Re: [saag] SUIT will meet in the slot after SAAG
Russ Housley <housley@vigilsec.com> Thu, 11 March 2021 15:48 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F0E4B3A118B for <saag@ietfa.amsl.com>; Thu, 11 Mar 2021 07:48:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XiGfTfOwxayj for <saag@ietfa.amsl.com>; Thu, 11 Mar 2021 07:48:16 -0800 (PST)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 81F8E3A1186 for <saag@ietf.org>; Thu, 11 Mar 2021 07:48:16 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id B3F44300B4C for <saag@ietf.org>; Thu, 11 Mar 2021 10:48:13 -0500 (EST)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id CN0Pem8-5DNY for <saag@ietf.org>; Thu, 11 Mar 2021 10:48:12 -0500 (EST)
Received: from [192.168.1.161] (pool-141-156-161-153.washdc.fios.verizon.net [141.156.161.153]) by mail.smeinc.net (Postfix) with ESMTPSA id CD093300B2B for <saag@ietf.org>; Thu, 11 Mar 2021 10:48:11 -0500 (EST)
From: Russ Housley <housley@vigilsec.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.17\))
Date: Thu, 11 Mar 2021 10:48:11 -0500
References: <FAD9545B-9413-413A-B635-70F658067380@vigilsec.com>
To: IETF SAAG <saag@ietf.org>
In-Reply-To: <FAD9545B-9413-413A-B635-70F658067380@vigilsec.com>
Message-Id: <C5326E50-DC75-402C-B21A-6389C11C96D6@vigilsec.com>
X-Mailer: Apple Mail (2.3445.104.17)
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/h_2caysTYyC9OQ4eRNeCqUR0Cgg>
Subject: Re: [saag] SUIT will meet in the slot after SAAG
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Mar 2021 15:48:19 -0000
SUIT The SUIT Architecture (draft-ietf-suit-architecture) is with the RFC Editor. SUIT Information Model (draft-ietf-suit-information-model). During IESG Evaluation, three issues were raised that need highlighted. First, UUID is used because it is fixed length, which makes decice handling very straightforward. In addition, other fields provide human-readable text where that is appropriate. Second, more details about delegation from one signer to another needs to be added to the document, but not the full details that are in the SUIT Manifest document. Third, requirements for secure time source for experation of manifest need more explanation. SUIT Manifest Format (draft-ietf-suit-manifest). The TEEP WG requested the ability to delete a component, which can lead to dependency problems. A garbage collection mechanism to remove unreferenced components will be provided instead.End up with broken system easily. Two approaches to encryption of firmware were discussed: one that uses a key-encryption key to distribute the content-encryption key, and another that uses ECDH Ephemeral-Static to establish the key-encryption key. From the discussion is is fairly clear that algorithm profiles for SUIT Manifests will be needed. To get the base protocol specification done, these profiles and examples will be put in other documents. Other presentations were on the agenda, but the group ran out of time, so an virtual interim will be scheduled in a few weeks.
- [saag] SUIT will meet in the slot after SAAG Russ Housley
- Re: [saag] SUIT will meet in the slot after SAAG Russ Housley