Skip to main content

Telechat Review of draft-ietf-suit-architecture-13

Request Review of draft-ietf-suit-architecture
Requested revision No specific revision (document currently at 16)
Type Telechat Review
Team Internet of Things Directorate (iotdir)
Deadline 2020-11-02
Requested 2020-10-16
Requested by Éric Vyncke
Authors Brendan Moran , Hannes Tschofenig , David Brown , Milosch Meriac
Draft last updated 2020-10-20
Completed reviews Tsvart Last Call review of -11 by Bob Briscoe (diff)
Genart Last Call review of -11 by Reese Enghardt (diff)
Secdir Last Call review of -11 by Rich Salz (diff)
Iotdir Telechat review of -13 by Mohit Sethi (diff)
For once, there is a little more time to review the document as it is not yet scheduled on an IESG telechat). But, as SUIT has a big impact on IoT, I would appreciate a review by someone who is not part of the SUIT WG.

Thank you

Assignment Reviewer Mohit Sethi
State Completed
Review review-ietf-suit-architecture-13-iotdir-telechat-sethi-2020-10-20
Posted at
Reviewed revision 13 (document currently at 16)
Result Ready with Nits
Completed 2020-10-20
Thanks for the well written document.

I wonder if you want to state the difference between software and firmware
update. Are they the same thing for this document? The text in the draft at
some point says "Moreover, this architecture is not limited to managing
software updates". But most of the other text talks about "firmware updates".

Abstract: "Vulnerabilities with Internet of Things (IoT) devices" ->
"Vulnerabilities in Internet of Things (IoT) devices"

How about rephrasing the text: "are expected to work automatically, i.e.
without user involvement. Automatic updates that do not require human
intervention are key to a scalable solution for fixing software
vulnerabilities." to "are o a large extent expected to work automatically, i.e.
with minimal human interaction. Automatic updates that require minimal or no
interaction are key to a ....". The reason for requesting this change is
simple: in many scenarios you would want user approval before the actual
update. For example, updating lights at night during dinner is perhaps not
ideal. The draft does discuss the importance of device operator approval in
some circumstances so updating the text would make sense.

"programming language uses and the sandbox the software is executed in."->
"programming language used...".

"Ensuring an energy efficient design of a battery-powered IoT devices because a
firmware update -> "...of a battery-powered IoT device because..."

I think most readers will be more familiar with the term Original Equipment
Manufacture (OEM) rather than Original Design Manufacturer (ODM). I understand
that ARM has a slightly complicated ecosystem and business model. So perhaps
the text could say "in some cases, the OEM or the ODM act as a TPA and may
decide to remain in full control...."

"edge computing device" -> "edge computing devices"

"Updating updates over the Internet" -> "Sending updates over the Internet"
sounds a bit better

"the status tracker client need to be made aware of the availability of a" ->
"...the status tracker client needs to be informed about the availability of

"what devices qualify for a firmware update" -> "which devices qualify for a
firmware update"

"are only two approaches recovering from an invalid firmware" -> " are only two
approaches for recovering from an invalid firmware"

I am not familiar with non-relocatable code. I think this is somewhat explained
later on as "execute in place" but perhaps adding a few sentences here
explaining non-relocatable code wouldn't hurt.

Perhaps replace "keyed message digests" with more standard "HMAC" and add a
reference to RFC 2104

stray closing parenthesis -> "protection was applied)"

"Hence, then the firmware image is updated" -> "Hence, when the firmware image
is updated"

Not sure how to interpret "mutually-distrustful delivery". I guess I understand
that the firmware author and user both want to prevent revealing some
information to the other party. But can we not use "mutually-distrustful

The draft uses TAs for trusted applications (TAs). But RFC 6024 referenced by
this document uses TAs for Trust anchors. Can we avoid using TA abbreviations
for trusted applications for ?