IETF Logo Mail Archive

Re: [Suit] SUIT rechartering: proposed text

Russ Housley <housley@vigilsec.com> Fri, 05 November 2021 16:24 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9002E3A117E for <suit@ietfa.amsl.com>; Fri, 5 Nov 2021 09:24:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jYaoWNnxqk9z for <suit@ietfa.amsl.com>; Fri, 5 Nov 2021 09:24:52 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BAF103A117C for <suit@ietf.org>; Fri, 5 Nov 2021 09:24:52 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 52672300BF2 for <suit@ietf.org>; Fri, 5 Nov 2021 12:24:54 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id EwL3jfud0zhy for <suit@ietf.org>; Fri, 5 Nov 2021 12:24:52 -0400 (EDT)
Received: from a860b60074bd.fios-router.home (pool-141-156-161-153.washdc.fios.verizon.net [141.156.161.153]) by mail.smeinc.net (Postfix) with ESMTPSA id 7051F300A1C; Fri, 5 Nov 2021 12:24:52 -0400 (EDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.21\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <BN1P110MB093911A420389098A6444B29DC8E9@BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM>
Date: Fri, 05 Nov 2021 12:24:49 -0400
Cc: suit <suit@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <B170B41E-CE69-4049-A091-C44DC4C934D6@vigilsec.com>
References: <66D84CE5-22E6-44F0-8239-8A5832326219@arm.com> <3E7D5E5B-03EE-4EDD-A951-FB119F72DDE8@arm.com> <16339.1613515194@localhost> <E4B87013-1498-463F-98C0-5FF13344C3EA@arm.com> <6FC3F38A-B067-4180-ACD9-A121162EA459@vigilsec.com> <26718.1626138395@localhost> <MN2PR09MB4841BA0A0CC978E70A09A509F0119@MN2PR09MB4841.namprd09.prod.outlook.com> <67F117E7-28F2-45F3-BC4C-AC8116BCB69F@vigilsec.com> <SN6PR2101MB0943178F1E627E78A1343AE8A3E59@SN6PR2101MB0943.namprd21.prod.outlook.com> <50B65F80-808D-4591-9D4D-2346796DA204@vigilsec.com> <1944E3C3-9348-4574-AE26-4133BFD932B0@vigilsec.com> <CH2PR21MB1464AC4D50A932EC45A3B369A3EF9@CH2PR21MB1464.namprd21.prod.outlook.com> <3944F4E6-9644-4D23-9DB0-B0AC0490AB51@vigilsec.com> <A460F3FC-0EC6-4B8F-9D8C-D40AC841E602@arm.com> <20192.1628612087@localhost> <CAN40gSsvPrnMzUrQASo7nmJJKYGjNm=GNtOd9v9+a7Ni1waCCQ@mail.gmail.com> <CH2PR21MB1464E5F803ED4E22B6D90DD3A3F79@CH2PR21MB1464.namprd21.prod.outlook.com> <2002841D-85D6-41AB-B214-963174485119@vigilsec.com> <8A3FC35F-E993-4899-9213-A2DCA8D1F857@vigilsec.com> <BN1P110MB093911A420389098A6444B29DC8E9@BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM>
To: "Roman D. Danyliw" <rdd@cert.org>
X-Mailer: Apple Mail (2.3445.104.21)
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/YebSMwa0rvl4AxSrmn0Y_uMiYa8>
Subject: Re: [Suit] SUIT rechartering: proposed text
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Nov 2021 16:24:58 -0000

Roman:

> To make it easier to reference it and perform diffs against prior text, I've upload the charter text from the WG into the datatracker.  
> 
> For the full text, see https://datatracker.ietf.org/doc/charter-ietf-suit/
> 
> For the diff from the last approved charter, see https://www.ietf.org/rfcdiff?url1=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fcharter-ietf-suit%2Fwithmilestones-01.txt&url2=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fcharter-ietf-suit%2Fwithmilestones-01-00.txt
> 
> I support the spirit of the additional scope.  We need tighten up some of the language to get it through the review process.

Thanks.

> (a) Editorial.  Be clearer on the motivation.
> 
> OLD
> To support the SUIT manifest format, the SUIT WG is also defining formats that
> enable a SUIT Status Tracker to determine if a particular manifest could be
> successfully deployed to a device and determine if an operation was successful.
> 
> NEW
> To enable the SUIT Status Tracker, the SUIT WG is also defining extensions to determine if a particular manifest could be successfully deployed to a device and determine if an operation was successful.

This seems fine to me.

> (b) We need to be consistent on the approach taken to describe the scope of extensions.  Specifically:
> 
> -- We have both a generic clause for scope on "Extensions to the SUIT manifest for optional capabilities ...", but then the bullet concludes with a specific instance with " ... including firmware encryption".
> 
> -- There is a stand-alone bullet on making a MUD extension, "A SUIT manifest extension to include a MUD file as defined in RFC 8520"
> 
> Should we have both caveated support of optional capabilities?  Is there a threshold we need, say "... when there is broad applicability"?  or limited to specific applications/utility?
> 
> Should we enumerate the extensions were already want to work on here (firmware encryption, MUD, Software IDs/SBOM, multiple trust domains?)

At the time that this text was crafted, we did not know how the extensions would get broken up.  We have a first cut at that now, but I think that the base text should allow for further reorganization.

The SUIT WG document deliverables are:
* A SUIT manifest format specification using CBOR.
* Extensions to the SUIT manifest for optional capabilities, including:
  - firmware encryption,
  - trust domains,
  - update management, and
  - inclusion of MUD file as defined in RFC 8520.
* A secure method for an IoT device to report on firmware update status.

> (c) Should be provide a milestone for deciding on where the joint RATS-SUIT work will happen?

I think we can add a milestone if the work lands in SUIT.  I'm guessing it will land in RATS with review in SUIT.

> (d) We also need milestones for the new scope.  Judging from what's in the current document list (https://datatracker.ietf.org/wg/suit/documents/) is that:

I think that you missed that some of the "Done" milestones are new:

   Done      Adopt firmware encryption document as WG item.
   Done      Adopt SUIT Status Tracker document as WG item.

These were already adopted because they fit the old charter, but we failed to create milestones at that time.

> (previously defined, still open milestone)
> Feb 2022  Submit an initial manifest serialization format to the IESG for publication as a Proposed Standard.
> 
> (new milestones)
> MMM-YYYY Submit a SUIT Manifest firmware encryption extension document to the IESG for publication as a Proposed Standard (draft-ietf-suit-firmware-encryption)
> MMM-YYYY Submit a SUIT ??? (draft-ietf-suit-report-00)
> MMM-YYYY Submit a SUIT Manifest MUD extension document to the IESG for publication as a Proposed Standard (draft-moran-suit-mud)
> MMM-YYYY Submit a SUIT Manifest extension that enables support for multiple domains document to the IESG for publication as a Proposed Standard (draft-moran-suit-trust-domains)
> MMM-YYYY Submit a SUIT Manifest extension for ??? to the IESG for publication as a Proposed Standard (draft-moran-suit-update-management)
> 
> The currently unadopted document could also have a corresponding milestone of "Adopt ..."

Sorry, that was a cut-and-paste error on my part:

Dec 2021  Adopt SUIT Manifest update management document as WG item.
Dec 2021  Adopt SUIT Manifest trust domains document as WG item.
Dec 2021  Adopt SUIT Manifest MUD extension document as WG item.

Feb 2022  Submit an initial manifest serialization format to the IESG for publication as a Proposed Standard.
Aug 2022  Submit firmware encryption document to the IESG for publication as a Proposed Standard.
Sep 2022  Submit SUIT Status Tracker document to the IESG for publication as a Proposed Standard.
Nov 2022  Submit SUIT Manifest update management document to the IESG for publication as a Proposed Standard.
Nov 2022  Submit SUIT Manifest trust domains document to the IESG for publication as a Proposed Standard.
Dec 2022  Submit SUIT Manifest MUD extension document to the IESG for publication as a Proposed Standard.

Thanks,
  Russ

v2.23.0 | Report a Bug | By Email