Re: [Suit] Follow-up AD review on draft-ietf-suit-manifest-24
"Waltermire, David A. (Fed)" <david.waltermire@nist.gov> Mon, 05 February 2024 21:18 UTC
Return-Path: <david.waltermire@nist.gov>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F77CC14F6A5 for <suit@ietfa.amsl.com>; Mon, 5 Feb 2024 13:18:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.107
X-Spam-Level:
X-Spam-Status: No, score=-8.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FROM_GOV_DKIM_AU=-0.999, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nist.gov
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vqlFU-mJJehZ for <suit@ietfa.amsl.com>; Mon, 5 Feb 2024 13:18:38 -0800 (PST)
Received: from GCC02-DM3-obe.outbound.protection.outlook.com (mail-dm3gcc02on2080.outbound.protection.outlook.com [40.107.91.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2144DC14F69E for <suit@ietf.org>; Mon, 5 Feb 2024 13:18:37 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CKPEBGbQ4jrrdeoaziX8y+CY0LOxjV0xgCvLF4GbILF4xoqqG2N1YnsubD5Ps6vNwblt2VFN0zSaEg7I0WtwiykTupbEDBaae3YA7fxjwCWI+P3UCNs8uQTFqSgsPI8LhKX3B9O8d5Ch9DYqtU9aHSadHRlEdrS7fVU5++dgySuaApOTEJ6ZGtMHj6hoHzGwKay2GynO2iZ1CA58pStUW/LAns/mjvwrq5BRT0zWSkoWoH6XDU7k4vgl8hOZUgZ8Z8UPD/RPd5FYBogLEcgvVP01K5W1bjs8xoM1nf1dV+pqm2VqMrofwVzFKFJvmFKC2FJ6KLuSrBIHUFEoZWfnmg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=+DZDkEiw9RZzJMoGFp1VD/LUMCiOjpLHaQHq2AXtCjE=; b=DtD05xxNU7AoYGsYYXZnQ0/vLrthpYCzUMtXgtQntH4NnIcf2g6J7FgbFJDRtObkEzCI4B6a+zGIOQRHcrtrSOAM619WfjAatmyAlvO9OdTTcXiQHc//vH9QIVdOdlLHyJ2Z28WjfWGKWVb7AjIgMDTjDIYvv/brUFWCXnJDToKpq5MegTJoUwhqdnG4lAuYNnq+WiklmbuC6Kg+6IJBUYYP+cHlZjpEkrM8zYOi7vwNezU4kOoTKqLWJVtfiKEHTGbFRG0tSPJIdejLbNvhyEIxVORq9g8GHHp6rzEPgZsrogzoeANM6WsBwdT76td9D8i8VddGq4INJzzC5s+thQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nist.gov; dmarc=pass action=none header.from=nist.gov; dkim=pass header.d=nist.gov; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+DZDkEiw9RZzJMoGFp1VD/LUMCiOjpLHaQHq2AXtCjE=; b=QyqPzDITQAbZ2LJS10yanyyEcoZO13yvDP9havhpAn6n4QlRVa2Iw6KNSgszkGkT0nUAs5Q4izkAeMy2lD8Y948/cEVNjVBfnv4ZATHjblt7YuZWT4+AZAr9GaFGJ+6fyZTN+PeX22v3NQaIUpa1JjuLeK/Of+bbT/N5XC67XZzVw+NbHD5llW+lUrGNmii8Tu40eTuen8xK098VP/PIu0pFSoXtESy0cQsX3BReJRDmCAB11tfMHGjcjqqVvmIf6CpDlig++9hgBcFCMfXekFIXV0sFN3i7V+qCMvSATrzHSLlys502AwSavuqRCjEGoLv2KHr3RDtQBCdKrSRvew==
Received: from MW4PR09MB9886.namprd09.prod.outlook.com (2603:10b6:303:1f0::5) by MW4PR09MB8978.namprd09.prod.outlook.com (2603:10b6:303:1f6::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7270.17; Mon, 5 Feb 2024 21:18:35 +0000
Received: from MW4PR09MB9886.namprd09.prod.outlook.com ([fe80::2f3c:a342:f6a4:aa29]) by MW4PR09MB9886.namprd09.prod.outlook.com ([fe80::2f3c:a342:f6a4:aa29%4]) with mapi id 15.20.7270.016; Mon, 5 Feb 2024 21:18:35 +0000
From: "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>
To: Brendan Moran <Brendan.Moran@arm.com>, Roman Danyliw <rdd@cert.org>, "suit@ietf.org" <suit@ietf.org>
Thread-Topic: Follow-up AD review on draft-ietf-suit-manifest-24
Thread-Index: AdoJ++6dvEzpnWQCSPWY5QTaTbOuuBL7ulCHAJXnY3QADYDcMA==
Date: Mon, 05 Feb 2024 21:18:35 +0000
Message-ID: <MW4PR09MB98864B8AEAE2EC50A2F351F4F0472@MW4PR09MB9886.namprd09.prod.outlook.com>
References: <BN2P110MB110702374844312296933A93DCA2A@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM> <VE1PR08MB55810C3ECF410AAA769A81CAEA422@VE1PR08MB5581.eurprd08.prod.outlook.com> <VE1PR08MB5581399899AE68E8C95398D4EA472@VE1PR08MB5581.eurprd08.prod.outlook.com>
In-Reply-To: <VE1PR08MB5581399899AE68E8C95398D4EA472@VE1PR08MB5581.eurprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nist.gov;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: MW4PR09MB9886:EE_|MW4PR09MB8978:EE_
x-ms-office365-filtering-correlation-id: e9291005-e2a1-4dbb-635d-08dc2690033e
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: WRGTOS94EVA9WdLDNOXPQHniQH2cQ3ZAq8MxZQ8idWhp41Iw4jh5pMvnbeM6XIFnzTdSzZdNI+2sNTr6jN1jWUBVPKVtZbyj0Fw6EjW7b442R2q3Xvg6x+qaFgXAnJSwV4rvUbPx9cp4eKGNCy3AkTpQl34T3Dur0EmqknAPTqZoiJyPxqvKj5/YfeR0tpQSgRHptHDolejrDVEWIJP13MrLsDF4z/EhRyAMPgJNhO3hud71HePw/1hlBDpdX4W7dDOUxQSiuNh9jM55mHJxfk33XjCjyPHlfU+7waIkJf8bU199JM4114jKa5U7kFiQzvO3Vtj/EgriFOV/QWnhmXQ9DIPAO3JvTAYhL17nalqHktpeyfVi4GzqUVnR0Tlh782a8pZ/yxyGFNlh5L6rkhgo2DSGB3gpfIR9Aq1aWHWBApl5OxDd6XS5oHfadVhPUFRCDIIlAoJ4sicggE7AZQ668YaJAnAsjTTe1JNHj/ob90Do3gZpnouvCc16i9FJUG4xHn9O1GSYJ5wMJY5PUB8EXl8UV0Nxj/abnUYv7EvQIR3zX3PHfHItL+VX9dSPKPJOXnJEdMY75oN4NKSAwbL7wWV7WiA28O8jYgO/Y7g=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MW4PR09MB9886.namprd09.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(366004)(230922051799003)(230473577357003)(1800799012)(451199024)(186009)(86362001)(26005)(83380400001)(166002)(64756008)(66556008)(38100700002)(8936002)(122000001)(110136005)(76116006)(8676002)(66946007)(5660300002)(82960400001)(7696005)(52536014)(2906002)(6506007)(66446008)(71200400001)(66476007)(9686003)(966005)(498600001)(53546011)(38070700009)(33656002)(55016003); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: uyRSBiPVbZRp/Mz5W1y1O0BmmNeRGvkKw61xtF4jg6ypCukOk0efzyHVP+U5XkqMlSPMgxFK0f+IQ4FuWv095zHR13qtG2j/Xc1mrI4Gi8KEK9JT9E91JNUQ9xdbOlhHs95u9h7K+MimCamSMgsxtQvsllddAdi+qMN61mBS5QVdsrirqi1e3t4o1VDt7FzZ8HhYp35+EC8YAutPwG02VLhp7E5kZ9J+UEsYNZTfVcczN6hM1OearVsQBOFIIhvWfkunOGHMc41/6+n+tLxjhqo2FjQzYwRDdsUwtjAa/CduC7u7USUrYNHjXAjicGHMuYoAB+F1Nxp2hydv4J+kOnN6G8cN0LiFa5rFki01xLdsbUbEx6heBAprzyEuaWwAcSokhS1lSD2JDhLGtQc7mrriVY5KKu7G8EWZxBhuWxthcTWYk2sVst9V9Z6EMrYMuevX4lZUmuJ0TppvmuAV6Q74UY+va6b48Qb8cbLd09k1xpjehI9q7YcMF75xsjUrULwgvPrrOfxJFR/27w8HipbPW9ShBsLU588nhBAczqint6rnAzRdOXjoumrZH8jvh98FxXzEy1AQRzR2Yz8uITfDKt/WpxW9F76ZwFKa17iFXpZ+tv1WLMwbgGRiehYdrKpEPH8/PBD1dV/UZnsd/w74n9KuvUMlUf1yUXC6vkLDHeW12sf2rvyjIlr13f8fYdtb608MtOjf9GlnvoC64iWVdBxwAgbYCZm0biE2cmCnfvRZwoCwuP554lTfugcyYH3saOeIckVn/IxyCnElI8hklM1Y9sBbJ5c47ENPMRerOp1b7EePlephm8+yaBokLSY2gMObK4P2t0VvqK8DCQ2PmsL/ZxH3JZiUxHDH3qiWrqLIkxk6EQOmIXL84+5qo7nsVHWwPD9YoAF/qBuYxXqpaAJqd/oHBipNMfeshgiGXXtXoRWvQIJFRXFi5lp3z1lFAu1lmIBRU82dK8YBO+IwxvJDWYQ+augDjHAzX63kubPLNC1cTok3eX12mt75I9g4ZfcJvqiDfZeVNcK+pDUrxJ8poM3f0HEcaaMX+uVwrAFxeAoVJuzZ3EypIcdz0qD3hw0WW1a/V5ZqMNhpd7nfY/GEioU2bCbGTZzqasPxeSED8RlAFypQnDe82M1khSidj2VdZm1UC8J4ckt0dSwZBxuqHqvYWJBQ+ZByKHtV9OqGst+hXMhg3egeCCk1kMqCMi2HzIS5Xfx3qGNefaVXXZUFMX/ANMWlD4kGjR3zG+nqxkNvp54Fx1SVZ93+hJSHfG8NVetFpH+u4va+y5Xw9r0U4/PGp+qkjGAGVSlLYfUpFWBnj9aUCS6/eCrwDqU30kzpGo42EP7TTVxZLRv2/LZ8aqPJPOfnCw2v2KvtTArh8lE0Qw5AaGzww8XqipJ73mhU/RZjyYQj0knMD0Tzc0yKDwb88VLrYq9XsX4H32OvrAhGfU0zZF9Bh6RceO+CeB+LEaSTjmMgx6YQNuInsYCeW5x0KI3XQrAA8DOpNyv1MljogSr2wrjgkgOsWQ46F6klZarlTBDOz8m527eAamUeUh+VShBhB7nM5GE=
Content-Type: multipart/alternative; boundary="_000_MW4PR09MB98864B8AEAE2EC50A2F351F4F0472MW4PR09MB9886namp_"
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MW4PR09MB9886.namprd09.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: e9291005-e2a1-4dbb-635d-08dc2690033e
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Feb 2024 21:18:35.1182 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW4PR09MB8978
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/41ZOFW-iFV51-gNVlprMplb4tYQ>
Subject: Re: [Suit] Follow-up AD review on draft-ietf-suit-manifest-24
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Feb 2024 21:18:42 -0000
Thank you to the authors for the big push to address Roman's comments! Roman, how do you want us to handle the suit-install issue? Regards, Dave From: Suit <suit-bounces@ietf.org> On Behalf Of Brendan Moran Sent: Monday, February 5, 2024 11:30 AM To: Roman Danyliw <rdd@cert.org>; suit@ietf.org Subject: Re: [Suit] Follow-up AD review on draft-ietf-suit-manifest-24 Hi Roman, We have now published a new version of the SUIT Manifest. I believe it addresses all the remaining comments you have made. The proposal that I have made on the list (suit-install changes from key 17 to key 20) is not currently addressed. Best Regards, Brendan From: Suit <suit-bounces@ietf.org<mailto:suit-bounces@ietf.org>> on behalf of Brendan Moran <Brendan.Moran@arm.com<mailto:Brendan.Moran@arm.com>> Date: Friday, 2 February 2024 at 15:18 To: Roman Danyliw <rdd@cert.org<mailto:rdd@cert.org>>, suit@ietf.org<mailto:suit@ietf.org> <suit@ietf.org<mailto:suit@ietf.org>> Subject: Re: [Suit] Follow-up AD review on draft-ietf-suit-manifest-24 Hi Roman, While there is more to do, I have a proposed update to make the mapping from RFC9124 to draft-ietf-suit-manifest clearer: https://github.com/suit-wg/manifest-spec/pull/133 More updates to come shortly. Best Regards, Brendan From: Suit <suit-bounces@ietf.org<mailto:suit-bounces@ietf.org>> on behalf of Roman Danyliw <rdd@cert.org<mailto:rdd@cert.org>> Date: Sunday, 29 October 2023 at 01:12 To: suit@ietf.org<mailto:suit@ietf.org> <suit@ietf.org<mailto:suit@ietf.org>> Subject: [Suit] Follow-up AD review on draft-ietf-suit-manifest-24 Hi! Thanks for all of the work to produce -24. In the spirit of tracking where things stand, the following residual AD review feedback remains from the original on -22 (https://mailarchive.ietf.org/arch/msg/suit/Ak_sFp1PaZcIRSol5Ge_xH2FN-w/) or -23 (https://mailarchive.ietf.org/arch/msg/suit/MJNk7-SBiRrEPRugmZKTlwkQ9jA/). ** Section 5.3.4. Editorial and introduced in -23: Per "see {#ovr-integrated}, are integrity-checked ...", there is misspelled Markdown reference. ** This document referenced RFC4122. The bis for it, draft-ietf-uuidrev-rfc4122bis, is in IESG review. Consider if there is a reason why it could not be used instead. This feedback come during other IESG reviews of documents referencing RFC4122. ** https://github.com/suit-wg/manifest-spec/issues/108 and https://github.com/suit-wg/manifest-spec/issues/107 and -- REQ.SEC.IMG.CONFIDENTIALITY (Section 4.3.12 of RFC9124) The manifest information model MUST enable encrypted payloads. ... Implemented by: Encryption Wrapper (Section 3.20) This document does not describe any mechanism to encrypt a payload. Section 3 says: This specification covers the core features of SUIT. Additional specifications describe functionality of advanced use cases, such as: * Firmware Encryption is covered in [I-D.ietf-suit-firmware-encryption] However, this reference is not normative and isn't consider a core feature. _______________________________________________ Suit mailing list Suit@ietf.org<mailto:Suit@ietf.org> https://www.ietf.org/mailman/listinfo/suit IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
- [Suit] Follow-up AD review on draft-ietf-suit-man… Roman Danyliw
- Re: [Suit] Follow-up AD review on draft-ietf-suit… Brendan Moran
- Re: [Suit] Follow-up AD review on draft-ietf-suit… Brendan Moran
- Re: [Suit] Follow-up AD review on draft-ietf-suit… Waltermire, David A. (Fed)