Telechat Review of draft-ietf-suit-architecture-13

Request Review of draft-ietf-suit-architecture
Requested rev. no specific revision (document currently at 16)
Type Telechat Review
Team Internet of Things Directorate (iotdir)
Deadline 2020-11-02
Requested 2020-10-16
Requested by Éric Vyncke
Authors Brendan Moran, Hannes Tschofenig, David Brown, Milosch Meriac
Draft last updated 2020-10-20
Completed reviews Tsvart Last Call review of -11 by Bob Briscoe (diff)
Genart Last Call review of -11 by Theresa Enghardt (diff)
Secdir Last Call review of -11 by Rich Salz (diff)
Iotdir Telechat review of -13 by Mohit Sethi (diff)
For once, there is a little more time to review the document as it is not yet scheduled on an IESG telechat). But, as SUIT has a big impact on IoT, I would appreciate a review by someone who is not part of the SUIT WG.

Thank you

Assignment Reviewer Mohit Sethi 
State Completed
Review review-ietf-suit-architecture-13-iotdir-telechat-sethi-2020-10-20
Posted at
Reviewed rev. 13 (document currently at 16)
Review result Ready with Nits
Review completed: 2020-10-20


Thanks for the well written document. 

I wonder if you want to state the difference between software and firmware update. Are they the same thing for this document? The text in the draft at some point says "Moreover, this architecture is not limited to managing software updates". But most of the other text talks about "firmware updates".

Abstract: "Vulnerabilities with Internet of Things (IoT) devices" -> "Vulnerabilities in Internet of Things (IoT) devices"

How about rephrasing the text: "are expected to work automatically, i.e. without user involvement. Automatic updates that do not require human intervention are key to a scalable solution for fixing software vulnerabilities." to "are o a large extent expected to work automatically, i.e. with minimal human interaction. Automatic updates that require minimal or no interaction are key to a ....". The reason for requesting this change is simple: in many scenarios you would want user approval before the actual update. For example, updating lights at night during dinner is perhaps not ideal. The draft does discuss the importance of device operator approval in some circumstances so updating the text would make sense.
"programming language uses and the sandbox the software is executed in."-> "programming language used...".

"Ensuring an energy efficient design of a battery-powered IoT devices because a firmware update -> "...of a battery-powered IoT device because..."

I think most readers will be more familiar with the term Original Equipment Manufacture (OEM) rather than Original Design Manufacturer (ODM). I understand that ARM has a slightly complicated ecosystem and business model. So perhaps the text could say "in some cases, the OEM or the ODM act as a TPA and may decide to remain in full control...."

"edge computing device" -> "edge computing devices"

"Updating updates over the Internet" -> "Sending updates over the Internet" sounds a bit better

"the status tracker client need to be made aware of the availability of a" -> "...the status tracker client needs to be informed about the availability of a....."

"what devices qualify for a firmware update" -> "which devices qualify for a firmware update"

"are only two approaches recovering from an invalid firmware" -> " are only two approaches for recovering from an invalid firmware"

I am not familiar with non-relocatable code. I think this is somewhat explained later on as "execute in place" but perhaps adding a few sentences here explaining non-relocatable code wouldn't hurt.

Perhaps replace "keyed message digests" with more standard "HMAC" and add a reference to RFC 2104

stray closing parenthesis -> "protection was applied)" 

"Hence, then the firmware image is updated" -> "Hence, when the firmware image is updated"

Not sure how to interpret "mutually-distrustful delivery". I guess I understand that the firmware author and user both want to prevent revealing some information to the other party. But can we not use "mutually-distrustful delivery"?

The draft uses TAs for trusted applications (TAs). But RFC 6024 referenced by this document uses TAs for Trust anchors. Can we avoid using TA abbreviations for trusted applications for ?