IETF Logo Mail Archive

Re: [Suit] AD Review of draft-ietf-suit-information-model-07

Brendan Moran <Brendan.Moran@arm.com> Wed, 28 October 2020 09:47 UTC

Return-Path: <Brendan.Moran@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE76A3A098D for <suit@ietfa.amsl.com>; Wed, 28 Oct 2020 02:47:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=g+bj2wW/; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=g+bj2wW/
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uPogT1b8OfYx for <suit@ietfa.amsl.com>; Wed, 28 Oct 2020 02:47:00 -0700 (PDT)
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-eopbgr140041.outbound.protection.outlook.com [40.107.14.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E475D3A0992 for <suit@ietf.org>; Wed, 28 Oct 2020 02:46:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=cKdWkvR0+vcLshSZsuLCGVaw+gpZ1iQ2p4vPtehRS8E=; b=g+bj2wW/ILBZp1LLi+4eHajyPBXa8tUrJB86TjBPFZXqrH7p+0NvJfBYqNlmKDzZ7cHQOlAXGmcvvlxEg2/D+h94+xgczOq7jRVxcNpBDpjfpLX4FMAkxHE8PEYuUJnnRiaH46onxyX7lHji3LjUpKkyea5qaZQeX8kXtekVL4g=
Received: from AM5PR0601CA0055.eurprd06.prod.outlook.com (2603:10a6:206::20) by DBBPR08MB4377.eurprd08.prod.outlook.com (2603:10a6:10:c6::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3499.18; Wed, 28 Oct 2020 09:46:56 +0000
Received: from AM5EUR03FT026.eop-EUR03.prod.protection.outlook.com (2603:10a6:206:0:cafe::86) by AM5PR0601CA0055.outlook.office365.com (2603:10a6:206::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3499.18 via Frontend Transport; Wed, 28 Oct 2020 09:46:56 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=pass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM5EUR03FT026.mail.protection.outlook.com (10.152.16.155) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3520.15 via Frontend Transport; Wed, 28 Oct 2020 09:46:56 +0000
Received: ("Tessian outbound 68da730eaaba:v64"); Wed, 28 Oct 2020 09:46:56 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: 58930ac02dc2bf9e
X-CR-MTA-TID: 64aa7808
Received: from b34f4859add8.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 8ED25158-7690-43A7-A6DF-FC1CA9B8CFAA.1; Wed, 28 Oct 2020 09:46:48 +0000
Received: from EUR02-HE1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id b34f4859add8.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Wed, 28 Oct 2020 09:46:48 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dSya764zSyXkzDuUxB0CYaH23uPU1nwhc35WpK21Vvnw4ymOIirwGp8FuXIKH/kX+JC0aVIicrABXMXVgsOF1GbmsBkX1V/ckbV4+HtNRxLsBSw/rzWMBTIIiYQS3EPdChdoormTbeGIhtuP/jxuHd8nisZk/IjPNjqpJByPiJf+NGefAOk9v38dCnxc4b3HjXu8lQfcbvWBphgBe1PukOhas8E4XF6ysTE2CrKN0H9nh4Ta7wFpFzPcEa4JP7VS5KBggva1Am1DEVCc+qAWcMkBqIzWxNeSq6pCKEc3KixS7LQAL65ehPScl6LCTjpycBVDdxgHB2Am+lVgBu6Nvw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=cKdWkvR0+vcLshSZsuLCGVaw+gpZ1iQ2p4vPtehRS8E=; b=kEELHcYf8I6B38Pj1UBhJ02G5zMi0IoqBL2/DrJesDM1ll9ndyECFYLlXt682Cd8g3nQUyFYs/jY346ZheGQP2ylsGGzU3TEY9yFECzDczu8cVgmd4RRLbzDyPC1JzDiFWnhPG9z7hUeYMLmUIP3uIUFmb//lwqMwX+Y0sRVVoeKG0ILvOwS29xcFqcAxYL4Nr9GrzbdsYJnGTrIopPh2IQJwFzqBu12k2LeahGLflonjzuoy3juZQjVHQh2te9u9qyqGPcTJVl6K9cTVk+VleVRpoKMd3SNwC6JzMC0qh2iq+ascRW1KWzxhpiH3rTd3mYt7nA+4wlbz2IXjA9OSw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=cKdWkvR0+vcLshSZsuLCGVaw+gpZ1iQ2p4vPtehRS8E=; b=g+bj2wW/ILBZp1LLi+4eHajyPBXa8tUrJB86TjBPFZXqrH7p+0NvJfBYqNlmKDzZ7cHQOlAXGmcvvlxEg2/D+h94+xgczOq7jRVxcNpBDpjfpLX4FMAkxHE8PEYuUJnnRiaH46onxyX7lHji3LjUpKkyea5qaZQeX8kXtekVL4g=
Received: from DBBPR08MB4473.eurprd08.prod.outlook.com (2603:10a6:10:ce::22) by DB7PR08MB3132.eurprd08.prod.outlook.com (2603:10a6:5:1c::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3477.28; Wed, 28 Oct 2020 09:46:46 +0000
Received: from DBBPR08MB4473.eurprd08.prod.outlook.com ([fe80::5e8:75f:1051:dbc5]) by DBBPR08MB4473.eurprd08.prod.outlook.com ([fe80::5e8:75f:1051:dbc5%3]) with mapi id 15.20.3477.029; Wed, 28 Oct 2020 09:46:46 +0000
From: Brendan Moran <Brendan.Moran@arm.com>
To: Roman Danyliw <rdd@cert.org>
CC: suit <suit@ietf.org>
Thread-Topic: [Suit] AD Review of draft-ietf-suit-information-model-07
Thread-Index: AdaNIHWEeG7nzIQrT0u9TuqH6YXUVwf7spAA
Date: Wed, 28 Oct 2020 09:46:46 +0000
Message-ID: <36136823-89B9-4376-A1F7-A98964D6B5A4@arm.com>
References: <7da85a7c7657486bbe987fdaf5451245@cert.org>
In-Reply-To: <7da85a7c7657486bbe987fdaf5451245@cert.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3608.120.23.2.1)
Authentication-Results-Original: cert.org; dkim=none (message not signed) header.d=none;cert.org; dmarc=none action=none header.from=arm.com;
x-originating-ip: [82.20.19.206]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: 5f3e63ae-d7f9-4476-9b8e-08d87b2668a2
x-ms-traffictypediagnostic: DB7PR08MB3132:|DBBPR08MB4377:
X-Microsoft-Antispam-PRVS: <DBBPR08MB43775D2831D93F8FDC3F2789EA170@DBBPR08MB4377.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:10000;OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: uOnKkn3GQpXDOfQAggfVPsfaiA8Vfy0b9wY3xk9Sn8cLG5eSBySgJbCRxdxHC+A+O9gGZVkp824/7rl8PDF+HYDQjVnabzf8XlTDLMPvf3ZYZd5RANd955IwkiklsN23WLdVv/k/K+Wcw7Ra8NnGnoA5AV8m/tFblgTOOIJ3OYWTvIY+xHOXrrWJVSHANjKPO54CrQ3OeRbd0G6Q00hSaSVFuMlORtYSN42KP6AfYRLfVIoKCeiNytVELl1NoOaJIvCFCYMz0noLKQcMhd4Nau6at601wv35zQKsRtSP8AhgbJ6buKN9ukPr8RkI4/nHBknG/923aj8UW7u8fV6MfXJl+vVclYVEJH2tFQUS3zVjhgzZwrwCxWyMD+RZIYHsH9UsLeeVHveizQeGgjhUHQ==
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DBBPR08MB4473.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(376002)(136003)(346002)(366004)(396003)(39860400002)(5660300002)(76116006)(2906002)(36756003)(53546011)(966005)(6506007)(6916009)(86362001)(478600001)(33656002)(64756008)(71200400001)(8676002)(26005)(66446008)(6486002)(4326008)(186003)(6512007)(66476007)(83380400001)(2616005)(66946007)(8936002)(66556008)(91956017)(316002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: 1JSPVls33mBCB1/DMMgtqMUUZUdOHlKuAP78cYYzmgiGgqyEsd2EdVYM8B8a+zr/lpls9W6rSkzA+etOgG1lblY+9xt1oDw1wiF40BFSRt6FjUUfvXiCEN5sSsHgy8J6/xrOyQm8itc0ig0JO5ZzETJmxZp7dTh0eYgLqQKBrUfS1i7M/QQd3lYLQXom4Gmr75I/12hX0566vaXucG3FciLVa35ScGAV4c1NvZUoA96VztjMsBmZ+IkH9I/yqAr3sDBWyXcENC/EAvsF7mE+WNl5KvgxlgemxJ6Rs11amoMK+GshtLojt4MNNwCQx9Vb9LSnypG/KzIc81Kb9mV8kktNiHrA8g2s9NyvNKamvbvRfleQZiwjZIoQAk460hADaijIF0Edjri+tLwCATexCPZbOSjieJ7EBxAK0LQJCSpeE4GYYAU5jyNObMAzyfxxFPbyX8Gfjov1FlwM4PiMy5cNVuoqIArUNBEDrbpxEiqp5JOkKhxTvoMyPydANdG0x/fGqZoL3rqjyrhnni0aD1FN4QOC4EHE5icMHNLmL32tYK2iLdGVm0JgM7LOtzbLJO6+YXnaagRnXYHdQgB2sq+9DjpL7o+xyaPeCZwp1Ten4pGaPmPdjqCifbakJIPj/g7+kYA3h0fw9GY8YN7QSw==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <83DC3CFAD88D7B47AC6D092A2AF5A333@eurprd08.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR08MB3132
Original-Authentication-Results: cert.org; dkim=none (message not signed) header.d=none;cert.org; dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT026.eop-EUR03.prod.protection.outlook.com
X-MS-Office365-Filtering-Correlation-Id-Prvs: 2bff22a0-0523-4e2e-38b1-08d87b2662c4
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: cWNELt9TGiTqhbXGLvxt1wWXmCFiMkkscEgNv7t+hyuqYumL1vYnm40W1OpE9+gu/d/BmayWrPD3x8USisdAqs6g6N2zRZVwzYfi5XBBVtyAKp+boOZ9DD9a558Xht4Laaf26XYPXU36pLh/SH4ujkU9mpWZpnPtIn7srqeypWRZdmVQK5JVmQrWCAlXiGtsNXhs+Ub1plBF6EhaeTgy4THbpUB4OHb2dCkZ8S2v+wwDI3XD+LiygY6CofFE6psPvVxBRbpBna05RiQYbl1rOFdcgAeqr66ccXiVUwWP5FyZ4yE6v0zds2OYLIwdi5MbHc4bmulc0Z1Dr6kZ3b5vVsiF9V8kQ4EYUDy5Cg40dqQS/2vaBZYNp5y70h7epG05LLxPNBxXj8wHwvAdvHmWQoYcE7C65tZ8iUIhK4mJ1y5MED6SHBnGTy2cXPpW/zBJNjXDjp9M4jl9pL0OVFgrLid8Rvbwxp+thjcd/gS6I0g=
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(4636009)(39860400002)(396003)(136003)(346002)(376002)(46966005)(8676002)(86362001)(33656002)(82740400003)(83380400001)(5660300002)(356005)(70586007)(6862004)(36906005)(316002)(70206006)(4326008)(81166007)(47076004)(478600001)(26005)(186003)(6486002)(336012)(2616005)(8936002)(966005)(6506007)(6512007)(2906002)(53546011)(82310400003)(36756003); DIR:OUT; SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Oct 2020 09:46:56.6632 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 5f3e63ae-d7f9-4476-9b8e-08d87b2668a2
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: AM5EUR03FT026.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBBPR08MB4377
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/6p0JW_DLjqjTG4UEgHBq_OaJIjg>
Subject: Re: [Suit] AD Review of draft-ietf-suit-information-model-07
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Oct 2020 09:47:03 -0000

Hi Roman,

I’ve published a new version of the draft that, hopefully, addresses all but one of your comments.

https://datatracker.ietf.org/doc/html/draft-ietf-suit-information-model-08

For the one unaddressed comment, I’ll do my best here:

> ** Section 3.9, 3.16, 3.21.  To check my understanding of the order in which 3.9, 3.16 and 3.21 are applied -- Section 3.9 is used to guide the decode a payload, Section 3.16 is applied to decide when to run the payload and Section 3.21 used to guide how to load the payload when it is decide it should be run?

Yes. Your understanding is correct.

3.9 assists with decoding, 3.16 assists with installation, 3.21 assists with loading (from nonvolatile to volatile), and, for good measure, 3.22 assists with invocation.

They apply in that order.

Hopefully this addresses your review!

Best Regards,
Brendan

> On 17 Sep 2020, at 19:33, Roman Danyliw <rdd@cert.org> wrote:
>
> Hi!
>
> I conducted an AD review of draft-ietf-suit-information-model-07.  Thanks for the thorough and systematic treatment of the security considerations.  More detailed feedback is below:
>
> ** Abstract.  Per "... have raised the need for a solid ... firmware update mechanism", could an alternative to the colloquial "solid" be used.
>
> ** Section 3.2.  Per "This number MUST be easily accessible so that code choosing one out of several manifests can choose which is the latest", what are the additional properties of this number?  I don't follow how "easy accessib[ility]" is related to the ability to compare several values to "choose which is the latest".  Do you mean that "its' not buried somewhere at the end in a complicated encoding"-kind of accessible?
>
> **Section 3.5.  What is a conditions list?  This is this first use of the word in the text; and it isn't defined in the architecture document.
>
> ** Section 3.5 and 3.9.  Both of these sections call out a "enables feature" mapping.  Where is the full list of these features?  Why don't the other manifest elements have that mapping?
>
> ** Section 3.7 and 4.3.3 Both of these section make references to "secure time" or a "secure clock".  Is there a reference to provide on what that bar might be?
>
> ** Section 3.15:  There is an implicit design here around what is "wrapping" the manifest that I'd like to clarify.  Specifically:
>
> -- Per "This is not strictly a manifest element", if so, editorially, why it is listed as a manifest element?
>
> -- This section doesn't explicitly describe what a "Signature" element is.  What information does it encode?
>
> -- Per "The authentication container MUST support multiple signers and multiple signature algorithms", what is the scope of the signatures (i.e., which subset of the manifest elements?)?  Do the multiple signatures always sign the same thing?
>
> -- What exactly is a manifest vs. "a standardized authentication container"?  Can a standardized authentication container have multiple manifests?
>
> -- What is the relationship between this "standardized authentication container" and a "manifest superstructure"?
>
> -- What other information elements go into the "authentication container"?
>
> ** Section 3.15.  Per "Lightweight authentication with pre-existing relationships SHOULD be done with MAC"
>
> -- What is a "lightweight authentication"?
>
> -- If it's not done with a MAC (which is a SHOULD), how is this done?
>
> -- Can "pre-existing relationship" be clarified.?
>
> ** Section 3.20 - 3.24.  These sections do not provide guidance on whether these elements are OPTIONAL or REQUIRED.
>
> ** Section 3.9, 3.16, 3.21.  To check my understanding of the order in which 3.9, 3.16 and 3.21 are applied -- Section 3.9 is used to guide the decode a payload, Section 3.16 is applied to decide when to run the payload and Section 3.21 used to guide how to load the payload when it is decide it should be run?
>
> ** Section 3.21 and 4.5.10.  My read of Section 3.21's "This is effectively a copy operation from the permanent storage location of an image into the active use location of that image.  The metadata ..." left me with the impression of a very narrow capabilities.  However, Section 4.5.10 suggests a richer capability "It MUST be possible to specify additional metadata for load time processing of a payload, such as cryptographic information, load-address, and compression algorithm."  I would have expected that richer description in the definition of the information element, not in a requirement.
>
> ** Section 3.23.  Per "The Payload element provides a recipient device with the whole payload ...", the text current defines the "Payload" element name by simply repeating the word "payload". Is "payload" the same as draft-ietf-suit-architecture definition of "firmware image"?  If so, it would be worth saying that.  If not, what is the relationship between them?
>
> ** Section 3.24.  Can you clarify the statement of the key claim not being authenticated.  I'm taking "authenticated" to mean not signed by the Signature element -- assuming this is in the manifest, what other information elements are in the manifest but not authenticated?
>
> ** Section 4.2.2.  Editorially, this attack is titled "ROLLBACK".  This characterization doesn't seem right as the device isn't being downgraded to a version older than it is currently running.  It just isn't getting the latest version.
>
> ** Section 4.2.2.  I think we need to soften the "mitigated by" language.  REQ.SEC.EXP is invoking an optional features usable only when certain devices (i.e., those with secure clocks)
>
> ** Section 4.2.2.  Is there another exposure here to discuss with the use of Expiration Time if the author goes out a business?  Consider if the device is running version 1 and is offline for a while.  The author publishes version 2 with important patches but puts an "expired time" in it.  The author goes out of business.  The device wakes up and tries to download the v2 from the firmware server but rejects it because it has expired.  Now the device is permanently vulnerable even though a "fix" is available.
>
> ** Section 4.2.5.  The reference for the mitigated by should be Section 4.3.6 (not 4.3.5).
>
> ** Section 4.2.7.  In the spirit of inclusive and more precise language, s/THREAT.NET.MITM/THREAT.NET.ONPATH/ (or some other way to say "on-path attacker" instead of "man-in-the-middle")
>
> Regards,
> Roman
>
> _______________________________________________
> Suit mailing list
> Suit@ietf.org
> https://www.ietf.org/mailman/listinfo/suit

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email