Re: [Suit] Manifest-07 review

Dick Brooks <> Wed, 24 June 2020 14:32 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 5504B3A0DF7 for <>; Wed, 24 Jun 2020 07:32:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.895
X-Spam-Status: No, score=-1.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id pI-Cs1PcVLwZ for <>; Wed, 24 Jun 2020 07:32:47 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 9F9713A0DF1 for <>; Wed, 24 Jun 2020 07:32:47 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.internal []) by mailout.nyi.internal (Postfix) with ESMTP id E150E5C00D0; Wed, 24 Jun 2020 10:32:46 -0400 (EDT)
Received: from mailfrontend1 ([]) by compute1.internal (MEProxy); Wed, 24 Jun 2020 10:32:46 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=pycmqs L3F92mo4XpJd2GIEHZ09y/1kqmyLuV5BEM078=; b=bhEcmtoRnydOS9nspnzr+8 BktPg84eSpPOm1AQZFl19uj5bkncoXAwGhnKrD20H2Yp71awME/ESbzzn9DdyXBE yZxBREGA7k4gcphziVNA2fW+zCMcYSre5u1HRq80xDyHmrfO+AB5p5ZzuFne6tLZ x3Q+Pv+WycBrg/PhfeZoRlZqzcKB/Ip9xSEzOjVKlx045KTFeWHg/PayTUW6sdDs XMeqFHoHSPAZCM4qFw480I2VGWIDwN146LFO3NwUGdO2BRkqDGx9O9mjQ5240hy8 cczH0D1AL1rXot3Q8DfCSy+uYYi9jp59p2+wPLgVvn+8hKrtEzBJ1LfCYwm87hbQ ==
X-ME-Sender: <xms:DmTzXoVN2Jhv9HK37AAyelf104ZyO7HMKKqyrb43LKL82A8KKhJW4Q>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduhedrudekjedgjeduucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhephffvfhgjufffohfkgggtofhtsehrtderpedvtdejnecuhfhrohhmpedfffhi tghkuceurhhoohhkshdfuceoughitghksehrvghlihgrsghlvggvnhgvrhhghigrnhgrlh ihthhitghsrdgtohhmqeenucggtffrrghtthgvrhhnpeeihfeuudeffeelhfelvdfftdel gfelleejgfdvuedvhfekkeehkeegtdekjeeggfenucffohhmrghinheprhgvlhhirggslh gvvghnvghrghihrghnrghlhihtihgtshdrtghomhenucfkphepvdduiedrudelfedrudeg vddrvddvnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomh epughitghksehrvghlihgrsghlvggvnhgvrhhghigrnhgrlhihthhitghsrdgtohhm
X-ME-Proxy: <xmx:DmTzXsmbUH5FrFjfp5zsggjb54HF6xXnDP31Pjeim-rE6DCZ_MGHLg> <xmx:DmTzXsZC9RbbtzQ0P26kCAgHjsJO1p0Mg0eaD08rnC6-PTHWWTG_Uw> <xmx:DmTzXnW-1qcA78wv7YUuAq2xRvU1zieVJvNKEzih59B-oekpuVwcjw> <xmx:DmTzXsQe9yOouKOoq5wmZPsDJrGC7hc5bV_VPNZzFSFkMjFVIV-30g>
Received: from farpoint (unknown []) by (Postfix) with ESMTPA id 22EB5328005A; Wed, 24 Jun 2020 10:32:46 -0400 (EDT)
From: "Dick Brooks" <>
To: "'Brendan Moran'" <>, "'Henk Birkholz'" <>
Cc: "'suit'" <>, "'Waltermire, David A. \(Fed\)'" <>
References: <> <> <1cd0f01d64a2c$5e98ffb0$1bcaff10$> <> <> <>
In-Reply-To: <>
Date: Wed, 24 Jun 2020 10:32:42 -0400
Organization: Reliable Energy Analytics
Message-ID: <1d1af01d64a34$53a40020$faec0060$>
MIME-Version: 1.0
Content-Type: multipart/related; boundary="----=_NextPart_000_1D1B0_01D64A12.CC956D60"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQKpL0nszvV6zOMibCT1agukCYEJygIeSVKVAmLOQoQBg0fzvgH/P7tTAnrL6dCm7hW4UA==
Content-Language: en-us
Archived-At: <>
Subject: Re: [Suit] Manifest-07 review
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 24 Jun 2020 14:32:50 -0000

I would find it ideal, for my SAG-PM risk assessment logic, to have the suit manifest digitally signed and to have that signed manifest contained in a digitally signed software object so that the two are forever linked in this “virtual blockchain relationship”.




Dick Brooks

 <> Never trust software, always verify and report! ™


Email:  <>

Tel: +1 978-696-1788


From: Brendan Moran <> 
Sent: Wednesday, June 24, 2020 10:25 AM
To: Henk Birkholz <>
Cc: Dick Brooks <>om>; suit <>rg>; Waltermire, David A. (Fed) <>
Subject: Re: [Suit] Manifest-07 review


I’m not certain what *we* are talking about. *I* am talking about SUIT_Envelope or, to be more precise, SUIT_Envelope_Tagged (that is #6.TBD(SUIT_Envelope)). I think that SUIT_Envelope_Tagged could have a “.suit” file name extension. I think it’s probably a bad idea to have SUIT_Manifest floating around on your system without the envelope or a signature. Maybe you could add a COSE_Sign to it. Then, you might want a “.cose” file name extension. 


On 24 Jun 2020, at 14:48, Henk Birkholz < <> > wrote:


Are we talking about every "software object" that starts with a CBOR tag as defined in this document?

I assume that a manifest in the form of a file can be wrapped or not be wrapped in a SUIT envelope. Would that result in the same file extension ".suit"?

Viele Grüße,


On 24.06.20 15:42, Brendan Moran wrote:

The intent is to register a CBOR tag that identifies the manifest envelope. This allows detection of manifests by signature in the first 2-3 bytes. A typical filename extension would be fine. I think the most suitable suggestion would be “.suit” if that suits the working group. We’re past the days of 3 letter extensions now, right?
Best Regards,

On 24 Jun 2020, at 14:35, Dick Brooks < <> > wrote:

Are there plans for a standard file naming nomenclature to identify software
objects that contain a suit manifest?

Today, I use the filename extension to drive an introspection procedure to
generate an SBOM and having a defined filename extension to indicate that a
suit manifest is present would help, otherwise I have to parse each file to
determine which SBOM introspection procedure to invoke.


Dick Brooks

Never trust software, always verify and report! T
Email: <> 
Tel: +1 978-696-1788

-----Original Message-----
From: Suit < <> > On Behalf Of Waltermire, David A. (Fed)
Sent: Wednesday, June 24, 2020 9:30 AM
To: Rønningstad, Øyvind < <> >; suit
< <> >
Subject: Re: [Suit] Manifest-07 review


Thanks for this review!


-----Original Message-----
From: Suit < <> > On Behalf Of Rønningstad, Øyvind
Sent: Wednesday, June 24, 2020 6:03 AM
To: suit < <> >
Subject: [Suit] Manifest-07 review

Hi guys, here is a review of manifest-07. Mostly small stuff.

.... Section 6.4: What are the guidelines for extracting the vendor-id,
class-id, device-id, or version of a component?
.... Suit-condition-component-offset is used in an example, but marked as TBD
in its section. I see that it is described in 6.4 as
"assert(offsetof(component) == arg)". What are the semantics of "offsetof"?
.... Can suit-directive-process-dependency be done on a component, or just on
a dependency? Generally, there seems to be some mismatch between the
description in 6.4 (which implies that most directives and conditions only
apply to a component index) and textual descriptions e.g. in and (which imply that directives and conditions apply to whichever is
available of component index and dependency index).
.... (It would be very beneficial to make 6.4 "Abstract Machine Description"
more prominent, e.g. by linking from the individual section for commands,
since 6.4 contains very useful info about how the commands work, and it's
hard to discover otherwise.) .. What (if any) are the rules regarding when
to perform dependency-resolution, payload-fetch, and install, and when to
perform only validate, load, and run?
.... suit-manifest-sequence-number: "Each Recipient MUST reject any manifest
that has a sequence number lower than its current sequence number." Are
there several "current sequence number"s or just one for each SUIT
processor. Exactly when is the "current sequence number" updated?
.... What should the processor do when waiting on a suit-directive-wait? Can
it be interpreted as "try again later", or "busy wait"?
.... There are important limitations to what sort of commands can be in
suit-common. Could the limitations be reflected in the CDDL? It seems like a
natural thing to do, to make the limitations more prominent.
.... When processing dependencies, how do we know when to a) expect a
signature and b) check the signature on a dependency manifest?
.... Did we mean for short payloads to be embeddable in the manifest (I can't
find this)? This would be very useful for setting configuration options via
SUIT manifests.
.... Is the device-identifier unique for each individual device, or for a
collection of devices?
.... Why are suit-directive-set-component-index and
suit-directive-set-dependency-index not implemented through set-parameters?
Are they subject to the same override mechanics? If not, it might be
confusing with suit-parameter-source-component, which seems to be analogous
to set-component-index, but might have subtly different behavior because of
override mechanics.

.... Suit-directive-fetch: "manifest-index" is not referred to elsewhere in
the document.
.... Section 7: Suggested edit in bold: "A digest should always be set using
Override Parameters, since this prevents a less-privileged dependent OR
dependency from replacing the digest."
.... suit-condition-update-authorized seems like it could use some metadata
to help determine what is being authorized, e.g. A human readable prompt if
user interaction is required, or an identifier if multiple instances of the
condition are used in a manifest.

Thanks for the good work,


Suit mailing list <>

Suit mailing list <>

Suit mailing list <>

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
Suit mailing list <>


IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.