Re: [Suit] draft-ietf-suit-report: result code values?
Brendan Moran <brendan.moran.ietf@gmail.com> Wed, 08 November 2023 10:56 UTC
Return-Path: <brendan.moran.ietf@gmail.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2EF22C16F3E7 for <suit@ietfa.amsl.com>; Wed, 8 Nov 2023 02:56:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id grg9o-cZKWJf for <suit@ietfa.amsl.com>; Wed, 8 Nov 2023 02:56:13 -0800 (PST)
Received: from mail-ot1-x32e.google.com (mail-ot1-x32e.google.com [IPv6:2607:f8b0:4864:20::32e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 47BE1C16F400 for <suit@ietf.org>; Wed, 8 Nov 2023 02:56:13 -0800 (PST)
Received: by mail-ot1-x32e.google.com with SMTP id 46e09a7af769-6ce2b6cb933so3819812a34.0 for <suit@ietf.org>; Wed, 08 Nov 2023 02:56:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1699440972; x=1700045772; darn=ietf.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=OwPEbJQ93XBWJYomv0kGUh9Gwe7BbZFW5WEbuzUzDto=; b=jJ8p8D9EcWsoE8mApvB7TAkXJMnklGzrqPknrWH+Gia4GBdq8cOPpEBoLDAf73pM36 ZnRyO7XQHduyC7RfJSpB2nkqna7d6HetaYwyl+ZFEUvmor83DCLuTNlcllHfy44VcP5K OInVKU7Rxq35Fqcv4lWpZGhNrlI9C5vWmDFBmH3Cju/NLooMkx2e6acXJMi/Zemwigx2 ealE6sL7RAF7T2Z8YDgQuWZjdNTmhLygRDvRIJzsHEDmSJEiDy+hrc5YGeWzgIHeb8e+ 4XSgi3OImI+g0f8EAXOeETfl+MAOM8AnYLORAQ/cpW5pMIgbCece0Kg/7N0X88dKPD6C NG2A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1699440972; x=1700045772; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=OwPEbJQ93XBWJYomv0kGUh9Gwe7BbZFW5WEbuzUzDto=; b=tj9csihkfoZJl/DPWrsIkPib/1aBsb3oow/IdJa7II1RuPkVSgmG+Au6pfx9YLFG37 EkaKBziU3r/F3fvSvuDtOqrpWGq/qOxVbpa6QFvGmMlvonXiV5Z1RZi5/mECqI/IOKfe TdZixfM4IfFmph7p+CNj1iw/AR/qPREoRrxoyt87VBnwxYRYbeHbce9R39XuJGDByCv4 FP7u8sUrdLYz3Ego9+HzM9BixVlii2sXPHSRgPfkGpI18nyIAV61r8jiJEf4SJc9Pf0Q ucIZWl2yW9gPT9BYm34329cGzRY7+TVrPjza3+ZaVw+EynmaKAlYpE9WJyLlsx3l9gzm czeg==
X-Gm-Message-State: AOJu0YxW965Lx9Ugxo0+vVZPdCEVqq9dREQmWMExYWYE3KBylFKoRSzx OyIeIUQuuYag6NyrNCx3jWtq9d4+Bq6vCsIIRKvavhhc5k4=
X-Google-Smtp-Source: AGHT+IGDpL/EdKSE7GPfrBKHQGS0/vUQLx2y2pXA+nz5bS+bQihIH/l1lhSXYDd1aeNCHUGTEF6h0sJ6w1pbLyO2uu4=
X-Received: by 2002:a05:6830:1e55:b0:6b9:9f84:dc8b with SMTP id e21-20020a0568301e5500b006b99f84dc8bmr1566509otj.19.1699440972250; Wed, 08 Nov 2023 02:56:12 -0800 (PST)
MIME-Version: 1.0
References: <00df01da0ff5$f81c7670$e8556350$@gmail.com> <018501da0ff9$6bc11420$43433c60$@gmail.com>
In-Reply-To: <018501da0ff9$6bc11420$43433c60$@gmail.com>
From: Brendan Moran <brendan.moran.ietf@gmail.com>
Date: Wed, 08 Nov 2023 10:56:01 +0000
Message-ID: <CAPmVn1OWh=AAGK7O+aWA_w1taz9eEs--6pXs-XYvdGB+SNMTvA@mail.gmail.com>
To: dthaler1968=40googlemail.com@dmarc.ietf.org
Cc: dthaler1968@googlemail.com, suit@ietf.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/1NrH-wr60nMm3iZ07w28Zn-Vz3Y>
Subject: Re: [Suit] draft-ietf-suit-report: result code values?
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Nov 2023 10:56:18 -0000
Hi Dave,
draft-ietf-suit-report defines a capability report document. I believe
this is what you're looking for.
The SUIT_Capability_Report is defined as follows:
SUIT_Capability_Report = {
suit-component-capabilities => [+ SUIT_Component_Capability ]
suit-command-capabilities => [+ int],
suit-parameters-capabilities => [+ int],
suit-crypt-algo-capabilities => [+ int],
? suit-envelope-capabilities => [+ int],
? suit-manifest-capabilities => [+ int],
? suit-common-capabilities => [+ int],
? suit-text-component-capabilities => [+ int],
? suit-text-capabilities => [+ int],
? suit-dependency-capabilities => [+ int],
* [+int] => [+ int],
$$SUIT_Capability_Report_Extensions
}
The relevant part here is:
suit-crypt-algo-capabilities => [+ int],
This is a list of all the COSE Algorithms
(https://www.iana.org/assignments/cose/cose.xhtml#algorithms) that are
supported by the reporting Manifest Processor.
suit-crypt-algo-capabilities can be used to determine which profiles
are supported. Profiles are defined as:
suit-sha256-hmac-a128kw-a128ctr = [-16, 5, -3, -65534]
suit-sha256-es256-ecdh-a128ctr = [-16, -7, -25, -65534]
suit-sha256-eddsa-ecdh-a128ctr = [-16, -8, -25, -65534]
suit-sha256-es256-ecdh-a128gcm = [-16, -7, -25, 1]
suit-sha256-eddsa-ecdh-chacha-poly = [-16, -8, -25, 24]
suit-sha256-hsslms-a256kw-a256ctr = [-16, -46, -5, -65532]
These are each a list of COSE algorithm identifiers: Hash,
Signature/MAC, KEX/KEM, Encryption
A profile is supported if each of the COSE algorithm identifiers in
the profile is present in suit-crypt-algo-capabilities.
The SUIT_Capability_Report is not currently carried in every
SUIT_Report. Maybe it should be? Under what circumstances would a
SUIT_Report carry a SUIT_Capability_Report?
Best Regards,
Brendan
On Sun, Nov 5, 2023 at 3:04 PM
<dthaler1968=40googlemail.com@dmarc.ietf.org> wrote:
>
> > -----Original Message-----
> > From: dthaler1968@googlemail.com <dthaler1968@googlemail.com>
> > Sent: Sunday, November 5, 2023 3:40 PM
> > To: suit@ietf.org
> > Subject: draft-ietf-suit-report: result code values?
> >
> > draft-ietf-suit-report-07 has:
> >
> > > SUIT_Report = {
> > > suit-reference => SUIT_Reference,
> > > ? suit-report-nonce => bstr,
> > > suit-report-records => [ * SUIT_Record /
> system-property-claims
> > ],
> > > suit-report-result => true / {
> > > suit-report-result-code => int, ; could condense to enum later
> > > suit-report-result-record => SUIT_Record,
> > > }
> > > $$SUIT_Report_Extensions
> > > }
> > [...]
> > > The suit-report-result-code indicates the reason for the failure.
> > > Values
> > are expected
> > > to be CBOR parsing failures, Schema validation failures, COSE
> > > validation
> > failures or
> > > SUIT processing failures.
> >
> > However I don't see any actual values defined. What should this field
> > contain?
> > E.g., if an unsupported suit-cose-profile was used in the manifest, what
> > should the SUIT record have?
> >
> > Dave Thaler
>
> Another question: does SUIT reports intend to have a way to express
> what suit-cose-profiles are supported when an unsupported one was
> tried? If not, TEEP or other transports can have a way to express this
> but don't want to duplicate.
>
> Dave
>
> _______________________________________________
> Suit mailing list
> Suit@ietf.org
> https://www.ietf.org/mailman/listinfo/suit
- [Suit] draft-ietf-suit-report: result code values? dthaler1968
- Re: [Suit] draft-ietf-suit-report: result code va… dthaler1968
- Re: [Suit] draft-ietf-suit-report: result code va… Brendan Moran