Re: [Suit] Manifest-07 review

"Waltermire, David A. (Fed)" <david.waltermire@nist.gov> Wed, 24 June 2020 13:30 UTC

Return-Path: <david.waltermire@nist.gov>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F7B73A0DE1 for <suit@ietfa.amsl.com>; Wed, 24 Jun 2020 06:30:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.103
X-Spam-Level:
X-Spam-Status: No, score=-2.103 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FROM_GOV_DKIM_AU=-0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nist.gov
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SnmyuL5JpPRm for <suit@ietfa.amsl.com>; Wed, 24 Jun 2020 06:29:58 -0700 (PDT)
Received: from GCC02-DM3-obe.outbound.protection.outlook.com (mail-dm3gcc02on2101.outbound.protection.outlook.com [40.107.91.101]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 82BB73A0DD9 for <suit@ietf.org>; Wed, 24 Jun 2020 06:29:58 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JyvwNMKYJjnZa+J4gt1TRDVVMZWaUXdD4A9gibr4B4I8brogN+fPr/WfRJBQu7OYdA6/HCmQAiUUSrEA/OgVBIpVINnmwtezfiJEit4z2u1ErsHmnLeoQPjaLTHCsofZlqtFpANW10VzKyu2hciAla49bgjjiMddviXl8lomgtuIFdin5Fjy175IjKI0aTpcnXEK/D5dL0g6dnx+oIWSFU55uhWgA8zY9y/i1oIOCh261xnK7Xv9DQVTIukc5VwQifsasiusfoD0YV/nFiDBVxrWeBEZ3Q3JjY47KozzWQqu4S48eghxSs6kVl5pKPl8cVWS74re2PvFjk71tzySxA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+ousXpIVF0rQJRR63borVkgmKRqa/c4HxKiBkG+nC8g=; b=H2i05U7BFuixk+dV93JhEkBqNbc0fT2CdV48rB4/p2fED4lWcqIc/RJlBTROLZmDiUDEi3aN9qZtzLDDgkZFncfyS8wuYf0VSV7PTSapI7Emq0SbHW1ViQ90fFgvoE0Kp23k1f5jwPANY0T4KSoB0jF/kOdD3S/avBwPMz8r/P1al0g0rgTJOnngrFi/A4ROcu56Ba3z4QIudwcOvTYA7I1OUJ7NBP6RkRQDHdOoMg2mja2WaBkM1Pa0McbGK1OFweJd3YOpTObTkiBadXTTX8xNhgXoDfn7P3xWBygNwQ953N52qvlxgM4PuOULXnywhDSKFgMBROKScDWTNEIydQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nist.gov; dmarc=pass action=none header.from=nist.gov; dkim=pass header.d=nist.gov; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+ousXpIVF0rQJRR63borVkgmKRqa/c4HxKiBkG+nC8g=; b=VheupnP2C50Gw6B77wXYs2OKyDxND1EDVbUTTDW0ByuG5JTUozFI+zD4Bn+oGKX5k5aR0iD81nV3YMZAW07Ydhd9DZD5LjeBahwcpzTYi1TLiRegQeI3T03gEAie5opU3rL82HN1XzyVJ5jxrEgubZUPNg1S5uFrIjIN1xz3r8E=
Received: from CH2PR09MB4251.namprd09.prod.outlook.com (2603:10b6:610:36::17) by CH2PR09MB4474.namprd09.prod.outlook.com (2603:10b6:610:66::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3131.20; Wed, 24 Jun 2020 13:29:56 +0000
Received: from CH2PR09MB4251.namprd09.prod.outlook.com ([fe80::ddf9:c0ba:7ee3:c00f]) by CH2PR09MB4251.namprd09.prod.outlook.com ([fe80::ddf9:c0ba:7ee3:c00f%6]) with mapi id 15.20.3131.020; Wed, 24 Jun 2020 13:29:56 +0000
From: "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>
To: =?iso-8859-1?Q?R=F8nningstad=2C_=D8yvind?= <Oyvind.Ronningstad@nordicsemi.no>, suit <suit@ietf.org>
Thread-Topic: Manifest-07 review
Thread-Index: AdZJ/dxWDAt2IAgGSk6bbwUyoDHNSgALZjZA
Date: Wed, 24 Jun 2020 13:29:56 +0000
Message-ID: <CH2PR09MB425136BCE8E859DFBED017DCF0950@CH2PR09MB4251.namprd09.prod.outlook.com>
References: <AM0PR05MB4339D51F857444D08ECAC41888950@AM0PR05MB4339.eurprd05.prod.outlook.com>
In-Reply-To: <AM0PR05MB4339D51F857444D08ECAC41888950@AM0PR05MB4339.eurprd05.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: nordicsemi.no; dkim=none (message not signed) header.d=none;nordicsemi.no; dmarc=none action=none header.from=nist.gov;
x-originating-ip: [132.163.220.253]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: d7e20e5e-ad9e-4b6a-7f0a-08d81842afd4
x-ms-traffictypediagnostic: CH2PR09MB4474:
x-microsoft-antispam-prvs: <CH2PR09MB447434C954EC7456BC9E4287F0950@CH2PR09MB4474.namprd09.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0444EB1997
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 9OXe7GHsbfrdprshEtkSbxCrnYkhvv2x/SHYb623+uHnhBuUz6gnBfuvUEr8bpV/+Q1reET4H67uao9FMfB7FyCVDCu9hLqJJLVpy39Ga7kRh12YycBtK3j69kl5NIIYH3bUWJWF8Nn/BD4qfM94h5o5kmQ7ewecFn22hsd3KeRsPi2Knd/vPb/qoSukl+cGlXNQE/IT+KZKfE9VFo015qeLLrXoIj7m1Yzg+78hLrnshxzcYPCm23L4mk766P/NTqf2SCp6ru6xXoFdgK2xd+xXqAooDjea6/FUl1x08gWB1Qrr3UPHBREVogEVanL02Z5Ci8DG++exN1weNzFGgt45l0hePaStUUJ8G6/IhY73HwHEKSrO9pKwSCv35Rd5sY1jiIWsdA6L4K5pJytWwg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH2PR09MB4251.namprd09.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(346002)(376002)(136003)(39850400004)(396003)(366004)(8676002)(76116006)(52536014)(66556008)(8936002)(186003)(66946007)(83380400001)(316002)(26005)(66476007)(66574015)(64756008)(66446008)(110136005)(966005)(71200400001)(5660300002)(86362001)(6506007)(33656002)(53546011)(9686003)(2906002)(7696005)(55016002)(45080400002)(478600001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: 6lDYiv8BIdczFdVhoOj596w32vZVVNVpAeVeLnoH52I5q0emVglaB9I84NpeaDjiYjBXF6nQks1A8MGbIJRL5deXGK3uGg3/UU0TcYqiZlEfTipdbTCkXQxEs65QnVnf/sAEPx+qCyf3V56t7/CJPxm9lxZwEOD/ETlzu9AMYjZQP8k+nvz2gdFMQozoXfs5o7Vk09Km4da0FbNA9XQWuVT5d2c/QFhSFzVMYCy4EuwdD+Fg9A8jB/OCG188ENm15RieSE35BMOp1Jq1JlSk3rH0xTLgT7N/i6bx6YORLoZ0/pPTmFpa8EaL6wbaWaw9tDsQSVos4Bk3wjy8yD/wTiM+Trv9Wb3KGQYIEMaefAGZLRGKnM6L1qGjaI0LlimZ8PMWAPcqMBWTsxQmhTv/ZWnPqTXVcRq+RRr9ay19Uiwo7RE8hHmJ7mJxkc65abCq068Sk05Wd0WqnYFJn0LgLp4hPmi7/Hbv11Scc2NBmx1aksdP2RuldNpFRXtZEFNE
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH2PR09MB4251.namprd09.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d7e20e5e-ad9e-4b6a-7f0a-08d81842afd4
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Jun 2020 13:29:56.8547 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: iZA1bgMpw5Dc3zp7Oamk78/ZRPny9+A477UCRykeJk14rQcTha6xJt3vmDvSVGjyvbi8IpBvApvK0sfOUhvb0g==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH2PR09MB4474
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/8drIH8xb8eu1vSxRSa4qK63Zrzg>
Subject: Re: [Suit] Manifest-07 review
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Jun 2020 13:30:00 -0000

Øyvind,

Thanks for this review!

Dave

-----Original Message-----
From: Suit <suit-bounces@ietf.org> On Behalf Of Rønningstad, Øyvind
Sent: Wednesday, June 24, 2020 6:03 AM
To: suit <suit@ietf.org>
Subject: [Suit] Manifest-07 review

Hi guys, here is a review of manifest-07. Mostly small stuff.

Questions:
.. Section 6.4: What are the guidelines for extracting the vendor-id, class-id, device-id, or version of a component?
.. Suit-condition-component-offset is used in an example, but marked as TBD in its section. I see that it is described in 6.4 as "assert(offsetof(component) == arg)". What are the semantics of "offsetof"?
.. Can suit-directive-process-dependency be done on a component, or just on a dependency? Generally, there seems to be some mismatch between the description in 6.4 (which implies that most directives and conditions only apply to a component index) and textual descriptions e.g. in 9.8.4.1 and 9.8.4.2 (which imply that directives and conditions apply to whichever is available of component index and dependency index).
.. (It would be very beneficial to make 6.4 "Abstract Machine Description" more prominent, e.g. by linking from the individual section for commands, since 6.4 contains very useful info about how the commands work, and it's hard to discover otherwise.) .. What (if any) are the rules regarding when to perform dependency-resolution, payload-fetch, and install, and when to perform only validate, load, and run?
.. suit-manifest-sequence-number: "Each Recipient MUST reject any manifest that has a sequence number lower than its current sequence number." Are there several "current sequence number"s or just one for each SUIT processor. Exactly when is the "current sequence number" updated?
.. What should the processor do when waiting on a suit-directive-wait? Can it be interpreted as "try again later", or "busy wait"?
.. There are important limitations to what sort of commands can be in suit-common. Could the limitations be reflected in the CDDL? It seems like a natural thing to do, to make the limitations more prominent.
.. When processing dependencies, how do we know when to a) expect a signature and b) check the signature on a dependency manifest?
.. Did we mean for short payloads to be embeddable in the manifest (I can't find this)? This would be very useful for setting configuration options via SUIT manifests. 
.. Is the device-identifier unique for each individual device, or for a collection of devices?	
.. Why are suit-directive-set-component-index and suit-directive-set-dependency-index not implemented through set-parameters? Are they subject to the same override mechanics? If not, it might be confusing with suit-parameter-source-component, which seems to be analogous to set-component-index, but might have subtly different behavior because of override mechanics.

Nits:
.. Suit-directive-fetch: "manifest-index" is not referred to elsewhere in the document.
.. Section 7: Suggested edit in bold: "A digest should always be set using Override Parameters, since this prevents a less-privileged dependent OR dependency from replacing the digest."
.. suit-condition-update-authorized seems like it could use some metadata to help determine what is being authorized, e.g. A human readable prompt if user interaction is required, or an identifier if multiple instances of the condition are used in a manifest.


Thanks for the good work,

Øyvind

_______________________________________________
Suit mailing list
Suit@ietf.org
https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fsuit&amp;data=02%7C01%7Cdavid.waltermire%40nist.gov%7C909e99a025494e915e6008d81825e30f%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C637285898291416907&amp;sdata=Hww6iMALkbaHZQLb1VeYGCDfb7yrQGbpUbUa%2FD5u4Fo%3D&amp;reserved=0