[Teep] SUIT manifest in TEEP: tagged or not?
Dave Thaler <dthaler@microsoft.com> Fri, 21 October 2022 16:34 UTC
Return-Path: <dthaler@microsoft.com>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 519DDC152597 for <teep@ietfa.amsl.com>; Fri, 21 Oct 2022 09:34:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.68
X-Spam-Level:
X-Spam-Status: No, score=-7.68 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.571, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JDHkejYrcqMM for <teep@ietfa.amsl.com>; Fri, 21 Oct 2022 09:33:57 -0700 (PDT)
Received: from na01-obe.outbound.protection.outlook.com (mail-westcentralusazlp170120005.outbound.protection.outlook.com [IPv6:2a01:111:f403:c112::5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 220CEC1526E6 for <teep@ietf.org>; Fri, 21 Oct 2022 09:31:48 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kv3a6Ux3VvAZmkbo4DjYDPiKTBmh1AaDvx2kmg+ye4Px5Rb2Em0KQcGDVi3JamUWCCULOqmGCd/tKVxPVg7IFbtYf3UHjBvcVQKhaQ7kMWuEzPOK0TpiDMhq5qmVp6tlIUGZcbLzIMoJ+0RBdKq2Zi0fgacoqBNDy6nIlT4nFxbw6JhoX9oP7sVlHlOY8wJvPqV3DaaiQ6qwRbxW2ps/EhXk1bA1Wey7ie3yFkXwTBIzJnKGOUdebqznFQ+PuSy4HSDggUfb/GNV2kvB4xvALTaW/52G3BHgKnjgTrp4uGuwL5MM0I8eeil/dH2qdT1XroBFt+sdaal/NzC4IP4C+Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Bp6xyKparUyZOCx0IH7xf7OTpY/Qm7FyOHVcrLBGbEo=; b=Grpplxlz3PCRAKyLZGo+ItfFEMr1AvdzIq5h8ClXejKKy0m5w+cZkUrtgE77nsiVo4oH56EfocS+EAIT7YHMp0HrzZf5nUJzwuUyWg8E3qZXO+8kmiw1vgweab2A0GkXr6k1eTNs+qBrVTiQ0S9y69SMW0PmrAxVSW/nwEibF+KvYJUSn83ofFNDA3/9lpnU81oy5Na9B2k0eVtilfvj+LzRxJNEvbqLamrQtSrmBV8SNphzX9n8VJtZj8o5vXWc+IydE7RVGf/Mmtckbf5ns/uqRWB9SfapE31YsaeWpU0OPfMvk8FNYut6cQGejtz1xPsBgLvubu3zQiJ97j755Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Bp6xyKparUyZOCx0IH7xf7OTpY/Qm7FyOHVcrLBGbEo=; b=QIyZwF68GxWjjeVmpnVRRraWxWOzzcqoV2U4ZaO+ZkuJ2bapOXrxUAauUfiR/uct9uTuABFah6JIluGh0eJG1pxz4H6q5Scau3VVw0vm6iLtbkePOx7UeK8FLEDarY0I1itZ41F100+/iWx1Mkr4X2s+PHhhd30ItnHXeTedAyc=
Received: from DM4PR21MB3440.namprd21.prod.outlook.com (2603:10b6:8:ad::14) by BY5PR21MB1475.namprd21.prod.outlook.com (2603:10b6:a03:233::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5746.17; Fri, 21 Oct 2022 16:31:45 +0000
Received: from DM4PR21MB3440.namprd21.prod.outlook.com ([fe80::5a88:f55c:9d88:4ac2]) by DM4PR21MB3440.namprd21.prod.outlook.com ([fe80::5a88:f55c:9d88:4ac2%2]) with mapi id 15.20.5746.006; Fri, 21 Oct 2022 16:31:45 +0000
From: Dave Thaler <dthaler@microsoft.com>
To: "TEEP@ietf.org" <teep@ietf.org>
Thread-Topic: SUIT manifest in TEEP: tagged or not?
Thread-Index: AdjlapmdBLnQC31OTxGNtNuvas9rWQ==
Date: Fri, 21 Oct 2022 16:31:45 +0000
Message-ID: <DM4PR21MB344007E690C947E9334E2DBEA32D9@DM4PR21MB3440.namprd21.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=79d507f3-6de1-4d16-ae6b-63d467d19a96; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2022-10-21T16:23:00Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=microsoft.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DM4PR21MB3440:EE_|BY5PR21MB1475:EE_
x-ms-office365-filtering-correlation-id: f59b22c5-6328-4cf9-6ebf-08dab381be85
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 4JmpKofs/dwmNOqFfU0DRHMP79xRl45l0XJ9rU7dNd/TiSbkMsXOUHBbMzFmKqqlIhUgEX5VjGnv3BplvD0F9e07GezggQxXsMe0MHT7DB5qgZ1tP+vCYCokpmBxzwQvK1iuZJt9mxrTcdvhFIQ9hZA5SGUI8z7LvTkj0fF3JjPRfRbTNCxcR0p0vToGmAwuVtsNWje5oemSmK+hIOA6J60cZqJn8nm21/o1Lk/7c1SdxI4fGefbVSD9dbYKBE3OBCN155hxcaEBPzTF0Mj2kzBhgw+k98lyF+H/fyaXAuUpL4oi/M1idzGs6+w19TjfpvITCONIt3VBOCOXXNUJznQApy3v9tKvtyviYFDgkBXx4tlC3a1q3zNnu2P8WzTtK0Pd7RjF9KGDhEeSvz1ATsNoHBCqP1fJhlsYOT8S/lIHcCftLmJqinN4dDBG7MWfC3Hh35sDJmTnDffGpe0QxTGykErBFaU5Lmh7JyCZelqjEYe567Ov5WdyLFyIyjBH7rjrZZVkp3ZEap5kZKE2AHvrwrClm52Gew5QezyiVx+p7XsTpVIli1bDhQjSXEORUzI64DaZ69XPiG9FH5vkDOw5NiEGiF5mD0r4o6Ff/qN5xn0/1U1iclUylcN9J1DHhOd5Kq+I/dsbvx5J273Si96d2FfF3w7FA+Nhfy+FK0nUIxZsTutG67varWItxBLQowaAostSs7bsUUzO7pvCn0fVz+iMc+m4p8O0xkUtZ+9jTHhh5mPXEbLHWhOvAZYZwExCB+Udzi/sZD0REfIKRs/KMAff3JZAnvn0GitDlxMXYmo2BkFoY5u+x14CLT0hNtInmQatdR4swNmdjG9a0LqEqFkEo0R8G4JyzjmYAR0DwMzftQwpZ9tNSEg7TPFL
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM4PR21MB3440.namprd21.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(376002)(346002)(136003)(366004)(39860400002)(396003)(451199015)(38070700005)(55016003)(166002)(10290500003)(71200400001)(478600001)(86362001)(122000001)(8676002)(2906002)(316002)(8936002)(8990500004)(5660300002)(6916009)(186003)(9686003)(26005)(33656002)(76116006)(66556008)(82960400001)(82950400001)(38100700002)(64756008)(52536014)(6506007)(7696005)(66476007)(83380400001)(41300700001)(66946007)(66446008); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: mqqQz1oIgUzqaEj4H/DbCV0Mc3ToOqSfDxcblOs3hEKafVzc6yceb/9clVIYgXFI4xqYbfP3R4oCkzmBRWuo/mWQekujSsfEix9HKfuLvO0gI5wntcZQcVXajo2F8DRDKU7ewMIr6VLcxjwtUSACY31Rkyu/OOn0oOob+baLzjGHjA4Wg8qgIbgC2YWfS487um7y/WtenPrZQdlPKeTmxBPkGs/G0eFnvmrQk7+9xa6R0pwU5fcV1SJ01ZKYmqrxzmKiMlxvnUnYy82F0cAug4Rxn2O+BkfeG1mQaS6mMazI00TUsyCBdiCnTFieX5IHcGRIYSpK8kHNKVvV9tlypM5ctcUogRiRUS0s5PpQoUDfjjTxu1PZnmkVgPjx07BmzkcYUIS+XJ6vJPe9yPJJPB3N88/Cw8MG8Pgpql+P4zr3Tm0a+IMgGfcuHcoso7Lb+3WWwxHw3te58w7dHxmXHUuwLAmp/8T93tSHXIXNdGvNxp/aKKRzwFZt5TaiydBoo6x3icTGh8M3vWgVoW2HkNDgHG3Xb0Y/B0st+knQ04PAw2RKMIBr3Ij1WhXGfe7lEgsSC03IIMAIQvAQQ+mR95ly9sENzL2+iBrVnCdQiF+wjMhY2BFobPA02FG+I6yg7vjcTmhtD1DiXLEkG7GKI+yRwQto6sHYPLpXNijlhqzpCTLkW4VEV9Fd3wrXB6B1yrBrdhYjuDgnk6QY/MvVd+Jjx03k5XC7PJCH/molEK8B0KojF7bLqYh68eNdeU3sOEj8qV7umnAUPWJrqVfjlKi+zxZ3GnrE74lGa6Pt/7Vn5U+fGp8J9/zZ/QVGmdDCo1lS36xLn9eHd/vwKk+HHq4pV+fAkjC0Gdl/W7IrY5M+dwZbuaamzxk7/AHEFbsm6Dvi7clfrZlzVhnMCRRV4DpYjrAp45THR/NmDy+sQenJW/gOurc1G1J4AU/XApeCdkdJ8ThOvGQoW8GIToH9XYq7EpPTney+hE00sATcNZ+YhSutniD1cSxpNfWgrUKewmhBycO2pWK6n5I89s8QPfTiBCFUVKHUQakBSnE84Q+THWj3LnibJwvxXCbi80hMkRduBjhtO8alUg8dGaiLwFxxGUARMY2pJDEP+TBGLeexH0p1GjrM8az3n9kwcMNah1UCx5DYkTpvQ7Tir8pobVtnexqTTBkzT8xKjp5kUXHx8V6UfCkNuiYzcd7/VAhu1BoZDWJKP5q2SUACIWYnYQTdgInfJpZqZ9urw03HjIHgqukbcWmEXLpF0FN2RkClpuUihNzrqesc2txcZa0PTl4RneC2m4HFndCAo03eQXZIRm9K/G1OGz4ffUzeGI+ot0jWcPO6IgKzMY7ayANrFefkq3Kqd+yT8K5Ak8uUOPJEHM2gwvxRGtxiQj5Qw8HRRUq/mFECoehjQMSkiOqbfOYNQAnn3FEj5SMueJ8hMsHgj4Bz+ck5lRykI21SoHhv/yM/1Rei9PmPRRvfJXuGZQfgwGcd7ugmWeJdgm78meiGQNO1r7j35/GrNXkmDJVbZmzC3VGsIopATAtzSPqj2bvTYeg21struIcLQ+6eMbKqazcYaRI73bNMr3pn0p76T5WL443MLTQkeI5Kpm3XDA==
Content-Type: multipart/alternative; boundary="_000_DM4PR21MB344007E690C947E9334E2DBEA32D9DM4PR21MB3440namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM4PR21MB3440.namprd21.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f59b22c5-6328-4cf9-6ebf-08dab381be85
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Oct 2022 16:31:45.4759 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Hrn3/ENN+306vk9TVBAB2RFX4X8z7AQop5oA8vygZ9MJhMvIYLmeh1Fqu/vzWrmB2nz75kLJO4C5YiT5wX++Ddes8TBHGWalO3IDCryEMz0=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR21MB1475
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/9N4VY3CfvSHdHEuWVw7ZpxMuT78>
Subject: [Teep] SUIT manifest in TEEP: tagged or not?
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Oct 2022 16:34:02 -0000
Bringing this github discussion to the mailing list for everyone to see and weigh in on... draft-ietf-teep-protocol-10 contains contradictions where some places in the document say the SUIT manifests do not require a CBOR tag but just use SUIT_Envelope directly, and other places show it using the CBOR tag with SUIT_Envelope_Tagged. In CDDL contradictions * Issue #262 * ietf-teep/teep-protocol (github.com)<https://github.com/ietf-teep/teep-protocol/issues/262>... Ken Takayama wrote: > I think using + bstr .cbor SUIT_Envelope_Tagged is better because: > * we can distinguish SUIT Manifest from other CBOR-based manifests (currently there is no such manifest though) > * the tag consumes only 2 bytes > * existing SUIT Manifest generator (suit-tool by Arm and libcsuit by me) creates tagged manifest binary I wrote: > * No other format is currently permitted. SUIT_Envelope in the production requires it > to be SUIT. Are you saying you think we should allow for other manifest formats? > That's possible if we change lots of other things in the spec, but would be a big > enough change I wouldn't do it without a WG discussion on that topic first. Hence > at present there is no need for SUIT_Envelope_Tagged. > * We can save 2 bytes per manifest by not adding the tag which is not needed, just > like we removed the COSE tag. > * That's an issue for the suit-tool to fix by adding an appropriate option. > Filed ARMmbed/suit-manifest-generator#46<https://github.com/ARMmbed/suit-manifest-generator/issues/46> Akira wrote: > The main reason we decided to not to use COSE Tags on TEEP-Message was that > we did not have the bandwidth for creating a new tag number and register to IANA > registry that time. I don't believe that's why. I think it's because they're unnecessary here and just make messages longer (just like the SUIT envelope tag). > The SUIT Manifest already has an assigned tag by the effort of SUIT working group, > so I am perfectly fine using the tag only for the SUIT Manifest which do not effect > on implementation which uses a tag on SUIT manifest and not using any tag on > entire TEEP massage. What do others think? Dave
- [Teep] SUIT manifest in TEEP: tagged or not? Dave Thaler