IETF 123 - SUIT
Wednesday, 23 July 2025 1600-1700 CET

AD Evaluation::AD Followup

○ draft-ietf-suit-report-14
○ draft-ietf-suit-update-management-09

Approved-announcement sent

○ draft-ietf-suit-mti-23
○ draft-ietf-suit-trust-domains-12

RFC Ed Queue

○ draft-ietf-suit-manifest-34
○ draft-ietf-suit-firmware-encryption-25
○ draft-ietf-suit-mud-10

Notes:

16:00 WG Introduction:

• Note well reminder
• Agenda, no comments
• WG Draft status
• Deb: I will look at changes to the suit report, probably by the
  middle of August; if they look good, the draft will progress to IETF
  LC

Deb: for drafts in the RFC Editor's queue, please respond to IANA and
RFC Editor queries quickly (some require all authors to reply)

16:09 draft-ietf-suit-report-14
Brendan presenting remotely
Responded to AD comments, new draft is -14
Summary of changes included in this new version:

• Clarifications
• Added expert review instructions
• Improved security considerations

Next Steps: informational draft, should be standard? (It is marked as
Standards Track in the datatracker.)

Deb: media type registration to be submitted before IETF LC.
MEDIA-TYPE registration info captured:
https://datatracker.ietf.org/doc/html/rfc6838
basically, you fill out the form (maybe already done), and you email it
to media-types@iana.org. Then you go nag people.

16:14- draft-ietf-suit-mti-23
Title changed
Profile unified (no more Current and Future) for interoperability
Revised security considerations: added on payload encryption protection

Added operational considerations: interoperability considerations,
supported profile discovery, profile selection, profile provisioning
requirements, what to log and report
Added implementation guidance on HSS-LMS, clarified what authors and
recipients should implement, and updated the deprecated COSE IANA
assignment
Also editorial changes, added relationship with suit manifest.
Updated the COSE SUIT Algorithm profiles chart.

Brendan: putting out an MTI draft at this time that standardizes non-PQ
algorithms with the 2030 deadline looming seems like a bad idea.

Deb: Submit on an update document, since it's clear what you should do
with the newly available options.

16:23 draft-ietf-suit-trust-domains-12

Went to IESG, one ballot comment, about title-introduction: Multiple
trust domains vs dependencies: not all the topics covered are directly
related to dependencies; this is why it was called multiple trust
domains. Decided: no title change, will let be as it is.

Deb: Editor will take care of editorial updates

No substantial comments remaining - draft is in good shape

Changes: expanded explanations, sec considerations, added explanation
about order of required checks, added more cross-references, removed
dangling CoSWID reference.

Deb has approved (today) sending the document to the RFC Editor's queue.

16:32 draft-ietf-suit-update-management-09
nothing has changed, for suit management. Waiting for Deb's comments.

16:33 - GitHub for suit report

GitHub link: https://github.com/suit-wg/suit-report

CDDL syntax check instructions added by Carsten,

16:37 Interim meeting soon, will be advised in ML

16:37 Meeting Ends