Markdown Version | Session Recording

Session Date/Time: 24 Jul 2023 22:30

suit

Summary

This meeting covered updates on several SUIT drafts, including the hackathon summary, manifest, trust domains, update management, firmware encryption, report, and MTI. Discussions revolved around technical details, open issues, and next steps for each draft. Key decisions included initiating working group last calls for several documents and scheduling an interim meeting in September. The importance of aligning with other IETF working groups, such as JOSE and RATS, was emphasized.

Key Discussion Points

• Hackathon Summary: Updates to the latency SUIT implementation, including support for encrypted payloads and ephemeral static ECDH encryption.
• SUIT Manifest: Review comments from Roman highlighted the need for tighter language and consistency with requirements and security considerations. An interim meeting was suggested to address open issues.
• SUIT Trust Domains: Editorial fixes, addition of manifest examples (key delegation chain and process dependency), and ongoing work on IANA considerations and introductory use case explanations. Review welcome before week's end.
• Update Management: Draft currently parked; the group will start a working group last call.
• Firmware Encryption: Focus on improving readability, addressing the keck verification, switching to a two-layer structure for ephemeral static Diffie-Hellman, and updating the context information structure. The group plans to address tradeoffs between distribution models including potential signing delegation and multiple manifests.
• SUIT Report: Recommendation to use eat measurement instead of measurement result. Suit reports are a procedural record. Last call will be started.
• SUIT and MUD: Already in working group last call with a blocking dependency on the SOBI KOZIKIKI thumbprint. The SOBI KOZIKIKI draft has been presented in the COSE group.
• SUIT MTI: Discussion on the lack of updates. Agreed to remove the reference to HPKE and focus on ephemeral static Diffie-Hellman.

Decisions and Action Items

• SUIT Manifest: Authors to address Roman's review comments in the next two weeks. Schedule an interim meeting.
• Update Management: Start working group last call.
• Firmware Encryption: Update the context infrastructure based on the proposed structure, recompute the examples, and include the updated examples in the document. Start working group last call in 3 weeks.
• SUIT Report: Start working group last call.
• SUIT MTI: Remove the reference to HPKE and stabilize the remaining elements. Start working group last call next in series.
• Milestones: Update the milestones to reflect the current status and target completion by the next IETF meeting.

Next Steps

• Authors to implement agreed-upon changes to drafts.
• Shepherds to initiate working group last calls.
• Chairs to schedule an interim meeting in September.
• Update IETF Datatracker milestones to reflect current status.