35 Matching Annotations
  1. Jan 2021
    1. Whether to re-use the standardized manifest format that was used during the initial firmware retrieval process or whether it is better to use a different format for the secure boot- specific meta-data depends on the system design.

      Whether to re-use the standardized manifest format that was used during the initial firmware retrieval process or whether it is better to use a different format for the secure boot- specific meta-data depends on the system design, but it is a local decision.

    2. It is likely that one of the CPUs will be considered a master, and will direct the other CPU to do the upgrade.

      It is likely that one of the CPUs will be considered the primary, and will direct the other CPU to do the upgrade.

    3. Another configuration consists of a similar architecture to the previous, with a single CPU. However, this CPU supports a security partitioning scheme that allows memory (in addition to other things) to be divided into secure and normal mode.

      Another configuration with a single CPU is similiar to the previous section, however, this CPU supports a security...

    4. turns

      turned

    5. contain

      containing

  2. Aug 2020
    1. trick phone companies

      Again, the phone companies are trying to blame their customers for their own failure to authenticate properly.

    2. identity theft

      I hate this term. Banks use it to blame the victims for their failure to authenticate people properly. I wish we had another term.

  3. Jun 2020
    1. ? suit-manifest-mud => SUIT_Digest

      So, shouldn't that be: ? suit-manifest-mud => SUIT-Digest / bstr .cbor SUIT_MUD_container

    2. To enable this, we add a MUD url to SUIT along with a subject-key identifier, according to [RFC7093], mechanism 4 (the keyIdentifier is composed of the hash of the DER encoding of the SubjectPublicKeyInfo value).

      It's ugly that we have cool COSE signed SUIT manifests referencing multi-decade old CMS objects. Let's make sure we can step forward by anticipating that we might sign MUD files with something more modern as well?

    3. At the time of onboarding, devices report their manifest in use to the MUD manager.

      That's really cool. How does that work? DHCP? LLDP? BRSKI? EAP-NOOB?

    4. A certificate created for use with network access authentication is typically not signed by the entity that wrote the software and configured the device, which leads to conflation of local network access rights with rights to assert all network access requirements.

      This needs to be expanded. It conflates IDevID, LDevID, and ignores enrollment steps, be they BRSKI-TEEP, EAP-NOOB, or other mechanisms.

    5. unprotected

      s/unprotected/unprotected and can be easily changed in transit/

    6. trust the device to report a correct URL

      s//trust that a correct URL is transmitted, and is not modified in transit/

    7. functionality

      s/functionality/privileges/

    8. IEEE 802.1X whereby the URL to the MUD file would be contained in the certificate used in an EAP method.

      using the MUD extension in a certificate based system, such as IEEE 802.1X using a certificate-based EAP method, or a BRSKI based enrollment system.

  4. Apr 2020
    1. MAY not be able

      MAY not be able -> MAY be unable

    2. A Replicator MAY not offer a Point for every interface available on the system.

      This sentence is confusing, please rewrite.

    3. This sentence is confusing.

  5. Dec 2018
  6. Sep 2018
    1. If these conditions are not met, or if it cannot validate the chain of trust to a known trust anchor, the MUD manager MUST cease processing the MUD file until an administrator has given approval.

      What's the point of the signature if the MUD URL arrives by DHCPv4, LLDP.

    1. o permissive a set of rules in the otherwise-legitimate MUD File. A manufacturer SHOULD employ secure development best practices to take reasonable steps to insure that their devices behave correctly at least up to the point that they are shipped and that their web services follow all BCPs.

      Pinning of the signing key? (With TOFU)?

    2. The MUD URI is a very visible and important part of MUD that is best done correctly from the start, for once it is embedded in an IoT device,

      I guess this might be more subtle as advice.

    3. If a device manufacturer chooses to update a MUD-enabled device's firmware, the manufacturer may update the MUD URI to a new one.

      Okay. Good advice, I think.

    4. the

      then

    5. From a security standpoint, it is better to have several URIs with more granular security profiles than it is to have a very few URIs with "catch-all" (and thus more open) security profiles.

      This argues for having every firmware update and every SKU of every product have a unique MUD URI. These can be 301 redirects to a common file, until that file changes.

    6. available

      accessible ?

    7. The service which returns the MUD file will not be responsible for any security policy enforcement, as that is the job of the network which contains the devices themselves

      It's curious to need to say this. There is clearly some confusion somewhere, and I wonder if teasing out what the misconception was, would be useful.

    8. (i.e., there is no per-serial-number version of the MUD URI)

      But, is there a per-firmware MUD URI?

    9. IPv6 AD

      What's AD? Address Discovery? Do you mean Router Solicitation?

    10. (the switch to which the bulb in connected, for example)

      Light bulbs don't really connect to switches, they run on WiFi (often, historically), or 802.15.4 (newer). I think it would be better to use a different example of something that actually does connect to a switch.

    11. If that request has a MUD URI in it, equipment in the network (not necessarily the DHCP server) can use that URI to retrieve the device's MUD file from the MUD file server.

      This is very IPv4 specific. LLNs do not have DHCPv4 servers. I guess we should define a way to carry a MUD URL in an RPL DAO?

    12. retrieval

      the manufacturer will delegate the MUD file serving function to a third party. They may also delegate the MUD file creation/managed to another party.

  7. Nov 2016
  8. Jul 2016
    1. I am concerned that the experiment time of one year may not be long enough to socialize this out to non-IETF insiders.