IETF Logo Mail Archive

Re: [Suit] draft-ietf-suit-architecture-01

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Tue, 03 July 2018 14:59 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A583130DE1 for <suit@ietfa.amsl.com>; Tue, 3 Jul 2018 07:59:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8T-FDYR7hdRu for <suit@ietfa.amsl.com>; Tue, 3 Jul 2018 07:59:27 -0700 (PDT)
Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-am5eur02on0606.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe07::606]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 433CA130E68 for <suit@ietf.org>; Tue, 3 Jul 2018 07:59:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Oos00yhTDKSbTGaTjefdqCb/aB5TN0F7W/yj3XtKezg=; b=Csxkwxy8sKTqgP/9rLNFVVzY1fruafFBGjKkBCee/XP+0ZA+ZFfSF31xUXf7DgYkd4inzR0mnx9Lb4ihEIWqWwLFHIYOIbtHhmmX3+4I4RU/LX15IFTqbFYBAVFw6FOkFoJpPq0RPVLRwKEuoZ3nabt6w8TBnnSwLcV1XxAgYAo=
Received: from VI1PR0801MB2112.eurprd08.prod.outlook.com (10.173.75.16) by VI1PR0801MB1472.eurprd08.prod.outlook.com (10.167.210.28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.906.25; Tue, 3 Jul 2018 14:59:24 +0000
Received: from VI1PR0801MB2112.eurprd08.prod.outlook.com ([fe80::3549:bcde:85fc:e3db]) by VI1PR0801MB2112.eurprd08.prod.outlook.com ([fe80::3549:bcde:85fc:e3db%10]) with mapi id 15.20.0906.026; Tue, 3 Jul 2018 14:59:24 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Denis <denis.ietf@free.fr>, "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] draft-ietf-suit-architecture-01
Thread-Index: AdQSN1i2C+DHj0ciRqGC4Jr4K4DFEwAfRaCAAApbDoA=
Date: Tue, 03 Jul 2018 14:59:24 +0000
Message-ID: <VI1PR0801MB21127B3F43736CA592FD52B5FA420@VI1PR0801MB2112.eurprd08.prod.outlook.com>
References: <VI1PR0801MB2112A08944328EE625D4DE5CFA430@VI1PR0801MB2112.eurprd08.prod.outlook.com> <ec04d5da-0b76-f4d7-c548-e69579530856@free.fr>
In-Reply-To: <ec04d5da-0b76-f4d7-c548-e69579530856@free.fr>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com;
x-originating-ip: [80.92.118.234]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; VI1PR0801MB1472; 7:vt3iLuC14y/0BPG1toXOD9iz+XCccw3tvLJfLHgx7nykkd/oOGRHpLCoTMRd8KWb2vqfWKVRpLUbZEMB9X+MTGUxwIode5aEhr1b1cl8vvyrKXZM3vD2jbACiqv5hR6Txmnl/iaqfHfS3M9YWjjTARHvH2K+6HxaYjIVUXKH7P8HJ1rUXKlWGP48xPSUSUpAicXY8HYvsQtAk2AP7dEFERY5lQlpvBoghQfpTBlZnd3DGbDJLHWIBvT4Yx3Wemga
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 39afe09b-ceb8-4253-d3f1-08d5e0f590e8
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:(223705240517415); BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989117)(5600053)(711020)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(48565401081)(2017052603328)(7153060)(7193020); SRVR:VI1PR0801MB1472;
x-ms-traffictypediagnostic: VI1PR0801MB1472:
x-microsoft-antispam-prvs: <VI1PR0801MB147226AC4E7184E7441F8CB2FA420@VI1PR0801MB1472.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(192374486261705)(223705240517415)(21748063052155);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(93006095)(93001095)(10201501046)(3231254)(944501410)(52105095)(3002001)(6055026)(149027)(150027)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123562045)(20161123558120)(20161123564045)(6072148)(201708071742011)(7699016); SRVR:VI1PR0801MB1472; BCL:0; PCL:0; RULEID:; SRVR:VI1PR0801MB1472;
x-forefront-prvs: 0722981D2A
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(396003)(346002)(366004)(376002)(136003)(39860400002)(40434004)(189003)(53754006)(199004)(2906002)(186003)(2900100001)(4000630100001)(26005)(229853002)(6436002)(606006)(86362001)(7736002)(74316002)(55016002)(6306002)(106356001)(54896002)(76176011)(33656002)(6506007)(7696005)(105586002)(11346002)(476003)(446003)(102836004)(486006)(53546011)(25786009)(53936002)(6246003)(14454004)(5250100002)(8676002)(3846002)(6116002)(316002)(110136005)(790700001)(2501003)(256004)(14444005)(478600001)(5024004)(9326002)(81156014)(966005)(236005)(72206003)(9686003)(5660300001)(8936002)(81166006)(66066001)(99286004)(68736007)(97736004); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR0801MB1472; H:VI1PR0801MB2112.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: nyz0qJa9Xz5x6FNRQKPtcdUfnleTQOBRFRn4720JbTxJy69qKjpaV2kDuHNqYIagqzsZKB8V5GosEFYf7upwLYaut8Lj29w6LIb67yrA74Ic0MCesRJrtdH2TZLnpPjyvuw/Ggsphv9iCJPW1T0IQ6IPCzXd83hhcH/QP1YsGbU7plUdRf83w81j8kltvvZ/WXZPmNSCrtmp71siBehZAQfKjneoTRO+dMh1KyIUb5EsSGrYL2z6YcGg61WV2ccS+QZfea8NsTZcCVQfvziLFrQ5u1VzTfR8FRiKhNw3FtRFinA5lsP7yGK3z2l6EI5xhRZmY0Ik7a2kASWNFAQ4TpuUS1phlb8j1cw7G1I0tAA=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_VI1PR0801MB21127B3F43736CA592FD52B5FA420VI1PR0801MB2112_"
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 39afe09b-ceb8-4253-d3f1-08d5e0f590e8
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Jul 2018 14:59:24.3798 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0801MB1472
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/sfmS7PaLr5rBaMc3EuLmh6ppqOI>
Subject: Re: [Suit] draft-ietf-suit-architecture-01
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Jul 2018 14:59:32 -0000

Hi Denis,

I think the risk of installing an old firmware version is covered in the information model document, which goes into the details of what a manifest has to contain. See Section 3.2.1 of https://tools.ietf.org/html/draft-ietf-suit-information-model-01

There are essentially three types of documents the working group is aiming to produce: an architecture document, the information model for the manifest and one or multiple serialization formats. You have been looking at the architecture but the appropriate document to read is the information model spec.

Ciao
Hannes

From: Suit [mailto:suit-bounces@ietf.org] On Behalf Of Denis
Sent: 03 July 2018 11:59
To: suit@ietf.org
Subject: Re: [Suit] draft-ietf-suit-architecture-01

Hannes,

It is well known that software updates are often done to address a security issue. The same applies
to firmware updates. The current draft is lacking to address protections against the downloading of
an old firmware version. The threat should be mentioned in the security considerations section.

The main body of the document should mention mechanisms to prevent the replay of an old version
of the firmware.

Denis

Hi all,

I have just submitted version -01 of the architecture document. I have incorporate feedback from the working group, such as

*         New terminology,

*         Updates on the operating modes

*         New architecture figures,

*         New use cases (by David Brown)

Here is the new version:
https://tools.ietf.org/html/draft-ietf-suit-architecture-01

Here is the diff:
https://tools.ietf.org/rfcdiff?url2=draft-ietf-suit-architecture-01.txt

Feedback is appreciated.

Ciao
Hannes
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.



_______________________________________________

Suit mailing list

Suit@ietf.org<mailto:Suit@ietf.org>

https://www.ietf.org/mailman/listinfo/suit



IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.41.0 | Report a Bug | By Email | System Status