Minutes interim-2018-suit-03: Wed 16:00
Software Updates for Internet of Things
||Minutes interim-2018-suit-03: Wed 16:00
SUIT Virtual Interim at 1600 CEST on 6 June 2018
Scribes: Hannes Tschofenig, Koen Zandberg, and Michael Richardson
Chairs: David Waltermire, Dave Thaler, and Russ Housley
- Agenda bashing, Logistics, Status, Milestones -- Chairs (5 mins)
- Moving forward on draft-housley-suit-cose-hash-sig-00 -- Chairs (5 mins)
- Hackathon Report -- Emmanuel (15 mins)
- Suit Architecture -- Authors (15 mins)
- Suit Information Model -- Authors (15 mins)
- Next Steps -- Chairs (5 mins)
- Emmanuel Baccelli (EB)
- Henk Birkholz
- Carsten Bormann (CB)
- Said Gharout
- Markus Gueller (MG)
- Ralph Hamm
- Russ Housley (RH)
- Benjamin Kaduk
- Paul Lambert
- Brendan Moran (BM)
- Steve Patrick (SP)
- Michael Richardson (MR)
- Milen Stoychev
- Dave Thaler (DT)
- Hannes Tschofenig
- Fabio Utzig
- Dave Waltermire (DW)
- Koen Zandberg
- Jan-Frederik Rieckers
- Moving forward on draft-housley-suit-cose-hash-sig-00
-- DW: The draft provides a generalized approach, should this work be
done in COSE or SUIT?
-- RH: COSE has been closed.
-- DT: Is there any other WG to do this work? Or, should it be
-- RH: It is really not a complicated document; it just uses data
structures from COSE and assigning numbers.
-- DT: It is a generalized approach; it could be used by anyone.
-- RH: Yes, anyone who needs a hash-based digital signature.
-- CB: SUIT is the right WG, but others could di it too. The sweet
spot is where there are few signatures over a long period of
time. Other WGs need many signatures over a short period of
-- MR: 6tisch zerotouch enrollment does few signatures over a long
period of time (with a shelf-life of decades before use).
-- DT and DW will discuss the appropriate WG to do the work with the
Security Area Directors.
-- CB and MR volunteered to review the draft.
-- Jim Schaad also agreed to review the draft, but he cannot be here.
- Hackathon report
-- Hackathon hosted by Freie Universität Berlin
-- See https://pad.inria.fr/p/cYawtv2ivnoOl60X_suit-hackathon
-- EB: About 20 participants, with 6-7 of them offsite. SUIT
compliant firmware updates were tested.
-- EB: The RIOT group had a implementation compliant with the
specification and a stand-alone cose implementation.
Successful end-to-end tests. Tested on samr21 (cortex-m0+)
and stm32 (cortex-m3)
-- EB: MBed OS used the K64F, libcose, and Mbed TLS. Some key issues
caused problems; raw key handling was not as was expected.
-- MG: CDDL specification for a minimalistic COSE sign. Used CDDL tool
to generate several instances.
-- DT: Did you learn anything related to the specifications at the
-- BM: Noted that component identifiers may need to be added and
firmware versions for dependencies.
-- BM: There was a larger discussion on the information model in the
room, which will require an update to the draft.
- Suit Architecture
-- HT: The terminology/operating models are described in a message:
-- HT: The Client-Initiated/Server-Initiated/Hybrid taxonomy does not
cover the situation where the manifest and images are delivered
on a USB key.
-- EB: The number of actors involved in the architecture is not clear
at the beginning of the document.
-- HT: The document will be updated once the discussions related to
the proposed terminology and operating models have been
concluded. A new architecture diagram will added earlier in
- Suit Information Model
-- BM: The information model draft was discussed during the Hackathon
as part of the implementation work. Discussed items included:
* changing the manifest fields to manifest elements
* Adding a firmware version to the Precursor image digest
condition (or instead of it)
* class identifier
* user stories require some examples and directives
* clarified the directives, which apply to the whole manifest,
as opposed to processing steps that only apply to specific
* OEM rights vs. operator rights in terms of the ability to
override certain fields of the manifest (such as the URIs)
* Wording changes to IP protection use case to talk about
* Documenting OEM vs. manifacturer relationships
-- SP: I will provide comments for the information model draft. I am
wondering whether the specification aims to also support a more
centralized model or only a distributed model.
-- HT: A centralized model is also supported.
-- SP: I will post a mail to the list about this topic, and we can
discuss it in more detail on the list since we are running out
SUMMARY OF ACTION ITEMS
- DM and DT to talk to the Security Area Directors about the best place
for work to proceed on draft-housley-suit-cose-hash-sig.
- HT to provide wording improvement for draft-ietf-suit-architecture, and
then post an updated draft.
- BM to update the Introduction of draft-ietf-suit-information-model, add
fields found in hackathon (component ID, versions dependencies for the
firmware), and clarifications about what fields are mandatory.
- SP to send a review of draft-ietf-suit-information-model to the list.
- MR to send a review of draft-housley-suit-cose-hash-sig to the list.
- CB to send a review of draft-housley-suit-cose-hash-sig to the list.
DESIGN TEAM MEETING ANNOUNCEMENT
A design team meeting to continue the discussion on architecture and
information model documents planned on Thursday, 15 June 2018 at
13:30 CEST on jitsi.tools.ietf.org/suit-dt. Details will be announced
on the SUIT WG mail list.