[Suit] Remaining items from IESG ballot on draft-ietf-suit-information-model
Roman Danyliw <rdd@cert.org> Fri, 16 April 2021 17:19 UTC
Return-Path: <rdd@cert.org>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 797413A2D34 for <suit@ietfa.amsl.com>; Fri, 16 Apr 2021 10:19:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cert.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vUo4mYuAm248 for <suit@ietfa.amsl.com>; Fri, 16 Apr 2021 10:19:44 -0700 (PDT)
Received: from veto.sei.cmu.edu (veto.sei.cmu.edu [147.72.252.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D40533A2D32 for <suit@ietf.org>; Fri, 16 Apr 2021 10:19:43 -0700 (PDT)
Received: from delp.sei.cmu.edu (delp.sei.cmu.edu [10.64.21.31]) by veto.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id 13GHJf35026747 for <suit@ietf.org>; Fri, 16 Apr 2021 13:19:41 -0400
DKIM-Filter: OpenDKIM Filter v2.11.0 veto.sei.cmu.edu 13GHJf35026747
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cert.org; s=yc2bmwvrj62m; t=1618593581; bh=2o9rK8dyddzJ8syntzCI3lPYRrTly881mhy/9uXNfHE=; h=From:To:Subject:Date:From; b=qSjMy2P6mmaCJ2QV3TsYm1aLgKR7SHGHNA3qcQTiKSI66e5nScHbws/Nij6sakk7Z DwRmgIMIQaBy8yL8iCjunu3PKzM5/vQr6628LAuG7+IC5aGeDmjv8OdoWRgz760VHM iWI6Jzdb/DYdUR1QoQcIECIS/A5JbcmS6chvdzlY=
Received: from MORRIS.ad.sei.cmu.edu (morris.ad.sei.cmu.edu [147.72.252.46]) by delp.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id 13GHJYbg028555 for <suit@ietf.org>; Fri, 16 Apr 2021 13:19:34 -0400
Received: from MORRIS.ad.sei.cmu.edu (147.72.252.46) by MORRIS.ad.sei.cmu.edu (147.72.252.46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.4; Fri, 16 Apr 2021 13:19:33 -0400
Received: from MORRIS.ad.sei.cmu.edu ([fe80::555b:9498:552e:d1bb]) by MORRIS.ad.sei.cmu.edu ([fe80::555b:9498:552e:d1bb%21]) with mapi id 15.01.2242.008; Fri, 16 Apr 2021 13:19:33 -0400
From: Roman Danyliw <rdd@cert.org>
To: suit <suit@ietf.org>
Thread-Topic: Remaining items from IESG ballot on draft-ietf-suit-information-model
Thread-Index: Adcy5DoethM7gOwbRzqChfnVO79qLA==
Date: Fri, 16 Apr 2021 17:19:32 +0000
Message-ID: <89febb3844e14e20bfa609555d621d94@cert.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.64.203.41]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/DIdz3STHUWASzLxQxv10mVNCNSY>
Subject: [Suit] Remaining items from IESG ballot on draft-ietf-suit-information-model
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Apr 2021 17:19:49 -0000
Hi! Thanks for all of the work to address IESG review comments in versions -09 to -11. My review of -11 again the IESG ballot (https://datatracker.ietf.org/doc/draft-ietf-suit-information-model/ballot/) and existing mailing list conversation shows that it would be helpful to consider these remaining comments: (1) From Ben Kaduk Section 2 Secure time and secure clock refer to a set of requirements on time sources. For local time sources, this primarily means that the clock must be monotonically increasing, including across power cycles, firmware updates, etc. [...] But it doesn't have to be anywhere close to an actual reference time source, just monotonic? (2) From Ben Kaduk and related comment from Rob Wilton Section 3.3 identically named entities from different geographic regions from colliding in their customer's infrastructure. Recommended practice is to use [RFC4122] version 5 UUIDs with the vendor's domain name and the DNS name space ID. Other options include type 1 and type 4 UUIDs. We should probably pick one of 'version' and 'type' when referring to the UUID constructions. (3) From Ben Kaduk Section 3.21 I'm not entirely sure what unqualified "source" and "destination" are intended to refer to in the context of loading a firmware image. (4) From Ben Kaduk Sections 4.3.16-4.3.20 None of these have "Implemented by" lines. Should they? (5) From Eric Vyncke -- Section 3.1.1 & 3.4.2 & 3.4.4 (and possibly others) -- s/vendorId = UUID5(DNS, "vendor-a.com")/vendorId = UUID5(DNS, "vendor-a.exmaple.com")/ Thanks, Roman
- [Suit] Remaining items from IESG ballot on draft-… Roman Danyliw
- Re: [Suit] Remaining items from IESG ballot on dr… Eliot Lear