IETF Logo Mail Archive

Re: [Suit] Packed CBOR

Russ Housley <housley@vigilsec.com> Thu, 30 July 2020 16:03 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A4BDB3A0BDF for <suit@ietfa.amsl.com>; Thu, 30 Jul 2020 09:03:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DYfxbSK9US69 for <suit@ietfa.amsl.com>; Thu, 30 Jul 2020 09:03:02 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AC7113A0BB8 for <suit@ietf.org>; Thu, 30 Jul 2020 09:02:59 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 270EF300B22 for <suit@ietf.org>; Thu, 30 Jul 2020 12:02:57 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id DzpXKRQmFStk for <suit@ietf.org>; Thu, 30 Jul 2020 12:02:54 -0400 (EDT)
Received: from a860b60074bd.fios-router.home (pool-72-66-113-56.washdc.fios.verizon.net [72.66.113.56]) by mail.smeinc.net (Postfix) with ESMTPSA id 73827300AB1; Thu, 30 Jul 2020 12:02:54 -0400 (EDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.15\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <7C066E44-8C55-4229-993A-28FD0572992B@arm.com>
Date: Thu, 30 Jul 2020 12:02:55 -0400
Cc: suit <suit@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <7A2CA643-5784-428A-8771-08BAC9CA7D0E@vigilsec.com>
References: <7C066E44-8C55-4229-993A-28FD0572992B@arm.com>
To: Brendan Moran <Brendan.Moran@arm.com>
X-Mailer: Apple Mail (2.3445.104.15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/iDCyYcC-HRYahQWN3UtLB8JMylI>
Subject: Re: [Suit] Packed CBOR
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Jul 2020 16:03:07 -0000

Brendan:

Perhaps it is too early to say, but is this CBOR-based dictionary compression scheme likely to be widely supported in CBOR libraries?  To me, the answer to that question weighs heavily on the preferred way forward.

Russ

> On Jul 30, 2020, at 11:46 AM, Brendan Moran <Brendan.Moran@arm.com> wrote:
> 
> On Monday, Carsten presented Packed CBOR (draft-bormann-cbor-packed-00) at the CBOR working group, which adopted it. This is an extension to the CBOR standard (RFC7049) that enables “packing” of CBOR objects using a CBOR-based dictionary compression scheme.
> 
> If this had been in draft 18 months ago, the SUIT manifest would have used it instead of the “common” block. The common block is a de-facto packing mechanism that would be largely supplanted by packed CBOR. It simplifies many of the schemes that SUIT already uses and makes the manifest more compact besides.
> 
> If we were to adopt it now, this would cause two substantial changes in SUIT:
> 
> 1. Removing several existing SUIT deduplication mechanisms.
> 2. Placing a dependency on draft-ietf-cbor-packed-00.
> 
> Both of these would delay SUIT.
> 
> It would have benefits:
> 
> 1. Simplify the manifest structure (complexity moved to packed cbor)
> 2. Make the manifest smaller
> 
> 
> I see several options ahead of us:
> 1. Make no change, apply packed CBOR as and when it makes sense.
> 2. Make no change now, but plan for a v2 SUIT manifest draft
> 3. Adopt packed CBOR & simplify manifest now.
> 
> Option 1 is somewhat problematic in that it splits the ecosystem we’re trying to create. Option 2 does the same, but provides more benefits. 2 is arguably more detectable, since it’s easier to report manifest v2 support, than to report support for a specific CBOR tag within the SUIT Manifest Processor.
> 
> Option 3 delays SUIT both for updates to SUIT itself, and for the dependency on draft-ietf-cbor-packed-00.
> 
> If it weren’t for the delays, I’d go for Option 3. With the delays, I’m not sure what the right answer is. 1 & 2 fracture the ecosystem of updatable devices into “haves” and “have nots.”
> 
> I plan to discuss this tomorrow at the SUIT meeting.
> 
> 
> Best Regards,
> Brendan
> IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
> _______________________________________________
> Suit mailing list
> Suit@ietf.org
> https://www.ietf.org/mailman/listinfo/suit

v2.23.0 | Report a Bug | By Email