Brendan Moran <[email protected]> wrote: > The issue isn't how long the report can survive, the issue is whether > an attacker can forge arbitrary reports. The situation as it stands, as > far as I know, is:
Assume that the report is issued, and within a few minutes to hours, is
verified, and then added to an append-only log.
The signing key would have a short lifetime, with the expiry being updated as
long as the algorithm is not compromised. That would occur via configuration
updates via SUIT that would deliver a new (fresher) certificate.
> ECDSA: may allow attackers to forge arbitrary reports in the future.
We'd move to a new algorithm as we need to via firmware updates.
> I don't think it's reasonable to discount Falcon as a possible
> reporting signature just yet. I'm not saying we should claim that as a
> model use case; code signing is far more compelling. I'm just
> suggesting that we should keep an eye on developments since Falcon
> appears to make a lot of sense in constrained networks and devices.
I don't have a problem with this.
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =- *I*LIKE*TRAINS*
signature.asc
Description: PGP signature
_______________________________________________ COSE mailing list -- [email protected] To unsubscribe send an email to [email protected]
