Re: [Suit] SUIT manifest: suit-parameter-uri ... reference?
Brendan Moran <Brendan.Moran@arm.com> Mon, 12 July 2021 19:23 UTC
Return-Path: <Brendan.Moran@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 039423A11CA; Mon, 12 Jul 2021 12:23:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Level:
X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=jhbvWzoZ; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=jhbvWzoZ
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V9PkVWzOuFqI; Mon, 12 Jul 2021 12:23:19 -0700 (PDT)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2040.outbound.protection.outlook.com [40.107.21.40]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E23823A11C7; Mon, 12 Jul 2021 12:23:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GDUWeEiBxjhCOQ/8GYwQ3SP5ATCoGyd8D9jMGumzgCM=; b=jhbvWzoZblzKzkgU7ljH1pYhFAawufwTeuEo7HWRkuxzC8naoyMyjaFroGiPuJfiZGv04yi/Tb1YHGDkYSwq3J0oqm1ABRmKzh7gXX1TEF2V3h1W0Z4G/rf6xWLqEXlJLPMqSj9ttiHlRhyVmhdDF064ZtWaTCPjH1tGgjCBJC0=
Received: from DB6PR07CA0119.eurprd07.prod.outlook.com (2603:10a6:6:2c::33) by AM5PR0802MB2562.eurprd08.prod.outlook.com (2603:10a6:203:a1::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4308.23; Mon, 12 Jul 2021 19:23:15 +0000
Received: from DB5EUR03FT064.eop-EUR03.prod.protection.outlook.com (2603:10a6:6:2c:cafe::95) by DB6PR07CA0119.outlook.office365.com (2603:10a6:6:2c::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4331.11 via Frontend Transport; Mon, 12 Jul 2021 19:23:15 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=pass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by DB5EUR03FT064.mail.protection.outlook.com (10.152.21.199) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4308.20 via Frontend Transport; Mon, 12 Jul 2021 19:23:15 +0000
Received: ("Tessian outbound 17c2a40a31ce:v98"); Mon, 12 Jul 2021 19:23:15 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: 0df600d36f7aa511
X-CR-MTA-TID: 64aa7808
Received: from 30f3dd001762.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 495D1B24-6893-4206-99AA-25E07130C7D4.1; Mon, 12 Jul 2021 19:23:08 +0000
Received: from EUR05-DB8-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 30f3dd001762.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Mon, 12 Jul 2021 19:23:08 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QW8o+Pic+xgWODgD5658iEC5HnqbPCbXARuC6GW7ATu0UQvDkDhDhWxbuKtc5Oi6z1AkRgHmIoddOyOS8irukniJ66GrKIutXs+2wdDrDxuhbXt1O6RB8OV6kD/64tRQB0KmJN94OmGo3MrehIqYCLuZWkkhdz/KBxKr+iPgfiD8JJq2sFtRScYpj+lYadwJ6IzHGQCO5WLP2SDPAhgiMtiE01y3ILAi1QrgvCRA+OW9TMJKZNcVUjMAwSGyfRpphqR8YkuA24/sJlHbBeNT0Pxi0rwobXbpJHJArCmNwVZJIRDzvId1wjUHzIu72xS/oSzz9EXtnsVGHQh0A++oVQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GDUWeEiBxjhCOQ/8GYwQ3SP5ATCoGyd8D9jMGumzgCM=; b=Fol1Bw+uzFoceNj8zTH2egJWmWLBOCvtRxrJNcJWO40Ez8wP7aM8AWtx91iO146qwTHxiRUoW1VW6yAGMqNbdZqW9ecgntfpA2PGzRzc66OuE6hc6QyZLeHC4FxQ/SChE+rq2o+13YQT9rW1nPzIf1VDp5b3/LpnILEzy6OM+YNCR2iYpEBuVyvqoKXypvbbiR+QNX7Eo3rX5l1rtJOenBg1+WM82bKJdxjIuYM8XfYayDJDJiXwcIVmRVWLUOSpJkICUvrZ+n4aVulF/5/aiX2ZpTU5J4gtA4BMLeGEfBIeImXHBKBI2xDu7F0glsOR1cYSEUSOWzveaIizzsRJZA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GDUWeEiBxjhCOQ/8GYwQ3SP5ATCoGyd8D9jMGumzgCM=; b=jhbvWzoZblzKzkgU7ljH1pYhFAawufwTeuEo7HWRkuxzC8naoyMyjaFroGiPuJfiZGv04yi/Tb1YHGDkYSwq3J0oqm1ABRmKzh7gXX1TEF2V3h1W0Z4G/rf6xWLqEXlJLPMqSj9ttiHlRhyVmhdDF064ZtWaTCPjH1tGgjCBJC0=
Received: from DBAPR08MB5576.eurprd08.prod.outlook.com (2603:10a6:10:1ae::11) by DB8PR08MB4185.eurprd08.prod.outlook.com (2603:10a6:10:aa::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4308.21; Mon, 12 Jul 2021 19:23:05 +0000
Received: from DBAPR08MB5576.eurprd08.prod.outlook.com ([fe80::3487:4e34:2e16:5521]) by DBAPR08MB5576.eurprd08.prod.outlook.com ([fe80::3487:4e34:2e16:5521%3]) with mapi id 15.20.4264.026; Mon, 12 Jul 2021 19:23:05 +0000
From: Brendan Moran <Brendan.Moran@arm.com>
To: "Christian M. Amsüss" <christian@amsuess.com>
CC: "draft-ietf-suit-manifest@ietf.org" <draft-ietf-suit-manifest@ietf.org>, suit <suit@ietf.org>
Thread-Topic: SUIT manifest: suit-parameter-uri ... reference?
Thread-Index: AQHXCf4kopc3A6pzsUyy7k1zF9vmQatAkq8A
Date: Mon, 12 Jul 2021 19:23:05 +0000
Message-ID: <FAD0FD0A-AF6C-4680-8202-C5D76D915333@arm.com>
References: <YDUoNTMC0nIvVQJb@hephaistos.amsuess.com>
In-Reply-To: <YDUoNTMC0nIvVQJb@hephaistos.amsuess.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3654.100.0.2.22)
Authentication-Results-Original: amsuess.com; dkim=none (message not signed) header.d=none;amsuess.com; dmarc=none action=none header.from=arm.com;
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-Correlation-Id: 693d1e08-ae7b-4904-5762-08d9456a7f81
x-ms-traffictypediagnostic: DB8PR08MB4185:|AM5PR0802MB2562:
X-Microsoft-Antispam-PRVS: <AM5PR0802MB2562C0ECD1D75C83C76EA93DEA159@AM5PR0802MB2562.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:10000;OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: mnGYpfDfVJy8SwWabRJcRthd2s63XNJhxcqETcTr67Q4MrMnj0kGymE0eGw4PWeqjDeyFNtlXgAftcGfNcVA3H52swUB7JPOBeE3p+4BFT4Ag8YvwSH9RdB3TSMOmcBOLV6vWVVo2l/lUypkegRF/uTciuBjn/6GK1yYXZxIlm5qxgY48z0biFDzRaukKmXKRFz71LfsDMJp/Tjclc1IMbsnCvojhG2SmhnL67jInF/2Jq7fLhrXwkU4LUXyQqqhgLbAA0HSjU5BmKRu5XgBsgd+yZ1aL8staXromyRBz/gcW3JDIu2pM7Xa53vCtx3Lb0pOSoEfPRzKdewNhybys2WXQgeOY+fYv4u/gkZ2aAR5rOpVAs1zORBDkZswImkUH67c4DUnQCdtRDDRsY97u+f+wMAxe53/m6Fqd4Pl3NEWQMvLgnxtyLgb6zWCWburDsenXJjWoiZUfqUvXSNLvlh0KAXRIChW2rA6FzrRwoz4mzGNbpN8T69loZ/RGy1o8w51zrOOmGkfvixcYDLDo2AC0B14nWvIGWz4HACuxfD46KPo8mYu7dI0tpMl47Cy3KrHji6wlmIrc22gKcKqYUtkrwW+3vlUewsc+v3wAynz26SzhltFsR6Ua4StxiW5SJ4E5cYtycisE3JR0VrVVynWIn6WwHluo6ZttYv0j6ZL1DY4Km0Sw3+AJwa7qqFWdT5ojYLI1CSCp5HdjEIWDA==
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DBAPR08MB5576.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(346002)(366004)(376002)(39850400004)(396003)(136003)(64756008)(66556008)(66476007)(5660300002)(66574015)(66946007)(91956017)(76116006)(2906002)(66446008)(38100700002)(122000001)(36756003)(54906003)(83380400001)(316002)(6506007)(6512007)(478600001)(2616005)(4326008)(8936002)(86362001)(186003)(71200400001)(6486002)(8676002)(6916009)(53546011)(33656002)(26005)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: MQWjd92PuV3kri1yH9ez8H87FIF3Bhvwl1ZHcb0429zlp03mvY9rr2RldwV3Mw2JRb46q+wXR+E737wbbR0uYP4x0q0H/AqLe3H5U9LC5JvIXVW1jSD7He04SN6Koh0WYK+wrh9TBKDp8IaSjyXhh41Dty+jR4/b5qSSFoq2r0IQKsULktQ+f6vCpnidiO6vI7c8mMQOBPyRZD4sXD1K1ZDHOhs88t74VoXTTv5Zfo10yvAm1kkORtaB2TviHxWz/qUVwV1685nV7rg5gsuc5mmzWjCGqQtxnKilTd7L8J08ymYFFT0fX7ZLEXW5v2K8AYHJAYx7hpOGLkvLnDXZ8JBoi4Xx0wOvLSSavj+qq2qF9wecrmOyWYbAz5pxUmhV1+uKCHDY/PrZThfS2CvQT0Ah5FBhSPRxWlcU6GMx08nexigvZxK1VxiktMUhzn2cs//Ckz5kvfalLqP0g/M2V4Ef3mGroQC+iZGXMSSFHUpZzpi/kXz9Su0S0Ai6WwZUdOS6XiNGrppBZxdPtDQ7yZZ5rro4WN6XLgLToxwd1zZu5Ck9pOe+K/sKV1QP07mv4DYyFpm00lq2oy84hlMzgfiY/IQpo2EsJRp89tBtNHLaGobeluRXJzIRiwn7Hd3eiq7wNn4pcZByYnFSy2dyud7QIkbHwk1YiFXThYh5I+zhEtRaaN8GF6Xpfp8ltyAw6fhKs8GfFY5cirZKFDUrxC/YQw8uALwwig2B/0zPYYvYzlLyvV2vkRzcXxrngwnJMQTXaRUM2tQNzic/BSTdg9TsAkVRc9pXQhIg/+g2SeCGBPq14cT/7ThQyO46idopxcB9v/6S2h637VMiOF9lsRCU1MdTWM8YI1wzSWkX2eZKmqVrwH1j4bMNwGWQ0yB0MZTapiPXcNR4e0DhSbYBEuMYHOuAOdEiR9BC8npV9tdyv+R2rCTpPAUDt6peE6s9chFRzJjfnUpqiMnQ7/VCFPeSzMHn7lzNPcw6kVmWstuxznaKmMhgdkTDPR1fkMJ7Dw4mtaChvGcb3joQ7To9Ri8p+8f1cfll4Ji+73PLWDghstCP8QQETvYEosa/Jsr+x7LkV1CszHcv9YpbNvei5PiNhWeHYEg7dF4jbpp+5uY5SkGSIv6TuB7aaRAxFBX9Vs5YhhGP6oAwkldTEBjOMWWwFHg+YZPl8mQ155uKq5WTwc3XPZNdhrXSxAFgjGwHlOgYrpx8zLiOqomYRcKTKKFDE/ryStfoSqvwcr3m+sNthxVNKf8297YTkaky0kZJ/u10OU4jYY3yV7LOBigROafjZVzz+VZf6AbHSmluuT2R0fQi5bBmOxI9Mnq+dV1r
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <800B4DC4367808499B45E1D7AF17159B@eurprd08.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB8PR08MB4185
Original-Authentication-Results: amsuess.com; dkim=none (message not signed) header.d=none;amsuess.com; dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: DB5EUR03FT064.eop-EUR03.prod.protection.outlook.com
X-MS-Office365-Filtering-Correlation-Id-Prvs: 669adfd9-7dec-46a0-d677-08d9456a7966
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 6TpaDbsSmBiibspiaoRsaUHJ4MRZs4831HlUVPUg3g1eHL+MSQF+gnZtMc0Ujq/mCgL5NcfqZRs5CIW12hOEAMJteieKs2CWR9Pevc6aGunv1cGMSpDoyWd/eGYPD7fZPXvYq4aQhx608vxQ6f+nwVnxCPDNCQl6k95xJ5zx6r+8F2luN4hHfD5bScXdH6PtS3wYV6lUvbUioeWwUrHkx55og7tjzcQUbMT83hOu7kXSpIOsa0KN8IHKPP4Cdvn3v6UjfBCCHyRNZhZMm9tnBTxvgwg++HF6zJYwlJItsU1rO/sIr/Fa6h6D+irfdfc6MGwLhGWM7bqdBFQr9R0lHVc3Sf/hslw8WYKqxsFcgWwHLToSwnrhB5z8fK93EEGGGLyhm9EurnDc4Irqo42r5o6ItH/LrGAsbQmLD541dLhyRMS7OvwAXRUSm8eX27kaUHmbdoqyHuSzpGwHPc1WzhXY5ukDVnbY7V42/vu1m3Abz8kfWeujQgE6FBN15T0MqLdr1Tv/pb+MASYbhyX5/XwPWLfbDkItlm6p5l9wkOOQ5APKYXbwuq/QVlwaMMy5VSNCk9oFbGbXTHwyEaUizXVcJn0eSN0YfOdCgCqlksFNuZDVmq3xD3yf4y+Z6lIq0wey13+L6vV2yJZhCJVRR2SxXoPcmt2bSpMdPyXeafERncgxjD47olDcqXHSz/B5DfDGppcl3W6DHpYuHI4Kdg==
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(4636009)(376002)(39850400004)(396003)(136003)(346002)(36840700001)(46966006)(478600001)(186003)(33656002)(6506007)(53546011)(86362001)(70586007)(26005)(47076005)(6512007)(81166007)(316002)(356005)(8676002)(2616005)(70206006)(336012)(82740400003)(82310400003)(5660300002)(450100002)(83380400001)(4326008)(66574015)(54906003)(6486002)(8936002)(6862004)(36756003)(36860700001)(2906002); DIR:OUT; SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Jul 2021 19:23:15.7578 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 693d1e08-ae7b-4904-5762-08d9456a7f81
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: DB5EUR03FT064.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM5PR0802MB2562
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/eVvH4s8PFCgfatndWXLbeFJqCGc>
Subject: Re: [Suit] SUIT manifest: suit-parameter-uri ... reference?
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Jul 2021 19:23:24 -0000
Hi Christian, I understand what you’re trying to achieve here. But is it necessarily the right way to do things? SUIT has a mechanism for replacing URIs if and only if the manifest author permits it. Do you think that a URI Reference is necessarily a better choice than that here? I have several concerns with URI References: 1) They leave the “relative to what” question very murky when a manifest is received via a push operation. 2) They could leave the recipient with no way to fetch the payload except, maybe, attempting to fetch it from the canonical manifest reference URI + URI Reference. In the USB-Stick scenario, it seems better, but that leaves out the possibility of simply bundling the manifest with the payload in the envelope, which is preferred in filesystem-type deployments. Best Regards, Brendan > On 23 Feb 2021, at 16:07, Christian M. Amsüss <christian@amsuess.com> wrote: > > Hello SUIT authors, > > toying with the RIOT implementation of SUIT I was surprised it required > the suit-parameter-uri that points from the manifest to the firmware to > not support relative references, even though in their deployment the > device obtains the manifest from the web. > > The current wording in suit-manifest is ambiguous to me: On the one hand > it says "a URI" (and not "a URI reference"), on the other hand it > compares it to Tag 32 (which is somewhat misleadingly named "URI" but > described to match URI-reference), and makes rules about fragment-only > references. > > Some clarification (saying "A URI reference from which" could suffice) > would help here. > > If this is more than an editorial oversight (that is, if > neither-full-nor-fragment references have not been considered), I hope > that relative references stay allowed, as they are useful during ad-hoc > network situations. > > Best regards > Christian > > -- > To use raw power is to make yourself infinitely vulnerable to greater powers. > -- Bene Gesserit axiom IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
- [Suit] SUIT manifest: suit-parameter-uri ... refe… Christian M. Amsüss
- Re: [Suit] SUIT manifest: suit-parameter-uri ... … Brendan Moran
- Re: [Suit] SUIT manifest: suit-parameter-uri ... … Christian Amsüss
- Re: [Suit] SUIT manifest: suit-parameter-uri ... … Brendan Moran