Re: [Suit] SUIT manifest: suit-parameter-uri ... reference?
Christian Amsüss <christian@amsuess.com> Mon, 26 July 2021 22:45 UTC
Return-Path: <christian@amsuess.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 12E313A07F6; Mon, 26 Jul 2021 15:45:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nTl-v30Rwblv; Mon, 26 Jul 2021 15:45:53 -0700 (PDT)
Received: from prometheus.amsuess.com (prometheus.amsuess.com [5.9.147.112]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 802173A07F7; Mon, 26 Jul 2021 15:45:39 -0700 (PDT)
Received: from poseidon-mailhub.amsuess.com (unknown [IPv6:2a02:b18:c13b:8010:a800:ff:fede:b1bd]) by prometheus.amsuess.com (Postfix) with ESMTPS id 5A257401B5; Tue, 27 Jul 2021 00:45:35 +0200 (CEST)
Received: from poseidon-mailbox.amsuess.com (hermes.amsuess.com [10.13.13.254]) by poseidon-mailhub.amsuess.com (Postfix) with ESMTP id 56F1AD0; Tue, 27 Jul 2021 00:45:34 +0200 (CEST)
Received: from hephaistos.amsuess.com (178.115.45.57.wireless.dyn.drei.com [178.115.45.57]) by poseidon-mailbox.amsuess.com (Postfix) with ESMTPSA id C9DC846; Tue, 27 Jul 2021 00:45:33 +0200 (CEST)
Received: (nullmailer pid 2988819 invoked by uid 1000); Mon, 26 Jul 2021 22:45:32 -0000
Date: Tue, 27 Jul 2021 00:45:32 +0200
From: Christian Amsüss <christian@amsuess.com>
To: Brendan Moran <Brendan.Moran@arm.com>
Cc: "draft-ietf-suit-manifest@ietf.org" <draft-ietf-suit-manifest@ietf.org>, suit <suit@ietf.org>
Message-ID: <YP87DP6iNGTIU/bj@hephaistos.amsuess.com>
References: <YDUoNTMC0nIvVQJb@hephaistos.amsuess.com> <FAD0FD0A-AF6C-4680-8202-C5D76D915333@arm.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="O9iEfRKg0YgQsSIR"
Content-Disposition: inline
In-Reply-To: <FAD0FD0A-AF6C-4680-8202-C5D76D915333@arm.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/_EDVqcoMqhQuD5vfGDj_U4b2vp0>
Subject: Re: [Suit] SUIT manifest: suit-parameter-uri ... reference?
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Jul 2021 22:45:58 -0000
Hello Brendan, > I understand what you’re trying to achieve here. But is it necessarily > the right way to do things? SUIT has a mechanism for replacing URIs if > and only if the manifest author permits it. Do you think that a URI > Reference is necessarily a better choice than that here? There's two things to this really -- a) what I've been trying to do (which is what RIOT does right now, and, with current knwoledge, may not be ideal), and b) the ambiguity in the specification on what is syntactically supposed to be here. > I have several concerns with URI References: 1) They leave the > “relative to what” question very murky when a manifest is received via > a push operation. 2) They could leave the recipient with no way to > fetch the payload except, maybe, attempting to fetch it from the > canonical manifest reference URI + URI Reference. For the "realtive to what" in ushes, RFC3986 has the default base URI, which I suppose SUIT could define to be unusable. For not having a way to fetch the payload ... well, in that there's no difference to the application between a broken (because unresolvable because baseless) relative reference and a URI of a scheme the device simply can't use. Nevertheless, on a syntactic level, as long as both full URIs and fragment-only references are accepted, what's in a suit-parameter-uri is a URI reference, and should be labelled as such. If, then, it is useful for SUIT to limit the usable references to the shapes URI and "#" fragment, that's a valid choice, even if I may find it oddly limiting. It may instead make sense to state explicitly that there is no default base URI, and that relative references that are neither URIs nor fragment-only are only usable for manifests obtained through URI dereferencing. But at least that they are relative references IMO needs to be stated clearly, for otherwise the mentions of fragment-only references in section 7 make no sense. BR c -- To use raw power is to make yourself infinitely vulnerable to greater powers. -- Bene Gesserit axiom
- [Suit] SUIT manifest: suit-parameter-uri ... refe… Christian M. Amsüss
- Re: [Suit] SUIT manifest: suit-parameter-uri ... … Brendan Moran
- Re: [Suit] SUIT manifest: suit-parameter-uri ... … Christian Amsüss
- Re: [Suit] SUIT manifest: suit-parameter-uri ... … Brendan Moran