SUIT Working Group at IETF 119

Thursday, 21 March 2024 @ 9:30 AEST

MeetEcho: https://www.meetecho.com/ietf119/suit

1) Logistics

2) SUIT Manifest Format

Slides propose the way forward to resolve the feedback from the IESG,
including the use of IRI as specified in RFC 3987. Everyone seems to
accept that direction.

Henk: No one is complaining about the possible split in fetch and
install.

Russ: It is too late in the process for a change like this.

(See chat for other opinions.)

David: What is the impact of this change?

Roman: Depending on the size of the change, might need new WGLC, IETF LC
etc.

Roman: As there is question how big the change is perhaps show it, so we
can see how big it is.

Brendan: (Displaying the email sent to the list about this topic) It is
really just a matter of renumbering. Change for the manifest:

This will involve changes to suit-trust-domains. Preferably,
it will involve a single, minor change to the allocation of 
keys in suit-manifest:

- suit-install = 17
+ suit-install = 20

Roman: Because the IESG changes there will be need for two new more IESG
members to vote yes, to get this going forward even if all discusses
have been cleared.

3) SUIT Manifest Extensions for Multiple Trust Domains

Slides propose the way forward that depends upon the proposal regarding
SUIT Manifest Format.

Candidate verification sequence:

David: This was discussed in the list extensively, any comments in the
room (none)

David: If the current changes are good, then the next thing is to do
shepherd writeup. Any objections moving forward?

Dave Thaler: I can act as document shepherd if needed.

4) Firmware Encryption with SUIT Manifests

Authors believe the document is ready for the IESG. No one voiced a
contrary opinion.

Russ: The WG Last Call has been successful; ship it.

5) Secure Reporting of Update Status

David: We will start WGLC.

6) Strong Assertions of IoT Network Access Requirements

Dave Thaler: It should always be URI. IRI are meant for the display
purposes, and URI is what is supposed to be transmitted.

Brendan: That would be good feedback to people who say we should think
about i18n for URIs.

David: I think the same comment should apply to the manifest too, is
that true?

Dave Thaler: There are three references for IRI, which one should be
used. I am not convinced that you need to use IRI.

Brendan: All URIs we have are for machine consumption, not for display
purposes.

Dave Thaler: You take the IRI user types in, convert it to the URI, and
then feed that to protocol.

Henk: If Dave thinks using IRI is brittle, then we should use URIs.

Brendan: I have answer, but whether it should contain URI at all, is
still open. I will take that to the list.

7) Mandatory-to-Implement Algorithms for SUIT Manifests

David: We will ship it to the IESG.

8) Update Management Extensions for SUIT Manifests

David: We need more reviewers.

Henk: I will do it.

9) Any Other Business (if time permits)