Minutes IETF104: suit
Software Updates for Internet of Things
||Minutes IETF104: suit
SUIT Working Group at IETF 104 in Prague, CZ
WEDNESDAY, 27 March 2019 at 0900
WG Chairs: David Waltermire (NIST),
Dave Thaler (Microsoft),
Russ Housley (Vigil Security)
09:00 Agenda bashing, Logistics -- Chairs
09:04 Liaison Statement from ITU-T SG17
Liaison statement: https://datatracker.ietf.org/liaison/1626/
David Waltermire presented overview.
Brendan Moran (ARM): The status tracker need a much better definition.
There is text in the document stating that a status tracker can reside
inside a status tracker. What does that mean?
Juan-Carlos Zuniga (SIGFOX): This is a good start.
Vasily Dolmatov (Kryptonite): If the document is wrong, ITU-T has a way
to stop the process.
David Waltermire: Do individuals need to be members of SG17 to
Vasily Dolmatov: Contributions can come from member states and sector
members, which includes most large companies.
09:20 Hackathon Report -- Emmanuel Baccelli
09:24 SUIT Architecture -- Hannes Tschofenig
About 15 people indicated that they had read this draft.
Hannes Tschofenig (ARM) said that he will update the draft today. Once
it is posted, WG Last Call can begin, which happened during the session.
09:29 SUIT Information Model -- Brendan Moran
Chairs asked whether the document this is ready for WG Last Call.
Brendan Moran (ARM): I have received some editorial comments that I need
David Wheeler (Intel): I will send comments on this document within the
next couple of weeks.
Chairs proposed to begin four-week WG Last Call, which should allow time
for people to get caught up after the IETF meeting and then review the
Brendan Moran will update the document by Friday, and then four-week WG
Last Call will begin.
09:34 SUIT Manifest Format(s) -- Brendan Moran
David Wheeler: The URI needs to tell where to get the resource and a key.
That may mean it needs to be signed.
Brendan Moran: We could solve that by adding another command.
Brendan Moran: With this new model, capability reporting is dramatically
Emmanuel Baccelli (INRIA): We see a significant increase in code size in
this version. Based on our Hackathon coding, the previous version was
about 600 bytes of code size. This version is 3x larger. For a device
with 64kB of flash memory, this is a significant increase.
David Waltermire: Are there any objections with moving forward with
adopting this as the manifest format?
There was no objection from the room.
10:05 SUIT Manifest Format(s) -- Brendan Moran
10:15 Hash-based signatures -- Russ Housley
The algorithm document (draft-mcgrew-hash-sigs) is in AUTH48; it will be
published as RFC 8554 soon.
The companion document (draft-ietf-cose-hash-sig) is starting WG Last
Call in the COSE WG.
Brendan Moran: Is it okay to have a limited number of signatures? In the
context of software updates we can have the update install a new trust
anchor in the firmware whenever we need one.
Russ Housley: Yes. The size of the tree used determines the number of
signatures that can be generated. You can use the smallest tree, and
then install the public key for a different tree as part of a software
8) Next Steps -- Chairs