Re: [Suit] Update to multiple trust domains
Dave Thaler <dthaler@microsoft.com> Mon, 17 October 2022 22:36 UTC
Return-Path: <dthaler@microsoft.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E1897C14CE2A for <suit@ietfa.amsl.com>; Mon, 17 Oct 2022 15:36:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.58
X-Spam-Level:
X-Spam-Status: No, score=-7.58 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.571, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xC076pfRN0w0 for <suit@ietfa.amsl.com>; Mon, 17 Oct 2022 15:36:19 -0700 (PDT)
Received: from na01-obe.outbound.protection.outlook.com (mail-westcentralusazlp170100000.outbound.protection.outlook.com [IPv6:2a01:111:f403:c112::]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8F493C14CE38 for <suit@ietf.org>; Mon, 17 Oct 2022 15:36:19 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cqtZ12cSthnr0HtPj5VIUnhcGoBjHKWYGWcj+cnPMtCO6uqmWBaylqZO4owIcWz4osOWWBg5vf1yWxnn+m47twczMjPgYzJNljynn+DRqmqP6v3ux4/jILI6PBeZBBR2/KUvheUJrkOYcL/L9OKBbsitvYqpJpJjw3LLAd61CD8t5HDBnkmGKNluPvr06mqlt1p5eCJXi2Fx2ILOqqWtXbon3how/ic0mlolS2zhIzzCsI1ww5lnxshsvxZZzLrETS4g7bwn5dWQBem7hmU2blD1/RNoYjqo3SjDTnQCIqI3CtY3g07mu9v4xNb5fZ53bTUnXLsslAL/76bY2Knn6Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=JFF8qfZ6nU5TLBc67tdYQpSz/ID/RW1+amS2YoqaOI8=; b=J3obFxqDqXTnyhFwCFpz8WbgfDHlZrBu07oFurnniCzTCTdKGWRGaJbK5ZaAnwV5vau0wfPLqyXS8pmjLXHxX/ozjXZYtiTMM5jflc+S8k+Qw+m7vvjBFUtFsDfKRuLWsBHwioaE+D7qSNHsjfcfX0q7uGLFi3rVNR+DsVvei8FUN9QTx/B7GCjxVlbNLKIQlzysbx4UGilONH/gfNLHC6K5tY7fQ1KHLF1VtDKD/dj+P7+2MkxkwV7lgEYfztGjCk0x2iGMH7nNxw3Bk8Tu+e7VHuORaMR6KUag0HFvNxaF5wUAaoa6LqPnh8OxRxN/usDEM3+8WKxRpLfpdP6xFg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JFF8qfZ6nU5TLBc67tdYQpSz/ID/RW1+amS2YoqaOI8=; b=OPc1gH4VZEcqR5NSpfaQp62ohKTg8uwVjMX5ELt/+kTXkdlh2tn65Usb9Lz+bvBKrjL/qA37J0Sn4OA2AM21yteqrskI1Mx0nFqH/AEdCCrCCmJ6FquHeWx+Y1wuFrAyxG0ssQe3RxBwWK/gwX7oWnolm83kmLm6zT0B4EwWs4U=
Received: from DM4PR21MB3440.namprd21.prod.outlook.com (2603:10b6:8:ad::14) by CY5PR21MB3447.namprd21.prod.outlook.com (2603:10b6:930:c::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5746.6; Mon, 17 Oct 2022 22:36:15 +0000
Received: from DM4PR21MB3440.namprd21.prod.outlook.com ([fe80::5a88:f55c:9d88:4ac2]) by DM4PR21MB3440.namprd21.prod.outlook.com ([fe80::5a88:f55c:9d88:4ac2%2]) with mapi id 15.20.5746.006; Mon, 17 Oct 2022 22:36:15 +0000
From: Dave Thaler <dthaler@microsoft.com>
To: Brendan Moran <brendan.moran.ietf@gmail.com>, suit <suit@ietf.org>
Thread-Topic: [Suit] Update to multiple trust domains
Thread-Index: AQHY39U9h91T60md6kql21/S/7G8g64TMVIQ
Date: Mon, 17 Oct 2022 22:36:15 +0000
Message-ID: <DM4PR21MB3440C0C54C9650C61ACB3B6CA3299@DM4PR21MB3440.namprd21.prod.outlook.com>
References: <CAPmVn1N5Em32EqCixakt4R5WsuMyW6rEAfgWwGeHrLtnz12VKw@mail.gmail.com>
In-Reply-To: <CAPmVn1N5Em32EqCixakt4R5WsuMyW6rEAfgWwGeHrLtnz12VKw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=a503424f-be0c-407c-9a92-793f15157b73; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2022-10-17T22:33:35Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=microsoft.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DM4PR21MB3440:EE_|CY5PR21MB3447:EE_
x-ms-office365-filtering-correlation-id: 885ca7e0-d211-414d-1832-08dab0900098
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: sM97CRO3Tz9Wiv4dV2+YztnMN20xWeCtbSs1/sRIMmqeWVQfenE0LVgdPTU5tP3UsZ7Ip4uM3M2DbFVWQ/tmKpN6TgvmpDhIMKLGchPFBtJ5sI81V3rDfCr5fQK+hRlnBiSX+ti3vm/fVKWNuuaulnpC60bN6PH/IgHLHNrM4inOlE5a0OBptKUdUwfKLEHtfSsS6GSzS9cMX2MLjNAurhVIVYJXiDiT4Ovucu+sZCbx79K4zDDq62hbZBRzcQgWIVkNLijSGFHPnnE78PM+Y/SPsoMEpPitZZvCNSAKrtTH1jUyMuz2huUL9IWcnHm9lD4GdHiikz7nhjQdQ34eUrOHNv9+JGgKLVOQRyaz0Z4dRztjhP76KWWiHGcuknsdXTewSVnNZ8b6xT6sKWFek6/Qy0THUQELiwAvyFtp5YwnxP/lSt5mQl1UNpQKd/pLModOUvJnPH+HaH7CM0PB8BKsN0VJhOn2GCChKYFVDj09ocWzTlSfA4owbH+WVWqssAhYu2d7+wlNYjylOWpF/35gSvD2bX/FDy/qhA1w5bv4nw24jp15CIc/tV43Hk0YyKcMJcM9iN4k4ActteG2TQcAMYQCOl3ZxesTHZjfisRRUyFCw/4WDFZAmR96lJuRdQRfTNOEr0PU7oH/SBL6RMz2hXLl0l89oML1MQq/pfUqx2lbk3SNjIzRq83LomQEicssfD2wdPuAa6lZ6vB3F5z5vEQDKYxsi0dAVzYadoQ9qBa6jNu8TbgurR/Tow4XHCedIFskZZGRV5uqR8vmeeD34ncK3ZB0stc8ZU4OqwrH/ny8Xw8gm2wxdHi+OnQ4T3iYycCKaQlsRo7zCJBX5bwngkJ++pEuKtAGxt8VZTXi1Pswt6B3WsAN5k5TsKM/
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM4PR21MB3440.namprd21.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(366004)(39860400002)(376002)(396003)(346002)(136003)(451199015)(8990500004)(5660300002)(8936002)(2906002)(15650500001)(8676002)(9686003)(316002)(53546011)(6506007)(7696005)(166002)(83380400001)(110136005)(66556008)(38100700002)(66946007)(10290500003)(41300700001)(82960400001)(66476007)(76116006)(66446008)(82950400001)(86362001)(478600001)(52536014)(26005)(64756008)(71200400001)(66574015)(966005)(55016003)(33656002)(122000001)(186003)(38070700005); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: dFSewvQfqp5aenFUQtrHdVrPiN24qmFYpyty7kO9yAEIZIrRjywmJAhlNHLGG0PBnmbbJl4orHSdojcYnlc4xk4tIOh8HUE6ufg7XFNtwu63jV3YW8u7piN2r6RBD9VpEGkaAogDafqK4URDyw9KOBfMezPaOm4XOP1u1UwPvZ7R5fERvsWYcWwjGjblDQHK7dY7w8gjhdkFVbznv67CWGw7L9+JHYFEecpuNcBUmwpAb2YaFtiS5nXR5kNJ3O+ov+NfriMHnxBNS48o/dVwaw1XW+UoRnbLEWG69o1vQcH5HtonXeuhrc9vf4Mwu36JwhavhTPtK2SdJEJ1n61qxxgyHf4XBOvFMRgSuQygGa1znV0SbE5yPr01xIxWwtJqKmS3q/KYsfSDSH7qWFG2NRd1NtdgpS1XuEuNGR/WM3pebdZjH0qEL6fTU4JD+1C/6poxxyGem23IE46Rd13K/qYTFOuZuJr6SQ63iqdUH3Snixe0HdkBzNXI0zXZNkKWfxfUKtI++RdV48llSagZLKV/WQ5jc8iZrhpJwSrSwxBuCknXvkSR1Nk8xYzozOMQp95FDKDPTcneq5T/SxOLKQl5Ecvb/rhW6P8Tiz/4M5zem6bTgfm/Kdp0/OT7nnHljUGaZuAsjzR3Pkdl9hNbS0XYDvbZVe3NvROcL3aOPWzIBrPwTCCjh0lS1g1Aw2CUl49Mo0jgDMgg6gaWDa8KSt+T2WnoF6Iy9HwbamcF8K9HTnHBCK10P9+s4XkdfNhoxp+N0OdflbyCRXBJP2hMxEBQezBu4Fkxt4Ob++26jNivj+baIYZR6ceofslarib/S1DcKefkx2fmj13D3N10OXXC04R50KO3s3cU+70C0zFmcgxkAFXUwtiECLsizLy/pqgcHWEOCKySi4raAGFx90ucEJS9rV1tFv8TfJVbgMc4DR4HrsSufs7CQ9qT2aI72pShaRU6ENf1K0+nbcUTcn9z6NbBdWsFcLkbTyPKfqAB0hiweIbuQsBg/AonNHbHiDWI6a82gnOYczzLOV6HX6NzoOdXJxq4PTa/i7hFVmdZA7pcCRaY/y3es5Hd8NyCxnw9Z8pKMk7qiyUCIFlKIen3szJE3LGapq5uJIqam2d8H+xlVkQXl1lGcDUa9fsxCkmEimthL/5y02lGlj9UrEFmczctOXz8nY2u3ZY5zeGaWnxpgZzo60miK2nQjhsTqpUDAPwrMfbUgRoRUT/C78QX+Dddahj84E2hDFntFcrenSt+wUy0aKt1rxF10x1H1ce8QcVz6bKH2yQf6kn0u/ts5WqL0IZBFz8irs25LDk7USbNK46Amv6kL0qf3/vUagGlObxL+4gw0/YiTYfEARoer5cNQLwUb+5cT3OI51p/phh1yJS0mAWUKzE1iIAH4DFK3MV03oywvPNJfrIjxm8lrq9D06w9MuE8EYT3QjW0smM58Mi31kODsaXPZ0yCgXI99M21VLMvR5tISnsRkpUGekinmUFol2ReRaLyC2MDOgQc/o193x48iECCcrZ6nOa8SSixEbJbeGllSjAouOU9OSK07ccmug+40iEooZtrbwqRq2WHLRdnmaSCpQqAFFpInddaXasFppNwrXRVew==
Content-Type: multipart/alternative; boundary="_000_DM4PR21MB3440C0C54C9650C61ACB3B6CA3299DM4PR21MB3440namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM4PR21MB3440.namprd21.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 885ca7e0-d211-414d-1832-08dab0900098
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Oct 2022 22:36:15.7690 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: PUhPm6/6sTsd7vBROpFfvx8jOeDD6OhQy/te16EixqWm0aXc3PInPoIF0BR3qDkV/yOzhVi+jzbKwaLrxu0goOq9xIxi72RmFGES6QTCMKc=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY5PR21MB3447
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/PCD_B08-od9CkTx4Yhk29MKC9eg>
Subject: Re: [Suit] Update to multiple trust domains
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Oct 2022 22:36:22 -0000
TEEP is still waiting for a resolution to issue Uninstalling trusted components · Issue #238 · ietf-teep/teep-protocol (github.com)<https://github.com/ietf-teep/teep-protocol/issues/238> which is: As discussed on the list (and presented in the IETF 114 meeting)... this issue tracks the impact on the TEEP spec Ken Takayama writes: Proposal Add suit-uninstall to the Multiple Trust Domains document because it is useful functionality when updating depending components in some situations. ... Issue The library-a is no more required and should be uninstalled, but how to uninstall it when updating the application? >From a TEEP perspective, I think this is important to say how to do. I run into this issue in my TEEP implementation too. The TEEP protocol used to have a field in the Update message (in addition to any SUIT manifests) that identified which components to remove. Recently the TEEP protocol was updated to just list manifests, under an assumption that the manifest would contain deletion instructions. The TAM (an update server) sends manifests or references to them, to a TEEP Agent (a device on which to install/update/uninstall components with SUIT manifests). So to do a deletion, the TAM needs a way to indicate that without it being the component author. It could do that by the TAM creating the SUIT manifests themselves, and incrementing the sequence number to do a deletion but that would require generating manifests on the fly rather than having one manifest for all TEEP Agents, some of which might have the component installed and some not. It could also do it by not using a newer SUIT manifest but having the uninstall directives included in the installation manifest as Ken proposed, in which case the original TEEP mechanism might make sense to put back in. Personally (as a TEEP implementer), I would prefer having the uninstall directives included in the installation manifest as Ken originally proposed. Let me know if this has been addressed in some SUIT document already. Thanks! Dave From: Suit <suit-bounces@ietf.org> On Behalf Of Brendan Moran Sent: Friday, October 14, 2022 6:59 AM To: suit <suit@ietf.org> Subject: [Suit] Update to multiple trust domains I have uploaded a PR for some changes to the multiple trust domains draft, inline with the recommendations that Øyvind made for handling dependencies. Please let me know if you have any feedback! https://github.com/bremoran/suit-multiple-trust-domains/pull/2<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fbremoran%2Fsuit-multiple-trust-domains%2Fpull%2F2&data=05%7C01%7Cdthaler%40microsoft.com%7C52b0e1cc52dd4a869fee08daadec39fd%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638013527966443470%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=JxcgEZU29ebs0uxAHU2jsYkb%2FAUfiJxQR%2BY%2B3bsfSBE%3D&reserved=0> Best Regards, Brendan
- [Suit] Update to multiple trust domains Brendan Moran
- Re: [Suit] Update to multiple trust domains Dave Thaler
- Re: [Suit] Update to multiple trust domains Brendan Moran