Re: [Suit] Introducing draft-moran-suit-manifest-04

"Waltermire, David A. (Fed)" <david.waltermire@nist.gov> Thu, 11 April 2019 15:48 UTC

Return-Path: <david.waltermire@nist.gov>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0298B120669 for <suit@ietfa.amsl.com>; Thu, 11 Apr 2019 08:48:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nist.gov
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u_GpNEwAb8bb for <suit@ietfa.amsl.com>; Thu, 11 Apr 2019 08:48:52 -0700 (PDT)
Received: from GCC01-DM2-obe.outbound.protection.outlook.com (mail-dm2gcc01on0722.outbound.protection.outlook.com [IPv6:2a01:111:f400:fd01::722]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5948212065F for <suit@ietf.org>; Thu, 11 Apr 2019 08:48:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1tpZtOfCVpub/B276kE5YHyOxlBKosATucRbPwL5zWI=; b=qr/O7IghQAVOFpG1vqcMrSSTgyTK7rfj8JNNGFSSvPNyfRvt58WqfCVMcHUmZbYkL4ql1pMozKASRlOgh5LlJhZGWMOCyx12Qp72Xtm3/emy5cJTMPlVVz1aEyMem7HZ/FgEZ0NjyTl6oQhROEQQWnstyUZ1V0ZDN6SDrJ8zyWM=
Received: from SN6PR09MB3264.namprd09.prod.outlook.com (20.177.251.21) by SN6PR09MB3262.namprd09.prod.outlook.com (20.177.251.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1792.16; Thu, 11 Apr 2019 15:48:50 +0000
Received: from SN6PR09MB3264.namprd09.prod.outlook.com ([fe80::d40a:9312:f1f:9048]) by SN6PR09MB3264.namprd09.prod.outlook.com ([fe80::d40a:9312:f1f:9048%5]) with mapi id 15.20.1792.016; Thu, 11 Apr 2019 15:48:50 +0000
From: "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>
To: =?iso-8859-1?Q?R=F8nningstad=2C_=D8yvind?= <Oyvind.Ronningstad@nordicsemi.no>, Brendan Moran <Brendan.Moran@arm.com>, "suit@ietf.org" <suit@ietf.org>
CC: =?iso-8859-1?Q?Kvamtr=F8=2C_Frank_Audun?= <frank.kvamtro@nordicsemi.no>
Thread-Topic: Introducing draft-moran-suit-manifest-04
Thread-Index: AQHU2L81dzELNCQKcEaCHfQ8cPehA6Y2x2+wgABw2OCAAAtb8A==
Date: Thu, 11 Apr 2019 15:48:50 +0000
Message-ID: <SN6PR09MB3264D424FEEFFA6D998C6998F02F0@SN6PR09MB3264.namprd09.prod.outlook.com>
References: <16EC7DB9-1649-4A86-A370-F77CB03305AC@arm.com> <HE1PR05MB32285B66AB7015921D83F852882F0@HE1PR05MB3228.eurprd05.prod.outlook.com> <HE1PR05MB32285EE3C40D73345D217935882F0@HE1PR05MB3228.eurprd05.prod.outlook.com>
In-Reply-To: <HE1PR05MB32285EE3C40D73345D217935882F0@HE1PR05MB3228.eurprd05.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=david.waltermire@nist.gov;
x-originating-ip: [129.6.222.129]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 659e705e-b286-4035-7b4f-08d6be95311d
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600139)(711020)(4605104)(4618075)(2017052603328)(7193020); SRVR:SN6PR09MB3262;
x-ms-traffictypediagnostic: SN6PR09MB3262:
x-microsoft-antispam-prvs: <SN6PR09MB32623B011FD693F5AF754C26F02F0@SN6PR09MB3262.namprd09.prod.outlook.com>
x-forefront-prvs: 00046D390F
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(366004)(39860400002)(396003)(346002)(136003)(376002)(13464003)(189003)(199004)(7736002)(305945005)(6116002)(8936002)(486006)(26005)(476003)(446003)(6506007)(478600001)(76176011)(53546011)(5660300002)(11346002)(105586002)(106356001)(7696005)(74316002)(6246003)(81156014)(99286004)(81166006)(25786009)(186003)(3846002)(8676002)(4326008)(2906002)(86362001)(9686003)(97736004)(14444005)(52536014)(53936002)(55016002)(256004)(6436002)(102836004)(14454004)(66574012)(229853002)(71190400001)(71200400001)(66066001)(33656002)(2501003)(68736007)(316002)(110136005); DIR:OUT; SFP:1102; SCL:1; SRVR:SN6PR09MB3262; H:SN6PR09MB3264.namprd09.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: bOBoslpVWRbwdbUqwQXzifmTLMwAOsXCvrR0AzHngRUE6NLoBV4PmMox9VGxkDcyzYSCeIJpfy6j1EF5M77il3GZ0AJKqLW5xqec2nkHmkdkRN5UFT7JkTCKA6xV3Wwmciqgu+iTy/G0qNL4Td38nZZzRui+aXp6dfEmWlyZqYALlg13MF+nHfTtwxb6kMdSLB2tYCucwJ9/Kua0BrsN8KrGnpD3jjiZSWSpVW6kK74krx3LvLjqhy5cOkakzja8Ws5Ag5XuEOM3jdsyoiaebM08hypJdlpY42ee3QcnZr3e7VIQWg9ba5faZch/653sTnRj8wBjFw4DC4y8zphv6PXgdcZq+RUpzbJ9ezLdKhFwJrO+/aEmLqGR5SoyB2/BIAY2KNaCJjEELPtkpXE1OImwxrJwJo8fw3hxoEkCPHQ=
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-Network-Message-Id: 659e705e-b286-4035-7b4f-08d6be95311d
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Apr 2019 15:48:50.1413 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR09MB3262
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/RVp5tDTzKieN9qPO4HcORcllc54>
Subject: Re: [Suit] Introducing draft-moran-suit-manifest-04
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Apr 2019 15:48:57 -0000

Some comments on Øyvind's comments below as a WG participant.

> -----Original Message-----
> From: Suit <suit-bounces@ietf.org> On Behalf Of Rønningstad, Øyvind
> Sent: Thursday, April 11, 2019 11:03 AM
> To: Brendan Moran <Brendan.Moran@arm.com>om>; suit@ietf.org
> Cc: Kvamtrø, Frank Audun <frank.kvamtro@nordicsemi.no>
> Subject: [Suit] FW: Introducing draft-moran-suit-manifest-04
> 
> I did a full pass through the document today, and wrote down (quite a few)
> comments, see below. I think this document is very exciting!
> 
> - Øyvind
> 
> 
> The digest-algorithm-ids list is missing the following SHA-2 family functions:
>  - SHA224
>  - SHA512/224
>  - SHA512/256
> Also, the functions that are truncated to 128 and fewer bits will not be
> secure against brute-force attacks, so I question their inclusion here.

RFC 6920, which this draft references, defines the IANA "Named Information Hash Algorithm Registry". It would be good if this draft directly references the "Named Information Hash Algorithm Registry" directly to provide for future agility as new algorithms are added and use of specific algorithms fall out of practice. The "status" field of the registry provides guidance for the later. Algorithm agility should also be discussed in the security considerations.

It would also be useful to allow non-enumerated integer values to be used in the format to ensure that new entries added to the "Named Information Hash Algorithm Registry" are also allowed to be used in the format.

Regards,
Dave