[Suit] Manifest-07 review

"Rønningstad, Øyvind" <Oyvind.Ronningstad@nordicsemi.no> Wed, 24 June 2020 10:03 UTC

Return-Path: <Oyvind.Ronningstad@nordicsemi.no>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF7763A0CFC for <suit@ietfa.amsl.com>; Wed, 24 Jun 2020 03:03:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nordicsemi.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wSYvXcMH2yek for <suit@ietfa.amsl.com>; Wed, 24 Jun 2020 03:03:30 -0700 (PDT)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2055.outbound.protection.outlook.com [40.107.20.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CAFDC3A0CF9 for <suit@ietf.org>; Wed, 24 Jun 2020 03:03:29 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mhazKq9kuFLrbj2nzD7ROH4pc/SPMMGpDR6DoW0h7Bxl0okwc1xoHV/CiE5oz4RQryaEN11GrqAuvKZg1U6giEgYf0xog0Zl8XvuU7U8fgr1UK80jPSsirxFg8hWXUW5aKfh6GriyF1snOjx/EGOrbThJkwlsylPV005eQkIrBovVIfSwtTEqrcOXxKg1Ycmxvkjg/8szNJOVcrXVVhiQtgJt5MhORRBzZpYJtqrg50j0iYaA3woH/o5r2kHZ3ANSYaMahT9SZCQnz2DoBil0bA6c5wyRe/TUtMqltB9nJFcSpjlxgoYvLchYVb02nuycDnvdFyBKCARAMrP4Z9B8Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=EvZ8o1cmZsgA6X3G2Xs2NoKQHNP40S8h6UUcm2Vw+6c=; b=cRVfA2CFPvETMMuLFKTvQ8d8tYHkYlUmnda7JHWE0NoKBjCcmLMTzjAvk58QUYx6FDAsNVnRdbHHS3+rk3UdGRlFhsnJ01WSABSu/13smDguR+UMw7MbCXUbBSanfUsNqJ0tApKK+nsar7bwWRUDV1xWq4DBTLFk5Y6Lmc907sNGBNg7WAEPuzpkedNkoD10D+QMwSAR/gKBprasNb3Vu7JgvQ+tSfICzxdROiI2gOj6OIO0mSzPfWu25evXVKVZNTxcihBBbd2JlQl1965bbVa+bkQ6FoiBpZa78AaSItqAs0VyNFFU6v21pXu/kTN5xxM53imu3cN2WdS4NnWgkQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nordicsemi.no; dmarc=pass action=none header.from=nordicsemi.no; dkim=pass header.d=nordicsemi.no; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nordicsemi.onmicrosoft.com; s=selector2-nordicsemi-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=EvZ8o1cmZsgA6X3G2Xs2NoKQHNP40S8h6UUcm2Vw+6c=; b=Me51hqPFjtlm5QG/p+aUxlqmoxalP1xM7JCRfeHjRWVz6Xb1BXjToP0YH3wV3Pvh3cq6VWzidLDk5yCigphPw7v7PLxKPnOH0bKfngi+ClDlj8TGoTDlvfSl2D2AHq2teboQi1qNyovllkjVmi6EIDxjCaTXSGb4wNf6P/5tCuQ=
Received: from AM0PR05MB4339.eurprd05.prod.outlook.com (2603:10a6:208:67::17) by AM0PR05MB4515.eurprd05.prod.outlook.com (2603:10a6:208:b9::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3109.25; Wed, 24 Jun 2020 10:03:26 +0000
Received: from AM0PR05MB4339.eurprd05.prod.outlook.com ([fe80::607e:fccd:8722:34da]) by AM0PR05MB4339.eurprd05.prod.outlook.com ([fe80::607e:fccd:8722:34da%4]) with mapi id 15.20.3109.027; Wed, 24 Jun 2020 10:03:26 +0000
From: =?iso-8859-1?Q?R=F8nningstad=2C_=D8yvind?= <Oyvind.Ronningstad@nordicsemi.no>
To: suit <suit@ietf.org>
Thread-Topic: Manifest-07 review
Thread-Index: AdZJ/dxWDAt2IAgGSk6bbwUyoDHNSg==
Date: Wed, 24 Jun 2020 10:03:26 +0000
Message-ID: <AM0PR05MB4339D51F857444D08ECAC41888950@AM0PR05MB4339.eurprd05.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=nordicsemi.no;
x-originating-ip: [2001:8c0:5140:12:512d:398b:437b:97ec]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 0e5b327f-7f8c-4126-a889-08d81825d6b2
x-ms-traffictypediagnostic: AM0PR05MB4515:
x-microsoft-antispam-prvs: <AM0PR05MB4515FA2B0D83639FAF0B577B88950@AM0PR05MB4515.eurprd05.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0444EB1997
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: XFOHxsM6LmXEkGIvzVC35iQj8/e3X11i0Co7SbRKetp3lRquDalFXdRaOgDepju9CckLMOgwr8tKbX7YMrzo5BfVxSahfdbiVpZZixgVBLsacxtCQ/jafzTwT/3QRYKGBLq/ljqgHBmYMAhs4+ChZlGSBa8CzbyqHfFmQSdzwc9/VgTHrhvdDqXre/q5xZIXfcIAzMlfe9tP7G/O3SF7Pbj039I8j/g3sB4fikoh8Pn9pV5VQzNynUXeSvgEM9myd/ny1WooncGT11LPjeOzDWAw9m+hknSQeezEW2UI5QC65b4BGVT5SuUJY8SxLyopmqsAMEu8GvdENxDsa6VcjQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR05MB4339.eurprd05.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(396003)(136003)(346002)(376002)(39850400004)(366004)(66446008)(66946007)(76116006)(186003)(83380400001)(478600001)(9686003)(8676002)(6916009)(5660300002)(2906002)(86362001)(7696005)(8936002)(55016002)(6506007)(64756008)(66556008)(52536014)(33656002)(71200400001)(66476007)(316002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: WDrM8ro1YoTclVR4wpmeyx47g9pzGzK6cUHY2hDRorXEaZc0oxx3oqxN2pkGixE2YXLuOEDlgUJcC8MViv5Gb24IeiG6axNGWjSKXyTQEzgTkCCVcqqveqZsYrRzsbd2x9cYJJvvYsIk28ehoO4kGE/AHQuFvr/MgeZXDiXljLENLSNmFKwA+kL9Jh3dvJu13HLnzcsex++w4QnrUjb6vCCbnO4gVukVRq8dtbxYkdHh5MdLqPblIVILY3cOkcxbRELYP2lXRR0dkx3gtRTPiMFvLBUQtrpNSgm17nsr4xedineYuxYhdmDYkOqBVJHJlUEFhkJKcToQqveRCgP4ZwjSS4UssyDWljWOPHnOCRXUYjbTT5HiJ6PkZilhCtXQxvburUKXnhoSKJMrJ2bBQI3cV+xd//AvAtQwTVj0RgerHD96PL7p4SRohtBAr+Wc/VYTro8NZyM4mepri2RDfXkRlifC3uA5Btt8iYDYRZ2UB8xTcCzgjXJT0MmWlaU/7bwz867Vh+2LnAaLAqYk4TAh9bNh3pIFK+p5ftGS8WQ=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: nordicsemi.no
X-MS-Exchange-CrossTenant-Network-Message-Id: 0e5b327f-7f8c-4126-a889-08d81825d6b2
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Jun 2020 10:03:26.7084 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 28e5afa2-bf6f-419a-8cf6-b31c6e9e5e8d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: MLFeTSIPookH7oPHpqsEUgRnSOVqW9fTcaSVdf7gTd+CouVVn2Hppogos7Iv5LCuxJ/NUL8S4ri3MQchfjJ5cCKrehSX+80pDO3mKkVxhyIp6JC/94VT4QhkuoY7Thlm
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR05MB4515
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/5LzeYZy4MZRtQmDNLCBcdgxdpy8>
Subject: [Suit] Manifest-07 review
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Jun 2020 10:03:32 -0000

Hi guys, here is a review of manifest-07. Mostly small stuff.

Questions:
. Section 6.4: What are the guidelines for extracting the vendor-id, class-id, device-id, or version of a component?
. Suit-condition-component-offset is used in an example, but marked as TBD in its section. I see that it is described in 6.4 as "assert(offsetof(component) == arg)". What are the semantics of "offsetof"?
. Can suit-directive-process-dependency be done on a component, or just on a dependency? Generally, there seems to be some mismatch between the description in 6.4 (which implies that most directives and conditions only apply to a component index) and textual descriptions e.g. in 9.8.4.1 and 9.8.4.2 (which imply that directives and conditions apply to whichever is available of component index and dependency index).
. (It would be very beneficial to make 6.4 "Abstract Machine Description" more prominent, e.g. by linking from the individual section for commands, since 6.4 contains very useful info about how the commands work, and it's hard to discover otherwise.)
. What (if any) are the rules regarding when to perform dependency-resolution, payload-fetch, and install, and when to perform only validate, load, and run?
. suit-manifest-sequence-number: "Each Recipient MUST reject any manifest that has a sequence number lower than its current sequence number." Are there several "current sequence number"s or just one for each SUIT processor. Exactly when is the "current sequence number" updated?
. What should the processor do when waiting on a suit-directive-wait? Can it be interpreted as "try again later", or "busy wait"?
. There are important limitations to what sort of commands can be in suit-common. Could the limitations be reflected in the CDDL? It seems like a natural thing to do, to make the limitations more prominent.
. When processing dependencies, how do we know when to a) expect a signature and b) check the signature on a dependency manifest?
. Did we mean for short payloads to be embeddable in the manifest (I can't find this)? This would be very useful for setting configuration options via SUIT manifests. 
. Is the device-identifier unique for each individual device, or for a collection of devices?	
. Why are suit-directive-set-component-index and suit-directive-set-dependency-index not implemented through set-parameters? Are they subject to the same override mechanics? If not, it might be confusing with suit-parameter-source-component, which seems to be analogous to set-component-index, but might have subtly different behavior because of override mechanics.

Nits:
. Suit-directive-fetch: "manifest-index" is not referred to elsewhere in the document.
. Section 7: Suggested edit in bold: "A digest should always be set using Override Parameters, since this prevents a less-privileged dependent OR dependency from replacing the digest."
. suit-condition-update-authorized seems like it could use some metadata to help determine what is being authorized, e.g. A human readable prompt if user interaction is required, or an identifier if multiple instances of the condition are used in a manifest.


Thanks for the good work,

Øyvind