[Suit] draft-ietf-suit-information-model-07

Hannes.Tschofenig@gmx.net Tue, 02 June 2020 09:55 UTC

Return-Path: <Hannes.Tschofenig@gmx.net>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 044093A0781 for <suit@ietfa.amsl.com>; Tue, 2 Jun 2020 02:55:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=gmx.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zvEUAI3BU77B for <suit@ietfa.amsl.com>; Tue, 2 Jun 2020 02:55:40 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2AC593A0771 for <suit@ietf.org>; Tue, 2 Jun 2020 02:55:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1591091736; bh=MJJSjoQgP/U4slQrKUCCn2Y7vOiJcvI7iRoj9DlNNng=; h=X-UI-Sender-Class:From:To:Subject:Date; b=ZmAX30MT8rsjBVvcWVA6aI77EX+LW85yXJ84sRgF9Nh8fbSDlo9CClffMoejBJSUu UTrrqXTNhOlLBvYm61blwfeZ/2JfdTbbO9H2Eo3dimEWNSr5bQxuN1LjaMA6HRHgAm Pw2EbcA2c2MF1OWnayc9MlAUZcXVhypaQjQMKnnY=
X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c
Received: from E119863 ([80.92.121.49]) by mail.gmx.com (mrgmx105 [212.227.17.168]) with ESMTPSA (Nemesis) id 1MhlKy-1j2cDg1fKS-00doOA for <suit@ietf.org>; Tue, 02 Jun 2020 11:55:36 +0200
From: <Hannes.Tschofenig@gmx.net>
To: <suit@ietf.org>
Date: Tue, 2 Jun 2020 11:55:35 +0200
Message-ID: <047601d638c3$f6c62fd0$e4528f70$@gmx.net>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0477_01D638D4.BA5604B0"
X-Mailer: Microsoft Outlook 16.0
X-CheckRecipientChecked: true
Thread-Index: AdY4w0Xe2JpxDUbwRL6Zo2vfxx7w1Q==
Content-Language: en-us
x-ts-tracking-id: 0cf02f5c-2375-4529-b1ea-e556b3376c6b.0
X-Provags-ID: V03:K1:tkyYPReMTOCvSqUNh5Tz0JIA/yzf2NqykU2tg3dZkq2ca0VMdRm om9hebUbGj/RV/H8npK12/1KfkqcFQ4QTEI5XG9m59NvgRtpZrgNpQjbcUC2d04Njj1kZFx FSklIZxfq8u/6qM0LFwxVTpJ82sfnUFQa6ohb+GRo1bRZIRrXbEuH6S+ggSr2KbG21ZsuwS 6+SWXVq0kwp/KbEefSOVA==
X-UI-Out-Filterresults: notjunk:1;V03:K0:Xlw+pgTVp3w=:YYbAqSThZYMS9flkF5iPmW Jo9parnX586nAnpK8PjLZu3+Ql6cobJREnO8eXwcU5EWZOEelu2CF23RG8JGKjPWYSSwGRKtk GDBvgZaWB3Rl7JMiXGFZg5pO3/s5QSr+2zUJviCIAo2gdbrJfSzayyBCRuSjR2806Lnu9GAR0 tEcjLt9Xg+NbEqs1A0pAqIFYurG9gpFaDOOLZzzBAdMz8ZoKTsREZi5UJKkUGCmmNs08T86LX 8x2w8G3AiE0BFt51Oadk9cZXWz926lWSIgc5c/PFFtQXrRi16sC+PpcbO8ojE91xThMhWByeK OTvVK4X1EOZifVZrmXMP31mdmPBVxZXPzE/c3OGZwRTOWaiYIAwiLa6l5WCTvgCuqdEUXruSQ k23zo/OyyAI/6WUYWoX8n1nnbyvNBZJJtP9uqWbxgTYlzE+V8DhrHZsmvsrkseO134W4AjU1f 5JlOt5ud19ACY7yEyIe5+Q4In8aGySRyB0h1KJ+REHS2+kK6KtI8eUKYpJmC+h+6WRZkbuG0k Cqutp0TjYgILauQKCLLVarCJuv4lZZDShGWddTiQB34HEKHXPCvJo6J7/HXygWlJ7+xQ2HgpR j+xpBLcTw0HLoyByzy6N5ALwa1bCNeNsbBLZt4pj37IRvNPSf7mkIObmM1+LaSR3AjigJe3sj MmGUuTxZPfaO12+D+pq9ZpphLADhgLWHOxokguubIQwJ5Zuh/sZoKYxieTGdv0UpSVwoR3XyW 1uyNqQgsDIpMb3dZpgqzfVLHyW7N4nQj746hPZv4R6ZSJ3VUd0xd3hqfuCAEUjokk30bJIR1z s3cQZPijRot3K0l04alUO1UTNrtdyXlEdNmlSdY58eC8q3kvc3qKrY25+Rin/P6BGnmV/R+Qp ou++6vz0G0IFTpAI+vM1fvIsf3jUsE2wPiQg5Gw7yjWM8iQi9JBfTVAADMy2LimDjFPQxWgu7 4qI3mOA/Afx6j6/sng8CNgRgbIM4qlhAHHjppiFBIkVJe4evPajUwlactHgqrVbPBweHXjLF4 O3PtIK3p6zhfF7Dy5o8SDhkG+k3YPf3y1ymkjunbqtoDWVtg6Un1X3I0Jm58TYKNRwaqJ6vd+ wydqId3lMRrF+0+YUZkIRMa92ussfMs3aR5JLpHvdCzQRU995X9Cpg5tJ1lVHsBGDfiLcpcOv LVlcIpnONsMDuJhntbTarPzK5Jpg791Ohsa3knbbDEif2O/OT7iMMINhLunfOiOLlNIO1us9d vs0DgqnuK0iil5/K8
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/6cnQEXUEPnPTimfOWVA_UD7g74A>
Subject: [Suit] draft-ietf-suit-information-model-07
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Jun 2020 09:55:42 -0000

Hi all,



I have just submitted version -07 of the information model draft with the
following changes:

*	Editorial changes,
*	RFC 2119 changes in Section 4.5.11 (see below), and
*	Removal of references to CWT, COSE and CMS (because they are not
relevant for this type of the document).



None of these changes have an impact on the manifest format.



Here is the new version:

https://datatracker.ietf.org/doc/html/draft-ietf-suit-information-model-07



Here is the diff:

https://tools.ietf.org/rfcdiff?url2=draft-ietf-suit-information-model-07.txt



Change in Section 4.5.11:



FROM:



   The manifest must be held immutable between
   verification and processing (see REQ.SEC.MFST.CONST
   (
<https://tools.ietf.org/html/draft-ietf-suit-information-model-06#section-4.
3.20> Section 4.3.20)), so a larger manifest will consume more memory with
   immutability guarantees, for example internal RAM or NVRAM, or
   external secure memory.
.

   If the manifest exceeds the available

   immutable memory, then it must be processed modularly, evaluating

   each of: delegation chains, the security container, and the actual

   manifest, which includes verifying the integrated payload.



TO:



   The manifest MUST be held immutable between
   verification and processing (see REQ.SEC.MFST.CONST
   (
<https://tools.ietf.org/html/draft-ietf-suit-information-model-06#section-4.
3.20> Section 4.3.20)), so a larger manifest will consume more memory with
   immutability guarantees, for example internal RAM or NVRAM, or
   external secure memory.
.
   If the manifest exceeds the available
   immutable memory, then it MUST be processed modularly, evaluating
   each of: delegation chains, the security container, and the actual
   manifest, which includes verifying the integrated payload.





Ciao

Hannes