IETF Logo Mail Archive

Re: [Suit] Packed CBOR

Michael Richardson <mcr+ietf@sandelman.ca> Mon, 10 August 2020 16:14 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE59D3A0854 for <suit@ietfa.amsl.com>; Mon, 10 Aug 2020 09:14:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PI1MWEseuEcV for <suit@ietfa.amsl.com>; Mon, 10 Aug 2020 09:14:22 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 89A0A3A084A for <suit@ietf.org>; Mon, 10 Aug 2020 09:14:22 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id DF101389DC; Mon, 10 Aug 2020 11:53:35 -0400 (EDT)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id RVbZyDU1vJyS; Mon, 10 Aug 2020 11:53:34 -0400 (EDT)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 68EB0389DB; Mon, 10 Aug 2020 11:53:34 -0400 (EDT)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id E4479724; Mon, 10 Aug 2020 12:14:17 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Brendan Moran <Brendan.Moran@arm.com>
cc: suit <suit@ietf.org>
In-Reply-To: <7C066E44-8C55-4229-993A-28FD0572992B@arm.com>
References: <7C066E44-8C55-4229-993A-28FD0572992B@arm.com>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Mon, 10 Aug 2020 12:14:17 -0400
Message-ID: <26224.1597076057@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/1lWvL4h0JXD1e1rkxp4hDmftYpM>
Subject: Re: [Suit] Packed CBOR
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Aug 2020 16:14:25 -0000

Brendan Moran <Brendan.Moran@arm.com> wrote:
    > On Monday, Carsten presented Packed CBOR (draft-bormann-cbor-packed-00)
    > at the CBOR working group, which adopted it. This is an extension to
    > the CBOR standard (RFC7049) that enables “packing” of CBOR objects
    > using a CBOR-based dictionary compression scheme.

... given 10 days since this discussion started...
I am enthusiastic about Packed CBOR. But!

    > If we were to adopt it now, this would cause two substantial changes in SUIT:

    > 1. Removing several existing SUIT deduplication mechanisms.
    > 2. Placing a dependency on draft-ietf-cbor-packed-00.

    > Both of these would delay SUIT.

And the delay would be hard to predict at this point.
The architecture is up for the call this Thursday, and it seems that the
Information Model ought to follow "suit" (pun intended) very soon.
I believe that we pretty close to done? And I think the market is waiting.

    > It would have benefits:
    > 1. Simplify the manifest structure (complexity moved to packed cbor)
    > 2. Make the manifest smaller

Given that the network impact of firmware is likely dominated by the firmware
itself, saving bytes on the wire does not seem worth the hassle.
As we have a partial solution, how much savings in the manifest itself would occur?

The major benefit in my opinion is really (1).
We get the benefit of research into better compression mechanisms.
This also simplifies the effort on the part of auditing entities to
comprehend the variety of manifests they get.

From the point of view of the third party entities, the out-of-band
dictionary is the archilles of this proposal: will we (SUIT) have a standard
dictionary?  Will it be vendor specific?  Will specific verticals (TEEP)
adopt a dictionary?
Should the SUIT manifest establish a specific CBOR version which it expects
full support for? I think so.

    > I see several options ahead of us:
    > 1. Make no change, apply packed CBOR as and when it makes sense.
    > 2. Make no change now, but plan for a v2 SUIT manifest draft
    > 3. Adopt packed CBOR & simplify manifest now.

    > Option 1 is somewhat problematic in that it splits the ecosystem we’re
    > trying to create. Option 2 does the same, but provides more benefits. 2
    > is arguably more detectable, since it’s easier to report manifest v2
    > support, than to report support for a specific CBOR tag within the SUIT
    > Manifest Processor.

Option 2 is the best.
When you say we have re-invented things, do you speak only about Common
(5.4.2 and 8.7.2)?

In the current document, it could be worth adding some text like:
  Future evolution of CBOR may include generic mechanisms to do compression,
  such as [non-normative-reference-to-CBOR-Packed].
  Manufacturers can decide to leverage new mechanisms as soon as the
  devices for which they are providing updates implement the appropriate
  decoders in their update process.

Or maybe we do not say this, but rather this is a reason to bump
suit-manifest-version in the future.
It might be worth some text in 8.6.1 about what to do if you see Version 2.

--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-

v2.23.0 | Report a Bug | By Email