Clarify image encryption being optional
Closed this issue · 3 comments
zabbal commented
Just a minor note: everywhere throughout the spec we talk about image encryption as being optional (which I think is the right thing - not every deployment needs it). Yet in Sec. 4.3 we describe eavesdropping as part of our threat model. Should we explicitly mention there that eavesdropping attack is not necessarily considered as a threat for every deployment?
jhdalek55 commented
Just to clarify because my notes on this point are incomplete---is this issue being moved to a later version, or are we doing something with it in the deployment document?
iramcdonald commented
Hi Lois,
Hmm...
There are two separate uses of encryption here:
(1) Used in the (hopefully) TLS/1.2+ transport layer connections, to
absolutely
prevent eavesdropping (and thus easy reverse engineering) of update images
on the wire to the vehicle (and to Image Repository and elsewhere in the
back
office servers from Suppliers and OEM Quality Control folks).
(2) Used in the individual update images (e.g., applied by the Director
before
distributing a package) to protect supplier and OEM IPR. This is the one
that
CANNOT be decrypted and verified by the Primary for validation, but only by
a valid target Secondary (unless of course the Primary is the actual
target).
I like Max's clarification (and would like to see it in Uptane v1.0).
Max and other Uptane Gurus: Could someone write a quick PR to amend
the text as Max has suggested?
Cheers,
- Ira
Ira McDonald (Musician / Software Architect)
Co-Chair - TCG Trusted Mobility Solutions WG
Co-Chair - TCG Metadata Access Protocol SG
Chair - Linux Foundation Open Printing WG
Secretary - IEEE-ISTO Printer Working Group
Co-Chair - IEEE-ISTO PWG Internet Printing Protocol WG
IETF Designated Expert - IPP & Printer MIB
Blue Roof Music / High North Inc
http://sites.google.com/site/blueroofmusic
http://sites.google.com/site/highnorthinc
mailto: blueroofmusic@gmail.com
PO Box 221 Grand Marais, MI 49839 906-494-2434
…On Mon, Jul 8, 2019 at 4:04 PM Lois Anne DeLong ***@***.***> wrote:
Just to clarify because my notes on this point are incomplete---is this
issue being moved to a later version, or are we doing something with it in
the deployment document?
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#123?email_source=notifications&email_token=AE33UO3FLJ7D47R6OTNHN7LP6OMVJA5CNFSM4H4TNLJKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODZOGICI#issuecomment-509371401>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AE33UO2SLZE4BB7LJFJ2V73P6OMVJANCNFSM4H4TNLJA>
.
jhdalek55 commented
Thanks, Ira. I was thinking we had deflected this question to a later version or to the Deployment document, but if we can address it in the Standard, so much the better.