Re: [Suit] Ripple20

Eliot Lear <lear@cisco.com> Tue, 16 June 2020 16:39 UTC

Return-Path: <lear@cisco.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 89A163A00C0 for <suit@ietfa.amsl.com>; Tue, 16 Jun 2020 09:39:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.6
X-Spam-Level:
X-Spam-Status: No, score=-9.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s8JbOKTneUZP for <suit@ietfa.amsl.com>; Tue, 16 Jun 2020 09:39:50 -0700 (PDT)
Received: from aer-iport-4.cisco.com (aer-iport-4.cisco.com [173.38.203.54]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5EAED3A00C4 for <suit@ietf.org>; Tue, 16 Jun 2020 09:39:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4208; q=dns/txt; s=iport; t=1592325572; x=1593535172; h=from:message-id:mime-version:subject:date:in-reply-to:cc: to:references; bh=lSnz3UVolIZ4Mk8Yp4WmktniTasghoKUC82DujyEO1E=; b=YJt0sYqoW4bBiP46Vo21FmYPUJ7kiR9yhuXuyEerbXFzIQNu8DnpaOoU twqHu7Sb6MWboItQa1Ud68RpKXSsvKv6Z3prmkGVMJdUvSos6Hgnoe3by 3DZbkmcZJQeEi3pGQERXXdLuy7xVmj/RkasP+me0h0CXgKgkNlDM1MXug s=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CoAADL9Ohe/xbLJq1mGgEBAQEBAQEBAQEDAQEBARIBAQEBAgIBAQEBQIFKAoEhgQdvVAEgEiyNJYgIk2qIEgsBAQEMAQEYAQcPBAEBhEUCghglOBMCAwEBCwEBBQEBAQIBBgRthVsMQgEQAYUeAQEBAQIBAQFsCwULCwQULicwBhMagwwBglwgD7UcdIE0hDoBgRaFCAaBOAGMdIIAgREnHIJNPoJcAQECFAOFDYItBLRCgmSDAYU+kGADHZ5omyqQWINOAgQGBQIVgWoigVYzGggbFTsqAYI+PhIZDZIPhRSFRD8DMAIBAQEIKgIGCAEBAwmGMYpkAQE
X-IronPort-AV: E=Sophos; i="5.73,518,1583193600"; d="scan'208,217"; a="27113785"
Received: from aer-iport-nat.cisco.com (HELO aer-core-2.cisco.com) ([173.38.203.22]) by aer-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 16 Jun 2020 16:39:28 +0000
Received: from dhcp-10-61-101-14.cisco.com (dhcp-10-61-101-14.cisco.com [10.61.101.14]) by aer-core-2.cisco.com (8.15.2/8.15.2) with ESMTPS id 05GGdRut031483 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 16 Jun 2020 16:39:28 GMT
From: Eliot Lear <lear@cisco.com>
Message-Id: <9D9F401F-3DD8-48F7-92F5-9B5AAEF1D8E0@cisco.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_48111F68-3B91-4524-82E9-EF2773FC0967"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\))
Date: Tue, 16 Jun 2020 18:39:27 +0200
In-Reply-To: <F6BDED6E-B812-4CE8-9CDF-FC0CC2D4DB38@vigilsec.com>
Cc: suit <suit@ietf.org>
To: Russ Housley <housley@vigilsec.com>
References: <F6BDED6E-B812-4CE8-9CDF-FC0CC2D4DB38@vigilsec.com>
X-Mailer: Apple Mail (2.3608.80.23.2.2)
X-Outbound-SMTP-Client: 10.61.101.14, dhcp-10-61-101-14.cisco.com
X-Outbound-Node: aer-core-2.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/tXeYgP9zlf-aPgaiz33XyEAGg0Y>
Subject: Re: [Suit] Ripple20
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Jun 2020 16:39:53 -0000

Thanks for passing that along, Russ.  This is also an interesting test case for the discussion that we just had re SBOM.  The focus of that work has largely been on OSS.  Well.

Eliot

> On 16 Jun 2020, at 18:22, Russ Housley <housley@vigilsec.com> wrote:
> 
> Just in case anyone forgot why SUIT is so important to the IoT ecosystem...
> 
> https://thehackernews.com/2020/06/new-critical-flaws-put-billions-of.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Cyber+Security+Blog%29&_m=3n.009a.2250.sd0ao0e9al.1eue <https://thehackernews.com/2020/06/new-critical-flaws-put-billions-of.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+TheHackersNews+(The+Hackers+News+-+Cyber+Security+Blog)&_m=3n.009a.2250.sd0ao0e9al.1eue>
> 
> 
> _______________________________________________
> Suit mailing list
> Suit@ietf.org
> https://www.ietf.org/mailman/listinfo/suit