Minutes interim-2023-suit-01: Mon 15:00
minutes-interim-2023-suit-01-202309111500-00
| Meeting Minutes | Software Updates for Internet of Things (suit) WG | |
|---|---|---|
| Date and time | 2023-09-11 15:00 | |
| Title | Minutes interim-2023-suit-01: Mon 15:00 | |
| State | Active | |
| Other versions | markdown | |
| Last updated | 2023-09-11 |
Agenda
Agenda for SUIT/TEEP Virtual Interim Meeting
Notes: Michael Richardson and Russ Housley
1) Logistics
- Agenda Bashing
- welcome done.
- agenda bash:
- do MTI and TEEP protocol in first hour (#7/#8)
- move TEEP protocol after MTI
11:09 EDT:
7) Mandatory-to-Implement Algorithms for SUIT Manifests
- draft-ietf-suit-mti-02
- Depends on draft-ietf-suit-firmware-encryption
- Depends on draft-ietf-cose-aes-ctr-and-cbc, which is with the RFC
Editor - Last updated Sept. 1
- WGLC completes Sept. 19, needs reviews
- TEEP depends on this
Hannes says: related to AES128CTR usage: for TEEP AES-GCM is definitely
better than AES-CTR.
* Hannes asks for one version with GCM and one version with CTR
* Brendan would like to limit this to avoid combinatorial explosion,
so care is necessary, but whatever TEEP needs should be present.
* AT: this MTI is not just for encryption, but also for authenticated
encryption (AEAD). Akira may good to have both profiles in the MTI
depending on the usages.
* Brendan questions the benefit of GCM since the image is signed, so
the additional intengrity protection provided by GCM is not clear.
* This MTI pertains to manifest, RATS EAT, and the suit-reports. When
used for attestation, the signature is critical, so the integrity
protection offered by GCM is irrelevant.
MAYBE discussion to the list: do we need to introduce a AES-GCM profile
for TEEP.
11:23 EDT:
8) TEEP Protocol
- draft-ietf-teep-protocol-16
- Depends on draft-ietf-cose-key-thumbprint
- Depends on draft-ietf-rats-eat
- Depends on draft-ietf-suit-manifest
- Depends on draft-ietf-suit-mti
- Depends on draft-ietf-suit-report
- Depends on draft-ietf-suit-trust-domains
- WGLC completed June 1st
- Updated and discussed at IETF 117
- Last updated Sept. 5
Hackathon produced some new issues, which were discussed at 117.
Slide 8: no concerns raised.
AT: can always run CDDL syntax report, and suit-report still has an
error.
Option 3: make suit-reports optional and normative reference.
THIS WAS PREFERENCE.
DW: The error in the CDDL is on the suit-report and not TEEP side.
ACTION: AT to make sure that the CDDL is correct in the TEEP DOCUMENT.
ACTION: Brendan -- there should not be faulty CDDL in suit-report, and
will fix it.
Noting: #356, there are no objections to replacing each of them.
Brendan: for the use case of SUIT (TEEP+RATS), using AES-CTR makes
sense, but in general, this is not the right mode.
- https://mailarchive.ietf.org/arch/msg/cose/9smwFXNpbd6Fci8-mIeaT2xPP-E/
- https://mailarchive.ietf.org/arch/msg/cose/0Dj5yp4mptZUBiw7FWb5PcXGJAg/
RH: APIs are not supposed to return any plaintext if the integrity check
fails, so the ability to break the image into chunks is an important
aspect, so that's why it does not fit into AES-GCM.
Hannes: was focused on specific things in last review, some PRs filed.
Are there things that need discussion in the group.
Discussion #396: https://github.com/ietf-teep/teep-protocol/pull/369
suggests text for ES-DH can just be reused.
Brendan: Has created a SUIT-REPORT that is confidentiality and integrity
protected, and this
profile might resolve the problem that Hannes reported.
ACTION: Brendan and Hannes to huddle to resolve question.
11:55 EDT:
2) SUIT Manifest Format
- draft-ietf-suit-manifest-22
- Submitted to IESG for Publication
- Revised I-D Needed to address AD Review
- TEEP depends on this
half of the comments resolved in -23.
For the other half of the comments, issues were created. 29 open.
There are no show-stoppers, just additional clarifications needed.
ACTION: (Dave,Ken) If old comments are no longer relevant, they could be
cleaned up.
11:58 EDT:
5) Firmware Encryption with SUIT Manifests
- draft-ietf-suit-firmware-encryption-11
- Depends on draft-ietf-cose-aes-ctr-and-cbc, which is with the RFC
Editor - Depends on draft-ietf-cose-key-thumbprint
- Last updated Aug. 26
- WGLC completes Sept. 11
- Revised I-D needed
Ken: good to have anyone can verify the examples, currently the code is
complicated, he wants to create some simple code.
MR: Name the various encryption approaches to allow for easier
identification by implementors.
DW: when will we get an update with the examples completed?
HT: depends upon what further feedback, but also for Ken to complete
examples... might wrap up this week. (ACTION: next few weeks)
KT: if we use AES-CTR more, then it will take a few weeks, so end of
September.
12:12 EDT:
3) SUIT Manifest Extensions for Multiple Trust Domains
- draft-ietf-suit-trust-domains-04
- WGLC completed, last feedback July 27th, revised I-D needed
- TEEP depends on this
ACTION: (Brendon) raise question re: chains on the list.
6) Secure Reporting of Update Status
- draft-ietf-suit-report-06
- Last updated prior to IETF 117
- Ready for WGLC, nothing to discuss?
- TEEP depends on this
ACTION: call for additional reviews.
12:22 EDT:
4) Update Management Extensions for SUIT Manifests
- draft-ietf-suit-update-management-02
- Last updated Apr. 27
- WGLC completed August 14th, no feedback so far
No objections raised during call.
ACTION: Dave and Ken did reviews, and there were needs for
additional file permissions, and copy permissions. There were pull
requests which were merged, but could those reviewers confirm that they
are happy.
Dave is document shepherd, and will do write-up and admits he holds next
step. Would like to know if there is other than silence.
Additional comments from: (looks to github).
Brendan suggests that it can not be complete at this stage, that we will
have to revise it in the future to add things.
9) Any Other Business (if time permits)
MeetEcho:
https://meetecho-interims.ietf.org/conference/?short=148f9256-b18e-40db-b340-a99dbfe4465b