IETF Logo Mail Archive

[Suit] Shepherd review of draft-ietf-suit-firmware-encryption-18

"Waltermire, David A. (Fed)" <david.waltermire@nist.gov> Sat, 04 November 2023 14:05 UTC

Return-Path: <david.waltermire@nist.gov>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B621C1B030D for <suit@ietfa.amsl.com>; Sat, 4 Nov 2023 07:05:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.108
X-Spam-Level:
X-Spam-Status: No, score=-8.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FROM_GOV_DKIM_AU=-0.999, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nist.gov
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CCO14xcgw40u for <suit@ietfa.amsl.com>; Sat, 4 Nov 2023 07:05:12 -0700 (PDT)
Received: from GCC02-BL0-obe.outbound.protection.outlook.com (mail-bl0gcc02on2119.outbound.protection.outlook.com [40.107.89.119]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9AEC1C15108F for <suit@ietf.org>; Sat, 4 Nov 2023 07:05:12 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WZm0i9n5E93cVXWyVuPbmnPfGTEAwv5IUga8FSV/yXXA3pgnTVbOqmrr2WJnszobWDYLZWnYRgx7wDFq1L3vjf6YOSERlzThJqQ/igpWMusICvsQqjLXbtq2O/MbIv+Zx7A5LRk6zJkTmLdQeZTBuZYTHxaI7cz6yR2Y4Ypd2JHMVIbD2QVOrQZ2+ewQGvy+RcyYBYstQGNIh55yLPmXXe7xjGC16voH/cpuiFeNcF86EJ9Gw1F1nR4zJW5eajZxp/Izn2ojBsAHjOE014VNbFyNTr9cZNCUdAMf2oVljhgnCBMRkW/+L7irSTD6H+rWRxb89fes9kPjNk/4em4J4A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=vKjI53mcYV888yMC9JaXWm/fvOk4m6l7pgza+3Fq0Ks=; b=ROSnI3RHo82wghUvdzQgO6CvyKVyK/1SSEDaqXpes2o/rRL5hme20lRr4nErP9gbBymRuB6SPB6gBHoHcaVPeqRbv/dGz3mYSv39GGbQsPdA+ms1HqMZpgkEtRHcq14BFlIyag5Z9YNMn4Q1DIYEAXtlLvjYUF/C6mFZtu7PdrXK9PJ6Iooz3DWCTKvAfikpvmUmiuPrs/S+wh60vxZKVoQswsoBCtrFvJxGM8c02GPoBmlFMANRjTI2ylcR+0GcoOQWCx8ePWaGQfxOFqTJyiadbbyXhP4D/Xas0VmgrTL/6iQ9Qcbw76M+yrjrpjTnXbwKj/tDFhi0lI0PU2xvcQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nist.gov; dmarc=pass action=none header.from=nist.gov; dkim=pass header.d=nist.gov; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vKjI53mcYV888yMC9JaXWm/fvOk4m6l7pgza+3Fq0Ks=; b=GgBv+DQbQed/wvUdfv4BW9wZF4+D4928KaJk3KAKK3xd1kW7N3o4gKByvhPK/GDAG7kJCxDQ6/PIkU2t28splyayLppoRKlcLOmzocKHO4Uzf2nkCmvP5J81rdVvK5mzqIBgfHlwzTGics3T8ijGpQkEqDWPy5AvzF6xO757mGhm57xKfuIMwjPHpjNCY1aoAN7VDmLHpBfdsKHy7WbEvqx3/vfMZWYfZMg+BZEeZOdqkvp0XFGqjmEYS/yWYkUM/X1jk8Lzm9jcF1gFLfs5ql1d0EDYXN6Gyucj/cefbKtJdFddJROUJWMsLpjcype172Kdom+dpe5bdnG6CIHzFQ==
Received: from MW4PR09MB9886.namprd09.prod.outlook.com (2603:10b6:303:1f0::5) by SA1PR09MB9879.namprd09.prod.outlook.com (2603:10b6:806:28d::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6954.25; Sat, 4 Nov 2023 14:05:07 +0000
Received: from MW4PR09MB9886.namprd09.prod.outlook.com ([fe80::7f14:9331:f574:8469]) by MW4PR09MB9886.namprd09.prod.outlook.com ([fe80::7f14:9331:f574:8469%7]) with mapi id 15.20.6954.025; Sat, 4 Nov 2023 14:05:07 +0000
From: "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>
To: "suit@ietf.org" <suit@ietf.org>
Thread-Topic: Shepherd review of draft-ietf-suit-firmware-encryption-18
Thread-Index: AQHaDyC2eitzcH8hlkOwVxXC0XbJ8g==
Date: Sat, 04 Nov 2023 14:05:07 +0000
Message-ID: <MW4PR09MB9886AFB9C64297ECA3D967BCF0A4A@MW4PR09MB9886.namprd09.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nist.gov;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: MW4PR09MB9886:EE_|SA1PR09MB9879:EE_
x-ms-office365-filtering-correlation-id: 7a18eda3-590b-4c4d-daa7-08dbdd3f0d12
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: q8wrw4eDWRtXqQ/U9b4FlAfsvpbQUbsBWRWG2XVVAgxrGEamRxa8+NCbh0D0+xCKVab54O0InV3W5ABR0O6ui4R2QpQXlwN2bDlwKt70Hf0f3ASs43MwLlqHm632IlbnvTwReDMpS+eT8KOI9v3AHtQDiqryg4EvHNnhhcr3qlbNZ7u4IubiTl6j/KmIrLaXQjGf2Jhk7JiH52AcATcOzGc4mfP2Zf36TgP8rjYo3RMZ9uZFl0E1NWfE7X+moJlBm/JejmA/iCm1W6N0KYN/KmcbC+1ZDEbj/CZzgrBQJsYbgqWe0Do182fbc8ppoFTyZfCn4yVCwoRm3LFRFoVIPyZagH6o8QYCM3CS3n9f/rwGo0rjOwfS4814PYsJiGH74sNXf7a+7+rByVjyFwn5jsc4S7lb6FfJXvCftt3T45VqxVsGZidDz208AhLiNuDt0/Zub3BQij/yFg/PGuRKC24mteTrVbp260LTT+P87Rfd7iMdkTWMzud6x3hb/AqoXzWi33hfPUPuZpGrwDpkL80601IxvzqDxyaLwH73/xuC4lKth+lIDp+bew3upxHxV+mOw9msHiN9nOJuLx+dV0xqQIz0TYm8aVkBxlva7DA=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MW4PR09MB9886.namprd09.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(366004)(230922051799003)(186009)(1800799009)(451199024)(9686003)(498600001)(71200400001)(6506007)(7696005)(83380400001)(2906002)(5660300002)(52536014)(91956017)(76116006)(1015004)(64756008)(8936002)(8676002)(66556008)(66946007)(6916009)(66476007)(66446008)(38070700009)(166002)(82960400001)(122000001)(38100700002)(86362001)(33656002)(55016003)(19627405001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: PLhRsmHe18E79bOnzpK4JwxYM0SmCy+Y0WtF4nTaOoyja45U33CiSk9/gkZwI4hKI3Rx/Qj7kEauSkn0V9ylSPu0/zNYgsgMZC5uGSEUYWfYD9fBfQAGdnHj5JCGXBfDBrOji5TGmpG5/KbtniqB38BDjcW+Tq4XkYYTm0jOYEo5uZUa4LqXUkkyIlDWV4QrByH2aCWW4PCo0D+eiiDVw5La55tWhJwK/8uSWTBRHWrjqPOklLyiZEDtlbrC6cxbGOAzcT6CKzWAUoI8rSf9tXAYD7/+CSIY3MOQKkF3Qeiyif4CU9/2tram8aeO6uqOs/PeRQH/9oWgRUeKJsxgw52jHEY46+6FAmsukC4y4NWHAuJkeluORMsYODltniWJjQhwqT5egAQtqq82PLE0W4giv4tPqSFDZSCX7+dGTECHc8PjNPRDDaFmprSCd51WfaUcZ44BjG89SZ99ICWCO0RYog2BbShHdfwZhf3UtzfFmKuS8d3tVDnwMwSgiRF4YIvjDU1kNAN32HE7AMA+CNy6LSJHDBdpege+cg4OHAgYjrolMtHMLJiKnWHHWqKqc0MO+9jGyMOpsks3wVnN2ks0YtJk2roNg+B1PhQ0YaxaJiG8YzB0F5DSns5wfX337e93tJE3CR+L/BHQ+cjxGcO4Sc0Y4UA6PZu3NgAkqANQK+LVMv8nxINqVRRBOqKYxVT0PrEuLjo1RMziuM63yZYhzA3Fk+QYmvHYF9tPXb4kI9C2FSJGTdV7GQTZ/+TGFmsjySR4oqXpPE5x/PygSVMqRtPqze66486mwYQk5KW9Zgx+CV0WRxlUqou7H7aQJQEkVEfafXq4tcq6C+qDY7OdSFZ2VOERguHiTJ+6tjQOj8WujQ+mX9OoZMEvYxKeR6KJsZHz1hkRXMkWbB/p1f73xqVDFYiHLwsE8CcocLX6QqcwDBJV+hQttM3xUKRlOvcTgF5ZxiQ+UbJFGGenczOmMv4kmy5EqLJEDNAKR6a2zjTpRbwYcRnxY6c6aW37CO1O+a7r0Nz/HnaKFPiXDymp/HIAHJf8mFZy1kt+Or9oAbZHoqYDGoSbaWvPQcjNdHneVusBaMtseegOtqhUhzD/wXy2a0tvAnmiJ6rszVNcKePwYm2MZLuRKDsNzxqu+9KlzjhYq6zEr93XfN3w6Q1Zsvsdzp/thvKGIVjoaxNPplhynIcq1Et5qgvokCFJHljeG5LWb68+CSnZsoT6yJX2l9mTTwpH/OzeAfIfi3537X0xQ8qdeOxo9R5RtTItq+/Gi2kvD9PP92I/EdMa1eZ1n3lMk8Qfpbl/s18rv/rQozkAPqLaTB4IcrZawGRbJVg4a4goXJCe5lY8c3ir4vmgcq6jAzNvfj4Th6XNIaaBaKzzz5gC4Fv4GdtyRqK6/f2qJtRJu/5eQF9WE+D5wM5HyygF3ElvO3J4MJoaqsCQS0AFDnMUbPQLZ+EYrl3hANkyWBUcuriMUfe3+fBrzU1w3ULR/h5DsqaqhNc/8KsqQXGFMaqJNOlUGnIrgN42/gEg0gOZ5tt43Vu8nCWwlJfUNvV1qW0ajdeMPfgDkm/ko1e2MQ4rfDXFEeqBm9Az
Content-Type: multipart/alternative; boundary="_000_MW4PR09MB9886AFB9C64297ECA3D967BCF0A4AMW4PR09MB9886namp_"
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MW4PR09MB9886.namprd09.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 7a18eda3-590b-4c4d-daa7-08dbdd3f0d12
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Nov 2023 14:05:07.4638 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR09MB9879
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/1ukuEbewrOPyehFWDlVwrFS2kQo>
Subject: [Suit] Shepherd review of draft-ietf-suit-firmware-encryption-18
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Nov 2023 14:05:16 -0000

I am reviewing draft-ietf-suit-firmware-encryption-18 as the document shepherd.

I have the following comments at this point:

abstract:
- "for encrypting software, firmware, machine learning models, and personalization data by utilizing the IETF SUIT manifest" I believe this text should be a bit more open for future consideration of other types of information that might be contained in the manifest. Sugegst the text be changed to "for encrypting software, firmware, machine learning models, personalization data, and similar information" by utilizing the IETF SUIT manifest".

Section 4:
-  "An implementation claiming conformance with this specification must implement support for these two parameters." I think the "must" should be capitalized here.

Section 6:
- "It must be ensured that the guidelines for random number generation in [RFC8937<https://www.ietf.org/archive/id/draft-ietf-suit-firmware-encryption-18.html#RFC8937>] are followed." I think the "must" should be capitalized here as well.

Section 7.3:
- This might be better to appear in the security considerations section, since this is a security consideration.
- "operations took place" should be "operations take place"

General questions:
- Sections 4 and 5 are limited in normative requirements. The CDDL is effectively the expression of the normative requirements; however, we don't state this. Perhaps we should add some normative text around the use of the TBD19 tag and any other required syntax?
- Has anyone, other than the authors, reviewed the examples for correctness?

Regards,
Dave

v2.23.0 | Report a Bug | By Email