[Suit] SUIT Architecture document review
Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Tue, 08 October 2019 23:15 UTC
Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E5D011200B6 for <suit@ietfa.amsl.com>; Tue, 8 Oct 2019 16:15:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id odvMghcSJfcM for <suit@ietfa.amsl.com>; Tue, 8 Oct 2019 16:15:25 -0700 (PDT)
Received: from mail-ot1-x333.google.com (mail-ot1-x333.google.com [IPv6:2607:f8b0:4864:20::333]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7D1A21200BA for <suit@ietf.org>; Tue, 8 Oct 2019 16:15:25 -0700 (PDT)
Received: by mail-ot1-x333.google.com with SMTP id e11so90079otl.5 for <suit@ietf.org>; Tue, 08 Oct 2019 16:15:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=0rwcnrEaTxpDuLUBP95Dvmujzx2JPOqrWPCr540qsPk=; b=dAgaMHHHrjg6hfIBOa+mMXhYU1xHTg+/qIieQeMTUQHTFEMQTUhr4K+UTp7e1HNM/o pLtqDR9sT/HvCR1bNW0rFR14AAx7sxeqn5TkqeeN/1rpe5d+Aj8d+AHAQhc6YmUwfDT2 BqSDuE1kngnEA3mMgHX89SD+GxDHDiChUfYjXZfLKz3CG625x7SlITlf9s+/DNu/h7Md KLKtZMJKNJeBpJpMPtETTI3PVBvQq96Ll/v49OeIcfdbWHmbbP7DQxXN5AmXTQK8oEfn +/HH6jg1S2//KBSfOk9D6MzFMIYH1r1a2+qpwNrbWc06Qt6+i9xdsOEw77fg6TruSCp0 tKpw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=0rwcnrEaTxpDuLUBP95Dvmujzx2JPOqrWPCr540qsPk=; b=owIPwxZKS+kdQY1Xwtp4NssKlF8OTkVzbQ/1Oxx6iKtnjSDOEqJqSAOjfkAD5+lPa1 kxzKZGD5IYUpyQlsnS+2UBSFswhmPIMCD9glARuXQIo31quIssqha/E9yX8dwRMwUtBs 4hQK1jyGlCDhAZeK/9A+Ns3g3vRl+f558QU7H0jU83uaPdV+xiQFeTk5E2XbhKK/fIUS +3plEmG9SqzoKRRNvpGoNj8AcHkP9qCVS/IiM54IErQu5KNWQgqdS1nqV4F3Nj91kV9I Y+i7A1/FI9beJ+B4T8NmjMbWyn0mJ/KntyBcYp4rGhGTjhyKxxj19zJ6IGgwUqvHpqck frmQ==
X-Gm-Message-State: APjAAAVeUt7panCueLtfj5O/Pxz0QgoqrEQ0Yo1fnldEytxnNftl9FST jvotru1FvMJgckRgMBcVf6azlAHt9WpB+lqaWRkY84+A3N8=
X-Google-Smtp-Source: APXvYqzZvO5B1R3zj8pWAB3zVlDPjuKHJwyaMsGs4uuATUzEXLfAuo/YrrpTf6svbnW6ca+4Wfge/rdxsP5L1QLHZYM=
X-Received: by 2002:a9d:3e4e:: with SMTP id h14mr608361otg.198.1570576524572; Tue, 08 Oct 2019 16:15:24 -0700 (PDT)
MIME-Version: 1.0
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: Tue, 08 Oct 2019 19:14:48 -0400
Message-ID: <CAHbuEH6h7Ojc1RDLqGDOvKCqcB6UWu4sg-cozsLFnDsZPm+xCg@mail.gmail.com>
To: suit@ietf.org
Content-Type: multipart/alternative; boundary="000000000000d6fbfa05946e577c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/utFCnP8MHkrg9-AJC9GRNngViYQ>
Subject: [Suit] SUIT Architecture document review
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Oct 2019 23:15:28 -0000
Hello, I know I am late with a review, but since it has not gone to IETF last call yet, I'd like to submit these comments. I know another version is expected soon, so some of these comments/nits may have been addressed already. The document as a whole reads very well, thanks for all your work on it. I do hope it enjoys wide adoption. Abstract: I thought one of the goals was to update firmware for IoT, but also to scale up to larger systems as well. The abstract seems very specific to constrained devices. Should the language be adjusted or has the focus changed? Introduction: If the scope does include larger devices, then this is a problem for them as well for both security and inconsistency across platforms. It's harder than it needs to be and that's amplified when you think about IoT. Section 2: For the Firmware definition, is the last sentence referring to both "firmware" and "image" as interchangeable or something else? I think adjusting the last couple of sentences may be helpful to some readers. Section 3.2: If not link, network, or transport layer security, what does this rely upon? If it is object-level security and I am assuming it is, please state that explicitly possibly referring to where confidentiality protection is specified. Section 3.3: Current text: "The use of post-quantum secure signature mechanisms, such as hash- based signatures, should be explored." Since this is the architecture document, if they are defined elsewhere, the document should point to that rather than saying "should be explored". Some other well received architecture documents provided pointers to the related documents that filled out stated components of the architecture. If the WG were to hold this to be published until other document were complete, this could provide the same mapping between the requirements, architecture, and implementation of the architecture with the various specifications. Section 3.6 I think this is the first time "fw" is used. Maybe just spell out firmware with a search and replace? Section 3.11: Typo in the following sentence: "TEEs may obtain TAs from different authors and those TAs may require personalization data, such as payment information, to be securely be conveyed to the TEE." s/to be securely be conveyed/to be securely conveyed/ Section 4; Typo in the following sentence: "The credential used to must be directly or indirectly related to the trust anchor installed at the device by the Trust Provisioning Authority." s/The credential used to must/The credential used must/ Section 8 This says downloads can be large, so I think that's to accommodate more than IoT, is that right and the abstract/intro can be updated? The following sentence is readable, but super long: If the application image contains the firmware consumer functionality, as described above, then it is necessary that a working image is left on the device to ensure that the bootloader can roll back to a working firmware image to re-do the firmware download since the bootloader itself does not have enough functionality to fetch a firmware image plus manifest from a firmware server over the Internet. Perhaps break it up? Security considerations: Should this mention the end-to-end encryption? Is it provided at the object level? Also, if the intent is to scale above constrained devices, the text should state that as this section also specifies IoT. Thank you for all of your work on the document. It's easy to read and comprehensive. Best regards, Kathleen
- [Suit] SUIT Architecture document review Kathleen Moriarty
- Re: [Suit] SUIT Architecture document review Dave Thaler
- Re: [Suit] SUIT Architecture document review Hannes Tschofenig
- Re: [Suit] SUIT Architecture document review Kathleen Moriarty
- Re: [Suit] SUIT Architecture document review Hannes Tschofenig
- Re: [Suit] SUIT Architecture document review Michael Richardson
- Re: [Suit] SUIT Architecture document review Henk Birkholz
- Re: [Suit] SUIT Architecture document review Kathleen Moriarty
- Re: [Suit] SUIT Architecture document review Michael Richardson
- Re: [Suit] SUIT Architecture document review Henk Birkholz