Re: [Suit] Review of draft-ietf-suit-manifest-09
"Waltermire, David A. (Fed)" <david.waltermire@nist.gov> Mon, 27 July 2020 15:44 UTC
Return-Path: <david.waltermire@nist.gov>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 48F1B3A18AA for <suit@ietfa.amsl.com>; Mon, 27 Jul 2020 08:44:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.102
X-Spam-Level:
X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FROM_GOV_DKIM_AU=-0.001, LOTS_OF_MONEY=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nist.gov
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0A3Aex37ki44 for <suit@ietfa.amsl.com>; Mon, 27 Jul 2020 08:44:01 -0700 (PDT)
Received: from GCC02-BL0-obe.outbound.protection.outlook.com (mail-bl2gcc02on2094.outbound.protection.outlook.com [40.107.89.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C65D83A192F for <suit@ietf.org>; Mon, 27 Jul 2020 08:44:00 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=c/WTpab25nbstQ1lY5/X+L2Sc0aUtrfChiXbuu70c851S3Sqz/iBdQ4dfyiHz53055PH3q0zggFznKPwMlFXRTUirJN+TAk3b8mGnctaE1ki25kbXuDl/GiRPK4wS46fHqQo/jewM7vvVmbwowqaA1xQ03hyufwYSCDaJUypJEtUHwipQkiUCyDMsgXwP2oBmThlGI4H+bnREJfc2keu0W8wJfksVafM10oNlFd+jg7Asv76t25D31uGuiSfzM1wnpl8EC//rgX+3MyTUgx0UMkVgjspbUjeFs4j7qFhgUs0pAi541uMtpqrGXVT8yO1egGnzQh4SOgIHdoLxZRXQg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=A5N7utF62q34xKFcdOzETiiquU2334qj+UsdXNVDaSI=; b=M0D5N3QD2xxBNRVmWXBpUrw0rz6lTW6dsal9z8EqyttPS7eu3y5vgDHydsVVdE5s9aC0dL/7uhxAgaYcS7UwUNmIo+YonTmb5AyHBYmQIUw8AtJzVLBp1kVomcXTfgLX4GIk3gUTkmqpa9DUNuQPbR58P4BhARoR2iQPm9bmYWqLZbu4//SMYrMLmfAFOdhZNURZ1L6MZ/7LdtyfvPHaL5hNlBiyeQajR1EYE423C1hHzxvMFyDr/nstzpyHIuvGH1uRST22ntMnlPyLXdCPWSb0Ri9Wzozp/4i/BO6CMfJkk6UE9uc6MyPe0GvPJ1fU+HezetEoapVYfoidvmmQcA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nist.gov; dmarc=pass action=none header.from=nist.gov; dkim=pass header.d=nist.gov; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=A5N7utF62q34xKFcdOzETiiquU2334qj+UsdXNVDaSI=; b=ArkaDEvqBCEeOrJ65U9LvH3wbRwn9w2Yd0B/w+s8WebN9K8fhfAONHrwR0BIzgFLVfg3ld2dMYkokHgbdcIDiCergoeaCcF4rDwLenJ+YHLxOb0fLviFSC8yoSnqQCN0w+fjoVVui6qr4eCdMiIuWEMn6JIUD90oYtHWZ49N3P0=
Received: from CH2PR09MB4251.namprd09.prod.outlook.com (2603:10b6:610:36::17) by CH2PR09MB4299.namprd09.prod.outlook.com (2603:10b6:610:64::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3216.20; Mon, 27 Jul 2020 15:43:58 +0000
Received: from CH2PR09MB4251.namprd09.prod.outlook.com ([fe80::ddf9:c0ba:7ee3:c00f]) by CH2PR09MB4251.namprd09.prod.outlook.com ([fe80::ddf9:c0ba:7ee3:c00f%6]) with mapi id 15.20.3216.033; Mon, 27 Jul 2020 15:43:58 +0000
From: "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>
To: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>, Brendan Moran <Brendan.Moran@arm.com>, Dave Thaler <dthaler=40microsoft.com@dmarc.ietf.org>
CC: suit <suit@ietf.org>
Thread-Topic: [Suit] Review of draft-ietf-suit-manifest-09
Thread-Index: AdZiCUkrB1qNrZ3lS5i4ApAjr2sBOQCGs7sAAAEnfoAAAPfFoA==
Date: Mon, 27 Jul 2020 15:43:57 +0000
Message-ID: <CH2PR09MB425185528F6ECB5E00B4CB07F0720@CH2PR09MB4251.namprd09.prod.outlook.com>
References: <BL0PR2101MB1027152EC8DAD9B3847C3E89A3770@BL0PR2101MB1027.namprd21.prod.outlook.com> <70453005-8DFA-4DBE-8C04-9882839D5005@arm.com> <3ff3915e-c61c-2c00-f780-a77c9ab494cc@sit.fraunhofer.de>
In-Reply-To: <3ff3915e-c61c-2c00-f780-a77c9ab494cc@sit.fraunhofer.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: sit.fraunhofer.de; dkim=none (message not signed) header.d=none; sit.fraunhofer.de; dmarc=none action=none header.from=nist.gov;
x-originating-ip: [129.6.104.16]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: b82e61f5-676e-45c2-010e-08d83243e07d
x-ms-traffictypediagnostic: CH2PR09MB4299:
x-microsoft-antispam-prvs: <CH2PR09MB4299D7CB428138B1E16F4643F0720@CH2PR09MB4299.namprd09.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: LwRbodjxiwEp2H5EGw5dxA0wY7EcsnoOCzJ5hPZLPFigLDc6jIW366U6OtKB7Z/SMcEqMeH7nKPGVq3BQmAsuTsAA2Yoqi+dRpafavTC2D8Gb4ask1hjc9JCbc8V6PKQ5MpS0tNmfFwh08KGunPAHgFvGqYZ80BfFPWQMCASiR29vZIe/QCzihJVhjiNpvq8dzqc+7/mKBZHEkc2CmMAlh2ukjuij0UOcBSyeMI4I7ZIxfrcua1CFYVjHcdfHb+wnNNQGpBxpQ13suezRRumTg0byivJtKFmYmXiVHYf8PxtU0etg73W1d9GLfSqwvQypzFqdnyIGyNkl7pcyvMdA+b57p9KFQ7Kcqja0grOo/LLQaKLKANT1FryggQsXSZKNQcb24MVxwbS61fOFx7aZg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH2PR09MB4251.namprd09.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(39860400002)(346002)(136003)(376002)(366004)(396003)(83080400001)(83380400001)(66446008)(7696005)(53546011)(86362001)(6506007)(64756008)(66476007)(66556008)(52536014)(66946007)(76116006)(30864003)(5660300002)(33656002)(4326008)(186003)(316002)(966005)(55016002)(9686003)(478600001)(71200400001)(2906002)(45080400002)(110136005)(26005)(8936002)(8676002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: ShEsYs6cJQb/tmSm+qEevebKGoyVMDw/9nTZG928AHGNCb52FKE5xk0wprfU1ORSjcowQh2weYai/uYeLuXoEWrWwvTdXSkVIV0VOk1jM7jzyhof5WXrX048Vr54tUXZLR9Yt1zl5JeOg7r7UseKpnJmWKy7runbH7Xza+/3yClC1HTIGpzI3y1EYGYDs3JJcXkoo5ZmhS6HmlxDrESbZMW4A1wNIaTQ66p1+mojw468R+liyNZWhgxm82n5UUGbp3LMqScgWX3M7j9QsSqUpGCqGnBThQ9S9OuH495rVB6SyhvamFgDh++f2ytayVT7u7imVA9EWblKmQLEiSdO5UhqSImiIGk+ULV8YWl1DxKjOucb43sHwrXhxL3LH71P4Dhxa4XBXu7DBKdNAaSsgxqiV6dGpJA90BOMxIngO4ENQclWrU4pHgRN7PxTArT9KQIpFrR0Vttxieig94sD+z8Kms9CTiCGsvJs5y7rJqk=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH2PR09MB4251.namprd09.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b82e61f5-676e-45c2-010e-08d83243e07d
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Jul 2020 15:43:57.9339 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: tJMMHmgTu0viHszMUPeH19W+8dDHdJf7V106xaMpmeL9sR637UwzubBSg+kSnjYf4xZBB8rGtVglLPygqLdiQw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH2PR09MB4299
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/hQcG0HbHov5oNvXJZJZ6cz284Go>
Subject: Re: [Suit] Review of draft-ietf-suit-manifest-09
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Jul 2020 15:44:03 -0000
By CBOR OID are your referring to draft-bormann-cbor-tags-oid? https://datatracker.ietf.org/doc/draft-bormann-cbor-tags-oid/ Dave -----Original Message----- From: Suit <suit-bounces@ietf.org> On Behalf Of Henk Birkholz Sent: Monday, July 27, 2020 11:15 AM To: Brendan Moran <Brendan.Moran@arm.com>; Dave Thaler <dthaler=40microsoft.com@dmarc.ietf.org> Cc: suit <suit@ietf.org> Subject: Re: [Suit] Review of draft-ietf-suit-manifest-09 Hi Brendan, hi Dave thanks for your extensive summary, Brendan! This is very useful. Just two small additions. While CBOR OID seems to be a good match, that unfortunately introduces a timing problem (as does packed), but maybe we can devise a way around that. As PEN are not a rare choice in CBOR-based representations, I'd just want to voice support for the notion of being very careful here. We can of course start to create a qualified name that involves a PEN (among other things), but we are not the only ones that might attempt such a thing and therefore might require some ealignment. Viele Grüße, Henk On 27.07.20 16:42, Brendan Moran wrote: > Hi Dave, > > Thank you very much for your very detailed review! Of course, it will > take me some time to work through this review. I will do my best to > clarify these technical comments as I work through. In general, the > issues you’ve listed look to me like the “right” answer is fairly > obvious, so I will straighten them out. There are several comments > that I think deserve a little more clarification. > > 6. SUIT_Report > >> SUIT_Report and Reporting Engine text is added but does not appear to >> be about what goes in a SUIT manifest, so I argue that it doesn’t >> belong in this spec (and is arguable as to whether it’s in scope for >> SUIT at all) > > You’re right. This has not been raised on the list. If it’s more > appropriate to put it in a new draft, I’m happy to do that. However, > it’s a natural consequence of adding the SUIT_Reporting_Policy, which > was discussed at the virtual interim. It seemed to me that if a > reporting policy was specified, then an implementor would naturally > want to know how to report that information. If there is a need for > logging SUIT commands, along with their arguments and results, this > seems very specific to SUIT in general and the SUIT manifest in > specific. I struggle to see what document would be more appropriate > than the SUIT manifest for the SUIT_Report. > >> Furthermore, it says SUIT_Report can go in an attestation report. >> What’s the rationale for that as opposed to some more typical >> logging/reporting mechanism that might integrate with existing error >> reporting mechanisms and trouble ticketing? > > SUIT_Reporting_Policy has two output channels: “system information,” > that is the “actual” values compared against in conditions, and > “command records” which are effectively logs of command execution. For > an update case, these are adequately served by logging infrastructure. > However, in a bootloader case, this is inadequate because the > bootloader and the booted application are different security domains. > This means that any system information or command records need to be > protected from modification by the application. Typically, this would > be done with a signature; I don’t see how this is different from attestation. > > The discussion of a Reporting Engine seems necessary: it’s the thing > that consumes reporting policy. > >> 7.Defining a new identifier space (UUIDs) for vendors is not >> motivated. So a vendor can’t use an existing OUI or IANA private >> enterprise number that can be easily looked up? You have to instead >> use an opaque identifier with no way to directly look up its meaning? >> What is the rationale for inventing a new space rather than being >> able to reuse an existing one that can be looked up to get an org >> name, contact info, etc.? (Yes there is suit-text-vendor-domain but >> that’s severable and optional to implement at all.) And a UUID takes >> up more bytes than either an OUI or a PEN, so is worse for >> constrained devices, so why not use an existing space that is shorter >> and hence more applicable to constrained devices? > 7. Vendor IDs > I’d argue that I have not defined a new identifier space. It was > defined in RFC4122. That said, I think that PEN could be beneficial if > we can work around some of the complexities associated with it. > > OUIs may be prohibitive for small manufacturers (US $2,995). For > example, I have seen small manufacturers avoid building USB devices > due to the cost of obtaining a USB VID. Class IDs still require a UUID > Name Space Identifier. There is no rule I can find for constructing an > OUI UUID, so it cannot be used as a UUID Name Space Identifier. > > > Private Enterprise Numbers seem manageable by small manufacturers. > There is a UUID Name Space Identifier for OIDs, however this gets a > bit confusing. You would need to construct a class ID as follows: > > Vendor_UUID = uuid.uuid5(uuid.NAMESPACE_OID, EncodeOID(‘1.3.6.1.4.1.’ > + > PEN)) > Class_UUID = uuid.uuid5(Vendor_UUID, Class_Information) > > The problem here is that EncodeOID() is not specified at all in RFC4122. > The closest we get is: > >> For example, some name spaces are the >> domain name system, URLs, ISO Object IDs (OIDs), X.500 Distinguished >> Names (DNs), and reserved words in a programming language. > So Class IDs become unpredictable because OID encoding is > underspecified in RFC4122. I can see the Vendor_UUID being computed > with several different versions of EncodeOID: > - Encode as dotted-integer string > - Encode as DER OID > - Encode as value of DER OID (no tag/length) > - Lots of other ASN.1 encodings possible. > - Future CBOR OID? > > I do not believe we should specify the use of OUIs because 1) they > cost $3000, 2) there is no UUID namespace for OUIs > > I’m not against using a PEN, but we would also need to provide > extremely strict encoding guidelines for constructing Vendor UUIDs, > since the Vendor UUID is needed as the Name Space ID for the Class > UUID. For encoding in the manifest I think we should insist on using > the PEN directly rather than the full OID. But what would we do with a > PEN sub-assignment? > > There’s a lot more complexity here than just “use a PEN.” > > > Best Regards, > Brendan > > >> On 24 Jul 2020, at 23:51, Dave Thaler >> <dthaler=40microsoft.com@dmarc.ietf.org >> <mailto:dthaler=40microsoft.com@dmarc.ietf.org>> wrote: >> >> During the IETF hackathon week, I went through all of the suit >> manifest draft and kept notes. >> My full review in context is at >> https://www.microsoft..com/en-us/research/uploads/prod/2017/05/draft- >> ietf-suit-manifest-09.pdf >> <https://www.microsoft.com/en-us/research/uploads/prod/2017/05/draft- >> ietf-suit-manifest-09.pdf> which is too long to copy into email here. >> Besides lots of editorial comments, there’s a few technical >> comments/questions, including (but there may be more depending on >> whether you interpret some others as editorial or technical): >> 1.Apparent contradictions about whether on systems with a single >> component, whether setting the component index should clear the >> dependency index or not. >> 2.What it means to “break” is underspecified (I’m guessing continue >> on to the next command after try-each, as opposed to go on to the >> next manifest, but it’s not stated in the doc). >> 3.Section 6.7 seems to require using multiple processes, not just >> multiple threads, without justification. >> 4.The trust model when multiple manifest processors exist, in two or >> more security domains, is underspecified, and not mentioned in the >> Security Considerations section. >> 5.Suit-text-version-required expression syntax is underspecified. >> 6.SUIT_Report and Reporting Engine text is added but does not appear >> to be about what goes in a SUIT manifest, so I argue that it doesn’t >> belong in this spec (and is arguable as to whether it’s in scope for >> SUIT at all). It reads like SUIT_Record is yet another alternative >> to IPFIX, syslog, etc., and doesn’t state the rationale for defining >> a new format. You might say that it could be used in an octetArray in >> IPFIX if someone defined such a field, but this document doesn’t, and >> indeed if SUIT_Record is not something that would appear in a SUIT >> manifest, then I think it should not be in this document. >> oFurthermore, it says SUIT_Report can go in an attestation report. >> What’s the rationale for that as opposed to some more typical >> logging/reporting mechanism that might integrate with existing error >> reporting mechanisms and trouble ticketing? I don’t think this was >> motivated in either the suit architecture or the suit IM document, >> and I don’t recall it ever being discussed on the SUIT list or WG >> meeting (but maybe it was and I forgot?) Again, I think my >> preferred course would be to sever it from the SUIT manifest specification. >> 7.Defining a new identifier space (UUIDs) for vendors is not >> motivated. So a vendor can’t use an existing OUI or IANA private >> enterprise number that can be easily looked up? You have to instead >> use an opaque identifier with no way to directly look up its meaning? >> What is the rationale for inventing a new space rather than being >> able to reuse an existing one that can be looked up to get an org >> name, contact info, etc.? (Yes there is suit-text-vendor-domain but >> that’s severable and optional to implement at all.) And a UUID takes >> up more bytes than either an OUI or a PEN, so is worse for >> constrained devices, so why not use an existing space that is shorter >> and hence more applicable to constrained devices? >> 8.The time-of-day and day-of-week wait events are underspecified in >> terms of whether they are in local time or UTC. >> 9.If I understand correctly, if a dependency manifest sets Strict >> Order to false, this will then carry over to the dependent manifest, >> potentially leading to a source of unexpected bugs. Is my >> understanding correct? >> 10.For conditions that are optional to implement, I couldn’t tell if >> that means that if not implemented by a manifest processor, they are >> treated as passing, failing, or as parse errors. >> 11.There are several commands where in certain contexts the doc says >> they “MUST have no effect”. But why not make them illegal to appear >> in such contexts? Why spend the extra space to include them in the >> manifest just to have no effect? >> 12.Swap directive is underspecified in terms of what should happen if >> the destination doesn’t yet exist (i.e., fail vs move). >> 13.IANA considerations section doesn’t yet meet the requirements of >> RFC 8126. For example, it specifies Expert Review but contains >> insufficient information to instruct an expert how to review, per the >> guidelines in that RFC. >> I know the doc is long (109 pages) so forgive me if some answers are >> elsewhere in the doc and I just missed them, which just means maybe a >> cross-reference would be sufficient.J Dave >> _______________________________________________ >> Suit mailing list >> Suit@ietf.org <mailto:Suit@ietf.org> >> https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww >> .ietf.org%2Fmailman%2Flistinfo%2Fsuit&data=02%7C01%7Cdavid.walter >> mire%40nist.gov%7Ce1a91bc27b184eb4affa08d8323ff57b%7C2ab5d82fd8fa4797 >> a93e054655c61dec%7C1%7C0%7C637314597580328389&sdata=1HJE9Qiicoe%2 >> BTGq7kaodbBn23m6L31VL5OQLI3mHoAY%3D&reserved=0 > > IMPORTANT NOTICE: The contents of this email and any attachments are > confidential and may also be privileged. If you are not the intended > recipient, please notify the sender immediately and do not disclose > the contents to any other person, use it for any purpose, or store or > copy the information in any medium. Thank you. > > _______________________________________________ > Suit mailing list > Suit@ietf.org > https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww. > ietf.org%2Fmailman%2Flistinfo%2Fsuit&data=02%7C01%7Cdavid.waltermi > re%40nist.gov%7Ce1a91bc27b184eb4affa08d8323ff57b%7C2ab5d82fd8fa4797a93 > e054655c61dec%7C1%7C0%7C637314597580328389&sdata=1HJE9Qiicoe%2BTGq > 7kaodbBn23m6L31VL5OQLI3mHoAY%3D&reserved=0 > _______________________________________________ Suit mailing list Suit@ietf.org https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fsuit&data=02%7C01%7Cdavid.waltermire%40nist.gov%7Ce1a91bc27b184eb4affa08d8323ff57b%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C637314597580328389&sdata=1HJE9Qiicoe%2BTGq7kaodbBn23m6L31VL5OQLI3mHoAY%3D&reserved=0
- [Suit] Review of draft-ietf-suit-manifest-09 Dave Thaler
- Re: [Suit] Review of draft-ietf-suit-manifest-09 Michael Richardson
- Re: [Suit] Review of draft-ietf-suit-manifest-09 Brendan Moran
- Re: [Suit] Review of draft-ietf-suit-manifest-09 Henk Birkholz
- Re: [Suit] Review of draft-ietf-suit-manifest-09 Waltermire, David A. (Fed)
- Re: [Suit] Review of draft-ietf-suit-manifest-09 Henk Birkholz
- Re: [Suit] Review of draft-ietf-suit-manifest-09 Brendan Moran
- Re: [Suit] Review of draft-ietf-suit-manifest-09 Dave Thaler
- Re: [Suit] Review of draft-ietf-suit-manifest-09 Dave Thaler
- Re: [Suit] Review of draft-ietf-suit-manifest-09 Michael Richardson
- Re: [Suit] Review of draft-ietf-suit-manifest-09 Michael Richardson
- Re: [Suit] Review of draft-ietf-suit-manifest-09 Brendan Moran
- Re: [Suit] Review of draft-ietf-suit-manifest-09 Michael Richardson
- Re: [Suit] Review of draft-ietf-suit-manifest-09 Brendan Moran
- Re: [Suit] Review of draft-ietf-suit-manifest-09 Michael Richardson
- Re: [Suit] Review of draft-ietf-suit-manifest-09 Brendan Moran
- Re: [Suit] Review of draft-ietf-suit-manifest-09 Michael Richardson