[Suit] Genart last call review of draft-ietf-suit-manifest-25
Dan Romascanu via Datatracker <noreply@ietf.org> Sun, 18 February 2024 11:47 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: suit@ietf.org
Delivered-To: suit@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 3EF78C14F615; Sun, 18 Feb 2024 03:47:38 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Dan Romascanu via Datatracker <noreply@ietf.org>
To: gen-art@ietf.org
Cc: draft-ietf-suit-manifest.all@ietf.org, last-call@ietf.org, suit@ietf.org, dromasca@gmail.com
X-Test-IDTracker: no
X-IETF-IDTracker: 12.5.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <170825685823.63753.17094376946534069293@ietfa.amsl.com>
Reply-To: Dan Romascanu <dromasca@gmail.com>
Date: Sun, 18 Feb 2024 03:47:38 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/c4K3H4mInrDX24aGUSoH9S-dvFM>
Subject: [Suit] Genart last call review of draft-ietf-suit-manifest-25
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.39
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Feb 2024 11:47:38 -0000
Reviewer: Dan Romascanu Review result: Ready with Nits I am the assigned Gen-ART reviewer for this draft. The General Area Review Team (Gen-ART) reviews all IETF documents being processed by the IESG for the IETF Chair. Please treat these comments just like any other last call comments. For more information, please see the FAQ at <https://wiki.ietf.org/en/group/gen/GenArtFAQ>. Document: draft-ietf-suit-manifest-25 Reviewer: Dan Romascanu Review Date: 2024-02-18 IETF LC End Date: 2024-02-21 IESG Telechat date: Not scheduled for a telechat Summary: This standards track document describes the format of a manifest, i.e. a bundle of metadata about code/data obtained by a recipient (chiefly the firmware for an IoT device), where to find the code/data, the devices to which it applies, and cryptographic information protecting the manifest. Understanding the SUIT architecture and reading RFC 9019 and RFC 9124 are required. This is a detailed, very clear and complete specification. It is READY.A few editorial comments are mentioned below - no show-stoppers but good to consider for more clarity. Major issues: None Minor issues: None Nits/editorial comments: 1. Terms to add to Section 2. - Terminology: - Bootloader - Message Authentication Code (MAC) - Access Control List (ACL) - Concise Binary Object Representation (CBOR) - CBOR Object Signing and Encryption (COSE) - CDDL 2. Section 4.2: Two instances of: > Compatibility must be checked before any other operation is performed. What kind of compatibility? Should be more precise in each case. 3.Section 6.1 > These failure reasons MAY be combined with retry mechanisms prior to marking a manifest as invalid. What kind of 'retry mechanisms' are considered here? 4. Section 7 > NOTE: *A digest MUST always be set using Override Parameters.* There is something odd about a MUST requirement being included in a NOTE. 5.It is not clear to me what is the intent and difference between leaving entries undefined (as mentioned in Table 10, Table 11) and defining some entries as Reserved (as in Table 12, Table 13) 6. Appendix A contains two capitalized MUST statements. This should be mentioned some place, in order to make clear (if this is the case) that this Appendix is part of the normative text of the document
- [Suit] Genart last call review of draft-ietf-suit… Dan Romascanu via Datatracker