[Suit] New Version Posted for draft-ietf-suit-manifest-14.txt
Brendan Moran <Brendan.Moran@arm.com> Wed, 14 July 2021 10:34 UTC
Return-Path: <Brendan.Moran@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id D73C73A0E2D
for <suit@ietfa.amsl.com>; Wed, 14 Jul 2021 03:34:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001,
SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001]
autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key)
header.d=armh.onmicrosoft.com header.b=c2fhtNjg;
dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
header.b=c2fhtNjg
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id aAewiKjhR1lG for <suit@ietfa.amsl.com>;
Wed, 14 Jul 2021 03:34:51 -0700 (PDT)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com
(mail-vi1eur05on2067.outbound.protection.outlook.com [40.107.21.67])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 952D63A0E29
for <suit@ietf.org>; Wed, 14 Jul 2021 03:34:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;
s=selector2-armh-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=8A3BkE6pjMuTLM2Zd5R+SsAquRtBy3ZfHSyfmKoMHJw=;
b=c2fhtNjgzkeHGFztoPJTrk4ag4jaan9zUkj6UAHAQckRszmNjN/c8+PRAvowtf8ohf0YVArqTp96160kRiH2BXYTzCRu/+mSf5JH/LBnLDowJHEbLNMxNVNsu0LHA4o/r8EGV0WSyT8LV/xCSwiMdfCe1YWpoyor4yFmunE7gmo=
Received: from AM6P194CA0047.EURP194.PROD.OUTLOOK.COM (2603:10a6:209:84::24)
by AS8PR08MB6933.eurprd08.prod.outlook.com (2603:10a6:20b:39f::7) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4308.21; Wed, 14 Jul
2021 10:34:46 +0000
Received: from AM5EUR03FT019.eop-EUR03.prod.protection.outlook.com
(2603:10a6:209:84:cafe::13) by AM6P194CA0047.outlook.office365.com
(2603:10a6:209:84::24) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4331.21 via Frontend
Transport; Wed, 14 Jul 2021 10:34:46 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123)
smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified)
header.d=armh.onmicrosoft.com;ietf.org; dmarc=pass action=none
header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates
63.35.35.123 as permitted sender) receiver=protection.outlook.com;
client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by
AM5EUR03FT019.mail.protection.outlook.com (10.152.16.104) with
Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.4331.21 via Frontend Transport; Wed, 14 Jul 2021 10:34:45 +0000
Received: ("Tessian outbound 664b93226e0b:v99");
Wed, 14 Jul 2021 10:34:44 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: 28fe335c67a01627
X-CR-MTA-TID: 64aa7808
Received: from 126912aabb4f.1
by 64aa7808-outbound-1.mta.getcheckrecipient.com id
EF23C175-9BAB-4209-A6CE-43CEFAC5E4EA.1;
Wed, 14 Jul 2021 10:30:52 +0000
Received: from EUR04-VI1-obe.outbound.protection.outlook.com
by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 126912aabb4f.1
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384);
Wed, 14 Jul 2021 10:30:52 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=BOSOEjIPT+X5llQ13CP7wHXyiyMe7/KWnB8g1uABTFkE9D/C6o9ju0SHoDEGw9PuE6cEP4sDLebOw3VQ2V/IBZIs/AC7ySQJMGJBdtnihwSoON9gtR7Y0gCdfKD0mLSt+JJb+MBZR/GiVbC/IMw3++7d4WAvcr3oArFQKM96Auw5OGshPA2opVTVIaY68WOT/X7moG+HoGfhi5pA7Y2maIU519pFDZWtdm4YWruoE8k8GK20skjgfCcJDfn5Gh5YcJrP/sOtku3pTuYFMrwir9VeVhurZiCmNLGHFm+9pH5WpqAwnpRhJL0VsWQr/w8eCfH+cPs9OsNvUUqAv5nx3Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=8A3BkE6pjMuTLM2Zd5R+SsAquRtBy3ZfHSyfmKoMHJw=;
b=aSg2Jr/c+ReK/QPHR0WmfswVQ6nvNb2KdOygpF7eGMHGSDI1MVAseD3DMYAo5aRyNVVuDQek0ulnGcohc9ri78GqxzKRlp4q9FRkFUFfruf/ibnphT1c5BYDgCZ+JnFst77tK4ILpvX0HQD9Q8flZMEhz8Jnohc7jGEGkAd/4qh5+3GZONNYlc5GPQjNnAdaU3AMk6m/Z2WSluu5hUorQeg28VLvjcNbghmf8oqwgvEQICHZa3TqbK3IHg1EjRxvvoTQXr55bWQEfquLg4j4xWtRX9bdGczzDRS7x5/huPZApn5BF6giWDGDu591TCsE2oHq8YDOsX8tLuWPcOl94g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass
header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;
s=selector2-armh-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=8A3BkE6pjMuTLM2Zd5R+SsAquRtBy3ZfHSyfmKoMHJw=;
b=c2fhtNjgzkeHGFztoPJTrk4ag4jaan9zUkj6UAHAQckRszmNjN/c8+PRAvowtf8ohf0YVArqTp96160kRiH2BXYTzCRu/+mSf5JH/LBnLDowJHEbLNMxNVNsu0LHA4o/r8EGV0WSyT8LV/xCSwiMdfCe1YWpoyor4yFmunE7gmo=
Received: from DBAPR08MB5576.eurprd08.prod.outlook.com (2603:10a6:10:1ae::11)
by DBBPR08MB4918.eurprd08.prod.outlook.com (2603:10a6:10:dc::13) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4308.23; Wed, 14 Jul
2021 10:30:48 +0000
Received: from DBAPR08MB5576.eurprd08.prod.outlook.com
([fe80::f4d7:fc24:6a91:25a4]) by DBAPR08MB5576.eurprd08.prod.outlook.com
([fe80::f4d7:fc24:6a91:25a4%7]) with mapi id 15.20.4331.021; Wed, 14 Jul 2021
10:30:48 +0000
From: Brendan Moran <Brendan.Moran@arm.com>
To: suit <suit@ietf.org>
Thread-Topic: New Version Posted for draft-ietf-suit-manifest-14.txt
Thread-Index: AQHXeJtPmxUl8kQDk0CBCWFg9JI4NQ==
Date: Wed, 14 Jul 2021 10:30:48 +0000
Message-ID: <B57C6B13-7D16-4F54-9F58-8CBD25DA8B49@arm.com>
References: <162611679057.28221.16041722684036125530@ietfa.amsl.com>
In-Reply-To: <162611679057.28221.16041722684036125530@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3654.100.0.2.22)
Authentication-Results-Original: ietf.org; dkim=none (message not signed)
header.d=none;ietf.org; dmarc=none action=none header.from=arm.com;
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-Correlation-Id: 3608803d-7da3-4a45-19c0-08d946b2ffbe
x-ms-traffictypediagnostic: DBBPR08MB4918:|AS8PR08MB6933:
X-Microsoft-Antispam-PRVS: <AS8PR08MB69338083019B7ABE2D003BB4EA139@AS8PR08MB6933.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:10000;OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: XmDwEqgZQ1VpM0+t6uYbPCS/mxlyDEaOYfNsjIErHL7PpD1l2oc57WgBWfsb/9hjkEbEJe/TKzlQXxevbeQP3bzY9uA6g7VPN8fOv3H7q/6LzngfE8MzrHkKGF0VJ9hzGvc07b7B+eB4ilmjduq0r0BXvLv460PaLmVivoesPdcPEkRd6Px/shHR5Goo+L3qwAGdtmYbrSZ8ehTYyNng/GEm1MZi296M1fNfZSpfbYUPW6OGBIGyxRV1soLRNLqOr5mjjx2/Xt9uOhPbvUSTZlPT4kna7PuarsQLZ2tsRH0x9Fyb5SlRyP27uk4ok3CDpDdn8SdMZK6v1u9VmSu2IMaVlSlkE9iAKEvZT9ZbctCnMlVfp46KoIXFoopsKnpbfzlMa4wqz+hkoZvS2Rg614De1sYuNhmPd5oXj4Iv15Kt421jUE9dFUaPHAUGqeRIQsf88kl3aVcPMTsbHwOpOePLAFC/33TAypBfLVU7egyxT0vbjgSHSTJpVVQV1CMqpdhpc5Lo1m/EgFpuS/fCQnS6etZ516p6Q3CaLqoLBd1NWOYVs3sZ2jAOjYC3Jl3cue7p77IhJfzIBf1NxuuC2HYDIfAmrpigBhPsGa432xLolDGjdFJgogq6C+uB28ESGe9LmO+RSWwQhy489NBKAOS+jR75NvPEx8VaHtvK+WWWFQIu+gTCh/I0ctGj7Z6YP2gfpWMkcAC8iVAmH3/JDGkzVtmUZCTWgLPZuIBCa4+l6GpLv+CWLS+E1QVoXjHS
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en;
SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DBAPR08MB5576.eurprd08.prod.outlook.com;
PTR:; CAT:NONE;
SFS:(4636009)(376002)(366004)(39860400002)(136003)(346002)(396003)(316002)(2906002)(36756003)(8936002)(5660300002)(2616005)(66946007)(64756008)(66446008)(91956017)(38100700002)(6506007)(76116006)(8676002)(71200400001)(33656002)(66556008)(66476007)(86362001)(122000001)(6916009)(478600001)(6512007)(186003)(66574015)(83380400001)(26005)(6486002)(38070700004)(45980500001);
DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?utf-8?B?QWN1QVJ4OTRyMVhxbkdrMUcyajhUYTFXOXQ2YkhUaVhzVkJ2K2JQZTI1TmJO?=
=?utf-8?B?MmFUNE1oRTc4aVoway9tdXEyamxPWXlWamxDMUNtKy94bFUySmoxUEdPZWJG?=
=?utf-8?B?TEFnVUhEcVBNbHFnb1QvVEp2ZVRDbkZ1UzlWTkZZbmdlUU9xd0JGL3V3UFVT?=
=?utf-8?B?WHFXaWcrVnk1ZUZXMWNRa1oyWVZ6cW5MY3c2S3htakdBMFRkYmlPR25CWSt1?=
=?utf-8?B?NUx4ZmZFd3BGOE5vdXYyVHNRdFdxNnBJK3RVSUp2RjZKaDZWWjQxR2M0OVo0?=
=?utf-8?B?QkZZa2xBZ21INGRFeGptc0Irc3d2TTJjSHpDUlFCdEU5eFVEVUh6NVR3QzBO?=
=?utf-8?B?ZlBjUDh6cWZGREt4T1AybmpNMDBDWk1jdUJBSEtIellROWtkV0ZpR1B0cm9r?=
=?utf-8?B?UGk4enk1dUxTUXdEM1YyckJnWTBnS3lmT01ZSGt0SXZEUm1rSUlRbmNZbWlY?=
=?utf-8?B?eC9UM1p1RzNyOWpTdTAvRlk3Wk9TTXhxczFDU1FoeTJFVEp3ckQ1eU0xL0gz?=
=?utf-8?B?aElPTktpOGVBRG15Tk8zcnZDTXhodHpGT0FiQ1U5d3NnZ1g5VXlOZm43MHRJ?=
=?utf-8?B?bnNvWTV1MEFYaUFhaDBqZ3lNWG01clpzRmFSVE5YMUNYeWJSTThGUE9JYktB?=
=?utf-8?B?MVhLS1Z3QnhWMjBzdGtoM2FiUU5PMkJoc2Z3dWo2WERNbWJMc1ZDL3F3WTBZ?=
=?utf-8?B?cHJwcS9kRTZUNS9Vc2FlZ1pJazR1QUVXeGROL0dyOU5jblJBZkpVdm5EUzM2?=
=?utf-8?B?VkE2cEUwU25JeXhNYm92NU9wWHk0a2NDd3N2cmVjT092dTlodlZHYkREMm1H?=
=?utf-8?B?YzYwdTdMbk5YdFlCOVN0OG80RU9MVVJ5ck9pZkJjLzNtZXdkSVhqb0plcHly?=
=?utf-8?B?OXFzcGJXdGMveDY2UVdnenZCa1JsRFR0bzJLeGJHaURqSU1EZXk1VFY2V2xu?=
=?utf-8?B?T2lLckRGRmRHYU9KSWlKMnlTMUtQdlJ2MjNIV0NpVHNOQjlCelFoWCtZdHdw?=
=?utf-8?B?VytrQlNjWklEdW9GaUJwU0ttUjlPNnFYWjdqVklybzdNSnJuZUR5MGtvKzdO?=
=?utf-8?B?ejU1SzJ4eXBZT1Jnb1FkWVlnNGR6WGFEeWwwNU1RbHNaYXhsai9lL3d4ZUpI?=
=?utf-8?B?N2xGLzYzVkx6Q014MDNnTUNnUXI3eWF0VlBuMG5jZit2eGt2UEtMcVRBNlp2?=
=?utf-8?B?RnNhdXNvM1oxalkzTmdWWlB1ZEZYUkxiRUpMOVk0SWZmN0hrWGUzUnZFenpE?=
=?utf-8?B?WTJWRmt4cFF5WG9neHkrYTZlSW5NME5oUmEwOEN6YVQ5dWh0N29zZkRSd01N?=
=?utf-8?B?eHdpbHNtV0wyUThIVk16c2gwWnh5MjJKNzJURlZBeVdVTVY3djF6RDg4V1Bp?=
=?utf-8?B?NzI5Y1BrVkM5empzMnh0M0FvWEZpT1Jvb1h1Tk5QaUkvSEpDbXlESk9Na1U4?=
=?utf-8?B?THhIZG9CZXZmejVrczd6aHlKdWhJRTM5ajZQNDdwK0d2Tm4rOHhrMUJCTkZk?=
=?utf-8?B?eFFxa2pvVGkwdkJFeXdRbVVRSkx4bTJ4STF5TWNQQWpnU1hCQXFhdmF4UE5s?=
=?utf-8?B?VlFvdWhObTZuWU9aMVhoSFVjS2lTZXYzMzJWWVM3cHNCRHJEVTJFMGJPRFhV?=
=?utf-8?B?WnZuSlp1SUowcmlrcWxsU3JKTWdSbHA4cDhqQ1V1cUo2dHBnRVJCbkVtam4y?=
=?utf-8?B?N3pxUTRjbFYxc2x3QzRkOWNPUFRjUXJkMW1oZ3RUcU1nd1hlTnlDZkJZL3NO?=
=?utf-8?Q?AX6JH4rsf9rkeUUMsSkPAwsZhTitF+fiPTtAamh?=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <702FAAE29858384DA0850411496D2F05@eurprd08.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBBPR08MB4918
Original-Authentication-Results: ietf.org; dkim=none (message not signed)
header.d=none;ietf.org; dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT019.eop-EUR03.prod.protection.outlook.com
X-MS-Office365-Filtering-Correlation-Id-Prvs: 990baaa3-4b13-4a88-1d0c-08d946b27225
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: Tb7If030DTY9+jHYEqs5hU0wHpR1NU79SgVifL87GcXd3K5hIWpXhCotmOnWF4C+MoRpYNvFSqU7uWZm6XJluWJr2aPFEodJzFebNpJYpI57XVP+DhX75t7Og/L1FwwSopGZ/qclBwBELU2vIPzlqfb+EvfZ9XM6RprHBlm0YyGjLt6boIMlETaAJxDCyTUZfwj1JcL4rxo/p/hnm3HDssaZDQWQTYm391dL5cc1Be6T3X8uY2IWik0qgwpZEoaBfIConXsYJTr0iySyESgg1uSepAcIjcxkmvVIw3PuNHHu6xTbippSqPpDYmgVLlv3AUtWAgcEM7TLdBpV4vJt+3SdSwG3In5G5leHmYRT3lZNxbDsqZpK/XWD2Htt5s2WwPxqwHV3QIIAf4gJ/hF9x1qJl7azAcqtr3VaCgXznaTkQ/9VVBj8xe6ymyLaII3O6ZtboWaxxpK5+hD4m2hy5f75BV4me60UIw3JevXjYGYyrFF1vTXDYbDkGlvLrwgc1ai8zSzac5UxeHOYPhB5nOfFQ7+TvVb3c953zD8D55l6hde5qntQfAHhu38z2EPGZMneO2cwICt3GKfRJTU4hwTkUHeKSFoDVS8QVVCQtzsoBuIU3oURDU06f+EXELs7Vqa9e48NdbQ6tFyMbDYX8IxPFj2yEcBC/xoYjz1PNt3Tv5IPXfr9pSyHS43KfgjYM/RS83pS7ICg0YtFTUkg6A==
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:;
IPV:CAL; SFV:NSPM;
H:64aa7808-outbound-1.mta.getcheckrecipient.com;
PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE;
SFS:(4636009)(396003)(136003)(39860400002)(346002)(376002)(46966006)(36840700001)(82310400003)(6506007)(478600001)(6486002)(83380400001)(336012)(356005)(36860700001)(81166007)(6512007)(8936002)(47076005)(70586007)(186003)(82740400003)(5660300002)(36756003)(2616005)(26005)(33656002)(316002)(8676002)(70206006)(6916009)(66574015)(2906002)(86362001);
DIR:OUT; SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 14 Jul 2021 10:34:45.4499 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 3608803d-7da3-4a45-19c0-08d946b2ffbe
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123];
Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: AM5EUR03FT019.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR08MB6933
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/BGQIkrZ11-xUD_XtDngj53lzHA8>
Subject: [Suit] New Version Posted for draft-ietf-suit-manifest-14.txt
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>,
<mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>,
<mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Jul 2021 10:34:54 -0000
I have posted a new version of the suit manifest format. It has two outstanding issues raised by Øyvind: 1) How do you refer to an integrated payload/dependency in-place for digest validation? While I understand the motivation for providing a way to reference integrated payloads and integrated dependencies with a special component ID, I do not think this is the best approach because it would cause breakage in the override handling system. Consider a situation like the following: * Manifest A: ** Sets a digest for Payload A ** Sets a URL for Payload A if unset ** Fetches Payload A to a component ID ** Verifies Payload A * Manifest B: ** lists Manifest A as a dependency. ** includes Manifest A as an integrated dependency ** includes Payload A as an integrated payload When it comes to fetch/verification, as you rightly point out, the Manifest Processor should verify the payload in-place prior to copying it anywhere. However Manifest A knows nothing about this. As far as Manifest A is concerned, the payload is hosted remotely. I think this is an important capability and we should not break it. My take on this requirement is that, where it is required, Fetch should have a hook for handling relative URIs. In the case above, this would allow Fetch to identify a relative URI (in this case #../<envelope-key>), showing that the Payload is stored in an envelope. Fetch then locates the payload within that envelope using the envelope key encoded into the URI. I think that this is more an argument for a new operation: suit-condition-integrated-image-match (consumes suit-parameter-uri, suit-parameter-digest) This requires some consideration around how to handle setting those parameters since they may not apply to a component ID in this case. I think this would make a fine extension to the SUIT manifest. There’s an additional consideration on the dependency side of things: Dependencies are referenced by digest, not component-id, so this is slightly different. The expectation has always been that dependencies will be copied into a manifest storage area. This is an important step in many systems because these will have their signatures validated at time of copy, then, for example, HMAC’d if they are valid. Signatures will not be recalculated because they are expensive. In the case of a monolithic file, particularly on a powerful device, this makes less sense. If dependencies are to be left in-place, then fetch is the mechanism by which the manifest processor registers the location of a particular dependency. That is to say that, barring the introduction of another operation, when fetching a dependency, the fetch operation should skip fetching a relative URI and simply register the manifest digest with the appropriate offset in the containing envelope. 2) Should there be a list of URIs to search for future updates? I’m not so sure about this. This has a number of system implications that I don’t believe we’ve thought through enough. If it’s an attribute of the manifest, like reference-uri or sequence number, then it prevents a dependency from overriding the URI list if permitted. On the other hand, if we add a command and a parameter (suit-parameter-manifest-source-uri-list, suit-command-monitor-source-uri-list), then it implies an API between the Manifest Processor and the Status Tracker (which would normally have the job of checking for new manifests) that I’m not sure exists. I think this needs further discussion and I think it would be reasonable to consider it as an extension. Best Regards, Brendan IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
- [Suit] New Version Posted for draft-ietf-suit-man… Brendan Moran