Re: [Suit] Manifest-07 review

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Wed, 24 June 2020 14:39 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BDE473A0E6B for <suit@ietfa.amsl.com>; Wed, 24 Jun 2020 07:39:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=iWaCnxvn; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=iWaCnxvn
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DEbHUWIosdAM for <suit@ietfa.amsl.com>; Wed, 24 Jun 2020 07:39:20 -0700 (PDT)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2055.outbound.protection.outlook.com [40.107.20.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E1BA73A0E6C for <suit@ietf.org>; Wed, 24 Jun 2020 07:39:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nKv1qqS0ZEF4Q7QQY7gSuETqIp2SWNlxe5PVxjk2mBA=; b=iWaCnxvnRNvALbFh3vntYu457DRg8ak4ivnplkBcdUmbSxYkMnI5dPdlJNltXgc/yh6ZcwUg/KMcUsj8U5Qe+svQTFhDFBwCU1AK3WmdzBvs2b1IajePvanXGndEg0pWTzoH6cyP+StGDv1rPQ9kYVnhDwQYeh7GrIuvOhMjZW8=
Received: from AM6PR08CA0011.eurprd08.prod.outlook.com (2603:10a6:20b:b2::23) by VI1PR08MB4190.eurprd08.prod.outlook.com (2603:10a6:803:eb::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3131.20; Wed, 24 Jun 2020 14:39:13 +0000
Received: from VE1EUR03FT019.eop-EUR03.prod.protection.outlook.com (2603:10a6:20b:b2:cafe::e7) by AM6PR08CA0011.outlook.office365.com (2603:10a6:20b:b2::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3131.20 via Frontend Transport; Wed, 24 Jun 2020 14:39:13 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=bestguesspass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by VE1EUR03FT019.mail.protection.outlook.com (10.152.18.153) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3131.20 via Frontend Transport; Wed, 24 Jun 2020 14:39:13 +0000
Received: ("Tessian outbound f44be76249db:v59"); Wed, 24 Jun 2020 14:39:12 +0000
X-CR-MTA-TID: 64aa7808
Received: from 9ee27de979f8.2 by 64aa7808-outbound-1.mta.getcheckrecipient.com id C57DB66F-DB84-47AE-A6DC-D5AB218E5735.1; Wed, 24 Jun 2020 14:39:07 +0000
Received: from EUR04-HE1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 9ee27de979f8.2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Wed, 24 Jun 2020 14:39:07 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=D/hwevY1w6ns2+95/VPaSQh1EgK0JbnrVAAAFHX+dzPl42N9ggS1bUWuVOcjrjhwiYeGbmAZQTD6nBS+MhyqbEqoV8o8S4CSBdHVWuYWKxF2RSWuf11I6Vq603es5pnX5+0iyqSV05y9xUCnzF1mIkzrr0Yc1sxkgtFawoCD+uXHRbu6Qpr1TdkkGCwp2J7qsUbMTC5R6H5p77u0lpa0//D87CjpfwvNPhrdyMrP5ZtQh4TRPqOslX3IM2qpYHPMfd31W0jIFiIXnTIdKCjv6BnC5Aq4K0f+hzlA5bOdohmuKuDsh17eIls8NB6sxLfPTgWbdk852RvhvbikFDvBSA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nKv1qqS0ZEF4Q7QQY7gSuETqIp2SWNlxe5PVxjk2mBA=; b=oICwHuFrUslLPOO2uUCEZ8fPl+mXBpVQf4SjTwZ+5s+/yhuwSeoDMbWIp70GR3XsJKw8BeuxIwVOnF7s4gZi+F6eULXF7k9lIbDh8qV0Q2ANh0M1YqxODeQXr4lQhMMEXwLTYM5VVVIB57sU1Y8TH6/4quIOYb+aQqGFh2nbRkwHfo6j6fdpBTAN4L9/YfwxhMfCfDEBI4D2FIdrBD/YZWiZlxpMzZ8PegowLRXxwfYJOMVz+hvDazYetQY9m7TM1U1HYMXmQRAjXvlt1526W4r6vRXDbd59TnOlsTqWxIYf10oKZCoRAoKorep/hQd/RtKNwMyzMBDuqT5vlGiAnA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nKv1qqS0ZEF4Q7QQY7gSuETqIp2SWNlxe5PVxjk2mBA=; b=iWaCnxvnRNvALbFh3vntYu457DRg8ak4ivnplkBcdUmbSxYkMnI5dPdlJNltXgc/yh6ZcwUg/KMcUsj8U5Qe+svQTFhDFBwCU1AK3WmdzBvs2b1IajePvanXGndEg0pWTzoH6cyP+StGDv1rPQ9kYVnhDwQYeh7GrIuvOhMjZW8=
Received: from AM0PR08MB3716.eurprd08.prod.outlook.com (2603:10a6:208:106::13) by AM0PR08MB4468.eurprd08.prod.outlook.com (2603:10a6:208:145::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3109.22; Wed, 24 Jun 2020 14:39:05 +0000
Received: from AM0PR08MB3716.eurprd08.prod.outlook.com ([fe80::39f5:e4d9:51ff:eae]) by AM0PR08MB3716.eurprd08.prod.outlook.com ([fe80::39f5:e4d9:51ff:eae%7]) with mapi id 15.20.3109.027; Wed, 24 Jun 2020 14:39:05 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Dick Brooks <dick@reliableenergyanalytics.com>, Brendan Moran <Brendan.Moran@arm.com>, 'Henk Birkholz' <henk.birkholz@sit.fraunhofer.de>
CC: 'suit' <suit@ietf.org>, "'Waltermire, David A. (Fed)'" <david.waltermire=40nist.gov@dmarc.ietf.org>
Thread-Topic: [Suit] Manifest-07 review
Thread-Index: AdZJ/dxWDAt2IAgGSk6bbwUyoDHNSgALZjZAAAA5wQAAADlfgAAAOC0AAAFFcQAAAEZWAAAAIUjA
Date: Wed, 24 Jun 2020 14:39:05 +0000
Message-ID: <AM0PR08MB3716D0E83119C6E2C06C78F0FA950@AM0PR08MB3716.eurprd08.prod.outlook.com>
References: <AM0PR05MB4339D51F857444D08ECAC41888950@AM0PR05MB4339.eurprd05.prod.outlook.com> <CH2PR09MB425136BCE8E859DFBED017DCF0950@CH2PR09MB4251.namprd09.prod.outlook.com> <1cd0f01d64a2c$5e98ffb0$1bcaff10$@reliableenergyanalytics.com> <54E7F290-B43D-4D72-9E8C-DE1B7E74F03E@arm.com> <dc6daca5-50b3-2bee-5180-3af97030f877@sit.fraunhofer.de> <B2FEFA15-381F-4DE6-98A6-23F08B89539E@arm.com> <1d1af01d64a34$53a40020$faec0060$@reliableenergyanalytics.com>
In-Reply-To: <1d1af01d64a34$53a40020$faec0060$@reliableenergyanalytics.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-ts-tracking-id: b076fcb1-2db6-4b01-9330-c0e235f215e1.1
x-checkrecipientchecked: true
Authentication-Results-Original: reliableenergyanalytics.com; dkim=none (message not signed) header.d=none;reliableenergyanalytics.com; dmarc=none action=none header.from=arm.com;
x-originating-ip: [80.92.123.2]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: dcfe78c3-f3ce-490b-285f-08d8184c5d25
x-ms-traffictypediagnostic: AM0PR08MB4468:|VI1PR08MB4190:
x-ms-exchange-transport-forked: True
X-Microsoft-Antispam-PRVS: <VI1PR08MB41903734ACA507E33C55B013FA950@VI1PR08MB4190.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:9508;OLM:9508;
x-forefront-prvs: 0444EB1997
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: 5MSYHdHg12zYZXP80n8qeqNzU1O22/+i06ADHYcK2k0E4Q9MaPKJBkh2ACp8VpE4u9pKQu5grDaREMiUqRSxPE5ub7K6lYKPxYfAbfMxsM+JgdXEGcS3IRzsj17EOKGlyE5qTIG6w7TG9VuAuHwxU5QNXK5Lhj5ULC8CtL4K/d8GgPRFPAZA2+gNxiGzr5bU/tl8oai1VJl9WCKiJUlOlyvbXczNFjsf6j34L6eNBpGqLtRx5D2hubmZ75VylbZArZZDUT7ro0SvEqKtz1aCRMQAMHvId5F70Ak+ExSztchVBXMawTLJhasRUPZRb+HeF1l1zjRjmkl4A64zN6aeuBLHjCCkOgbdnw/X+zCfi9rt2kT4uei1bK08P2AHUzf3EGKjYLPrsYPCfYw0yimIBg==
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR08MB3716.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(39860400002)(346002)(396003)(376002)(366004)(136003)(33656002)(9686003)(53546011)(6506007)(8676002)(966005)(26005)(71200400001)(66946007)(478600001)(66556008)(76116006)(4326008)(66476007)(66616009)(45080400002)(99936003)(64756008)(66446008)(66574015)(110136005)(55016002)(83080400001)(186003)(166002)(83380400001)(86362001)(2906002)(52536014)(7696005)(316002)(8936002)(5660300002)(54906003); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: oJh2ar1r7DxZyhUIpOIwuh4J8X/IAPqTh6Q2Ijeg5l+/OqIzpm8VsaK9FQzKOxhFkEcBSOas94efqZMCIt2zZo3ofXhe5RJbkVjrW8XgeKFPRR0DpE9EgNVhemBrRykc6x0+YuxICY2qGUb6JVWZ75h675XvCL1pJJvuGdZ8HH/ARCXMyWKJzjY2IpXcRvkJZINDfzQtUtVoSISrZ9aW54eor1Yt90VQL9gzHBTDrrunc5J9PbtJJLrD2X2jMitxE945UBSeq7SV+Bj0puB3esNb9XF33ypilUxorB2aJG8J0o6fTx+lqBQAC/q9w7RTAGdUDIlGREwY9RORr4CKL9Uo5R44LlcSBKRAGAux25XvNajYLgZWWOcXZqXhzY8NAisTtXIKL9O7nJs7d/cVNlPZPUpFbp0vfjMKxVbXFLby1i4mQWwZDqumPeQW4uJTWOhVF0Yk8nvgQukSsVnCMI3PPj9pM7hEebajB8oPY6Y=
Content-Type: multipart/related; boundary="_004_AM0PR08MB3716D0E83119C6E2C06C78F0FA950AM0PR08MB3716eurp_"; type="multipart/alternative"
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR08MB4468
Original-Authentication-Results: reliableenergyanalytics.com; dkim=none (message not signed) header.d=none;reliableenergyanalytics.com; dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: VE1EUR03FT019.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFTY:; SFS:(4636009)(39860400002)(396003)(136003)(376002)(346002)(46966005)(4326008)(336012)(54906003)(110136005)(6506007)(47076004)(966005)(33656002)(99936003)(53546011)(7696005)(9686003)(2906002)(82310400002)(82740400003)(55016002)(45080400002)(33964004)(478600001)(8936002)(356005)(52536014)(70586007)(5660300002)(166002)(86362001)(8676002)(186003)(30864003)(26005)(66574015)(66616009)(81166007)(83080400001)(316002)(36906005)(83380400001)(70206006); DIR:OUT; SFP:1101;
X-MS-Office365-Filtering-Correlation-Id-Prvs: 16c35c3d-b0de-4adf-bd51-08d8184c58a3
X-Forefront-PRVS: 0444EB1997
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: TaqCas/lDrZ66zvhZgw7bPZfki5WDkuHN8+FtILph2Vx0I4scvG0c9cFhCnXWo3oDZdizHTt6mpnS99n0E5Ih+KqsigpLOEcYjzBhR0orbZ4nBySFR6A099Zv43qQAdhuV7GKnjWqQARhJAqOAdnsEz7e7Bq3qX41Vttb0XO0FyIEQXBT9tq+o3IK+KW4lK8tJ5UHdqIut22iiM2DaNakXaei7t7jWH+Ihjs4R7Sui5G+sPVdwOa8oHfeKZ+AsONsfjklvS29LMkaV27egLpquBKf1RV/ICIGg+KGZAqFMmspvGIRiOAsf439PFarzEioTGFHSlQF1djc5wMKkk4XuMRY8umFIhMgvQi3O6RWWiJDa0YZt41gOXhgJPSR0sm8PTtfMGHuDy0r0inozhCsk+xmzYodPTdW/BQtq2W2OTan+JZDJOzZFbxERMGMKS3M1lH1HxStTe+rBExAB6VdgJH80Iqv+jTva3YHXjX/aM=
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Jun 2020 14:39:13.0665 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: dcfe78c3-f3ce-490b-285f-08d8184c5d25
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: VE1EUR03FT019.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR08MB4190
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/Ar9sQvc_XEm4-sqgvw4ZhHdAY9c>
Subject: Re: [Suit] Manifest-07 review
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Jun 2020 14:39:24 -0000

Dick,

the confusion in the discussion below has its origin in the way how the CDDL elements are called. The “envelope” is the wrapper around the manifest, which contains the digital signature. The signature covers a number of things, including the hash of the software/firmware.

Ignoring all the CDDL language it pretty much does what you are describing. On top of that there is also the option to use encryption.

Ciao
Hannes


From: Suit <suit-bounces@ietf.org> On Behalf Of Dick Brooks
Sent: Wednesday, June 24, 2020 4:33 PM
To: Brendan Moran <Brendan.Moran@arm.com>; 'Henk Birkholz' <henk.birkholz@sit.fraunhofer.de>
Cc: 'suit' <suit@ietf.org>; 'Waltermire, David A. (Fed)' <david.waltermire=40nist.gov@dmarc.ietf.org>
Subject: Re: [Suit] Manifest-07 review

I would find it ideal, for my SAG-PM risk assessment logic, to have the suit manifest digitally signed and to have that signed manifest contained in a digitally signed software object so that the two are forever linked in this “virtual blockchain relationship”.

Thanks,

Dick Brooks
[cid:image001.jpg@01D64A45.F819AF40]
Never trust software, always verify and report!<https://reliableenergyanalytics.com/products>http://www.reliableenergyanalytics.com<http://www.reliableenergyanalytics.com/>
Email: dick@reliableenergyanalytics.com<mailto:dick@reliableenergyanalytics.com>
Tel: +1 978-696-1788

From: Brendan Moran <Brendan.Moran@arm.com<mailto:Brendan.Moran@arm.com>>
Sent: Wednesday, June 24, 2020 10:25 AM
To: Henk Birkholz <henk.birkholz@sit.fraunhofer.de<mailto:henk.birkholz@sit.fraunhofer.de>>
Cc: Dick Brooks <dick@reliableenergyanalytics.com<mailto:dick@reliableenergyanalytics.com>>; suit <suit@ietf.org<mailto:suit@ietf.org>>; Waltermire, David A. (Fed) <david.waltermire=40nist.gov@dmarc.ietf.org<mailto:david.waltermire=40nist.gov@dmarc.ietf.org>>
Subject: Re: [Suit] Manifest-07 review

I’m not certain what *we* are talking about. *I* am talking about SUIT_Envelope or, to be more precise, SUIT_Envelope_Tagged (that is #6.TBD(SUIT_Envelope)). I think that SUIT_Envelope_Tagged could have a “.suit” file name extension. I think it’s probably a bad idea to have SUIT_Manifest floating around on your system without the envelope or a signature. Maybe you could add a COSE_Sign to it. Then, you might want a “.cose” file name extension.

Brendan

On 24 Jun 2020, at 14:48, Henk Birkholz <henk.birkholz@sit.fraunhofer.de<mailto:henk.birkholz@sit.fraunhofer.de>> wrote:

Are we talking about every "software object" that starts with a CBOR tag as defined in this document?

I assume that a manifest in the form of a file can be wrapped or not be wrapped in a SUIT envelope. Would that result in the same file extension ".suit"?

Viele Grüße,

Henk

On 24.06.20 15:42, Brendan Moran wrote:
The intent is to register a CBOR tag that identifies the manifest envelope. This allows detection of manifests by signature in the first 2-3 bytes. A typical filename extension would be fine. I think the most suitable suggestion would be “.suit” if that suits the working group. We’re past the days of 3 letter extensions now, right?
Best Regards,
Brendan
On 24 Jun 2020, at 14:35, Dick Brooks <dick@reliableenergyanalytics.com<mailto:dick@reliableenergyanalytics.com>> wrote:

Are there plans for a standard file naming nomenclature to identify software
objects that contain a suit manifest?

Today, I use the filename extension to drive an introspection procedure to
generate an SBOM and having a defined filename extension to indicate that a
suit manifest is present would help, otherwise I have to parse each file to
determine which SBOM introspection procedure to invoke.

Thanks,

Dick Brooks

Never trust software, always verify and report! T
http://www.reliableenergyanalytics.com
Email: dick@reliableenergyanalytics.com<mailto:dick@reliableenergyanalytics.com>
Tel: +1 978-696-1788

-----Original Message-----
From: Suit <suit-bounces@ietf.org<mailto:suit-bounces@ietf.org>> On Behalf Of Waltermire, David A. (Fed)
Sent: Wednesday, June 24, 2020 9:30 AM
To: Rønningstad, Øyvind <Oyvind.Ronningstad@nordicsemi.no<mailto:Oyvind.Ronningstad@nordicsemi.no>>; suit
<suit@ietf.org<mailto:suit@ietf.org>>
Subject: Re: [Suit] Manifest-07 review

Øyvind,

Thanks for this review!

Dave

-----Original Message-----
From: Suit <suit-bounces@ietf.org<mailto:suit-bounces@ietf.org>> On Behalf Of Rønningstad, Øyvind
Sent: Wednesday, June 24, 2020 6:03 AM
To: suit <suit@ietf.org<mailto:suit@ietf.org>>
Subject: [Suit] Manifest-07 review

Hi guys, here is a review of manifest-07. Mostly small stuff.

Questions:
.... Section 6.4: What are the guidelines for extracting the vendor-id,
class-id, device-id, or version of a component?
.... Suit-condition-component-offset is used in an example, but marked as TBD
in its section. I see that it is described in 6.4 as
"assert(offsetof(component) == arg)". What are the semantics of "offsetof"?
.... Can suit-directive-process-dependency be done on a component, or just on
a dependency? Generally, there seems to be some mismatch between the
description in 6.4 (which implies that most directives and conditions only
apply to a component index) and textual descriptions e.g. in 9.8.4.1 and
9.8.4.2 (which imply that directives and conditions apply to whichever is
available of component index and dependency index).
.... (It would be very beneficial to make 6.4 "Abstract Machine Description"
more prominent, e.g. by linking from the individual section for commands,
since 6.4 contains very useful info about how the commands work, and it's
hard to discover otherwise.) .. What (if any) are the rules regarding when
to perform dependency-resolution, payload-fetch, and install, and when to
perform only validate, load, and run?
.... suit-manifest-sequence-number: "Each Recipient MUST reject any manifest
that has a sequence number lower than its current sequence number." Are
there several "current sequence number"s or just one for each SUIT
processor. Exactly when is the "current sequence number" updated?
.... What should the processor do when waiting on a suit-directive-wait? Can
it be interpreted as "try again later", or "busy wait"?
.... There are important limitations to what sort of commands can be in
suit-common. Could the limitations be reflected in the CDDL? It seems like a
natural thing to do, to make the limitations more prominent.
.... When processing dependencies, how do we know when to a) expect a
signature and b) check the signature on a dependency manifest?
.... Did we mean for short payloads to be embeddable in the manifest (I can't
find this)? This would be very useful for setting configuration options via
SUIT manifests.
.... Is the device-identifier unique for each individual device, or for a
collection of devices?
.... Why are suit-directive-set-component-index and
suit-directive-set-dependency-index not implemented through set-parameters?
Are they subject to the same override mechanics? If not, it might be
confusing with suit-parameter-source-component, which seems to be analogous
to set-component-index, but might have subtly different behavior because of
override mechanics.

Nits:
.... Suit-directive-fetch: "manifest-index" is not referred to elsewhere in
the document.
.... Section 7: Suggested edit in bold: "A digest should always be set using
Override Parameters, since this prevents a less-privileged dependent OR
dependency from replacing the digest."
.... suit-condition-update-authorized seems like it could use some metadata
to help determine what is being authorized, e.g. A human readable prompt if
user interaction is required, or an identifier if multiple instances of the
condition are used in a manifest.


Thanks for the good work,

Øyvind

_______________________________________________
Suit mailing list
Suit@ietf.org<mailto:Suit@ietf.org>
https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.o
rg%2Fmailman%2Flistinfo%2Fsuit&amp;data=02%7C01%7Cdavid.waltermire%40nist..go
v%7C909e99a025494e915e6008d81825e30f%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%
7C0%7C637285898291416907&amp;sdata=Hww6iMALkbaHZQLb1VeYGCDfb7yrQGbpUbUa%2FD5
u4Fo%3D&amp;reserved=0

_______________________________________________
Suit mailing list
Suit@ietf.org<mailto:Suit@ietf.org>
https://www.ietf.org/mailman/listinfo/suit

_______________________________________________
Suit mailing list
Suit@ietf.org<mailto:Suit@ietf.org>
https://www.ietf.org/mailman/listinfo/suit
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
_______________________________________________
Suit mailing list
Suit@ietf.org<mailto:Suit@ietf.org>
https://www.ietf.org/mailman/listinfo/suit

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.