Early Review of draft-ietf-suit-trust-domains-07
review-ietf-suit-trust-domains-07-iotdir-early-fossati-2024-09-29-00
Request | Review of | draft-ietf-suit-trust-domains-07 |
---|---|---|
Requested revision | 07 (document currently at 09) | |
Type | Early Review | |
Team | Internet of Things Directorate (iotdir) | |
Deadline | 2024-10-01 | |
Requested | 2024-09-08 | |
Requested by | Akira Tsukamoto | |
Authors | Brendan Moran , Ken Takayama | |
I-D last updated | 2024-09-29 | |
Completed reviews |
Iotdir Early review of -07
by Thomas Fossati
(diff)
Genart Early review of -07 by Tim Evens (diff) |
|
Assignment | Reviewer | Thomas Fossati |
State | Completed | |
Request | Early review on draft-ietf-suit-trust-domains by Internet of Things Directorate Assigned | |
Posted at | https://mailarchive.ietf.org/arch/msg/iot-directorate/a_VTr55FJSP_LWrtJhy8_nt6p2M | |
Reviewed revision | 07 (document currently at 09) | |
Result | On the right track | |
Completed | 2024-09-29 |
review-ietf-suit-trust-domains-07-iotdir-early-fossati-2024-09-29-00
From an IoT perspective, this document is on the right track. Some notes below. # Examples Examples and CDDL need some attention - mostly on syntax and alignment with SUIT grammar. Earlier this month, Ken and I have been exchanging messages on the topic. IIRC, he has fixed the identified issues in his local copy. Example 0 references a dependent manifest, but this reader couldn't find it. For completeness, I suggest adding it. # Scope It'd be good to clarify what kinds of devices this spec targets. Most likely these are relatively sophisticated gizmos, requiring firmware images for multiple subsystems and separate applications, thus relying on a complex supply chain. So, the mention of class[0-2] devices in Section 2: ``` Firmware: Software that is typically changed infrequently, stored in nonvolatile memory, and small enough to apply to [RFC7228] Class 0-2 devices. ``` got me thinking, as the functionality seems more naturally applicable to Class2+? So, you could add a few lines in the intro to better define the intended device "audience." Besides, I suggest looking at I-D.ietf-iotops-7228bis, which contains an updated (10 years later) view of the IoT world, with more meaningful categorisation. # Mechanics The mechanics of dependency handling are quite clearly explained. My initial difficulty was continuous jumping back and forth between this document and the SUIT manifest draft, but after memory mapping a few relevant bits of SUIT, one can follow the logic. Again, it's been a slightly tricky journey for a SUIT neophyte like me, but I guess it's reasonable to assume an implementer has sound knowledge of SUIT before embarking on this spec. Since there are a few new commands and some tweaks to existing ones, I guess eventually you'll need to explicitly tag it with "Updates: RFC-SUIT" (or the newer "Extends" tag).