenig
- Re: [Suit] WGLC on draft-ietf-suit-firmware-encry… Russ Housley
- Re: [Suit] WGLC on draft-ietf-suit-firmware-encry… dthaler1968
- Re: [Suit] WGLC on draft-ietf-suit-firmware-encry… Marco Tiloca
- Re: [Suit] WGLC on draft-ietf-suit-firmware-encry… Russ Housley
- Re: [Suit] WGLC on draft-ietf-suit-firmware-encry… Hannes Tschofenig
- Re: [Suit] WGLC on draft-ietf-suit-firmware-encry… Hannes Tschofenig
- Re: [Suit] WGLC on draft-ietf-suit-firmware-encry… Marco Tiloca
- Re: [Suit] WGLC on draft-ietf-suit-firmware-encry… Hannes Tschofenig
- Re: [Suit] WG: WGLC on draft-ietf-suit-firmware-e… Michael Richardson
- Re: [Suit] WG: WGLC on draft-ietf-suit-firmware-e… Michael Richardson
- Re: [Suit] WG: WGLC on draft-ietf-suit-firmware-e… Hannes Tschofenig
- Re: [Suit] WG: WGLC on draft-ietf-suit-firmware-e… Michael Richardson
- Re: [Suit] WGLC on draft-ietf-suit-firmware-encry… Dave Thaler
- Re: [Suit] WG: WGLC on draft-ietf-suit-firmware-e… David Brown
- Re: [Suit] WG: WGLC on draft-ietf-suit-firmware-e… Tschofenig, Hannes
- Re: [Suit] WG: WGLC on draft-ietf-suit-firmware-e… David Brown
- Re: [Suit] WG: WGLC on draft-ietf-suit-firmware-e… Michael Richardson
- Re: [Suit] WG: WGLC on draft-ietf-suit-firmware-e… David Brown