Re: [Suit] SUIT rechartering: proposed text
Roman Danyliw <rdd@cert.org> Mon, 08 November 2021 14:21 UTC
Return-Path: <rdd@cert.org>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1339D3A0C67 for <suit@ietfa.amsl.com>; Mon, 8 Nov 2021 06:21:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.8
X-Spam-Level:
X-Spam-Status: No, score=-1.8 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTTP_ESCAPED_HOST=0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=seicmu.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MyjYGOKYsWyp for <suit@ietfa.amsl.com>; Mon, 8 Nov 2021 06:21:19 -0800 (PST)
Received: from USG02-CY1-obe.outbound.protection.office365.us (mail-cy1usg02on0111.outbound.protection.office365.us [23.103.209.111]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2439B3A0DDA for <suit@ietf.org>; Mon, 8 Nov 2021 06:20:46 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=C2vlK6cYw4AOBc/qKBblNn5R8cS2ftapUlw9ifQ1RsBE9jSAIXoX7mdWfhibip2xfItYWYa/c3MMLwtaOdmiGfCCzcVr6ZpwvSloGlXQf6UvO/5aaNSC0OLfbiJFMgWCEEWyHrFbeWfBFYYQU1iSRTxdNmM4YB5ebWACJqgoKYuGZh0FQUbmS6F6o/8QhyLejRuhGmPVls8vQunqNYbhUub2R9Jl67E1t3PiInA0FiLcTUs/Nfc1uaBbKGtii7948kxr8gT+Ypf7Ll7XAvFW6muWYUx0ZiLj+zcSS9EvQaWij27kM4/kq+gDwTiQzqZfeozJGT8BK70XB+8m7G38sQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=8gb4xWQ4K+hehCGhBx/AodaFgJlFbr2u2WldTB1QnMQ=; b=l0z9/ijFlh370SUEYhyzbYtA978tyb28Oi54o/DUYK9rUCLgbsNy8Gf2HeNOPzNkbPIuACS9cVB4S0za+AJ/6znFhq/THGtrTR8HUROj3Fe3/gr3PviNhDsfdnaLviQBdvAahZfUZzsadwGkUu55XqpU8zo8Zjm0k2MbRPqEFhzi17oaaJ7AtH6Z5axOUReLIcEvFNF7+hYuhWjXqrKbX0ktpBDX/q60GqjBJU9pCpL/FrbI1Apq/l0X0eCnWtKyzNSUHDPM+WogfgAs+WwcHJnG6MawJKfUqV5E4Lg9UXIbdFKIoa6Eqhu3WvSgy1gIMMeVkWtHn2IPKs0xGoL7IQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cert.org; dmarc=pass action=none header.from=cert.org; dkim=pass header.d=cert.org; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seicmu.onmicrosoft.com; s=selector1-seicmu-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8gb4xWQ4K+hehCGhBx/AodaFgJlFbr2u2WldTB1QnMQ=; b=AGIwUCq5c0L1iy2Efxbb4XEfb3THwQyLmFm1mk+ABRUuSxNWa7rBfI2QOkaJKrDBHPI7PDHrC5Bjo+fJcD/QZMFUJNuT/wUAjZkhKH/mSBCOfrWKijKSnu5uKKQueX4Mn4TY9SNmEKRbhwax7vsRE60A5LQKzS2QvdA5hpHW/jM=
Received: from BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:134::12) by BN1P110MB0833.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:132::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4628.16; Mon, 8 Nov 2021 14:20:43 +0000
Received: from BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM ([fe80::4463:48d1:9769:567f]) by BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM ([fe80::4463:48d1:9769:567f%6]) with mapi id 15.20.4649.017; Mon, 8 Nov 2021 14:20:43 +0000
From: Roman Danyliw <rdd@cert.org>
To: Russ Housley <housley@vigilsec.com>
CC: suit <suit@ietf.org>
Thread-Topic: [Suit] SUIT rechartering: proposed text
Thread-Index: AQHXBIFCYdPbq2i4MU2UU0mwBdcWBqpbCE+AgACrygCA5PDNAIAAD0eAgABJdoCABbYOgIAGNsuAgATLooCAABhQAIAMxcoAgAMvKoCABLADAIAHEPaAgAB4T4CAAARFAIAAARaAgAABMACAgR8ZAIAHZXpwgAAyg4CABJKW4A==
Date: Mon, 08 Nov 2021 14:20:43 +0000
Message-ID: <BN1P110MB0939804ABED72445CBC21F67DC919@BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM>
References: <66D84CE5-22E6-44F0-8239-8A5832326219@arm.com> <3E7D5E5B-03EE-4EDD-A951-FB119F72DDE8@arm.com> <16339.1613515194@localhost> <E4B87013-1498-463F-98C0-5FF13344C3EA@arm.com> <6FC3F38A-B067-4180-ACD9-A121162EA459@vigilsec.com> <26718.1626138395@localhost> <MN2PR09MB4841BA0A0CC978E70A09A509F0119@MN2PR09MB4841.namprd09.prod.outlook.com> <67F117E7-28F2-45F3-BC4C-AC8116BCB69F@vigilsec.com> <SN6PR2101MB0943178F1E627E78A1343AE8A3E59@SN6PR2101MB0943.namprd21.prod.outlook.com> <50B65F80-808D-4591-9D4D-2346796DA204@vigilsec.com> <1944E3C3-9348-4574-AE26-4133BFD932B0@vigilsec.com> <CH2PR21MB1464AC4D50A932EC45A3B369A3EF9@CH2PR21MB1464.namprd21.prod.outlook.com> <3944F4E6-9644-4D23-9DB0-B0AC0490AB51@vigilsec.com> <A460F3FC-0EC6-4B8F-9D8C-D40AC841E602@arm.com> <20192.1628612087@localhost> <CAN40gSsvPrnMzUrQASo7nmJJKYGjNm=GNtOd9v9+a7Ni1waCCQ@mail.gmail.com> <CH2PR21MB1464E5F803ED4E22B6D90DD3A3F79@CH2PR21MB1464.namprd21.prod.outlook.com> <2002841D-85D6-41AB-B214-963174485119@vigilsec.com> <8A3FC35F-E993-4899-9213-A2DCA8D1F857@vigilsec.com> <BN1P110MB093911A420389098A6444B29DC8E9@BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM> <B170B41E-CE69-4049-A091-C44DC4C934D6@vigilsec.com>
In-Reply-To: <B170B41E-CE69-4049-A091-C44DC4C934D6@vigilsec.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: vigilsec.com; dkim=none (message not signed) header.d=none;vigilsec.com; dmarc=none action=none header.from=cert.org;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 264882c9-0156-4c39-1460-08d9a2c2f2f4
x-ms-traffictypediagnostic: BN1P110MB0833:
x-microsoft-antispam-prvs: <BN1P110MB08331CA47CE2B4D4F5578024DC919@BN1P110MB0833.NAMP110.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: cRZVtuiy21beUGw2+CfuA3gUVzFCVmPtDXfWP+pKc8FcYtDgk6n62BwN3kJWhrxmS8gJhWxvezYs2DYNC1pp93pNYpxu7bRWTyNWzM2cL+MgWlE5O35pzw/QJt3L7nJ60sDULWMODiIMA5AI5gZLetiavzXHJp8dPbkDkSOLRK5T9hldPr6lvKJphvzKjQ4L3if+Auax4VyCI5diBLutDh+p9qv458nIjkoZKqO5it9yjkdOIjRPHJdN5n4bYT0KnrxrJAJx6zaT0blnQ5GrUy7AZX9zyW8afpJ0x8I5YKw2pV54awTJzuC76RhYYyOL2RUsiupNfzwUE/TWjOHrINSZH9Q1Zte2aFYsJmso6GJ+Qo1dfgWoHYio4YDpajpHn8Lsnw3rXMeWvW1i0WvCfh7CyXqyJvJeD4emQaoYipoIRhaLzDeTvzFVPkWTUTZN1acqqUcNGooKQLomb0LoDWlaYwaIq2cz8GkOZRgF9+HYBCsEsthChcLC4S93Wd56rsza2DSkSqYZ8OxvO/stI1zLG2aLEDN1IZDnSfNf3vodi/NlLHFhUpJoACaCzuQQHXgShs2UygrkCxCgEePtUxP+n+2zIWArkGSl5z+dax48Kkf6Pc8YbwDUoS2XwzszfAEBLUPIPcDnVhM7udWuhj/0sSVdt8dAgSv+y7Vp1ILTdecrTwC8bj0jq+Pz0j6ZTe/jpRD7eeJBs98KquN/m99iIo1phlDNfjyEtKQ3bt4=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(366004)(71200400001)(82960400001)(4326008)(52536014)(26005)(8936002)(186003)(9686003)(8676002)(498600001)(86362001)(83380400001)(66476007)(55016002)(6916009)(66946007)(64756008)(7696005)(966005)(5660300002)(53546011)(2906002)(6506007)(66556008)(122000001)(38100700002)(76116006)(38070700005)(66446008)(33656002)(21314003); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: GozyDvsr6F420Jp2xdXrsXFp+e6zVUnKz8IVXPVqnntmfByu7prsEKef7bIybv2W57b2wJODzRqubDlzxXBdAhxMbQfq4r4SMNlksoYcf3WplxP6DecD1H8PIEZ2sR+P+Wz8FYt3YdIzbosBPpOJPaLh7Dd7asGyp9W7oBIIctKILbPcWMsh1bMXj+nnANKGghoJeeIFZVnhSVmu7hfvg96cze6Ga+9ogKfZtDsHJXVwPZOEPVinwoyd8rktlFM0HI9QNzsz6PfL6ZBkNGlOQm39xLWEMZcrH7ZwRqa0VptGSbskPRvejKFrhkT/rWJeh/OZLGB8WhJaxVN/l8yBhG5Pfqa/pbg1B6KZTTPymx5IRbEk5RgbGPLZhwPwkeeqS6F9nRxhdVlNZv9KthWRGFwRqoqIKO3WL+QRU0Fl/c/uyAYLAbBt2l/n7/4QMMOrb/q61aKx+i1hwL8TmTTW7tllwXAs1dqR/Ityb+hfyIfL6Mik9Ag2VL9OcTEfMX9gn6Lryi6dOb7aNHAw0uMaUOoSsd2UhKgtN8Hhq+fRNUEr/g1isRQspe7QlbKK1Fe8xmrnKXP7lZSCY6Rh5oYzSP22JVVaFxt9eX1/WXA1fHxOkxGAqvHcbmcz6r/WLSbzViNUCFZo62PVacoUQ8PdVfVJKNJw30OIUGlEioPS/27hE5Sx4eEOocXTh/IMvqDxzI389B93vEdqtGicSWf6MBs4KikmbuwZGiZwwX/EWig=
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: cert.org
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 264882c9-0156-4c39-1460-08d9a2c2f2f4
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Nov 2021 14:20:43.1843 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 95a9dce2-04f2-4043-995d-1ec3861911c6
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN1P110MB0833
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/EqzflBaQu6ZcphZpgwPyStJ9NLY>
Subject: Re: [Suit] SUIT rechartering: proposed text
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Nov 2021 14:21:24 -0000
Hi Russ! > -----Original Message----- > From: Russ Housley <housley@vigilsec.com> > Sent: Friday, November 5, 2021 12:25 PM > To: Roman Danyliw <rdd@cert.org> > Cc: suit <suit@ietf.org> > Subject: Re: [Suit] SUIT rechartering: proposed text > > Roman: > > > To make it easier to reference it and perform diffs against prior text, I've > upload the charter text from the WG into the datatracker. > > > > For the full text, see > > https://datatracker.ietf.org/doc/charter-ietf-suit/ > > > > For the diff from the last approved charter, see > > https://www.ietf.org/rfcdiff?url1=https%3A%2F%2Fdatatracker.ietf.org%2 > > Fdoc%2Fcharter-ietf-suit%2Fwithmilestones- > 01.txt&url2=https%3A%2F%2Fda > > tatracker.ietf.org%2Fdoc%2Fcharter-ietf-suit%2Fwithmilestones-01-00.tx > > t > > > > I support the spirit of the additional scope. We need tighten up some of the > language to get it through the review process. > > Thanks. > > > (a) Editorial. Be clearer on the motivation. > > > > OLD > > To support the SUIT manifest format, the SUIT WG is also defining > > formats that enable a SUIT Status Tracker to determine if a particular > > manifest could be successfully deployed to a device and determine if an > operation was successful. > > > > NEW > > To enable the SUIT Status Tracker, the SUIT WG is also defining extensions to > determine if a particular manifest could be successfully deployed to a device > and determine if an operation was successful. > > This seems fine to me. Merged into v01-01 > > (b) We need to be consistent on the approach taken to describe the scope of > extensions. Specifically: > > > > -- We have both a generic clause for scope on "Extensions to the SUIT > manifest for optional capabilities ...", but then the bullet concludes with a > specific instance with " ... including firmware encryption". > > > > -- There is a stand-alone bullet on making a MUD extension, "A SUIT manifest > extension to include a MUD file as defined in RFC 8520" > > > > Should we have both caveated support of optional capabilities? Is there a > threshold we need, say "... when there is broad applicability"? or limited to > specific applications/utility? > > > > Should we enumerate the extensions were already want to work on here > > (firmware encryption, MUD, Software IDs/SBOM, multiple trust domains?) > > At the time that this text was crafted, we did not know how the extensions > would get broken up. We have a first cut at that now, but I think that the base > text should allow for further reorganization. > > The SUIT WG document deliverables are: > * A SUIT manifest format specification using CBOR. > * Extensions to the SUIT manifest for optional capabilities, including: > - firmware encryption, > - trust domains, > - update management, and > - inclusion of MUD file as defined in RFC 8520. > * A secure method for an IoT device to report on firmware update status. Merged into v01-01 > > (c) Should be provide a milestone for deciding on where the joint RATS-SUIT > work will happen? > > I think we can add a milestone if the work lands in SUIT. I'm guessing it will > land in RATS with review in SUIT. I was envisioning a milestone for the decision to do the work in RATS vs. SUIT, not a milestone for the work itself. For example: "XXX-2022 Decide with RATS WG on where the 'set of claims for attesting to firmware update status' document should be produced" > > (d) We also need milestones for the new scope. Judging from what's in the > current document list (https://datatracker.ietf.org/wg/suit/documents/) is that: > > I think that you missed that some of the "Done" milestones are new: > > Done Adopt firmware encryption document as WG item. > Done Adopt SUIT Status Tracker document as WG item. > > These were already adopted because they fit the old charter, but we failed to > create milestones at that time. These are merged into the live WG milestones. > > (previously defined, still open milestone) Feb 2022 Submit an initial > > manifest serialization format to the IESG for publication as a Proposed > Standard. > > > > (new milestones) > > MMM-YYYY Submit a SUIT Manifest firmware encryption extension document > > to the IESG for publication as a Proposed Standard > > (draft-ietf-suit-firmware-encryption) > > MMM-YYYY Submit a SUIT ??? (draft-ietf-suit-report-00) MMM-YYYY Submit > > a SUIT Manifest MUD extension document to the IESG for publication as > > a Proposed Standard (draft-moran-suit-mud) MMM-YYYY Submit a SUIT > > Manifest extension that enables support for multiple domains document > > to the IESG for publication as a Proposed Standard > > (draft-moran-suit-trust-domains) MMM-YYYY Submit a SUIT Manifest > > extension for ??? to the IESG for publication as a Proposed Standard > > (draft-moran-suit-update-management) > > > > The currently unadopted document could also have a corresponding > milestone of "Adopt ..." > > Sorry, that was a cut-and-paste error on my part: > > Dec 2021 Adopt SUIT Manifest update management document as WG item. > Dec 2021 Adopt SUIT Manifest trust domains document as WG item. > Dec 2021 Adopt SUIT Manifest MUD extension document as WG item. Add to v01-01 charter. > Feb 2022 Submit an initial manifest serialization format to the IESG for > publication as a Proposed Standard. Added to the live (current) charter as this is prior work with a new date. > Aug 2022 Submit firmware encryption document to the IESG for publication as > a Proposed Standard. > Sep 2022 Submit SUIT Status Tracker document to the IESG for publication as a > Proposed Standard. > Nov 2022 Submit SUIT Manifest update management document to the IESG for > publication as a Proposed Standard. > Nov 2022 Submit SUIT Manifest trust domains document to the IESG for > publication as a Proposed Standard. > Dec 2022 Submit SUIT Manifest MUD extension document to the IESG for > publication as a Proposed Standard. Add to v01-01 charter. Regards, Roman > Thanks, > Russ
- [Suit] SUIT rechartering: proposed text Brendan Moran
- Re: [Suit] SUIT rechartering: proposed text Michael Richardson
- Re: [Suit] SUIT rechartering: proposed text Brendan Moran
- Re: [Suit] SUIT rechartering: proposed text Russ Housley
- Re: [Suit] SUIT rechartering: proposed text Russ Housley
- Re: [Suit] SUIT rechartering: proposed text Michael Richardson
- Re: [Suit] SUIT rechartering: proposed text Dave Thaler
- Re: [Suit] SUIT rechartering: proposed text Waltermire, David A. (Fed)
- Re: [Suit] SUIT rechartering: proposed text Russ Housley
- Re: [Suit] SUIT rechartering: proposed text Dave Thaler
- Re: [Suit] SUIT rechartering: proposed text Russ Housley
- Re: [Suit] SUIT rechartering: proposed text Dave Thaler
- Re: [Suit] SUIT rechartering: proposed text Waltermire, David A. (Fed)
- Re: [Suit] SUIT rechartering: proposed text Michael Richardson
- Re: [Suit] SUIT rechartering: proposed text Dave Thaler
- Re: [Suit] SUIT rechartering: proposed text Michael Richardson
- Re: [Suit] SUIT rechartering: proposed text Russ Housley
- Re: [Suit] SUIT rechartering: proposed text Dave Thaler
- Re: [Suit] SUIT rechartering: proposed text Russ Housley
- Re: [Suit] SUIT rechartering: proposed text Brendan Moran
- Re: [Suit] SUIT rechartering: proposed text Russ Housley
- Re: [Suit] SUIT rechartering: proposed text Michael Richardson
- Re: [Suit] SUIT rechartering: proposed text Ira McDonald
- Re: [Suit] SUIT rechartering: proposed text Dave Thaler
- Re: [Suit] SUIT rechartering: proposed text Russ Housley
- Re: [Suit] SUIT rechartering: proposed text Russ Housley
- Re: [Suit] SUIT rechartering: proposed text Michael Richardson
- Re: [Suit] SUIT rechartering: proposed text Dave Thaler
- Re: [Suit] SUIT rechartering: proposed text Michael Richardson
- Re: [Suit] SUIT rechartering: proposed text Roman Danyliw
- Re: [Suit] SUIT rechartering: proposed text Roman Danyliw
- Re: [Suit] SUIT rechartering: proposed text Russ Housley
- Re: [Suit] SUIT rechartering: proposed text Michael Richardson
- Re: [Suit] SUIT rechartering: proposed text Michael Richardson
- Re: [Suit] SUIT rechartering: proposed text Roman Danyliw
- Re: [Suit] SUIT rechartering: proposed text Roman Danyliw
- Re: [Suit] SUIT rechartering: proposed text Russ Housley
- Re: [Suit] SUIT rechartering: proposed text Roman Danyliw