Minutes IETF104: suit

Meeting Minutes Software Updates for Internet of Things (suit) WG
Title Minutes IETF104: suit
State Active
Other versions plain text
Last updated 2019-04-16

Meeting Minutes

   SUIT Working Group at IETF 104 in Prague, CZ
WEDNESDAY, 27 March 2019 at 0900

Jabber: xmpp:suit@jabber.ietf.org?join
MeetEcho: https://www.meetecho.com/ietf104/suit
Etherpad: https://etherpad.tools.ietf.org/p/notes-ietf-104-suit

WG Chairs: David Waltermire (NIST),
           Dave Thaler (Microsoft),
           Russ Housley (Vigil Security)

09:00 Agenda bashing, Logistics -- Chairs



09:04 Liaison Statement from ITU-T SG17

Liaison statement: https://datatracker.ietf.org/liaison/1626/

David Waltermire presented overview.

Brendan Moran (ARM): The status tracker need a much better definition.
  There is text in the document stating that a status tracker can reside
  inside a status tracker. What does that mean?

Juan-Carlos Zuniga (SIGFOX): This is a good start.

Vasily Dolmatov (Kryptonite): If the document is wrong, ITU-T has a way
  to stop the process.

David Waltermire: Do individuals need to be members of SG17 to

Vasily Dolmatov: Contributions can come from member states and sector
  members, which includes most large companies.


09:20 Hackathon Report -- Emmanuel Baccelli



09:24 SUIT Architecture -- Hannes Tschofenig

Internet-Draft: draft-ietf-suit-architecture

About 15 people indicated that they had read this draft.

Hannes Tschofenig (ARM) said that he will update the draft today.  Once
it is posted, WG Last Call can begin, which happened during the session.


09:29 SUIT Information Model -- Brendan Moran

Internet-Draft: draft-ietf-suit-information-model

Chairs asked whether the document this is ready for WG Last Call.

Brendan Moran (ARM): I have received some editorial comments that I need
  to address.

David Wheeler (Intel): I will send comments on this document within the
  next couple of weeks.

Chairs proposed to begin four-week WG Last Call, which should allow time
  for people to get caught up after the IETF meeting and then review the

Brendan Moran will update the document by Friday, and then four-week WG
  Last Call will begin.


09:34 SUIT Manifest Format(s) -- Brendan Moran

Internet-Draft: draft-moran-suit-manifest-04

David Wheeler: The URI needs to tell where to get the resource and a key.
  That may mean it needs to be signed.

Brendan Moran: We could solve that by adding another command.

Brendan Moran: With this new model, capability reporting is dramatically

Emmanuel Baccelli (INRIA): We see a significant increase in code size in
  this version.  Based on our Hackathon coding, the previous version was
  about 600 bytes of code size.  This version is 3x larger.  For a device
  with 64kB of flash memory, this is a significant increase.

David Waltermire: Are there any objections with moving forward with
  adopting this as the manifest format?

There was no objection from the room.


10:05 SUIT Manifest Format(s) -- Brendan Moran

Internet-Draft: draft-moran-suit-behavioural-manifest-01


10:15 Hash-based signatures -- Russ Housley

Internet-Draft: draft-ietf-cose-hash-sig
Internet-Draft: draft-mcgrew-hash-sigs

The algorithm document (draft-mcgrew-hash-sigs) is in AUTH48; it will be
  published as RFC 8554 soon.

The companion document (draft-ietf-cose-hash-sig) is starting WG Last
  Call in the COSE WG.

Brendan Moran: Is it okay to have a limited number of signatures? In the
  context of software updates we can have the update install a new trust
  anchor in the firmware whenever we need one.

Russ Housley: Yes.  The size of the tree used determines the number of
  signatures that can be generated.  You can use the smallest tree, and
  then install the public key for a different tree as part of a software


8) Next Steps -- Chairs