Re: [Fud] Editorial Charter Update
Hannes Tschofenig <hannes.tschofenig@gmx.net> Mon, 09 October 2017 08:27 UTC
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: fud@ietfa.amsl.com
Delivered-To: fud@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 00CC0134CAD for <fud@ietfa.amsl.com>; Mon, 9 Oct 2017 01:27:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.4
X-Spam-Level:
X-Spam-Status: No, score=-5.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R_Alv4lKJP1N for <fud@ietfa.amsl.com>; Mon, 9 Oct 2017 01:27:19 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.21]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 264D5134CF0 for <fud@ietf.org>; Mon, 9 Oct 2017 01:24:36 -0700 (PDT)
Received: from [192.168.91.203] ([80.92.122.248]) by mail.gmx.com (mrgmx101 [212.227.17.168]) with ESMTPSA (Nemesis) id 0LuKHz-1dJvTk0o8l-011fFc; Mon, 09 Oct 2017 10:24:23 +0200
To: Carsten Bormann <cabo@tzi.org>, Russ Housley <housley@vigilsec.com>
Cc: "Fud@ietf.org" <fud@ietf.org>
References: <c14c92bf-cf99-efdb-6693-0e33519fbb0a@gmx.net> <578DD8B8-E786-4913-AE6A-65FFA29019AD@vigilsec.com> <FD3975C8-C252-4E70-8D96-29918FC0DAB3@tzi.org>
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Openpgp: id=071A97A9ECBADCA8E31E678554D9CEEF4D776BC9
Message-ID: <66e408f7-44b5-b1a3-a53b-82454b8260a4@gmx.net>
Date: Mon, 09 Oct 2017 10:24:21 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0
MIME-Version: 1.0
In-Reply-To: <FD3975C8-C252-4E70-8D96-29918FC0DAB3@tzi.org>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Provags-ID: V03:K0:DLa0rtJ2hkMfK7/ZGUkKjC0xSABuWv5L50caf1mdjYZTsaXNqXY sSpFabNYuhSPArsKVjwZHyesb02QeRC3Q+YoZIZ7wyFXbauxtqJ1SSs1WVPFtXdbR38LUiu Vx3+cbAC5L5rJgAplIdkFD+e5vcVMaUvt8KelgvESePVTBgXhGTS7R6jeO0YS8QJ7X/VcyA gYcIzjm7OBgpa7DewOwAw==
X-UI-Out-Filterresults: notjunk:1;V01:K0:OYF/z9v3PtA=:Yj6xUsvkjV1/v72JY/ACKb UpGmuiHpOPxtsZkZLsv5/u6OdhsLk1k5+q6lXecVJLDnADM1vJ3EUmJRNHKvL+SBor2CvQh/Q bBaPT1T0owpY0egybXtuff0rdaKQ1Ysb/dH0QUawu7ePkY06jz/gAF5u0V6yhK97+sXgdH4My QQkDxei0VqbYG/+vJbsAYDFtOlB/9o4ILkQ2Km+ZrnsJ0zwNVsg1t4R9ps9I4tJuBWGq0GKOb eWqkWKUvKJbHFc35yggNiBAa1J+QYk2ftCTu383ffMuBDGctrLSuRXiF0ze6sPX1ipUPdPYt/ EvA9WKCL7JIjXUm+N6xfe0nEEFKXFC80ZP7rtETvPeAw6Gdmg8nydLeWP5qlAHGEC20ur7FAs Sap0zJsCdGL+A81YXRqKPz6iqorr6dwjDfzbg7MybEcjVoPLMDmnX3igSe73RvgRxBzsqnYIC bCe6I+1aiJV5oPr8s57zqH7EaaQj1yBtzBnySHz3wDEwlOxpFCMrZ5DLW9A4FrCREflv3QTiG 2idl9JaHIpvZU9H7bCxKvBhHW464YqW+dpb+ZqXOC200iPP8cdLftnlfuqYUFK/dwO0qCYvKL 3aVW/1gnhTYh/xYsKmsIv881LVutrT0fCKbV7e7vT29n/a77x++r4sVbK1N9nVvs4w9jU6aKs /3ug/xcMR/QgeL5UsjtHmGALysTBPs6mKavhlphnMBE2S7iKD4q7pJKFiCs241mLJCDoO+f16 jJ8+mJU3K3XAlO798mi1lPqR1jWglYC9nUr7jXYMCH0J4YcZ206W/N5ZDVem8TUlh29r7fwJw jUvqfpQwqgYZlfKo6F6vZaRwPABirv1a8GfMkzeVj3y5F0LRRk=
Archived-At: <https://mailarchive.ietf.org/arch/msg/fud/6CvyFi4CB4MBWHYvRrRaByqIBBI>
Subject: Re: [Fud] Editorial Charter Update
X-BeenThere: fud@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: FUD - Firmware Updating Description <fud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/fud>, <mailto:fud-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/fud/>
List-Post: <mailto:fud@ietf.org>
List-Help: <mailto:fud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/fud>, <mailto:fud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Oct 2017 08:27:22 -0000
Hi Carsten I had provided a response to your comment and asked whether it clarifies things. I don't believe you have responded. So far, I haven't heard you saying anything about what you would like to see done in this working group. I would also like to know what you see wrong with bug fixing and tweaking? Ciao Hannes On 10/04/2017 07:31 PM, Carsten Bormann wrote: > Hi Russ, > > I had a comment about a possible misunderstanding of the FUD/suit WG > being misunderstood as the rfc4108 bug fixing and tweaking WG. I'm not > sure that had been addressed. I'm mostly offline in the next seven days > or so. > > Sent from mobile > > On 3. Oct 2017, at 16:43, Russ Housley <housley@vigilsec.com > <mailto:housley@vigilsec.com>> wrote: > >> Here is an update to the charter text based on the comments. >> >> Note that the WG name is still FUD. Any name change will be handled >> by the IESG. >> >> Russ >> >> = = = = = = = >> >> Firmware Updating Description (FUD) >> [Alternative proposal: SUIT (Software Updates for Internet of Things)] >> >> Vulnerabilities in Internet of Things (IoT) devices have raised the >> need for a secure firmware update mechanism that is also suitable for >> constrained devices. Security experts, researchers, and regulators >> recommend that all IoT devices be equipped with such a mechanism. While >> there are many proprietary firmware update mechanisms in use today, there >> is a lack of a modern interoperable approach of securely updating the >> software in IoT devices. >> >> A firmware update solution consists of several components, including: >> * A mechanism to transport firmware images to IoT devices. >> * A manifest that provides meta-data about the firmware image >> (such as a firmware package identifier, the hardware the package >> needs to run, and dependencies on other firmware packages), as >> well as cryptographic information for protecting the firmware >> image in an end-to-end fashion. >> * The firmware image itself. >> >> RFC 4108 provides a manifest format that uses the Cryptographic Message >> Syntax (CMS) to protect firmware packages. >> >> More than ten years have passed since the publication of RFC 4108, and >> greater experience with IoT deployments has lead to additional >> functionality, requiring the work done with RFC 4108 to be revisited. >> The purpose of this group is to produce a second version of RFC 4108 >> that reflects the current best practices. This group will focus on >> defining a firmware update solution for Class 1 devices, as defined in >> RFC 7228, that is -- IoT devices with ~10 KiB RAM and ~100 KiB flash. >> This group will not define any transport mechanisms. >> >> In June of 2016 the Internet Architecture Board organized a workshop on >> 'Internet of Things (IoT) Software Update (IOTSU)', which took place at >> Trinity College in Dublin, Ireland. The main goal of the workshop was >> to foster a discussion on requirements, challenges, and solutions for >> bringing software and firmware updates to IoT devices. This workshop >> also made clear that there is a lack of regulatory requirements, which >> contributes to challenges associated with misaligned incentives. It is >> nevertheless seen as important to create standard building blocks that >> help interested parties implement and deploy a solid firmware update >> mechanism. >> >> In particular this group aims to publish three documents, namely: >> * An IoT firmware update architecture that includes a description of >> the involved entities, security threats, and assumptions. >> * The manifest format. >> * A revision to RFC 4108 that reflects the current best practices. >> >> This group will use draft-moran-fud-architecture as a starting point for >> discussion of the "Architecture" document. >> >> This group will use draft-moran-fud-manifest as a starting point for >> discussion of the "Manifest Format" specification. >> >> This group does not aim to create a standard for a generic software >> update mechanism for use by rich operating systems, like Linux, but >> instead this group will focus on software development practices in the >> embedded industry. "Software update solutions that target updating >> software other than the firmware binary (e.g. updating scripts) are >> also out of scope. >> >> This group will aim to develop a close relationship with silicon vendors >> and OEMs that develop IoT operating systems. >> >> >> Milestones: >> >> Dec 2017 Submit RFC 4108bis document as WG item. >> >> Dec 2017 Submit "Architecture" document as WG item. >> >> Dec 2017 Submit "Manifest Format" specification as WG item. >> >> Jul 2018 Submit "Architecture" to the IESG for publication as an >> Informational RFC. >> >> Nov 2018 Submit RFC 4108bis document to the IESG for publication as >> a Proposed Standard. >> >> Nov 2018 Submit "Manifest Format" to the IESG for publication as >> a Proposed Standard. >> >> >> Additional calendar items: >> >> Mar 2018 Release initial version of the manifest creation tools as >> open source. >> >> Apr 2018 Release first version of manifest test tools as open >> source. >> >> Jun 2018 Release first IoT OS implementation of firmware update >> mechanisms as open source. >> >> _______________________________________________ >> Fud mailing list >> Fud@ietf.org <mailto:Fud@ietf.org> >> https://www.ietf.org/mailman/listinfo/fud >> > > > _______________________________________________ > Fud mailing list > Fud@ietf.org > https://www.ietf.org/mailman/listinfo/fud >
- [Fud] Editorial Charter Update Hannes Tschofenig
- Re: [Fud] Editorial Charter Update Hannes Tschofenig
- Re: [Fud] Editorial Charter Update Hannes Tschofenig
- Re: [Fud] Editorial Charter Update Chris Rouland
- Re: [Fud] Editorial Charter Update Carsten Bormann
- Re: [Fud] Editorial Charter Update Russ Housley
- Re: [Fud] Editorial Charter Update Emmanuel Baccelli
- Re: [Fud] Editorial Charter Update Hannes Tschofenig