A Concise Binary Object Representation (CBOR)-based Serialization Format for the Software Updates for Internet of Things (SUIT) Manifest
draft-ietf-suit-manifest-25

[Ballot comment]
(Section 5) the word choice is very confusing:

"-- The manifest is structured from several key components:

The Envelope (see Section 5.1) contains the Authentication Block, the Manifest, any Severable Elements, and any Integrated Payloads."

The common sense reading of this is that the structure is recursive. The manifest contains an envelope, which contains a manifest, which contains an envelope. I think it should be "The metadata is structured"?

Similarly, the hierarchy doesn't seem quite right here. The metadata contains a bunch of stuff, including the envelope, but the envelope actually contains all the other things. So perhaps the correct way to express it is that the envelope carries the metadata, which consists of items 2 through 5. Or maybe you mean something else, in which case this needs to be rewritten even more thoroughly.

(Appendix C) s/Rational/Rationale.

[Ballot comment]

# Éric Vyncke, INT AD, comments for draft-ietf-suit-manifest-25

This is a rather superficial/high level ballot of mine (after the actual telechat) in the hope of getting enough ballots before the next IESG is seated.

Thank you for the work put into this document. It is clearly written and pretty clear. I also like the fact that the text elements are i18n per section 8.4.4.

Please find below some non-blocking COMMENT points (but replies would be appreciated even if only for my own education), and some nits.

Special thanks to Russ Housley for the shepherd's write-up including the *brief* WG consensus *but it lacks* the justification of the intended status.

I hope that this review helps to improve the document,

Regards,

-éric

# COMMENTS (non-blocking)

## Too complex for IoT

When reading (even superficially) the whole document, I wonder whether a constrained device can realistically implement the full document (power, CPU, & memory constraints), are there proof of concept ?

## Section 1

Just curious about `a device to reason`, "to reason" may be a false friend with the French "raisonner", but it seems really weird to give some reasoning power (i.e., conscience) to a device...

## Section 4.1

Is lack of correct time also a limiting factor ? Or intermittent/unstable connection ?

## Section 6.2

Isn't the section title `Required Checks` in contradiction with the first sentence `The RECOMMENDED process is to verify` ?

## Section 8.4.8.1

Should "PEN" be expanded before first use ?

## Section 8.4.8.2

It is too late to raise a DISCUSS after the IESG telechat, but what is `DNS_PREFIX` ? I found definition neither in this I-D not in RFC 4122. Should it be `DNS_SUFFIX` BTW?

`MCU` what is it ? I guess that it is not "MCU        - Multipoint Control Unit (MCU)" per https://www.rfc-editor.org/materials/abbrev.expansion.txt

# NITS (non-blocking / cosmetic)

## Wi-Fi or WiFi

It seems that Wi-Fi is usually written with an hyphen. The RFC Editor will probably check anyway.

## E.g.

Usually, "e.g." is followed by a comma.

[Ballot comment]
The shepherd writeup doesn't include the reason that PS is the right status here.

===

From Orie Steele, incoming ART Area Director:

In the abstract:

This would be clearer if the first use of "IoT" were
expanded.  (https://www.rfc-editor.org/materials/abbrev.expansion.txt
does not mark either as "well-known".)

Side note, is "Internet of Things Software Update (IoTSU)" a relevant / useful acronym here?

In Section 4.2 consider defining "pull parser", prior to using the term.

"The bootloader may add its own authentication, e.g. a Message Authentication Code (MAC), to the manifest in order to prevent further verifications."

Why?

In Section 5.3.4 "see {#ovr-integrated}," seems to be an escaped reference.

Section 5.4

Comment: "Severable Elements", seems similar to selective disclosure and elision, you might want to relate your definitions to other industry terminology.

Section 6.2

"""
If a Recipient supports groups of interdependent components (a Component Set), then it SHOULD verify that all Components in the Component Set are specified by one update,
"""

Under what circumstances can a recipient benefit from not verifying all components in the component set are specified by one update? (Why not MUST)

Noting Section 8.4.3 and Section 8.4.4 have internationalization considerations.

Section 8.4.8.10

'""
A URI Reference RFC3986 from which to fetch a resource, encoded as a text string.
"""

I believe this precludes URI's that contain unicode, you might consider borrowing some language from https://datatracker.ietf.org/doc/html/rfc9525#name-identifying-application-ser

"""
The information used to create the class-id condition (see {{uuid-identifiers)
"""

Reference typo.

Section "8.4.5.1. SUIT_Component_Identifier"

I'd prefer to see unicode considerations in this section.

in Section 11.8

Are expired Internet drafts considered acceptable "stable references" for "standards track range of point assignment"... If not, please give concrete guidance to the experts regarding managing registrations of references that expire.

"""
When specifications are not provided, the description provided needs to have sufficient information to identify what the point is being used for.
"""

Sounds like you are asking for registries that are "Expert Review" not "Specification Required", please confirm after reading:

https://datatracker.ietf.org/doc/html/rfc8126#section-4.6

Extra text in each registry section, would make all this a lot clearer, as I noted in the beginning of my comments.

In Section 11.9

Why not "application/suit-envelope+cose", under what circumstances can a suite envelope be transmitted as application/cose ?

If there will never be other expressions that are not COSE, "application/suit-envelope" seems fine.

[Ballot discuss]
Holding a DISCUSS position on behalf of IANA to ensure the issue they raised (currently shown in the tracker) is resolved.

I'm a little puzzled by the use of "nint" as a placeholder in some of the registries.  I don't understand what's going on there, and 8.4.8 (where it's apparently defined) didn't make it any clearer to me.  Can I get a little clarification?

===

From Orie Steele, incoming ART Area Director:

I have concerns with how i18n and unicode may interact with suite text strings and suite URIs.  Particularly in the case of fetching remote content.

I am also concerned about the potential IDNA issues with how UUIDs are constructed per Section 8.4.8.2.

[Ballot comment]

In the abstract:

This would be clearer if the first use of "IoT" were
expanded.  (https://www.rfc-editor.org/materials/abbrev.expansion.txt
does not mark either as "well-known".)

Side note, is "Internet of Things Software Update (IoTSU)" a relevant / useful acronym here?

In Section 4.2 consider defining "pull parser", prior to using the term.

"The bootloader may add its own authentication, e.g. a Message Authentication Code (MAC), to the manifest in order to prevent further verifications."

Why?

In Section 5.3.4 "see {#ovr-integrated}," seems to be an escaped reference.

Section 5.4

Comment: "Severable Elements", seems similar to selective disclosure and elision, you might want to relate your definitions to other industry terminology.

Section 6.2

"""
If a Recipient supports groups of interdependent components (a Component Set), then it SHOULD verify that all Components in the Component Set are specified by one update,
"""

Under what circumstances can a recipient benefit from not verifying all components in the component set are specified by one update? (Why not MUST)

Noting Section 8.4.3 and Section 8.4.4 have internationalization considerations.

Section 8.4.8.10

'""
A URI Reference RFC3986 from which to fetch a resource, encoded as a text string.
"""

I believe this precludes URI's that contain unicode, you might consider borrowing some language from https://datatracker.ietf.org/doc/html/rfc9525#name-identifying-application-ser

"""
The information used to create the class-id condition (see {{uuid-identifiers)
"""

Reference typo.

Section "8.4.5.1. SUIT_Component_Identifier"

I'd prefer to see unicode considerations in this section.

in Section 11.8

Are expired Internet drafts considered acceptable "stable references" for "standards track range of point assignment"... If not, please give concrete guidance to the experts regarding managing registrations of references that expire.

"""
When specifications are not provided, the description provided needs to have sufficient information to identify what the point is being used for.
"""

Sounds like you are asking for registries that are "Expert Review" not "Specification Required", please confirm after reading:

https://datatracker.ietf.org/doc/html/rfc8126#section-4.6

Extra text in each registry section, would make all this a lot clearer, as I noted in the beginning of my comments.

In Section 11.9

Why not "application/suit-envelope+cose", under what circumstances can a suite envelope be transmitted as application/cose ?

If there will never be other expressions that are not COSE, "application/suit-envelope" seems fine.

[Ballot discuss]
A few minor easy to resolve DISCUSSes and comments:

1) Registry Policy

      For each registry, values 0-255 are Standards Action and 256 or
        greater are Expert Review. Negative values -255 to 0 are Standards
        Action, and -256 and lower are Private Use.

        New entries to those registries need to provide a label,
        a name and a reference to a specification that describes the
        functionality.

This sounds like "Specification Required" and not "Expert Review" ?

2) Severability question

If a firmware has multiple severable parts, say PART1, TEXT1, PART2,
where PART1 and PART2 are firmware blobs that cover say different
parts of the hardware. They would be made severable. How can one detect
that PART2 has been removed or replaced with a copy of TEXT1 if one also
replaces the signature of the right part? eg would an attacker be able to
get a firmware update partially installed, leaving in a potential security
issue to exploit?

[Ballot comment]
Shouldn't [COSE_Alg] be a Normative reference?

Shouldn't all of the [I-D.ietf-suit-firmware-*] references be normative?
These are  optional, but if required/used, very normative on how to do it.
eg "if you want it encrypted, I-D.ietf-suit-firmware-encryption must be used".

        Finally, Appendix D gives a summarize of the
        mandatory-to-implement features of this specification.

That should not be in the appendix but in the main body of the document?

I find this text a bit confusing:

        [...] make the following guarantees:

        One of: 1. A [...]

        AND

        1.  Where

Might be the result of a misrender?

Section 6.4 uses a term "statement" not defined before. It really sounds
like "Command" to me, especially as one can "perform" a "statement".

Section 6.7:

        that Commands MAY be executed in parallel or out of order.

Should "or" be "and" ?

        Recipient may issue each or every command concurrently until
        the Strict Order parameter is returned to True or the Command
        Sequence ends.

This seems to invite race conditions if one concurrent command causes the
Strict Order parameter to change? What else could change the Strict Order
parameter midway a concurrent execution? Does this mean every command schedule
has to check the Strict Order parameter?

        When the manifest processor encounters any of the following
        scenarios the parallel processing MUST pause until all issued
        commands have completed

If the parallel processing pauses, wouldn't that pause the commands? I
think perhaps you mean "the parallel processing MUST not issue new commands
until all issued commands have completed" ?

        A Component MUST NOT be both a target of an operation and a
        source of data (for example, in Copy or Swap) in a Command
        Sequence where Strict Order is False.

Wouldn't this also be true when Strict Order is True?

Section 8.4.3

        suit-reference-uri is a text string that encodes a URI

What is a text string, esp. in relation to IDNs and non-ascii parts in a URI?

Section 8.4.11

Should suit-command-custom be called suit-command-custom-n with n a negative
integer? It might look from the command list there is only 1 custom command,
but there can be multiple ones.

Section 11.4 and 11.5 lists SUIT Commands/Parameters and shows a number
of Reserved fields in the middle of these new allocations. IS there
anything special with these values? Why are they reserved? Also, the text
states value 0 is skipped on purpose to detect "unset", so should value
0 not be listed as Reserved?

        A technique to efficiently compress firmware images may be standardized in the future.

Perhaps the compressing would be highly inefficient, to make decompressing highly efficient?
Maybe just remove the word "efficiently" :)

The CDDL contains:

suit-reporting-bits = &(
    suit-send-record-success : 0,
    suit-send-record-failure : 1,
    suit-send-sysinfo-success : 2,
    suit-send-sysinfo-failure : 3
)

Doesn't this mean 2 bits are used to declare a bool?
What if these contradict? Why not use a single bit?

NITS:

        see {#ovr-integrated},

Markdown misrender ?

The expert has approved the CBOR Tag registrations, but noted that the "Data Item" field should read "map." Because IANA didn't receive a positive or negative response from the authors when our Last Call review identified the Data Item as "unsigned or negative integer," and the document doesn't explicitly mention the Data Item field, we need the authors to confirm that they agree that "map" should be used (and, when possible, include it in the IANA Considerations section).

(Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs:

IANA has completed its review of draft-ietf-suit-manifest-25. If any part of this review is inaccurate, please let us know.

IANA understands that, upon approval of this document, there are ten actions which we must complete.

First, a new category will be created on the IANA Matrix called Software Update for the Internet of Things (SUIT). This will be on the IANA Matrix at:

https://www.iana.org/protocols

Within this, IANA will create a registry group called SUIT Manifests with a reference of [ RFC-to-be ].

Second, in the registry group created in the first step above, a new registry will be created called SUIT Envelope Elements. The registration policy for the new registry is:

-256 or lower Private Use
-255 to 255 Standards Action
256 or greater Expert Review

There are initial registrations in the new registry as follows:

Label Name Reference
-----+-----+------------
2 Authentication Wrapper [ RFC-to-be; Section 8.3 ]
3 Manifest [ RFC-to-be; Section 8.4 ]
16 Payload Fetch [ RFC-to-be; Section 8.4.6 ]
17 Payload Installation [ RFC-to-be; Section 8.4.6 ]
23 Text Description [ RFC-to-be; Section 8.4.4 ]

Third, in the registry group created in the first step above, a new registry will be created called SUIT Manifest Elements. The registration policy for the new registry is:

-256 or lower Private Use
-255 to 255 Standards Action
256 or greater Expert Review

There are initial registrations in the new registry as follows:

Label Name Reference
-----+-----+-----------
1 Encoding Version [ RFC-to-be; Section 8.4.1 ]
2 Sequence Number [ RFC-to-be; Section 8.4.2 ]
3 Common Data [ RFC-to-be; Section 8.4.5 ]
4 Reference URI [ RFC-to-be; Section 8.4.3 ]
7 Image Validation [ RFC-to-be; Section 8.4.6 ]
8 Image Loading [ RFC-to-be; Section 8.4.6 ]
9 Image Invocation [ RFC-to-be; Section 8.4.6 ]
16 Payload Fetch [ RFC-to-be; Section 8.4.6 ]
17 Payload Installation [ RFC-to-be; Section 8.4.6 ]
23 Text Description [ RFC-to-be; Section 8.4.4 ]

Fourth, in the registry group created in the first step above, a new registry will be created called SUIT Common Elements. The registration policy for the new registry is:

-256 or lower Private Use
-255 to 255 Standards Action
256 or greater Expert Review

There are initial registrations in the new registry as follows:

Label Name Reference
-----+-----+-----------
2 Component Identifiers [ RFC-to-be; Section 8.4.5 ]
4 Common Command Sequence [ RFC-to-be; Section 8.4.5 ]

Fifth, in the registry group created in the first step above, a new registry will be created called SUIT Commands. The registration policy for the new registry is:

-256 or lower Private Use
-255 to 255 Standards Action
256 or greater Expert Review

There are initial registrations in the new registry as follows:

Label Name Reference
-----+-----+-----------
1 Vendor Identifier [ RFC-to-be; Section 8.4.9.1 ]
2 Class Identifier [ RFC-to-be; Section 8.4.9.1 ]
3 Image Match [ RFC-to-be; Section 8.4.9.2 ]
4 Reserved
5 Component Slot [ RFC-to-be; Section 8.4.9.4 ]
6 Check Content [ RFC-to-be; Section 8.4.9.3 ]
12 Set Component Index [ RFC-to-be; Section 8.4.10.1 ]
13 Reserved
14 Abort
15 Try Each [ RFC-to-be; Section 8.4.10.2 ]
16 Reserved
17 Reserved
18 Write Content [ RFC-to-be; Section 8.4.10.6 ]
19 Reserved
20 Override Parameters [ RFC-to-be; Section 8.4.10.3 ]
21 Fetch [ RFC-to-be; Section 8.4.10.4 ]
22 Copy [ RFC-to-be; Section 8.4.10.5 ]
23 Invoke [ RFC-to-be; Section 8.4.10.7 ]
24 Device Identifier [ RFC-to-be; Section 8.4.9.1 ]
25 Reserved
26 Reserved
27 Reserved
28 Reserved
29 Reserved
30 Reserved
31 Swap [ RFC-to-be; Section 8.4.10.9 ]
32 Run Sequence [ RFC-to-be; Section 8.4.10.8 ]
33 Reserved
nint Custom Command [ RFC-to-be; Section 8.4.11 ]

Sixth, in the registry group created in the first step above, a new registry will be created called SUIT Parameters. The registration policy for the new registry is:

-256 or lower Private Use
-255 to 255 Standards Action
256 or greater Expert Review

There are initial registrations in the new registry as follows:

Label Name Reference
-----+-----+-----------
1 Vendor ID [ RFC-to-be; Section 8.4.8.3 ]
2 Class ID [ RFC-to-be; Section 8.4.8.4 ]
3 Image Digest [ RFC-to-be; Section 8.4.8.6 ]
4 Reserved
5 Component Slot [ RFC-to-be; Section 8.4.8.8 ]
12 Strict Order [ RFC-to-be; Section 8.4.8.14 ]
13 Soft Failure [ RFC-to-be; Section 8.4.8.15 ]
14 Image Size [ RFC-to-be; Section 8.4.8.7 ]
18 Content [ RFC-to-be; Section 8.4.8.9 ]
19 Reserved
20 Reserved
21 URI [ RFC-to-be; Section 8.4.8.10 ]
22 Source Component [ RFC-to-be; Section 8.4.8.11 ]
23 Invoke Args [ RFC-to-be; Section 8.4.8.12 ]
24 Device ID [ RFC-to-be; Section 8.4.8.5 ]
26 Reserved
27 Reserved
28 Reserved
29 Reserved
30 Reserved
nint Custom [ RFC-to-be; Section 8.4.8.16 ]

Seventh, in the registry group created in the first step above, a new registry will be created called SUIT Text Values. The registration policy for the new registry is:

-256 or lower Private Use
-255 to 255 Standards Action
256 or greater Expert Review

There are initial registrations in the new registry as follows:

Label Name Reference
-----+-----+-----------
1 Manifest Description [ RFC-to-be; Section 8.4.4 ]
2 Update Description [ RFC-to-be; Section 8.4.4 ]
3 Manifest JSON Source [ RFC-to-be; Section 8.4.4 ]
4 Manifest YAML Source [ RFC-to-be; Section 8.4.4 ]
nint Custom [ RFC-to-be; Section 8.4.4 ]

Eighth, in the registry group created in the first step above, a new registry will be created calle SUIT Component Text Values. The registration policy for the new registry is:

-256 or lower Private Use
-255 to 255 Standards Action
256 or greater Expert Review

There are initial registrations in the new registry as follows:

Label Name Reference
-----+-----+-----------
1 Vendor Name [ RFC-to-be; Section 8.4.4 ]
2 Model Name [ RFC-to-be; Section 8.4.4 ]
3 Vendor Domain [ RFC-to-be; Section 8.4.4 ]
4 Model Info [ RFC-to-be; Section 8.4.4 ]
5 Component Description [ RFC-to-be; Section 8.4.4 ]
6 Component Version [ RFC-to-be; Section 8.4.4 ]
7 Component Version Required [ RFC-to-be; Section 8.4.4 ]
nint Custom [ RFC-to-be; Section 8.4.4 ]

Ninth, in the application namespace of the Media Types registry located at:

https://www.iana.org/assignments/media-types/

a single new registration will be made as follows:

Name: suit-envelope
Template: [ TBD-at-Registration ]
Reference: [ RFC-to-be ]

Tenth, in the CBOR Tags registry in the Concise Binary Object Representation (CBOR) Tags registry group located at:

https://www.iana.org/assignments/cbor-tags/

two new CBOR Tags will be registered as follows:

Tag: [ TBD-at-Registration ]
Data Item: Unsigned or negative integer
Semantics: SUIT Envelope
Reference: [ RFC-to-be ]

Tag: [ TBD-at-Registration ]
Data Item: Unsigned or negative integer
Semantics: SUIT Manifest
Reference: [ RFC-to-be ]

IANA understands that the authors request values 107 and 1070 for the Tags for these registrations.

As this document requests registrations in an Expert Review or Specification Required (see RFC 8126) registry, we have initiated the required Expert Review via a separate request. This review must be completed before the document's IANA state can be changed to "IANA OK."

We understand that these are the only actions required to be completed upon approval of this document.

NOTE: The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is meant only to confirm the list of actions that will be performed.

For definitions of IANA review states, please see:

https://datatracker.ietf.org/help/state/draft/iana-review

Thank you,

David Dong
IANA Services Sr. Specialist

The following Last Call announcement was sent out (ends 2024-02-21):

From: The IESG
To: IETF-Announce
CC: David Waltermire , draft-ietf-suit-manifest@ietf.org, housley@vigilsec.com, rdd@cert.org, suit-chairs@ietf.org, suit@ietf.org
Reply-To: last-call@ietf.org
Sender:
Subject: Last Call:  (A Concise Binary Object Representation (CBOR)-based Serialization Format for the Software Updates for Internet of Things (SUIT) Manifest) to Proposed Standard


The IESG has received a request from the Software Updates for Internet of
Things WG (suit) to consider the following document: - 'A Concise Binary
Object Representation (CBOR)-based Serialization
  Format for the Software Updates for Internet of Things (SUIT)
  Manifest'
  as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
last-call@ietf.org mailing lists by 2024-02-21. Exceptionally, comments may
be sent to iesg@ietf.org instead. In either case, please retain the beginning
of the Subject line to allow automated sorting.

Abstract


  This specification describes the format of a manifest.  A manifest is
  a bundle of metadata about code/data obtained by a recipient (chiefly
  the firmware for an IoT device), where to find the code/data, the
  devices to which it applies, and cryptographic information protecting
  the manifest.  Software updates and Trusted Invocation both tend to
  use sequences of common operations, so the manifest encodes those
  sequences of operations, rather than declaring the metadata.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-suit-manifest/


The following IPR Declarations may be related to this I-D:

  https://datatracker.ietf.org/ipr/5921/
  https://datatracker.ietf.org/ipr/5892/
  https://datatracker.ietf.org/ipr/5075/
  https://datatracker.ietf.org/ipr/3799/
  https://datatracker.ietf.org/ipr/6008/
  https://datatracker.ietf.org/ipr/5881/



The document contains these normative downward references.
See RFC 3967 for additional information:
    rfc9019: A Firmware Update Architecture for Internet of Things (Informational - Internet Engineering Task Force (IETF))
    rfc9124: A Manifest Information Model for Firmware Updates in Internet of Things (IoT) Devices (Informational - Internet Engineering Task Force (IETF))
    rfc9054: CBOR Object Signing and Encryption (COSE): Hash Algorithms (Informational - Internet Engineering Task Force (IETF))

Shepherd Write-up for draft-ietf-suit-manifest-21


(1) What type of RFC is being requested (BCP, Proposed Standard, Internet
Standard, Informational, Experimental, or Historic)?  Why is this the
proper type of RFC?  Is this type of RFC indicated in the title page
header?

  Proposed Standard.  Yes, the header calls for a Standards Track RFC.


(2) The IESG approval announcement includes a Document Announcement
Write-Up.  Please provide such a Document Announcement Write-Up.  Recent
examples can be found in the "Action" announcements for approved
documents.  The approval announcement contains the following sections:

  Technical Summary:

  This specification describes the format of a SUIT manifest.  A
  manifest is a bundle of metadata about code and data obtained by a
  recipient, chiefly the firmware for an IoT device.  The manifest
  tells the recipient where to find the code and data, the devices to
  which it applies, and cryptographic information protecting the
  manifest.  Software updates and trusted invocation both tend to use
  sequences of common operations, so the manifest encodes those
  sequences of operations, rather than simply declaring the metadata.

  Working Group Summary:

  There is consensus for this document in the SUIT WG.

  Document Quality:

  Projects at the IETF Hackathon have informed this document.
   
  Personnel:

  Russ Housley is the document shepherd.
  Roman Danyliw is the responsible area director.


(3) Briefly describe the review of this document that was performed by
the Document Shepherd.  If this version of the document is not ready for
publication, please explain why the document is being forwarded to the
IESG.

  The document shepherd did a thorough review of the document during
  WG Last Call.  All issues that were raised during WG Last Call have
  been resolved.

  Some IPR was disclosed at the beginning of 2023.  That IPR disclosure
  was highlighted on the WG mailing list, and after several weeks no
  one has raise IPR concerns.

(4) Does the document Shepherd have any concerns about the depth or
breadth of the reviews that have been performed?

  No concerns.


(5) Do portions of the document need review from a particular or from
broader perspective, e.g., security, operational complexity, AAA, DNS,
DHCP, XML, or internationalization?  If so, describe the review that took
place.

  No concerns.


(6) Describe any specific concerns or issues that the Document Shepherd
has with this document that the Responsible Area Director and/or the IESG
should be aware of?  For example, perhaps he or she is uncomfortable with
certain parts of the document, or has concerns whether there really is a
need for it.  In any event, if the WG has discussed those issues and has
indicated that it still wishes to advance the document, detail those
concerns here.

  No concerns.


(7) Has each author confirmed that any and all appropriate IPR
disclosures required for full conformance with the provisions of BCP 78
and BCP 79 have already been filed.  If not, explain why?

The authors have explicitly stated that all known IPR has been
disclosed.


(8) Has an IPR disclosure been filed that references this document?  If
so, summarize any WG discussion and conclusion regarding the IPR
disclosures.

  See https://datatracker.ietf.org/ipr/5075/ and
  https://datatracker.ietf.org/ipr/5921/.

  No one raised any concerns regarding these IPR disclosures.


(9) How solid is the WG consensus behind this document?  Does it
represent the strong concurrence of a few individuals, with others being
silent, or does the WG as a whole understand and agree with it?

  There is consensus for this document in the SUIT WG.


(10) Has anyone threatened an appeal or otherwise indicated extreme
discontent?  If so, please summarise the areas of conflict in separate
email messages to the Responsible Area Director.  (It should be in a
separate email because this questionnaire is publicly available.)

  No one has threatened an appeal.


(11) Identify any ID nits the Document Shepherd has found in this
document.  (See http://www.ietf.org/tools/idnits/ and the Internet-Drafts
Checklist).  Boilerplate checks are not enough; this check needs to be
thorough.

  There are a few lines longer that 73 characters in the text.


(12) Describe how the document meets any required formal review criteria,
such as the MIB Doctor, media type, and URI type reviews.

  No special reviews are needed.  CBOR experts have looked at
  Appendix A.


(13) Have all references within this document been identified as either
normative or informative?

  Yes.


(14) Are there normative references to documents that are not ready for
advancement or are otherwise in an unclear state?  If such normative
references exist, what is the plan for their completion?

  No.


(15) Are there downward normative references references (see RFC 3967)?
If so, list these downward references to support the Area Director in the
Last Call procedure.

  There are no downward normative references.


(16) Will publication of this document change the status of any existing
RFCs?  Are those RFCs listed on the title page header, listed in the
abstract, and discussed in the introduction?  If the RFCs are not listed
in the Abstract and Introduction, explain why, and point to the part of
the document where the relationship of this document to the other RFCs is
discussed.  If this information is not in the document, explain why the
WG considers it unnecessary.

  No.


(17) Describe the Document Shepherd's review of the IANA considerations
section, especially with regard to its consistency with the body of the
document.  Confirm that all protocol extensions that the document makes
are associated with the appropriate reservations in IANA registries.
Confirm that any referenced IANA registries have been clearly identified.
Confirm that newly created IANA registries include a detailed
specification of the initial contents for the registry, that allocations
procedures for future registrations are defined, and a reasonable name
for the new registry has been suggested (see RFC 5226).

  Section 11 describes assignments in existing IANA registries and
  calls for the creation of new registries.  Expert Review Instructions
  are provided for the new registries.


(18) List any new IANA registries that require Expert Review for future
allocations.  Provide any public guidance that the IESG would find useful
in selecting the IANA Experts for these new registries.

  Section 11 calls for the creation of several new registries, and
  Section 11.8 provides Expert Review Instructions for the new
  registries.


(19) Describe reviews and automated checks performed by the Document
Shepherd to validate sections of the document written in a formal
language, such as XML code, BNF rules, MIB definitions, etc.

  None are needed.

Shepherd Write-up for draft-ietf-suit-manifest-21


(1) What type of RFC is being requested (BCP, Proposed Standard, Internet
Standard, Informational, Experimental, or Historic)?  Why is this the
proper type of RFC?  Is this type of RFC indicated in the title page
header?

  Proposed Standard.  Yes, the header calls for a Standards Track RFC.


(2) The IESG approval announcement includes a Document Announcement
Write-Up.  Please provide such a Document Announcement Write-Up.  Recent
examples can be found in the "Action" announcements for approved
documents.  The approval announcement contains the following sections:

  Technical Summary:

  This specification describes the format of a SUIT manifest.  A
  manifest is a bundle of metadata about code and data obtained by a
  recipient, chiefly the firmware for an IoT device.  The manifest
  tells the recipient where to find the code and data, the devices to
  which it applies, and cryptographic information protecting the
  manifest.  Software updates and trusted invocation both tend to use
  sequences of common operations, so the manifest encodes those
  sequences of operations, rather than simply declaring the metadata.

  Working Group Summary:

  There is consensus for this document in the SUIT WG.

  Document Quality:

  Projects at the IETF Hackathon have informed this document.
   
  Personnel:

  Russ Housley is the document shepherd.
  Roman Danyliw is the responsible area director.


(3) Briefly describe the review of this document that was performed by
the Document Shepherd.  If this version of the document is not ready for
publication, please explain why the document is being forwarded to the
IESG.

  The document shepherd did a thorough review of the document during
  WG Last Call.  All issues that were raised during WG Last Call have
  been resolved.

  Some IPR was disclosed at the beginning of 2023.  That IPR disclosure
  was highlighted on the WG mailing list, and after several weeks no
  one has raise IPR concerns.

(4) Does the document Shepherd have any concerns about the depth or
breadth of the reviews that have been performed?

  No concerns.


(5) Do portions of the document need review from a particular or from
broader perspective, e.g., security, operational complexity, AAA, DNS,
DHCP, XML, or internationalization?  If so, describe the review that took
place.

  No concerns.


(6) Describe any specific concerns or issues that the Document Shepherd
has with this document that the Responsible Area Director and/or the IESG
should be aware of?  For example, perhaps he or she is uncomfortable with
certain parts of the document, or has concerns whether there really is a
need for it.  In any event, if the WG has discussed those issues and has
indicated that it still wishes to advance the document, detail those
concerns here.

  No concerns.


(7) Has each author confirmed that any and all appropriate IPR
disclosures required for full conformance with the provisions of BCP 78
and BCP 79 have already been filed.  If not, explain why?

The authors have explicitly stated that all known IPR has been
disclosed.


(8) Has an IPR disclosure been filed that references this document?  If
so, summarize any WG discussion and conclusion regarding the IPR
disclosures.

  See https://datatracker.ietf.org/ipr/5075/ and
  https://datatracker.ietf.org/ipr/5921/.

  No one raised any concerns regarding these IPR disclosures.


(9) How solid is the WG consensus behind this document?  Does it
represent the strong concurrence of a few individuals, with others being
silent, or does the WG as a whole understand and agree with it?

  There is consensus for this document in the SUIT WG.


(10) Has anyone threatened an appeal or otherwise indicated extreme
discontent?  If so, please summarise the areas of conflict in separate
email messages to the Responsible Area Director.  (It should be in a
separate email because this questionnaire is publicly available.)

  No one has threatened an appeal.


(11) Identify any ID nits the Document Shepherd has found in this
document.  (See http://www.ietf.org/tools/idnits/ and the Internet-Drafts
Checklist).  Boilerplate checks are not enough; this check needs to be
thorough.

  There are a few lines longer that 73 characters in the text.


(12) Describe how the document meets any required formal review criteria,
such as the MIB Doctor, media type, and URI type reviews.

  No special reviews are needed.  CBOR experts have looked at
  Appendix A.


(13) Have all references within this document been identified as either
normative or informative?

  Yes.


(14) Are there normative references to documents that are not ready for
advancement or are otherwise in an unclear state?  If such normative
references exist, what is the plan for their completion?

  No.


(15) Are there downward normative references references (see RFC 3967)?
If so, list these downward references to support the Area Director in the
Last Call procedure.

  There are no downward normative references.


(16) Will publication of this document change the status of any existing
RFCs?  Are those RFCs listed on the title page header, listed in the
abstract, and discussed in the introduction?  If the RFCs are not listed
in the Abstract and Introduction, explain why, and point to the part of
the document where the relationship of this document to the other RFCs is
discussed.  If this information is not in the document, explain why the
WG considers it unnecessary.

  No.


(17) Describe the Document Shepherd's review of the IANA considerations
section, especially with regard to its consistency with the body of the
document.  Confirm that all protocol extensions that the document makes
are associated with the appropriate reservations in IANA registries.
Confirm that any referenced IANA registries have been clearly identified.
Confirm that newly created IANA registries include a detailed
specification of the initial contents for the registry, that allocations
procedures for future registrations are defined, and a reasonable name
for the new registry has been suggested (see RFC 5226).

  Section 11 describes assignments in existing IANA registries and
  calls for the creation of new registries.  Expert Review Instructions
  are provided for the new registries.


(18) List any new IANA registries that require Expert Review for future
allocations.  Provide any public guidance that the IESG would find useful
in selecting the IANA Experts for these new registries.

  Section 11 calls for the creation of several new registries, and
  Section 11.8 provides Expert Review Instructions for the new
  registries.


(19) Describe reviews and automated checks performed by the Document
Shepherd to validate sections of the document written in a formal
language, such as XML code, BNF rules, MIB definitions, etc.

  None are needed.

Changed document external resources from:

github_repo https://github.com/suit-wg/manifest-spec
related_implementations https://github.com/ARMmbed/suit-manifest-generator (Python implementation: Manifest Generator)
related_implementations https://github.com/yuichitk/libcsuit/ (C implementation: Manifest Parser)

to:

github_repo https://github.com/suit-wg/manifest-spec
related_implementations https://github.com/ARMmbed/suit-manifest-generator (Python implementation: Manifest Generator)
related_implementations https://github.com/yuichitk/libcsuit/ (C implementation: Manifest Generator and Parser)

Changed document external resources from:

github_repo https://github.com/suit-wg/manifest-spec
related_implementations https://github.com/ARMmbed/suit-manifest-generator (C implementation: Manifest Generator)
related_implementations https://github.com/yuichitk/libcsuit/ (C implementation: Manifest Parser)

to:

github_repo https://github.com/suit-wg/manifest-spec
related_implementations https://github.com/ARMmbed/suit-manifest-generator (Python implementation: Manifest Generator)
related_implementations https://github.com/yuichitk/libcsuit/ (C implementation: Manifest Parser)

Changed document external resources from:

github_repo https://github.com/suit-wg/manifest-spec
related_implementations https://github.com/ARMmbed/suit-manifest-generator ("Manifest Generator")
related_implementations https://github.com/yuichitk/libcsuit/

to:

github_repo https://github.com/suit-wg/manifest-spec
related_implementations https://github.com/ARMmbed/suit-manifest-generator (C implementation: Manifest Generator)
related_implementations https://github.com/yuichitk/libcsuit/ (C implementation: Manifest Parser)