IETF Logo Mail Archive

Re: [Suit] draft-ietf-suit-architecture-01

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Tue, 03 July 2018 16:17 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C5F8130FF1 for <suit@ietfa.amsl.com>; Tue, 3 Jul 2018 09:17:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i2N4YggrC-S6 for <suit@ietfa.amsl.com>; Tue, 3 Jul 2018 09:17:50 -0700 (PDT)
Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-eopbgr10061.outbound.protection.outlook.com [40.107.1.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A4C3A130FF9 for <suit@ietf.org>; Tue, 3 Jul 2018 09:14:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6TTtkZweA6tPY+uZ6uKGK4ejn8euwITqOaVmdQcKB9Y=; b=e615ndzNePy2o3WffWfpVYacz0t+lFAUaH0DLcY1XNwiKMqVmLQZFVFetFmyzHYfxu24vy7Z6txILlU2ceyBw9xeVGo8SLA58qtchJuFgkH7WEJ8xj18doa66w336Ot3P58gZkPNJ80Gpy/TjpjUpq80MjzPKfvJ0GNrBKrjXII=
Received: from VI1PR0801MB2112.eurprd08.prod.outlook.com (10.173.75.16) by VI1PR0801MB1952.eurprd08.prod.outlook.com (10.173.74.9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.906.24; Tue, 3 Jul 2018 16:14:16 +0000
Received: from VI1PR0801MB2112.eurprd08.prod.outlook.com ([fe80::3549:bcde:85fc:e3db]) by VI1PR0801MB2112.eurprd08.prod.outlook.com ([fe80::3549:bcde:85fc:e3db%10]) with mapi id 15.20.0906.026; Tue, 3 Jul 2018 16:14:16 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: David Brown <david.brown@linaro.org>, Denis <denis.ietf@free.fr>, "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] draft-ietf-suit-architecture-01
Thread-Index: AdQSN1i2C+DHj0ciRqGC4Jr4K4DFEwAfRaCAAApbDoAAAjsGAAAAflpA
Date: Tue, 03 Jul 2018 16:14:15 +0000
Message-ID: <VI1PR0801MB2112574FB6EB05C29D94B418FA420@VI1PR0801MB2112.eurprd08.prod.outlook.com>
References: <VI1PR0801MB2112A08944328EE625D4DE5CFA430@VI1PR0801MB2112.eurprd08.prod.outlook.com> <ec04d5da-0b76-f4d7-c548-e69579530856@free.fr> <VI1PR0801MB21127B3F43736CA592FD52B5FA420@VI1PR0801MB2112.eurprd08.prod.outlook.com> <CD3C4129-5F07-406A-B688-ECF773B4371C@linaro.org>
In-Reply-To: <CD3C4129-5F07-406A-B688-ECF773B4371C@linaro.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com;
x-originating-ip: [80.92.118.234]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; VI1PR0801MB1952; 7:94oy6luYRVYloUdawYyOhXS9y7fwq1w0mzDt8af4MbzvbwoKVSb8/Enrnpt6ceRioWGsOgeXNhiDvwlWpCB9P8sxs+Doe/ZNujQQAHs70gvI8g5bS9ATVjQSG/mYzVyI+KL1U8lZpXe4thd7oFqVAwKPl4Iq2VOHNaLvMoXSyooxkcYZ8AimMl7yiITkxwu9vs2nuA2Y2+EklDp6lAbCJmszcJZx78F6+lJQjzIc9pi/t+jkq9dCnQIfzT6nUQJs
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 1f2db5b4-810b-45d0-d724-08d5e1000618
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:(223705240517415); BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989117)(5600053)(711020)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(2017052603328)(7153060)(7193020); SRVR:VI1PR0801MB1952;
x-ms-traffictypediagnostic: VI1PR0801MB1952:
x-microsoft-antispam-prvs: <VI1PR0801MB1952E526BE9CD60ACCB47854FA420@VI1PR0801MB1952.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(191636701735510)(180628864354917)(192374486261705)(223705240517415)(21748063052155);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(3002001)(10201501046)(93006095)(93001095)(3231254)(944501410)(52105095)(6055026)(149027)(150027)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123562045)(20161123558120)(20161123564045)(6072148)(201708071742011)(7699016); SRVR:VI1PR0801MB1952; BCL:0; PCL:0; RULEID:; SRVR:VI1PR0801MB1952;
x-forefront-prvs: 0722981D2A
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(346002)(376002)(136003)(366004)(39860400002)(396003)(40434004)(54094003)(53754006)(199004)(189003)(476003)(76176011)(478600001)(7696005)(74316002)(186003)(102836004)(2900100001)(105586002)(93886005)(7736002)(72206003)(316002)(25786009)(486006)(53936002)(6246003)(9686003)(106356001)(99286004)(966005)(446003)(86362001)(6116002)(3846002)(790700001)(97736004)(55016002)(6306002)(6436002)(11346002)(5660300001)(2906002)(66066001)(8936002)(81166006)(5250100002)(33656002)(8676002)(110136005)(6506007)(229853002)(4000630100001)(54896002)(256004)(606006)(18074004)(14444005)(9326002)(5024004)(81156014)(26005)(236005)(2501003)(53546011)(68736007)(10750500005)(14454004)(15866825006); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR0801MB1952; H:VI1PR0801MB2112.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: pTMaukuAh12LsYUvzBne8iEa2yex8GcZwTeBIruLShq+5RZFPjd2Rz4ICJDAtJ1f412fXtgjykg4YVe2FRCJ/i4XqaorF6sW6k6KjuAb5fUeSiaC8armWpjGRL+Lm8ups1N4z6sztuPRilWPNcV9JvDAdSFGqEyWXAfHEKdELS7b9uyVl08TspTtB8llRF0KDEqV0tkkBWt/1zERBWPvfFJk9kyZGghDQ9Yff8/ZJH2RDSNjR5PunLWHvO5+b4Xh8lq6Ck6KJIbOxQFtMicWwaIexbb/rKqHWZOA5o6McVT3M5DT9OCipfqbpChQyU7QeOgSHUzSfCkNAZnhSDD7vIe6b3BSMnMU2ERIEPCNGds=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_VI1PR0801MB2112574FB6EB05C29D94B418FA420VI1PR0801MB2112_"
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 1f2db5b4-810b-45d0-d724-08d5e1000618
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Jul 2018 16:14:16.0403 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0801MB1952
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/uwHuU9IhHu4f7Qa-SbrgygoNLQE>
Subject: Re: [Suit] draft-ietf-suit-architecture-01
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Jul 2018 16:18:07 -0000

Hi David,

Thanks for sharing this use case. I agree it would be worthwhile to document it and a user story in the information model document would probably the best place to do so.

Ciao
Hannes

From: David Brown [mailto:david.brown@linaro.org]
Sent: 03 July 2018 17:59
To: Hannes Tschofenig; Denis; suit@ietf.org
Subject: Re: [Suit] draft-ietf-suit-architecture-01

I had an interesting conversation with someone building a device (a battery powered device, where network traffic is expensive). When they update the firmware, they keep the previous version around, and have an ability to roll back to that version in case there are issues.

I presented the argument that the correct answer is to re-release the older firmware, with a new higher monotonic value. Their counterargument was that this was costly in terms of power, because it requires the image to be resent.

I think the best answer here is to have them issue a new manifest that describes this old image (the one kept around), that has a new monotonic value. That way, only the manifest has to be sent (something has to be sent to tell the device to revert the image anyway). I think this model is covered in our current docs, since we don’t really define how a “built-in” image is referred to.

But, this does make me realize that there are times that things can be spelled out clearly, usually for security reasons, that end up getting disabled due to what someone thinks is a practical reason. I agree that preventing rollback is important for security, but I’ve found myself arguing against these practical cases multiple times.

I wonder if it would be worth writing up a use case to capture this particular revert case, and how that can be addressed with the model we currently have.

David

From: Suit <suit-bounces@ietf.org> on behalf of Hannes Tschofenig <Hannes.Tschofenig@arm.com>
Date: Tuesday, July 3, 2018 at 8:59 AM
To: Denis <denis.ietf@free.fr>, "suit@ietf.org" <suit@ietf.org>
Subject: Re: [Suit] draft-ietf-suit-architecture-01

Hi Denis,

I think the risk of installing an old firmware version is covered in the information model document, which goes into the details of what a manifest has to contain. See Section 3.2.1 of https://tools.ietf.org/html/draft-ietf-suit-information-model-01

There are essentially three types of documents the working group is aiming to produce: an architecture document, the information model for the manifest and one or multiple serialization formats. You have been looking at the architecture but the appropriate document to read is the information model spec.

Ciao
Hannes

From: Suit [mailto:suit-bounces@ietf.org] On Behalf Of Denis
Sent: 03 July 2018 11:59
To: suit@ietf.org
Subject: Re: [Suit] draft-ietf-suit-architecture-01

Hannes,

It is well known that software updates are often done to address a security issue. The same applies
to firmware updates. The current draft is lacking to address protections against the downloading of
an old firmware version. The threat should be mentioned in the security considerations section.

The main body of the document should mention mechanisms to prevent the replay of an old version
of the firmware.

Denis

Hi all,

I have just submitted version -01 of the architecture document. I have incorporate feedback from the working group, such as

  *   New terminology,
  *   Updates on the operating modes
  *   New architecture figures,
  *   New use cases (by David Brown)

Here is the new version:
https://tools.ietf.org/html/draft-ietf-suit-architecture-01

Here is the diff:
https://tools.ietf.org/rfcdiff?url2=draft-ietf-suit-architecture-01.txt

Feedback is appreciated.

Ciao
Hannes
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.



_______________________________________________

Suit mailing list

Suit@ietf.org<mailto:Suit@ietf.org>

https://www.ietf.org/mailman/listinfo/suit


IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. _______________________________________________ Suit mailing list Suit@ietf.org https://www.ietf.org/mailman/listinfo/suit
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email