IETF Logo Mail Archive

Re: [Suit] Review of draft-ietf-suit-manifest-09

"Waltermire, David A. (Fed)" <david.waltermire@nist.gov> Mon, 27 July 2020 15:44 UTC

Return-Path: <david.waltermire@nist.gov>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 48F1B3A18AA for <suit@ietfa.amsl.com>; Mon, 27 Jul 2020 08:44:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.102
X-Spam-Level:
X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FROM_GOV_DKIM_AU=-0.001, LOTS_OF_MONEY=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nist.gov
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0A3Aex37ki44 for <suit@ietfa.amsl.com>; Mon, 27 Jul 2020 08:44:01 -0700 (PDT)
Received: from GCC02-BL0-obe.outbound.protection.outlook.com (mail-bl2gcc02on2094.outbound.protection.outlook.com [40.107.89.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C65D83A192F for <suit@ietf.org>; Mon, 27 Jul 2020 08:44:00 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=c/WTpab25nbstQ1lY5/X+L2Sc0aUtrfChiXbuu70c851S3Sqz/iBdQ4dfyiHz53055PH3q0zggFznKPwMlFXRTUirJN+TAk3b8mGnctaE1ki25kbXuDl/GiRPK4wS46fHqQo/jewM7vvVmbwowqaA1xQ03hyufwYSCDaJUypJEtUHwipQkiUCyDMsgXwP2oBmThlGI4H+bnREJfc2keu0W8wJfksVafM10oNlFd+jg7Asv76t25D31uGuiSfzM1wnpl8EC//rgX+3MyTUgx0UMkVgjspbUjeFs4j7qFhgUs0pAi541uMtpqrGXVT8yO1egGnzQh4SOgIHdoLxZRXQg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=A5N7utF62q34xKFcdOzETiiquU2334qj+UsdXNVDaSI=; b=M0D5N3QD2xxBNRVmWXBpUrw0rz6lTW6dsal9z8EqyttPS7eu3y5vgDHydsVVdE5s9aC0dL/7uhxAgaYcS7UwUNmIo+YonTmb5AyHBYmQIUw8AtJzVLBp1kVomcXTfgLX4GIk3gUTkmqpa9DUNuQPbR58P4BhARoR2iQPm9bmYWqLZbu4//SMYrMLmfAFOdhZNURZ1L6MZ/7LdtyfvPHaL5hNlBiyeQajR1EYE423C1hHzxvMFyDr/nstzpyHIuvGH1uRST22ntMnlPyLXdCPWSb0Ri9Wzozp/4i/BO6CMfJkk6UE9uc6MyPe0GvPJ1fU+HezetEoapVYfoidvmmQcA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nist.gov; dmarc=pass action=none header.from=nist.gov; dkim=pass header.d=nist.gov; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=A5N7utF62q34xKFcdOzETiiquU2334qj+UsdXNVDaSI=; b=ArkaDEvqBCEeOrJ65U9LvH3wbRwn9w2Yd0B/w+s8WebN9K8fhfAONHrwR0BIzgFLVfg3ld2dMYkokHgbdcIDiCergoeaCcF4rDwLenJ+YHLxOb0fLviFSC8yoSnqQCN0w+fjoVVui6qr4eCdMiIuWEMn6JIUD90oYtHWZ49N3P0=
Received: from CH2PR09MB4251.namprd09.prod.outlook.com (2603:10b6:610:36::17) by CH2PR09MB4299.namprd09.prod.outlook.com (2603:10b6:610:64::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3216.20; Mon, 27 Jul 2020 15:43:58 +0000
Received: from CH2PR09MB4251.namprd09.prod.outlook.com ([fe80::ddf9:c0ba:7ee3:c00f]) by CH2PR09MB4251.namprd09.prod.outlook.com ([fe80::ddf9:c0ba:7ee3:c00f%6]) with mapi id 15.20.3216.033; Mon, 27 Jul 2020 15:43:58 +0000
From: "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>
To: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>, Brendan Moran <Brendan.Moran@arm.com>, Dave Thaler <dthaler=40microsoft.com@dmarc.ietf.org>
CC: suit <suit@ietf.org>
Thread-Topic: [Suit] Review of draft-ietf-suit-manifest-09
Thread-Index: AdZiCUkrB1qNrZ3lS5i4ApAjr2sBOQCGs7sAAAEnfoAAAPfFoA==
Date: Mon, 27 Jul 2020 15:43:57 +0000
Message-ID: <CH2PR09MB425185528F6ECB5E00B4CB07F0720@CH2PR09MB4251.namprd09.prod.outlook.com>
References: <BL0PR2101MB1027152EC8DAD9B3847C3E89A3770@BL0PR2101MB1027.namprd21.prod.outlook.com> <70453005-8DFA-4DBE-8C04-9882839D5005@arm.com> <3ff3915e-c61c-2c00-f780-a77c9ab494cc@sit.fraunhofer.de>
In-Reply-To: <3ff3915e-c61c-2c00-f780-a77c9ab494cc@sit.fraunhofer.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: sit.fraunhofer.de; dkim=none (message not signed) header.d=none; sit.fraunhofer.de; dmarc=none action=none header.from=nist.gov;
x-originating-ip: [129.6.104.16]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: b82e61f5-676e-45c2-010e-08d83243e07d
x-ms-traffictypediagnostic: CH2PR09MB4299:
x-microsoft-antispam-prvs: <CH2PR09MB4299D7CB428138B1E16F4643F0720@CH2PR09MB4299.namprd09.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: LwRbodjxiwEp2H5EGw5dxA0wY7EcsnoOCzJ5hPZLPFigLDc6jIW366U6OtKB7Z/SMcEqMeH7nKPGVq3BQmAsuTsAA2Yoqi+dRpafavTC2D8Gb4ask1hjc9JCbc8V6PKQ5MpS0tNmfFwh08KGunPAHgFvGqYZ80BfFPWQMCASiR29vZIe/QCzihJVhjiNpvq8dzqc+7/mKBZHEkc2CmMAlh2ukjuij0UOcBSyeMI4I7ZIxfrcua1CFYVjHcdfHb+wnNNQGpBxpQ13suezRRumTg0byivJtKFmYmXiVHYf8PxtU0etg73W1d9GLfSqwvQypzFqdnyIGyNkl7pcyvMdA+b57p9KFQ7Kcqja0grOo/LLQaKLKANT1FryggQsXSZKNQcb24MVxwbS61fOFx7aZg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH2PR09MB4251.namprd09.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(39860400002)(346002)(136003)(376002)(366004)(396003)(83080400001)(83380400001)(66446008)(7696005)(53546011)(86362001)(6506007)(64756008)(66476007)(66556008)(52536014)(66946007)(76116006)(30864003)(5660300002)(33656002)(4326008)(186003)(316002)(966005)(55016002)(9686003)(478600001)(71200400001)(2906002)(45080400002)(110136005)(26005)(8936002)(8676002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: ShEsYs6cJQb/tmSm+qEevebKGoyVMDw/9nTZG928AHGNCb52FKE5xk0wprfU1ORSjcowQh2weYai/uYeLuXoEWrWwvTdXSkVIV0VOk1jM7jzyhof5WXrX048Vr54tUXZLR9Yt1zl5JeOg7r7UseKpnJmWKy7runbH7Xza+/3yClC1HTIGpzI3y1EYGYDs3JJcXkoo5ZmhS6HmlxDrESbZMW4A1wNIaTQ66p1+mojw468R+liyNZWhgxm82n5UUGbp3LMqScgWX3M7j9QsSqUpGCqGnBThQ9S9OuH495rVB6SyhvamFgDh++f2ytayVT7u7imVA9EWblKmQLEiSdO5UhqSImiIGk+ULV8YWl1DxKjOucb43sHwrXhxL3LH71P4Dhxa4XBXu7DBKdNAaSsgxqiV6dGpJA90BOMxIngO4ENQclWrU4pHgRN7PxTArT9KQIpFrR0Vttxieig94sD+z8Kms9CTiCGsvJs5y7rJqk=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH2PR09MB4251.namprd09.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b82e61f5-676e-45c2-010e-08d83243e07d
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Jul 2020 15:43:57.9339 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: tJMMHmgTu0viHszMUPeH19W+8dDHdJf7V106xaMpmeL9sR637UwzubBSg+kSnjYf4xZBB8rGtVglLPygqLdiQw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH2PR09MB4299
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/hQcG0HbHov5oNvXJZJZ6cz284Go>
Subject: Re: [Suit] Review of draft-ietf-suit-manifest-09
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Jul 2020 15:44:03 -0000

By CBOR OID are your referring to draft-bormann-cbor-tags-oid?

https://datatracker.ietf.org/doc/draft-bormann-cbor-tags-oid/

Dave

-----Original Message-----
From: Suit <suit-bounces@ietf.org> On Behalf Of Henk Birkholz
Sent: Monday, July 27, 2020 11:15 AM
To: Brendan Moran <Brendan.Moran@arm.com>; Dave Thaler <dthaler=40microsoft.com@dmarc.ietf.org>
Cc: suit <suit@ietf.org>
Subject: Re: [Suit] Review of draft-ietf-suit-manifest-09

Hi Brendan,
hi Dave

thanks for your extensive summary, Brendan! This is very useful. Just two small additions.

While CBOR OID seems to be a good match, that unfortunately introduces a timing problem (as does packed), but maybe we can devise a way around that.

As PEN are not a rare choice in CBOR-based representations, I'd just want to voice support for the notion of being very careful here. We can of course start to create a qualified name that involves a PEN (among other things), but we are not the only ones that might attempt such a thing and therefore might require some ealignment.

Viele Grüße,

Henk

On 27.07.20 16:42, Brendan Moran wrote:
> Hi Dave,
> 
> Thank you very much for your very detailed review! Of course, it will 
> take me some time to work through this review. I will do my best to 
> clarify these technical comments as I work through. In general, the 
> issues you’ve listed look to me like the “right” answer is fairly 
> obvious, so I will straighten them out. There are several comments 
> that I think deserve a little more clarification.
> 
> 6. SUIT_Report
> 
>> SUIT_Report and Reporting Engine text is added but does not appear to 
>> be about what goes in a SUIT manifest, so I argue that it doesn’t 
>> belong in this spec (and is arguable as to whether it’s in scope for 
>> SUIT at all)
> 
> You’re right. This has not been raised on the list. If it’s more 
> appropriate to put it in a new draft, I’m happy to do that. However, 
> it’s a natural consequence of adding the SUIT_Reporting_Policy, which 
> was discussed at the virtual interim. It seemed to me that if a 
> reporting policy was specified, then an implementor would naturally 
> want to know how to report that information. If there is a need for 
> logging SUIT commands, along with their arguments and results, this 
> seems very specific to SUIT in general and the SUIT manifest in 
> specific. I struggle to see what document would be more appropriate 
> than the SUIT manifest for the SUIT_Report.
> 
>> Furthermore, it says SUIT_Report can go in an attestation report.  
>> What’s the rationale for that as opposed to some more typical 
>> logging/reporting mechanism that might integrate with existing error 
>> reporting mechanisms and trouble ticketing?
> 
> SUIT_Reporting_Policy has two output channels: “system information,” 
> that is the “actual” values compared against in conditions, and 
> “command records” which are effectively logs of command execution. For 
> an update case, these are adequately served by logging infrastructure. 
> However, in a bootloader case, this is inadequate because the 
> bootloader and the booted application are different security domains. 
> This means that any system information or command records need to be 
> protected from modification by the application. Typically, this would 
> be done with a signature; I don’t see how this is different from attestation.
> 
> The discussion of a Reporting Engine seems necessary: it’s the thing 
> that consumes reporting policy.
> 
>> 7.Defining a new identifier space (UUIDs) for vendors is not 
>> motivated.  So a vendor can’t use an existing OUI or IANA private 
>> enterprise number that can be easily looked up? You have to instead 
>> use an opaque identifier with no way to directly look up its meaning?
>> What is the rationale for inventing a new space rather than being 
>> able to reuse an existing one that can be looked up to get an org 
>> name, contact info, etc.? (Yes there is suit-text-vendor-domain but 
>> that’s severable and optional to implement at all.) And a UUID takes 
>> up more bytes than either an OUI or a PEN, so is worse for 
>> constrained devices, so why not use an existing space that is shorter 
>> and hence more applicable to constrained devices?
> 7. Vendor IDs
> I’d argue that I have not defined a new identifier space. It was 
> defined in RFC4122. That said, I think that PEN could be beneficial if 
> we can work around some of the complexities associated with it.
> 
> OUIs may be prohibitive for small manufacturers (US $2,995). For 
> example, I have seen small manufacturers avoid building USB devices 
> due to the cost of obtaining a USB VID. Class IDs still require a UUID 
> Name Space Identifier. There is no rule I can find for constructing an 
> OUI UUID, so it cannot be used as a UUID Name Space Identifier.
> 
> 
> Private Enterprise Numbers seem manageable by small manufacturers.
> There is a UUID Name Space Identifier for OIDs, however this gets a 
> bit confusing. You would need to construct a class ID as follows:
> 
> Vendor_UUID = uuid.uuid5(uuid.NAMESPACE_OID, EncodeOID(‘1.3.6.1.4.1.’ 
> +
> PEN))
> Class_UUID = uuid.uuid5(Vendor_UUID, Class_Information)
> 
> The problem here is that EncodeOID() is not specified at all in RFC4122. 
> The closest we get is:
> 
>> For example, some name spaces are the
>>     domain name system, URLs, ISO Object IDs (OIDs), X.500 Distinguished
>>     Names (DNs), and reserved words in a programming language.
> So Class IDs become unpredictable because OID encoding is 
> underspecified in RFC4122. I can see the Vendor_UUID being computed 
> with several different versions of EncodeOID:
> - Encode as dotted-integer string
> - Encode as DER OID
> - Encode as value of DER OID (no tag/length)
> - Lots of other ASN.1 encodings possible.
> - Future CBOR OID?
> 
> I do not believe we should specify the use of OUIs because 1) they 
> cost $3000, 2) there is no UUID namespace for OUIs
> 
> I’m not against using a PEN, but we would also need to provide 
> extremely strict encoding guidelines for constructing Vendor UUIDs, 
> since the Vendor UUID is needed as the Name Space ID for the Class 
> UUID. For encoding in the manifest I think we should insist on using 
> the PEN directly rather than the full OID. But what would we do with a 
> PEN sub-assignment?
> 
> There’s a lot more complexity here than just “use a PEN.”
> 
> 
> Best Regards,
> Brendan
> 
> 
>> On 24 Jul 2020, at 23:51, Dave Thaler 
>> <dthaler=40microsoft.com@dmarc.ietf.org
>> <mailto:dthaler=40microsoft.com@dmarc.ietf.org>> wrote:
>>
>> During the IETF hackathon week, I went through all of the suit 
>> manifest draft and kept notes.
>> My full review in context is at
>> https://www.microsoft..com/en-us/research/uploads/prod/2017/05/draft-
>> ietf-suit-manifest-09.pdf 
>> <https://www.microsoft.com/en-us/research/uploads/prod/2017/05/draft-
>> ietf-suit-manifest-09.pdf> which is too long to copy into email here.
>> Besides lots of editorial comments, there’s a few technical 
>> comments/questions, including (but there may be more depending on 
>> whether you interpret some others as editorial or technical):
>> 1.Apparent contradictions about whether on systems with a single 
>> component, whether setting the component index should clear the 
>> dependency index or not.
>> 2.What it means to “break” is underspecified (I’m guessing continue 
>> on to the next command after try-each, as opposed to go on to the 
>> next manifest, but it’s not stated in the doc).
>> 3.Section 6.7 seems to require using multiple processes, not just 
>> multiple threads, without justification.
>> 4.The trust model when multiple manifest processors exist, in two or 
>> more security domains, is underspecified, and not mentioned in the 
>> Security Considerations section.
>> 5.Suit-text-version-required expression syntax is underspecified.
>> 6.SUIT_Report and Reporting Engine text is added but does not appear 
>> to be about what goes in a SUIT manifest, so I argue that it doesn’t 
>> belong in this spec (and is arguable as to whether it’s in scope for 
>> SUIT at all).  It reads like SUIT_Record is yet another alternative 
>> to IPFIX, syslog, etc., and doesn’t state the rationale for defining 
>> a new format. You might say that it could be used in an octetArray in 
>> IPFIX if someone defined such a field, but this document doesn’t, and 
>> indeed if SUIT_Record is not something that would appear in a SUIT 
>> manifest, then I think it should not be in this document.
>> oFurthermore, it says SUIT_Report can go in an attestation report.  
>> What’s the rationale for that as opposed to some more typical 
>> logging/reporting mechanism that might integrate with existing error 
>> reporting mechanisms and trouble ticketing? I don’t think this was 
>> motivated in either the suit architecture or the suit IM document, 
>> and I don’t recall it ever being discussed on the SUIT list or WG 
>> meeting (but maybe it was and I forgot?)   Again, I think my 
>> preferred course would be to sever it from the SUIT manifest specification.
>> 7.Defining a new identifier space (UUIDs) for vendors is not 
>> motivated.  So a vendor can’t use an existing OUI or IANA private 
>> enterprise number that can be easily looked up? You have to instead 
>> use an opaque identifier with no way to directly look up its meaning?
>> What is the rationale for inventing a new space rather than being 
>> able to reuse an existing one that can be looked up to get an org 
>> name, contact info, etc.? (Yes there is suit-text-vendor-domain but 
>> that’s severable and optional to implement at all.) And a UUID takes 
>> up more bytes than either an OUI or a PEN, so is worse for 
>> constrained devices, so why not use an existing space that is shorter 
>> and hence more applicable to constrained devices?
>> 8.The time-of-day and day-of-week wait events are underspecified in 
>> terms of whether they are in local time or UTC.
>> 9.If I understand correctly, if a dependency manifest sets Strict 
>> Order to false, this will then carry over to the dependent manifest, 
>> potentially leading to a source of unexpected bugs.  Is my 
>> understanding correct?
>> 10.For conditions that are optional to implement, I couldn’t tell if 
>> that means that if not implemented by a manifest processor, they are 
>> treated as passing, failing, or as parse errors.
>> 11.There are several commands where in certain contexts the doc says 
>> they “MUST have no effect”.  But why not make them illegal to appear 
>> in such contexts?   Why spend the extra space to include them in the 
>> manifest just to have no effect?
>> 12.Swap directive is underspecified in terms of what should happen if 
>> the destination doesn’t yet exist (i.e., fail vs move).
>> 13.IANA considerations section doesn’t yet meet the requirements of 
>> RFC 8126.  For example, it specifies Expert Review but contains 
>> insufficient information to instruct an expert how to review, per the 
>> guidelines in that RFC.
>> I know the doc is long (109 pages) so forgive me if some answers are 
>> elsewhere in the doc and I just missed them, which just means maybe a 
>> cross-reference would be sufficient.J Dave 
>> _______________________________________________
>> Suit mailing list
>> Suit@ietf.org <mailto:Suit@ietf.org>
>> https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww
>> .ietf.org%2Fmailman%2Flistinfo%2Fsuit&amp;data=02%7C01%7Cdavid.walter
>> mire%40nist.gov%7Ce1a91bc27b184eb4affa08d8323ff57b%7C2ab5d82fd8fa4797
>> a93e054655c61dec%7C1%7C0%7C637314597580328389&amp;sdata=1HJE9Qiicoe%2
>> BTGq7kaodbBn23m6L31VL5OQLI3mHoAY%3D&amp;reserved=0
> 
> IMPORTANT NOTICE: The contents of this email and any attachments are 
> confidential and may also be privileged. If you are not the intended 
> recipient, please notify the sender immediately and do not disclose 
> the contents to any other person, use it for any purpose, or store or 
> copy the information in any medium. Thank you.
> 
> _______________________________________________
> Suit mailing list
> Suit@ietf.org
> https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.
> ietf.org%2Fmailman%2Flistinfo%2Fsuit&amp;data=02%7C01%7Cdavid.waltermi
> re%40nist.gov%7Ce1a91bc27b184eb4affa08d8323ff57b%7C2ab5d82fd8fa4797a93
> e054655c61dec%7C1%7C0%7C637314597580328389&amp;sdata=1HJE9Qiicoe%2BTGq
> 7kaodbBn23m6L31VL5OQLI3mHoAY%3D&amp;reserved=0
> 

_______________________________________________
Suit mailing list
Suit@ietf.org
https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fsuit&amp;data=02%7C01%7Cdavid.waltermire%40nist.gov%7Ce1a91bc27b184eb4affa08d8323ff57b%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C637314597580328389&amp;sdata=1HJE9Qiicoe%2BTGq7kaodbBn23m6L31VL5OQLI3mHoAY%3D&amp;reserved=0

v2.23.0 | Report a Bug | By Email