IETF Logo Mail Archive

Re: [Suit] Parameters and Commands

Brendan Moran <Brendan.Moran@arm.com> Thu, 27 February 2020 16:23 UTC

Return-Path: <Brendan.Moran@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 77EED3A0C00 for <suit@ietfa.amsl.com>; Thu, 27 Feb 2020 08:23:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=gTAKtCWs; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=gTAKtCWs
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id upCI7zPpSZxC for <suit@ietfa.amsl.com>; Thu, 27 Feb 2020 08:23:39 -0800 (PST)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2056.outbound.protection.outlook.com [40.107.21.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 71A043A0BFE for <suit@ietf.org>; Thu, 27 Feb 2020 08:23:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=bLfuFnu93tuGrxCUKiBtNrNEpfkjjc2FXLj+RhfBgts=; b=gTAKtCWsnbbVn+1hRIUJFoql6eLFCZ4IaVG4gG9BPMjGkFFooeP9PSxl7J5UJjUfFdKqbmXc7/KaS6l7PSv+uzBM2MlD34SCFAt/3bxACb8DRae00YYUiO3SCxy1Dmv6plpiYlh/w1/kCptADR+Z8I1HC9C70oMBeCp67a423DM=
Received: from AM6PR08CA0023.eurprd08.prod.outlook.com (2603:10a6:20b:b2::35) by HE1PR0801MB2075.eurprd08.prod.outlook.com (2603:10a6:3:51::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2750.21; Thu, 27 Feb 2020 16:23:34 +0000
Received: from AM5EUR03FT040.eop-EUR03.prod.protection.outlook.com (2a01:111:f400:7e08::200) by AM6PR08CA0023.outlook.office365.com (2603:10a6:20b:b2::35) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2772.15 via Frontend Transport; Thu, 27 Feb 2020 16:23:34 +0000
Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=bestguesspass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM5EUR03FT040.mail.protection.outlook.com (10.152.17.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2772.15 via Frontend Transport; Thu, 27 Feb 2020 16:23:34 +0000
Received: ("Tessian outbound 846b976b3941:v42"); Thu, 27 Feb 2020 16:23:34 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: 0295a7177fb70892
X-CR-MTA-TID: 64aa7808
Received: from dcee3e784925.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id ACD381B4-E9B1-446A-9BCC-956EE49B6D8F.1; Thu, 27 Feb 2020 16:23:29 +0000
Received: from EUR02-HE1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id dcee3e784925.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Thu, 27 Feb 2020 16:23:29 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=HHW1kdIKRzX1qZ8KsYTj16isdRL9WToYDfwivu5A6CVWKqbOBoHU2zQREKedoY4RQjNZxoGIkmgZPTVRl6salvgajTpV5gQk5blXwKt8GUW120EN8+tJ1V1QoFDpEev4S1eepBrDU7bWzu0Wm4Jn2O4bL5QMMQlyj4A0uw/SIyW7ND9Pp08QDvSoE+NffJtBR8BsUTLmTEdR4emEnnhvy/znOyiE2MFhmmAaWO+o8oR86VdiBosMeINpnPMI5smeeTu0Iy0JGYQ/YyAjlySDX1ShfVtFZSu131pb+EQSRVCrk/TUb3cjHBfKcAfMdRVwr78wo3LOAiGfYxh/xwgo8w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=bLfuFnu93tuGrxCUKiBtNrNEpfkjjc2FXLj+RhfBgts=; b=h3HClQKD62GYAC01rD1wNlmJu/A3FTFKenEpsx/xncoslewDKAUMvyj3/8lzOBFMPB4EMLG9vlqfYVzN7rQCTA+6k37wNUEYPSBZnCFABDN7nr7WtbTARlvcA7W9XDBCrP2HzqyBniSfByCbwCQqVdGjKCEdLtaNMpr2sCF6bEG1/QTXbbrHDzsozn9+fpLIyueRnyzO/lvJAViW3HAj1MlDi/C6VHd5Y/4sPOBZwXJl3Nxxb2QAkXzsI5FsZqzorQsvwuvMeFtTxohTx/p3Q7asaoaSnuZ5TWoWYY5mcYzYbuk4dBy2Hu47cLBL/482WDj/as5UvZlGhcAcnlAdjg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=bLfuFnu93tuGrxCUKiBtNrNEpfkjjc2FXLj+RhfBgts=; b=gTAKtCWsnbbVn+1hRIUJFoql6eLFCZ4IaVG4gG9BPMjGkFFooeP9PSxl7J5UJjUfFdKqbmXc7/KaS6l7PSv+uzBM2MlD34SCFAt/3bxACb8DRae00YYUiO3SCxy1Dmv6plpiYlh/w1/kCptADR+Z8I1HC9C70oMBeCp67a423DM=
Received: from AM6PR08MB4738.eurprd08.prod.outlook.com (10.255.99.138) by AM6PR08MB3717.eurprd08.prod.outlook.com (20.178.91.87) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2750.21; Thu, 27 Feb 2020 16:23:24 +0000
Received: from AM6PR08MB4738.eurprd08.prod.outlook.com ([fe80::7960:8949:a754:4288]) by AM6PR08MB4738.eurprd08.prod.outlook.com ([fe80::7960:8949:a754:4288%7]) with mapi id 15.20.2750.024; Thu, 27 Feb 2020 16:23:24 +0000
From: Brendan Moran <Brendan.Moran@arm.com>
To: Adrian Shaw <Adrian.Shaw@arm.com>
CC: suit <suit@ietf.org>, Koen Zandberg <koen@bergzand.net>, Emmanuel Baccelli <Emmanuel.Baccelli@inria.fr>
Thread-Topic: [Suit] Parameters and Commands
Thread-Index: AQHV7XQQ5gRwvIJ0lUyjBRqJJXWLg6gvGNGAgAAgvYA=
Date: Thu, 27 Feb 2020 16:23:23 +0000
Message-ID: <D2CE89E8-BCBA-4BBF-BCAD-2A2C2A558786@arm.com>
References: <27913A6B-F42C-4AA9-8A7A-64B1D546C13C@arm.com> <5CBBCF38-5431-4BF7-891D-E4451ECDEAC5@arm.com>
In-Reply-To: <5CBBCF38-5431-4BF7-891D-E4451ECDEAC5@arm.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3608.60.0.2.5)
Authentication-Results-Original: spf=none (sender IP is ) smtp.mailfrom=Brendan.Moran@arm.com;
x-originating-ip: [217.140.106.51]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: b3760377-3652-4085-0cf6-08d7bba1646e
X-MS-TrafficTypeDiagnostic: AM6PR08MB3717:|AM6PR08MB3717:|HE1PR0801MB2075:
x-ms-exchange-transport-forked: True
X-Microsoft-Antispam-PRVS: <HE1PR0801MB2075D9E8FB35B1170EEB6455EAEB0@HE1PR0801MB2075.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:10000;OLM:10000;
x-forefront-prvs: 03264AEA72
X-Forefront-Antispam-Report-Untrusted: SFV:NSPM; SFS:(10009020)(4636009)(366004)(376002)(39860400002)(396003)(346002)(136003)(189003)(199004)(4326008)(6636002)(53546011)(6506007)(6486002)(6862004)(66556008)(91956017)(76116006)(26005)(64756008)(66946007)(66476007)(186003)(86362001)(66446008)(71200400001)(37006003)(478600001)(8936002)(8676002)(966005)(81166006)(316002)(2906002)(5660300002)(2616005)(6512007)(54906003)(33656002)(36756003)(81156014); DIR:OUT; SFP:1101; SCL:1; SRVR:AM6PR08MB3717; H:AM6PR08MB4738.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: qicVaajW35abDEs9YyOW2sFTZKuIW/dkvdD63ecLMiP/vWYt9bRUVBC80Xdhr97jq/RUtrjW+MbO7j71tm9QeG1iylHFA4LqWX/IJkcoaa2osOjYNUXI26dePZ3sFz30MKhP8UTTDPxFOz6doR/MXDh0CMkxe0aQm6+hEnkpnP4ri8/QSs75yjOvTIm4Z+DJ4WeAJOHCPH9d5twJnrRAuAyQqAd7IK3X+cP0wKdAFGuW7kcW9MpkHU0EudUlYw6Y6x4nnHtJx3NXNCA6DxI+k8j6SbCSPiCNbh6mC1OXKiYVLH/hn61IdVIHiSZ/TOt84Q82TSLsC0KA4M2wR0zrP4KJ6uOsyL0qDEbTvAI1Tnmjge2Vt+FNtS+Spa9Zj4PFr5tQ5UJGy0kgYqP/raQRclajNPp4THOMzan++/YkBlEz3qEkD2Tiie55WNBh8FrQBVPvqD1ThnSirMLAX3GuK7OBzHJSu0TL0r6k+/sLPPwXmszn5if/a907faanFlbOAwmh5ypvDmnVw1knQh5uFw==
x-ms-exchange-antispam-messagedata: /nbXUN62EMyPYvavNK8cD77uL1kwY0jREMGBLDvRxO0BsmX4YgrD6pbSjSBBAUTx7PQa3rGXsiE1RlE8+TCKVsTHAsZq+VP29aeyeUvQOIs0O8qZD/a/WAxTDXIbYVrk51p3aGtZj+3nXam3TBjlFg==
Content-Type: multipart/alternative; boundary="_000_D2CE89E8BCBA4BBFBCAD2A2C2A558786armcom_"
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB3717
Original-Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Brendan.Moran@arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT040.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:63.35.35.123; IPV:CAL; SCL:-1; CTRY:IE; EFV:NLI; SFV:NSPM; SFS:(10009020)(4636009)(136003)(396003)(346002)(39860400002)(376002)(189003)(199004)(37006003)(86362001)(70586007)(4326008)(30864003)(316002)(36756003)(54906003)(6512007)(107886003)(70206006)(5660300002)(36906005)(6486002)(966005)(2906002)(336012)(6862004)(81156014)(356004)(26826003)(33656002)(478600001)(2616005)(8936002)(33964004)(53546011)(6506007)(8676002)(26005)(186003)(6636002)(45080400002)(81166006); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR0801MB2075; H:64aa7808-outbound-1.mta.getcheckrecipient.com; FPR:; SPF:Pass; LANG:en; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; MX:1; A:1;
X-MS-Office365-Filtering-Correlation-Id-Prvs: 14e7767e-9c03-4d72-5e5a-08d7bba15e28
X-Forefront-PRVS: 03264AEA72
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: bPIWP6xoe/gq21blnpSZspyNTeF8wBI1CwLdEuO7fYxUNR9EzVdKzpT3josYDfYrTGifrl6ODBzLMeNpPq2bm+hmOcyuq5H4vEAgiLi3PtkHkIu9JGm9MUAPWdCNdFf4g1//NpPI9m1dSKCe97Bdpry2LF3NA2lun0h/aTcSkHmb2KcaDhpDxlJksN45dyIJwYnztSD/3x/T/bNjclmIewoBzKYbHRGZlcm96MpXiX4Im5n4NU/Kx3Hja2mbWwx9AWqhxefa8XOq3Z0l/De2dhAezAR491jpq8oKU6gPYt+ax/QuZ6nJN78mzVClNBHD9Z3O2SgEmD8FcWM4IYQmT8BHFkt2ujt2p9ZnH0cIV9S6FlvigoUZab99na3PBNmxWvryocXHSW8ytDhCqLWNWLGhdFuI2MB5jXV4GYAkdaBMahrjkZ/q4f0f4od9ZWznzO58P0yhKDMjU04ueNUdO50YRPafI7alCEZl74zhdase/2Pq/IluSYNJFKuIcumzi4+4Ulo9BJDihtQzkABICw==
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Feb 2020 16:23:34.4526 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: b3760377-3652-4085-0cf6-08d7bba1646e
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0801MB2075
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/3Rd4hZ_DgBPkeXE8j3uJMgSzolw>
Subject: Re: [Suit] Parameters and Commands
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Feb 2020 16:23:45 -0000

Hi Adrian,

I think I have not explained the idea behind this attestation policy concept well enough. The idea here is that the attestation policy for a given component is defined by the signer of that component. The loader/verifier of a component is the one who executes the policy. This allows the loader/verifier to apply a super-set of the policy if appropriate. For example, BL1 loads BL2. BL1 trusts the author of BL2 (which is the basis of secure boot). BL1 executes the policy laid out by BL2’s signer. BL1 could additionally mandate that certain items in BL2’s policy must always be attested, such as the digest of BL2, refusing to boot the device if the attestation policy is wrong, or overriding the manifest’s attestation policy.

I don’t believe that this introduces a privilege inversion.

There is an additional point that may not have been clear: The verifier of the attestation report requires a policy to verify against. Where does this policy come from? It could be a (Co)SWID. It could also be the manifest itself. Regardless, that must be signed by some authority. Which authority should sign the (Co)SWID? Is it the same as the Manifest signing authority? Or at least derived from the same trust anchor? If not, why not?

Finally, there is the question of how an attestation report is verified. If it is verified against the manifest, then the verifier has the opportunity to examine the policy set by the manifest. This means that the verifier can detect any “opt-out” scenarios as you describe them.

Does that make sense?

Best Regards,
Brendan

On 27 Feb 2020, at 14:26, Adrian Shaw <Adrian.Shaw@arm.com<mailto:Adrian.Shaw@arm.com>> wrote:

Hi Brendan,

We have also discussed the possibility of defining attestation policy within SUIT. This would mean that we need flags to indicate to the parser which measurements should be reported. For example, a Vendor ID, an image digest, or a component offset might need to be reported in the attestation report. Each of these is checked by a condition. Each of those conditions will consume a parameter under this model. Then, the argument can indicate: report a measurement, do not report a measurement, report a measurement only if comparison is successful, or perhaps other attestation-related policies. Bear in mind that attesting a failed condition may be helpful for attesting why a manifest has failed, as we discussed in the hackathon and virtual interim meeting.

To me it doesn’t make much sense for the signer to define the measurement policy. The signer shouldn’t be trusted for that particular purpose.

Just as a simple example:

If a signer of a non-secure image decides to say "don’t measure me”, and the platform blindly obeys that directive, then the platform cannot accurately describe what the software state is during an attestation.

Alternatively, the manifest may decide to tell the installer to measure things that are not security relevant, whilst deliberately avoiding the parts that are security sensitive. Yes, the metadata is signed, but that only tells you who made the image. In the real world a firmware image wouldn’t tell a secure boot system what to verify and what not to verify, and is a similar case here.

There is also the possibility where, for some particular scenario, you don’t necessarily trust whoever signs the non-secure image, but you want to be able to convey to a remote party what image _is_ installed. In this case, you shouldn’t be trusting the measurement instructions from the non-secure manifest.

In essence, the thing being measured should not have any influence on the measurer, since that would not be a chain of trust. It should be the root of trust’s responsibility to decide what is reported.

Let me know if I’ve misunderstood something, as I may not have the full context.

Cheers,
Adrian

On 27 Feb 2020, at 13:44, Brendan Moran <Brendan.Moran@arm.com<mailto:Brendan.Moran@arm.com>> wrote:

During the hackathon, I discovered that my examples and my manifest generator tool are generating incorrect sequences for testing vendor ID and class ID.

There are currently two ways to handle commands (conditions or directives):

  1.  The command consumes an argument (that is the value that follows the command's key)
  2.  The command consumes a parameter (that is a value set by the “set-parameters” or “override-parameters” commands)

This duality led to my error in setting up the Vendor and Class ID tests in the demo code.

The reasons for each mode are:

  1.  Command consumes an argument
     *   Encoding is more compact (encoding via parameters takes 2-3 more bytes, depending on the situation).
     *   Less storage needed (the argument is consumed immediately)
     *   Does not require matching parameter key
     *   More explicit association between command and argument
  2.  Command consumes a parameter
     *   More compact when the parameter is used more than once (e.g. image digest)
     *   Allows override by dependencies, when set-parameters is used


We’ve talked before about “only one way to do things” and I think I can see a path to making that the case here. Here is my proposal:

Commands consuming a parameter are absolutely necessary due to override and deduplication concerns. Conditions testing against an argument are convenient and more explicit. Therefore, harmonising around a single option probably means that we have to select parameters instead of arguments:


  1.  Eliminate arguments from most commands (see below)
  2.  Match most parameter keys with command keys to simplify the association, make “arguments” more explicit

Only these commands require arguments, since they either deal with setting parameters, setting parameter scope, or with flow control, which requires nested command sequences.


  *   Set Component Index
  *   Set Dependency Index
  *   Set Parameters
  *   Override Parameters
  *   Try-each
  *   Run Sequence
  *   For Each Component

This leaves the majority of commands with NUL arguments. This is actually quite useful for another feature.

We have also discussed the possibility of defining attestation policy within SUIT. This would mean that we need flags to indicate to the parser which measurements should be reported. For example, a Vendor ID, an image digest, or a component offset might need to be reported in the attestation report. Each of these is checked by a condition. Each of those conditions will consume a parameter under this model. Then, the argument can indicate: report a measurement, do not report a measurement, report a measurement only if comparison is successful, or perhaps other attestation-related policies. Bear in mind that attesting a failed condition may be helpful for attesting why a manifest has failed, as we discussed in the hackathon and virtual interim meeting.

If we are making the majority of commands are using parameters instead of arguments, this becomes trivial: the arguments are replaced with attestation policy arguments. This allows us to tell the attestation engine explicitly what to report from the manifest, which allows secure, dynamically updatable attestation policy.

This doesn’t introduce a substantial change to either the parser or the format. If there is some appetite for simplifying the correlation between commands and parameters, I think it might make sense to spend some effort aligning parameter keys with command keys. This could simplify the parser by allowing a generic parameter lookup to be done in one place, rather than by each handler.

Best Regards,
Brendan
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
_______________________________________________
Suit mailing list
Suit@ietf.org<mailto:Suit@ietf.org>
https://www.ietf.org/mailman/listinfo/suit


IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email