IETF Logo Mail Archive

Re: [Suit] Review of draft-ietf-suit-manifest-09

Brendan Moran <Brendan.Moran@arm.com> Mon, 27 July 2020 14:46 UTC

Return-Path: <Brendan.Moran@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5910C3A1B93 for <suit@ietfa.amsl.com>; Mon, 27 Jul 2020 07:46:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, LOTS_OF_MONEY=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=tQk7RMHg; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=tQk7RMHg
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YOTJqLY1KfaO for <suit@ietfa.amsl.com>; Mon, 27 Jul 2020 07:46:32 -0700 (PDT)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70088.outbound.protection.outlook.com [40.107.7.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 209053A255A for <suit@ietf.org>; Mon, 27 Jul 2020 07:42:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=cY2vSenMW02q1ZRSmQpJ20VoaHJkfXFpqHqoHnK8Zmg=; b=tQk7RMHgODU0Q2RY6c/CYaLiU58Z+gtNLS2p97otAWGAWcuPw0uM7dmalGhk4kgKAdK+u0PABuhgecvH4/HWv+7b89r0cgHKNdHmFc1/E3zJdRwcnuoQxpecoDla6tkoi+CMP8YnjclJt1z+tlNd7Dk7pI87rQ+9I/hSHK0nnas=
Received: from DB6PR07CA0178.eurprd07.prod.outlook.com (2603:10a6:6:43::32) by DB7PR08MB3194.eurprd08.prod.outlook.com (2603:10a6:5:25::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3216.24; Mon, 27 Jul 2020 14:42:12 +0000
Received: from DB5EUR03FT027.eop-EUR03.prod.protection.outlook.com (2603:10a6:6:43:cafe::5c) by DB6PR07CA0178.outlook.office365.com (2603:10a6:6:43::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3239.9 via Frontend Transport; Mon, 27 Jul 2020 14:42:12 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=bestguesspass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by DB5EUR03FT027.mail.protection.outlook.com (10.152.20.121) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3216.10 via Frontend Transport; Mon, 27 Jul 2020 14:42:12 +0000
Received: ("Tessian outbound 1dc58800d5dd:v62"); Mon, 27 Jul 2020 14:42:12 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: 4e392889c785e9f0
X-CR-MTA-TID: 64aa7808
Received: from 50e3a027f22f.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id FBEF7684-A74D-43FB-8CC6-D88DB49FEB15.1; Mon, 27 Jul 2020 14:42:07 +0000
Received: from EUR04-VI1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 50e3a027f22f.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Mon, 27 Jul 2020 14:42:07 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=K1vhePDILhQXZ3s1/TnYe/hu1kNZ9MqXpO72r1o9cYzWh6AgU2kLoytM8BAYjawFhyJqTcxd0iq6KQ/do7IOyxYN3Ngy1I+ahqqUAyZctYnCWk3Q6CsVTHOjvxG2IBCJneL9HCKHRxPmGcNyO1NE895/uuRU807mIEo5Ipl9mRv5Mmv3hYsK5DNCLrz58qzFSGSMLvck+WFeb6BOxF7fEqTQhxw5ZipUOgkG0rPvsawL9wT8k8Y4ITPfdYBi3aDxAB/mceUd2T171a1IokoETHFrgVOSYS4F27jI11Xg7pZ4M59P9jnr3ptYltpu88gjdny4DIi2g0/RA7vkKyLpzA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=cY2vSenMW02q1ZRSmQpJ20VoaHJkfXFpqHqoHnK8Zmg=; b=iGEdaQ4cchnSnO5/5eWN1I3vSBKUVRfVlTa1pY6GC7e0oIxZ/WJX2IlqtuoOtA5Aq6zoEmBlxZNKgIYSuGQkwaFwsh4gGXWtMlPO1LNYtf0eu7VcDPeBwlV2pbp9qCgWQC2PFRS0JSTgtsZqS82H943SzGtb4XJKVFe3eV1vpFZJoAftbZz+JhQbtl5UN4pP+1fCVr4FBux1B7h8JEAwnUpijQqhO85CILVy/yumkeEWnBHygLXdZ2i+Ki5PQb1pWhrNYt5n12IvG6DrASDr2/ieIP3LoTFx03ogbs/Q6mVMttSbFNshi8ua8jjOFt0Elp0jcNpGES/B2Mv90B+T3Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=cY2vSenMW02q1ZRSmQpJ20VoaHJkfXFpqHqoHnK8Zmg=; b=tQk7RMHgODU0Q2RY6c/CYaLiU58Z+gtNLS2p97otAWGAWcuPw0uM7dmalGhk4kgKAdK+u0PABuhgecvH4/HWv+7b89r0cgHKNdHmFc1/E3zJdRwcnuoQxpecoDla6tkoi+CMP8YnjclJt1z+tlNd7Dk7pI87rQ+9I/hSHK0nnas=
Received: from AM6PR08MB4738.eurprd08.prod.outlook.com (2603:10a6:20b:cf::10) by AM6PR08MB3511.eurprd08.prod.outlook.com (2603:10a6:20b:4b::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3216.24; Mon, 27 Jul 2020 14:42:05 +0000
Received: from AM6PR08MB4738.eurprd08.prod.outlook.com ([fe80::a98d:5ebe:dc1d:ea56]) by AM6PR08MB4738.eurprd08.prod.outlook.com ([fe80::a98d:5ebe:dc1d:ea56%3]) with mapi id 15.20.3216.033; Mon, 27 Jul 2020 14:42:05 +0000
From: Brendan Moran <Brendan.Moran@arm.com>
To: Dave Thaler <dthaler=40microsoft.com@dmarc.ietf.org>
CC: suit <suit@ietf.org>
Thread-Topic: [Suit] Review of draft-ietf-suit-manifest-09
Thread-Index: AdZiCUkrB1qNrZ3lS5i4ApAjr2sBOQCGs7sA
Date: Mon, 27 Jul 2020 14:42:05 +0000
Message-ID: <70453005-8DFA-4DBE-8C04-9882839D5005@arm.com>
References: <BL0PR2101MB1027152EC8DAD9B3847C3E89A3770@BL0PR2101MB1027.namprd21.prod.outlook.com>
In-Reply-To: <BL0PR2101MB1027152EC8DAD9B3847C3E89A3770@BL0PR2101MB1027.namprd21.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3608.80.23.2.2)
Authentication-Results-Original: dmarc.ietf.org; dkim=none (message not signed) header.d=none;dmarc.ietf.org; dmarc=none action=none header.from=arm.com;
x-originating-ip: [82.20.19.206]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: d145e7eb-1b3d-4151-880f-08d8323b3fc7
x-ms-traffictypediagnostic: AM6PR08MB3511:|DB7PR08MB3194:
X-Microsoft-Antispam-PRVS: <DB7PR08MB3194818550910EFEF7F6CF48EA720@DB7PR08MB3194.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:10000;OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: jViCOtzPO7riVkznsLVvrCb4fuRegAOgtseOUlvVpdXCGTH7+ini3zffRA4jg9VV7uoyVxL5e5CiJE7IhEeBBqrBZn/f8TGrE/DpnJfMmeu2n22gqUPvjaniG5v3I03NV1WK27J9XwjzkohK08o5T76jFe5os5WQDrkvAdlnyKVSoTbHncuTc+j/wN6Jwbjo804kIXMnWt1S53gJI14YKRw3UnxEk5gixdVuucM6farTe10ofmRUxPjiIStLayxRGb6mpVBa9wwjaW5FqB8uuqmqoiD5kUgsjgqguPa+iBYXHdQqVU483gUUh4wwG50d3j24VLszO5C7pb73G6bboJtBJAm6TF9xMqXPpwhyPUXoOsdfBoG1ZT58+KsvnP9/vwPXRU+0qPRipsbdwisDvg==
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM6PR08MB4738.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(376002)(136003)(366004)(346002)(39860400002)(396003)(4326008)(316002)(8676002)(86362001)(8936002)(26005)(66946007)(66556008)(2906002)(2616005)(33656002)(478600001)(36756003)(186003)(6512007)(71200400001)(76116006)(6486002)(91956017)(6506007)(53546011)(166002)(45080400002)(66446008)(966005)(64756008)(66476007)(83380400001)(5660300002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: W+zjsMG1BUjWg1YFz50RMWXxWIAcFI5HHPAbACU4+54GuguRj0Qhq1rI80SQ3DbdBMiryhLSvWfrv0BECZl1Hj7VLEwv8jbmcwSLTTHMhef5zCHeP0eLQb2skVSdQMa4aSylFeHH+ad5SCue83XhnJ2LlS2SAlsym+bjKc6PRuVW+KUDkXRFaUTkyZspmSHb0QrZew4gc7OR08XExEhx+KkDirx9O0d1NrEtcsIeSq38xxK/bNF0x8c4lENSDHsnZo1KH9V+swnIJ5iPwQdCT/v94XVJ9g2quDOZDvycHBPDpOOx7SfzD6du93t1va+FJ+os/TjzVNeb02WK3/Bu8BA8wQvgBiOheo6dyosCBfSSiZqGIC9KdpEB8Seirm048HXfzfOV95fNGpr9YEPyUWGIezacTQTx6Ps0evVGTP+SbuNJS6KQGGF6mPP45MMF72iPG8VQrqetKCoROAkRmdn5aXUNacInglexqgeYt8w=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_704530058DFA4DBE8C049882839D5005armcom_"
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB3511
Original-Authentication-Results: dmarc.ietf.org; dkim=none (message not signed) header.d=none; dmarc.ietf.org; dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: DB5EUR03FT027.eop-EUR03.prod.protection.outlook.com
X-MS-Office365-Filtering-Correlation-Id-Prvs: b1d85c36-ba9d-40d2-d7b7-08d8323b3b60
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 22s++9OxkvbYW007OUgPf12IofCwZ9Zp2EXou51v1W3N9JDmENENzqw+RHADD1aJpPD58xtZ7YfMOVNsrMSKLAtbtKlfTYIdxvKgdwVV/gmZvxskWdy502mdpE+LJM3QJWK3q6vfRxeRi6J0MHIZUlRHmCvoqSlRM+GgUKZ36jacNSCeueHjMjT6CB6IwBKZf1b2wc8POvjwOsXVMEJvSP2fvFfvYy8E8NWFb2+ZcZI7djTN6+nVLBJ1yF4tpFM+EllHti63zGwqzKAR9MlW7m3J5zVOIzO1rWFPxFi1k6X+0YJbPr1qXVC1yrxMkBISOoJBlkFlML+lujRT/RzyzCe164dBQhnPl+kcMlCxJ5PIS/iK/PMA+hzw0GTcF3BwWOiwSG4WD8by+O2WbBbCW9gKmNwgTtadvHZzJE6d89OQ1uPyYpgYZCmHSs7tbkgE3fewjVgTmt29da8fkUvzvnolLpnnkJqygKPa822ZJdo=
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFTY:; SFS:(4636009)(376002)(136003)(346002)(396003)(39860400002)(46966005)(81166007)(70586007)(45080400002)(33964004)(83380400001)(6862004)(2906002)(8936002)(30864003)(47076004)(70206006)(356005)(6512007)(966005)(26005)(166002)(186003)(82310400002)(478600001)(8676002)(336012)(86362001)(33656002)(2616005)(316002)(36756003)(6486002)(6506007)(53546011)(82740400003)(5660300002)(4326008); DIR:OUT; SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Jul 2020 14:42:12.7345 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: d145e7eb-1b3d-4151-880f-08d8323b3fc7
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: DB5EUR03FT027.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR08MB3194
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/hG2lsu2uY2yJCmlEZ61Jl7yy3x4>
Subject: Re: [Suit] Review of draft-ietf-suit-manifest-09
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Jul 2020 14:46:37 -0000

Hi Dave,

Thank you very much for your very detailed review! Of course, it will take me some time to work through this review. I will do my best to clarify these technical comments as I work through. In general, the issues you’ve listed look to me like the “right” answer is fairly obvious, so I will straighten them out. There are several comments that I think deserve a little more clarification.

6. SUIT_Report

SUIT_Report and Reporting Engine text is added but does not appear to be about what goes in a SUIT manifest, so I argue that it doesn’t belong in this spec (and is arguable as to whether it’s in scope for SUIT at all)

You’re right. This has not been raised on the list. If it’s more appropriate to put it in a new draft, I’m happy to do that. However, it’s a natural consequence of adding the SUIT_Reporting_Policy, which was discussed at the virtual interim. It seemed to me that if a reporting policy was specified, then an implementor would naturally want to know how to report that information. If there is a need for logging SUIT commands, along with their arguments and results, this seems very specific to SUIT in general and the SUIT manifest in specific. I struggle to see what document would be more appropriate than the SUIT manifest for the SUIT_Report.

Furthermore, it says SUIT_Report can go in an attestation report.  What’s the rationale for that as opposed to some more typical logging/reporting mechanism that might integrate with existing error reporting mechanisms and trouble ticketing?

SUIT_Reporting_Policy has two output channels: “system information,” that is the “actual” values compared against in conditions, and “command records” which are effectively logs of command execution. For an update case, these are adequately served by logging infrastructure. However, in a bootloader case, this is inadequate because the bootloader and the booted application are different security domains. This means that any system information or command records need to be protected from modification by the application. Typically, this would be done with a signature; I don’t see how this is different from attestation.

The discussion of a Reporting Engine seems necessary: it’s the thing that consumes reporting policy.

7.      Defining a new identifier space (UUIDs) for vendors is not motivated.  So a vendor can’t use an existing OUI or IANA private enterprise number that can be easily looked up? You have to instead use an opaque identifier with no way to directly look up its meaning? What is the rationale for inventing a new space rather than being able to reuse an existing one that can be looked up to get an org name, contact info, etc.? (Yes there is suit-text-vendor-domain but that’s severable and optional to implement at all.) And a UUID takes up more bytes than either an OUI or a PEN, so is worse for constrained devices, so why not use an existing space that is shorter and hence more applicable to constrained devices?
7. Vendor IDs
I’d argue that I have not defined a new identifier space. It was defined in RFC4122. That said, I think that PEN could be beneficial if we can work around some of the complexities associated with it.

OUIs may be prohibitive for small manufacturers (US $2,995). For example, I have seen small manufacturers avoid building USB devices due to the cost of obtaining a USB VID. Class IDs still require a UUID Name Space Identifier. There is no rule I can find for constructing an OUI UUID, so it cannot be used as a UUID Name Space Identifier.


Private Enterprise Numbers seem manageable by small manufacturers.
There is a UUID Name Space Identifier for OIDs, however this gets a bit confusing. You would need to construct a class ID as follows:

Vendor_UUID = uuid.uuid5(uuid.NAMESPACE_OID, EncodeOID(‘1.3.6.1.4.1.’ + PEN))
Class_UUID = uuid.uuid5(Vendor_UUID, Class_Information)

The problem here is that EncodeOID() is not specified at all in RFC4122. The closest we get is:

For example, some name spaces are the
   domain name system, URLs, ISO Object IDs (OIDs), X.500 Distinguished
   Names (DNs), and reserved words in a programming language.

So Class IDs become unpredictable because OID encoding is underspecified in RFC4122. I can see the Vendor_UUID being computed with several different versions of EncodeOID:
- Encode as dotted-integer string
- Encode as DER OID
- Encode as value of DER OID (no tag/length)
- Lots of other ASN.1 encodings possible.
- Future CBOR OID?

I do not believe we should specify the use of OUIs because 1) they cost $3000, 2) there is no UUID namespace for OUIs

I’m not against using a PEN, but we would also need to provide extremely strict encoding guidelines for constructing Vendor UUIDs, since the Vendor UUID is needed as the Name Space ID for the Class UUID. For encoding in the manifest I think we should insist on using the PEN directly rather than the full OID. But what would we do with a PEN sub-assignment?

There’s a lot more complexity here than just “use a PEN.”


Best Regards,
Brendan


On 24 Jul 2020, at 23:51, Dave Thaler <dthaler=40microsoft.com@dmarc.ietf.org<mailto:dthaler=40microsoft.com@dmarc.ietf.org>> wrote:

During the IETF hackathon week, I went through all of the suit manifest draft and kept notes.
My full review in context is at
https://www.microsoft..com/en-us/research/uploads/prod/2017/05/draft-ietf-suit-manifest-09.pdf<https://www.microsoft.com/en-us/research/uploads/prod/2017/05/draft-ietf-suit-manifest-09.pdf>
which is too long to copy into email here.

Besides lots of editorial comments, there’s a few technical comments/questions, including
(but there may be more depending on whether you interpret some others as editorial or technical):
1.      Apparent contradictions about whether on systems with a single component, whether setting the component index should clear the dependency index or not.
2.      What it means to “break” is underspecified (I’m guessing continue on to the next command after try-each, as opposed to go on to the next manifest, but it’s not stated in the doc).
3.      Section 6.7 seems to require using multiple processes, not just multiple threads, without justification.
4.      The trust model when multiple manifest processors exist, in two or more security domains, is underspecified, and not mentioned in the Security Considerations section.
5.      Suit-text-version-required expression syntax is underspecified.
6.      SUIT_Report and Reporting Engine text is added but does not appear to be about what goes in a SUIT manifest, so I argue that it doesn’t belong in this spec (and is arguable as to whether it’s in scope for SUIT at all).  It reads like SUIT_Record is yet another alternative to IPFIX, syslog, etc., and doesn’t state the rationale for defining a new format. You might say that it could be used in an octetArray in IPFIX if someone defined such a field, but this document doesn’t, and indeed if SUIT_Record is not something that would appear in a SUIT manifest, then I think it should not be in this document.
o   Furthermore, it says SUIT_Report can go in an attestation report.  What’s the rationale for that as opposed to some more typical logging/reporting mechanism that might integrate with existing error reporting mechanisms and trouble ticketing? I don’t think this was motivated in either the suit architecture or the suit IM document, and I don’t recall it ever being discussed on the SUIT list or WG meeting (but maybe it was and I forgot?)   Again, I think my preferred course would be to sever it from the SUIT manifest specification.
7.      Defining a new identifier space (UUIDs) for vendors is not motivated.  So a vendor can’t use an existing OUI or IANA private enterprise number that can be easily looked up? You have to instead use an opaque identifier with no way to directly look up its meaning? What is the rationale for inventing a new space rather than being able to reuse an existing one that can be looked up to get an org name, contact info, etc.? (Yes there is suit-text-vendor-domain but that’s severable and optional to implement at all.) And a UUID takes up more bytes than either an OUI or a PEN, so is worse for constrained devices, so why not use an existing space that is shorter and hence more applicable to constrained devices?
8.      The time-of-day and day-of-week wait events are underspecified in terms of whether they are in local time or UTC.
9.      If I understand correctly, if a dependency manifest sets Strict Order to false, this will then carry over to the dependent manifest, potentially leading to a source of unexpected bugs.  Is my understanding correct?
10.   For conditions that are optional to implement, I couldn’t tell if that means that if not implemented by a manifest processor, they are treated as passing, failing, or as parse errors.
11.   There are several commands where in certain contexts the doc says they “MUST have no effect”.  But why not make them illegal to appear in such contexts?   Why spend the extra space to include them in the manifest just to have no effect?
12.   Swap directive is underspecified in terms of what should happen if the destination doesn’t yet exist (i.e., fail vs move).
13.   IANA considerations section doesn’t yet meet the requirements of RFC 8126.  For example, it specifies Expert Review but contains insufficient information to instruct an expert how to review, per the guidelines in that RFC.

I know the doc is long (109 pages) so forgive me if some answers are elsewhere in the doc and I just missed them,
which just means maybe a cross-reference would be sufficient. ☺

Dave

_______________________________________________
Suit mailing list
Suit@ietf.org<mailto:Suit@ietf.org>
https://www.ietf.org/mailman/listinfo/suit

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email