SUIT Working Group at IETF 104 in Prague, CZ WEDNESDAY, 27 March 2019 at 0900 Jabber: xmpp:suit@jabber.ietf.org?join MeetEcho: https://www.meetecho.com/ietf104/suit Etherpad: https://etherpad.tools.ietf.org/p/notes-ietf-104-suit WG Chairs: David Waltermire (NIST), Dave Thaler (Microsoft), Russ Housley (Vigil Security) 09:00 Agenda bashing, Logistics -- Chairs Slides: https://datatracker.ietf.org/meeting/104/materials/slides-104-suit-chair-slides-00 -- 09:04 Liaison Statement from ITU-T SG17 Liaison statement: https://datatracker.ietf.org/liaison/1626/ Slides: https://datatracker.ietf.org/meeting/104/materials/slides-104-suit-itu-t-sg17-liaison-statement-review-00 David Waltermire presented overview. Brendan Moran (ARM): The status tracker need a much better definition. There is text in the document stating that a status tracker can reside inside a status tracker. What does that mean? Juan-Carlos Zuniga (SIGFOX): This is a good start. Vasily Dolmatov (Kryptonite): If the document is wrong, ITU-T has a way to stop the process. David Waltermire: Do individuals need to be members of SG17 to contribute? Vasily Dolmatov: Contributions can come from member states and sector members, which includes most large companies. -- 09:20 Hackathon Report -- Emmanuel Baccelli Slides: https://datatracker.ietf.org/meeting/104/materials/slides-104-suit-hackathon-report-01 -- 09:24 SUIT Architecture -- Hannes Tschofenig Internet-Draft: draft-ietf-suit-architecture About 15 people indicated that they had read this draft. Hannes Tschofenig (ARM) said that he will update the draft today. Once it is posted, WG Last Call can begin, which happened during the session. -- 09:29 SUIT Information Model -- Brendan Moran Internet-Draft: draft-ietf-suit-information-model Slides: https://datatracker.ietf.org/meeting/104/materials/slides-104-suit-information-model-00 Chairs asked whether the document this is ready for WG Last Call. Brendan Moran (ARM): I have received some editorial comments that I need to address. David Wheeler (Intel): I will send comments on this document within the next couple of weeks. Chairs proposed to begin four-week WG Last Call, which should allow time for people to get caught up after the IETF meeting and then review the document. Brendan Moran will update the document by Friday, and then four-week WG Last Call will begin. -- 09:34 SUIT Manifest Format(s) -- Brendan Moran Internet-Draft: draft-moran-suit-manifest-04 Slides: https://datatracker.ietf.org/meeting/104/materials/slides-104-suit-draft-moran-suit-manifest-04-00 David Wheeler: The URI needs to tell where to get the resource and a key. That may mean it needs to be signed. Brendan Moran: We could solve that by adding another command. Brendan Moran: With this new model, capability reporting is dramatically simplified. Emmanuel Baccelli (INRIA): We see a significant increase in code size in this version. Based on our Hackathon coding, the previous version was about 600 bytes of code size. This version is 3x larger. For a device with 64kB of flash memory, this is a significant increase. David Waltermire: Are there any objections with moving forward with adopting this as the manifest format? There was no objection from the room. -- 10:05 SUIT Manifest Format(s) -- Brendan Moran Internet-Draft: draft-moran-suit-behavioural-manifest-01 Slides: https://datatracker.ietf.org/meeting/104/materials/slides-104-suit-draft-moran-suit-behavioural-manifests-01-00 -- 10:15 Hash-based signatures -- Russ Housley Internet-Draft: draft-ietf-cose-hash-sig Internet-Draft: draft-mcgrew-hash-sigs The algorithm document (draft-mcgrew-hash-sigs) is in AUTH48; it will be published as RFC 8554 soon. The companion document (draft-ietf-cose-hash-sig) is starting WG Last Call in the COSE WG. Brendan Moran: Is it okay to have a limited number of signatures? In the context of software updates we can have the update install a new trust anchor in the firmware whenever we need one. Russ Housley: Yes. The size of the tree used determines the number of signatures that can be generated. You can use the smallest tree, and then install the public key for a different tree as part of a software update. -- 8) Next Steps -- Chairs