[Suit] Follow-up AD review on draft-ietf-suit-manifest-24

Roman Danyliw <rdd@cert.org> Sun, 29 October 2023 00:12 UTC

From: Roman Danyliw <rdd@cert.org>
To: "suit@ietf.org" <suit@ietf.org>
Thread-Topic: Follow-up AD review on draft-ietf-suit-manifest-24
Thread-Index: AdoJ++6dvEzpnWQCSPWY5QTaTbOuuA==
Date: Sun, 29 Oct 2023 00:12:00 +0000
Message-ID: <BN2P110MB110702374844312296933A93DCA2A@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM>
Accept-Language: en-US
Content-Language: en-US
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: OWNqKmMXQ6PoQOXthSXx8ZzONy3oK1HPXmjzAZONySMvj5W8XoD4i9FvrwUWD3cHfa9Z8cmc3KDpuxv5z5XkvtqNH3K7ZPo5pHPTqYpcNJvhiibtUWfbjQxy3Z5+OjH+ZFB/6XxZaz7teQN93hmYem5tgb0Vo+c9b2TjcfOl/N9oOhMlZ2s/A1AkQHgHtcjnPRQn/nAkKih6vRmg4liQVFHfhL2as5JAEGiIRLLzqWde54sm6Dz+XMhWnaE/Sgx+LvYUYy63mpGv17Pvj56fnfzedf3o7fDQUtcWmq0/zUHpOZlLw9llkjFSk+vZagB4e7/0UsGuRS1YerYJn7CO3e/ZvNrIU9ROHHUQlmlKgiPpyINh9STwAAbk5oEWefkOFzPs/ZPIJ7eS/KcdPkY5KDY6m6zLmwAtYeaE0d9paUy9XzCDQ3Z3TSw5G9HdzgpPrmvrmyNULeEiKjafgDyfP3ek9KGc1g6PaIf4JE/wlsOaMY7hp2MtfMbdOkDB9tVoAABNvFCE50IX0GyvwEDOdk0No9GjcqHU6iJ/CMVejfI7dP5srD/WP5ozNzyJQirpBa2VtYMX08fofhsmJdu2mX9Wft9da8bMnMU8EqVDQyrhGofBm7XzX6kta/TB7UQuUr0SkGpYE3GvhSwAyOJkS/42J7wtc6PZtnNogW0+AmIQAL8UJYP24ybWV65iT1+Um6h9vKY1M1Vo5wyfdeTOWIyaRSTQ/dcFsgL7DVCr9KlhpZakevSmVeQGdBuxpxVtg1oUTIUpsRR90xjB1VpV3fUY1pNLfLCXEGkX/Xp+RP+QA0MFwEPmiiPf3DNJHrb2LIfAFJ/CVC7+5fzO15kk3sm5hcv6cbOu8mfpYGuo54naZKSeeajsQt3NUEnzcU8psrubagPQqVKT0smsAkFF/WA61dCaiT+wYFq4cdsZfsm7cZhZWz9+bEOqZHcJl3l174gFyy28Z7d15FLm21fHaR38/WEr3iVE4WuLE6Br1bTtG29H/IheGAGj5M8pVEcSi8JxQbGZcUeJWFEhlI9iR641r5KXDy191X1vGOEzq6uNhBXE9oDE8+VJTp3ohAWJ434hz/KqEEmWFNM0z3NgW3GQsofvKbyk11Idsn8q6qUZIAKQQNWE6G+pEdB+NUz6WybBRedPb8xll4WR+ovskpek6FV63/zyOceA1xIL8kh+Ac1SW/zZXdeeAH0vrTsv8otKKa2Vz2XkxeEO8KL1oYR8ZztaZrCVWcQzRe7a+1v/z2zi6i39ZxYLmM11ih5R2wSQus251BpmbujfatgyTHJJV7ZmlDRm1wPurJQp58rll1miahXhDXUKvyA6qSSin/6l+jevwIREtd65BOEG4xDGs2Bm6msNOnXAtenG+geAqT5WKq4j3TzNL7HvMq+K4PxgRHWM5nYqRG2NxT3FWPTE4G0p5AaJ27UKPNiWIAinfvRzIpYBCjpm0ts5CEwKzs0g3OKFTVfuC2t9ODUpxa6gC1+BTYTKg+ihVb8w0mk=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: cert.org
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: e0dace2a-b60c-43b5-1574-08dbd813abec
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Oct 2023 00:12:00.3174 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 95a9dce2-04f2-4043-995d-1ec3861911c6
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN2P110MB1732
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/Vy44OGqjnN_58zA_2jnupPGTcOk>
Subject: [Suit] Follow-up AD review on draft-ietf-suit-manifest-24
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Oct 2023 00:12:09 -0000

Hi!

Thanks for all of the work to produce -24.  In the spirit of tracking where things stand, the following residual AD review feedback remains from the original on -22 (https://mailarchive.ietf.org/arch/msg/suit/Ak_sFp1PaZcIRSol5Ge_xH2FN-w/) or -23 (https://mailarchive.ietf.org/arch/msg/suit/MJNk7-SBiRrEPRugmZKTlwkQ9jA/).

** Section 5.3.4.  Editorial and introduced in -23: Per “see {#ovr-integrated}, are integrity-checked …”, there is misspelled Markdown reference.

** This document referenced RFC4122.  The bis for it, draft-ietf-uuidrev-rfc4122bis, is in IESG review.  Consider if there is a reason why it could not be used instead.  This feedback come during other IESG reviews of documents referencing RFC4122.

** https://github.com/suit-wg/manifest-spec/issues/108 and 

https://github.com/suit-wg/manifest-spec/issues/107 and


-- REQ.SEC.IMG.CONFIDENTIALITY (Section 4.3.12 of RFC9124)

The manifest information model MUST enable encrypted payloads.

...

Implemented by:  Encryption Wrapper (Section 3.20)

This document does not describe any mechanism to encrypt a payload.  Section 3 says:

This specification covers the core features of SUIT.  Additional
   specifications describe functionality of advanced use cases, such as:

   *  Firmware Encryption is covered in
      [I-D.ietf-suit-firmware-encryption]

However, this reference is not normative and isn't consider a core feature.

[Suit] Follow-up AD review on draft-ietf-suit-man… Roman Danyliw
Re: [Suit] Follow-up AD review on draft-ietf-suit… Brendan Moran
Re: [Suit] Follow-up AD review on draft-ietf-suit… Brendan Moran
Re: [Suit] Follow-up AD review on draft-ietf-suit… Waltermire, David A. (Fed)