From nobody Wed Nov  1 03:57:48 2017
Return-Path: <Brendan.Moran@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5FC0C13F6DE for <suit@ietfa.amsl.com>; Wed,  1 Nov 2017 03:57:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.92
X-Spam-Level: 
X-Spam-Status: No, score=-1.92 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gKGHTtQPd0mI for <suit@ietfa.amsl.com>; Wed,  1 Nov 2017 03:57:44 -0700 (PDT)
Received: from EUR03-AM5-obe.outbound.protection.outlook.com (mail-eopbgr30057.outbound.protection.outlook.com [40.107.3.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 507C8139428 for <suit@ietf.org>; Wed,  1 Nov 2017 03:57:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=NzBIXZYlx6HUxD+UVghvUZLKDAm44hB5++kCO2iq5pM=; b=k9jWHe4rOAVGbQ4MjNQigfvKXltV0xz+uMCGPNSNKvS0uyFEjuCIoJGKk6vk0K8H1nqAVKq7n1cGpzGzUyqIiOpT5Ix1NvHGlw3IwsUauFF8aBlvEmWK1yS2Pee0bCxQtvSm8Yf1YbrDI8B1McojJeRBzLaufVW8Tx9z4nbYTGo=
Received: from DB5PR08MB0615.eurprd08.prod.outlook.com (10.169.32.149) by DB5PR08MB0616.eurprd08.prod.outlook.com (10.169.32.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.178.6; Wed, 1 Nov 2017 10:57:41 +0000
Received: from DB5PR08MB0615.eurprd08.prod.outlook.com ([fe80::b123:af71:1ed2:1057]) by DB5PR08MB0615.eurprd08.prod.outlook.com ([fe80::b123:af71:1ed2:1057%14]) with mapi id 15.20.0178.014; Wed, 1 Nov 2017 10:57:41 +0000
From: Brendan Moran <Brendan.Moran@arm.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
CC: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>, "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] Manifest format encodings
Thread-Index: AQHTUYfYa0XpSehTu06UY2i08c5CLaL8hN0AgACcvICAAA3vgIABH9kAgAEOBwA=
Date: Wed, 1 Nov 2017 10:57:41 +0000
Message-ID: <F259BEDC-A220-4FB7-A43D-5099D2B6BFA5@arm.com>
References: <71CC2B06-F342-45F5-A0B2-EF822B2F2D54@arm.com> <CY4PR09MB14958A2CC978972951726C26F0590@CY4PR09MB1495.namprd09.prod.outlook.com> <17522.1509411065@obiwan.sandelman.ca> <d3b1f60b-f1d2-590c-93e4-46385c5b1654@sit.fraunhofer.de> <16556.1509475872@obiwan.sandelman.ca>
In-Reply-To: <16556.1509475872@obiwan.sandelman.ca>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-mailer: Apple Mail (2.3273)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Brendan.Moran@arm.com; 
x-originating-ip: [217.140.96.140]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DB5PR08MB0616; 6:pu8H2Q30Erg8vCTrrM8fYFgWELuPh7tbIbKCyI/+q5pEelJrtmvzNZYDqAUIN8fCcz5wi7k0zM+gXbbAxufJg0Pq3BXrLt/8g2pmaa24jMJVStkaBTnf9YD5bX/nKytHEJCDReRjCcwDn7ahtm87lHuu9advtq8w5ayb61lmFxRF/Ksm1g7OhYREy5IvqfYKagHmKhG2BgJmhDBBtfGyT5vZZq5SyzYCQJxme5kvAnvtgssQGxsrxOl7fDzzB+TUZIQj7EcHRwHQylqU7RCA5KPAEZD/QcaFILZzF+Y9YyXxa95sD0w86c+VINRNvjrs9722sk0BV9y+BMrYZppyCUBrAeCfYsT1NqapS4TrTQs=; 5:2dqVjB/x2qkhiq5E4vextTZ3D9PgTWBoRtOvuVlvBSrQyGlcQuQgdi80R33LYMCUKtxrL6UFgDq7mZ0ZKKAB51YK44Wua/7K8JPs8xfaRydUt2h3AEgHvOq1Y+/vWAXPBng1i00Gs373hHgscq5IUvo9GByYddqJYtZ2G+1Ouq4=; 24:hqWd+E1Myzgt/7OmZrwOxA0JnjRkw9k+mjmRTLVh3w68cR0eAP3WFkUGIv4JIBXDtXATqbfvYFAg5Vns0XSiTJt0iccpizJ+2QC4rl3+n+g=; 7:99r3UPUqVQJatwwXrHWuYgpoHCS4y5E65uff6F4nsKhP5oy/FlovE+oRQKgD6oAnVRyV6V/St3EhTVfgKAJvA4FvikpChAAbBkNFE8mJwpqHFfj9L+2J5lQg9z2okCqfzDSfJOOowLi9eCJG2QUC5AuVWkSbCznqatDgiVF0P5lWsTdScKJBaXdNAS/r/GZiel+5PEUJ8AgNXGF+Tb8Dc1ARi/56vBI0iy0AAu+5JT7vF/QB347MYwHkb9Q0r7nF
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: f6bbf9d0-10e5-4716-2bc8-08d521175f8d
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081)(4534020)(4602075)(2017052603199); SRVR:DB5PR08MB0616; 
x-ms-traffictypediagnostic: DB5PR08MB0616:
x-exchange-antispam-report-test: UriScan:;
x-microsoft-antispam-prvs: <DB5PR08MB061642EAF2B432F144FA2D39EA5F0@DB5PR08MB0616.eurprd08.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(3002001)(93006095)(93001095)(10201501046)(3231020)(100000703101)(100105400095)(6055026)(6041248)(20161123558100)(20161123564025)(20161123555025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123562025)(20161123560025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:DB5PR08MB0616; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:DB5PR08MB0616; 
x-forefront-prvs: 0478C23FE0
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(376002)(346002)(24454002)(189002)(377424004)(40434004)(199003)(51444003)(53936002)(7736002)(86362001)(4001150100001)(2950100002)(97736004)(99286003)(6512007)(57306001)(66066001)(68736007)(229853002)(53546010)(6506006)(6486002)(36756003)(6436002)(54906003)(3846002)(6116002)(6246003)(14454004)(102836003)(101416001)(82746002)(33656002)(81166006)(81156014)(76176999)(50986999)(189998001)(8676002)(93886005)(316002)(8936002)(4326008)(2906002)(50226002)(83716003)(5250100002)(5890100001)(478600001)(5660300001)(106356001)(305945005)(2900100001)(3660700001)(72206003)(25786009)(3280700002)(105586002); DIR:OUT; SFP:1101; SCL:1; SRVR:DB5PR08MB0616; H:DB5PR08MB0615.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords;  MX:1; A:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <F224AC35DC382C49BC426F32B5191D4F@eurprd08.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f6bbf9d0-10e5-4716-2bc8-08d521175f8d
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Nov 2017 10:57:41.2907 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB5PR08MB0616
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/hhyD6vdXbVvCa-mBxMePvX0g_0Q>
Subject: Re: [Suit] Manifest format encodings
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Nov 2017 10:57:46 -0000

DQo+IE9uIDMxIE9jdCAyMDE3LCBhdCAxODo1MSwgTWljaGFlbCBSaWNoYXJkc29uIDxtY3IraWV0
ZkBzYW5kZWxtYW4uY2E+IHdyb3RlOg0KPg0KPg0KPiBIZW5rIEJpcmtob2x6IDxoZW5rLmJpcmto
b2x6QHNpdC5mcmF1bmhvZmVyLmRlPiB3cm90ZToNCj4+PiBUaGUgZGV2aWNlIGlzIG5vdCB0aGUg
b25seSBlbnRpdHkgdGhhdCBuZWVkcyB0byBiZSBhYmxlIHRvIHNlZSBpbnRvIHRoZQ0KPj4+IG1h
bmlmZXN0LiAgQnV0LCB0aGVzZSBvdGhlciBzeXN0ZW1zIHRoYXQgbmVlZCB0byBsb29rIGF0IG1h
bmlmZXN0cyBhcmUgbm90DQo+Pj4gY29uc3RyYWluZWQsIHRoZXkgYXJlIG5vdCBib290bG9hZGVy
cyBvciBQWEUgY2xpZW50cywgZXRjLg0KPj4+DQo+Pj4gVGhpcyBtZWFucyB0aGF0IHdlIHNob3Vs
ZCBoYXZlIGFuIGFic3RyYWN0aW9uIG9mIHdoYXQncyBpbiB0aGUgbWFuaWZlc3QuDQo+Pj4NCj4+
PiAoWUFORyBpcyBwcmV0dHkgZ29vZCBhdCB0aGlzLCBpbiBwYXJ0IGJlY2F1c2UgaXQgZG9lcyBu
b3QgY29tZSB3aXRoIGEgZGVmYXVsdA0KPj4+IHdheSB0byBzZXJpYWxpemUgdGhpbmdzKS4NCj4N
Cg0KVGhpcyBpcyBub3QgdGhlIG9ubHkgdXNlLWNhc2UgZm9yIG11bHRpcGxlIGluc3BlY3Rpb24g
b2YgdGhlIG1hbmlmZXN0Lg0KDQpNYW5pZmVzdHMgY291bGQgc3VwcG9ydCBjb25maWd1cmF0aW9u
IGRhdGEgKGl04oCZcyBqdXN0IGFub3RoZXIgYmluYXJ5IGJsb2IsIHJpZ2h0PykgYW5kIHRoaXMg
Y29tcGxpY2F0ZXMgbWF0dGVycy4NCg0KU3VwcG9zZSBhbiBPRU0gaGFzIHJldGFpbmVkIHRoZSBz
b2xlIHJpZ2h0IHRvIHdyaXRlIGZpcm13YXJlIGZvciBhIGRldmljZSwgYnV0IHRoZXkgaGF2ZSBk
ZWxlZ2F0ZWQgdGhlIGF1dGhvcml0eSB0byB3cml0ZSBjb25maWd1cmF0aW9uIGRhdGEgdG8gYW4g
T3BlcmF0b3IuIFRoZSBPcGVyYXRvciBtYXkgaGF2ZSBtYW55IGRpZmZlcmVudCBkZXZpY2UgdmVu
ZG9ycyBhbmQsIHRoZXJlZm9yZSwgbWF5IG5lZWQgdG8gc3VwcG9ydCBtYW55IGRpZmZlcmVudCBP
RU1zLiBJZiBlYWNoIE9FTSBoYXMgdGhlIHJpZ2h0IHRvIHNlbGVjdCBhbnkgZW5jb2RpbmcgdGhl
eSB3YW50IGZvciB0aGUgbWFuaWZlc3QsIHRoZW4gdGhlIE9wZXJhdG9yIHdpbGwgbmVlZCB0byBo
YXZlIG1hbnkgdG9vbGNoYWlucyBmb3IgY3JlYXRpbmcgbWFuaWZlc3RzLiBJdCBiZWNvbWVzIGVh
c3kgZm9yIHRoZSBPcGVyYXRvciB0byBwcm9kdWNlIHRoZSB3cm9uZyBlbmNvZGluZyBvZiBtYW5p
ZmVzdCBmb3IgZWFjaCBkZXZpY2UuDQoNCkNvbnRyYXN0IHRoaXMgd2l0aCBhIHNpbmdsZSBlbmNv
ZGluZywgcmVnYXJkbGVzcyBvZiB3aGF0IHRoYXQgZW5jb2RpbmcgaXM6IHRoZSBPcGVyYXRvciBu
ZWVkcyBhIHNpbmdsZSwgc3RhbmRhcmQgdG9vbGNoYWluIGZvciBwcm9kdWNpbmcgbWFuaWZlc3Rz
IGZvciBhbnkgbWFuYWdlZCBkZXZpY2UuIFRoZSBkZXZpY2VzIGNhbiBhbHdheXMgcGFyc2UgdGhl
IG1hbmlmZXN0LCBhbmQgcHJvZHVjZSB1c2VmdWwgbWVzc2FnZXMgYWJvdXQgdGhlIGNvbnRlbnQu
DQoNClRoaXMgaXMgbm90IHRoZSBvbmx5IHVzZS1jYXNlLiBNdWx0aXBsZS1zaWduYXR1cmUgb2Yg
bWFuaWZlc3RzIG1heSBiZSB1c2VkIHRvIGFzc2VydCBxdWFsaWZpY2F0aW9uIGJ5IHRoaXJkIHBh
cnRpZXMsIHN1Y2ggYXMgdGVzdCBsYWJzLiBJZiBhbiBPcGVyYXRvciB3YW50cyB0byBlbnN1cmUg
dGhhdCBhIHBhcnRpY3VsYXIgZmlybXdhcmUgb3IgY29uZmlndXJhdGlvbiB3b3JrcyBhcyBleHBl
Y3RlZCBvbiBvbmUgb3IgbW9yZSBuZXR3b3JrcywgdGhleSBtYXkgY29udHJhY3QgYSB0aGlyZC1w
YXJ0eSB0ZXN0IGxhYiB0byBxdWFsaWZ5IHRoZSB1cGRhdGUgcGFja2FnZSAobWFuaWZlc3QgKyBw
YXlsb2FkKS4gVGhpcyB0aGlyZC1wYXJ0eSB0ZXN0IGxhYiB3aWxsIHRoZW4gc2lnbiB0aGUgbWFu
aWZlc3Qgd2hlbiB0aGV5IGhhdmUgZmluaXNoZWQgcXVhbGlmaWNhdGlvbi4NCg0KV2l0aCBhIHNp
bmdsZSBlbmNvZGluZywgdGhlIHRlc3QgbGFiIHdpbGwgYmUgYWJsZSB0byBzaWduIGFueSBtYW5p
ZmVzdCBlYXNpbHkuIFdpdGggbWFueSBlbmNvZGluZ3MsIHRoZSB0ZXN0IGxhYiBpbmN1cnMgYSBi
dXJkZW4gZm9yIG1haW50YWluaW5nIGFuZCBzdXBwb3J0aW5nIGFsbCB0aGUgZGlmZmVyZW50IHRv
b2xjaGFpbnMgcmVxdWlyZWQgZm9yIHRoZSB2ZXJpZmljYXRpb24gYW5kIHNpZ25hdHVyZSBwcm9j
ZXNzLg0KDQoNCkkgdGhpbmsgdGhhdCB0aGVyZSBhcmUgYSBsb3Qgb2YgaGlkZGVuIGNvc3RzIHRo
ZW4gdXNpbmcgbWFueSBlbmNvZGluZ3MuIFVzaW5nIGEgc2luZ2xlIGVuY29kaW5nIGVuc3VyZXMg
dGhhdCB0aGVyZSBpcyBubyBjb25mdXNpb24gZm9yIE9FTXMsIE9wZXJhdG9ycywgZW5kIHVzZXJz
LCBpbnRlcm1lZGlhdGUgaW5mcmFzdHJ1Y3R1cmUsIG9yIGRldmljZXMuDQoNCkkgZG9u4oCZdCBo
YXZlIGEgc3Ryb25nIHByZWZlcmVuY2UgZm9yIHdoaWNoIGVuY29kaW5nIHRvIHVzZSwgaG93ZXZl
ciB0aGUgcmV2aXNlZCBkcmFmdCB0aGF0IHdlIHN1Ym1pdHRlZCBvbiAyMDE3LTEwLTMwIHVzZWQg
Q0JPUi9DT1NFIGR1ZSB0byB0aGUgcmVkdWNlZCBlbmNvZGVkIHNpemUuIEkgZG9u4oCZdCB0aGlu
ayB0aGF0IEpTT04gb3IgWE1MIGFyZSBnb29kIGNob2ljZXMgZm9yIHJlc291cmNlLWNvbnN0cmFp
bmVkIGRldmljZXMuDQoNCkJlc3QgUmVnYXJkcywNCkJyZW5kYW4NCklNUE9SVEFOVCBOT1RJQ0U6
IFRoZSBjb250ZW50cyBvZiB0aGlzIGVtYWlsIGFuZCBhbnkgYXR0YWNobWVudHMgYXJlIGNvbmZp
ZGVudGlhbCBhbmQgbWF5IGFsc28gYmUgcHJpdmlsZWdlZC4gSWYgeW91IGFyZSBub3QgdGhlIGlu
dGVuZGVkIHJlY2lwaWVudCwgcGxlYXNlIG5vdGlmeSB0aGUgc2VuZGVyIGltbWVkaWF0ZWx5IGFu
ZCBkbyBub3QgZGlzY2xvc2UgdGhlIGNvbnRlbnRzIHRvIGFueSBvdGhlciBwZXJzb24sIHVzZSBp
dCBmb3IgYW55IHB1cnBvc2UsIG9yIHN0b3JlIG9yIGNvcHkgdGhlIGluZm9ybWF0aW9uIGluIGFu
eSBtZWRpdW0uIFRoYW5rIHlvdS4NCg==


From nobody Wed Nov  1 10:43:58 2017
Return-Path: <hallam@gmail.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 68F3B13F9BF for <suit@ietfa.amsl.com>; Wed,  1 Nov 2017 10:43:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.4
X-Spam-Level: 
X-Spam-Status: No, score=-2.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.199, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uhf0UMkYQ-3v for <suit@ietfa.amsl.com>; Wed,  1 Nov 2017 10:43:55 -0700 (PDT)
Received: from mail-oi0-x230.google.com (mail-oi0-x230.google.com [IPv6:2607:f8b0:4003:c06::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B3B0B13F791 for <suit@ietf.org>; Wed,  1 Nov 2017 10:43:55 -0700 (PDT)
Received: by mail-oi0-x230.google.com with SMTP id c77so5692869oig.0 for <suit@ietf.org>; Wed, 01 Nov 2017 10:43:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;  h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=qEEf0t3A1OJkDP9VS7+mIXLoTIgYaTt+WYFk4OF6nn0=; b=AxSXf/9P8X+0baJjajkAHQiMtg6uLoETIbLB/Yoa/WOaz6729FCE9XPnDyx6ZpZuKO CLPpZiza+YIW51HJ2XgqpQPsudSP1pXNslgCYD4NqhqolYGfVYEjGlY4r8QFfp11Umu/ o1U515O+89Q8X/O38MeZgDCYGE5XQm2pZcEsI9W2b9du2N42MDpPgq8YczZVcUxNVInH qWJIPFXycFmiqL/lFfNvRKky+6B+lMSaY0+0Fv06fwnrsL48y0bnJJ1Q2dV4exCsCrQy zBtXaqG3iuvsKhzM/QLSTnqTAMzVWuIW/sNY5yB2pgPMhopnYRBReZV9CTVMOFmACEKo 37FA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=qEEf0t3A1OJkDP9VS7+mIXLoTIgYaTt+WYFk4OF6nn0=; b=FTl67Kd0kQMNycDXqUwHGK5xabGnM0BclCNFDlvWiUtDe9lgJ3Q19gWf+Jbtg7n0UI k2m+ClWLmiOSvpyrqkNdnfryJf/mh+Jrz6q9XUWELlzfROkHlhiLF2OfFNl6r0rG2mNB Ro5Luts6goj/altzJmusnRzA3c97kU8hp6JmAsbLcIpzqYYRewTh1/O22Tl5s6EqwJG9 kOzP7iAKum2p6PrVrsb29c7vLuK3JQfRMHdx5zLV3V7bRhstqLiq4apCq32KFZQYOeTd 6HC/fvIAF/CIIdT4cFg7FUhh0D8zMEQ7iHHXqMRDMxSUj6dAv4A3goHBo/s7zfdnfKZS XwOg==
X-Gm-Message-State: AJaThX6qVP0W0GmTdxgXAM/7BPNcl9hy9A4E0oNR5O6on14TLJLWc6O2 QToTVqHmhSSIwdChSKFa6/6+J4wWoEhWQDHAtaw=
X-Google-Smtp-Source: ABhQp+R54bgcOTAVFmb+IqOwgUM/CC3nNsO3YDRXknKOG7ocbW6qaDq9gAFBC1HYMFBzCDqjpzo5sy0mD/DpnFOEX70=
X-Received: by 10.157.29.231 with SMTP id w36mr364374otw.162.1509558235038; Wed, 01 Nov 2017 10:43:55 -0700 (PDT)
MIME-Version: 1.0
Sender: hallam@gmail.com
Received: by 10.157.80.42 with HTTP; Wed, 1 Nov 2017 10:43:54 -0700 (PDT)
In-Reply-To: <16556.1509475872@obiwan.sandelman.ca>
References: <71CC2B06-F342-45F5-A0B2-EF822B2F2D54@arm.com> <CY4PR09MB14958A2CC978972951726C26F0590@CY4PR09MB1495.namprd09.prod.outlook.com> <17522.1509411065@obiwan.sandelman.ca> <d3b1f60b-f1d2-590c-93e4-46385c5b1654@sit.fraunhofer.de> <16556.1509475872@obiwan.sandelman.ca>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Wed, 1 Nov 2017 13:43:54 -0400
X-Google-Sender-Auth: qB5bzcr2fJxkmDEN1gDSOTxwp1E
Message-ID: <CAMm+LwhJoL55ZTmhWSVYMeqzuHdCE9PxWC3opqtqVd2M3ZL3nQ@mail.gmail.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>, suit@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/Qkiid_adYb8nTNng9JXXqyOXVMY>
Subject: Re: [Suit] Manifest format encodings
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Nov 2017 17:43:57 -0000

Having written three ASN.1 parser/encoders, I have a few opinions on them.

For cryptographic applications, some use of ASN.1 is inevitable. Its
just the legacy infrastructure and there is no way to escape it. But
unless you are trying to do something unusual, you can almost always
make use of the ASN.1 code that is provided in crypto libraries for
the operations you need to use crypto.

In many if not most cases, those ASN.1 libraries are not general
purpose and can't be used to encode or decode other data structures
without a LOT of additional work. As in five to ten times the amount
of work it would take me to write a JSON encoder/decoder from scratch.

So my policy on ASN.1 is: No new ASN.1.


The way I implemented ASN.1 in the Mesh was to manually convert the
insane schema format to something I could parse with my own tools and
used that to develop an encoder/decoder for DER encoding. If I had to
write a specification round ASN.1, I would emit the ASN.1 schema from
my tool as an output.

This is exactly the same way that I make use of XML Schema. When I was
editing the SAML 1.0 spec, people's ideas on how to encode data
structures in XML changed every couple of weeks. Use model groups! No
don't! etc.

It is now my firm belief that the fact that there are at least six
ways to encode a data set in XML means that XML is the wrong tool. I
have even abandoned use of XML for my documentation tooling in favor
of what is essentially Markdown but using XML-ish tags in place of
punctuation characters as I find <dt> easier to remember than whatever
colon mess Markdown is using.


At this point, the industry is very very fixed on JSON as the future.
It might turn out to be a flavor of the month thing but I doubt it.
JSON is essentially just a variation on  S-expression syntax which has
been used since the 60s. It matches the data model of virtually every
modern programming language, at least as far as what is relevant to a
serialization format. What ASN.1 got wrong is that there is no such
thing as a set in a serialization since a sequence of bytes will
ALWAYS be a list.

So I would very much like it if we decided to make the JSON data model
the basis for the encoding of the manifest data. I believe that is
going to be the future.


From nobody Wed Nov  1 12:52:50 2017
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C8EE513FE8B for <suit@ietfa.amsl.com>; Wed,  1 Nov 2017 12:52:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R3433gKidFiZ for <suit@ietfa.amsl.com>; Wed,  1 Nov 2017 12:52:46 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 94B8213F5B7 for <suit@ietf.org>; Wed,  1 Nov 2017 12:52:46 -0700 (PDT)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 2509420089 for <suit@ietf.org>; Wed,  1 Nov 2017 15:53:39 -0400 (EDT)
Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id DC46882639 for <suit@ietf.org>; Wed,  1 Nov 2017 15:52:44 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: "suit\@ietf.org" <suit@ietf.org>
In-Reply-To: <F259BEDC-A220-4FB7-A43D-5099D2B6BFA5@arm.com>
References: <71CC2B06-F342-45F5-A0B2-EF822B2F2D54@arm.com> <CY4PR09MB14958A2CC978972951726C26F0590@CY4PR09MB1495.namprd09.prod.outlook.com> <17522.1509411065@obiwan.sandelman.ca> <d3b1f60b-f1d2-590c-93e4-46385c5b1654@sit.fraunhofer.de> <16556.1509475872@obiwan.sandelman.ca> <F259BEDC-A220-4FB7-A43D-5099D2B6BFA5@arm.com>
X-Mailer: MH-E 8.6; nmh 1.7-RC3; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature"
Date: Wed, 01 Nov 2017 15:52:44 -0400
Message-ID: <11838.1509565964@obiwan.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/r3u4MekM2AkrgLPJsr3WoG9yj0k>
Subject: Re: [Suit] Manifest format encodings
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Nov 2017 19:52:49 -0000

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable


Brendan Moran <Brendan.Moran@arm.com> wrote:
    > This is not the only use-case for multiple inspection of the manifest.

    > Manifests could support configuration data (it=E2=80=99s just another=
 binary
    > blob, right?) and this complicates matters.

It might not be a binary blog, it may well be signed JSON.

    > Suppose an OEM has retained the sole right to write firmware for a
    > device, but they have delegated the authority to write configuration
    > data to an Operator. The Operator may have many different device
    > vendors and, therefore, may need to support many different OEMs. If
    > each OEM has the right to select any encoding they want for the
    > manifest, then the Operator will need to have many toolchains for
    > creating manifests. It becomes easy for the Operator to produce the
    > wrong encoding of manifest for each device.

I don't buy your argument.
Incompetent operators might do that, but I don't see why this should force
the manufacturer to put multiple sets of possibly buggy code in their
bootloader.

You seem to be suggesting that:
a) the manifest contains the configuration data.
   An alternative is that the configuration data is a second blob with a
   second manifest.

b) that toolchains running on non-constrained hosts are expensive.
   I claim otherwise.

    > Contrast this with a single encoding, regardless of what that encoding
    > is: the Operator needs a single, standard toolchain for producing
    > manifests for any managed device. The devices can always parse the
    > manifest, and produce useful messages about the content.

I don't really want to have an encoding war.

    > This is not the only use-case. Multiple-signature of manifests may be
    > used to assert qualification by third parties, such as test labs. If =
an
    > Operator wants to ensure that a particular firmware or configuration
    > works as expected on one or more networks, they may contract a
    > third-party test lab to qualify the update package (manifest +
    > payload). This third-party test lab will then sign the manifest when
    > they have finished qualification.

Third-party testing is not cheap.
If the format of the manifest is an issue, then the third-party will die.

    > I don=E2=80=99t have a strong preference for which encoding to use, h=
owever the
    > revised draft that we submitted on 2017-10-30 used CBOR/COSE due to t=
he
    > reduced encoded size. I don=E2=80=99t think that JSON or XML are good=
 choices
    > for resource-constrained devices.

I'm all for COSE, but it depends upon what you sign it with.

=2D-
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -=3D IPv6 IoT consulting =3D-




--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAln6JgwACgkQgItw+93Q
3WUv8Af/fayqW0vKbrMq0e2aLJgYVUFuONejzJ8oJ8FFLZIYoVlm1nfkMHwXRoHW
j+7n4wmEyKshKibVLSsLU+fXI5uT3edQSfLOyD+uKoShE4cH8dJZgnZ3ER9L+Vgf
3AJGssO+21AakuUU+H3t8BKCbQiMHO8AnyKgMb/6A98Cwr6T6Ajyxk79+is4uH1V
fUBWSC6krQ5y7xlfOxIk86bXmrUgwoS/ru90KCCVAhpbhle3GxG27VHS7E3sFj+T
ir33m9JQItOLGhchzH8fr3CbhN76JQLxE0bBq4ClmvUKuN7DatDHWpVaNIaPoxEf
UVSGXXtmD5rL21NqPx2GLRIfCOEnsg==
=Hxzn
-----END PGP SIGNATURE-----
--=-=-=--


From nobody Thu Nov  2 14:01:09 2017
Return-Path: <suhasietf@gmail.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9776913F95E for <suit@ietfa.amsl.com>; Thu,  2 Nov 2017 14:01:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.989
X-Spam-Level: 
X-Spam-Status: No, score=-1.989 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aKPC6SB9Afel for <suit@ietfa.amsl.com>; Thu,  2 Nov 2017 14:01:06 -0700 (PDT)
Received: from mail-ua0-x230.google.com (mail-ua0-x230.google.com [IPv6:2607:f8b0:400c:c08::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0970813F682 for <suit@ietf.org>; Thu,  2 Nov 2017 14:01:05 -0700 (PDT)
Received: by mail-ua0-x230.google.com with SMTP id f46so616147uae.1 for <suit@ietf.org>; Thu, 02 Nov 2017 14:01:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;  h=mime-version:from:date:message-id:subject:to; bh=AG2WmIrlHG5E3j0SQTpTzonN0PjKn7HZ1DHYhEXeP2c=; b=WRCk65xeZSRn77WXLBVCOdYr5+2LD+UZJIkfB8FIyvj2Xhf3se29hB1303I/izgmzX ask6gKlXilsh7ZGWFHtop+9n7Le9CF9BChSQlFFVYzUF4tOFOXeDW0jrr5d9N/5yMAiH ubeWfTHQQIp+V0v5HD/ezzOQtk5V8nnnv+PmFVh1rfk2kPQEJSgxfna2ayIGXb9zUWyd EBh6zVwscq7BZEzoQvEx9POWUymiiXkd2ARVWOG2JGmvpQ4zTHIK3ZX2R0+bo89nw7vi EaMv+m4bn+0kf9G0eWRNpQ0GxnsdnULULdOoKNYGvzyAxxEEvxzLQYKKMHUHMv6W1kmM W9fg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=AG2WmIrlHG5E3j0SQTpTzonN0PjKn7HZ1DHYhEXeP2c=; b=mgehO+tYPy6LV5jNR/kTQPsQH4baEorkE5+X37rmcoOtX0HrYkEZb6gwdh8zB4Utxk NoWPExM1IPpvkye/iVUE1wXvFy2K5wP43nbkID7OvjUvSlx/Qoze2yjlZe5MYjZGhhku Vm/tDlom9zODX/Xrr87Xrn6kPlQprcjOu03NycTXGziBbtOKGi0T35y4emW7DVFcgbxZ YqSS0huLBOuh1PvUgLVPA7hfkjyhCwOY5Gb+g8EQ8zM62ManikX/0U9u+9vYkQ7cJrxD liZPB/9Gx8794V4AEDs/h2VPEeDDWjP3v1E1OvNamXS0QrphLSfSULhZlbaNRDi9rTQK +Ptg==
X-Gm-Message-State: AJaThX7l9ybG3tOYJMWFaEj7NVaLe8wsyhmmAdcQkUnykeiirBg1svJN 3pNJaEyZwibNao6P1w3W+cd0Wmu6aoL2jfbkpzOstw==
X-Google-Smtp-Source: ABhQp+QH4flK1zK879UCZmHOGuVe0ZGJYZBRFUZZct0jGwgWp+lZAjBI8++g5j194KN8OY5lyM7Bqu1WG8QkcG9LBY4=
X-Received: by 10.176.22.10 with SMTP id k10mr2489724uae.6.1509656464878; Thu, 02 Nov 2017 14:01:04 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.159.58.102 with HTTP; Thu, 2 Nov 2017 14:01:04 -0700 (PDT)
From: Suhas Nandakumar <suhasietf@gmail.com>
Date: Thu, 2 Nov 2017 14:01:04 -0700
Message-ID: <CAMRcRGRTf686quqM4LdgutUNTKgyqjk=_t-2Wfjwb4Ybw745og@mail.gmail.com>
To: suit@ietf.org
Content-Type: multipart/alternative; boundary="001a1145761a52736b055d064973"
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/1c9fTJhZrNeR7Bm-9SV6PY3VMAU>
Subject: [Suit] ASN.1 Encoding Format for Manifest
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Nov 2017 21:01:07 -0000

--001a1145761a52736b055d064973
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

I would want to discuss on the topic of ASN.1 encoding format that seems to
presume that the IoT device has the parser for ASN.1 as part of the
application stack (say TLS) outside the boot-loader

I don't think we can have that assumption that the firmware update process
will always have enough space  for two copies of application software, so
that it can download a new one before replacing the old one. Many devices
have a small downloader plus enough space for one copy of the application
firmware.

Hence I don=E2=80=99t think the assumptions that there is already an ASN.1 =
parser
available is true.  I would recommend that the charter allows the WG to
reconsider ASN.1 choice as the default for the manifest encoding format and
allow encodings that are suitable to the device in question.



Cheers

Suhas

--001a1145761a52736b055d064973
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;ma=
rgin-bottom:0pt" id=3D"gmail-docs-internal-guid-b24e9e0e-7e88-8368-9932-e0b=
947954867"><span style=3D"font-size:11pt;font-family:Arial;background-color=
:transparent;vertical-align:baseline">I would want to discuss on the topic =
of ASN.1 encoding format that seems to presume that the IoT device has the =
parser for ASN.1 as part of the application stack (say TLS) outside the boo=
t-loader</span></p><br><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:=
0pt;margin-bottom:0pt"><span style=3D"font-size:11pt;font-family:Arial;back=
ground-color:transparent;vertical-align:baseline">I don&#39;t think we can =
have that assumption that the firmware update process will always have enou=
gh space =C2=A0for two copies of application software, so that it can downl=
oad a new one before replacing the old one. Many devices have a small downl=
oader plus enough space for one copy of the application firmware. </span></=
p><br><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom=
:0pt"><span style=3D"font-size:11pt;font-family:Arial;background-color:tran=
sparent;vertical-align:baseline">Hence I don=E2=80=99t think the assumption=
s that there is already an ASN.1 parser available is true.=C2=A0 I would re=
commend that the charter allows the WG to reconsider ASN.1 choice as the de=
fault for the manifest encoding format and allow encodings that are suitabl=
e to the device in question.</span></p><p dir=3D"ltr" style=3D"line-height:=
1.38;margin-top:0pt;margin-bottom:0pt"><br></p><p dir=3D"ltr" style=3D"line=
-height:1.38;margin-top:0pt;margin-bottom:0pt"><br></p><p style=3D"line-hei=
ght:1.38;margin-top:0pt;margin-bottom:0pt">Cheers</p><p style=3D"line-heigh=
t:1.38;margin-top:0pt;margin-bottom:0pt">Suhas</p></div>

--001a1145761a52736b055d064973--


From nobody Thu Nov  2 14:02:42 2017
Return-Path: <suhasietf@gmail.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7616D13F971 for <suit@ietfa.amsl.com>; Thu,  2 Nov 2017 14:02:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.689
X-Spam-Level: 
X-Spam-Status: No, score=-2.689 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kqZp5e_fl4yA for <suit@ietfa.amsl.com>; Thu,  2 Nov 2017 14:02:34 -0700 (PDT)
Received: from mail-vk0-x22d.google.com (mail-vk0-x22d.google.com [IPv6:2607:f8b0:400c:c05::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E792F13F970 for <suit@ietf.org>; Thu,  2 Nov 2017 14:02:33 -0700 (PDT)
Received: by mail-vk0-x22d.google.com with SMTP id i133so561284vke.9 for <suit@ietf.org>; Thu, 02 Nov 2017 14:02:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;  h=mime-version:from:date:message-id:subject:to; bh=uJtsW+/HDBLBSQn7s+cOLPWFJ2lB+LsaKd5enSBWs1k=; b=DX6qI3Ukk4mVs4huIsX5SJ/QxIwUlHBQ996jtVk78t8oB8V8G9DTsa1ROx4Nliog9c 0m6Nt4myntJ6lm0lqWaNcUC9tipM3EKGBV5Mh8CnV8pqAlH6REmzTEs3CWvpe1NbhAWL H+0SVdd5xl7ejWavOk2N4fCJbG3xJULPnruSCJrPxqF0NCIPiqRfXP9X/Ayf1jVyxT6w 7aWvmAlyD4m3pzl9bXHCNxD2VoAvVr7UUCL1cEpjtL2wdem/tx2zpAUI99a6hdg7EC+G 72D4RJ6bVXnIDpb59PxtO7jckR37Ig2IgBuwgdgN5ishVLyb59eNGmhPk19TmZRTs/ko 8ZuQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=uJtsW+/HDBLBSQn7s+cOLPWFJ2lB+LsaKd5enSBWs1k=; b=M3R1/+hOBZH2FsAt41UBsLEPcZNXnaWc+lg9k0/U3cY42KFVCngrLs6AdQSBQoElzQ XnJvHwMEEnO5Xpj9N3HVXJeA2W2/Oxe1gvDNjyb7kvDnx5wTvr3/N6bjCENXxgN4pVf5 9/7tbTItnMTW4MZSIVHok3MJp6Uvqwb3nICiTstRgedJtStmNmJp8Dxq74w/FqeXI7nu j4w8laZMsfjZ/fuqghd+yNI1LRhIzIfaIU2dDS/k46qA9+qULdQN/oNhtVbu3VsSUPyP 6CiM2tLx2UhmE91YsNED96NPo5fMx0FguHwTr7s0DF9DzN0P7bCW7ATJZmC/17zSncOw qrOA==
X-Gm-Message-State: AMCzsaVB2/nJeczgj9c60/0oEOE4FpW4z0tZmdMbYj8vDJIvSFrBn4um eydSTUvd19sE0Nj8Ss4OgfZyVu8ynDgso7+tsP3/9w==
X-Google-Smtp-Source: ABhQp+T2vkCa7mjAH+iKepVpFIVBx79GRHVNq/ngu/v+GqpRgccMX31RLT62RrGE7obbCASx2xwh1JmTUTAF9bpMPOg=
X-Received: by 10.31.180.143 with SMTP id d137mr3723112vkf.40.1509656552907; Thu, 02 Nov 2017 14:02:32 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.159.58.102 with HTTP; Thu, 2 Nov 2017 14:02:32 -0700 (PDT)
From: Suhas Nandakumar <suhasietf@gmail.com>
Date: Thu, 2 Nov 2017 14:02:32 -0700
Message-ID: <CAMRcRGSYFouA-KkAhr7capz15YHveauw8FQ8396eSVSrXpf=7A@mail.gmail.com>
To: suit@ietf.org
Content-Type: multipart/alternative; boundary="001a1143fc2491a8af055d064eae"
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/gvjKniksF0ZXAh9UvVGOiG6dJ2M>
Subject: [Suit] Firmware Update Architecture
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Nov 2017 21:02:35 -0000

--001a1143fc2491a8af055d064eae
Content-Type: text/plain; charset="UTF-8"

Hi All


On the topic of firmware update architecture, having  a standardized way to
locate the firmware server is critical for the SUIT WG.

There are several deployments where the IoT device operating under
restricted network access cannot reach out to the manufacturer's/OEM's
website to download the firmware. Often one does not want to have a device
with unpatched firmware using the open internet to contact the vendor's web
site to get a firmware update and instead a local firmware server is used
to cache the firmware.  One can expect to have local firmware server
managed by the enterprise/factory to serve the firmware.

Having charter make provision on process to discover such local server and
locate the manifest (and firmware) on that server at a well-known location
will be super beneficial.

My draft does talk at a higher level on how this can be achieved along with
reaching out to manufacturer's server in the alternate scenarios.

If the WG think such a mechanism is useful, we should work on getting that
requirement as part of the charter. This part of the problem is more in
need of standardization than than the format of the manifest as it is
actually needed for interoperability.


Cheers

Suhas

--001a1143fc2491a8af055d064eae
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><p style=3D"line-height:1.38;margin-top:0pt;margin-bottom:=
0pt" id=3D"gmail-docs-internal-guid-b24e9e0e-7e89-c7a9-194e-e3c20636532a"><=
br></p><p style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt" id=3D=
"gmail-docs-internal-guid-b24e9e0e-7e89-c7a9-194e-e3c20636532a"><span style=
=3D"font-size:11pt;font-family:Arial;background-color:transparent;vertical-=
align:baseline">Hi All</span></p><p style=3D"line-height:1.38;margin-top:0p=
t;margin-bottom:0pt" id=3D"gmail-docs-internal-guid-b24e9e0e-7e89-c7a9-194e=
-e3c20636532a"><span style=3D"font-size:11pt;font-family:Arial;background-c=
olor:transparent;vertical-align:baseline"><br></span></p><p dir=3D"ltr" sty=
le=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt" id=3D"gmail-docs-i=
nternal-guid-b24e9e0e-7e89-c7a9-194e-e3c20636532a"><span style=3D"font-size=
:11pt;font-family:Arial;background-color:transparent;vertical-align:baselin=
e">On the topic of firmware update architecture, having =C2=A0a standardize=
d way to locate the firmware server is critical for the SUIT WG.</span></p>=
<br><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0=
pt"><span style=3D"font-size:11pt;font-family:Arial;background-color:transp=
arent;vertical-align:baseline">There are several deployments where the IoT =
device operating under restricted network access cannot reach out to the ma=
nufacturer&#39;s/OEM&#39;s website to download the firmware. Often one does=
 not want to have a device with unpatched firmware using the open internet =
to contact the vendor&#39;s web site to get a firmware update and instead a=
 local firmware server is used to cache the firmware.=C2=A0 One can expect =
to have local firmware server managed by the enterprise/factory to serve th=
e firmware.</span></p><br><p dir=3D"ltr" style=3D"line-height:1.38;margin-t=
op:0pt;margin-bottom:0pt"><span style=3D"font-size:11pt;font-family:Arial;b=
ackground-color:transparent;vertical-align:baseline">Having charter make pr=
ovision on process to discover such local server and locate the manifest (a=
nd firmware) on that server at a well-known location will be super benefici=
al.</span></p><br><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;m=
argin-bottom:0pt"><span style=3D"font-size:11pt;font-family:Arial;backgroun=
d-color:transparent;vertical-align:baseline">My draft does talk at a higher=
 level on how this can be achieved along with reaching out to manufacturer&=
#39;s server in the alternate scenarios.</span></p><br><p dir=3D"ltr" style=
=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style=3D"font-=
size:11pt;font-family:Arial;background-color:transparent;vertical-align:bas=
eline">If the WG think such a mechanism is useful, we should work on gettin=
g that requirement as part of the charter. This part of the problem is more=
 in need of standardization than than the format of the manifest as it is a=
ctually needed for interoperability.</span></p><p dir=3D"ltr" style=3D"line=
-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style=3D"font-size:11p=
t;font-family:Arial;background-color:transparent;vertical-align:baseline"><=
br></span></p><p style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt=
"><span style=3D"font-size:11pt;font-family:Arial;background-color:transpar=
ent;vertical-align:baseline">Cheers</span></p><p style=3D"line-height:1.38;=
margin-top:0pt;margin-bottom:0pt"><span style=3D"font-size:11pt;font-family=
:Arial;background-color:transparent;vertical-align:baseline">Suhas</span></=
p></div>

--001a1143fc2491a8af055d064eae--


From nobody Thu Nov  2 14:03:59 2017
Return-Path: <suhasietf@gmail.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3599413F7FA for <suit@ietfa.amsl.com>; Thu,  2 Nov 2017 14:03:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.989
X-Spam-Level: 
X-Spam-Status: No, score=-1.989 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LHkL7RcweTdJ for <suit@ietfa.amsl.com>; Thu,  2 Nov 2017 14:03:55 -0700 (PDT)
Received: from mail-vk0-x235.google.com (mail-vk0-x235.google.com [IPv6:2607:f8b0:400c:c05::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 71F7813F682 for <suit@ietf.org>; Thu,  2 Nov 2017 14:03:55 -0700 (PDT)
Received: by mail-vk0-x235.google.com with SMTP id x65so579692vkx.1 for <suit@ietf.org>; Thu, 02 Nov 2017 14:03:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;  h=mime-version:from:date:message-id:subject:to; bh=xjzLBhJoYm6HE1hfglN+O8X/GXuxfpn3TeSukPG94wc=; b=oHax7Op0FjQnGBM2C5KRV4j/Hv3nMRpvhaGt3pH8HhEH5NjQorkTLLyT0Zo1QOUmI1 iCTKtl5jrdPcM852xVl1Od5v7hC3wYcmA3FoLJMFsiv6cDQXMHzOIxYNWz6I6SUxKfA3 7DzMtHSgFfuN4icykkmRHq+2qw1vmeYUG70kxsepk+DdXI2E9syrGJoLQZ0hY+btNnes xnal28zaA6cbkq2Ub3MBYhoZKEBGFXhrlPOxdqgHUcgPVJerI5SnqYT3pmYrHF3/E/F9 1O7aPT9lAiJAMQhCfIOiUbKSInd/RsaRfdo2x4o7XJFV5m19HerO7gCa0gxgs5AkQ7wR uH4g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=xjzLBhJoYm6HE1hfglN+O8X/GXuxfpn3TeSukPG94wc=; b=pqhv3KpX73ZUcD4vNZe7TxoMljJCcE8ZYaqyAbeiI6lgAdOk+E+XYZ9Pki4jHeIKS6 unlVMJJkMHSXbb1JbXx2sfLbU7gt5+M2eKEy3/8BQbhlcRqoaAUrvrbpCqhSRU4aikv7 v2MHtBdjbObwux6Nydjilnbl8Z5cAPEqUkqmcFUrRm1v48CREkTeHRsvvGm5E82IkjVB Go3tacBEM+lwTyBO1Ebns6zQR34sEJV50wpHLnZxzQsO0aruSmUFn1PH/egD0wDDL3Xw pE3pkyqDs1n6EQPP4R5yfTpTSKmhB2GrmC3BZXh8XIyzekjh4LziKnOcdHYnx7Kjbht6 dsZA==
X-Gm-Message-State: AMCzsaXYoatCTTWXHeOF0A7NGZgxZ5HQVEH+d2MhD66kzyF9SbCkrMvt an2GkP4gjxfmdTrjoDWPKJ+PK9Mlv6ggPad/dU6bTw==
X-Google-Smtp-Source: ABhQp+Tk/mB2wqDN/+r7lfjzEPgudRjkbnYcluJu5g6HRp+rbTQPSNQUhk3I7HI2xTsWQGo9sETdgResymMoH3+RxRo=
X-Received: by 10.31.41.149 with SMTP id p143mr4066713vkp.21.1509656634453; Thu, 02 Nov 2017 14:03:54 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.159.58.102 with HTTP; Thu, 2 Nov 2017 14:03:54 -0700 (PDT)
From: Suhas Nandakumar <suhasietf@gmail.com>
Date: Thu, 2 Nov 2017 14:03:54 -0700
Message-ID: <CAMRcRGT0tjW3AznhQLjRwSBXTJ6aRrceS6NugdTodd6HRFQK8g@mail.gmail.com>
To: suit@ietf.org
Content-Type: multipart/alternative; boundary="001a113ee6a46df79f055d0653bd"
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/p6HOQWCfSCcMHjk4IqiayBMRqOM>
Subject: [Suit] Manifest Content Semantics (not the syntax)
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Nov 2017 21:03:57 -0000

--001a113ee6a46df79f055d0653bd
Content-Type: text/plain; charset="UTF-8"

One of the main goals for SUIT is to standardize the container format for
describing the manifest and firmware.  Different vendors, and different
devices, have different preferences on, if the syntax is based on JSON,
ASN.1 CBOR, etc.

The important thing from a design and security point of view is that the
semantic information is correct not the syntax.

The charter should focus the WG on figuring out the right semantic
information that needs to be in the manifest and allow that to be mapped to
multiple different encodings that work with the tools and development
practices that are appropriate for the device that is using it.


Cheers

Suhas

--001a113ee6a46df79f055d0653bd
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><p style=3D"line-height:1.38;margin-top:0pt;margin-bottom:=
0pt" id=3D"gmail-docs-internal-guid-b24e9e0e-7e8a-fa0e-80d8-882022f85e1e"><=
span style=3D"font-size:11pt;font-family:Arial;background-color:transparent=
;vertical-align:baseline">=C2=A0</span></p><p dir=3D"ltr" style=3D"line-hei=
ght:1.38;margin-top:0pt;margin-bottom:0pt" id=3D"gmail-docs-internal-guid-b=
24e9e0e-7e8a-fa0e-80d8-882022f85e1e"><span style=3D"font-size:11pt;font-fam=
ily:Arial;background-color:transparent;vertical-align:baseline">One of the =
main goals for SUIT is to standardize the container format for describing t=
he manifest and firmware.=C2=A0 Different vendors, and different devices, h=
ave different preferences on, if the syntax is based on JSON, ASN.1 CBOR, e=
tc.=C2=A0</span></p><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt=
;margin-bottom:0pt" id=3D"gmail-docs-internal-guid-b24e9e0e-7e8a-fa0e-80d8-=
882022f85e1e"><span style=3D"font-size:11pt;font-family:Arial;background-co=
lor:transparent;vertical-align:baseline">The important thing from a design =
and security point of view is that the semantic information is correct not =
the syntax. </span></p><br><p dir=3D"ltr" style=3D"line-height:1.38;margin-=
top:0pt;margin-bottom:0pt"><span style=3D"font-size:11pt;font-family:Arial;=
background-color:transparent;vertical-align:baseline">The charter should fo=
cus the WG on figuring out the right semantic information that needs to be =
in the manifest and allow that to be mapped to multiple different encodings=
 that work with the tools and development practices that are appropriate fo=
r the device that is using it.</span></p><p style=3D"line-height:1.38;margi=
n-top:0pt;margin-bottom:0pt"><span style=3D"font-size:11pt;font-family:Aria=
l;background-color:transparent;vertical-align:baseline"><br></span></p><p s=
tyle=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style=3D"f=
ont-size:11pt;font-family:Arial;background-color:transparent;vertical-align=
:baseline">Cheers</span></p><p style=3D"line-height:1.38;margin-top:0pt;mar=
gin-bottom:0pt"><span style=3D"font-size:11pt;font-family:Arial;background-=
color:transparent;vertical-align:baseline">Suhas</span></p></div>

--001a113ee6a46df79f055d0653bd--


From nobody Thu Nov  2 14:23:58 2017
Return-Path: <Brendan.Moran@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 61AFC13F570 for <suit@ietfa.amsl.com>; Thu,  2 Nov 2017 14:23:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level: 
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id suYVX3jpGYIH for <suit@ietfa.amsl.com>; Thu,  2 Nov 2017 14:23:55 -0700 (PDT)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-db5eur01on0070.outbound.protection.outlook.com [104.47.2.70]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0099913B11B for <suit@ietf.org>; Thu,  2 Nov 2017 14:23:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=rorJdj7xRjfEbIvvRpmAVBNb/QruNnlf9l/apjZtBJE=; b=E4jC1lZL8wZgDtN2twY/zetEC8SgWtlhxLdhvAzdiYfNpw2j4LhrhpnRLwTf0LyxzBRgfsepLMUbHc7U93WW+oolnPd83r1GitYRVfOKO8yQan2/w2Sw4IcBrWZw1IH46+rZEXxHJdotb61glqTlu4xgxdp/6hdmSTJimEAo6KI=
Received: from DB5PR08MB0615.eurprd08.prod.outlook.com (10.169.32.149) by DB5PR08MB0613.eurprd08.prod.outlook.com (10.169.32.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.178.6; Thu, 2 Nov 2017 21:23:52 +0000
Received: from DB5PR08MB0615.eurprd08.prod.outlook.com ([fe80::b123:af71:1ed2:1057]) by DB5PR08MB0615.eurprd08.prod.outlook.com ([fe80::b123:af71:1ed2:1057%14]) with mapi id 15.20.0178.015; Thu, 2 Nov 2017 21:23:52 +0000
From: Brendan Moran <Brendan.Moran@arm.com>
To: Suhas Nandakumar <suhasietf@gmail.com>
CC: "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] ASN.1 Encoding Format for Manifest
Thread-Index: AQHTVB25Hydccea2Lk+p3Ff06xUuMaMBmYaA
Date: Thu, 2 Nov 2017 21:23:52 +0000
Message-ID: <09E35C75-760B-45BB-8010-E7AC1BB3F464@arm.com>
References: <CAMRcRGRTf686quqM4LdgutUNTKgyqjk=_t-2Wfjwb4Ybw745og@mail.gmail.com>
In-Reply-To: <CAMRcRGRTf686quqM4LdgutUNTKgyqjk=_t-2Wfjwb4Ybw745og@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-mailer: Apple Mail (2.3273)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Brendan.Moran@arm.com; 
x-originating-ip: [81.101.7.188]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DB5PR08MB0613; 6:L4vEPxkO4M/psCl11lzrgiUz7bhdYjti9+G+YDbJ32AwZhyAT3sth/I6+5yfZqCm2SE9I+hOUuVeeAk9Bu2V/2kTUsP5LHDUN0ZiZmHJB56reo3H9gY3xuiJf/R6swHswKV047tGiBl9843HmhuW3x6a7zGXFMccp6iEPG1qjyrqQ2rOJvgA45M/aLIVIERouE1ZgFnMFMyG+r0R7on2vRtIarYICVLWNQtEeOvMZJPxzjnpzjnmrw3kp9xeBdOAQykeOSEQEWajD/A1zM1RpqjB69erJFHxuccyN6SrGSwWwFrftTRgqdcYzxFfUoz+yGoZJ42zDy79imL+dt8uD4mMur8Et/E/hDSipJcSVmE=; 5:dKcO0FQIKLZJ/tJkTEK0T0nydyr3I8y8kMbxdt2zCmb5PiGNX6Hvt2gO0CJtb+rQhivrKeib9gjwgVcfeZSoLNgJbvWu8Wmt8qbBz8MmC49RfOMhuOK4BmvZIJ/AkOTs0H37adgcFSA2tgyRkeNRJvJduMQ9nXyXbx/10aWapF0=; 24:ZomSz17gcLBeuFJ0oohZW8AtfgaZnQw2Ui/MTTSJR6KrqFlTHhPtYJwC1diTaaZkMB9mydANoimntjavSQX7+1bSw38IA3L6ig8s/POx5Wk=; 7:6VpviqKcU3w7xRQiuRYMu/HmzTwlWtNzuKAqQBEQSidLaQBVNkgORgLQBOQG+yAlx/TkMUA07Smwl/6Jf7jz9UrkRIU49u6Cn3bdUERnVbrSJTuxyBmGyZbRMjNLNjHajkGPwVQGkkIRnsMA9D+RxrNd4ozHLHY4O52lcuwzm1cOAwgjs681VZcsA2BAxes1TxgcQ1BjrVxMNr67fIfmyDvFlVYkx68fYny+ffghUQX9N/A2nKzEXJSipe+AjDzu
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 9ff91f9b-1152-42d7-2580-08d5223803fc
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(2017052603199); SRVR:DB5PR08MB0613; 
x-ms-traffictypediagnostic: DB5PR08MB0613:
x-exchange-antispam-report-test: UriScan:;
x-microsoft-antispam-prvs: <DB5PR08MB0613F86BDFC392B892BBDDC3EA5C0@DB5PR08MB0613.eurprd08.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(100000703101)(100105400095)(10201501046)(3231020)(93006095)(93001095)(3002001)(6055026)(6041248)(20161123562025)(20161123558100)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(20161123555025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:DB5PR08MB0613; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:DB5PR08MB0613; 
x-forefront-prvs: 047999FF16
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(346002)(376002)(39860400002)(24454002)(40434004)(199003)(189002)(81166006)(81156014)(8936002)(8676002)(83716003)(3280700002)(39060400002)(236005)(5890100001)(5660300001)(6246003)(4326008)(105586002)(3846002)(478600001)(86362001)(106356001)(68736007)(102836003)(5250100002)(6116002)(99286004)(53936002)(33656002)(6916009)(2950100002)(1411001)(97736004)(101416001)(2906002)(316002)(50986999)(6486002)(3660700001)(50226002)(25786009)(6506006)(76176999)(14454004)(54896002)(229853002)(6512007)(72206003)(189998001)(2900100001)(57306001)(6436002)(36756003)(53546010)(66066001)(7736002)(82746002); DIR:OUT; SFP:1101; SCL:1; SRVR:DB5PR08MB0613; H:DB5PR08MB0615.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords;  A:1; MX:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_09E35C75760B45BB8010E7AC1BB3F464armcom_"
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 9ff91f9b-1152-42d7-2580-08d5223803fc
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Nov 2017 21:23:52.2224 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB5PR08MB0613
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/bR5b3JU7NbhMlEwU9507q6hbWyg>
Subject: Re: [Suit] ASN.1 Encoding Format for Manifest
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Nov 2017 21:23:57 -0000

--_000_09E35C75760B45BB8010E7AC1BB3F464armcom_
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64

DQpPbiAyIE5vdiAyMDE3LCBhdCAyMTowMSwgU3VoYXMgTmFuZGFrdW1hciA8c3VoYXNpZXRmQGdt
YWlsLmNvbTxtYWlsdG86c3VoYXNpZXRmQGdtYWlsLmNvbT4+IHdyb3RlOg0KDQpJIHdvdWxkIHdh
bnQgdG8gZGlzY3VzcyBvbiB0aGUgdG9waWMgb2YgQVNOLjEgZW5jb2RpbmcgZm9ybWF0IHRoYXQg
c2VlbXMgdG8gcHJlc3VtZSB0aGF0IHRoZSBJb1QgZGV2aWNlIGhhcyB0aGUgcGFyc2VyIGZvciBB
U04uMSBhcyBwYXJ0IG9mIHRoZSBhcHBsaWNhdGlvbiBzdGFjayAoc2F5IFRMUykgb3V0c2lkZSB0
aGUgYm9vdC1sb2FkZXINCg0KUGxlYXNlIHJldmlldyB0aGUgbGF0ZXN0IGRyYWZ0LiBBU04uMSBp
cyBub3QgdXNlZC4NCg0KSSBkb24ndCB0aGluayB3ZSBjYW4gaGF2ZSB0aGF0IGFzc3VtcHRpb24g
dGhhdCB0aGUgZmlybXdhcmUgdXBkYXRlIHByb2Nlc3Mgd2lsbCBhbHdheXMgaGF2ZSBlbm91Z2gg
c3BhY2UgIGZvciB0d28gY29waWVzIG9mIGFwcGxpY2F0aW9uIHNvZnR3YXJlLCBzbyB0aGF0IGl0
IGNhbiBkb3dubG9hZCBhIG5ldyBvbmUgYmVmb3JlIHJlcGxhY2luZyB0aGUgb2xkIG9uZS4gTWFu
eSBkZXZpY2VzIGhhdmUgYSBzbWFsbCBkb3dubG9hZGVyIHBsdXMgZW5vdWdoIHNwYWNlIGZvciBv
bmUgY29weSBvZiB0aGUgYXBwbGljYXRpb24gZmlybXdhcmUuDQoNClRoaXMgaXMgb25lIG9mIHRo
ZSBleHBlY3RlZCB1c2UtY2FzZXMuIEhvd2V2ZXIsIGl0IGlzIGltcG9ydGFudCB0byBjb25zaWRl
ciB0aGF0IGRvd25sb2FkZXJzIGxpa2VseSBuZWVkIHRvIGJlIHVwZGF0YWJsZS4NCg0KSGVuY2Ug
SSBkb27igJl0IHRoaW5rIHRoZSBhc3N1bXB0aW9ucyB0aGF0IHRoZXJlIGlzIGFscmVhZHkgYW4g
QVNOLjEgcGFyc2VyIGF2YWlsYWJsZSBpcyB0cnVlLiAgSSB3b3VsZCByZWNvbW1lbmQgdGhhdCB0
aGUgY2hhcnRlciBhbGxvd3MgdGhlIFdHIHRvIHJlY29uc2lkZXIgQVNOLjEgY2hvaWNlIGFzIHRo
ZSBkZWZhdWx0IGZvciB0aGUgbWFuaWZlc3QgZW5jb2RpbmcgZm9ybWF0IGFuZCBhbGxvdyBlbmNv
ZGluZ3MgdGhhdCBhcmUgc3VpdGFibGUgdG8gdGhlIGRldmljZSBpbiBxdWVzdGlvbi4NCg0KQmVz
dCBSZWdhcmRzLA0KQnJlbmRhbg0KSU1QT1JUQU5UIE5PVElDRTogVGhlIGNvbnRlbnRzIG9mIHRo
aXMgZW1haWwgYW5kIGFueSBhdHRhY2htZW50cyBhcmUgY29uZmlkZW50aWFsIGFuZCBtYXkgYWxz
byBiZSBwcml2aWxlZ2VkLiBJZiB5b3UgYXJlIG5vdCB0aGUgaW50ZW5kZWQgcmVjaXBpZW50LCBw
bGVhc2Ugbm90aWZ5IHRoZSBzZW5kZXIgaW1tZWRpYXRlbHkgYW5kIGRvIG5vdCBkaXNjbG9zZSB0
aGUgY29udGVudHMgdG8gYW55IG90aGVyIHBlcnNvbiwgdXNlIGl0IGZvciBhbnkgcHVycG9zZSwg
b3Igc3RvcmUgb3IgY29weSB0aGUgaW5mb3JtYXRpb24gaW4gYW55IG1lZGl1bS4gVGhhbmsgeW91
Lg0K

--_000_09E35C75760B45BB8010E7AC1BB3F464armcom_
Content-Type: text/html; charset="utf-8"
Content-ID: <EEE9CF78694FE048A5BFE1FDC9B34F10@eurprd08.prod.outlook.com>
Content-Transfer-Encoding: base64

PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i
dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjwvaGVhZD4NCjxib2R5IHN0eWxlPSJ3b3JkLXdy
YXA6IGJyZWFrLXdvcmQ7IC13ZWJraXQtbmJzcC1tb2RlOiBzcGFjZTsgLXdlYmtpdC1saW5lLWJy
ZWFrOiBhZnRlci13aGl0ZS1zcGFjZTsiIGNsYXNzPSIiPg0KPGRpdj4NCjxibG9ja3F1b3RlIHR5
cGU9ImNpdGUiIGNsYXNzPSIiPg0KPGRpdiBjbGFzcz0iIj48YnIgY2xhc3M9IiI+DQpPbiAyIE5v
diAyMDE3LCBhdCAyMTowMSwgU3VoYXMgTmFuZGFrdW1hciAmbHQ7PGEgaHJlZj0ibWFpbHRvOnN1
aGFzaWV0ZkBnbWFpbC5jb20iIGNsYXNzPSIiPnN1aGFzaWV0ZkBnbWFpbC5jb208L2E+Jmd0OyB3
cm90ZTo8L2Rpdj4NCjxiciBjbGFzcz0iQXBwbGUtaW50ZXJjaGFuZ2UtbmV3bGluZSI+DQo8ZGl2
IGNsYXNzPSIiPg0KPGRpdiBkaXI9Imx0ciIgY2xhc3M9IiI+DQo8ZGl2IHN0eWxlPSJsaW5lLWhl
aWdodDogMS4zODsgbWFyZ2luLXRvcDogMHB0OyBtYXJnaW4tYm90dG9tOiAwcHQ7IiBjbGFzcz0i
Ij48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExcHQ7Zm9udC1mYW1pbHk6QXJpYWw7YmFja2dyb3Vu
ZC1jb2xvcjp0cmFuc3BhcmVudDt2ZXJ0aWNhbC1hbGlnbjpiYXNlbGluZSIgY2xhc3M9IiI+SSB3
b3VsZCB3YW50IHRvIGRpc2N1c3Mgb24gdGhlIHRvcGljIG9mIEFTTi4xIGVuY29kaW5nIGZvcm1h
dCB0aGF0IHNlZW1zDQogdG8gcHJlc3VtZSB0aGF0IHRoZSBJb1QgZGV2aWNlIGhhcyB0aGUgcGFy
c2VyIGZvciBBU04uMSBhcyBwYXJ0IG9mIHRoZSBhcHBsaWNhdGlvbiBzdGFjayAoc2F5IFRMUykg
b3V0c2lkZSB0aGUgYm9vdC1sb2FkZXI8L3NwYW4+PC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9i
bG9ja3F1b3RlPg0KPGRpdj48YnIgY2xhc3M9IiI+DQo8L2Rpdj4NClBsZWFzZSByZXZpZXcgdGhl
IGxhdGVzdCBkcmFmdC4gQVNOLjEgaXMgbm90IHVzZWQuPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPjxi
ciBjbGFzcz0iIj4NCjxibG9ja3F1b3RlIHR5cGU9ImNpdGUiIGNsYXNzPSIiPg0KPGRpdiBjbGFz
cz0iIj4NCjxkaXYgZGlyPSJsdHIiIGNsYXNzPSIiPg0KPGRpdiBzdHlsZT0ibGluZS1oZWlnaHQ6
IDEuMzg7IG1hcmdpbi10b3A6IDBwdDsgbWFyZ2luLWJvdHRvbTogMHB0OyIgY2xhc3M9IiI+PHNw
YW4gc3R5bGU9ImZvbnQtc2l6ZToxMXB0O2ZvbnQtZmFtaWx5OkFyaWFsO2JhY2tncm91bmQtY29s
b3I6dHJhbnNwYXJlbnQ7dmVydGljYWwtYWxpZ246YmFzZWxpbmUiIGNsYXNzPSIiPkkgZG9uJ3Qg
dGhpbmsgd2UgY2FuIGhhdmUgdGhhdCBhc3N1bXB0aW9uIHRoYXQgdGhlIGZpcm13YXJlIHVwZGF0
ZSBwcm9jZXNzDQogd2lsbCBhbHdheXMgaGF2ZSBlbm91Z2ggc3BhY2UgJm5ic3A7Zm9yIHR3byBj
b3BpZXMgb2YgYXBwbGljYXRpb24gc29mdHdhcmUsIHNvIHRoYXQgaXQgY2FuIGRvd25sb2FkIGEg
bmV3IG9uZSBiZWZvcmUgcmVwbGFjaW5nIHRoZSBvbGQgb25lLiBNYW55IGRldmljZXMgaGF2ZSBh
IHNtYWxsIGRvd25sb2FkZXIgcGx1cyBlbm91Z2ggc3BhY2UgZm9yIG9uZSBjb3B5IG9mIHRoZSBh
cHBsaWNhdGlvbiBmaXJtd2FyZS48L3NwYW4+PC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9ibG9j
a3F1b3RlPg0KPGRpdiBjbGFzcz0iIj48YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCjxkaXYgY2xhc3M9
IiI+VGhpcyBpcyBvbmUgb2YgdGhlIGV4cGVjdGVkIHVzZS1jYXNlcy4gSG93ZXZlciwgaXQgaXMg
aW1wb3J0YW50IHRvIGNvbnNpZGVyIHRoYXQgZG93bmxvYWRlcnMgbGlrZWx5IG5lZWQgdG8gYmUg
dXBkYXRhYmxlLjwvZGl2Pg0KPGJyIGNsYXNzPSIiPg0KPGJsb2NrcXVvdGUgdHlwZT0iY2l0ZSIg
Y2xhc3M9IiI+DQo8ZGl2IGNsYXNzPSIiPg0KPGRpdiBkaXI9Imx0ciIgY2xhc3M9IiI+DQo8ZGl2
IHN0eWxlPSJsaW5lLWhlaWdodDogMS4zODsgbWFyZ2luLXRvcDogMHB0OyBtYXJnaW4tYm90dG9t
OiAwcHQ7IiBjbGFzcz0iIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExcHQ7Zm9udC1mYW1pbHk6
QXJpYWw7YmFja2dyb3VuZC1jb2xvcjp0cmFuc3BhcmVudDt2ZXJ0aWNhbC1hbGlnbjpiYXNlbGlu
ZSIgY2xhc3M9IiI+SGVuY2UgSSBkb27igJl0IHRoaW5rIHRoZSBhc3N1bXB0aW9ucyB0aGF0IHRo
ZXJlIGlzIGFscmVhZHkgYW4gQVNOLjEgcGFyc2VyDQogYXZhaWxhYmxlIGlzIHRydWUuJm5ic3A7
IEkgd291bGQgcmVjb21tZW5kIHRoYXQgdGhlIGNoYXJ0ZXIgYWxsb3dzIHRoZSBXRyB0byByZWNv
bnNpZGVyIEFTTi4xIGNob2ljZSBhcyB0aGUgZGVmYXVsdCBmb3IgdGhlIG1hbmlmZXN0IGVuY29k
aW5nIGZvcm1hdCBhbmQgYWxsb3cgZW5jb2RpbmdzIHRoYXQgYXJlIHN1aXRhYmxlIHRvIHRoZSBk
ZXZpY2UgaW4gcXVlc3Rpb24uPC9zcGFuPjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvYmxvY2tx
dW90ZT4NCjxiciBjbGFzcz0iIj4NCjwvZGl2Pg0KPGRpdiBjbGFzcz0iIj5CZXN0IFJlZ2FyZHMs
PC9kaXY+DQo8ZGl2IGNsYXNzPSIiPkJyZW5kYW48L2Rpdj4NCklNUE9SVEFOVCBOT1RJQ0U6IFRo
ZSBjb250ZW50cyBvZiB0aGlzIGVtYWlsIGFuZCBhbnkgYXR0YWNobWVudHMgYXJlIGNvbmZpZGVu
dGlhbCBhbmQgbWF5IGFsc28gYmUgcHJpdmlsZWdlZC4gSWYgeW91IGFyZSBub3QgdGhlIGludGVu
ZGVkIHJlY2lwaWVudCwgcGxlYXNlIG5vdGlmeSB0aGUgc2VuZGVyIGltbWVkaWF0ZWx5IGFuZCBk
byBub3QgZGlzY2xvc2UgdGhlIGNvbnRlbnRzIHRvIGFueSBvdGhlciBwZXJzb24sIHVzZSBpdCBm
b3IgYW55IHB1cnBvc2UsDQogb3Igc3RvcmUgb3IgY29weSB0aGUgaW5mb3JtYXRpb24gaW4gYW55
IG1lZGl1bS4gVGhhbmsgeW91Lg0KPC9ib2R5Pg0KPC9odG1sPg0K

--_000_09E35C75760B45BB8010E7AC1BB3F464armcom_--


From nobody Fri Nov  3 09:32:04 2017
Return-Path: <iesg-secretary@ietf.org>
X-Original-To: suit@ietf.org
Delivered-To: suit@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 4A45613FED7; Fri,  3 Nov 2017 09:32:03 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: "IETF-Announce" <ietf-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.64.0
Auto-Submitted: auto-generated
Precedence: bulk
Cc: suit@ietf.org 
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-ID: <150972672329.16422.18367622832369820976.idtracker@ietfa.amsl.com>
Date: Fri, 03 Nov 2017 09:32:03 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/LLY7-prqe471LyT8F8_6Eoo0e8k>
Subject: [Suit] WG Review: Software Updates for Internet of Things (suit)
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Nov 2017 16:32:03 -0000

The Software Updates for Internet of Things (suit) WG in the Security Area of
the IETF is undergoing rechartering. The IESG has not made any determination
yet. The following draft charter was submitted, and is provided for
informational purposes only. Please send your comments to the IESG mailing
list (iesg@ietf.org) by 2017-11-13.

Software Updates for Internet of Things (suit)
-----------------------------------------------------------------------
Current status: BOF WG

Chairs:
  Dave Thaler <dthaler@microsoft.com>
  David Waltermire <david.waltermire@nist.gov>
  Russ Housley <housley@vigilsec.com>

Assigned Area Director:
  Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>

Security Area Directors:
  Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>
  Eric Rescorla <ekr@rtfm.com>

Mailing list:
  Address: suit@ietf.org
  To subscribe: https://www.ietf.org/mailman/listinfo/suit
  Archive: https://mailarchive.ietf.org/arch/search/?email_list=suit

Group page: https://datatracker.ietf.org/group/suit/

Charter: https://datatracker.ietf.org/doc/charter-ietf-suit/

Vulnerabilities in Internet of Things (IoT) devices have raised the
need for a secure firmware update mechanism that is also suitable for
constrained devices.  Security experts, researchers, and regulators
recommend that all IoT devices be equipped with such a mechanism.  While
there are many proprietary firmware update mechanisms in use today, there
is a lack of a modern interoperable approach of securely updating the
software in IoT devices.

A firmware update solution consists of several components, including:
  *  A mechanism to transport firmware images to IoT devices.
  *  A manifest that provides meta-data about the firmware image
     (such as a firmware package identifier, the hardware the package
     needs to run, and dependencies on other firmware packages), as
     well as cryptographic information for protecting the firmware
     image in an end-to-end fashion.
  *  The firmware image itself.

RFC 4108 provides a manifest format that uses the Cryptographic Message
Syntax (CMS) to protect firmware packages.

More than ten years have passed since the publication of RFC 4108, and
greater experience with IoT deployments has led to additional
functionality, requiring the work done with RFC 4108 to be revisited.
This group will focus on defining a firmware update solution for Class
1 devices, as defined in RFC 7228, that is -- IoT devices with ~10 KiB
RAM and ~100 KiB flash.  The solution may apply to more capable devices
as well.  This group will not define any transport mechanisms.

In June of 2016 the Internet Architecture Board organized a workshop on
'Internet of Things (IoT) Software Update (IOTSU)', which took place at
Trinity College in Dublin, Ireland.  The main goal of the workshop was
to foster a discussion on requirements, challenges, and solutions for
bringing software and firmware updates to IoT devices. This workshop
also made clear that there are challenges with misaligned incentives
and complex value chains.  It is nevertheless seen as important to
create standard building blocks that help interested parties implement
and deploy a solid firmware update mechanism.

In particular this group aims to publish three documents, namely:
  *  An IoT firmware update architecture that includes a description of
     the involved entities, security threats, and assumptions.
  *  One or more manifest format specifications.

The initial focus of this group will be development of a manifest approach
based on CMS and the ASN.1 encoding. This work will result in a revision of
RFC 4108 that reflects the current best practices. Use of the ASN.1 encoding
is desirable due to existing ASN.1 support in crypto libraries used within
current IoT operating systems. The group may later adopt alternate manifest
formats using other serialization approaches (e.g., CBOR). This group does
not aim to create a standard for a generic software update mechanism for use
by rich operating systems, like Linux, but instead this group will focus on
software development practices in the embedded industry.  "Software update
solutions that target updating software other than the firmware binary (e.g.
updating scripts) are also out of scope.

This group will aim to maintain a close relationship with silicon vendors
and OEMs that develop IoT operating systems.

Milestones:

  Dec 2017 - Adopt RFC 4108bis document as WG item.

  Dec 2017 - Adopt "Architecture" document as WG item.

  Dec 2017 - Adopt "Manifest Format" specification as WG item.

  Jan 2018 - Adopt "Architecture" to the IESG for publication as an
  Informational RFC.

  Mar 2018 - Calendar item: Release initial version of the manifest creation
  tools as open source.

  Apr 2018 - Calendar item: Release first version of manifest test tools as
  open source.

  Jun 2018 - Calendar item: Release first IoT OS implementation of firmware
  update mechanisms as open source.

  Nov 2018 - Submit RFC 4108bis document to the IESG for publication as a
  Proposed Standard.

  Nov 2018 - Submit "Manifest Format" to the IESG for publication as a
  Proposed Standard.



From nobody Fri Nov  3 09:43:20 2017
Return-Path: <david.waltermire@nist.gov>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 747E013FEEF for <suit@ietfa.amsl.com>; Fri,  3 Nov 2017 09:43:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gNfZ3caYLyJB for <suit@ietfa.amsl.com>; Fri,  3 Nov 2017 09:43:15 -0700 (PDT)
Received: from gcc01-dm2-obe.outbound.protection.outlook.com (mail-dm2gcc01on0111.outbound.protection.outlook.com [23.103.201.111]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 83A1513FF0D for <suit@ietf.org>; Fri,  3 Nov 2017 09:43:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=jz2bESB7ea0gp6SSDjj+OtSpyGHi1CqTfXGr2xYd12Y=; b=2bSyUSKQkmCAQQWgLzZK2JBwLrSwvy3gtII7845B6/Q6LY/O44ZYlg9POYdOGBLqDW9HFnuQiqdLOZxBUYDr2tvzFWQ9h7Fv6cjdqJkzrgdezwfY9kkFaIO3SEcS8mKR2tu7oUsd4BIa1hwOeS6r2EQRZWAiNTtkkpjocpfV7I0=
Received: from CY4PR09MB1495.namprd09.prod.outlook.com (10.173.191.141) by CY4PR09MB1493.namprd09.prod.outlook.com (10.173.191.139) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.197.13; Fri, 3 Nov 2017 16:43:13 +0000
Received: from CY4PR09MB1495.namprd09.prod.outlook.com ([10.173.191.141]) by CY4PR09MB1495.namprd09.prod.outlook.com ([10.173.191.141]) with mapi id 15.20.0197.013; Fri, 3 Nov 2017 16:43:13 +0000
From: "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>
To: "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] WG Review: Software Updates for Internet of Things (suit)
Thread-Index: AQHTVMFRwLvJJm6/L02nsHYjmbMeoKMC2jSw
Date: Fri, 3 Nov 2017 16:43:12 +0000
Message-ID: <CY4PR09MB14958299C24088359F911702F05D0@CY4PR09MB1495.namprd09.prod.outlook.com>
References: <150972672329.16422.18367622832369820976.idtracker@ietfa.amsl.com>
In-Reply-To: <150972672329.16422.18367622832369820976.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: spf=none (sender IP is ) smtp.mailfrom=david.waltermire@nist.gov; 
x-originating-ip: [129.6.224.58]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; CY4PR09MB1493; 6:h1SjKt7fm08GwyJ2lnnvHwCGytI/5ILbeyoYoIj08CQXo2+1HnF5Pg8mRyPme7l8yhBg5iipkwk68v7eR+2VYadS7ihxWU6g8VhZXGA+H0aNIAUd2OZNnRfr+NqW9xS9qUU9Y1x7KIF9lJkUNwYxSIjEwp/iMAdvFOTaf63DPtFg1+ue4AG+XvNQkqpueccQECTtBsQKOF7kxzOCwDarBL1GSBZpPqwzs8X1/8k69mqxmjtA0lRzUjraoEOHH/xpi0Pcc/EMeYWysCCh4IBSqH975tIE18a1Bo1o4LVpuZslMVsEpof4723L81kkY9wgOJdHw6kv2Fh+d4m3Cbdq1b6kFHSSdWb8jbJ6vLAvuN8=; 5:SQhVRrPbwFvBF20kgDd7d43MAyYL5xaXoiGo4dGDhdWusw5TFkTfUHezg4hfvQNB1dsiiSKAE3VaLSK4qhLiU8kEW154GmQUCAoxUaOgGwaAAAsmO1SO5eXFwIH/QHeQGcLZSERjlA2MBg+I/t3LAX1m6IHK0T+k13QBDviHEUg=; 24:B6EtZH3zIotAaKXztT96L4h03PnAPyTQGqw/YWIr6Rt6JoeVXbDKCNjFF5y13VHPIuYGS2Vjj/mir+6BUG844bTtFJ1knLEe9QiB8fvPh9s=; 7:Mzqyfj3uqGx35/7R9m2xKRx2/wp9cGBjIzippas7PwgS9/qYnjrOS98FNSCObbhQ4H1xIrdI2EdF7S/Hu+qmiN0ryVWjVgvRWwYe1tSlYJTsKQ45adIiM7n7b9Rtv6PHsUixGYVeKq0XBqegvIyPar5BGLGVR0HBfsRrQeWyQt7J+wqYIcv4lKFvMbkJtqGvdzvrL3hVK5HG13BR2VopoYSttfCctOH4StA1qrF9PxvA+sYWm1KBLS4NmI2cPTtL
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: fb1063ea-f838-4131-97ea-08d522d9f98c
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603199); SRVR:CY4PR09MB1493; 
x-ms-traffictypediagnostic: CY4PR09MB1493:
x-exchange-antispam-report-test: UriScan:(65766998875637)(89211679590171)(192374486261705)(189930954265078)(219752817060721);
x-microsoft-antispam-prvs: <CY4PR09MB149351A06D4F28816D588B18F05D0@CY4PR09MB1493.namprd09.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(93006095)(93001095)(10201501046)(3231021)(3002001)(100000703101)(100105400095)(6055026)(6041248)(20161123562025)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123555025)(20161123560025)(20161123558100)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:CY4PR09MB1493; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:CY4PR09MB1493; 
x-forefront-prvs: 0480A51D4A
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(376002)(346002)(45074003)(189002)(13464003)(199003)(66066001)(6246003)(68736007)(4001150100001)(86362001)(99286004)(3280700002)(2906002)(7696004)(8936002)(2950100002)(2501003)(6916009)(15650500001)(3660700001)(5660300001)(101416001)(54356999)(97736004)(76176999)(50986999)(575784001)(316002)(5640700003)(6436002)(55016002)(229853002)(6306002)(53936002)(9686003)(6506006)(77096006)(105586002)(45080400002)(14454004)(74316002)(53546010)(7736002)(305945005)(966005)(102836003)(106356001)(33656002)(81156014)(8676002)(1730700003)(81166006)(189998001)(3846002)(6116002)(478600001)(2900100001)(25786009)(2351001); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR09MB1493; H:CY4PR09MB1495.namprd09.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords;  MX:1; A:1; LANG:en; 
received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-Network-Message-Id: fb1063ea-f838-4131-97ea-08d522d9f98c
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Nov 2017 16:43:13.0594 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR09MB1493
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/KZoavlgx7L4W36Sk-zOejXv_NCU>
Subject: Re: [Suit] WG Review: Software Updates for Internet of Things (suit)
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Nov 2017 16:43:19 -0000

Going forward I'd like to focus our discussion of the charter around specif=
ic textual changes that need to be made to this charter. Please focus your =
comments around proposing new text to address any concerns you might have.

I will keep a working copy of the charter based on the conversation going f=
orward, which we will review at the IETF 100 SUIT BoF on Monday, November 1=
3, 2017 in Singapore.

Regards,
Dave

> -----Original Message-----
> From: Suit [mailto:suit-bounces@ietf.org] On Behalf Of The IESG
> Sent: Friday, November 03, 2017 12:32 PM
> To: IETF-Announce <ietf-announce@ietf.org>
> Cc: suit@ietf.org
> Subject: [Suit] WG Review: Software Updates for Internet of Things (suit)
>=20
> The Software Updates for Internet of Things (suit) WG in the Security Are=
a of
> the IETF is undergoing rechartering. The IESG has not made any determinat=
ion
> yet. The following draft charter was submitted, and is provided for
> informational purposes only. Please send your comments to the IESG mailin=
g list
> (iesg@ietf.org) by 2017-11-13.
>=20
> Software Updates for Internet of Things (suit)
> -----------------------------------------------------------------------
> Current status: BOF WG
>=20
> Chairs:
>   Dave Thaler <dthaler@microsoft.com>
>   David Waltermire <david.waltermire@nist.gov>
>   Russ Housley <housley@vigilsec.com>
>=20
> Assigned Area Director:
>   Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>
>=20
> Security Area Directors:
>   Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>
>   Eric Rescorla <ekr@rtfm.com>
>=20
> Mailing list:
>   Address: suit@ietf.org
>   To subscribe:
> https://na01.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fwww.ie=
t
> f.org%2Fmailman%2Flistinfo%2Fsuit&data=3D02%7C01%7Cdavid.waltermire%40
> nist.gov%7Cd192afbbaa384fa3a58d08d522d86ca6%7C2ab5d82fd8fa4797a93
> e054655c61dec%7C1%7C0%7C636453235286858513&sdata=3DQztGtSdbI9GjF
> Ui%2BtcbEirxM026iG%2BT0Yztmex4Ghbo%3D&reserved=3D0
>   Archive:
> https://na01.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fmailar=
chi
> ve.ietf.org%2Farch%2Fsearch%2F%3Femail_list%3Dsuit&data=3D02%7C01%7Cd
> avid.waltermire%40nist.gov%7Cd192afbbaa384fa3a58d08d522d86ca6%7C2a
> b5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C636453235286858513&s
> data=3DxbYnoky%2FpcGtkA9EJJwjeMBJO5k6gB5PyE5A0PGDQ%2Bw%3D&reserv
> ed=3D0
>=20
> Group page:
> https://na01.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fdatatr=
ac
> ker.ietf.org%2Fgroup%2Fsuit%2F&data=3D02%7C01%7Cdavid.waltermire%40nis
> t.gov%7Cd192afbbaa384fa3a58d08d522d86ca6%7C2ab5d82fd8fa4797a93e0
> 54655c61dec%7C1%7C0%7C636453235286858513&sdata=3D1wVU3kU%2FtTw
> 7YpjxNyGV1Dj5P20FcxzE%2FbaLYrJ8%2F%2BQ%3D&reserved=3D0
>=20
> Charter:
> https://na01.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fdatatr=
ac
> ker.ietf.org%2Fdoc%2Fcharter-ietf-
> suit%2F&data=3D02%7C01%7Cdavid.waltermire%40nist.gov%7Cd192afbbaa384
> fa3a58d08d522d86ca6%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0
> %7C636453235286858513&sdata=3DW7XS6qSxpFjmjTgv9SUtJh%2FhGV67IaQr
> 11e6dMTd9lM%3D&reserved=3D0
>=20
> Vulnerabilities in Internet of Things (IoT) devices have raised the need =
for a
> secure firmware update mechanism that is also suitable for constrained de=
vices.
> Security experts, researchers, and regulators recommend that all IoT devi=
ces be
> equipped with such a mechanism.  While there are many proprietary firmwar=
e
> update mechanisms in use today, there is a lack of a modern interoperable
> approach of securely updating the software in IoT devices.
>=20
> A firmware update solution consists of several components, including:
>   *  A mechanism to transport firmware images to IoT devices.
>   *  A manifest that provides meta-data about the firmware image
>      (such as a firmware package identifier, the hardware the package
>      needs to run, and dependencies on other firmware packages), as
>      well as cryptographic information for protecting the firmware
>      image in an end-to-end fashion.
>   *  The firmware image itself.
>=20
> RFC 4108 provides a manifest format that uses the Cryptographic Message
> Syntax (CMS) to protect firmware packages.
>=20
> More than ten years have passed since the publication of RFC 4108, and gr=
eater
> experience with IoT deployments has led to additional functionality, requ=
iring
> the work done with RFC 4108 to be revisited.
> This group will focus on defining a firmware update solution for Class
> 1 devices, as defined in RFC 7228, that is -- IoT devices with ~10 KiB RA=
M and
> ~100 KiB flash.  The solution may apply to more capable devices as well. =
 This
> group will not define any transport mechanisms.
>=20
> In June of 2016 the Internet Architecture Board organized a workshop on
> 'Internet of Things (IoT) Software Update (IOTSU)', which took place at T=
rinity
> College in Dublin, Ireland.  The main goal of the workshop was to foster =
a
> discussion on requirements, challenges, and solutions for bringing softwa=
re and
> firmware updates to IoT devices. This workshop also made clear that there=
 are
> challenges with misaligned incentives and complex value chains.  It is
> nevertheless seen as important to create standard building blocks that he=
lp
> interested parties implement and deploy a solid firmware update mechanism=
.
>=20
> In particular this group aims to publish three documents, namely:
>   *  An IoT firmware update architecture that includes a description of
>      the involved entities, security threats, and assumptions.
>   *  One or more manifest format specifications.
>=20
> The initial focus of this group will be development of a manifest approac=
h based
> on CMS and the ASN.1 encoding. This work will result in a revision of RFC=
 4108
> that reflects the current best practices. Use of the ASN.1 encoding is de=
sirable
> due to existing ASN.1 support in crypto libraries used within current IoT
> operating systems. The group may later adopt alternate manifest formats u=
sing
> other serialization approaches (e.g., CBOR). This group does not aim to c=
reate a
> standard for a generic software update mechanism for use by rich operatin=
g
> systems, like Linux, but instead this group will focus on software develo=
pment
> practices in the embedded industry.  "Software update solutions that targ=
et
> updating software other than the firmware binary (e.g.
> updating scripts) are also out of scope.
>=20
> This group will aim to maintain a close relationship with silicon vendors=
 and
> OEMs that develop IoT operating systems.
>=20
> Milestones:
>=20
>   Dec 2017 - Adopt RFC 4108bis document as WG item.
>=20
>   Dec 2017 - Adopt "Architecture" document as WG item.
>=20
>   Dec 2017 - Adopt "Manifest Format" specification as WG item.
>=20
>   Jan 2018 - Adopt "Architecture" to the IESG for publication as an
>   Informational RFC.
>=20
>   Mar 2018 - Calendar item: Release initial version of the manifest creat=
ion
>   tools as open source.
>=20
>   Apr 2018 - Calendar item: Release first version of manifest test tools =
as
>   open source.
>=20
>   Jun 2018 - Calendar item: Release first IoT OS implementation of firmwa=
re
>   update mechanisms as open source.
>=20
>   Nov 2018 - Submit RFC 4108bis document to the IESG for publication as a
>   Proposed Standard.
>=20
>   Nov 2018 - Submit "Manifest Format" to the IESG for publication as a
>   Proposed Standard.
>=20
>=20
> _______________________________________________
> Suit mailing list
> Suit@ietf.org
> https://na01.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fwww.ie=
t
> f.org%2Fmailman%2Flistinfo%2Fsuit&data=3D02%7C01%7Cdavid.waltermire%40
> nist.gov%7Cd192afbbaa384fa3a58d08d522d86ca6%7C2ab5d82fd8fa4797a93
> e054655c61dec%7C1%7C0%7C636453235286858513&sdata=3DQztGtSdbI9GjF
> Ui%2BtcbEirxM026iG%2BT0Yztmex4Ghbo%3D&reserved=3D0


From nobody Fri Nov  3 10:48:31 2017
Return-Path: <cabo@tzi.org>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 29FA613FF0E; Fri,  3 Nov 2017 10:48:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level: 
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RC-bbXjOl3Jv; Fri,  3 Nov 2017 10:48:27 -0700 (PDT)
Received: from mailhost.informatik.uni-bremen.de (mailhost.informatik.uni-bremen.de [IPv6:2001:638:708:30c9::12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DC8CF13FF0D; Fri,  3 Nov 2017 10:48:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at informatik.uni-bremen.de
Received: from submithost.informatik.uni-bremen.de (submithost.informatik.uni-bremen.de [134.102.201.11]) by mailhost.informatik.uni-bremen.de (8.14.5/8.14.5) with ESMTP id vA3HmMBu007813; Fri, 3 Nov 2017 18:48:22 +0100 (CET)
Received: from pptp-218-2.informatik.uni-bremen.de (pptp-218-2.informatik.uni-bremen.de [134.102.218.241]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by submithost.informatik.uni-bremen.de (Postfix) with ESMTPSA id 3yT8ZG0V1mzDXbQ; Fri,  3 Nov 2017 18:48:22 +0100 (CET)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <150972672329.16422.18367622832369820976.idtracker@ietfa.amsl.com>
Date: Fri, 3 Nov 2017 18:48:21 +0100
Cc: suit@ietf.org
X-Mao-Original-Outgoing-Id: 531424100.884258-5359bc26237c4c6f17a9b4c2e3de21ac
Content-Transfer-Encoding: quoted-printable
Message-Id: <3FFD3EC9-EB6C-4102-83C3-EB0A6CC248E9@tzi.org>
References: <150972672329.16422.18367622832369820976.idtracker@ietfa.amsl.com>
To: The IESG <iesg-secretary@ietf.org>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/P_sLNm93AnCGIInXXaPo9oDNaJE>
Subject: Re: [Suit] WG Review: Software Updates for Internet of Things (suit)
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Nov 2017 17:48:29 -0000

I=E2=80=99m slightly confused by this charter proposal.
The recent mailing list discussion went into a different direction.
Is this the current proposed text?

Gr=C3=BC=C3=9Fe, Carsten


> On Nov 3, 2017, at 17:32, The IESG <iesg-secretary@ietf.org> wrote:
>=20
> The Software Updates for Internet of Things (suit) WG in the Security =
Area of
> the IETF is undergoing rechartering. The IESG has not made any =
determination
> yet. The following draft charter was submitted, and is provided for
> informational purposes only. Please send your comments to the IESG =
mailing
> list (iesg@ietf.org) by 2017-11-13.
>=20
> Software Updates for Internet of Things (suit)
> =
-----------------------------------------------------------------------
> Current status: BOF WG
>=20
> Chairs:
>  Dave Thaler <dthaler@microsoft.com>
>  David Waltermire <david.waltermire@nist.gov>
>  Russ Housley <housley@vigilsec.com>
>=20
> Assigned Area Director:
>  Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>
>=20
> Security Area Directors:
>  Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>
>  Eric Rescorla <ekr@rtfm.com>
>=20
> Mailing list:
>  Address: suit@ietf.org
>  To subscribe: https://www.ietf.org/mailman/listinfo/suit
>  Archive: https://mailarchive.ietf.org/arch/search/?email_list=3Dsuit
>=20
> Group page: https://datatracker.ietf.org/group/suit/
>=20
> Charter: https://datatracker.ietf.org/doc/charter-ietf-suit/
>=20
> Vulnerabilities in Internet of Things (IoT) devices have raised the
> need for a secure firmware update mechanism that is also suitable for
> constrained devices.  Security experts, researchers, and regulators
> recommend that all IoT devices be equipped with such a mechanism.  =
While
> there are many proprietary firmware update mechanisms in use today, =
there
> is a lack of a modern interoperable approach of securely updating the
> software in IoT devices.
>=20
> A firmware update solution consists of several components, including:
>  *  A mechanism to transport firmware images to IoT devices.
>  *  A manifest that provides meta-data about the firmware image
>     (such as a firmware package identifier, the hardware the package
>     needs to run, and dependencies on other firmware packages), as
>     well as cryptographic information for protecting the firmware
>     image in an end-to-end fashion.
>  *  The firmware image itself.
>=20
> RFC 4108 provides a manifest format that uses the Cryptographic =
Message
> Syntax (CMS) to protect firmware packages.
>=20
> More than ten years have passed since the publication of RFC 4108, and
> greater experience with IoT deployments has led to additional
> functionality, requiring the work done with RFC 4108 to be revisited.
> This group will focus on defining a firmware update solution for Class
> 1 devices, as defined in RFC 7228, that is -- IoT devices with ~10 KiB
> RAM and ~100 KiB flash.  The solution may apply to more capable =
devices
> as well.  This group will not define any transport mechanisms.
>=20
> In June of 2016 the Internet Architecture Board organized a workshop =
on
> 'Internet of Things (IoT) Software Update (IOTSU)', which took place =
at
> Trinity College in Dublin, Ireland.  The main goal of the workshop was
> to foster a discussion on requirements, challenges, and solutions for
> bringing software and firmware updates to IoT devices. This workshop
> also made clear that there are challenges with misaligned incentives
> and complex value chains.  It is nevertheless seen as important to
> create standard building blocks that help interested parties implement
> and deploy a solid firmware update mechanism.
>=20
> In particular this group aims to publish three documents, namely:
>  *  An IoT firmware update architecture that includes a description of
>     the involved entities, security threats, and assumptions.
>  *  One or more manifest format specifications.
>=20
> The initial focus of this group will be development of a manifest =
approach
> based on CMS and the ASN.1 encoding. This work will result in a =
revision of
> RFC 4108 that reflects the current best practices. Use of the ASN.1 =
encoding
> is desirable due to existing ASN.1 support in crypto libraries used =
within
> current IoT operating systems. The group may later adopt alternate =
manifest
> formats using other serialization approaches (e.g., CBOR). This group =
does
> not aim to create a standard for a generic software update mechanism =
for use
> by rich operating systems, like Linux, but instead this group will =
focus on
> software development practices in the embedded industry.  "Software =
update
> solutions that target updating software other than the firmware binary =
(e.g.
> updating scripts) are also out of scope.
>=20
> This group will aim to maintain a close relationship with silicon =
vendors
> and OEMs that develop IoT operating systems.
>=20
> Milestones:
>=20
>  Dec 2017 - Adopt RFC 4108bis document as WG item.
>=20
>  Dec 2017 - Adopt "Architecture" document as WG item.
>=20
>  Dec 2017 - Adopt "Manifest Format" specification as WG item.
>=20
>  Jan 2018 - Adopt "Architecture" to the IESG for publication as an
>  Informational RFC.
>=20
>  Mar 2018 - Calendar item: Release initial version of the manifest =
creation
>  tools as open source.
>=20
>  Apr 2018 - Calendar item: Release first version of manifest test =
tools as
>  open source.
>=20
>  Jun 2018 - Calendar item: Release first IoT OS implementation of =
firmware
>  update mechanisms as open source.
>=20
>  Nov 2018 - Submit RFC 4108bis document to the IESG for publication as =
a
>  Proposed Standard.
>=20
>  Nov 2018 - Submit "Manifest Format" to the IESG for publication as a
>  Proposed Standard.
>=20
>=20
> _______________________________________________
> Suit mailing list
> Suit@ietf.org
> https://www.ietf.org/mailman/listinfo/suit
>=20


From nobody Fri Nov  3 10:50:17 2017
Return-Path: <cabo@tzi.org>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 133BC13FF0D; Fri,  3 Nov 2017 10:50:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level: 
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TMMOkEDfoHrt; Fri,  3 Nov 2017 10:49:56 -0700 (PDT)
Received: from mailhost.informatik.uni-bremen.de (mailhost.informatik.uni-bremen.de [IPv6:2001:638:708:30c9::12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B598213FEFD; Fri,  3 Nov 2017 10:49:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at informatik.uni-bremen.de
Received: from submithost.informatik.uni-bremen.de (submithost.informatik.uni-bremen.de [134.102.201.11]) by mailhost.informatik.uni-bremen.de (8.14.5/8.14.5) with ESMTP id vA3HnqTr008762; Fri, 3 Nov 2017 18:49:52 +0100 (CET)
Received: from pptp-218-2.informatik.uni-bremen.de (pptp-218-2.informatik.uni-bremen.de [134.102.218.241]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by submithost.informatik.uni-bremen.de (Postfix) with ESMTPSA id 3yT8bz5X4qzDXbS; Fri,  3 Nov 2017 18:49:51 +0100 (CET)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <150972672329.16422.18367622832369820976.idtracker@ietfa.amsl.com>
Date: Fri, 3 Nov 2017 18:49:50 +0100
Cc: suit@ietf.org
X-Mao-Original-Outgoing-Id: 531424190.537806-0c37800fd692cf858956f7c7b48d0b8c
Content-Transfer-Encoding: quoted-printable
Message-Id: <3DBC689C-8369-47DB-9B81-ACA8C28B5926@tzi.org>
References: <150972672329.16422.18367622832369820976.idtracker@ietfa.amsl.com>
To: The IESG <iesg@ietf.org>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/bqBFCxnyCXJ987FyACPh_fp7E-4>
Subject: Re: [Suit] WG Review: Software Updates for Internet of Things (suit)
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Nov 2017 17:50:09 -0000

I=E2=80=99m slightly confused by this charter proposal.
The recent mailing list discussion went into a different direction.
Is this the current proposed text?

Gr=C3=BC=C3=9Fe, Carsten


> On Nov 3, 2017, at 17:32, The IESG <iesg-secretary@ietf.org> wrote:
>=20
> The Software Updates for Internet of Things (suit) WG in the Security =
Area of
> the IETF is undergoing rechartering. The IESG has not made any =
determination
> yet. The following draft charter was submitted, and is provided for
> informational purposes only. Please send your comments to the IESG =
mailing
> list (iesg@ietf.org) by 2017-11-13.
>=20
> Software Updates for Internet of Things (suit)
> =
-----------------------------------------------------------------------
> Current status: BOF WG
>=20
> Chairs:
> Dave Thaler <dthaler@microsoft.com>
> David Waltermire <david.waltermire@nist.gov>
> Russ Housley <housley@vigilsec.com>
>=20
> Assigned Area Director:
> Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>
>=20
> Security Area Directors:
> Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>
> Eric Rescorla <ekr@rtfm.com>
>=20
> Mailing list:
> Address: suit@ietf.org
> To subscribe: https://www.ietf.org/mailman/listinfo/suit
> Archive: https://mailarchive.ietf.org/arch/search/?email_list=3Dsuit
>=20
> Group page: https://datatracker.ietf.org/group/suit/
>=20
> Charter: https://datatracker.ietf.org/doc/charter-ietf-suit/
>=20
> Vulnerabilities in Internet of Things (IoT) devices have raised the
> need for a secure firmware update mechanism that is also suitable for
> constrained devices.  Security experts, researchers, and regulators
> recommend that all IoT devices be equipped with such a mechanism.  =
While
> there are many proprietary firmware update mechanisms in use today, =
there
> is a lack of a modern interoperable approach of securely updating the
> software in IoT devices.
>=20
> A firmware update solution consists of several components, including:
> *  A mechanism to transport firmware images to IoT devices.
> *  A manifest that provides meta-data about the firmware image
>    (such as a firmware package identifier, the hardware the package
>    needs to run, and dependencies on other firmware packages), as
>    well as cryptographic information for protecting the firmware
>    image in an end-to-end fashion.
> *  The firmware image itself.
>=20
> RFC 4108 provides a manifest format that uses the Cryptographic =
Message
> Syntax (CMS) to protect firmware packages.
>=20
> More than ten years have passed since the publication of RFC 4108, and
> greater experience with IoT deployments has led to additional
> functionality, requiring the work done with RFC 4108 to be revisited.
> This group will focus on defining a firmware update solution for Class
> 1 devices, as defined in RFC 7228, that is -- IoT devices with ~10 KiB
> RAM and ~100 KiB flash.  The solution may apply to more capable =
devices
> as well.  This group will not define any transport mechanisms.
>=20
> In June of 2016 the Internet Architecture Board organized a workshop =
on
> 'Internet of Things (IoT) Software Update (IOTSU)', which took place =
at
> Trinity College in Dublin, Ireland.  The main goal of the workshop was
> to foster a discussion on requirements, challenges, and solutions for
> bringing software and firmware updates to IoT devices. This workshop
> also made clear that there are challenges with misaligned incentives
> and complex value chains.  It is nevertheless seen as important to
> create standard building blocks that help interested parties implement
> and deploy a solid firmware update mechanism.
>=20
> In particular this group aims to publish three documents, namely:
> *  An IoT firmware update architecture that includes a description of
>    the involved entities, security threats, and assumptions.
> *  One or more manifest format specifications.
>=20
> The initial focus of this group will be development of a manifest =
approach
> based on CMS and the ASN.1 encoding. This work will result in a =
revision of
> RFC 4108 that reflects the current best practices. Use of the ASN.1 =
encoding
> is desirable due to existing ASN.1 support in crypto libraries used =
within
> current IoT operating systems. The group may later adopt alternate =
manifest
> formats using other serialization approaches (e.g., CBOR). This group =
does
> not aim to create a standard for a generic software update mechanism =
for use
> by rich operating systems, like Linux, but instead this group will =
focus on
> software development practices in the embedded industry.  "Software =
update
> solutions that target updating software other than the firmware binary =
(e.g.
> updating scripts) are also out of scope.
>=20
> This group will aim to maintain a close relationship with silicon =
vendors
> and OEMs that develop IoT operating systems.
>=20
> Milestones:
>=20
> Dec 2017 - Adopt RFC 4108bis document as WG item.
>=20
> Dec 2017 - Adopt "Architecture" document as WG item.
>=20
> Dec 2017 - Adopt "Manifest Format" specification as WG item.
>=20
> Jan 2018 - Adopt "Architecture" to the IESG for publication as an
> Informational RFC.
>=20
> Mar 2018 - Calendar item: Release initial version of the manifest =
creation
> tools as open source.
>=20
> Apr 2018 - Calendar item: Release first version of manifest test tools =
as
> open source.
>=20
> Jun 2018 - Calendar item: Release first IoT OS implementation of =
firmware
> update mechanisms as open source.
>=20
> Nov 2018 - Submit RFC 4108bis document to the IESG for publication as =
a
> Proposed Standard.
>=20
> Nov 2018 - Submit "Manifest Format" to the IESG for publication as a
> Proposed Standard.
>=20
>=20
> _______________________________________________
> Suit mailing list
> Suit@ietf.org
> https://www.ietf.org/mailman/listinfo/suit
>=20

_______________________________________________
Suit mailing list
Suit@ietf.org
https://www.ietf.org/mailman/listinfo/suit



From nobody Fri Nov  3 11:04:13 2017
Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2534F13FF1D; Fri,  3 Nov 2017 11:04:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a0XKuWOdbyCA; Fri,  3 Nov 2017 11:04:05 -0700 (PDT)
Received: from mail.proper.com (Opus1.Proper.COM [207.182.41.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D987513FF0F; Fri,  3 Nov 2017 11:04:05 -0700 (PDT)
Received: from [169.254.25.119] (50-1-51-141.dsl.dynamic.fusionbroadband.com [50.1.51.141]) (authenticated bits=0) by mail.proper.com (8.15.2/8.14.9) with ESMTPSA id vA3I2evk075757 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 3 Nov 2017 11:02:41 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
X-Authentication-Warning: mail.proper.com: Host 50-1-51-141.dsl.dynamic.fusionbroadband.com [50.1.51.141] claimed to be [169.254.25.119]
From: "Paul Hoffman" <paul.hoffman@vpnc.org>
To: "The IESG" <iesg@ietf.org>
Cc: suit@ietf.org
Date: Fri, 03 Nov 2017 11:04:03 -0700
Message-ID: <E78F3C89-6D82-4338-8485-4CB945C4B406@vpnc.org>
In-Reply-To: <3DBC689C-8369-47DB-9B81-ACA8C28B5926@tzi.org>
References: <150972672329.16422.18367622832369820976.idtracker@ietfa.amsl.com> <3DBC689C-8369-47DB-9B81-ACA8C28B5926@tzi.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Mailer: MailMate (1.9.7r5425)
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/dEK7Kci_AQV8_N_lqLbCKbdPkro>
Subject: Re: [Suit] WG Review: Software Updates for Internet of Things (suit)
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Nov 2017 18:04:07 -0000

On 3 Nov 2017, at 10:49, Carsten Bormann wrote:

>> The initial focus of this group will be development of a manifest 
>> approach
>> based on CMS and the ASN.1 encoding. This work will result in a 
>> revision of
>> RFC 4108 that reflects the current best practices.

> I’m slightly confused by this charter proposal.
> The recent mailing list discussion went into a different direction.
> Is this the current proposed text?

I agree with Carsten: that's not what the recent list traffic was aiming 
for. The draft charter from a month ago didn't force the WG into ASN.1, 
and I don't see any list traffic asking for that.

Also: is RFC 4108 really a "current best practice"? There seems to be 
nearly no implementations of that in the IoT space, or at least none 
that have spoken up about it.

>> Use of the ASN.1 encoding
>> is desirable due to existing ASN.1 support in crypto libraries used 
>> within
>> current IoT operating systems.

The same could be said for CBOR/COSE. It is probably inaccurate to cite 
"ASN.1 support" given that different parts of a system might each 
implement its own ASN.1 stack.

>> The group may later adopt alternate manifest
>> formats using other serialization approaches (e.g., CBOR).

Why not let the WG decide which it wants?

--Paul Hoffman


From nobody Fri Nov  3 11:44:10 2017
Return-Path: <david.waltermire@nist.gov>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E71D13FF42; Fri,  3 Nov 2017 11:44:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level: 
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2dB8Ecau0ZfD; Fri,  3 Nov 2017 11:43:59 -0700 (PDT)
Received: from gcc01-CY1-obe.outbound.protection.outlook.com (mail-cy1gcc01on0103.outbound.protection.outlook.com [23.103.200.103]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5F7A113FF43; Fri,  3 Nov 2017 11:43:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=4gM7WgxIWb2FtaZTudPr552I5MxGeTKEwdK2EGal5i4=; b=HJ39K8AisRz+QAvpPmBul6ErM/yQIQs/r4nZ4measZuDsyiLY9HIYB6Iw5yH7c+/OyoligtKg+m6ep+7uHvi5SEeknAkRfJOvRHy0pxXQKB7eUKbkAxRxoc609oW1coqi8kTZCTo9ISAyiBdb7oSEtP2JS/NeVCOwrycB1m0doM=
Received: from CY4PR09MB1495.namprd09.prod.outlook.com (10.173.191.141) by CY4PR09MB1494.namprd09.prod.outlook.com (10.173.191.140) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.197.13; Fri, 3 Nov 2017 18:43:58 +0000
Received: from CY4PR09MB1495.namprd09.prod.outlook.com ([10.173.191.141]) by CY4PR09MB1495.namprd09.prod.outlook.com ([10.173.191.141]) with mapi id 15.20.0197.013; Fri, 3 Nov 2017 18:43:58 +0000
From: "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>
To: Paul Hoffman <paul.hoffman@vpnc.org>, The IESG <iesg@ietf.org>
CC: "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] WG Review: Software Updates for Internet of Things (suit)
Thread-Index: AQHTVMFRwLvJJm6/L02nsHYjmbMeoKMC7scAgAAD+YCAAAeHgA==
Date: Fri, 3 Nov 2017 18:43:57 +0000
Message-ID: <CY4PR09MB1495F5E545222C79A6090357F05D0@CY4PR09MB1495.namprd09.prod.outlook.com>
References: <150972672329.16422.18367622832369820976.idtracker@ietfa.amsl.com> <3DBC689C-8369-47DB-9B81-ACA8C28B5926@tzi.org> <E78F3C89-6D82-4338-8485-4CB945C4B406@vpnc.org>
In-Reply-To: <E78F3C89-6D82-4338-8485-4CB945C4B406@vpnc.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: spf=none (sender IP is ) smtp.mailfrom=david.waltermire@nist.gov; 
x-originating-ip: [129.6.224.58]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; CY4PR09MB1494; 6:SCT+d1KWMNC/BG5di6Rkt9B9yATbJkfyW/AnfEPzeBFraWl2yhj1Hp40QxSxyVGVJFgYZDJ6IC3IekrUw42Ace0wZofwlGQsLuWsH5Y4+zn5HfxBIf7ZxazOF3/BiGd/k/iINkMheinfoUcVMeyVuNFHDPK+VhEkIuOxJQgS2eQTAtX80Z3Idmyi7IuRUhmf3xLO04aJXWkzf3RH0AWc5pA/T94v0pfX7vVv/xRJkZfKlDpELm+cmL/L4ZSseIGbdc75V8PHv4xNVRPffBAlsfu7kb7EYp9IL92/OwuZ9biqxS1wGjsj56C/Nb5GrinAfEjW1eA16uqKvEKQf8ue/0FZAz1NmYnPVVlMi5KiUH8=; 5:a1P43y5/XoxlIcKRFekDO8V0h/bxY3DPWy9kkWn1zrENNJPrbE/TSMde24QmlUQS4qhwF1wZ0efWXM0zPGXDBeERySd2Q5lf6FcackibcNKRpJGF0nv9P9lMEh1DOpK/p1ZZbisIWvMQrSsx2jagXYDCQhzjHI4nWcj6Las4wMg=; 24:aaJlAiXUIZGODcLEgTuxMxYgmuuRF2t3XcvCO3leBDJhuoYDyZW8EBpX6WmcjKPH1BcWeNyl0u9D1iUCimFVKv0zmUuqtSIMhSrR3ETt7Ak=; 7:H8BAVOTNihI82yLZ6eBG6/sbm8yh0k8OqiP9ERNMd91V+l2yeaWQgzFA3lRcFKc9z0Ak7r8AkE3ATXog2jklHQOs0Pql3H1HuAFY+q+I2MWl7smcn5yHl0CX+WGu96ZRneYmKh/daBym79GmM2nSzhagoXm0Z9ypjg1QDFyeM1rW1A0dBZr3O/aNMLx0RHKka7t3xXGsKTrYAjvMGuJ4onGDCzVR+mic1fe/OCUJVvRyF8GgnlzKIOWt22tV36SD
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 9989f958-a50f-4c6f-074d-08d522ead7d4
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603199); SRVR:CY4PR09MB1494; 
x-ms-traffictypediagnostic: CY4PR09MB1494:
x-exchange-antispam-report-test: UriScan:(100405760836317);
x-microsoft-antispam-prvs: <CY4PR09MB14943E7C9584CBCCB6DE71CCF05D0@CY4PR09MB1494.namprd09.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(10201501046)(100000703101)(100105400095)(3231021)(3002001)(93006095)(93001095)(6055026)(6041248)(20161123555025)(20161123564025)(20161123562025)(20161123558100)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:CY4PR09MB1494; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:CY4PR09MB1494; 
x-forefront-prvs: 0480A51D4A
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(376002)(346002)(39860400002)(199003)(189002)(74316002)(9686003)(102836003)(55016002)(53936002)(3846002)(6116002)(7696004)(106356001)(2950100002)(2906002)(86362001)(6506006)(105586002)(14454004)(5660300001)(77096006)(2900100001)(6436002)(15650500001)(229853002)(561944003)(316002)(50986999)(101416001)(3660700001)(8936002)(305945005)(8676002)(33656002)(189998001)(81166006)(99286004)(76176999)(81156014)(54356999)(110136005)(3280700002)(97736004)(478600001)(7736002)(68736007)(6246003)(4326008)(25786009)(66066001); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR09MB1494; H:CY4PR09MB1495.namprd09.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords;  A:1; MX:1; LANG:en; 
received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-Network-Message-Id: 9989f958-a50f-4c6f-074d-08d522ead7d4
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Nov 2017 18:43:58.0700 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR09MB1494
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/RpktC0hYlYl1-nh2S1e5CuNzll4>
Subject: Re: [Suit] WG Review: Software Updates for Internet of Things (suit)
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Nov 2017 18:44:02 -0000

UGF1bCBhbmQgQ2Fyc3RlbiwNCg0KTXkgY29tbWVudHMgYXJlIGlubGluZSBiZWxvdy4NCg0KPiA+
PiBUaGUgaW5pdGlhbCBmb2N1cyBvZiB0aGlzIGdyb3VwIHdpbGwgYmUgZGV2ZWxvcG1lbnQgb2Yg
YSBtYW5pZmVzdA0KPiA+PiBhcHByb2FjaCBiYXNlZCBvbiBDTVMgYW5kIHRoZSBBU04uMSBlbmNv
ZGluZy4gVGhpcyB3b3JrIHdpbGwgcmVzdWx0DQo+ID4+IGluIGEgcmV2aXNpb24gb2YgUkZDIDQx
MDggdGhhdCByZWZsZWN0cyB0aGUgY3VycmVudCBiZXN0IHByYWN0aWNlcy4NCj4gDQo+ID4gSeKA
mW0gc2xpZ2h0bHkgY29uZnVzZWQgYnkgdGhpcyBjaGFydGVyIHByb3Bvc2FsLg0KPiA+IFRoZSBy
ZWNlbnQgbWFpbGluZyBsaXN0IGRpc2N1c3Npb24gd2VudCBpbnRvIGEgZGlmZmVyZW50IGRpcmVj
dGlvbi4NCj4gPiBJcyB0aGlzIHRoZSBjdXJyZW50IHByb3Bvc2VkIHRleHQ/DQo+IA0KPiBJIGFn
cmVlIHdpdGggQ2Fyc3RlbjogdGhhdCdzIG5vdCB3aGF0IHRoZSByZWNlbnQgbGlzdCB0cmFmZmlj
IHdhcyBhaW1pbmcgZm9yLiBUaGUNCj4gZHJhZnQgY2hhcnRlciBmcm9tIGEgbW9udGggYWdvIGRp
ZG4ndCBmb3JjZSB0aGUgV0cgaW50byBBU04uMSwgYW5kIEkgZG9uJ3Qgc2VlDQo+IGFueSBsaXN0
IHRyYWZmaWMgYXNraW5nIGZvciB0aGF0Lg0KDQpUaGUgZ3VpZGFuY2Ugd2UgcmVjZWl2ZWQgZnJv
bSB0aGUgSUVTRyBpcyB0aGF0IHRoZXkgd2FudCB0aGUgcXVlc3Rpb24gYXJvdW5kIG9uZSBvciBt
b3JlIGZvcm1hdHMgcmVzb2x2ZWQgZHVyaW5nIHRoZSBjaGFydGVyaW5nIHByb2Nlc3MuIFdlIGhh
dmUgaGFkIGEgbnVtYmVyIG9mIHZpZXdzIGV4cHJlc3NlZCBvbiB0aGUgbGlzdC4gV2UgbmVlZCB0
byBmb2N1cyBpbiBvbiB3aGF0IHRoZSBjb25zZW5zdXMgd2l0aGluIHRoZSBncm91cCBpcy4gV2Ug
bmVlZCB0byBpZGVudGlmeSB3aGF0IG91ciBpbml0aWFsIHdvcmsgaXRlbXMgd2lsbCBiZSByZWdh
cmRpbmcgZm9ybWF0KHMpLg0KDQpUbyB0aGF0IGVuZCwgdGhpcyB0ZXh0IGNhbiBiZSB1cGRhdGVk
LiBEbyB5b3UgaGF2ZSBhbHRlcm5hdGUgdGV4dCB0byBwcm9wb3NlPw0KDQo+IEFsc286IGlzIFJG
QyA0MTA4IHJlYWxseSBhICJjdXJyZW50IGJlc3QgcHJhY3RpY2UiPyBUaGVyZSBzZWVtcyB0byBi
ZSBuZWFybHkgbm8NCj4gaW1wbGVtZW50YXRpb25zIG9mIHRoYXQgaW4gdGhlIElvVCBzcGFjZSwg
b3IgYXQgbGVhc3Qgbm9uZSB0aGF0IGhhdmUgc3Bva2VuIHVwDQo+IGFib3V0IGl0Lg0KPiANCj4g
Pj4gVXNlIG9mIHRoZSBBU04uMSBlbmNvZGluZw0KPiA+PiBpcyBkZXNpcmFibGUgZHVlIHRvIGV4
aXN0aW5nIEFTTi4xIHN1cHBvcnQgaW4gY3J5cHRvIGxpYnJhcmllcyB1c2VkDQo+ID4+IHdpdGhp
biBjdXJyZW50IElvVCBvcGVyYXRpbmcgc3lzdGVtcy4NCj4gDQo+IFRoZSBzYW1lIGNvdWxkIGJl
IHNhaWQgZm9yIENCT1IvQ09TRS4gSXQgaXMgcHJvYmFibHkgaW5hY2N1cmF0ZSB0byBjaXRlDQo+
ICJBU04uMSBzdXBwb3J0IiBnaXZlbiB0aGF0IGRpZmZlcmVudCBwYXJ0cyBvZiBhIHN5c3RlbSBt
aWdodCBlYWNoIGltcGxlbWVudCBpdHMNCj4gb3duIEFTTi4xIHN0YWNrLg0KDQpIb3cgd291bGQg
eW91IGNoYW5nZSB0aGlzIHRleHQgdG8gaW1wcm92ZSBpdD8NCg0KPiA+PiBUaGUgZ3JvdXAgbWF5
IGxhdGVyIGFkb3B0IGFsdGVybmF0ZSBtYW5pZmVzdCBmb3JtYXRzIHVzaW5nIG90aGVyDQo+ID4+
IHNlcmlhbGl6YXRpb24gYXBwcm9hY2hlcyAoZS5nLiwgQ0JPUikuDQo+IA0KPiBXaHkgbm90IGxl
dCB0aGUgV0cgZGVjaWRlIHdoaWNoIGl0IHdhbnRzPw0KDQpUaGlzIHN0YXRlbWVudCBpcyBpbnRl
bmRlZCB0byBkbyB0aGF0LiBXZSBuZWVkIHRvIGZpZ3VyZSBvdXQgd2hhdCB3ZSBhcmUgd29ya2lu
ZyBvbiBpbml0aWFsbHkgYW5kIHJlZmxlY3QgdGhhdCBpbiB0aGUgY2hhcnRlciBhbmQgbWlsZXN0
b25lcy4gQXJlIHlvdSBzdWdnZXN0aW5nIHRoYXQgdGhlIHRleHQgc2hvdWxkIGJlIG1hZGUgbW9y
ZSBjbGVhcj8gSWYgc28sIHRoZW4gaG93Pw0KDQo+IA0KPiAtLVBhdWwgSG9mZm1hbg0KDQpUaGFu
a3MsDQpEYXZlDQo=


From nobody Fri Nov  3 11:51:24 2017
Return-Path: <dthaler@microsoft.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3EDEB13FF3B for <suit@ietfa.amsl.com>; Fri,  3 Nov 2017 11:51:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.02
X-Spam-Level: 
X-Spam-Status: No, score=-2.02 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1osC4qdhR8y2 for <suit@ietfa.amsl.com>; Fri,  3 Nov 2017 11:51:20 -0700 (PDT)
Received: from NAM01-SN1-obe.outbound.protection.outlook.com (mail-sn1nam01on0111.outbound.protection.outlook.com [104.47.32.111]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3E2F113FF44 for <suit@ietf.org>; Fri,  3 Nov 2017 11:51:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=dIQa2hWHngSN/ls6ccxRdCKtHTl/YplCedLTXGi4DK0=; b=hNY9iPXEEIF7CXsJ8NxPex86tnYmm4kIQzQzb4a70f1kTcTCwd2OH27PnBMG+wG9LL1g9m9YTF8A/9Qdq8fQyMCw8FFOSCFqnaM8zEsLqJLO+cIN+J7wsbhsOrnbJFDmbSab1vvAxaLon4/Ec1T8/ceZ/rBOO1FGObNDdniErqM=
Received: from CY4PR21MB0856.namprd21.prod.outlook.com (10.173.192.145) by CY4PR21MB0693.namprd21.prod.outlook.com (10.175.121.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.20.218.2; Fri, 3 Nov 2017 18:51:02 +0000
Received: from CY4PR21MB0856.namprd21.prod.outlook.com ([10.173.192.145]) by CY4PR21MB0856.namprd21.prod.outlook.com ([10.173.192.145]) with mapi id 15.20.0218.004; Fri, 3 Nov 2017 18:51:01 +0000
From: Dave Thaler <dthaler@microsoft.com>
To: "suit@ietf.org" <suit@ietf.org>
CC: "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>
Thread-Topic: Notetaker and jabber scribe
Thread-Index: AdNU1IR0DzyGN83xRFaulYtahQWBBg==
Date: Fri, 3 Nov 2017 18:51:01 +0000
Message-ID: <CY4PR21MB0856B450302BE103100D2989A35D0@CY4PR21MB0856.namprd21.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [2001:4898:80e8:9::51b]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; CY4PR21MB0693; 6:UrZ82Ng9IdgDg8GN3xZEFofao/FnQoXoHllbOkfwVBhfsF7f0Vht3npkq+vvC049vU/EtKLCfHTgmgrDvF89QALYogupKjPPJ2GNV75C4GyMSFcBPWFCn/XUAdi1NdcPVYCzMv89U5Ng5jhUP6Y4IKxQW50TVuMn0ekiYhqPi0KHbty5LQe4rfJnbkzCQryLLgNawmW8wgtSZAtFeNv+Cs3PyqxPmapmU5vUapP4FDb2mYaxIJE4+/Sa1nB341yrTwhsp16uCo76uZ79uupFzIvOF3a5foavKwG8Lnrt0YxKvU4tnX3q+cn5w1EkNuVtANNR7nTGST/TRxzLylo8mWElIGdHLQY/LRsc/h9C0CY=; 5:vFs470DcP71TR9FPvx8DOdHmjTVtoqFEq1rlp5pov0W1x4cLxz5VTJHV9ELXN0STTK4t7+Jh8U5xRtc6aNzjEw1PrLhzvTdphJy26dBOanJj/+jeFFsjacgK6pFiX0KszLtWFQjgju8Nststi17ttqgX9+0G1pvrs6u73ze/HNY=; 24:3+EmZScd51WNdhI/Rx/T2hFu4zzseiggHoV8TiUFwCZ754HreKl/i0F38DtMZzK06gBNBOULgELbN4FgYWSl2hLrbQ3wwjZi+arYZSkOoCQ=; 7:czUgWe35KUq/QHLoBS/E/XsoEviVMkoLK3afDkiX0HA8cG9QeYkHTryas6Yob5aIu/xAyR9SoFuWlq43dlxVB7ZyCdKG9XhpVabHQ1chCf1Y8xDbAFQftIVSBrYLI7zuDIRO05OVzSczNNVlZbb+glF5+w+O15RaCqYGdmEtyCF3zMThURpNIvdHaXAveo+7L6cKDAwPwqo2GmN3rfYT8NEzYwxpUmTQr/9dVbVZaMemZ52J+d0Yr0rSGQvpmf1k
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 97c2816a-45fd-4849-1313-08d522ebd470
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(2017052603240); SRVR:CY4PR21MB0693; 
x-ms-traffictypediagnostic: CY4PR21MB0693:
x-exchange-antispam-report-test: UriScan:(21748063052155);
x-microsoft-antispam-prvs: <CY4PR21MB06936D89EA346E39BCCB61AFA35D0@CY4PR21MB0693.namprd21.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(61425038)(6040450)(2401047)(5005006)(8121501046)(3231021)(10201501046)(93006095)(93001095)(100000703101)(100105400095)(3002001)(6055026)(61426038)(61427038)(6041248)(20161123558100)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(20161123562025)(20161123555025)(20161123564025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:CY4PR21MB0693; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:CY4PR21MB0693; 
x-forefront-prvs: 0480A51D4A
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(979002)(6009001)(376002)(346002)(39860400002)(47760400005)(189002)(199003)(25786009)(50986999)(105586002)(54356999)(2351001)(9686003)(478600001)(106356001)(10290500003)(97736004)(101416001)(53936002)(33656002)(3280700002)(2906002)(7696004)(4326008)(22452003)(2501003)(316002)(54896002)(6306002)(5660300001)(6916009)(3660700001)(14454004)(77096006)(8676002)(6436002)(68736007)(86362001)(5640700003)(8990500004)(10090500001)(189998001)(86612001)(2900100001)(790700001)(3480700004)(8936002)(5630700001)(55016002)(74316002)(6116002)(558084003)(7736002)(102836003)(8656006)(6506006)(99286004)(81156014)(1730700003)(81166006)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR21MB0693; H:CY4PR21MB0856.namprd21.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords;  MX:1; A:1; LANG:en; 
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=dthaler@microsoft.com; 
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_CY4PR21MB0856B450302BE103100D2989A35D0CY4PR21MB0856namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 97c2816a-45fd-4849-1313-08d522ebd470
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Nov 2017 18:51:01.7848 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR21MB0693
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/EO_wegy_Esw4Gt0LD_MCehGMoxI>
Subject: [Suit] Notetaker and jabber scribe
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Nov 2017 18:51:22 -0000

--_000_CY4PR21MB0856B450302BE103100D2989A35D0CY4PR21MB0856namp_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

The SUIT BoF is now just over one week away.  Do we have any volunteers who=
 would be willing to be
either a note taker or a jabber scribe?

If so, please send email to the BoF chairs (Dave and Dave).

Dave Thaler


--_000_CY4PR21MB0856B450302BE103100D2989A35D0CY4PR21MB0856namp_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
<meta name=3D"Generator" content=3D"Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:#0563C1;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:#954F72;
	text-decoration:underline;}
span.EmailStyle17
	{mso-style-type:personal-compose;
	font-family:"Calibri",sans-serif;
	color:windowtext;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-family:"Calibri",sans-serif;}
@page WordSection1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
	{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3D"EN-US" link=3D"#0563C1" vlink=3D"#954F72">
<div class=3D"WordSection1">
<p class=3D"MsoNormal">The SUIT BoF is now just over one week away.&nbsp; D=
o we have any volunteers who would be willing to be<o:p></o:p></p>
<p class=3D"MsoNormal">either a note taker or a jabber scribe?<o:p></o:p></=
p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">If so, please send email to the BoF chairs (Dave and=
 Dave).<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Dave Thaler<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
</div>
</body>
</html>

--_000_CY4PR21MB0856B450302BE103100D2989A35D0CY4PR21MB0856namp_--


From nobody Fri Nov  3 22:17:16 2017
Return-Path: <rajesh@talasecure.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE32213FB41 for <suit@ietfa.amsl.com>; Fri,  3 Nov 2017 22:17:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level: 
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=talasecure-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vJUSHBInotfC for <suit@ietfa.amsl.com>; Fri,  3 Nov 2017 22:17:12 -0700 (PDT)
Received: from mail-io0-x233.google.com (mail-io0-x233.google.com [IPv6:2607:f8b0:4001:c06::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E6F0113FB45 for <suit@ietf.org>; Fri,  3 Nov 2017 22:17:11 -0700 (PDT)
Received: by mail-io0-x233.google.com with SMTP id m16so10567765iod.1 for <suit@ietf.org>; Fri, 03 Nov 2017 22:17:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=talasecure-com.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=pTLj8xn6rAc6HWwiXv3HgCiILn8e9AF5NFSO6+pwwOo=; b=Uo/kKCqZ4wFXliucsh6/IcQVZcqvkcUdifjuF7ZupgWomzVK3GNmV2EK3dPoW9WZw9 8tDxucL0jqZUSgrAo6O8z8tFOgw/vOL5I8deVkbMs7P8PWK86Qq9cJczael0Jjtjocc7 8sfMGrgva0nEfnv1LWy+jqgjXY2Q9F8e6CD8p/yUw89Yz9Vsu23zg6vsG1DGbz9diInT nSZrWA6q6v8TxDve6H/IyRpSKqPoTYY2bDe2x0AMOKswIJXn5nBs7nVwHacXjIUjvMXE qwI7SyvNmVxUg4za/v0GkGBHnhGRaeFrwvtpemOCuswlYl5dBuIirVJSvj1IdSPWVReH WxdA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=pTLj8xn6rAc6HWwiXv3HgCiILn8e9AF5NFSO6+pwwOo=; b=U85BeHIOyTmrsMOrwjZzRyRSYybHxix6fdSq02REtxPXtYTGS8R689WGggf7xZtLrA paywOdvsq6sT+65OBnwYMeMrctOXnYpRrMngP6GD4Dox05H8eqVeI8Cey0NXA28pEhNC RlckL3T37qQUT9YR8+fYbnjvpIcRW4a/KtjiPJtFoh2cwUd1HvaRIuTWCMvKWAK6/lXm hDmK9r0XW4kkC/sOnCqetNiB0aoGaYYuQNvceMFOrpIPcfHzcjlxieXDDl3m0s64s/nF m6RnmdfEAAeP/j1Sru/6nte0aof4SSZfauFP1B0/5CxfAWBVsn5sMupEjLgzO2LEYD7e EfsA==
X-Gm-Message-State: AMCzsaVNCrfvwNnwi5nWERnG6KkdRTRxysAhPhS3nnZNusx5cHtoyHtQ qBr3EOZv11xIogIdZnvAMZSR3MBLMpcF5Tzc3+NUuMBfRvk=
X-Google-Smtp-Source: ABhQp+QhewWjGuGofAZL5eYC0gzqAdxoWq+H66s8r3NBSi9qNpsA9y5iYQdqXvDQVbQdo6bjW7MO5r7/2Uef+E1Fm1s=
X-Received: by 10.107.37.143 with SMTP id l137mr11762137iol.104.1509772631031;  Fri, 03 Nov 2017 22:17:11 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.2.5.196 with HTTP; Fri, 3 Nov 2017 22:17:10 -0700 (PDT)
From: Rajesh Kanungo <rajesh@talasecure.com>
Date: Sat, 4 Nov 2017 10:47:10 +0530
Message-ID: <CALRhWcvFiVrC=wMGe7T6HDKg3PjF=4W+p=FJNOydH3EtT=6Ueg@mail.gmail.com>
To: suit@ietf.org
Content-Type: multipart/alternative; boundary="001a11402b185d5768055d2155b4"
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/c5pz4NqMe-YFEgCnY_Qz2SDOwUA>
Subject: Re: [Suit] WG Review: Software Updates for Internet of Things (suit)
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Nov 2017 05:17:15 -0000

--001a11402b185d5768055d2155b4
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

2 questions and a comment:

Question: Any idea about the timestamp start, granularity, end?

Question about signatures: would you consider a more structured signature
field? Something like:
https://github.com/multiformats/multihash

fn code  dig size hash digest
-------- -------- ------------------------------------
00010001 00000100 101101100 11111000 01011100 10110101
sha1     4 bytes  4 byte sha1 digest


Comment:

> Also: is RFC 4108 really a "current best practice"? There seems to be
nearly no implementations of that in the IoT space, or at least none that
have spoken up about it.

I don't know if it is a current best practice or not but I introduced CMS
as a method to update Itron's smart electricity meters over the air roughly
6 years ago. There are probably 20 million of them out there by now and
counting.

CMS allows one feature that I really liked:  co-signing.  This allows a
firmware update to be co-signed by an operator so that the devices would
accept only firmware approved by the operator (e.g. Utility) .  Many times,
the operator would test out a manufacturer signed firmware update in their
own setup, work with the manufacturer to fix any issues, then co-sign the
firmware before distribution.  The target device would only accept utility
signed firmware ...

CMS also allows customers to use standard OpenSSL tools to examine the
contents of the payload.

However:
There is no reason the proposed format can't be nested to provide the above
properties especially if the manufacturer's signed firmware release is not
re-encrypted.  Hence, even though I used CMS, I think it is overkill for
smaller limited devices.

Rajesh


---------- Forwarded message ----------
From: Paul Hoffman <paul.hoffman@vpnc.org>
To: The IESG <iesg@ietf.org>
Cc: suit@ietf.org
Bcc:
Date: Fri, 03 Nov 2017 11:04:03 -0700
Subject: Re: [Suit] WG Review: Software Updates for Internet of Things
(suit)
On 3 Nov 2017, at 10:49, Carsten Bormann wrote:

The initial focus of this group will be development of a manifest approach
>> based on CMS and the ASN.1 encoding. This work will result in a revision
>> of
>> RFC 4108 that reflects the current best practices.
>>
>
I=E2=80=99m slightly confused by this charter proposal.
> The recent mailing list discussion went into a different direction.
> Is this the current proposed text?
>

I agree with Carsten: that's not what the recent list traffic was aiming
for. The draft charter from a month ago didn't force the WG into ASN.1, and
I don't see any list traffic asking for that.

Also: is RFC 4108 really a "current best practice"? There seems to be
nearly no implementations of that in the IoT space, or at least none that
have spoken up about it.

Use of the ASN.1 encoding
>> is desirable due to existing ASN.1 support in crypto libraries used with=
in
>> current IoT operating systems.
>>
>
The same could be said for CBOR/COSE. It is probably inaccurate to cite
"ASN.1 support" given that different parts of a system might each implement
its own ASN.1 stack.

The group may later adopt alternate manifest
>> formats using other serialization approaches (e.g., CBOR).
>>
>
Why not let the WG decide which it wants?

--Paul Hoffman




---------- Forwarded message ----------
From: "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>
To: Paul Hoffman <paul.hoffman@vpnc.org>, The IESG <iesg@ietf.org>
Cc: "suit@ietf.org" <suit@ietf.org>
Bcc:
Date: Fri, 3 Nov 2017 18:43:57 +0000
Subject: Re: [Suit] WG Review: Software Updates for Internet of Things
(suit)
Paul and Carsten,

My comments are inline below.

> >> The initial focus of this group will be development of a manifest
> >> approach based on CMS and the ASN.1 encoding. This work will result
> >> in a revision of RFC 4108 that reflects the current best practices.
>
> > I=E2=80=99m slightly confused by this charter proposal.
> > The recent mailing list discussion went into a different direction.
> > Is this the current proposed text?
>
> I agree with Carsten: that's not what the recent list traffic was aiming
for. The
> draft charter from a month ago didn't force the WG into ASN.1, and I
don't see
> any list traffic asking for that.

The guidance we received from the IESG is that they want the question
around one or more formats resolved during the chartering process. We have
had a number of views expressed on the list. We need to focus in on what
the consensus within the group is. We need to identify what our initial
work items will be regarding format(s).

To that end, this text can be updated. Do you have alternate text to
propose?

> Also: is RFC 4108 really a "current best practice"? There seems to be
nearly no
> implementations of that in the IoT space, or at least none that have
spoken up
> about it.
>
> >> Use of the ASN.1 encoding
> >> is desirable due to existing ASN.1 support in crypto libraries used
> >> within current IoT operating systems.
>
> The same could be said for CBOR/COSE. It is probably inaccurate to cite
> "ASN.1 support" given that different parts of a system might each
implement its
> own ASN.1 stack.

How would you change this text to improve it?

> >> The group may later adopt alternate manifest formats using other
> >> serialization approaches (e.g., CBOR).
>
> Why not let the WG decide which it wants?

This statement is intended to do that. We need to figure out what we are
working on initially and reflect that in the charter and milestones. Are
you suggesting that the text should be made more clear? If so, then how?

>
> --Paul Hoffman

Thanks,
Dave


---------- Forwarded message ----------
From: Dave Thaler <dthaler@microsoft.com>
To: "suit@ietf.org" <suit@ietf.org>
Cc: "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>
Bcc:
Date: Fri, 3 Nov 2017 18:51:01 +0000
Subject: [Suit] Notetaker and jabber scribe

The SUIT BoF is now just over one week away.  Do we have any volunteers who
would be willing to be

either a note taker or a jabber scribe?



If so, please send email to the BoF chairs (Dave and Dave).



Dave Thaler



_______________________________________________
Suit mailing list
Suit@ietf.org
https://www.ietf.org/mailman/listinfo/suit




--=20
Rajesh Kanungo
President and CTO
TalaSecure, Inc.
(408) 431-3035

--001a11402b185d5768055d2155b4
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div class=3D"gmail_quote">2 questions and a comment:</div=
><div class=3D"gmail_quote"><br></div><div class=3D"gmail_quote">Question: =
Any idea about the timestamp start, granularity, end?=C2=A0=C2=A0</div><div=
 class=3D"gmail_quote"><br></div><div class=3D"gmail_quote">Question about =
signatures: would you consider a more structured signature field? Something=
 like:=C2=A0</div><div class=3D"gmail_quote"><a href=3D"https://github.com/=
multiformats/multihash">https://github.com/multiformats/multihash</a><br></=
div><div class=3D"gmail_quote"><br></div><div class=3D"gmail_quote"><pre st=
yle=3D"box-sizing:border-box;font-family:SFMono-Regular,Consolas,&quot;Libe=
ration Mono&quot;,Menlo,Courier,monospace;font-size:13.6px;margin-top:0px;m=
argin-bottom:16px;word-wrap:normal;padding:16px;overflow:auto;line-height:1=
.45;background-color:rgb(246,248,250);border-radius:3px;color:rgb(36,41,46)=
"><code style=3D"box-sizing:border-box;font-family:SFMono-Regular,Consolas,=
&quot;Liberation Mono&quot;,Menlo,Courier,monospace;padding:0px;margin:0px;=
background-color:transparent;border-radius:3px;word-break:normal;border:0px=
;display:inline;overflow:visible;line-height:inherit;word-wrap:normal">fn c=
ode  dig size hash digest
-------- -------- ------------------------------------
00010001 00000100 101101100 11111000 01011100 10110101
sha1     4 bytes  4 byte sha1 digest</code></pre></div><div class=3D"gmail_=
quote"><br></div><div class=3D"gmail_quote">Comment:</div><div class=3D"gma=
il_quote"><br></div><div class=3D"gmail_quote">&gt; Also: is RFC 4108 reall=
y a &quot;current best practice&quot;? There seems to be nearly no implemen=
tations of that in the IoT space, or at least none that have spoken up abou=
t it.</div><div class=3D"gmail_quote"><br></div><div class=3D"gmail_quote">=
I don&#39;t know if it is a current best practice or not but I introduced C=
MS as a method to update Itron&#39;s smart electricity meters over the air =
roughly 6 years ago. There are probably 20 million of them out there by now=
 and counting.=C2=A0=C2=A0</div><div class=3D"gmail_quote"><br></div><div c=
lass=3D"gmail_quote">CMS allows one feature that I really liked:=C2=A0 co-s=
igning.=C2=A0 This allows a firmware update to be co-signed by an operator =
so that the devices would accept only firmware approved by the operator (e.=
g. Utility) .=C2=A0 Many times, the operator would test out a manufacturer =
signed firmware update in their own setup, work with the manufacturer to fi=
x any issues, then co-sign the firmware before distribution.=C2=A0 The targ=
et device would only accept utility signed firmware ...</div><div class=3D"=
gmail_quote"><br></div><div class=3D"gmail_quote">CMS also allows customers=
 to use standard OpenSSL tools to examine the contents of the payload.</div=
><div class=3D"gmail_quote"><br></div><div class=3D"gmail_quote">However:</=
div><div class=3D"gmail_quote">There is no reason the proposed format can&#=
39;t be nested to provide the above properties especially if the manufactur=
er&#39;s signed firmware release is not re-encrypted.=C2=A0 Hence, even tho=
ugh I used CMS, I think it is overkill for smaller limited devices.=C2=A0=
=C2=A0</div><div class=3D"gmail_quote"><br></div><div class=3D"gmail_quote"=
>Rajesh</div><div class=3D"gmail_quote"><br></div><div class=3D"gmail_quote=
"><br>---------- Forwarded message ----------<br>From:=C2=A0Paul Hoffman &l=
t;<a href=3D"mailto:paul.hoffman@vpnc.org">paul.hoffman@vpnc.org</a>&gt;<br=
>To:=C2=A0The IESG &lt;<a href=3D"mailto:iesg@ietf.org">iesg@ietf.org</a>&g=
t;<br>Cc:=C2=A0<a href=3D"mailto:suit@ietf.org">suit@ietf.org</a><br>Bcc:=
=C2=A0<br>Date:=C2=A0Fri, 03 Nov 2017 11:04:03 -0700<br>Subject:=C2=A0Re: [=
Suit] WG Review: Software Updates for Internet of Things (suit)<br>On 3 Nov=
 2017, at 10:49, Carsten Bormann wrote:<br>
<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-=
left:1px solid rgb(204,204,204);padding-left:1ex"><blockquote class=3D"gmai=
l_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,20=
4,204);padding-left:1ex">
The initial focus of this group will be development of a manifest approach<=
br>
based on CMS and the ASN.1 encoding. This work will result in a revision of=
<br>
RFC 4108 that reflects the current best practices.<br>
</blockquote></blockquote>
<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-=
left:1px solid rgb(204,204,204);padding-left:1ex">
I=E2=80=99m slightly confused by this charter proposal.<br>
The recent mailing list discussion went into a different direction.<br>
Is this the current proposed text?<br>
</blockquote>
<br>
I agree with Carsten: that&#39;s not what the recent list traffic was aimin=
g for. The draft charter from a month ago didn&#39;t force the WG into ASN.=
1, and I don&#39;t see any list traffic asking for that.<br>
<br>
Also: is RFC 4108 really a &quot;current best practice&quot;? There seems t=
o be nearly no implementations of that in the IoT space, or at least none t=
hat have spoken up about it.<br>
<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-=
left:1px solid rgb(204,204,204);padding-left:1ex"><blockquote class=3D"gmai=
l_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,20=
4,204);padding-left:1ex">
Use of the ASN.1 encoding<br>
is desirable due to existing ASN.1 support in crypto libraries used within<=
br>
current IoT operating systems.<br>
</blockquote></blockquote>
<br>
The same could be said for CBOR/COSE. It is probably inaccurate to cite &qu=
ot;ASN.1 support&quot; given that different parts of a system might each im=
plement its own ASN.1 stack.<br>
<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-=
left:1px solid rgb(204,204,204);padding-left:1ex"><blockquote class=3D"gmai=
l_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,20=
4,204);padding-left:1ex">
The group may later adopt alternate manifest<br>
formats using other serialization approaches (e.g., CBOR).<br>
</blockquote></blockquote>
<br>
Why not let the WG decide which it wants?<br>
<br>
--Paul Hoffman<br>
<br>
<br>
<br><br>---------- Forwarded message ----------<br>From:=C2=A0&quot;Walterm=
ire, David A. (Fed)&quot; &lt;<a href=3D"mailto:david.waltermire@nist.gov">=
david.waltermire@nist.gov</a>&gt;<br>To:=C2=A0Paul Hoffman &lt;<a href=3D"m=
ailto:paul.hoffman@vpnc.org">paul.hoffman@vpnc.org</a>&gt;, The IESG &lt;<a=
 href=3D"mailto:iesg@ietf.org">iesg@ietf.org</a>&gt;<br>Cc:=C2=A0&quot;<a h=
ref=3D"mailto:suit@ietf.org">suit@ietf.org</a>&quot; &lt;<a href=3D"mailto:=
suit@ietf.org">suit@ietf.org</a>&gt;<br>Bcc:=C2=A0<br>Date:=C2=A0Fri, 3 Nov=
 2017 18:43:57 +0000<br>Subject:=C2=A0Re: [Suit] WG Review: Software Update=
s for Internet of Things (suit)<br>Paul and Carsten,<br>
<br>
My comments are inline below.<br>
<br>
&gt; &gt;&gt; The initial focus of this group will be development of a mani=
fest<br>
&gt; &gt;&gt; approach based on CMS and the ASN.1 encoding. This work will =
result<br>
&gt; &gt;&gt; in a revision of RFC 4108 that reflects the current best prac=
tices.<br>
&gt;<br>
&gt; &gt; I=E2=80=99m slightly confused by this charter proposal.<br>
&gt; &gt; The recent mailing list discussion went into a different directio=
n.<br>
&gt; &gt; Is this the current proposed text?<br>
&gt;<br>
&gt; I agree with Carsten: that&#39;s not what the recent list traffic was =
aiming for. The<br>
&gt; draft charter from a month ago didn&#39;t force the WG into ASN.1, and=
 I don&#39;t see<br>
&gt; any list traffic asking for that.<br>
<br>
The guidance we received from the IESG is that they want the question aroun=
d one or more formats resolved during the chartering process. We have had a=
 number of views expressed on the list. We need to focus in on what the con=
sensus within the group is. We need to identify what our initial work items=
 will be regarding format(s).<br>
<br>
To that end, this text can be updated. Do you have alternate text to propos=
e?<br>
<br>
&gt; Also: is RFC 4108 really a &quot;current best practice&quot;? There se=
ems to be nearly no<br>
&gt; implementations of that in the IoT space, or at least none that have s=
poken up<br>
&gt; about it.<br>
&gt;<br>
&gt; &gt;&gt; Use of the ASN.1 encoding<br>
&gt; &gt;&gt; is desirable due to existing ASN.1 support in crypto librarie=
s used<br>
&gt; &gt;&gt; within current IoT operating systems.<br>
&gt;<br>
&gt; The same could be said for CBOR/COSE. It is probably inaccurate to cit=
e<br>
&gt; &quot;ASN.1 support&quot; given that different parts of a system might=
 each implement its<br>
&gt; own ASN.1 stack.<br>
<br>
How would you change this text to improve it?<br>
<br>
&gt; &gt;&gt; The group may later adopt alternate manifest formats using ot=
her<br>
&gt; &gt;&gt; serialization approaches (e.g., CBOR).<br>
&gt;<br>
&gt; Why not let the WG decide which it wants?<br>
<br>
This statement is intended to do that. We need to figure out what we are wo=
rking on initially and reflect that in the charter and milestones. Are you =
suggesting that the text should be made more clear? If so, then how?<br>
<br>
&gt;<br>
&gt; --Paul Hoffman<br>
<br>
Thanks,<br>
Dave<br>
<br><br>---------- Forwarded message ----------<br>From:=C2=A0Dave Thaler &=
lt;<a href=3D"mailto:dthaler@microsoft.com">dthaler@microsoft.com</a>&gt;<b=
r>To:=C2=A0&quot;<a href=3D"mailto:suit@ietf.org">suit@ietf.org</a>&quot; &=
lt;<a href=3D"mailto:suit@ietf.org">suit@ietf.org</a>&gt;<br>Cc:=C2=A0&quot=
;Waltermire, David A. (Fed)&quot; &lt;<a href=3D"mailto:david.waltermire@ni=
st.gov">david.waltermire@nist.gov</a>&gt;<br>Bcc:=C2=A0<br>Date:=C2=A0Fri, =
3 Nov 2017 18:51:01 +0000<br>Subject:=C2=A0[Suit] Notetaker and jabber scri=
be<br>





<div lang=3D"EN-US">
<div class=3D"gmail-m_3396668498188116317WordSection1">
<p class=3D"MsoNormal">The SUIT BoF is now just over one week away.=C2=A0 D=
o we have any volunteers who would be willing to be<u></u><u></u></p>
<p class=3D"MsoNormal">either a note taker or a jabber scribe?<u></u><u></u=
></p>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
<p class=3D"MsoNormal">If so, please send email to the BoF chairs (Dave and=
 Dave).<u></u><u></u></p>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
<p class=3D"MsoNormal">Dave Thaler<u></u><u></u></p>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
</div>
</div>

<br>______________________________<wbr>_________________<br>
Suit mailing list<br>
<a href=3D"mailto:Suit@ietf.org">Suit@ietf.org</a><br>
<a href=3D"https://www.ietf.org/mailman/listinfo/suit" rel=3D"noreferrer" t=
arget=3D"_blank">https://www.ietf.org/mailman/<wbr>listinfo/suit</a><br>
<br></div><br><br clear=3D"all"><div><br></div>-- <br><div class=3D"gmail_s=
ignature"><div dir=3D"ltr"><div><div dir=3D"ltr">Rajesh Kanungo<div>Preside=
nt and CTO</div><div>TalaSecure, Inc.</div><div>(408) 431-3035</div></div><=
/div></div></div>
</div>

--001a11402b185d5768055d2155b4--


From nobody Fri Nov  3 22:26:17 2017
Return-Path: <ietf@augustcellars.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 25A9213FB47 for <suit@ietfa.amsl.com>; Fri,  3 Nov 2017 22:26:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level: 
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9,  DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=augustcellars.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7hDWQB0L16LA for <suit@ietfa.amsl.com>; Fri,  3 Nov 2017 22:26:13 -0700 (PDT)
Received: from mail4.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1EA4513FB45 for <suit@ietf.org>; Fri,  3 Nov 2017 22:26:13 -0700 (PDT)
Content-Type: multipart/alternative; boundary="----=_NextPart_000_002E_01D354F2.BD84C450"
Content-Language: en-us
DKIM-Signature: v=1; a=rsa-sha256; d=augustcellars.com; s=winery; c=simple/simple; t=1509773169; h=from:subject:to:date:message-id; bh=FUp64SklV16edLio0COJSzqF3eVOsN1XU6oJ5kuz+Rs=; b=T2N0Ed0igpwiX/CrVnCqkTSmPc0bsFlRCHZK+enwxMduymuynhsO/zhhmrWeFnkMj96ZWodwEPU YSvdyMDC3YWN7TSU2QTetJDDbSCbaqVEGxxdQyviydq3Ch9PP1PMLR4nWQm95Q92n55jspGLMfJc3 h7e46VLIu5d562C6e4+EyaJG0JnOGsfnI1U+Qo2JhivO+cZdKoW+4PlJBlxfbjaFV5atiS8MvNLVS sCkObHULCBEb+DV0JNg1IHiAxQqVClRebu7mxh+ehFqdQEK7ilsOFVROY33rRoyOB3rcGj4gu3YXZ 6BF4LBOxxYZCWxZaBZ/mr9x2vPIFqCgG+lag==
Received: from mail2.augustcellars.com (192.168.1.201) by mail4.augustcellars.com (192.168.1.153) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Fri, 3 Nov 2017 22:26:08 -0700
Received: from Hebrews (73.180.8.170) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Fri, 3 Nov 2017 22:25:06 -0700
From: Jim Schaad <ietf@augustcellars.com>
To: 'Rajesh Kanungo' <rajesh@talasecure.com>, <suit@ietf.org>
References: <CALRhWcvFiVrC=wMGe7T6HDKg3PjF=4W+p=FJNOydH3EtT=6Ueg@mail.gmail.com>
In-Reply-To: <CALRhWcvFiVrC=wMGe7T6HDKg3PjF=4W+p=FJNOydH3EtT=6Ueg@mail.gmail.com>
Date: Fri, 3 Nov 2017 22:26:03 -0700
Message-ID: <002d01d3552d$69ddcff0$3d996fd0$@augustcellars.com>
MIME-Version: 1.0
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQH3NfPW6ulKKe0VzLZGS5srUnH6E6K77jjg
X-Originating-IP: [73.180.8.170]
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/l51E1DOPnUYraLYft0JD2fYBhgM>
Subject: Re: [Suit] WG Review: Software Updates for Internet of Things (suit)
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Nov 2017 05:26:16 -0000

------=_NextPart_000_002E_01D354F2.BD84C450
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

=20

=20

From: Suit [mailto:suit-bounces@ietf.org] On Behalf Of Rajesh Kanungo
Sent: Friday, November 3, 2017 10:17 PM
To: suit@ietf.org
Subject: Re: [Suit] WG Review: Software Updates for Internet of Things =
(suit)

=20

2 questions and a comment:

=20

Question: Any idea about the timestamp start, granularity, end? =20

=20

Question about signatures: would you consider a more structured =
signature field? Something like:=20

https://github.com/multiformats/multihash

=20

fn code  dig size hash digest
-------- -------- ------------------------------------
00010001 00000100 101101100 11111000 01011100 10110101
sha1     4 bytes  4 byte sha1 digest

=20

=20

[JLS] I am not sure what you think you are going to get from this.  What =
is the end goal you are asking for.

=20

Comment:

=20

> Also: is RFC 4108 really a "current best practice"? There seems to be =
nearly no implementations of that in the IoT space, or at least none =
that have spoken up about it.

=20

I don't know if it is a current best practice or not but I introduced =
CMS as a method to update Itron's smart electricity meters over the air =
roughly 6 years ago. There are probably 20 million of them out there by =
now and counting. =20

=20

CMS allows one feature that I really liked:  co-signing.  This allows a =
firmware update to be co-signed by an operator so that the devices would =
accept only firmware approved by the operator (e.g. Utility) .  Many =
times, the operator would test out a manufacturer signed firmware update =
in their own setup, work with the manufacturer to fix any issues, then =
co-sign the firmware before distribution.  The target device would only =
accept utility signed firmware ...

=20

[JLS] You will be happy to know that this is natively supported by COSE =
=E2=80=93 either as a co-signature or a counter-signature just like CMS.

=20

Jim

=20

=20

CMS also allows customers to use standard OpenSSL tools to examine the =
contents of the payload.

=20

However:

There is no reason the proposed format can't be nested to provide the =
above properties especially if the manufacturer's signed firmware =
release is not re-encrypted.  Hence, even though I used CMS, I think it =
is overkill for smaller limited devices. =20

=20

Rajesh

=20


---------- Forwarded message ----------
From: Paul Hoffman <paul.hoffman@vpnc.org <mailto:paul.hoffman@vpnc.org> =
>
To: The IESG <iesg@ietf.org <mailto:iesg@ietf.org> >
Cc: suit@ietf.org <mailto:suit@ietf.org>=20
Bcc:=20
Date: Fri, 03 Nov 2017 11:04:03 -0700
Subject: Re: [Suit] WG Review: Software Updates for Internet of Things =
(suit)
On 3 Nov 2017, at 10:49, Carsten Bormann wrote:

The initial focus of this group will be development of a manifest =
approach
based on CMS and the ASN.1 encoding. This work will result in a revision =
of
RFC 4108 that reflects the current best practices.

=20

I=E2=80=99m slightly confused by this charter proposal.
The recent mailing list discussion went into a different direction.
Is this the current proposed text?


I agree with Carsten: that's not what the recent list traffic was aiming =
for. The draft charter from a month ago didn't force the WG into ASN.1, =
and I don't see any list traffic asking for that.

Also: is RFC 4108 really a "current best practice"? There seems to be =
nearly no implementations of that in the IoT space, or at least none =
that have spoken up about it.

Use of the ASN.1 encoding
is desirable due to existing ASN.1 support in crypto libraries used =
within
current IoT operating systems.


The same could be said for CBOR/COSE. It is probably inaccurate to cite =
"ASN.1 support" given that different parts of a system might each =
implement its own ASN.1 stack.

The group may later adopt alternate manifest
formats using other serialization approaches (e.g., CBOR).


Why not let the WG decide which it wants?

--Paul Hoffman




---------- Forwarded message ----------
From: "Waltermire, David A. (Fed)" <david.waltermire@nist.gov =
<mailto:david.waltermire@nist.gov> >
To: Paul Hoffman <paul.hoffman@vpnc.org <mailto:paul.hoffman@vpnc.org> =
>, The IESG <iesg@ietf.org <mailto:iesg@ietf.org> >
Cc: "suit@ietf.org <mailto:suit@ietf.org> " <suit@ietf.org =
<mailto:suit@ietf.org> >
Bcc:=20
Date: Fri, 3 Nov 2017 18:43:57 +0000
Subject: Re: [Suit] WG Review: Software Updates for Internet of Things =
(suit)
Paul and Carsten,

My comments are inline below.

> >> The initial focus of this group will be development of a manifest
> >> approach based on CMS and the ASN.1 encoding. This work will result
> >> in a revision of RFC 4108 that reflects the current best practices.
>
> > I=E2=80=99m slightly confused by this charter proposal.
> > The recent mailing list discussion went into a different direction.
> > Is this the current proposed text?
>
> I agree with Carsten: that's not what the recent list traffic was =
aiming for. The
> draft charter from a month ago didn't force the WG into ASN.1, and I =
don't see
> any list traffic asking for that.

The guidance we received from the IESG is that they want the question =
around one or more formats resolved during the chartering process. We =
have had a number of views expressed on the list. We need to focus in on =
what the consensus within the group is. We need to identify what our =
initial work items will be regarding format(s).

To that end, this text can be updated. Do you have alternate text to =
propose?

> Also: is RFC 4108 really a "current best practice"? There seems to be =
nearly no
> implementations of that in the IoT space, or at least none that have =
spoken up
> about it.
>
> >> Use of the ASN.1 encoding
> >> is desirable due to existing ASN.1 support in crypto libraries used
> >> within current IoT operating systems.
>
> The same could be said for CBOR/COSE. It is probably inaccurate to =
cite
> "ASN.1 support" given that different parts of a system might each =
implement its
> own ASN.1 stack.

How would you change this text to improve it?

> >> The group may later adopt alternate manifest formats using other
> >> serialization approaches (e.g., CBOR).
>
> Why not let the WG decide which it wants?

This statement is intended to do that. We need to figure out what we are =
working on initially and reflect that in the charter and milestones. Are =
you suggesting that the text should be made more clear? If so, then how?

>
> --Paul Hoffman

Thanks,
Dave


---------- Forwarded message ----------
From: Dave Thaler <dthaler@microsoft.com <mailto:dthaler@microsoft.com> =
>
To: "suit@ietf.org <mailto:suit@ietf.org> " <suit@ietf.org =
<mailto:suit@ietf.org> >
Cc: "Waltermire, David A. (Fed)" <david.waltermire@nist.gov =
<mailto:david.waltermire@nist.gov> >
Bcc:=20
Date: Fri, 3 Nov 2017 18:51:01 +0000
Subject: [Suit] Notetaker and jabber scribe

The SUIT BoF is now just over one week away.  Do we have any volunteers =
who would be willing to be

either a note taker or a jabber scribe?

=20

If so, please send email to the BoF chairs (Dave and Dave).

=20

Dave Thaler

=20


_______________________________________________
Suit mailing list
Suit@ietf.org <mailto:Suit@ietf.org>=20
https://www.ietf.org/mailman/listinfo/suit





=20

--=20

Rajesh Kanungo

President and CTO

TalaSecure, Inc.

(408) 431-3035


------=_NextPart_000_002E_01D354F2.BD84C450
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" =
xmlns=3D"http://www.w3.org/TR/REC-html40"><head><meta =
http-equiv=3DContent-Type content=3D"text/html; charset=3Dutf-8"><meta =
name=3DGenerator content=3D"Microsoft Word 15 (filtered =
medium)"><style><!--
/* Font Definitions */
@font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
	{font-family:Consolas;
	panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:purple;
	text-decoration:underline;}
code
	{mso-style-priority:99;
	font-family:"Courier New";}
pre
	{mso-style-priority:99;
	mso-style-link:"HTML Preformatted Char";
	margin:0in;
	margin-bottom:.0001pt;
	font-size:10.0pt;
	font-family:"Courier New";}
p.msonormal0, li.msonormal0, div.msonormal0
	{mso-style-name:msonormal;
	mso-margin-top-alt:auto;
	margin-right:0in;
	mso-margin-bottom-alt:auto;
	margin-left:0in;
	font-size:11.0pt;
	font-family:"Calibri",sans-serif;}
span.HTMLPreformattedChar
	{mso-style-name:"HTML Preformatted Char";
	mso-style-priority:99;
	mso-style-link:"HTML Preformatted";
	font-family:Consolas;}
span.EmailStyle21
	{mso-style-type:personal-reply;
	font-family:"Calibri",sans-serif;
	color:windowtext;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-family:"Calibri",sans-serif;}
@page WordSection1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
	{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]--></head><body lang=3DEN-US link=3Dblue =
vlink=3Dpurple><div class=3DWordSection1><p =
class=3DMsoNormal><o:p>&nbsp;</o:p></p><p =
class=3DMsoNormal><o:p>&nbsp;</o:p></p><div =
style=3D'border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in =
4.0pt'><div><div style=3D'border:none;border-top:solid #E1E1E1 =
1.0pt;padding:3.0pt 0in 0in 0in'><p class=3DMsoNormal><b>From:</b> Suit =
[mailto:suit-bounces@ietf.org] <b>On Behalf Of </b>Rajesh =
Kanungo<br><b>Sent:</b> Friday, November 3, 2017 10:17 PM<br><b>To:</b> =
suit@ietf.org<br><b>Subject:</b> Re: [Suit] WG Review: Software Updates =
for Internet of Things (suit)<o:p></o:p></p></div></div><p =
class=3DMsoNormal><o:p>&nbsp;</o:p></p><div><div><p class=3DMsoNormal>2 =
questions and a comment:<o:p></o:p></p></div><div><p =
class=3DMsoNormal><o:p>&nbsp;</o:p></p></div><div><p =
class=3DMsoNormal>Question: Any idea about the timestamp start, =
granularity, end?&nbsp;&nbsp;<o:p></o:p></p></div><div><p =
class=3DMsoNormal><o:p>&nbsp;</o:p></p></div><div><p =
class=3DMsoNormal>Question about signatures: would you consider a more =
structured signature field? Something =
like:&nbsp;<o:p></o:p></p></div><div><p class=3DMsoNormal><a =
href=3D"https://github.com/multiformats/multihash">https://github.com/mul=
tiformats/multihash</a><o:p></o:p></p></div><div><p =
class=3DMsoNormal><o:p>&nbsp;</o:p></p></div><div><pre =
style=3D'background:#F6F8FA;box-sizing:border-box;word-wrap:normal;border=
-radius:3px;overflow:auto'><code><span =
style=3D'font-family:Consolas;color:#24292E;border:none windowtext =
1.0pt;padding:0in'>fn code=C2=A0 dig size hash =
digest<o:p></o:p></span></code></pre><pre =
style=3D'background:#F6F8FA'><code><span =
style=3D'font-family:Consolas;color:#24292E;border:none windowtext =
1.0pt;padding:0in'>-------- -------- =
------------------------------------<o:p></o:p></span></code></pre><pre =
style=3D'background:#F6F8FA'><code><span =
style=3D'font-family:Consolas;color:#24292E;border:none windowtext =
1.0pt;padding:0in'>00010001 00000100 101101100 11111000 01011100 =
10110101<o:p></o:p></span></code></pre><pre =
style=3D'background:#F6F8FA'><code><span =
style=3D'font-family:Consolas;color:#24292E;border:none windowtext =
1.0pt;padding:0in'>sha1=C2=A0=C2=A0=C2=A0=C2=A0 4 bytes=C2=A0 4 byte =
sha1 digest</span></code><span =
style=3D'font-family:Consolas;color:#24292E'><o:p></o:p></span></pre></di=
v><div><p class=3DMsoNormal><o:p>&nbsp;</o:p></p><p =
class=3DMsoNormal><o:p>&nbsp;</o:p></p><p class=3DMsoNormal><span =
style=3D'color:#0070C0'>[JLS] I am not sure what you think you are going =
to get from this.=C2=A0 What is the end goal you are asking =
for.<o:p></o:p></span></p><p =
class=3DMsoNormal><o:p>&nbsp;</o:p></p></div><div><p =
class=3DMsoNormal>Comment:<o:p></o:p></p></div><div><p =
class=3DMsoNormal><o:p>&nbsp;</o:p></p></div><div><p =
class=3DMsoNormal>&gt; Also: is RFC 4108 really a &quot;current best =
practice&quot;? There seems to be nearly no implementations of that in =
the IoT space, or at least none that have spoken up about =
it.<o:p></o:p></p></div><div><p =
class=3DMsoNormal><o:p>&nbsp;</o:p></p></div><div><p class=3DMsoNormal>I =
don't know if it is a current best practice or not but I introduced CMS =
as a method to update Itron's smart electricity meters over the air =
roughly 6 years ago. There are probably 20 million of them out there by =
now and counting.&nbsp;&nbsp;<o:p></o:p></p></div><div><p =
class=3DMsoNormal><o:p>&nbsp;</o:p></p></div><div><p =
class=3DMsoNormal>CMS allows one feature that I really liked:&nbsp; =
co-signing.&nbsp; This allows a firmware update to be co-signed by an =
operator so that the devices would accept only firmware approved by the =
operator (e.g. Utility) .&nbsp; Many times, the operator would test out =
a manufacturer signed firmware update in their own setup, work with the =
manufacturer to fix any issues, then co-sign the firmware before =
distribution.&nbsp; The target device would only accept utility signed =
firmware ...<o:p></o:p></p><p class=3DMsoNormal><o:p>&nbsp;</o:p></p><p =
class=3DMsoNormal><span style=3D'color:#0070C0'>[JLS] You will be happy =
to know that this is natively supported by COSE =E2=80=93 either as a =
co-signature or a counter-signature just like =
CMS.<o:p></o:p></span></p><p class=3DMsoNormal><span =
style=3D'color:#0070C0'><o:p>&nbsp;</o:p></span></p><p =
class=3DMsoNormal><span =
style=3D'color:#0070C0'>Jim<o:p></o:p></span></p><p =
class=3DMsoNormal><span =
style=3D'color:#0070C0'><o:p>&nbsp;</o:p></span></p></div><div><p =
class=3DMsoNormal><o:p>&nbsp;</o:p></p></div><div><p =
class=3DMsoNormal>CMS also allows customers to use standard OpenSSL =
tools to examine the contents of the =
payload.<o:p></o:p></p></div><div><p =
class=3DMsoNormal><o:p>&nbsp;</o:p></p></div><div><p =
class=3DMsoNormal>However:<o:p></o:p></p></div><div><p =
class=3DMsoNormal>There is no reason the proposed format can't be nested =
to provide the above properties especially if the manufacturer's signed =
firmware release is not re-encrypted.&nbsp; Hence, even though I used =
CMS, I think it is overkill for smaller limited =
devices.&nbsp;&nbsp;<o:p></o:p></p></div><div><p =
class=3DMsoNormal><o:p>&nbsp;</o:p></p></div><div><p =
class=3DMsoNormal>Rajesh<o:p></o:p></p></div><div><p =
class=3DMsoNormal><o:p>&nbsp;</o:p></p></div><div><p class=3DMsoNormal =
style=3D'margin-bottom:12.0pt'><br>---------- Forwarded message =
----------<br>From:&nbsp;Paul Hoffman &lt;<a =
href=3D"mailto:paul.hoffman@vpnc.org">paul.hoffman@vpnc.org</a>&gt;<br>To=
:&nbsp;The IESG &lt;<a =
href=3D"mailto:iesg@ietf.org">iesg@ietf.org</a>&gt;<br>Cc:&nbsp;<a =
href=3D"mailto:suit@ietf.org">suit@ietf.org</a><br>Bcc:&nbsp;<br>Date:&nb=
sp;Fri, 03 Nov 2017 11:04:03 -0700<br>Subject:&nbsp;Re: [Suit] WG =
Review: Software Updates for Internet of Things (suit)<br>On 3 Nov 2017, =
at 10:49, Carsten Bormann wrote:<o:p></o:p></p><blockquote =
style=3D'border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in =
6.0pt;margin-left:4.8pt;margin-right:0in'><blockquote =
style=3D'border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in =
6.0pt;margin-left:4.8pt;margin-right:0in'><p class=3DMsoNormal>The =
initial focus of this group will be development of a manifest =
approach<br>based on CMS and the ASN.1 encoding. This work will result =
in a revision of<br>RFC 4108 that reflects the current best =
practices.<o:p></o:p></p></blockquote></blockquote><p =
class=3DMsoNormal><o:p>&nbsp;</o:p></p><blockquote =
style=3D'border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in =
6.0pt;margin-left:4.8pt;margin-right:0in'><p =
class=3DMsoNormal>I=E2=80=99m slightly confused by this charter =
proposal.<br>The recent mailing list discussion went into a different =
direction.<br>Is this the current proposed =
text?<o:p></o:p></p></blockquote><p class=3DMsoNormal =
style=3D'margin-bottom:12.0pt'><br>I agree with Carsten: that's not what =
the recent list traffic was aiming for. The draft charter from a month =
ago didn't force the WG into ASN.1, and I don't see any list traffic =
asking for that.<br><br>Also: is RFC 4108 really a &quot;current best =
practice&quot;? There seems to be nearly no implementations of that in =
the IoT space, or at least none that have spoken up about =
it.<o:p></o:p></p><blockquote style=3D'border:none;border-left:solid =
#CCCCCC 1.0pt;padding:0in 0in 0in =
6.0pt;margin-left:4.8pt;margin-right:0in'><blockquote =
style=3D'border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in =
6.0pt;margin-left:4.8pt;margin-right:0in'><p class=3DMsoNormal>Use of =
the ASN.1 encoding<br>is desirable due to existing ASN.1 support in =
crypto libraries used within<br>current IoT operating =
systems.<o:p></o:p></p></blockquote></blockquote><p class=3DMsoNormal =
style=3D'margin-bottom:12.0pt'><br>The same could be said for CBOR/COSE. =
It is probably inaccurate to cite &quot;ASN.1 support&quot; given that =
different parts of a system might each implement its own ASN.1 =
stack.<o:p></o:p></p><blockquote style=3D'border:none;border-left:solid =
#CCCCCC 1.0pt;padding:0in 0in 0in =
6.0pt;margin-left:4.8pt;margin-right:0in'><blockquote =
style=3D'border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in =
6.0pt;margin-left:4.8pt;margin-right:0in'><p class=3DMsoNormal>The group =
may later adopt alternate manifest<br>formats using other serialization =
approaches (e.g., CBOR).<o:p></o:p></p></blockquote></blockquote><p =
class=3DMsoNormal><br>Why not let the WG decide which it =
wants?<br><br>--Paul Hoffman<br><br><br><br><br>---------- Forwarded =
message ----------<br>From:&nbsp;&quot;Waltermire, David A. (Fed)&quot; =
&lt;<a =
href=3D"mailto:david.waltermire@nist.gov">david.waltermire@nist.gov</a>&g=
t;<br>To:&nbsp;Paul Hoffman &lt;<a =
href=3D"mailto:paul.hoffman@vpnc.org">paul.hoffman@vpnc.org</a>&gt;, The =
IESG &lt;<a =
href=3D"mailto:iesg@ietf.org">iesg@ietf.org</a>&gt;<br>Cc:&nbsp;&quot;<a =
href=3D"mailto:suit@ietf.org">suit@ietf.org</a>&quot; &lt;<a =
href=3D"mailto:suit@ietf.org">suit@ietf.org</a>&gt;<br>Bcc:&nbsp;<br>Date=
:&nbsp;Fri, 3 Nov 2017 18:43:57 +0000<br>Subject:&nbsp;Re: [Suit] WG =
Review: Software Updates for Internet of Things (suit)<br>Paul and =
Carsten,<br><br>My comments are inline below.<br><br>&gt; &gt;&gt; The =
initial focus of this group will be development of a manifest<br>&gt; =
&gt;&gt; approach based on CMS and the ASN.1 encoding. This work will =
result<br>&gt; &gt;&gt; in a revision of RFC 4108 that reflects the =
current best practices.<br>&gt;<br>&gt; &gt; I=E2=80=99m slightly =
confused by this charter proposal.<br>&gt; &gt; The recent mailing list =
discussion went into a different direction.<br>&gt; &gt; Is this the =
current proposed text?<br>&gt;<br>&gt; I agree with Carsten: that's not =
what the recent list traffic was aiming for. The<br>&gt; draft charter =
from a month ago didn't force the WG into ASN.1, and I don't see<br>&gt; =
any list traffic asking for that.<br><br>The guidance we received from =
the IESG is that they want the question around one or more formats =
resolved during the chartering process. We have had a number of views =
expressed on the list. We need to focus in on what the consensus within =
the group is. We need to identify what our initial work items will be =
regarding format(s).<br><br>To that end, this text can be updated. Do =
you have alternate text to propose?<br><br>&gt; Also: is RFC 4108 really =
a &quot;current best practice&quot;? There seems to be nearly no<br>&gt; =
implementations of that in the IoT space, or at least none that have =
spoken up<br>&gt; about it.<br>&gt;<br>&gt; &gt;&gt; Use of the ASN.1 =
encoding<br>&gt; &gt;&gt; is desirable due to existing ASN.1 support in =
crypto libraries used<br>&gt; &gt;&gt; within current IoT operating =
systems.<br>&gt;<br>&gt; The same could be said for CBOR/COSE. It is =
probably inaccurate to cite<br>&gt; &quot;ASN.1 support&quot; given that =
different parts of a system might each implement its<br>&gt; own ASN.1 =
stack.<br><br>How would you change this text to improve it?<br><br>&gt; =
&gt;&gt; The group may later adopt alternate manifest formats using =
other<br>&gt; &gt;&gt; serialization approaches (e.g., =
CBOR).<br>&gt;<br>&gt; Why not let the WG decide which it =
wants?<br><br>This statement is intended to do that. We need to figure =
out what we are working on initially and reflect that in the charter and =
milestones. Are you suggesting that the text should be made more clear? =
If so, then how?<br><br>&gt;<br>&gt; --Paul =
Hoffman<br><br>Thanks,<br>Dave<br><br><br>---------- Forwarded message =
----------<br>From:&nbsp;Dave Thaler &lt;<a =
href=3D"mailto:dthaler@microsoft.com">dthaler@microsoft.com</a>&gt;<br>To=
:&nbsp;&quot;<a href=3D"mailto:suit@ietf.org">suit@ietf.org</a>&quot; =
&lt;<a =
href=3D"mailto:suit@ietf.org">suit@ietf.org</a>&gt;<br>Cc:&nbsp;&quot;Wal=
termire, David A. (Fed)&quot; &lt;<a =
href=3D"mailto:david.waltermire@nist.gov">david.waltermire@nist.gov</a>&g=
t;<br>Bcc:&nbsp;<br>Date:&nbsp;Fri, 3 Nov 2017 18:51:01 =
+0000<br>Subject:&nbsp;[Suit] Notetaker and jabber =
scribe<o:p></o:p></p><div><div><p class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>The SUIT =
BoF is now just over one week away.&nbsp; Do we have any volunteers who =
would be willing to be<o:p></o:p></p><p class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>either a =
note taker or a jabber scribe?<o:p></o:p></p><p class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>&nbsp;<o:p><=
/o:p></p><p class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>If so, =
please send email to the BoF chairs (Dave and Dave).<o:p></o:p></p><p =
class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>&nbsp;<o:p><=
/o:p></p><p class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Dave =
Thaler<o:p></o:p></p><p class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>&nbsp;<o:p><=
/o:p></p></div></div><p class=3DMsoNormal =
style=3D'margin-bottom:12.0pt'><br>______________________________________=
_________<br>Suit mailing list<br><a =
href=3D"mailto:Suit@ietf.org">Suit@ietf.org</a><br><a =
href=3D"https://www.ietf.org/mailman/listinfo/suit" =
target=3D"_blank">https://www.ietf.org/mailman/listinfo/suit</a><o:p></o:=
p></p></div><p class=3DMsoNormal><br><br =
clear=3Dall><o:p></o:p></p><div><p =
class=3DMsoNormal><o:p>&nbsp;</o:p></p></div><p class=3DMsoNormal>-- =
<o:p></o:p></p><div><div><div><div><p class=3DMsoNormal>Rajesh =
Kanungo<o:p></o:p></p><div><p class=3DMsoNormal>President and =
CTO<o:p></o:p></p></div><div><p class=3DMsoNormal>TalaSecure, =
Inc.<o:p></o:p></p></div><div><p class=3DMsoNormal>(408) =
431-3035<o:p></o:p></p></div></div></div></div></div></div></div></div></=
body></html>
------=_NextPart_000_002E_01D354F2.BD84C450--


From nobody Sat Nov  4 04:02:15 2017
Return-Path: <cabo@tzi.org>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C56513FBA7 for <suit@ietfa.amsl.com>; Sat,  4 Nov 2017 04:02:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iP4f_c1LAYop for <suit@ietfa.amsl.com>; Sat,  4 Nov 2017 04:02:11 -0700 (PDT)
Received: from mailhost.informatik.uni-bremen.de (mailhost.informatik.uni-bremen.de [IPv6:2001:638:708:30c9::12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BD08813FAE9 for <suit@ietf.org>; Sat,  4 Nov 2017 04:02:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at informatik.uni-bremen.de
Received: from submithost.informatik.uni-bremen.de (submithost.informatik.uni-bremen.de [IPv6:2001:638:708:30c9::b]) by mailhost.informatik.uni-bremen.de (8.14.5/8.14.5) with ESMTP id vA4B27FO001641; Sat, 4 Nov 2017 12:02:07 +0100 (CET)
Received: from pptp-218-1.informatik.uni-bremen.de (pptp-218-1.informatik.uni-bremen.de [134.102.218.240]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by submithost.informatik.uni-bremen.de (Postfix) with ESMTPSA id 3yTbW31nrFzDXjn; Sat,  4 Nov 2017 12:02:07 +0100 (CET)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <CALRhWcvFiVrC=wMGe7T6HDKg3PjF=4W+p=FJNOydH3EtT=6Ueg@mail.gmail.com>
Date: Sat, 4 Nov 2017 12:02:05 +0100
Cc: suit@ietf.org
X-Mao-Original-Outgoing-Id: 531486125.25622-91198e043d164c4b3b784fa9da1abfce
Content-Transfer-Encoding: quoted-printable
Message-Id: <80676780-A83B-4DE8-93F4-2C0D78C8250E@tzi.org>
References: <CALRhWcvFiVrC=wMGe7T6HDKg3PjF=4W+p=FJNOydH3EtT=6Ueg@mail.gmail.com>
To: Rajesh Kanungo <rajesh@talasecure.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/0kEo_RsNu7RTPkOraRw7Xsn98pk>
Subject: Re: [Suit] WG Review: Software Updates for Internet of Things (suit)
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Nov 2017 11:02:14 -0000

On Nov 4, 2017, at 06:17, Rajesh Kanungo <rajesh@talasecure.com> wrote:
>=20
> one feature that I really liked:  co-signing.  This allows a firmware =
update to be co-signed by an operator so that the devices would accept =
only firmware approved by the operator (e.g. Utility) .  Many times, the =
operator would test out a manufacturer signed firmware update in their =
own setup, work with the manufacturer to fix any issues, then co-sign =
the firmware before distribution.  The target device would only accept =
utility signed firmware =E2=80=A6

Thank you for adding content here that leads us away from the format =
wars.

So basically, you have two signed claims:

Issuer: manufacturer
Subject: (the firmware)
Claim: This firmware is appropriate for manufx model 0815 rev 4 to 17, =
when equipped with 128 KiB of RAM
Claim: This firmware provides feature set A, B, M
Claim: This firmware has version 2.17.33 and replaces all numerically =
smaller firmware versions

Issuer: utility
Subject: (the firmware)
Claim: This firmware is appropriate for use in Wesernetz in eastern =
Bremen, contract types 17, 32, and 38, installation types beta, gamma, =
and ny.
Claim: Do not replace 2.17.31 with this just yet, there is a bug in the =
updater that will be worked around later.

The authorization policy for the upgrade would check all these claims =
for (authorized authentication and) the requirements that are specific =
to the device/model and the installation/usage/contract type.

Of course, a very constrained device would prefer to (also?) get one =
claim from its authorization manager:

Issuer: authorization manager
Subject: (the firmware)
Audience: You, the device
Claim: This is good for you

Gr=C3=BC=C3=9Fe, Carsten


From nobody Sat Nov  4 05:48:36 2017
Return-Path: <rajesh@talasecure.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C4DCE13FB1F for <suit@ietfa.amsl.com>; Sat,  4 Nov 2017 05:48:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level: 
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=talasecure-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jurxAq4pCu-m for <suit@ietfa.amsl.com>; Sat,  4 Nov 2017 05:48:32 -0700 (PDT)
Received: from mail-io0-x22b.google.com (mail-io0-x22b.google.com [IPv6:2607:f8b0:4001:c06::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 60A7F13F920 for <suit@ietf.org>; Sat,  4 Nov 2017 05:48:32 -0700 (PDT)
Received: by mail-io0-x22b.google.com with SMTP id b186so11271749iof.8 for <suit@ietf.org>; Sat, 04 Nov 2017 05:48:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=talasecure-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Nzh/uLjJa1iLljdoS1BHm4eVvrUEPoo0/Br650mLSW0=; b=ttkSGfePAvODzaY3aVWXi2eMOw1QZ1xFr92njQ5rMODE7KgMcjexNvZO0D5B25Sq4w YxGYcRvkCMiWIpWSgbrs0X8Y5VOtorlueHtoG29Dghy4Dtc4yzsJBXTiiscMPF+MWp/k wuf6ayEBhbOriDBLYvMP9U7XLGsk/GeM8JCB0D9v3VoY79fTbhhjkx54vczaz6XoQPOc 2StQBOXt+tuT+Zd5gOCGNpLYN9G7luZq9NmQmhqyI/Nq4pQj0JJnU1SbLv+X3Tmb5JSW A/fPQBWX2+q3xMhEzv9aVQoC16asN66UJilTLjNiv/riGDWfDGjTuzjvLKneHzh0rr/W bqEw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Nzh/uLjJa1iLljdoS1BHm4eVvrUEPoo0/Br650mLSW0=; b=LeuV4LlHjSUpFm/JEzbwSyEFnucVusmOpC23hAJ2DmrcUF/li83F4FH6Cv78QgYf2r vTzt1P2ux8AxPOjZO2fs3sm6Ypdo2Lo3+tfBhGIHgAHSXQvg9fO3Q+3/JeeuDahMatJM +Y1BMLwJ4Ud0utFpT938d6TtvuqgKLhqRT2fEc7XChiAkDjME0HB9Jfnhf3EIfbw8Z8M iHB16PuFU8U+ChHkaryy/qKDLKGlSYKzj6PgnXJH+P8EmUDK+89UDjCwStmOjGXT+kWY ElFP48OmZdc/gfapwj8r/iRfZXsZiT2VvL+up0VZqXaE5j7H2SeczibwLI6vk1OSazIY 98OQ==
X-Gm-Message-State: AMCzsaVaW8SN14/4VEansQJHyauJFs6M7wdSzrfWCvPiEUkeXRUTKwOj rHvHAluX/BNMzzf6Ipd6IbTUxM5WMeryyMazdqYypdQV
X-Google-Smtp-Source: ABhQp+QHtIgJ9ifCOUnukd/r+QMYAEaOYzTNaHupcc7VhGFAM3QfuTm/4SIkFuyYKLPLu6qLzLZmsvgplIfiL4uyeZw=
X-Received: by 10.107.37.143 with SMTP id l137mr12747644iol.104.1509799711462;  Sat, 04 Nov 2017 05:48:31 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.2.5.196 with HTTP; Sat, 4 Nov 2017 05:48:30 -0700 (PDT)
In-Reply-To: <80676780-A83B-4DE8-93F4-2C0D78C8250E@tzi.org>
References: <CALRhWcvFiVrC=wMGe7T6HDKg3PjF=4W+p=FJNOydH3EtT=6Ueg@mail.gmail.com> <80676780-A83B-4DE8-93F4-2C0D78C8250E@tzi.org>
From: Rajesh Kanungo <rajesh@talasecure.com>
Date: Sat, 4 Nov 2017 18:18:30 +0530
Message-ID: <CALRhWctZvAXpW+PvkiHydpoKbLD2-e8Wfrh2o58hPu2x4_4VwA@mail.gmail.com>
To: Carsten Bormann <cabo@tzi.org>
Cc: suit@ietf.org
Content-Type: multipart/alternative; boundary="001a11402b187bea1e055d27a3ef"
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/tzg8xSwOd_3gNGO6MDr1H2q8vA0>
Subject: Re: [Suit] WG Review: Software Updates for Internet of Things (suit)
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Nov 2017 12:48:35 -0000

--001a11402b187bea1e055d27a3ef
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

About Claims:
JNLP allowed similar constraints but for JVM versions.
Come to think f it, accidentally bricking a remote IoT device is high up on
my list of worries.  Your constraints definition is good.

Questions:
I am not clear about the signer's public key or certificate is matched to
the signature.

I am also not clear regarding how the signing public keys or certificates
are distributed and/or revoked.  Is that outside the scope of the
document?  Or am I just not reading the spec properly.

Also, I am not clear if we can insert run some prescribed actions to be run
before or after firmware installation.

Rajesh


On Sat, Nov 4, 2017 at 4:32 PM, Carsten Bormann <cabo@tzi.org> wrote:

> On Nov 4, 2017, at 06:17, Rajesh Kanungo <rajesh@talasecure.com> wrote:
> >
> > one feature that I really liked:  co-signing.  This allows a firmware
> update to be co-signed by an operator so that the devices would accept on=
ly
> firmware approved by the operator (e.g. Utility) .  Many times, the
> operator would test out a manufacturer signed firmware update in their ow=
n
> setup, work with the manufacturer to fix any issues, then co-sign the
> firmware before distribution.  The target device would only accept utilit=
y
> signed firmware =E2=80=A6
>
> Thank you for adding content here that leads us away from the format wars=
.
>
> So basically, you have two signed claims:
>
> Issuer: manufacturer
> Subject: (the firmware)
> Claim: This firmware is appropriate for manufx model 0815 rev 4 to 17,
> when equipped with 128 KiB of RAM
> Claim: This firmware provides feature set A, B, M
> Claim: This firmware has version 2.17.33 and replaces all numerically
> smaller firmware versions
>
> Issuer: utility
> Subject: (the firmware)
> Claim: This firmware is appropriate for use in Wesernetz in eastern
> Bremen, contract types 17, 32, and 38, installation types beta, gamma, an=
d
> ny.
> Claim: Do not replace 2.17.31 with this just yet, there is a bug in the
> updater that will be worked around later.
>
> The authorization policy for the upgrade would check all these claims for
> (authorized authentication and) the requirements that are specific to the
> device/model and the installation/usage/contract type.
>
> Of course, a very constrained device would prefer to (also?) get one clai=
m
> from its authorization manager:
>
> Issuer: authorization manager
> Subject: (the firmware)
> Audience: You, the device
> Claim: This is good for you
>
> Gr=C3=BC=C3=9Fe, Carsten
>
>


--=20
Rajesh Kanungo
President and CTO
TalaSecure, Inc.
(408) 431-3035

--001a11402b187bea1e055d27a3ef
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">About Claims:<div>JNLP allowed similar constraints but for=
 JVM versions.=C2=A0=C2=A0<div>Come to think f it, accidentally bricking a =
remote IoT device is high up on my list of worries.=C2=A0 Your constraints =
definition is good.=C2=A0</div><div><br></div><div>Questions:</div></div><d=
iv>I am not clear about the signer&#39;s public key or certificate is match=
ed to the signature.=C2=A0=C2=A0</div><div><br></div><div>I am also not cle=
ar regarding how the signing public keys or certificates are distributed an=
d/or revoked.=C2=A0 Is that outside the scope of the document?=C2=A0 Or am =
I just not reading the spec properly.</div><div><br></div><div>Also, I am n=
ot clear if we can insert run some prescribed actions to be run before or a=
fter firmware installation.=C2=A0=C2=A0</div><div><br></div><div>Rajesh</di=
v><div><br></div></div><div class=3D"gmail_extra"><br><div class=3D"gmail_q=
uote">On Sat, Nov 4, 2017 at 4:32 PM, Carsten Bormann <span dir=3D"ltr">&lt=
;<a href=3D"mailto:cabo@tzi.org" target=3D"_blank">cabo@tzi.org</a>&gt;</sp=
an> wrote:<br><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;=
border-left:1px #ccc solid;padding-left:1ex">On Nov 4, 2017, at 06:17, Raje=
sh Kanungo &lt;<a href=3D"mailto:rajesh@talasecure.com">rajesh@talasecure.c=
om</a>&gt; wrote:<br>
&gt;<br>
&gt; one feature that I really liked:=C2=A0 co-signing.=C2=A0 This allows a=
 firmware update to be co-signed by an operator so that the devices would a=
ccept only firmware approved by the operator (e.g. Utility) .=C2=A0 Many ti=
mes, the operator would test out a manufacturer signed firmware update in t=
heir own setup, work with the manufacturer to fix any issues, then co-sign =
the firmware before distribution.=C2=A0 The target device would only accept=
 utility signed firmware =E2=80=A6<br>
<br>
Thank you for adding content here that leads us away from the format wars.<=
br>
<br>
So basically, you have two signed claims:<br>
<br>
Issuer: manufacturer<br>
Subject: (the firmware)<br>
Claim: This firmware is appropriate for manufx model 0815 rev 4 to 17, when=
 equipped with 128 KiB of RAM<br>
Claim: This firmware provides feature set A, B, M<br>
Claim: This firmware has version 2.17.33 and replaces all numerically small=
er firmware versions<br>
<br>
Issuer: utility<br>
Subject: (the firmware)<br>
Claim: This firmware is appropriate for use in Wesernetz in eastern Bremen,=
 contract types 17, 32, and 38, installation types beta, gamma, and ny.<br>
Claim: Do not replace 2.17.31 with this just yet, there is a bug in the upd=
ater that will be worked around later.<br>
<br>
The authorization policy for the upgrade would check all these claims for (=
authorized authentication and) the requirements that are specific to the de=
vice/model and the installation/usage/contract type.<br>
<br>
Of course, a very constrained device would prefer to (also?) get one claim =
from its authorization manager:<br>
<br>
Issuer: authorization manager<br>
Subject: (the firmware)<br>
Audience: You, the device<br>
Claim: This is good for you<br>
<br>
Gr=C3=BC=C3=9Fe, Carsten<br>
<br>
</blockquote></div><br><br clear=3D"all"><div><br></div>-- <br><div class=
=3D"gmail_signature" data-smartmail=3D"gmail_signature"><div dir=3D"ltr"><d=
iv><div dir=3D"ltr">Rajesh Kanungo<div>President and CTO</div><div>TalaSecu=
re, Inc.</div><div>(408) 431-3035</div></div></div></div></div>
</div>

--001a11402b187bea1e055d27a3ef--


From nobody Sat Nov  4 06:11:34 2017
Return-Path: <cabo@tzi.org>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F2A013FB00 for <suit@ietfa.amsl.com>; Sat,  4 Nov 2017 06:11:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ocZp66S41eOn for <suit@ietfa.amsl.com>; Sat,  4 Nov 2017 06:11:31 -0700 (PDT)
Received: from mailhost.informatik.uni-bremen.de (mailhost.informatik.uni-bremen.de [IPv6:2001:638:708:30c9::12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1F6B913FAF5 for <suit@ietf.org>; Sat,  4 Nov 2017 06:11:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at informatik.uni-bremen.de
Received: from submithost.informatik.uni-bremen.de (submithost.informatik.uni-bremen.de [134.102.201.11]) by mailhost.informatik.uni-bremen.de (8.14.5/8.14.5) with ESMTP id vA4DBR6J017343; Sat, 4 Nov 2017 14:11:27 +0100 (CET)
Received: from pptp-218-1.informatik.uni-bremen.de (pptp-218-1.informatik.uni-bremen.de [134.102.218.240]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by submithost.informatik.uni-bremen.de (Postfix) with ESMTPSA id 3yTfNH0H7KzDXkS; Sat,  4 Nov 2017 14:11:26 +0100 (CET)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <CALRhWctZvAXpW+PvkiHydpoKbLD2-e8Wfrh2o58hPu2x4_4VwA@mail.gmail.com>
Date: Sat, 4 Nov 2017 14:11:26 +0100
Cc: suit@ietf.org
X-Mao-Original-Outgoing-Id: 531493886.2081-ca8ec5f9a32378cca2233103ab3304a6
Content-Transfer-Encoding: quoted-printable
Message-Id: <88586B11-2277-4A8F-A529-0A198BCB60AC@tzi.org>
References: <CALRhWcvFiVrC=wMGe7T6HDKg3PjF=4W+p=FJNOydH3EtT=6Ueg@mail.gmail.com> <80676780-A83B-4DE8-93F4-2C0D78C8250E@tzi.org> <CALRhWctZvAXpW+PvkiHydpoKbLD2-e8Wfrh2o58hPu2x4_4VwA@mail.gmail.com>
To: Rajesh Kanungo <rajesh@talasecure.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/qqo2tj9ErJ1jFGhJX7Wl5Zjy_XU>
Subject: Re: [Suit] WG Review: Software Updates for Internet of Things (suit)
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Nov 2017 13:11:33 -0000

On Nov 4, 2017, at 13:48, Rajesh Kanungo <rajesh@talasecure.com> wrote:
>=20
> I am not clear about the signer's public key or certificate is matched =
to the signature. =20

I hand-waved over that as it is part of the =E2=80=9Cauthorized =
authentication=E2=80=9D.

I generally try to avoid thinking about these authorization problems in =
terms of certificates, as these are a hammer that may not fit a specific =
kind of workpiece (which may, after all, not be a nail).

> I am also not clear regarding how the signing public keys or =
certificates are distributed and/or revoked.  Is that outside the scope =
of the document?  Or am I just not reading the spec properly.

If you think in terms of certificates, that problem can somehow be =
considered solved.
But I think in general certificates are just one way to authorize =
authentication, and we should cast a wider net here.

If you don=E2=80=99t have (want to rely on) the authorization manager, =
the device will need to be configured with some trusted information that =
can be used to transitively authorize the authentication of the =
manufacturer and the operator; authorization chains for these two can be =
combined or kept separate.

In your applications, do you have a secure real-time clock (i.e., can =
you securely check not-before and expiration times)?
That may help getting rid of older certificates, but it also means that =
a firmware image that is delivered together with such certificates ages =
out.

Revocation can be done in a push (e.g., CRL) or a pull (e.g., OCSP or =
token introspection) manner; CRLs are not really appropriate for =
embedded devices.

> Also, I am not clear if we can insert run some prescribed actions to =
be run before or after firmware installation. =20

That sounds good and would need to be added to the signed claims.
Is there a good way to specify these actions in a way that is somewhat =
detached from a specific system or platform?

Gr=C3=BC=C3=9Fe, Carsten


From nobody Sat Nov  4 07:11:32 2017
Return-Path: <rajesh@talasecure.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0DA4D13FBB4 for <suit@ietfa.amsl.com>; Sat,  4 Nov 2017 07:11:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level: 
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=talasecure-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z8dx9UOCvULv for <suit@ietfa.amsl.com>; Sat,  4 Nov 2017 07:11:29 -0700 (PDT)
Received: from mail-io0-x234.google.com (mail-io0-x234.google.com [IPv6:2607:f8b0:4001:c06::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4209113FB00 for <suit@ietf.org>; Sat,  4 Nov 2017 07:11:29 -0700 (PDT)
Received: by mail-io0-x234.google.com with SMTP id f20so11407461ioj.9 for <suit@ietf.org>; Sat, 04 Nov 2017 07:11:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=talasecure-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=rwp2frA1VwWaJZdMjo0EGmSz1zGtQc/R3wuhwQkhD10=; b=PTGyZukLoXoeEqyV7sk4rFXJijkQmTDDLGOdb5Ax+5fCpsNYaVKjh92T6OBelDpvhd k4GjDRm71eCdsuRUWIpP98P3+PSITMb3zczCVQh/sKo8QDAKmUs7UJTzuTQoDTYX6DFs JxZj7WY+lvHvfsTYjx8PW5D36QkczHYi1KX5TnwZKgfGGERJzv0/z+hx2EHvvzhum55L oILVe5pYvySdiWwM8nzKOzqJndG5eYkqELoFJjhLguy6Rf65mBgrvgKp+Glp5zLqxyfE tUX/KNIL07nTGL6ObBLbAi1LQ6XzQK38V/fqshxX5JuKvHQ8PRJD7qzAE5Lro2QAJrV6 t97A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=rwp2frA1VwWaJZdMjo0EGmSz1zGtQc/R3wuhwQkhD10=; b=lDND8wHckkaPIj1ZTwbKediLWRed/g47NSDE/ICwPTP282HyBi1j2OspR325hNTklT vlMz41ndiv6eEe8hSVfEW7Nnjs94rXgiA7/+46gK+Q55dT/HF6tIMh4Z5V5XKLIg8nie V10lOvl9JTgy9HNJNrOkQtce+0PG9W4BbmGoudGwaWorvxL6iMIHYr7XhXrTIZCj7JZn Gc3wRyv40zVn70oq0nD9d1NCQ9/ecPLKSPcG2dgN98Zml6BcgqTN/seoB0KnMY3/Zc3d 8suca4KnzuBcYeIFpx8twkSzxR7TCk7JkgKdOxokh7cleKprwbb1arnNQbXjcieF8Vq/ jm/g==
X-Gm-Message-State: AJaThX5DRzJwuetAwyPAaIhL8zQxVo+qciXw5Z+cAYRomAIsbzlbbfGp OsEYpegADXlNpE9ChOcm3lsQTZO0nF7jk6APqVtUyQ==
X-Google-Smtp-Source: ABhQp+Qq3tjfU6BdhA1eFH6DU1HYABr7lCg94J1KOqBMlQ40cW92W0umIvxkoBgiDqRo96a96V/XzdUJuo66PUUoP4E=
X-Received: by 10.107.10.82 with SMTP id u79mr13039125ioi.252.1509804688528; Sat, 04 Nov 2017 07:11:28 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.2.5.196 with HTTP; Sat, 4 Nov 2017 07:11:27 -0700 (PDT)
In-Reply-To: <88586B11-2277-4A8F-A529-0A198BCB60AC@tzi.org>
References: <CALRhWcvFiVrC=wMGe7T6HDKg3PjF=4W+p=FJNOydH3EtT=6Ueg@mail.gmail.com> <80676780-A83B-4DE8-93F4-2C0D78C8250E@tzi.org> <CALRhWctZvAXpW+PvkiHydpoKbLD2-e8Wfrh2o58hPu2x4_4VwA@mail.gmail.com> <88586B11-2277-4A8F-A529-0A198BCB60AC@tzi.org>
From: Rajesh Kanungo <rajesh@talasecure.com>
Date: Sat, 4 Nov 2017 19:41:27 +0530
Message-ID: <CALRhWcvgJyfu2YuZzVcVRMMH8qB+MPjYR2+Ly-r9skxgU3wwPQ@mail.gmail.com>
To: Carsten Bormann <cabo@tzi.org>
Cc: suit@ietf.org
Content-Type: multipart/alternative; boundary="001a113f9b4a23ea34055d28cc1c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/W9RWV8NY3FACS2JQtWSQ1Uvr_qk>
Subject: Re: [Suit] WG Review: Software Updates for Internet of Things (suit)
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Nov 2017 14:11:31 -0000

--001a113f9b4a23ea34055d28cc1c
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Sat, Nov 4, 2017 at 6:41 PM, Carsten Bormann <cabo@tzi.org> wrote:

> On Nov 4, 2017, at 13:48, Rajesh Kanungo <rajesh@talasecure.com> wrote:
> >
> > I am not clear about the signer's public key or certificate is matched
> to the signature.
>
> I hand-waved over that as it is part of the =E2=80=9Cauthorized authentic=
ation=E2=80=9D.
>
> I generally try to avoid thinking about these authorization problems in
> terms of certificates, as these are a hammer that may not fit a specific
> kind of workpiece (which may, after all, not be a nail).
>

I had a simpler problem:  A device may have 10 public keys.  The firmware
update arrives with a signature.   How do you use the right public key to
verify the signature?

Remember that signature checks on these devices (especially energy limited
devices) can have a small but not so insignificant drain.

>
> > I am also not clear regarding how the signing public keys or
> certificates are distributed and/or revoked.  Is that outside the scope o=
f
> the document?  Or am I just not reading the spec properly.
>
> If you think in terms of certificates, that problem can somehow be
> considered solved.
> But I think in general certificates are just one way to authorize
> authentication, and we should cast a wider net here.
>
> If you don=E2=80=99t have (want to rely on) the authorization manager, th=
e device
> will need to be configured with some trusted information that can be used
> to transitively authorize the authentication of the manufacturer and the
> operator; authorization chains for these two can be combined or kept
> separate.
>
> In your applications, do you have a secure real-time clock (i.e., can you
> securely check not-before and expiration times)?
> That may help getting rid of older certificates, but it also means that a
> firmware image that is delivered together with such certificates ages out=
.
>
> Revocation can be done in a push (e.g., CRL) or a pull (e.g., OCSP or
> token introspection) manner; CRLs are not really appropriate for embedded
> devices.
>

Unfortunately turns out to be an issue if the headend gets compromised.
Utilities have demanded this mechanism.  We do need to revoke older keys
and install new public keys.

>
> > Also, I am not clear if we can insert run some prescribed actions to be
> run before or after firmware installation.
>
> That sounds good and would need to be added to the signed claims.
> Is there a good way to specify these actions in a way that is somewhat
> detached from a specific system or platform?
>
>
The crudest thing is a reference to entries in table of actions.  Fairly
language independent.  I said fairly because I can foresee format wars ...
your favorite ...

The installed firmware must support preinstall actions.  The post install
actions must be supported by the complete installed firmware.

I doubt we can enforce transactional semantics in these devices.

Gr=C3=BC=C3=9Fe, Carsten
>
>


--=20
Rajesh Kanungo
President and CTO
TalaSecure, Inc.
(408) 431-3035

--001a113f9b4a23ea34055d28cc1c
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div><br></div><div class=3D"gmail_extra"><br><div class=
=3D"gmail_quote">On Sat, Nov 4, 2017 at 6:41 PM, Carsten Bormann <span dir=
=3D"ltr">&lt;<a href=3D"mailto:cabo@tzi.org" target=3D"_blank">cabo@tzi.org=
</a>&gt;</span> wrote:<br><blockquote class=3D"gmail_quote" style=3D"margin=
:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On Nov 4, 2017, at=
 13:48, Rajesh Kanungo &lt;<a href=3D"mailto:rajesh@talasecure.com">rajesh@=
talasecure.com</a>&gt; wrote:<br>
&gt;<br>
&gt; I am not clear about the signer&#39;s public key or certificate is mat=
ched to the signature.<br>
<br>
I hand-waved over that as it is part of the =E2=80=9Cauthorized authenticat=
ion=E2=80=9D.<br>
<br>
I generally try to avoid thinking about these authorization problems in ter=
ms of certificates, as these are a hammer that may not fit a specific kind =
of workpiece (which may, after all, not be a nail).<br></blockquote><div><b=
r></div><div>I had a simpler problem:=C2=A0 A device may have 10 public key=
s.=C2=A0 The firmware update arrives with a signature.=C2=A0 =C2=A0How do y=
ou use the right public key to verify the signature?=C2=A0=C2=A0</div><div>=
<br></div><div>Remember that signature checks on these devices (especially =
energy limited devices) can have a small but not so insignificant drain.=C2=
=A0=C2=A0</div><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex=
;border-left:1px #ccc solid;padding-left:1ex">
<br>
&gt; I am also not clear regarding how the signing public keys or certifica=
tes are distributed and/or revoked.=C2=A0 Is that outside the scope of the =
document?=C2=A0 Or am I just not reading the spec properly.<br>
<br>
If you think in terms of certificates, that problem can somehow be consider=
ed solved.<br>
But I think in general certificates are just one way to authorize authentic=
ation, and we should cast a wider net here.<br>
<br>
If you don=E2=80=99t have (want to rely on) the authorization manager, the =
device will need to be configured with some trusted information that can be=
 used to transitively authorize the authentication of the manufacturer and =
the operator; authorization chains for these two can be combined or kept se=
parate.<br>
<br>
In your applications, do you have a secure real-time clock (i.e., can you s=
ecurely check not-before and expiration times)?<br>
That may help getting rid of older certificates, but it also means that a f=
irmware image that is delivered together with such certificates ages out.<b=
r>
<br>
Revocation can be done in a push (e.g., CRL) or a pull (e.g., OCSP or token=
 introspection) manner; CRLs are not really appropriate for embedded device=
s.<br></blockquote><div><br></div><div>Unfortunately turns out to be an iss=
ue if the headend gets compromised. Utilities have demanded this mechanism.=
=C2=A0 We do need to revoke older keys and install new public keys.=C2=A0=
=C2=A0</div><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;bo=
rder-left:1px #ccc solid;padding-left:1ex">
<br>
&gt; Also, I am not clear if we can insert run some prescribed actions to b=
e run before or after firmware installation.<br>
<br>
That sounds good and would need to be added to the signed claims.<br>
Is there a good way to specify these actions in a way that is somewhat deta=
ched from a specific system or platform?<br>
<br></blockquote><div>=C2=A0</div><div>The crudest thing is a reference to =
entries in table of actions.=C2=A0 Fairly language independent.=C2=A0 I sai=
d fairly because I can foresee format wars ... your favorite ...</div><div>=
<br></div><div>The installed firmware must support preinstall actions.=C2=
=A0 The post install actions must be supported by the complete installed fi=
rmware.</div><div><br></div><div>I doubt we can enforce transactional seman=
tics in these devices.=C2=A0=C2=A0</div><div><br></div><blockquote class=3D=
"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding=
-left:1ex">
Gr=C3=BC=C3=9Fe, Carsten<br>
<br>
</blockquote></div><br><br clear=3D"all"><div><br></div>-- <br><div class=
=3D"gmail_signature" data-smartmail=3D"gmail_signature"><div dir=3D"ltr"><d=
iv><div dir=3D"ltr">Rajesh Kanungo<div>President and CTO</div><div>TalaSecu=
re, Inc.</div><div>(408) 431-3035</div></div></div></div></div>
</div></div>

--001a113f9b4a23ea34055d28cc1c--


From nobody Sat Nov  4 10:15:22 2017
Return-Path: <housley@vigilsec.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5ED7413FBB4 for <suit@ietfa.amsl.com>; Sat,  4 Nov 2017 10:15:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level: 
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U-ZXFZ8eJT01 for <suit@ietfa.amsl.com>; Sat,  4 Nov 2017 10:15:19 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7C7BF13FBAF for <suit@ietf.org>; Sat,  4 Nov 2017 10:15:19 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id C5A073005D6 for <suit@ietf.org>; Sat,  4 Nov 2017 13:15:18 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id W_r7TaZdH-EO for <suit@ietf.org>; Sat,  4 Nov 2017 13:15:16 -0400 (EDT)
Received: from a860b60074bd.home (pool-108-45-101-150.washdc.fios.verizon.net [108.45.101.150]) by mail.smeinc.net (Postfix) with ESMTPSA id D35A430026A; Sat,  4 Nov 2017 13:15:16 -0400 (EDT)
From: Russ Housley <housley@vigilsec.com>
Message-Id: <4740CCB5-7CC7-4998-8C61-99A597B23DB3@vigilsec.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_CA70CA6A-F871-4757-8983-009AED95EC03"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Date: Sat, 4 Nov 2017 13:15:17 -0400
In-Reply-To: <CALRhWcvgJyfu2YuZzVcVRMMH8qB+MPjYR2+Ly-r9skxgU3wwPQ@mail.gmail.com>
Cc: suit@ietf.org
To: Rajesh Kanungo <rajesh@talasecure.com>
References: <CALRhWcvFiVrC=wMGe7T6HDKg3PjF=4W+p=FJNOydH3EtT=6Ueg@mail.gmail.com> <80676780-A83B-4DE8-93F4-2C0D78C8250E@tzi.org> <CALRhWctZvAXpW+PvkiHydpoKbLD2-e8Wfrh2o58hPu2x4_4VwA@mail.gmail.com> <88586B11-2277-4A8F-A529-0A198BCB60AC@tzi.org> <CALRhWcvgJyfu2YuZzVcVRMMH8qB+MPjYR2+Ly-r9skxgU3wwPQ@mail.gmail.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/jK8S_5h3SbcZ-fafgYUuHjjeFOs>
Subject: Re: [Suit] WG Review: Software Updates for Internet of Things (suit)
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Nov 2017 17:15:21 -0000

--Apple-Mail=_CA70CA6A-F871-4757-8983-009AED95EC03
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=utf-8


> On Nov 4, 2017, at 10:11 AM, Rajesh Kanungo <rajesh@talasecure.com> =
wrote:
>=20
>=20
>=20
> On Sat, Nov 4, 2017 at 6:41 PM, Carsten Bormann <cabo@tzi.org =
<mailto:cabo@tzi.org>> wrote:
> On Nov 4, 2017, at 13:48, Rajesh Kanungo <rajesh@talasecure.com =
<mailto:rajesh@talasecure.com>> wrote:
> >
> > I am not clear about the signer's public key or certificate is =
matched to the signature.
>=20
> I hand-waved over that as it is part of the =E2=80=9Cauthorized =
authentication=E2=80=9D.
>=20
> I generally try to avoid thinking about these authorization problems =
in terms of certificates, as these are a hammer that may not fit a =
specific kind of workpiece (which may, after all, not be a nail).
>=20
> I had a simpler problem:  A device may have 10 public keys.  The =
firmware update arrives with a signature.   How do you use the right =
public key to verify the signature? =20

In CMS, there are two mechanisms to selecting the certificate of the =
signer:

	1) issuer and serial number of the signer's certificate; and

	2) subject public key identifier, which is essentially the hash =
of the signer's public key.

Either of these should let you select the certificate of the signer from =
the 10 that you have stored.  The second one will also work if you =
stored 10 raw public keys.


> Remember that signature checks on these devices (especially energy =
limited devices) can have a small but not so insignificant drain. =20
>=20
> > I am also not clear regarding how the signing public keys or =
certificates are distributed and/or revoked.  Is that outside the scope =
of the document?  Or am I just not reading the spec properly.
>=20
> If you think in terms of certificates, that problem can somehow be =
considered solved.
> But I think in general certificates are just one way to authorize =
authentication, and we should cast a wider net here.
>=20
> If you don=E2=80=99t have (want to rely on) the authorization manager, =
the device will need to be configured with some trusted information that =
can be used to transitively authorize the authentication of the =
manufacturer and the operator; authorization chains for these two can be =
combined or kept separate.
>=20
> In your applications, do you have a secure real-time clock (i.e., can =
you securely check not-before and expiration times)?
> That may help getting rid of older certificates, but it also means =
that a firmware image that is delivered together with such certificates =
ages out.
>=20
> Revocation can be done in a push (e.g., CRL) or a pull (e.g., OCSP or =
token introspection) manner; CRLs are not really appropriate for =
embedded devices.
>=20
> Unfortunately turns out to be an issue if the headend gets =
compromised. Utilities have demanded this mechanism.  We do need to =
revoke older keys and install new public keys. =20

The Trust Anchor Management Protocol (TAMP) is one way to do this.

Russ


--Apple-Mail=_CA70CA6A-F871-4757-8983-009AED95EC03
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=utf-8

<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html =
charset=3Dutf-8"></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" =
class=3D""><br class=3D""><div><blockquote type=3D"cite" class=3D""><div =
class=3D"">On Nov 4, 2017, at 10:11 AM, Rajesh Kanungo &lt;<a =
href=3D"mailto:rajesh@talasecure.com" =
class=3D"">rajesh@talasecure.com</a>&gt; wrote:</div><br =
class=3D"Apple-interchange-newline"><div class=3D""><div dir=3D"ltr" =
class=3D""><div class=3D""><br class=3D""></div><div =
class=3D"gmail_extra"><br class=3D""><div class=3D"gmail_quote">On Sat, =
Nov 4, 2017 at 6:41 PM, Carsten Bormann <span dir=3D"ltr" =
class=3D"">&lt;<a href=3D"mailto:cabo@tzi.org" target=3D"_blank" =
class=3D"">cabo@tzi.org</a>&gt;</span> wrote:<br class=3D""><blockquote =
class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc =
solid;padding-left:1ex">On Nov 4, 2017, at 13:48, Rajesh Kanungo &lt;<a =
href=3D"mailto:rajesh@talasecure.com" =
class=3D"">rajesh@talasecure.com</a>&gt; wrote:<br class=3D"">
&gt;<br class=3D"">
&gt; I am not clear about the signer's public key or certificate is =
matched to the signature.<br class=3D"">
<br class=3D"">
I hand-waved over that as it is part of the =E2=80=9Cauthorized =
authentication=E2=80=9D.<br class=3D"">
<br class=3D"">
I generally try to avoid thinking about these authorization problems in =
terms of certificates, as these are a hammer that may not fit a specific =
kind of workpiece (which may, after all, not be a nail).<br =
class=3D""></blockquote><div class=3D""><br class=3D""></div><div =
class=3D"">I had a simpler problem:&nbsp; A device may have 10 public =
keys.&nbsp; The firmware update arrives with a signature.&nbsp; =
&nbsp;How do you use the right public key to verify the =
signature?&nbsp;&nbsp;</div></div></div></div></div></blockquote><div><br =
class=3D""></div>In CMS, there are two mechanisms to selecting the =
certificate of the signer:</div><div><br class=3D""></div><div><span =
class=3D"Apple-tab-span" style=3D"white-space:pre">	</span>1) issuer =
and serial number of the signer's certificate; and</div><div><br =
class=3D""></div><div><span class=3D"Apple-tab-span" =
style=3D"white-space:pre">	</span>2) subject public key identifier, =
which is essentially the hash of the signer's public key.</div><div><br =
class=3D""></div><div>Either of these should let you select the =
certificate of the signer from the 10 that you have stored. &nbsp;The =
second one will also work if you stored 10 raw public =
keys.</div><div><br class=3D""></div><div><br class=3D""><blockquote =
type=3D"cite" class=3D""><div class=3D""><div dir=3D"ltr" class=3D""><div =
class=3D"gmail_extra"><div class=3D"gmail_quote"><div class=3D"">Remember =
that signature checks on these devices (especially energy limited =
devices) can have a small but not so insignificant =
drain.&nbsp;&nbsp;</div><blockquote class=3D"gmail_quote" =
style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br class=3D"">
&gt; I am also not clear regarding how the signing public keys or =
certificates are distributed and/or revoked.&nbsp; Is that outside the =
scope of the document?&nbsp; Or am I just not reading the spec =
properly.<br class=3D"">
<br class=3D"">
If you think in terms of certificates, that problem can somehow be =
considered solved.<br class=3D"">
But I think in general certificates are just one way to authorize =
authentication, and we should cast a wider net here.<br class=3D"">
<br class=3D"">
If you don=E2=80=99t have (want to rely on) the authorization manager, =
the device will need to be configured with some trusted information that =
can be used to transitively authorize the authentication of the =
manufacturer and the operator; authorization chains for these two can be =
combined or kept separate.<br class=3D"">
<br class=3D"">
In your applications, do you have a secure real-time clock (i.e., can =
you securely check not-before and expiration times)?<br class=3D"">
That may help getting rid of older certificates, but it also means that =
a firmware image that is delivered together with such certificates ages =
out.<br class=3D"">
<br class=3D"">
Revocation can be done in a push (e.g., CRL) or a pull (e.g., OCSP or =
token introspection) manner; CRLs are not really appropriate for =
embedded devices.<br class=3D""></blockquote><div class=3D""><br =
class=3D""></div><div class=3D"">Unfortunately turns out to be an issue =
if the headend gets compromised. Utilities have demanded this =
mechanism.&nbsp; We do need to revoke older keys and install new public =
keys.&nbsp;&nbsp;</div></div></div></div></div></blockquote><div><br =
class=3D""></div>The Trust Anchor Management Protocol (TAMP) is one way =
to do this.</div><div><br class=3D""></div><div>Russ</div><div><br =
class=3D""></div></body></html>=

--Apple-Mail=_CA70CA6A-F871-4757-8983-009AED95EC03--


From nobody Sat Nov  4 10:16:19 2017
Return-Path: <housley@vigilsec.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9CE2F13FBBD for <suit@ietfa.amsl.com>; Sat,  4 Nov 2017 10:16:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level: 
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LucaoB3kWQgU for <suit@ietfa.amsl.com>; Sat,  4 Nov 2017 10:16:16 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 071CE13FBB8 for <suit@ietf.org>; Sat,  4 Nov 2017 10:16:12 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 722F13005D6 for <suit@ietf.org>; Sat,  4 Nov 2017 13:16:11 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id DO0d4qmlXyAH for <suit@ietf.org>; Sat,  4 Nov 2017 13:16:10 -0400 (EDT)
Received: from a860b60074bd.home (pool-108-45-101-150.washdc.fios.verizon.net [108.45.101.150]) by mail.smeinc.net (Postfix) with ESMTPSA id 256ED30026A; Sat,  4 Nov 2017 13:16:10 -0400 (EDT)
From: Russ Housley <housley@vigilsec.com>
Message-Id: <AA1B3442-42E5-4810-A660-853C502504B2@vigilsec.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_3331877F-3C4B-4AD3-A8AF-31ED0B43AE6D"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Date: Sat, 4 Nov 2017 13:16:10 -0400
In-Reply-To: <CALRhWcvFiVrC=wMGe7T6HDKg3PjF=4W+p=FJNOydH3EtT=6Ueg@mail.gmail.com>
Cc: suit@ietf.org
To: Rajesh Kanungo <rajesh@talasecure.com>
References: <CALRhWcvFiVrC=wMGe7T6HDKg3PjF=4W+p=FJNOydH3EtT=6Ueg@mail.gmail.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/xJlae4i3D4gqDUwk7mSy-VhGKls>
Subject: Re: [Suit] WG Review: Software Updates for Internet of Things (suit)
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Nov 2017 17:16:17 -0000

--Apple-Mail=_3331877F-3C4B-4AD3-A8AF-31ED0B43AE6D
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii

> Question: Any idea about the timestamp start, granularity, end? =20
>=20
> Question about signatures: would you consider a more structured =
signature field? Something like:=20
> https://github.com/multiformats/multihash =
<https://github.com/multiformats/multihash>
>=20
> fn code  dig size hash digest
> -------- -------- ------------------------------------
> 00010001 00000100 101101100 11111000 01011100 10110101
> sha1     4 bytes  4 byte sha1 digest
I do not see what is gained over an IANA registry with registered =
algorithm identifiers.

Russ


--Apple-Mail=_3331877F-3C4B-4AD3-A8AF-31ED0B43AE6D
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=us-ascii

<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html =
charset=3Dus-ascii"></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" =
class=3D""><div><blockquote type=3D"cite" class=3D""><div dir=3D"ltr" =
class=3D""><div class=3D"gmail_quote">Question: Any idea about the =
timestamp start, granularity, end? &nbsp;</div><div =
class=3D"gmail_quote"><br class=3D""></div><div =
class=3D"gmail_quote">Question about signatures: would you consider a =
more structured signature field? Something like:&nbsp;</div><div =
class=3D"gmail_quote"><a =
href=3D"https://github.com/multiformats/multihash" =
class=3D"">https://github.com/multiformats/multihash</a><br =
class=3D""></div><div class=3D"gmail_quote"><br class=3D""></div><div =
class=3D"gmail_quote"><pre =
style=3D"box-sizing:border-box;font-family:SFMono-Regular,Consolas,&quot;L=
iberation =
Mono&quot;,Menlo,Courier,monospace;font-size:13.6px;margin-top:0px;margin-=
bottom:16px;word-wrap:normal;padding:16px;overflow:auto;line-height:1.45;b=
ackground-color:rgb(246,248,250);border-radius:3px;color:rgb(36,41,46)" =
class=3D""><code =
style=3D"box-sizing:border-box;font-family:SFMono-Regular,Consolas,&quot;L=
iberation =
Mono&quot;,Menlo,Courier,monospace;padding:0px;margin:0px;background-color=
:transparent;border-radius:3px;word-break:normal;border:0px;display:inline=
;overflow:visible;line-height:inherit;word-wrap:normal" class=3D"">fn =
code  dig size hash digest
-------- -------- ------------------------------------
00010001 00000100 101101100 11111000 01011100 10110101
sha1     4 bytes  4 byte sha1 =
digest</code></pre></div></div></blockquote></div>I do not see what is =
gained over an IANA registry with registered algorithm identifiers.<div =
class=3D""><br class=3D""></div><div class=3D"">Russ</div><div =
class=3D""><br class=3D""></div></body></html>=

--Apple-Mail=_3331877F-3C4B-4AD3-A8AF-31ED0B43AE6D--


From nobody Sat Nov  4 10:16:27 2017
Return-Path: <cabo@tzi.org>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DF8D413FBB8 for <suit@ietfa.amsl.com>; Sat,  4 Nov 2017 10:16:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V4KJ8c1pCwnQ for <suit@ietfa.amsl.com>; Sat,  4 Nov 2017 10:16:17 -0700 (PDT)
Received: from mailhost.informatik.uni-bremen.de (mailhost.informatik.uni-bremen.de [IPv6:2001:638:708:30c9::12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D2D3113FBB9 for <suit@ietf.org>; Sat,  4 Nov 2017 10:16:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at informatik.uni-bremen.de
Received: from submithost.informatik.uni-bremen.de (submithost.informatik.uni-bremen.de [IPv6:2001:638:708:30c9::b]) by mailhost.informatik.uni-bremen.de (8.14.5/8.14.5) with ESMTP id vA4HG9J7003462; Sat, 4 Nov 2017 18:16:09 +0100 (CET)
Received: from pptp-218-1.informatik.uni-bremen.de (pptp-218-1.informatik.uni-bremen.de [134.102.218.240]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by submithost.informatik.uni-bremen.de (Postfix) with ESMTPSA id 3yTlpd5MJtzDXlm; Sat,  4 Nov 2017 18:16:09 +0100 (CET)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <CALRhWcvgJyfu2YuZzVcVRMMH8qB+MPjYR2+Ly-r9skxgU3wwPQ@mail.gmail.com>
Date: Sat, 4 Nov 2017 18:16:08 +0100
Cc: suit@ietf.org
X-Mao-Original-Outgoing-Id: 531508568.086904-7b7f1cf2201906e64266aef1b6fe0c07
Content-Transfer-Encoding: quoted-printable
Message-Id: <FC203812-5FF0-462D-B827-14B9A4AC63D8@tzi.org>
References: <CALRhWcvFiVrC=wMGe7T6HDKg3PjF=4W+p=FJNOydH3EtT=6Ueg@mail.gmail.com> <80676780-A83B-4DE8-93F4-2C0D78C8250E@tzi.org> <CALRhWctZvAXpW+PvkiHydpoKbLD2-e8Wfrh2o58hPu2x4_4VwA@mail.gmail.com> <88586B11-2277-4A8F-A529-0A198BCB60AC@tzi.org> <CALRhWcvgJyfu2YuZzVcVRMMH8qB+MPjYR2+Ly-r9skxgU3wwPQ@mail.gmail.com>
To: Rajesh Kanungo <rajesh@talasecure.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/DgU8-G4Q2JauB_4wMElOc_VtU5U>
Subject: Re: [Suit] WG Review: Software Updates for Internet of Things (suit)
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Nov 2017 17:16:19 -0000

> I had a simpler problem:  A device may have 10 public keys.  The =
firmware update arrives with a signature.   How do you use the right =
public key to verify the signature? =20

Both CMS and COSE have key identifiers, so that should be solvable.

> Remember that signature checks on these devices (especially energy =
limited devices) can have a small but not so insignificant drain. =20

Right.

Re CRLs:

> Unfortunately turns out to be an issue if the headend gets =
compromised. Utilities have demanded this mechanism.  We do need to =
revoke older keys and install new public keys. =20

Indeed.  A CRL can help you with the former, not with the latter.  Any =
push mechanism that authorizes a new key can also de-authorize an old =
one.  (If you want to flood the de-authorization, you just need a signed =
claim that the compromised key is now de-authorized.)

Re actions around an upgrade:

> The crudest thing is a reference to entries in table of actions.  =
Fairly language independent.  I said fairly because I can foresee format =
wars ... your favorite =E2=80=A6

Which form would these references take?  Text string?  Byte string?

Gr=C3=BC=C3=9Fe, Carsten


From nobody Sat Nov  4 19:56:25 2017
Return-Path: <rajesh@talasecure.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F0FA013FC41 for <suit@ietfa.amsl.com>; Sat,  4 Nov 2017 19:56:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=talasecure-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LxYRDaI9x-pl for <suit@ietfa.amsl.com>; Sat,  4 Nov 2017 19:56:20 -0700 (PDT)
Received: from mail-io0-x22b.google.com (mail-io0-x22b.google.com [IPv6:2607:f8b0:4001:c06::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E1B9713FAE7 for <suit@ietf.org>; Sat,  4 Nov 2017 19:56:19 -0700 (PDT)
Received: by mail-io0-x22b.google.com with SMTP id h70so12407343ioi.4 for <suit@ietf.org>; Sat, 04 Nov 2017 19:56:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=talasecure-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=WWj1iD2rbX48WSJRPAjWiL8sDrd8/H8pzUnpqf3Ylb4=; b=pZVZ4XNmytdQUAOakFJzWq07BvnhBKXr4ApaSBWW0SJzTr1sZ4hP31a4V2O+Q2Pvng HTAhMjGR3KYOrzyIYttm9iwtb43bJftdD08p9M35RnLJxd3dlSCm7ZefLxannBv7U9KI pGEWEg0uLYhLZKZ8AXjbS/U1kMTRQfSR2ESbtp7QCQoyouLi7/ztLR/4BrOiXXC3U0i3 rY1VOsUbDtCsOoYlIVJv0r8bYxM/Kq0Ge/J2J9lknejb2iu6qyuN+ZAdoRXOeSpUYplB PSb3fK8nw+gjVfC2HKV6Hz6xg2gYG9GgQ/0L/jUwY0uw9tV0xrHAoSPD86mwwRM1SgDY xw0A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=WWj1iD2rbX48WSJRPAjWiL8sDrd8/H8pzUnpqf3Ylb4=; b=kZ55Xnjo7qVRNknlbBktmkBF64Cls3zq68Vf+22J3SVm0yFU0M8w2wDXzBQ16U45ru nlOgZPuv99UfR7qmH/EOHKXCyji6dSWTYsgJPummx12H857blN4bcqwXYEzmkB0bH2am RVlTXNdXntqj+VYym+onn4pyMbD42+n3CSqsO7lgshqrwJXRX9+gQMC5VVnZ0JaYgd42 omG3JrHGit6TXnt4QszIXYrrk2ZyEUKju92wD3djx/AupE3ZswYUvynnO1u416licLv6 hrhwLIjoG6M1MyV5OAe+yGQ/6LnrPpTG0JMWnbMr/rkz4rfhCVrkWeXAAmn9E3goVu8d LbUQ==
X-Gm-Message-State: AJaThX70w7+2XcWsq1XUUYTbQBP6mP5ieEgOVaarRohU9TiWOiE2qgzg aySznTHZGlUW+M8siUqaIgZEgVJy2mpQY2lPYVhf5+5hJoc=
X-Google-Smtp-Source: ABhQp+SL9MgcIdeq0nF1cYbZwVCDYwnJ6NZmRuy5mf8vfplQZpH8BmFOmU8EOhP9tsEL7k1MUBYMWNDaZENpTnEe3k8=
X-Received: by 10.107.175.28 with SMTP id y28mr14760910ioe.216.1509850578776;  Sat, 04 Nov 2017 19:56:18 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.2.5.196 with HTTP; Sat, 4 Nov 2017 19:56:18 -0700 (PDT)
In-Reply-To: <FC203812-5FF0-462D-B827-14B9A4AC63D8@tzi.org>
References: <CALRhWcvFiVrC=wMGe7T6HDKg3PjF=4W+p=FJNOydH3EtT=6Ueg@mail.gmail.com> <80676780-A83B-4DE8-93F4-2C0D78C8250E@tzi.org> <CALRhWctZvAXpW+PvkiHydpoKbLD2-e8Wfrh2o58hPu2x4_4VwA@mail.gmail.com> <88586B11-2277-4A8F-A529-0A198BCB60AC@tzi.org> <CALRhWcvgJyfu2YuZzVcVRMMH8qB+MPjYR2+Ly-r9skxgU3wwPQ@mail.gmail.com> <FC203812-5FF0-462D-B827-14B9A4AC63D8@tzi.org>
From: Rajesh Kanungo <rajesh@talasecure.com>
Date: Sun, 5 Nov 2017 08:26:18 +0530
Message-ID: <CALRhWcsh21THNKdNT7ob3m=o6512Fc19Wdts84-k-WZwuRAvkw@mail.gmail.com>
To: Carsten Bormann <cabo@tzi.org>
Cc: suit@ietf.org
Content-Type: multipart/alternative; boundary="001a11445a8e698510055d337b2b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/2Hgsu146D4qQbAHmx3e6pcw4RWw>
Subject: Re: [Suit] WG Review: Software Updates for Internet of Things (suit)
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 05 Nov 2017 02:56:23 -0000

--001a11445a8e698510055d337b2b
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Thanks for your other responses.

On Sat, Nov 4, 2017 at 10:46 PM, Carsten Bormann <cabo@tzi.org> wrote:

>
> > The crudest thing is a reference to entries in table of actions.  Fairl=
y
> language independent.  I said fairly because I can foresee format wars ..=
.
> your favorite =E2=80=A6
>
> Which form would these references take?  Text string?  Byte string?
>

EBCDIC?
More seriously, the general form is a REST API type string.  May be too
much.  Using index numbers is fairly dangerous as it is hard to prevent
collisions.  REST is good but the system can be misused or misunderstood
and can open security holes. A GUID has no meaning; it would be easy to
define and almost impossible to use.  Almost feel like using a URN.  It is
a named procedure we will be invoking.

Mightier minds might want to chime in.

--=20
Rajesh Kanungo
President and CTO
TalaSecure, Inc.
(408) 431-3035

--001a11445a8e698510055d337b2b
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><br><div class=3D"gmail_extra">Thanks for your other respo=
nses.</div><div class=3D"gmail_extra"><br><div class=3D"gmail_quote">On Sat=
, Nov 4, 2017 at 10:46 PM, Carsten Bormann <span dir=3D"ltr">&lt;<a href=3D=
"mailto:cabo@tzi.org" target=3D"_blank">cabo@tzi.org</a>&gt;</span> wrote:<=
br><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;bord=
er-left:1px solid rgb(204,204,204);padding-left:1ex"><br>
&gt; The crudest thing is a reference to entries in table of actions.=C2=A0=
 Fairly language independent.=C2=A0 I said fairly because I can foresee for=
mat wars ... your favorite =E2=80=A6<br>
<br>
Which form would these references take?=C2=A0 Text string?=C2=A0 Byte strin=
g?<br></blockquote></div><br clear=3D"all"><div>EBCDIC?=C2=A0=C2=A0</div><d=
iv>More seriously, the general form is a REST API type string.=C2=A0 May be=
 too much.=C2=A0 Using index numbers is fairly dangerous as it is hard to p=
revent collisions.=C2=A0 REST is good but the system can be misused or misu=
nderstood and can open security holes. A GUID has no meaning; it would be e=
asy to define and almost impossible to use.=C2=A0 Almost feel like using a =
URN.=C2=A0 It is a named procedure we will be invoking.=C2=A0=C2=A0</div><d=
iv><br></div><div>Mightier minds might want to chime in.</div><div><br></di=
v>-- <br><div class=3D"gmail_signature"><div dir=3D"ltr"><div><div dir=3D"l=
tr">Rajesh Kanungo<div>President and CTO</div><div>TalaSecure, Inc.</div><d=
iv>(408) 431-3035</div></div></div></div></div>
</div></div>

--001a11445a8e698510055d337b2b--


From nobody Sun Nov  5 22:45:33 2017
Return-Path: <martin.thomson@gmail.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A146313FAD3 for <suit@ietfa.amsl.com>; Sun,  5 Nov 2017 22:45:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level: 
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nYVrSLl_C93a for <suit@ietfa.amsl.com>; Sun,  5 Nov 2017 22:45:31 -0800 (PST)
Received: from mail-oi0-x22b.google.com (mail-oi0-x22b.google.com [IPv6:2607:f8b0:4003:c06::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8427813FB35 for <suit@ietf.org>; Sun,  5 Nov 2017 22:45:28 -0800 (PST)
Received: by mail-oi0-x22b.google.com with SMTP id f66so6354052oib.2 for <suit@ietf.org>; Sun, 05 Nov 2017 22:45:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;  h=mime-version:from:date:message-id:subject:to; bh=xJJcLOOUm3+Ud+pdw8bptjI2W9QCQxncIuCEE2dgSmg=; b=VdMO2fBkJNJ0+DyIF2SoycwgRN6CMO/sxUukBFp/qVPphoEauES/bS8BGCXdec4Y7k xbaUKlzTFoTrak5QB2SB3DeulYjGIJ5GDMlwhBUto73P8ZjKfxjUlI/UNOyLstCJ4jzG noDW9y4qjrPMijLNetxv8CFFJGg4XssY22uVnAhbbD03oh0L72lcBHbCPDP8U8kNisJe th6ZC6qdW1r7cuRdlRek+qy+n1hyfjgYtOoOzQu0F3u3Zjo/u6oaQEnkK+mkxI53sNM9 59e7N2u6YXUQ8fokVvAnBqB2/qjV6FaLkJJBEk1KtSei+mQB9/5DbQYGrvFwYgwYsiM3 J0rA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=xJJcLOOUm3+Ud+pdw8bptjI2W9QCQxncIuCEE2dgSmg=; b=qaSmUR0V/NwS+64EMNnVW5alt8JOZQqrM9+vLUOprHZ2ebsswriKl16vM4j3df7IlX KhsxKMmUq2MKlcIPAoHSRVOpt3f+Wv1hbhObEfHpEq7SCHggjS4dzuznINjJel7EFu37 u9TaZruKwKcdrNmSJJccME90OmkYUXEEgdVWCEidxcclxdyGQ/CfkRmEas5sHt+vfhpt 0odFnDf5i9zrAKFOebeslzavxpcGote0tqvTeaVwxjRFiGHcILjP4fBCOAimnC0My8QH 3J4cdywX/jHZznYoF/5ImduXPCtjNPmnao0sp1GFafuzYlqSJ8T1pDtrnD5W5j/3sMXJ o6+w==
X-Gm-Message-State: AMCzsaXppW1P5VgpmvxvYmWIIYopRauoVCyqRRGG276lZmxSpcWIUax7 pGbgTjBdCIAFuFFx+0IFVSQ0e/EmHdEwlKN9UNWLy1r6
X-Google-Smtp-Source: ABhQp+S+C80Jyfqxs+kBU9UGv7VbklpwIbY52ox+lossovmj4pZ0msN1TVB/TwrJno8Emi2u+bAcuXbTSkytK9oTOPg=
X-Received: by 10.202.217.197 with SMTP id q188mr7488960oig.83.1509950727577;  Sun, 05 Nov 2017 22:45:27 -0800 (PST)
MIME-Version: 1.0
Received: by 10.157.15.155 with HTTP; Sun, 5 Nov 2017 22:45:27 -0800 (PST)
From: Martin Thomson <martin.thomson@gmail.com>
Date: Mon, 6 Nov 2017 17:45:27 +1100
Message-ID: <CABkgnnXEr7M7399MF3qkUrbdR_mjtnZxsgW_JyNYpa0NgRdbHA@mail.gmail.com>
To: suit@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/eyTd6JN9QcdSYWwNgjihyiuQC1Q>
Subject: [Suit] Thoughts on requirements and scope
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Nov 2017 06:45:33 -0000

Given that we are having a BOF, it's most appropriate to concentrate
on requirements and scope.

I've reviewed draft-moran-* and draft-nandakumar-* and I think that
there is considerable overlap in stated requirements.

The two key points of contention seem to be:

1. whether the firmware retrieval mechanism is in scope or not (I'm
including discovery here)

  I don't see any easy path to agreeing on an MTI for delivery
mechanism - these things are just to disparate - and that would be the
primary outcome of taking on that part of the work.  That said, it
would be a huge win if an agreement could be reached.

   Here, draft-moran-suit-manifest confuses things by insisting on the
presence of a field that identifies the location of the firmware
image.  If delivery/retrieval mechanisms are intentionally out of
scope, then a named-data approach would avoid any need to reference
them (i.e., identify using a hash or the via the signature of an
authorization).

2. manifest format, whether it be specific or not

  Frankly, I don't find the claims in draft-nandakumar-* to be
convincing.  Flexibility in terms of format needs some pretty strong
justification.  If this is done well, the cost of implementing the
manifest format will be dwarfed by the cost of the crypto code.

Other than those two issues, I don't see much divergence.

There is the minor point about encryption of images that Suhas makes.
I don't think that we *need* to fight about this one.  If a vendor
wants to encrypt their images, then they can create a package format
that encrypts the update without touching the manifest in any way.
That would move the encryption keys (and cryptography) to the update
itself.  In other words, it could be proprietary.  There is some loss
of value to the ecosystem in not having a generic, vetted design, so
I'd say that the question instead boils down to whether the group
wants to take on the work. Based on the solutions in front of us, it
looks like encryption could easily be done as an extension.


From nobody Mon Nov  6 00:13:57 2017
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A982C13FB48 for <suit@ietfa.amsl.com>; Mon,  6 Nov 2017 00:13:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Level: 
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yEmH4P9FfTZS for <suit@ietfa.amsl.com>; Mon,  6 Nov 2017 00:13:53 -0800 (PST)
Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-eopbgr40070.outbound.protection.outlook.com [40.107.4.70]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 23FD213FB34 for <suit@ietf.org>; Mon,  6 Nov 2017 00:13:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=GrtyFP7W3ALruWTIWXHr8RXYcbipQfgqI8WTAGoNPNU=; b=fC9gxodTRR1c1rBEKynlFg5c7evXDkOTGUex4o7gK9kpDwMB3loUsyhdCDRI0DHNnXS6ZSj07RUtNZ+V/v+uw+pLmeH6hXi21Y6myQLVmykG2muLN4qEIQs4BXuieG02op48Dyf2sVPzDkzUb5suqmd+hhHBj/dvdgPF280tr/U=
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com (10.167.90.148) by AM4PR0801MB2706.eurprd08.prod.outlook.com (10.167.90.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.197.13; Mon, 6 Nov 2017 08:13:49 +0000
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::403b:850e:c32c:fad6]) by AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::403b:850e:c32c:fad6%13]) with mapi id 15.20.0197.017; Mon, 6 Nov 2017 08:13:49 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Carsten Bormann <cabo@tzi.org>, Rajesh Kanungo <rajesh@talasecure.com>
CC: "suit@ietf.org" <suit@ietf.org>
Thread-Topic: Manifest details ... was RE: [Suit] WG Review: Software Updates for Internet of Things (suit)
Thread-Index: AdNW1Dz30Fo1IvtLQDyI+7Y2wp7MOA==
Date: Mon, 6 Nov 2017 08:13:49 +0000
Message-ID: <AM4PR0801MB270673F1D2E585A960CB159FFA500@AM4PR0801MB2706.eurprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com; 
x-originating-ip: [80.92.116.199]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM4PR0801MB2706; 6:Rkfv0dQMla4JapZUrYoalHPXPrytGSdq3bSdIhmsMU1CacuVaxc7wgnnR+nx5x3kfWjolJL1fXezqOh5gybWu8gmO+A91Y+/ostfZ2JDXExaQknoeQdVILoHiuY4x6CYZIBNPLQ7s85r8AqSzjuZQlZ5JaCTu52zKVJrf8OmffHPuhWbZHUmYFlCs5s0GFciGx3Dpom/ZEwAQsT5rFpPr0o8v3SHYIEQKIVKF9FiRv0Woap3c560nOxLICWkT0TJL4vx0NV0IKDXC1qJLgOKovsBeGYT58yi5hFJOz+OqRYKDeHj7XojqRRRqYEigKyeMXVpqbGHJPgPMWqtDeB86NzR0gcA/E+q1YzFrrHCrDY=; 5:va4vhCp7Ke+i9KGKjZlY1lbuZJG45+YlfuigGDyaO/NfU9OoqhxF9fE45wZ98hKDSXOsSqDBJfTHjr7HU3h8PaeSZ5AoXRtX+90OBLxmQellR09ad5EkHh5R3QDU2gk9LTQWtyKFTvCTwc+45iHVPYo6iJnHx/5I8d3Mt9bV7KI=; 24:EWhFRpkgwHYV/SAgfvRGM4pONJMvIeYQFsdyg0bmgA0yuwpttBCe3/gRqiJV6iN+4pb3QQcZ5ShrDuATu3MZvCgZrFC1rACb2QlTGhwr1BU=; 7:nGIBmQy03SawjyURCwVhhC1N75zLgEgtcG3YWOHxYl5SRherw8UkCOYBD0iwsxmZ76X7K7w0FE5ZSMkaUGb33ove+m982WZt9brPQbyotEy58LdtSRQFx0DZnoBpUOF7Djt6CpFFIFo4UVxulV1BD56zKsttVjl/qSFk6npbVjKC0rqfFSVgfIhoQCuuf9JFDKB0y11lDAZ9/7u2Np9kob3AgVmISyg+lQgSmWIPx6ULw0+sGQEQaf3m74ibp6mW
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 0532f620-78eb-4f85-0221-08d524ee4f83
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603249); SRVR:AM4PR0801MB2706; 
x-ms-traffictypediagnostic: AM4PR0801MB2706:
x-exchange-antispam-report-test: UriScan:(65766998875637)(120809045254105)(131022147185803); 
x-microsoft-antispam-prvs: <AM4PR0801MB27067CCFA6640F2E06B31E27FA500@AM4PR0801MB2706.eurprd08.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(93006095)(93001095)(100000703101)(100105400095)(3231021)(10201501046)(3002001)(6055026)(6041248)(20161123555025)(20161123560025)(20161123564025)(20161123562025)(20161123558100)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:AM4PR0801MB2706; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:AM4PR0801MB2706; 
x-forefront-prvs: 048396AFA0
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(346002)(376002)(13464003)(189002)(199003)(40434004)(966005)(6436002)(54356999)(3280700002)(72206003)(101416001)(25786009)(6506006)(106356001)(478600001)(105586002)(4326008)(3660700001)(33656002)(14454004)(189998001)(15650500001)(53936002)(53546010)(68736007)(110136005)(5890100001)(99286004)(2900100001)(66066001)(81156014)(5250100002)(6306002)(55016002)(74316002)(97736004)(305945005)(7696004)(8936002)(81166006)(316002)(102836003)(3846002)(6116002)(8676002)(86362001)(7736002)(5660300001)(50986999)(2906002)(9686003); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR0801MB2706; H:AM4PR0801MB2706.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 0532f620-78eb-4f85-0221-08d524ee4f83
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Nov 2017 08:13:49.6189 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0801MB2706
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/LUTz8hAG9302PGT8Dkcqn_lPTq4>
Subject: [Suit] Manifest details ... was RE: WG Review: Software Updates for Internet of Things (suit)
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Nov 2017 08:13:55 -0000

SGkgQ2Fyc3RlbiwgSGkgUmFqZXNoLA0KDQpJdCBpcyBnb29kIHRvIHNlZSB0aGF0IHlvdSBndXlz
IGFyZSBsb29raW5nIGF0IHRoZSBkZXRhaWxzLg0KDQoqIFdvdWxkbid0IGl0IGJlIGdyZWF0IHRv
IGluZGljYXRlIGNvbmRpdGlvbnMgKH5jbGFpbXMpIGFib3V0IHdoZW4gdGhlIGZpcm13YXJlIHVw
ZGF0ZSBzaG91bGQgYmUgYXBwbGllZD8NCg0KRm9yIHN1cmUuIFRoYXQncyB3aHkgd2UgYWRkZWQg
dGhpcyBmdW5jdGlvbmFsaXR5IGluIHRoZSBtYW5pZmVzdCBkcmFmdDoNCmh0dHBzOi8vdG9vbHMu
aWV0Zi5vcmcvaHRtbC9kcmFmdC1tb3Jhbi1zdWl0LW1hbmlmZXN0LTAwI3NlY3Rpb24tMy4zDQoN
CldoYXQgaXMgdGhlIHJpZ2h0IGVuY29kaW5nIG9mIHRoZSBjbGFpbXM/IEhhcmQgdG8gc2F5IChq
dWRnaW5nIGZyb20gdGhlIGRpc2N1c3Npb25zKSBvbiB0aGUgbGlzdC4NCg0KKiBTaWduYXR1cmUg
Y2hlY2tzIGFyZSBjb21wdXRhdGlvbmFsIGV4cGVuc2l2ZS4NCg0KWWVzLCBoZXJlIHNvbWUgZGV0
YWlsczoNCmh0dHBzOi8vY3NyYy5uaXN0Lmdvdi9jc3JjL21lZGlhL2V2ZW50cy9saWdodHdlaWdo
dC1jcnlwdG9ncmFwaHktd29ya3Nob3AtMjAxNS9kb2N1bWVudHMvcHJlc2VudGF0aW9ucy9zZXNz
aW9uNy12aW5jZW50LnBkZg0KDQpNb3JlIHdvcmsgYmVpbmcgcmVsZWFzZWQgc29vbiwgYXMgcHJl
c2VudGVkIGF0IHRoZSBTQUFHIG1lZXRpbmcgQCBJRVRGIzk4Og0KaHR0cHM6Ly9kYXRhdHJhY2tl
ci5pZXRmLm9yZy9tZWV0aW5nLzk4L21hdGVyaWFscy9zbGlkZXMtOTgtc2FhZy1lZW1iYy1pb3Qt
c2VjdXJpdHktYmVuY2htYXJrcw0KDQpBbiBhbHRlcm5hdGl2ZSBpcyB0aGUgdXNlIG9mIHN5bW1l
dHJpYyBrZXkgYWxnb3JpdGhtcyBzaW5jZSB0aGVyZSBhcmUganVzdCBzb21lIGRldmljZXMgdGhh
dCBjYW5ub3QgZG8gdGhlIHB1YmxpYyBrZXkgY3J5cHRvLiBUaGVyZSB3YXNuJ3QgZW5vdWdoIHRp
bWUgdG8gcHJlcGFyZSB0aGUgZHJhZnQgYmVmb3JlIHRoZSBkZWFkbGluZSB0aG91Z2ggYnV0IHRo
ZSBkZXRhaWxzIGFyZSBwcm9iYWJseSBmYWlybHkgb2J2aW91cy4NCg0KKiBXb3VsZG4ndCBpdCBi
ZSBncmVhdCB0byBkbyBjZXJ0aWZpY2F0ZSByZXZvY2F0aW9uIGNoZWNrcz8NCg0KWWVzLCB0aGF0
IHdvdWxkIGJlIGF3ZXNvbWUgYnV0IHRoZXJlIGFyZSBjaGFsbGVuZ2VzLiBBbGwgc29sdXRpb25z
LCBPU0NQIChmb3IgZXhhbXBsZSB2aWEgdGhlIG11bHRpcGxlIE9TQ1Agc3RhcGxpbmcgaW4gVExT
KSwgIENSTHMsIHNob3J0IGxpdmVkIGNlcnRpZmljYXRlcywgaGF2ZSBwcm9zICYgY29ucy4gT25l
IHJlY2VudGx5IGVtZXJnaW5nIHN0b3J5IGlzIHRoYXQgdGhlcmUgYXJlIGRpZmZlcmVudCB0eXBl
cyBvZiBwdWJsaWMga2V5cyBvbiB0aGUgZGV2aWNlIGFuZCB0aGF0IHlvdSBpbnRyb2R1Y2UgYW5v
dGhlciBsYXllciBvZiBpbmRpcmVjdGlvbiBzbyB0aGF0IG9uZSBjYW4gc3dpdGNoIGZyb20gbWFu
dWZhY3R1cmVyIHByb3ZpZGVkIGNyZWRlbnRpYWxzIHRvIHNob3J0ZXItbGl2ZWQgb3BlcmF0aW9u
YWwgY3JlZGVudGlhbHMuIFlvdSB3aWxsIHNvb24gYmUgYWJsZSB0byByZWFkIG1vcmUgYWJvdXQg
dGhpcyBpbiBhIG5pY2UgSVBTTyBwdWJsaWNhdGlvbiBvbiBJb1QgZGV2aWNlIGNyZWRlbnRpYWwg
bWFuYWdlbWVudC4NCg0KKiBDby1zaWduaW5nDQoNClRoaXMgdG9waWMgd2FzIGRpc2N1c3NlZCBh
dCB0aGUgSW9UU1Ugd29ya3Nob3AgYW5kIHdoaWxlIHRoZW9yZXRpY2FsbHkgcG9zc2libGUgdGhh
dCBtdWx0aXBsZSBwYXJ0aWVzIHNpZ24gYSBmaXJtd2FyZSBpbWFnZSBpdCBjb21lcyBhdCBhIGNv
c3QgYW5kIGZvciB0aGF0IHJlYXNvbiBJIGhhdmVuJ3Qgc2VlbiBpdCBiZWluZyB1c2VkIGluIHBy
YWN0aWNlIGZvciBlbWJlZGRlZCBkZXZpY2VzLg0KDQoqIEFueSBpZGVhIGFib3V0IHRoZSB0aW1l
c3RhbXAgc3RhcnQsIGdyYW51bGFyaXR5LCBlbmQ/DQoNClRoZSB0aW1lc3RhbXAgaW5kaWNhdGVz
IHdoZW4gdGhlIG1hbmlmZXN0IHdhcyBjcmVhdGVkLiBUaGVyZSBhcmUsIGhvd2V2ZXIsIG90aGVy
IChwb3RlbnRpYWxseSBvcHRpb25hbCkgY29uZGl0aW9ucy9jbGFpbXMgdGhhdCBoYXZlIHRpbWUg
aW5mb3JtYXRpb24sIHN1Y2ggYXMgIkFwcGx5IEFmdGVyIiB3aGljaCBpbmRpY2F0ZXMgdGhhdCB0
aGUgZGV2aWNlIHNob3VsZCBub3QgYXBwbHkgdGhlIGZpcm13YXJlIHVwZGF0ZSBwcmlvciBhIHNw
ZWNpZmljIHRpbWUvZGF0ZS4gQXJlIHlvdSB0YWxraW5nIGFib3V0IHRoaXMgdGltZSBpbmZvcm1h
dGlvbj8NCg0KQ2lhbw0KSGFubmVzDQoNCi0tLS0tT3JpZ2luYWwgTWVzc2FnZS0tLS0tDQpGcm9t
OiBTdWl0IFttYWlsdG86c3VpdC1ib3VuY2VzQGlldGYub3JnXSBPbiBCZWhhbGYgT2YgQ2Fyc3Rl
biBCb3JtYW5uDQpTZW50OiAwNCBOb3ZlbWJlciAyMDE3IDE4OjE2DQpUbzogUmFqZXNoIEthbnVu
Z28NCkNjOiBzdWl0QGlldGYub3JnDQpTdWJqZWN0OiBSZTogW1N1aXRdIFdHIFJldmlldzogU29m
dHdhcmUgVXBkYXRlcyBmb3IgSW50ZXJuZXQgb2YgVGhpbmdzIChzdWl0KQ0KDQo+IEkgaGFkIGEg
c2ltcGxlciBwcm9ibGVtOiAgQSBkZXZpY2UgbWF5IGhhdmUgMTAgcHVibGljIGtleXMuICBUaGUg
ZmlybXdhcmUgdXBkYXRlIGFycml2ZXMgd2l0aCBhIHNpZ25hdHVyZS4gICBIb3cgZG8geW91IHVz
ZSB0aGUgcmlnaHQgcHVibGljIGtleSB0byB2ZXJpZnkgdGhlIHNpZ25hdHVyZT8NCg0KQm90aCBD
TVMgYW5kIENPU0UgaGF2ZSBrZXkgaWRlbnRpZmllcnMsIHNvIHRoYXQgc2hvdWxkIGJlIHNvbHZh
YmxlLg0KDQo+IFJlbWVtYmVyIHRoYXQgc2lnbmF0dXJlIGNoZWNrcyBvbiB0aGVzZSBkZXZpY2Vz
IChlc3BlY2lhbGx5IGVuZXJneSBsaW1pdGVkIGRldmljZXMpIGNhbiBoYXZlIGEgc21hbGwgYnV0
IG5vdCBzbyBpbnNpZ25pZmljYW50IGRyYWluLg0KDQpSaWdodC4NCg0KUmUgQ1JMczoNCg0KPiBV
bmZvcnR1bmF0ZWx5IHR1cm5zIG91dCB0byBiZSBhbiBpc3N1ZSBpZiB0aGUgaGVhZGVuZCBnZXRz
IGNvbXByb21pc2VkLiBVdGlsaXRpZXMgaGF2ZSBkZW1hbmRlZCB0aGlzIG1lY2hhbmlzbS4gIFdl
IGRvIG5lZWQgdG8gcmV2b2tlIG9sZGVyIGtleXMgYW5kIGluc3RhbGwgbmV3IHB1YmxpYyBrZXlz
Lg0KDQpJbmRlZWQuICBBIENSTCBjYW4gaGVscCB5b3Ugd2l0aCB0aGUgZm9ybWVyLCBub3Qgd2l0
aCB0aGUgbGF0dGVyLiAgQW55IHB1c2ggbWVjaGFuaXNtIHRoYXQgYXV0aG9yaXplcyBhIG5ldyBr
ZXkgY2FuIGFsc28gZGUtYXV0aG9yaXplIGFuIG9sZCBvbmUuICAoSWYgeW91IHdhbnQgdG8gZmxv
b2QgdGhlIGRlLWF1dGhvcml6YXRpb24sIHlvdSBqdXN0IG5lZWQgYSBzaWduZWQgY2xhaW0gdGhh
dCB0aGUgY29tcHJvbWlzZWQga2V5IGlzIG5vdyBkZS1hdXRob3JpemVkLikNCg0KUmUgYWN0aW9u
cyBhcm91bmQgYW4gdXBncmFkZToNCg0KPiBUaGUgY3J1ZGVzdCB0aGluZyBpcyBhIHJlZmVyZW5j
ZSB0byBlbnRyaWVzIGluIHRhYmxlIG9mIGFjdGlvbnMuICBGYWlybHkgbGFuZ3VhZ2UgaW5kZXBl
bmRlbnQuICBJIHNhaWQgZmFpcmx5IGJlY2F1c2UgSSBjYW4gZm9yZXNlZSBmb3JtYXQgd2FycyAu
Li4geW91ciBmYXZvcml0ZSDigKYNCg0KV2hpY2ggZm9ybSB3b3VsZCB0aGVzZSByZWZlcmVuY2Vz
IHRha2U/ICBUZXh0IHN0cmluZz8gIEJ5dGUgc3RyaW5nPw0KDQpHcsO8w59lLCBDYXJzdGVuDQoN
Cl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fDQpTdWl0IG1h
aWxpbmcgbGlzdA0KU3VpdEBpZXRmLm9yZw0KaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9s
aXN0aW5mby9zdWl0DQpJTVBPUlRBTlQgTk9USUNFOiBUaGUgY29udGVudHMgb2YgdGhpcyBlbWFp
bCBhbmQgYW55IGF0dGFjaG1lbnRzIGFyZSBjb25maWRlbnRpYWwgYW5kIG1heSBhbHNvIGJlIHBy
aXZpbGVnZWQuIElmIHlvdSBhcmUgbm90IHRoZSBpbnRlbmRlZCByZWNpcGllbnQsIHBsZWFzZSBu
b3RpZnkgdGhlIHNlbmRlciBpbW1lZGlhdGVseSBhbmQgZG8gbm90IGRpc2Nsb3NlIHRoZSBjb250
ZW50cyB0byBhbnkgb3RoZXIgcGVyc29uLCB1c2UgaXQgZm9yIGFueSBwdXJwb3NlLCBvciBzdG9y
ZSBvciBjb3B5IHRoZSBpbmZvcm1hdGlvbiBpbiBhbnkgbWVkaXVtLiBUaGFuayB5b3UuDQo=


From nobody Mon Nov  6 00:37:07 2017
Return-Path: <martin.thomson@gmail.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E15313FB4E for <suit@ietfa.amsl.com>; Mon,  6 Nov 2017 00:37:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level: 
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bORSlozCaNzk for <suit@ietfa.amsl.com>; Mon,  6 Nov 2017 00:37:04 -0800 (PST)
Received: from mail-oi0-x233.google.com (mail-oi0-x233.google.com [IPv6:2607:f8b0:4003:c06::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4C43613F963 for <suit@ietf.org>; Mon,  6 Nov 2017 00:37:04 -0800 (PST)
Received: by mail-oi0-x233.google.com with SMTP id q4so6491989oic.7 for <suit@ietf.org>; Mon, 06 Nov 2017 00:37:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;  h=mime-version:from:date:message-id:subject:to; bh=UnRDkNzllL/CsSaoqFn+s8WvupuZsOGFkVHaYb0bN8s=; b=iV16wR+MijrTC4xsMOd5EKvdWkzUq11nqDdba4lwp33VTLgJQQHgA+dlmWwT+on1iZ QjdIYvBTUBuCpnGG31xF7ly9/0+D3q6avZ+7xiaS1j5jOZG9z6cI7WXh+eA7qT3Q2I0y KC9B6ClQ0HQPEO6dOUqRKH+HPr+UY5LNape/jPVed/dhcE+I0joZWb6rYpOGe/lGc3Tz GSgcosI8nUKFQYiHrLymaK0nriuPtt5+9uROb06g1v/cEJltaZbA4sURLUVLuanezfMq oOy5P2EqBjhuswgIURHbh97iIwtQz6BJCGaVj6CrQkkaHxhIQ3fyJn4C8GNTgk6nE6SK /AJA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=UnRDkNzllL/CsSaoqFn+s8WvupuZsOGFkVHaYb0bN8s=; b=LTEopUDu0cQOHoK1TcYDyucR0bd7aDayAtExbOskXNqSX+NWg5mWDVxc7eutoP1WIc UVjNBptOWRoB6kczv6H916WFVtqTH73CICPFicYpLlD5f3w+Fly9mwZYeh0bgYExKvpZ gKjt/ohdDzY1OoR03047suCMQpPA96erkx69/w7JRvoQwq1Ko5K4z160JDrscbOc+3ad Xt9ptx/taNInmKRNZ9Rx+OWjISrYPD9fwaD0q2tx325GT5z3rpV3IjUS/q4YHMv2AzL7 TJQkiAWoujC4siaYvWJrHefo4bDMoXtElO3NhY+MstC9vrmVRiLnGWlxUEK2LX3ZrBTd dz0g==
X-Gm-Message-State: AMCzsaUFOHvvSo56gDbu2Ei/chxkf/z4KxA2xkorOwu5EYYc2kjnjZwZ K0Utn5WkCJSNPyBuhJWb2a9OtEve9W6VmvX1lC9Ho0/v
X-Google-Smtp-Source: ABhQp+QL2k3QfQWxpyyiAXioZ7fr7iGdvTSEYSgRREs7uJLlb/p3zcW/yD+fS3JGpsqZTY7kOiZZbOYHymBtygjWIkI=
X-Received: by 10.202.217.197 with SMTP id q188mr7588095oig.83.1509957423351;  Mon, 06 Nov 2017 00:37:03 -0800 (PST)
MIME-Version: 1.0
Received: by 10.157.15.155 with HTTP; Mon, 6 Nov 2017 00:37:02 -0800 (PST)
From: Martin Thomson <martin.thomson@gmail.com>
Date: Mon, 6 Nov 2017 19:37:02 +1100
Message-ID: <CABkgnnVe_LNGEfi8-b2Z9T_gCaM1uTVtNTpuzibxoz0tY=G-AA@mail.gmail.com>
To: suit@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/4Bfl6K9dNJzscxZvsG07f26sy3s>
Subject: [Suit] draft-moran manifest thoughts
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Nov 2017 08:37:06 -0000

On the design in draft-moran-suit-manifest, it seems like there are a
bunch of things that could be cut down.  I think that expanding on
Carsten's set of use cases [1] might be a better way to drive the
addition of fields.

>From my perspective, there is just one question: should this update be
applied to this device?  The minimal example does work, but it
requires a per-device signature and that isn't awesome, so we create
policies that can be more broadly applied to attributes (or claims).

The 4122 identifiers seem overly prescriptive; I can't see why a
vendor-specified string is not OK: one for the type of device, and one
for the specific device.  Part of the motivation for 4122-style
identifiers is to avoid collisions, but I don't see that as necessary
here - any party that is authorizing changes can manage to ensure that
the identifiers they sign don't collide.

I'm also a little leery about the justification for some of the
meta-information, like timestamp, all of payload info, the nonce (let
the crypto do that bit).

storageIdentifier seems especially problematic.  If you have a device
type identifier, then that should suffice for those cases where there
are multiple update targets on a device.  That is, you can identify by
generically identifying the type of thing that this update applies to:
"vendor foo alarm clock configuration" rather than "vendor foo alarm
clock" and it all works neatly.  Right now the storageIdentifier is
all tied up in the way that the update is identified.

The draft identifies timestamp as critical, but does not motivate this
at all well (and the minimal example in [1] doesn't support that view
either).

I think that directives, conditions, and extensions could be phrased
more generically as attributes (or "claims" [1]).  In particular, the
reason that directives exist seem to be driven by a goal that only
really exists in the context of a protocol.  That is, you have a
protocol that pushes updates out ahead of time so that they can be
applied on a specific schedule later.  Having two axes for extension
and variation (directives and conditions) is expensive, especially if
one or other is more rarely added to.  Unused extension points become
unusable.  Unless there is a stronger reason for having two things,
I'd argue for having one.  An extensible "attributes" or "claims"
setup instead with core attributes and the ability to extend is a more
robust design overall.

One thing that is likely missing here is the ability to identify
minimum versions for related software loads.  If you have
configuration that relies on software of a specific version, you want
to be able to express that dependency (so that the configuration
doesn't get applied to an earlier version, for example).  This appears
to rely on dependencies right now, but I think that you want something
that uses the same identifiers consistently, that is the type of thing
that is the target of an update.


[1] https://mailarchive.ietf.org/arch/msg/suit/0kEo_RsNu7RTPkOraRw7Xsn98pk


From nobody Mon Nov  6 01:31:58 2017
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1DB4813FB79 for <suit@ietfa.amsl.com>; Mon,  6 Nov 2017 01:31:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Level: 
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lZMcG8QmJAUw for <suit@ietfa.amsl.com>; Mon,  6 Nov 2017 01:31:53 -0800 (PST)
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-he1eur01on0063.outbound.protection.outlook.com [104.47.0.63]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3E66C13F963 for <suit@ietf.org>; Mon,  6 Nov 2017 01:31:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=p+p+wPKddCcusmSaYo4VFAz6tjPZ2/XZIKaCW4gEeIg=; b=mLHNBzqJHV4u6APGOIru46Xldwtwi7ap5UjZgNse/SrHaWqBjFSGBQCXcNn5UY4MjDJLBY58hRbEgd+AIWia2DXKv8auFwPBu9I/CK4lJ4YJpfAEU+LX3FSXNAU4yOmW3a4HCyqlfJV0P6u1uv6WtwgchfGJqi9I7p2U9leg4EI=
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com (10.167.90.148) by AM4PR0801MB2706.eurprd08.prod.outlook.com (10.167.90.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.197.13; Mon, 6 Nov 2017 09:31:49 +0000
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::403b:850e:c32c:fad6]) by AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::403b:850e:c32c:fad6%13]) with mapi id 15.20.0197.017; Mon, 6 Nov 2017 09:31:49 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Martin Thomson <martin.thomson@gmail.com>, "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] Thoughts on requirements and scope
Thread-Index: AQHTVsrbcaO6I4ob002QS4RFMwSvZ6MHDthQ
Date: Mon, 6 Nov 2017 09:31:49 +0000
Message-ID: <AM4PR0801MB270672F8A7D64CD2C45C64FAFA500@AM4PR0801MB2706.eurprd08.prod.outlook.com>
References: <CABkgnnXEr7M7399MF3qkUrbdR_mjtnZxsgW_JyNYpa0NgRdbHA@mail.gmail.com>
In-Reply-To: <CABkgnnXEr7M7399MF3qkUrbdR_mjtnZxsgW_JyNYpa0NgRdbHA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com; 
x-originating-ip: [80.92.116.199]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM4PR0801MB2706; 6:Xhcw1SkGNEnRLaFyec2ZeuoxOnJoZNqXjOHCzX2ilEZlvEjjy/8Bx1PiuCHx7zKnWe6s0Lztn+SMIvilnr5mHDZf+2UyfhByGX2RHZTWyhed2xJpgdi81j6O4xS/Q0JPcJFXmXYy8ElCiUuadVAB4xD7lo070rw6MN90WX97RuLVATYaIB62RMwl0cHYYOPyHOrugj41SoNqaF+GMliQkv/QMqe9JHqZEawzKyITWNGUsEf2ii1R6MaNKkJWc3gD2s502l+8J58VawLUxih7Vi3ymuareB1I/jwJVSKcVj/nzXCS4VqfKHha0qGeNOgvN01YTebkOnDbSIQB+yMrApJrsMqTwVzxk2uE6Z0xj5k=; 5:LE7iNldCAiHglk8rRs6aDoGWit51qZC0lP3XQGQByCe5sAn5+eqpECKhzLDvOqbCHuYmwRe3tFU8hF2q0lq8WFYPSi3E+JH1tmkOsJ9zSgyIRl8mRyGOUpnvmkMxAic0+OlL7vpfzUdK7P+Nss+QBzp0JO0U1jjPl8xJT1wa/LM=; 24:eO2ErkBLTOuWrKu/bvSEbwd0Frm9x9RICdf1dIKY0slKe4kmp1RlRoi+clLLhW5Rxlp/FUCCK066BwviMOzbykcJi3su3XKO2eaNQ9/RFOQ=; 7:+pLLKncCvlW6nAycyjPVrWMiffCdT92+YlGdMk982jCgYp/msK3n4nXdhZ0rS9+lqBZCrpG+IvcU7GET1kiphyGRlcNORvm7zmK5AES7Erbfv/mJRgPd3GAB/8Sem5KTj52yRY87aYCyCXTOgMJxL/mhfBAjxfNMU1hWERknCsZ8kl3jXhEXC9SbyBgxbowFzcMovQ+1yjD171VkiAk0bzdF/HS3xZCI4sBoVlNMCz6d9saowb2B4dUDVT/JU74k
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 787d1ebd-a3ef-440d-7db7-08d524f9350a
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603249); SRVR:AM4PR0801MB2706; 
x-ms-traffictypediagnostic: AM4PR0801MB2706:
x-exchange-antispam-report-test: UriScan:(158342451672863);
x-microsoft-antispam-prvs: <AM4PR0801MB2706D6A09A54F425A61A58C4FA500@AM4PR0801MB2706.eurprd08.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(93006095)(93001095)(100000703101)(100105400095)(3231021)(10201501046)(3002001)(6055026)(6041248)(20161123555025)(20161123560025)(20161123564025)(20161123562025)(20161123558100)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:AM4PR0801MB2706; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:AM4PR0801MB2706; 
x-forefront-prvs: 048396AFA0
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(376002)(346002)(39860400002)(199003)(40434004)(51914003)(189002)(5250100002)(81156014)(55016002)(74316002)(97736004)(6306002)(68736007)(2501003)(5890100001)(110136005)(99286004)(66066001)(2900100001)(2906002)(39060400002)(50986999)(9686003)(8936002)(316002)(81166006)(305945005)(7696004)(5660300001)(7736002)(86362001)(6116002)(102836003)(8676002)(3846002)(72206003)(2950100002)(3280700002)(106356001)(101416001)(25786009)(6506006)(229853002)(6436002)(54356999)(966005)(53936002)(76176999)(478600001)(105586002)(6246003)(189998001)(33656002)(14454004)(3660700001); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR0801MB2706; H:AM4PR0801MB2706.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 787d1ebd-a3ef-440d-7db7-08d524f9350a
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Nov 2017 09:31:49.6254 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0801MB2706
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/a1wRO_cAHHl8ALokv0opEcNoq6c>
Subject: Re: [Suit] Thoughts on requirements and scope
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Nov 2017 09:31:57 -0000

Hi Martin,

Thanks for the reviewing the drafts and for your questions.

1. whether the firmware retrieval mechanism is in scope or not (I'm includi=
ng discovery here)

  I don't see any easy path to agreeing on an MTI for delivery mechanism - =
these things are just to disparate - and that would be the primary outcome =
of taking on that part of the work.  That said, it would be a huge win if a=
n agreement could be reached.

[Hannes] I will be impossible to agree on the distribution / retrieval mech=
anism since many companies already have ways to do so and different deploym=
ents require different firmware distribution mechanisms. TFTP, for example,=
 is not used to send firmware updates to Bluetooth Low Energy devices nor i=
s HTTP.

   Here, draft-moran-suit-manifest confuses things by insisting on the pres=
ence of a field that identifies the location of the firmware image.  If del=
ivery/retrieval mechanisms are intentionally out of scope, then a named-dat=
a approach would avoid any need to reference them (i.e., identify using a h=
ash or the via the signature of an authorization).

[Hannes] There are two possible ways to provision firmware, namely either b=
y attaching the firmware image to the manifest or by separating it from the=
 manifest. For the former the field just points to the "body" where the fir=
mware image is found. In the latter case the firmware image needs to be obt=
ained from somewhere. As said above, that can happen using a number of ways=
. A common mechanism today is to download it from an HTTPS server. Since th=
e URL is included in the manifest there is no need for discovery. Fetching =
a file from a server isn't rocket science either and does not require stand=
ardization. (A multicast distribution mechanism, as also discussed on the l=
ist, might, however require standardization.)

The named data approach sounds nice but leads to the question of how the de=
vice then finds the firmware image.

Note that we are not arguing the firmware distribution mechanism shouldn't =
be standardized at all. However, that's not what we would be starting with =
since
* there is already ongoing work in standardization in context of the larger=
 device management framework (e.g., from OMA DM, OIC)
* there is nothing to standardize (e.g., HTTP transporting a blob),
* or the work falls outside the scope of the IETF (e.g., defining an new se=
rvice and characteristic in Bluetooth Low Energy),
* or would potentially require a fair amount of standardization (e.g., the =
multicast mechanism discussed on the list). Maybe such work should better b=
e done in the transport area, IMHO.

There is the minor point about encryption of images that Suhas makes.
I don't think that we *need* to fight about this one.  If a vendor wants to=
 encrypt their images, then they can create a package format that encrypts =
the update without touching the manifest in any way.
That would move the encryption keys (and cryptography) to the update itself=
.  In other words, it could be proprietary.  There is some loss of value to=
 the ecosystem in not having a generic, vetted design, so I'd say that the =
question instead boils down to whether the group wants to take on the work.=
 Based on the solutions in front of us, it looks like encryption could easi=
ly be done as an extension.

[Hannes] I am somewhat surprised to hear that there are people in the indus=
try that do not believe that encrypting firmware isn't a requirement freque=
ntly raised. Note that this is not a requirement we at ARM came up with. It=
 is a requirement coming from the industry partners. course, we can make ev=
erything proprietary as we do today. If some people don't want to use encry=
pted firmware images then they do not need to use that part of the spec.

Ciao
Hannes

_______________________________________________
Suit mailing list
Suit@ietf.org
https://www.ietf.org/mailman/listinfo/suit
IMPORTANT NOTICE: The contents of this email and any attachments are confid=
ential and may also be privileged. If you are not the intended recipient, p=
lease notify the sender immediately and do not disclose the contents to any=
 other person, use it for any purpose, or store or copy the information in =
any medium. Thank you.


From nobody Mon Nov  6 01:48:36 2017
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F2CF13FB83 for <suit@ietfa.amsl.com>; Mon,  6 Nov 2017 01:48:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Level: 
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 84MjgQeVN6k8 for <suit@ietfa.amsl.com>; Mon,  6 Nov 2017 01:48:33 -0800 (PST)
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-ve1eur01on0045.outbound.protection.outlook.com [104.47.1.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A094F13FA82 for <suit@ietf.org>; Mon,  6 Nov 2017 01:48:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=2NBfbmcLLnOVU45rVu1AlXSVXf6qZciihkPmLxZlFv8=; b=eeyrsMgRgdqO1dpvWMMpHm7jcggyIgu3kARovJEqDAzYvZ80y1qIvkJqW+WXSfjcWL125r9NL2rVpeppA+JmrZ2PqSYyXBxGtoJQa9fLIOLze1ndlZjXD6vCZd+INsM/QPYzxkc+DKy+B9ChkRSgQrVey5SDRA6mh/AnTXtR+Kg=
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com (10.167.90.148) by AM4PR0801MB2706.eurprd08.prod.outlook.com (10.167.90.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.197.13; Mon, 6 Nov 2017 09:48:29 +0000
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::403b:850e:c32c:fad6]) by AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::403b:850e:c32c:fad6%13]) with mapi id 15.20.0197.017; Mon, 6 Nov 2017 09:48:29 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Martin Thomson <martin.thomson@gmail.com>, "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] draft-moran manifest thoughts
Thread-Index: AQHTVtpwkOR560UFOkCcYLG/wq9dhKMHFrLg
Date: Mon, 6 Nov 2017 09:48:29 +0000
Message-ID: <AM4PR0801MB270642BAA739C74D481E09A4FA500@AM4PR0801MB2706.eurprd08.prod.outlook.com>
References: <CABkgnnVe_LNGEfi8-b2Z9T_gCaM1uTVtNTpuzibxoz0tY=G-AA@mail.gmail.com>
In-Reply-To: <CABkgnnVe_LNGEfi8-b2Z9T_gCaM1uTVtNTpuzibxoz0tY=G-AA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com; 
x-originating-ip: [80.92.116.199]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM4PR0801MB2706; 6:XmVzi83pS7N5sG3K+oJLzlT8q1ScbjG4ZmDp+vKtYjjMJdhNSMNKSvJyYFdsOK7Zol8wW+3D1mN0WrQfMRof4YjkPAkDRBYXR+V5Z8HY7eb3cDoltdQAEU6ogSKQZ4iVBfJ0+l+tvZ0KXE2tvE6kZ4WjI6vhDD6l7VSQN9M1P5LNa2mUNA9MhKfV2M8vJfJLy6gV38qwiOIpD0X2dMcvl6MLHF7Pb1HAM7BADaegmTF2Okdx6DagnCSrAGF4rsIC3yFiGMgGa4bpQZ9WbBl8tkVmpVt0bnvv+mUmprLDye0/oIfPJCEts9g3IBUdYhmWtXUsDbXBF1bvsDRwD2CItP3LfOBjfuGEk2gK0bocYMA=; 5:0xes3SY1V7OgnTONCKE++jmzc02qMal/JNmerl9BlEXqbgNm6B4fYHo/rJ68gBU4v0bcC9ESSbiu42SeFeJFW9zGEuwCGyCWft3c2+iSdwWf1vmtIE4B9gdu+85SCHuWLCkOvKCzGg8YshecCatEtaUIjpWnhxHF7ftqPU+ZosY=; 24:U/WM2XCv6xYZfzMm7ut4WYvMIZ01zc8lpfzrx9onNTiAjUyx9KBa4jqYf7dz5yyRF5I8nqWWNETfa+EtJCKK/K28dbZuXKICKdZnJjA8djE=; 7:Y2W3ClORQ6eyx3iwQGu+JZVH8skucL1+WlzEJy1ywD4Nz46DSzw3hzYlEgXWB1UZFcaUnazZYW0YuBvc5VnlXxtqgbf0pzE/HmKHET6ipxfutuneSJH+iw4q8YnSCqTfInffi5GY6pqPqh6ECJrxD4uzEmqUf2sqy2Skt0AwrH1nsGmthgl0Oh6y/cGFBXDh06MmBsCHNWBSSpXXH+GGbmSqSPiy3/iG1HlPEL1eIaUGkq7ljzN2LHf279+iEaB8
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 3e87406d-8fc3-49ec-ff9e-08d524fb88e8
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603249); SRVR:AM4PR0801MB2706; 
x-ms-traffictypediagnostic: AM4PR0801MB2706:
x-exchange-antispam-report-test: UriScan:(788757137089);
x-microsoft-antispam-prvs: <AM4PR0801MB27065D1EDCB78E077CC3C22CFA500@AM4PR0801MB2706.eurprd08.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(93006095)(93001095)(100000703101)(100105400095)(3231021)(10201501046)(3002001)(6055026)(6041248)(20161123555025)(20161123560025)(20161123564025)(20161123562025)(20161123558100)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:AM4PR0801MB2706; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:AM4PR0801MB2706; 
x-forefront-prvs: 048396AFA0
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(376002)(346002)(39860400002)(199003)(40434004)(51444003)(51914003)(13464003)(189002)(5250100002)(81156014)(55016002)(74316002)(97736004)(6306002)(68736007)(2501003)(5890100001)(110136005)(99286004)(66066001)(2900100001)(2906002)(39060400002)(50986999)(9686003)(8936002)(316002)(81166006)(305945005)(7696004)(8676002)(5660300001)(7736002)(86362001)(6116002)(3846002)(102836003)(72206003)(3280700002)(2950100002)(106356001)(101416001)(25786009)(6506006)(229853002)(6436002)(54356999)(966005)(53936002)(76176999)(53546010)(478600001)(105586002)(6246003)(189998001)(33656002)(14454004)(3660700001); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR0801MB2706; H:AM4PR0801MB2706.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 3e87406d-8fc3-49ec-ff9e-08d524fb88e8
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Nov 2017 09:48:29.3749 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0801MB2706
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/iXXSzyvqdftupqZgO3y0q2Hhft0>
Subject: Re: [Suit] draft-moran manifest thoughts
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Nov 2017 09:48:35 -0000

Hi Martin,

Thanks for these further comments.

I will only address a few of them now.

* Terminology: Should conditions and directives better be called "claims"?

I personally don't have a preference. Any name is fine for me.

* storageIdentifier

As mentioned in the description, there are cases where a single IoT device =
has multiple microcontrollers. A given firmware is useful for a specific mi=
crocontroller only. You might have to update all microntrollers on a single=
 device or only one. You can leave this to proprietary extensions or you ca=
n standardize such a field.
Is this an exotic case? Not really. Just look at some basic consumer device=
s and you will notice that they are actually consisting of multiple micro-c=
ontrollers, which are connected using some bus (such as SPI).
This sounds complicated. Why are companies do this? To meet the real-time r=
equirements you often want to just use a single chip for a given task, such=
 as a BLE chip and a IEEE 802.15.4 chip for a device that supports multiple=
 radio technologies. Then, you need yet another chip on top of it that runs=
 the actual application + IP + ...

* minimum versions

I guess this appears to be a difference between firmware updates and softwa=
re updates. With firmware updates you replace everything on the device whil=
e with software updates you are focused on specific parts.
This is maybe something we should look into when we extend the work to more=
 generic software updates.

* nonce

While the timestamp is great to determine the freshness of the created mani=
fest some IoT devices are not equipped with network time. For those devices=
 a nonce (or call it sequence number) would be more appropriate.

Ciao
Hannes

-----Original Message-----
From: Suit [mailto:suit-bounces@ietf.org] On Behalf Of Martin Thomson
Sent: 06 November 2017 09:37
To: suit@ietf.org
Subject: [Suit] draft-moran manifest thoughts

On the design in draft-moran-suit-manifest, it seems like there are a bunch=
 of things that could be cut down.  I think that expanding on Carsten's set=
 of use cases [1] might be a better way to drive the addition of fields.

>From my perspective, there is just one question: should this update be
applied to this device?  The minimal example does work, but it requires a p=
er-device signature and that isn't awesome, so we create policies that can =
be more broadly applied to attributes (or claims).

The 4122 identifiers seem overly prescriptive; I can't see why a vendor-spe=
cified string is not OK: one for the type of device, and one for the specif=
ic device.  Part of the motivation for 4122-style identifiers is to avoid c=
ollisions, but I don't see that as necessary here - any party that is autho=
rizing changes can manage to ensure that the identifiers they sign don't co=
llide.

I'm also a little leery about the justification for some of the meta-inform=
ation, like timestamp, all of payload info, the nonce (let the crypto do th=
at bit).

storageIdentifier seems especially problematic.  If you have a device type =
identifier, then that should suffice for those cases where there are multip=
le update targets on a device.  That is, you can identify by generically id=
entifying the type of thing that this update applies to:
"vendor foo alarm clock configuration" rather than "vendor foo alarm clock"=
 and it all works neatly.  Right now the storageIdentifier is all tied up i=
n the way that the update is identified.

The draft identifies timestamp as critical, but does not motivate this at a=
ll well (and the minimal example in [1] doesn't support that view either).

I think that directives, conditions, and extensions could be phrased more g=
enerically as attributes (or "claims" [1]).  In particular, the reason that=
 directives exist seem to be driven by a goal that only really exists in th=
e context of a protocol.  That is, you have a protocol that pushes updates =
out ahead of time so that they can be applied on a specific schedule later.=
  Having two axes for extension and variation (directives and conditions) i=
s expensive, especially if one or other is more rarely added to.  Unused ex=
tension points become unusable.  Unless there is a stronger reason for havi=
ng two things, I'd argue for having one.  An extensible "attributes" or "cl=
aims"
setup instead with core attributes and the ability to extend is a more robu=
st design overall.

One thing that is likely missing here is the ability to identify minimum ve=
rsions for related software loads.  If you have configuration that relies o=
n software of a specific version, you want to be able to express that depen=
dency (so that the configuration doesn't get applied to an earlier version,=
 for example).  This appears to rely on dependencies right now, but I think=
 that you want something that uses the same identifiers consistently, that =
is the type of thing that is the target of an update.


[1] https://mailarchive.ietf.org/arch/msg/suit/0kEo_RsNu7RTPkOraRw7Xsn98pk

_______________________________________________
Suit mailing list
Suit@ietf.org
https://www.ietf.org/mailman/listinfo/suit
IMPORTANT NOTICE: The contents of this email and any attachments are confid=
ential and may also be privileged. If you are not the intended recipient, p=
lease notify the sender immediately and do not disclose the contents to any=
 other person, use it for any purpose, or store or copy the information in =
any medium. Thank you.


From nobody Mon Nov  6 02:38:59 2017
Return-Path: <martin.thomson@gmail.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 65EEC13FC1B for <suit@ietfa.amsl.com>; Mon,  6 Nov 2017 02:38:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level: 
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9,  DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jceg60YxRjQB for <suit@ietfa.amsl.com>; Mon,  6 Nov 2017 02:38:47 -0800 (PST)
Received: from mail-ot0-x22b.google.com (mail-ot0-x22b.google.com [IPv6:2607:f8b0:4003:c0f::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1C5D913FBC8 for <suit@ietf.org>; Mon,  6 Nov 2017 02:38:47 -0800 (PST)
Received: by mail-ot0-x22b.google.com with SMTP id u41so8003828otf.12 for <suit@ietf.org>; Mon, 06 Nov 2017 02:38:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;  h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=m8gw29mHFQHMPaeLIK2XO3bw7Kl3mwTOwcmpoBLdaoo=; b=o4Y3fe+JOSFAIuPZx3+PX85n3zkRdmaFMZR1JRqwk+H2n0KzqinkQ6ZWZ/Rw9chRCi AROgz1kXzJkclMAFliCCz0Z6mZJOVP5hIMPLszyUndiroOlY6uSnfNA/p1oH+tH010bZ JAvhZfqj3PqjygjLErDI3BVxfIf/vRPko7e8Cxhk/YomDGijyO4b4yI3g0im0M+2+bY2 Cadesviqaz7o4iDsmcsgTt3bDM6xtrtEiLUUnZ8rWXKreOfBFRlGwpH5vIDI3liNsKT7 RwrDSgKV970aN34GeYCpj+JWV5Ohe9KPVyrrTd0FEMsLKNbcRSM49sw5/cPVOY/fPy9E URvg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=m8gw29mHFQHMPaeLIK2XO3bw7Kl3mwTOwcmpoBLdaoo=; b=O4ub8QLvHJvcJ+PBC6tTB3Ok3JxenQf4s6j6bBbyaMb7O3JKDWBmoNH4TzZyb6Ow+B +L4OXYkYa8jmmDQcBtCxH3eJrstDz/A/74sLQxN2r86IomIvy4xe14Qg+f3YtqJmdzzZ GdxofB7XYy9IRh6auFEQYTpUKX3v+Gb6qgW1svCjdY4QNgVUpLTZjgrPOMD6+985w56w rFph1alh8+cyMU12qb2s7nCSQMcCGo/aytjotvVM/m8FRCFScMhlK1AMnCS/mrt69MKS AfqdZhL/78zD+jwe7QMbIpHfWKTlKJ/15djiFz1HV2tmNJ3wbCObnCIGuduABzCpr+Cg TXaA==
X-Gm-Message-State: AJaThX6ETAuGTL8EUd9zskhHGJFunacZjjJJEazmyNclYXc4o2QcdgrJ zE2r+K+sXpwQ+ZFDkBrBOxfh7Jy9SVO24DqAOsncIQ==
X-Google-Smtp-Source: ABhQp+RkySSaV3kuj+bU+55LTDOKSfwgVT1H4rSK9CSIJcYb62Xxve0IN+pPmOa4D/IV3hj8IgT4BxHLWN10DKamgOw=
X-Received: by 10.157.38.1 with SMTP id a1mr1289295otb.112.1509964726227; Mon, 06 Nov 2017 02:38:46 -0800 (PST)
MIME-Version: 1.0
Received: by 10.157.15.155 with HTTP; Mon, 6 Nov 2017 02:38:45 -0800 (PST)
In-Reply-To: <AM4PR0801MB270672F8A7D64CD2C45C64FAFA500@AM4PR0801MB2706.eurprd08.prod.outlook.com>
References: <CABkgnnXEr7M7399MF3qkUrbdR_mjtnZxsgW_JyNYpa0NgRdbHA@mail.gmail.com> <AM4PR0801MB270672F8A7D64CD2C45C64FAFA500@AM4PR0801MB2706.eurprd08.prod.outlook.com>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Mon, 6 Nov 2017 21:38:45 +1100
Message-ID: <CABkgnnU8vF9ru4nBGoD-Uxt0fpC48AH_ApecjRMpeOYtxs-XAw@mail.gmail.com>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
Cc: "suit@ietf.org" <suit@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/kQQI6ThXOTgTW6-WplB6vPSzbj4>
Subject: Re: [Suit] Thoughts on requirements and scope
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Nov 2017 10:38:48 -0000

Hi Hannes,

I think perhaps I'm not communicating clearly enough.  Just a few responses=
.

On Mon, Nov 6, 2017 at 8:31 PM, Hannes Tschofenig
<Hannes.Tschofenig@arm.com> wrote:
> The named data approach sounds nice but leads to the question of how the =
device then finds the firmware image.

I see, so you would still insist on pointing to the image somehow, but
you don't want to define the mechanism (or play kingmaker for existing
mechanisms).  But that's where the seams start to show.  You need to
pick a framework into which this fits, because the assumptions about
delivery mechanisms matter if you are relying on the locator to
actually find you the firmware.

If, as you suggest, this is done as part of a larger framework that
addresses delivery, why could you not assume that the update and
manifest are already present?  That the larger framework can be
responsible for matching manifest to update?  For example, if you
choose HTTP, link relation between one and t'other would be simple
enough and neatly put finding firmware out of scope for the manifest.
Then you avoid having the manifest deal with the messy details of
locators (which is the area in the draft that is messiest, at least in
my view).

(Something in one of the previous discussions suggested to me that
there might be multiple manifests.  That is, claims about validity
could be made independently.  What do you think of that?)

> [Hannes] I am somewhat surprised to hear that there are people in the ind=
ustry that do not believe that encrypting firmware isn't a requirement freq=
uently raised. Note that this is not a requirement we at ARM came up with. =
It is a requirement coming from the industry partners. course, we can make =
everything proprietary as we do today. If some people don't want to use enc=
rypted firmware images then they do not need to use that part of the spec.

You will note that I did not contest the requirement, I'm just
questioning whether it is necessary to do up front, or even as
critical part of the manifest.  I observed that it is not strictly
necessary to define where proprietary solutions exist, but also
suggested that an extension might be reasonable.  An extension would
allow us to a) concentrate on finishing a core, and b) allow for more
detail.  I can't make a whole lot of sense of the design the draft
proposes, probably because it is missing critical descriptions of how
keys are expected to be managed.


From nobody Mon Nov  6 02:48:06 2017
Return-Path: <martin.thomson@gmail.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6580613FB57 for <suit@ietfa.amsl.com>; Mon,  6 Nov 2017 02:48:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level: 
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9,  DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wsCuM7K8lHKI for <suit@ietfa.amsl.com>; Mon,  6 Nov 2017 02:48:02 -0800 (PST)
Received: from mail-ot0-x234.google.com (mail-ot0-x234.google.com [IPv6:2607:f8b0:4003:c0f::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7AC7D13FB4C for <suit@ietf.org>; Mon,  6 Nov 2017 02:48:02 -0800 (PST)
Received: by mail-ot0-x234.google.com with SMTP id s88so8032489ota.4 for <suit@ietf.org>; Mon, 06 Nov 2017 02:48:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;  h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=O3+eXL9HFFKq9QKsVTAjT7fOgfz/GDZlqV17aqEHAtA=; b=ieHnLhKdbBXNAiOh9yOnJQx+QHlD57T7d7VKVRfZmE1uZkq5PLh6eztEgVQRUCSM+g PSINQ7asF/ZsyVtMhm6BJsoMjQy9h/K7WLbLWeRtqKvnn/cnrcj9oaDmHSIv8pJY6Lhp K3BAknxRjwTAEdZ0fg4lZwD9LzHfrBWVzHGD23Klp1TH3Sqa7ZekRmRzWa6Q6o/8UsAb yaA0YPqn9bCa548HXXhr0kjMZ9PrTZuOs7XR50Z/hE2T0WiwXDMmwqvQYt5iFCVjCvNN mQkqydDUKmxF8CYPBf2VfBSD3eSKccqoBt/wblUgukyphkWVni0pKAuGB6AFPY5D3feU PJfg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=O3+eXL9HFFKq9QKsVTAjT7fOgfz/GDZlqV17aqEHAtA=; b=ZTMzFunfXIR9K/ITHZK0G/cjVlVAz3a9fI9rxRWizWRkaTdwyE0x7PN041nCWlAG1O N53I+fn8qJaGrrkbeUTcgzKw8HOm8HMP0Tsd3r0VdY2QK3FltUQU18HH186m0MNJriEd Agfi7batBcvMUiy0T0Y55rhMweSNk3fKhtR0klAW6sAOzvkXTBtj764LT5Qzh2oEZFl7 t4SU5uZuXwIBhjku09RVrhutPlWPlO533kEndrYBVb5+944IJCRxtYzHuN2YJnYhA9M4 yY5UHLqi7lGIOAz7bFXl2tGelNHZMCRdCWvBEjw+HJfAHhMeJuaVJ6GxNUhxBBSn1hXt DU/Q==
X-Gm-Message-State: AJaThX7QtIENVilCySPD3LukJV3/tI2V0vnG3QGOwrj0yR2FkzcNcr61 vYWQoKCCzoWTtmyTLPxxyLSLnsjn6BEqjb+TSHnq8g==
X-Google-Smtp-Source: ABhQp+QHK+5IGLqLpREjcCMbMaOv4u+rFqJxVjsZdxQHBl++n7jGE8RVjjaWrKQGWXyftZZ3L2DqD4IB5Ulj3XMM1/c=
X-Received: by 10.157.51.146 with SMTP id u18mr8415234otc.98.1509965281599; Mon, 06 Nov 2017 02:48:01 -0800 (PST)
MIME-Version: 1.0
Received: by 10.157.15.155 with HTTP; Mon, 6 Nov 2017 02:48:01 -0800 (PST)
In-Reply-To: <AM4PR0801MB270642BAA739C74D481E09A4FA500@AM4PR0801MB2706.eurprd08.prod.outlook.com>
References: <CABkgnnVe_LNGEfi8-b2Z9T_gCaM1uTVtNTpuzibxoz0tY=G-AA@mail.gmail.com> <AM4PR0801MB270642BAA739C74D481E09A4FA500@AM4PR0801MB2706.eurprd08.prod.outlook.com>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Mon, 6 Nov 2017 21:48:01 +1100
Message-ID: <CABkgnnUWkmp0hf-+Ehhym232zPaXw_oR=BdLM4sBYwrVE-4kUg@mail.gmail.com>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
Cc: "suit@ietf.org" <suit@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/wtBYpfKQVl30Bgk5aB_ViZVEhvU>
Subject: Re: [Suit] draft-moran manifest thoughts
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Nov 2017 10:48:04 -0000

On Mon, Nov 6, 2017 at 8:48 PM, Hannes Tschofenig
<Hannes.Tschofenig@arm.com> wrote:
> Hi Martin,
>
> Thanks for these further comments.
>
> I will only address a few of them now.
>
> * Terminology: Should conditions and directives better be called "claims"=
?
>
> I personally don't have a preference. Any name is fine for me.

It's not just terminology.  There are three discrete fields in the
draft for conditions, directives and extensions.  I am suggesting that
there only needs to be one.

> * storageIdentifier
>
> As mentioned in the description, there are cases where a single IoT devic=
e has multiple microcontrollers. A given firmware is useful for a specific =
microcontroller only. You might have to update all microntrollers on a sing=
le device or only one. You can leave this to proprietary extensions or you =
can standardize such a field.
> Is this an exotic case? Not really. Just look at some basic consumer devi=
ces and you will notice that they are actually consisting of multiple micro=
-controllers, which are connected using some bus (such as SPI).
> This sounds complicated. Why are companies do this? To meet the real-time=
 requirements you often want to just use a single chip for a given task, su=
ch as a BLE chip and a IEEE 802.15.4 chip for a device that supports multip=
le radio technologies. Then, you need yet another chip on top of it that ru=
ns the actual application + IP + ...

I understood all of that.  I was suggesting a simplification.  Let the
vendor create the names for the things it intends to update and how
they recognize themselves in a manifest that targets them.  Rather
than the combination of vendorID, deviceTypeID, deviceID and
storageID, you have a string that the vendor can do with as they
please.  A device with three microcontrollers could use the strings
"A", "B", and "C" to identify each, and "All" to identify all of them.
We don't need to tell them to register a vendor ID in some registry
and manage their own registry of identifiers when key separation does
most of the work of ensuring that updates end up in the right place.
Conventions will help more, of course, but the neat thing with strings
is that they can be user-friendly too.

> * minimum versions
>
> I guess this appears to be a difference between firmware updates and soft=
ware updates. With firmware updates you replace everything on the device wh=
ile with software updates you are focused on specific parts.
> This is maybe something we should look into when we extend the work to mo=
re generic software updates.

Not really a thought that I had, but sure.  Incremental updates are
usually managed by identifying pre-requisites (i.e., you need version
X.Y or this won't work).

> * nonce
>
> While the timestamp is great to determine the freshness of the created ma=
nifest some IoT devices are not equipped with network time. For those devic=
es a nonce (or call it sequence number) would be more appropriate.

How is that different to a version number?  Also, a nonce is less
useful, because nonces aren't necessarily ordered.


From nobody Mon Nov  6 03:05:18 2017
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3DF0413FB4C for <suit@ietfa.amsl.com>; Mon,  6 Nov 2017 03:05:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Level: 
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QCW26ZZj5ZGD for <suit@ietfa.amsl.com>; Mon,  6 Nov 2017 03:05:15 -0800 (PST)
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-he1eur01on0076.outbound.protection.outlook.com [104.47.0.76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C130E13FB0A for <suit@ietf.org>; Mon,  6 Nov 2017 03:05:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=dn57PqKgIAKAWt2B0g6D9QF/LHx1MFpxjqlpCwL0L2Q=; b=c3ik9nPJl7fUhyViisnIjkJ6bIFZ9kxhZCcNFVaF8razCmhzbI/eVVwp59G5D+yyhMk+0Dgx/zWKZNLzZkiTXl1EAptYrvmf1aOMPkLNqUmO3f6RoOttdWyRU9QwTBE2tJ32hUioMAruJRWJ3xqq835kgRul6e8gAEKvunu4BME=
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com (10.167.90.148) by AM4PR0801MB2705.eurprd08.prod.outlook.com (10.167.90.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.197.13; Mon, 6 Nov 2017 11:05:12 +0000
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::403b:850e:c32c:fad6]) by AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::403b:850e:c32c:fad6%13]) with mapi id 15.20.0197.017; Mon, 6 Nov 2017 11:05:11 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Martin Thomson <martin.thomson@gmail.com>
CC: "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] Thoughts on requirements and scope
Thread-Index: AQHTVsrbcaO6I4ob002QS4RFMwSvZ6MHDthQgAAaaYCAAAQLsA==
Date: Mon, 6 Nov 2017 11:05:11 +0000
Message-ID: <AM4PR0801MB2706805E7ADFA4949C04514CFA500@AM4PR0801MB2706.eurprd08.prod.outlook.com>
References: <CABkgnnXEr7M7399MF3qkUrbdR_mjtnZxsgW_JyNYpa0NgRdbHA@mail.gmail.com> <AM4PR0801MB270672F8A7D64CD2C45C64FAFA500@AM4PR0801MB2706.eurprd08.prod.outlook.com> <CABkgnnU8vF9ru4nBGoD-Uxt0fpC48AH_ApecjRMpeOYtxs-XAw@mail.gmail.com>
In-Reply-To: <CABkgnnU8vF9ru4nBGoD-Uxt0fpC48AH_ApecjRMpeOYtxs-XAw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com; 
x-originating-ip: [80.92.116.199]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM4PR0801MB2705; 6:7gQ/y6jflBslRCn5an6lkxx60XWx798ESTibK6O2O4F1By0itt+XtI/zCsr+ROFL3KzN+BExCWas8qBc72Sy1AdLfOi7f6TIEL48pO76I7bHGidIjxmrHImw515AcMq+4BSYkkzY+ugCY0Pn1hr7ByuAdhWLExzn8HDk7HhCCSHE9bJtSxS7qwtCfzmQ2c9SotfIjuPfkE6drAxTSi2/T2+tFIQQWRzkOXkp20jyhN/GsuB75IsXF5McyEiHIoma40ViBKLirQVuAKw3Gt4HiG7ni/KmdTrRn8hfukAaecKB0FOzdZob8WkfZMZTMqx48JyNu07joP8oGEwLO4ogWfqdhx1YVJjsJTVe2zHlKl4=; 5:2szU+fUXVn2LTLkGTH9GJ45DK/MFKbC4/EnIRDKhk0W5KklPNLrNoO40KE0XCQpmahCCap6YMG/QFKjY+2asEllA8+fxD0hnQknmfgB+2tTSG50K/bWzkUZdG2wfgarZc93s4k6lT+ZqBowgtNw05y5i0G3JogCG71Ssan3VYk0=; 24:uFpEqhCWZ9/ve8Vp84wDBZkZboayCaHez704lH4p8voR/j4Y3XatYnwsSnCuTBqQFVXgJfSWavRLLAXsnJJiqu0CIpEL2ITT5YyGc0Iiu/Q=; 7:hmEv7fRvN/QqNUJ5LSOqmUoUedT+yo/VB9jhAZoi43QVspa4enMR39GlFqtq3mBvXvwtMqFgk0fP6cV5YfqhYmzLkTLFapM0Yt3P8eXGZYT040R/vX6toEs9EfYi36HfgTNVfZtnRNVb/0+Padz+Mp285iARAQ2DKAStAaHpuPG4BnW7xq2dPEKF9XEMV+H7R0zEEe1KI8DbkQJv2R8i0PA7dtmer+CP12oQhmSA/dRCgnRcWlc2iR188p76HwoT
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 2862911d-d4ba-48b3-88cf-08d525064017
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603199); SRVR:AM4PR0801MB2705; 
x-ms-traffictypediagnostic: AM4PR0801MB2705:
x-exchange-antispam-report-test: UriScan:(180628864354917)(192374486261705)(35073007944872); 
x-microsoft-antispam-prvs: <AM4PR0801MB27051BC0ED7F23556A3AB792FA500@AM4PR0801MB2705.eurprd08.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(93006095)(93001095)(3231021)(100000703101)(100105400095)(10201501046)(3002001)(6055026)(6041248)(20161123562025)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123555025)(20161123560025)(20161123558100)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:AM4PR0801MB2705; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:AM4PR0801MB2705; 
x-forefront-prvs: 048396AFA0
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(376002)(39860400002)(346002)(199003)(189002)(24454002)(40434004)(13464003)(76104003)(105586002)(4326008)(6916009)(74316002)(2950100002)(7696004)(81166006)(3280700002)(25786009)(101416001)(106356001)(7736002)(305945005)(33656002)(229853002)(8936002)(66066001)(53936002)(81156014)(8676002)(72206003)(5660300001)(53546010)(478600001)(68736007)(3846002)(102836003)(55016002)(6116002)(39060400002)(2900100001)(6506006)(14454004)(86362001)(6436002)(50986999)(9686003)(54356999)(99286004)(97736004)(76176999)(6246003)(2906002)(3660700001)(316002)(5890100001)(5250100002)(189998001)(71600200001); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR0801MB2705; H:AM4PR0801MB2706.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 2862911d-d4ba-48b3-88cf-08d525064017
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Nov 2017 11:05:11.7483 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0801MB2705
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/l-T7E5_TzjZkUYSG2RUNK10u5bk>
Subject: Re: [Suit] Thoughts on requirements and scope
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Nov 2017 11:05:17 -0000

SGkgTWFydGluLA0KDQpIZXJlIGlzIG15IHBlcnNwZWN0aXZlIG9uIHRoZSB0b3BpYyBvZiBkaXN0
cmlidXRpb24uDQoNCkkgc2VlIHRoZSBtYW5pZmVzdCBhcyBhIGJ1aWxkaW5nIGJsb2NrLiBUaGVy
ZSBhcmUgdmFyaW91cyBvcmdhbml6YXRpb25zIHdvcmtpbmcgb24gdGhlaXIgc3RvcnkgZm9yIElv
VCBzZWN1cml0eSBhbmQgdGhlIGZpcm13YXJlIHVwZGF0ZSBmdW5jdGlvbmFsaXR5IGlzIGp1c3Qg
b25lIHBpZWNlIG9mIGl0LiBBcyB0aGV5IGRlZmluZSB3YXlzIHRvIGludGVyYWN0IHdpdGggdGhl
IGRldmljZXMsIHRoZXkgY2FuIHRoZW4gdXNlIHRoZSBkZWZpbmVkIGJ1aWxkaW5nIGJsb2NrIGFu
ZCBpbmRpY2F0ZSBob3cgdGhleSB3YW50IHRvIGNhcnJ5IHRoZSBtYW5pZmVzdCBhbmQgdGhlIGZp
cm13YXJlIGltYWdlIHRvIHRoZSByZXNwZWN0aXZlIGRldmljZS4NCg0KSSBoYXZlIG5vIGV4cGVj
dGF0aW9ucyB0aGF0IHRoZSBkZWxpdmVyeSBtZWNoYW5pc20gZm9yIGEgVm9JUCBwaG9uZSwgQkxF
IGhlYXJ0cmF0ZSBzZW5zb3IsIGFuZCBhIExvUmEtYmFzZWQgcHJlY2lzaW9uIGZhcm1pbmcgZGV2
aWNlIHdpbGwgYmUgdGhlIHNhbWUuDQoNCkRvZXMgdGhpcyBtYWtlIG1vcmUgc2Vuc2U/DQoNCkNp
YW8NCkhhbm5lcw0KDQotLS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLQ0KRnJvbTogTWFydGluIFRo
b21zb24gW21haWx0bzptYXJ0aW4udGhvbXNvbkBnbWFpbC5jb21dDQpTZW50OiAwNiBOb3ZlbWJl
ciAyMDE3IDExOjM5DQpUbzogSGFubmVzIFRzY2hvZmVuaWcNCkNjOiBzdWl0QGlldGYub3JnDQpT
dWJqZWN0OiBSZTogW1N1aXRdIFRob3VnaHRzIG9uIHJlcXVpcmVtZW50cyBhbmQgc2NvcGUNCg0K
SGkgSGFubmVzLA0KDQpJIHRoaW5rIHBlcmhhcHMgSSdtIG5vdCBjb21tdW5pY2F0aW5nIGNsZWFy
bHkgZW5vdWdoLiAgSnVzdCBhIGZldyByZXNwb25zZXMuDQoNCk9uIE1vbiwgTm92IDYsIDIwMTcg
YXQgODozMSBQTSwgSGFubmVzIFRzY2hvZmVuaWcgPEhhbm5lcy5Uc2Nob2ZlbmlnQGFybS5jb20+
IHdyb3RlOg0KPiBUaGUgbmFtZWQgZGF0YSBhcHByb2FjaCBzb3VuZHMgbmljZSBidXQgbGVhZHMg
dG8gdGhlIHF1ZXN0aW9uIG9mIGhvdyB0aGUgZGV2aWNlIHRoZW4gZmluZHMgdGhlIGZpcm13YXJl
IGltYWdlLg0KDQpJIHNlZSwgc28geW91IHdvdWxkIHN0aWxsIGluc2lzdCBvbiBwb2ludGluZyB0
byB0aGUgaW1hZ2Ugc29tZWhvdywgYnV0IHlvdSBkb24ndCB3YW50IHRvIGRlZmluZSB0aGUgbWVj
aGFuaXNtIChvciBwbGF5IGtpbmdtYWtlciBmb3IgZXhpc3RpbmcgbWVjaGFuaXNtcykuICBCdXQg
dGhhdCdzIHdoZXJlIHRoZSBzZWFtcyBzdGFydCB0byBzaG93LiAgWW91IG5lZWQgdG8gcGljayBh
IGZyYW1ld29yayBpbnRvIHdoaWNoIHRoaXMgZml0cywgYmVjYXVzZSB0aGUgYXNzdW1wdGlvbnMg
YWJvdXQgZGVsaXZlcnkgbWVjaGFuaXNtcyBtYXR0ZXIgaWYgeW91IGFyZSByZWx5aW5nIG9uIHRo
ZSBsb2NhdG9yIHRvIGFjdHVhbGx5IGZpbmQgeW91IHRoZSBmaXJtd2FyZS4NCg0KSWYsIGFzIHlv
dSBzdWdnZXN0LCB0aGlzIGlzIGRvbmUgYXMgcGFydCBvZiBhIGxhcmdlciBmcmFtZXdvcmsgdGhh
dCBhZGRyZXNzZXMgZGVsaXZlcnksIHdoeSBjb3VsZCB5b3Ugbm90IGFzc3VtZSB0aGF0IHRoZSB1
cGRhdGUgYW5kIG1hbmlmZXN0IGFyZSBhbHJlYWR5IHByZXNlbnQ/ICBUaGF0IHRoZSBsYXJnZXIg
ZnJhbWV3b3JrIGNhbiBiZSByZXNwb25zaWJsZSBmb3IgbWF0Y2hpbmcgbWFuaWZlc3QgdG8gdXBk
YXRlPyAgRm9yIGV4YW1wbGUsIGlmIHlvdSBjaG9vc2UgSFRUUCwgbGluayByZWxhdGlvbiBiZXR3
ZWVuIG9uZSBhbmQgdCdvdGhlciB3b3VsZCBiZSBzaW1wbGUgZW5vdWdoIGFuZCBuZWF0bHkgcHV0
IGZpbmRpbmcgZmlybXdhcmUgb3V0IG9mIHNjb3BlIGZvciB0aGUgbWFuaWZlc3QuDQpUaGVuIHlv
dSBhdm9pZCBoYXZpbmcgdGhlIG1hbmlmZXN0IGRlYWwgd2l0aCB0aGUgbWVzc3kgZGV0YWlscyBv
ZiBsb2NhdG9ycyAod2hpY2ggaXMgdGhlIGFyZWEgaW4gdGhlIGRyYWZ0IHRoYXQgaXMgbWVzc2ll
c3QsIGF0IGxlYXN0IGluIG15IHZpZXcpLg0KDQooU29tZXRoaW5nIGluIG9uZSBvZiB0aGUgcHJl
dmlvdXMgZGlzY3Vzc2lvbnMgc3VnZ2VzdGVkIHRvIG1lIHRoYXQgdGhlcmUgbWlnaHQgYmUgbXVs
dGlwbGUgbWFuaWZlc3RzLiAgVGhhdCBpcywgY2xhaW1zIGFib3V0IHZhbGlkaXR5IGNvdWxkIGJl
IG1hZGUgaW5kZXBlbmRlbnRseS4gIFdoYXQgZG8geW91IHRoaW5rIG9mIHRoYXQ/KQ0KDQo+IFtI
YW5uZXNdIEkgYW0gc29tZXdoYXQgc3VycHJpc2VkIHRvIGhlYXIgdGhhdCB0aGVyZSBhcmUgcGVv
cGxlIGluIHRoZSBpbmR1c3RyeSB0aGF0IGRvIG5vdCBiZWxpZXZlIHRoYXQgZW5jcnlwdGluZyBm
aXJtd2FyZSBpc24ndCBhIHJlcXVpcmVtZW50IGZyZXF1ZW50bHkgcmFpc2VkLiBOb3RlIHRoYXQg
dGhpcyBpcyBub3QgYSByZXF1aXJlbWVudCB3ZSBhdCBBUk0gY2FtZSB1cCB3aXRoLiBJdCBpcyBh
IHJlcXVpcmVtZW50IGNvbWluZyBmcm9tIHRoZSBpbmR1c3RyeSBwYXJ0bmVycy4gY291cnNlLCB3
ZSBjYW4gbWFrZSBldmVyeXRoaW5nIHByb3ByaWV0YXJ5IGFzIHdlIGRvIHRvZGF5LiBJZiBzb21l
IHBlb3BsZSBkb24ndCB3YW50IHRvIHVzZSBlbmNyeXB0ZWQgZmlybXdhcmUgaW1hZ2VzIHRoZW4g
dGhleSBkbyBub3QgbmVlZCB0byB1c2UgdGhhdCBwYXJ0IG9mIHRoZSBzcGVjLg0KDQpZb3Ugd2ls
bCBub3RlIHRoYXQgSSBkaWQgbm90IGNvbnRlc3QgdGhlIHJlcXVpcmVtZW50LCBJJ20ganVzdCBx
dWVzdGlvbmluZyB3aGV0aGVyIGl0IGlzIG5lY2Vzc2FyeSB0byBkbyB1cCBmcm9udCwgb3IgZXZl
biBhcyBjcml0aWNhbCBwYXJ0IG9mIHRoZSBtYW5pZmVzdC4gIEkgb2JzZXJ2ZWQgdGhhdCBpdCBp
cyBub3Qgc3RyaWN0bHkgbmVjZXNzYXJ5IHRvIGRlZmluZSB3aGVyZSBwcm9wcmlldGFyeSBzb2x1
dGlvbnMgZXhpc3QsIGJ1dCBhbHNvIHN1Z2dlc3RlZCB0aGF0IGFuIGV4dGVuc2lvbiBtaWdodCBi
ZSByZWFzb25hYmxlLiAgQW4gZXh0ZW5zaW9uIHdvdWxkIGFsbG93IHVzIHRvIGEpIGNvbmNlbnRy
YXRlIG9uIGZpbmlzaGluZyBhIGNvcmUsIGFuZCBiKSBhbGxvdyBmb3IgbW9yZSBkZXRhaWwuICBJ
IGNhbid0IG1ha2UgYSB3aG9sZSBsb3Qgb2Ygc2Vuc2Ugb2YgdGhlIGRlc2lnbiB0aGUgZHJhZnQg
cHJvcG9zZXMsIHByb2JhYmx5IGJlY2F1c2UgaXQgaXMgbWlzc2luZyBjcml0aWNhbCBkZXNjcmlw
dGlvbnMgb2YgaG93IGtleXMgYXJlIGV4cGVjdGVkIHRvIGJlIG1hbmFnZWQuDQpJTVBPUlRBTlQg
Tk9USUNFOiBUaGUgY29udGVudHMgb2YgdGhpcyBlbWFpbCBhbmQgYW55IGF0dGFjaG1lbnRzIGFy
ZSBjb25maWRlbnRpYWwgYW5kIG1heSBhbHNvIGJlIHByaXZpbGVnZWQuIElmIHlvdSBhcmUgbm90
IHRoZSBpbnRlbmRlZCByZWNpcGllbnQsIHBsZWFzZSBub3RpZnkgdGhlIHNlbmRlciBpbW1lZGlh
dGVseSBhbmQgZG8gbm90IGRpc2Nsb3NlIHRoZSBjb250ZW50cyB0byBhbnkgb3RoZXIgcGVyc29u
LCB1c2UgaXQgZm9yIGFueSBwdXJwb3NlLCBvciBzdG9yZSBvciBjb3B5IHRoZSBpbmZvcm1hdGlv
biBpbiBhbnkgbWVkaXVtLiBUaGFuayB5b3UuDQo=


From nobody Mon Nov  6 07:34:21 2017
Return-Path: <mcr@sandelman.ca>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C01F13FAFF for <suit@ietfa.amsl.com>; Mon,  6 Nov 2017 07:34:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level: 
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ONqLk3RlZAVe for <suit@ietfa.amsl.com>; Mon,  6 Nov 2017 07:34:19 -0800 (PST)
Received: from relay.sandelman.ca (relay.cooperix.net [176.58.120.209]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 05FE213FAD9 for <suit@ietf.org>; Mon,  6 Nov 2017 07:34:19 -0800 (PST)
Received: from dooku.sandelman.ca (199-7-159-58.eng.wind.ca [199.7.159.58]) by relay.sandelman.ca (Postfix) with ESMTPS id DCE751F8FB for <suit@ietf.org>; Mon,  6 Nov 2017 15:34:16 +0000 (UTC)
Received: by dooku.sandelman.ca (Postfix, from userid 179) id C2E0635A3; Mon,  6 Nov 2017 10:33:24 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: "suit\@ietf.org" <suit@ietf.org>
In-reply-to: <AM4PR0801MB270672F8A7D64CD2C45C64FAFA500@AM4PR0801MB2706.eurprd08.prod.outlook.com>
References: <CABkgnnXEr7M7399MF3qkUrbdR_mjtnZxsgW_JyNYpa0NgRdbHA@mail.gmail.com> <AM4PR0801MB270672F8A7D64CD2C45C64FAFA500@AM4PR0801MB2706.eurprd08.prod.outlook.com>
Comments: In-reply-to Hannes Tschofenig <Hannes.Tschofenig@arm.com> message dated "Mon, 06 Nov 2017 09:31:49 +0000."
X-Mailer: MH-E 8.6; nmh 1.6; GNU Emacs 24.5.1
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha1; protocol="application/pgp-signature"
Date: Mon, 06 Nov 2017 10:33:24 -0500
Message-ID: <1600.1509982404@dooku.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/B1MFZ-yYOvhAJYGzcjguUaNRMtU>
Subject: Re: [Suit] Thoughts on requirements and scope
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Nov 2017 15:34:20 -0000

--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable


Hannes Tschofenig <Hannes.Tschofenig@arm.com> wrote:
    > [Hannes] I am somewhat surprised to hear that there are people in the
    > industry that do not believe that encrypting firmware isn't a
    > requirement frequently raised. Note that this is not a requirement we
    > at ARM came up with. It is a requirement coming from the industry
    > partners. course, we can make everything proprietary as we do today. =
If
    > some people don't want to use encrypted firmware images then they do
    > not need to use that part of the spec.

I believe that we are all in agreement that integrity checks for the firmwa=
re
image is mandatory.  There are different ways that we can accomplish this,
but if we go the way of using an already specified container format that
supports signatures, it's usually the case that one can have encryption as
well.

Container formats would include: CMS, JOSE, COSE.

Signatures are sort of easy as the creator of the firmware signs it, and the
devices validate it with a (public) key.

The challenge with encryption is that one has to figure out how the
decryption key is distributed.  Of course, it could be baked in symmetric
key, but many would suggest that is as good as no key at all.

I think that this difficulty is where the conflict comes from.

So my suggestion is that we should be focused on containers that support
encryption, even if we choose not to provide a standard way to distribute t=
he
decryption key(s).


=2D-=20
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -=3D IPv6 IoT consulting =3D-




--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJaAIDEAAoJEJVM4Vb9/EKQiVUH/jF45fxPHO7CI+SX5aPbbKwY
97NEHpZHgQS12D/IMuVBB+padZqKaqWQIWN7sBzLZpsGy0sEAF4apv8Z48n65Ise
+mc06/Yg70vdZb4kMqXuLPCup2zOhe+1Hz4SmxwRFYb2EOPxDYjH5E4HFESr21+B
a+U2L5KBP8TwdA0IX869yrusqNtEmXP7UkwN6rf2M3rWyRYz3xWJBtWp0/QdTtqz
V5UbQdqsz3+tOKvTIPPqIp+PurZBSi60jogY8qvRoiHw4biiZbL8VaTa4vquG/23
78h3W0+R4K74mrof/puFNN+e1nwjMaFtc54HgCYpm4jJ4hgq4LoD9Aq5neK3Q+0=
=Kaqy
-----END PGP SIGNATURE-----
--=-=-=--


From nobody Mon Nov  6 07:48:45 2017
Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2FA7413FAE8; Mon,  6 Nov 2017 07:48:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RszMYYieY9pY; Mon,  6 Nov 2017 07:48:37 -0800 (PST)
Received: from mail.proper.com (Opus1.Proper.COM [207.182.41.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EF7B813FAD9; Mon,  6 Nov 2017 07:48:36 -0800 (PST)
Received: from [10.32.60.122] (50-1-51-141.dsl.dynamic.fusionbroadband.com [50.1.51.141]) (authenticated bits=0) by mail.proper.com (8.15.2/8.14.9) with ESMTPSA id vA6FlACc070746 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 6 Nov 2017 08:47:11 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
X-Authentication-Warning: mail.proper.com: Host 50-1-51-141.dsl.dynamic.fusionbroadband.com [50.1.51.141] claimed to be [10.32.60.122]
From: "Paul Hoffman" <paul.hoffman@vpnc.org>
To: "The IESG" <iesg@ietf.org>
Cc: "suit@ietf.org" <suit@ietf.org>
Date: Mon, 06 Nov 2017 07:48:34 -0800
Message-ID: <1A13A291-F0E9-4F03-96D7-0393C6F12F5B@vpnc.org>
In-Reply-To: <CY4PR09MB1495F5E545222C79A6090357F05D0@CY4PR09MB1495.namprd09.prod.outlook.com>
References: <150972672329.16422.18367622832369820976.idtracker@ietfa.amsl.com> <3DBC689C-8369-47DB-9B81-ACA8C28B5926@tzi.org> <E78F3C89-6D82-4338-8485-4CB945C4B406@vpnc.org> <CY4PR09MB1495F5E545222C79A6090357F05D0@CY4PR09MB1495.namprd09.prod.outlook.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Mailer: MailMate (1.9.7r5425)
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/93narLOQuAKX2U7vgW5ngk_7M7I>
Subject: Re: [Suit] WG Review: Software Updates for Internet of Things (suit)
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Nov 2017 15:48:38 -0000

On 3 Nov 2017, at 11:43, Waltermire, David A. (Fed) wrote:

>>>> The initial focus of this group will be development of a manifest
>>>> approach based on CMS and the ASN.1 encoding. This work will result
>>>> in a revision of RFC 4108 that reflects the current best practices.
>>
>>> I’m slightly confused by this charter proposal.
>>> The recent mailing list discussion went into a different direction.
>>> Is this the current proposed text?
>>
>> I agree with Carsten: that's not what the recent list traffic was 
>> aiming for. The
>> draft charter from a month ago didn't force the WG into ASN.1, and I 
>> don't see
>> any list traffic asking for that.
>
> The guidance we received from the IESG is that they want the question 
> around one or more formats resolved during the chartering process.

That's not the way that I read the charter balloting comments on this 
list.  The mailing list clearly has no consensus yet, and nothing in the 
proposed manifest contents so far would make using ASN.1 or CBOR a more 
obvious choice.

> We have had a number of views expressed on the list. We need to focus 
> in on what the consensus within the group is. We need to identify what 
> our initial work items will be regarding format(s).
>
> To that end, this text can be updated. Do you have alternate text to 
> propose?

The initial focus of this group will be development of the contents of a 
manifest.
Once there is general agreement on the contents, the group will pick one 
format
(and its associated cryptographic mechanisms) to encode the manifest.

>>>> Use of the ASN.1 encoding
>>>> is desirable due to existing ASN.1 support in crypto libraries used
>>>> within current IoT operating systems.
>>
>> The same could be said for CBOR/COSE. It is probably inaccurate to 
>> cite
>> "ASN.1 support" given that different parts of a system might each 
>> implement its
>> own ASN.1 stack.
>
> How would you change this text to improve it?

Two likely candidates for encoding are ASN.1 and CBOR, both of which 
already have
support in current IoT crypto libraries.

--Paul Hoffman


From nobody Mon Nov  6 07:51:17 2017
Return-Path: <mcr@sandelman.ca>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A7EF913FC33 for <suit@ietfa.amsl.com>; Mon,  6 Nov 2017 07:51:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level: 
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AMRrtSVLolES for <suit@ietfa.amsl.com>; Mon,  6 Nov 2017 07:51:12 -0800 (PST)
Received: from relay.sandelman.ca (relay.cooperix.net [176.58.120.209]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3F2FF13FC07 for <suit@ietf.org>; Mon,  6 Nov 2017 07:51:12 -0800 (PST)
Received: from dooku.sandelman.ca (199-7-159-58.eng.wind.ca [199.7.159.58]) by relay.sandelman.ca (Postfix) with ESMTPS id 8E3311F8FB; Mon,  6 Nov 2017 15:51:10 +0000 (UTC)
Received: by dooku.sandelman.ca (Postfix, from userid 179) id 2E4A135A3; Mon,  6 Nov 2017 10:50:18 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: "suit\@ietf.org" <suit@ietf.org>
cc: Martin Thomson <martin.thomson@gmail.com>
In-reply-to: <CABkgnnU8vF9ru4nBGoD-Uxt0fpC48AH_ApecjRMpeOYtxs-XAw@mail.gmail.com>
References: <CABkgnnXEr7M7399MF3qkUrbdR_mjtnZxsgW_JyNYpa0NgRdbHA@mail.gmail.com> <AM4PR0801MB270672F8A7D64CD2C45C64FAFA500@AM4PR0801MB2706.eurprd08.prod.outlook.com> <CABkgnnU8vF9ru4nBGoD-Uxt0fpC48AH_ApecjRMpeOYtxs-XAw@mail.gmail.com>
Comments: In-reply-to Martin Thomson <martin.thomson@gmail.com> message dated "Mon, 06 Nov 2017 21:38:45 +1100."
X-Mailer: MH-E 8.6; nmh 1.6; GNU Emacs 24.5.1
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha1; protocol="application/pgp-signature"
Date: Mon, 06 Nov 2017 10:50:18 -0500
Message-ID: <2309.1509983418@dooku.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/MsmpyFbeMrxp6TD3TTZlMsNAeek>
Subject: Re: [Suit] Thoughts on requirements and scope
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Nov 2017 15:51:16 -0000

--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable


Martin Thomson <martin.thomson@gmail.com> wrote:
    > If, as you suggest, this is done as part of a larger framework that
    > addresses delivery, why could you not assume that the update and
    > manifest are already present?  That the larger framework can be
    > responsible for matching manifest to update?  For example, if you
    > choose HTTP, link relation between one and t'other would be simple
    > enough and neatly put finding firmware out of scope for the manifest.
    > Then you avoid having the manifest deal with the messy details of
    > locators (which is the area in the draft that is messiest, at least in
    > my view).

I want to make sure that I understand you correctly.
You are saying, if the device found the manifest at:
    https://example.com/foo/bar/device/manufest.ext

and the manifest says the load firmware, "XQN456.bin"
that one would find it at:
    https://example.com/foo/bar/device/XQN456.bin

and if it came from:
    tftp://192.168.1.1/foo/bar/device/manufest.ext
that the firmware is at:
    tftp://192.168.1.1/foo/bar/device/XQN456.bin

=2D-=20
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -=3D IPv6 IoT consulting =3D-




--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJaAIS5AAoJEJVM4Vb9/EKQPtsH/3X2BvhHPfQcucefeTAiQF/A
YZQJ/onZeqBPRdZZYQZhx3nXfMbe3Ij96lR6GcSoXRfvujVIttJSu3KXgC17Ik7U
sPCWpDZ0T0G9Y8TkO4BvRdab9WuLzw0qlXFX1DmTBxaIzXObWQkGp5roJ037UrCP
4lFNhps16ortAfNZ8pCbS0edaWKV7klJKqQ+2FnNitH7eLngb5RhvViC7caYa5S+
2Ly56xZUpjRpLBcI80G5MP4eQjrujz3UrhrseCKBqjTQuR/hDViOOJiKvA/f/TqV
ArTACyWiHmwnY+f8LnDZRe7CFnugoqrToVYtzt5Bx66HA9CbDKO7NZbJilhYqZw=
=8HyO
-----END PGP SIGNATURE-----
--=-=-=--


From nobody Mon Nov  6 08:14:30 2017
Return-Path: <alexander@ackl.io>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 41D5113FC52; Mon,  6 Nov 2017 08:14:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.62
X-Spam-Level: 
X-Spam-Status: No, score=-2.62 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id etxDRtBrQ2da; Mon,  6 Nov 2017 08:14:27 -0800 (PST)
Received: from relay2-d.mail.gandi.net (relay2-d.mail.gandi.net [217.70.183.194]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4B07413FC07; Mon,  6 Nov 2017 08:14:27 -0800 (PST)
X-Originating-IP: 192.44.77.209
Received: from zax.rennes.enst-bretagne.fr (nat-asr-incub-b209.rennes.enst-bretagne.fr [192.44.77.209]) (Authenticated sender: alex@ackl.io) by relay2-d.mail.gandi.net (Postfix) with ESMTPSA id 4ABBDC5A56; Mon,  6 Nov 2017 17:14:24 +0100 (CET)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Alexander Pelov <alexander@ackl.io>
In-Reply-To: <1A13A291-F0E9-4F03-96D7-0393C6F12F5B@vpnc.org>
Date: Mon, 6 Nov 2017 17:14:24 +0100
Cc: The IESG <iesg@ietf.org>, "suit@ietf.org" <suit@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <F06AC184-835E-4E6D-A000-C0C12094159C@ackl.io>
References: <150972672329.16422.18367622832369820976.idtracker@ietfa.amsl.com> <3DBC689C-8369-47DB-9B81-ACA8C28B5926@tzi.org> <E78F3C89-6D82-4338-8485-4CB945C4B406@vpnc.org> <CY4PR09MB1495F5E545222C79A6090357F05D0@CY4PR09MB1495.namprd09.prod.outlook.com> <1A13A291-F0E9-4F03-96D7-0393C6F12F5B@vpnc.org>
To: Paul Hoffman <paul.hoffman@vpnc.org>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/ZihdT4m0Dcg0eSKg7VntHqEVWds>
Subject: Re: [Suit] WG Review: Software Updates for Internet of Things (suit)
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Nov 2017 16:14:29 -0000

Dear Paul, all,

> Le 6 nov. 2017 =C3=A0 16:48, Paul Hoffman <paul.hoffman@vpnc.org> a =
=C3=A9crit :
>=20
> On 3 Nov 2017, at 11:43, Waltermire, David A. (Fed) wrote:
>=20
>>>>> The initial focus of this group will be development of a manifest
>>>>> approach based on CMS and the ASN.1 encoding. This work will =
result
>>>>> in a revision of RFC 4108 that reflects the current best =
practices.
>>>=20
>>>> I=E2=80=99m slightly confused by this charter proposal.
>>>> The recent mailing list discussion went into a different direction.
>>>> Is this the current proposed text?
>>>=20
>>> I agree with Carsten: that's not what the recent list traffic was =
aiming for. The
>>> draft charter from a month ago didn't force the WG into ASN.1, and I =
don't see
>>> any list traffic asking for that.
>>=20
>> The guidance we received from the IESG is that they want the question =
around one or more formats resolved during the chartering process.
>=20
> That's not the way that I read the charter balloting comments on this =
list.  The mailing list clearly has no consensus yet, and nothing in the =
proposed manifest contents so far would make using ASN.1 or CBOR a more =
obvious choice.

I agree with this one. Lots of things changed from the proposed charter =
discussed on the mailing list and the approved proposed one. (which is =
of course something to work out around the BoF) (It seems to me that =
there is a pretty wide interest in the topic, so at least that one seems =
a spot-on.)

We=E2=80=99ve already had a very interesting mail from Philip =
Hallam-Baker that had strong arguments AGAINST ASN.1, and I have not =
seen a response to it on the ML. If anyone has a view on this I would be =
very interested in having more information.

Best,
Alexander



>=20
>> We have had a number of views expressed on the list. We need to focus =
in on what the consensus within the group is. We need to identify what =
our initial work items will be regarding format(s).
>>=20
>> To that end, this text can be updated. Do you have alternate text to =
propose?
>=20
> The initial focus of this group will be development of the contents of =
a manifest.
> Once there is general agreement on the contents, the group will pick =
one format
> (and its associated cryptographic mechanisms) to encode the manifest.
>=20
>>>>> Use of the ASN.1 encoding
>>>>> is desirable due to existing ASN.1 support in crypto libraries =
used
>>>>> within current IoT operating systems.
>>>=20
>>> The same could be said for CBOR/COSE. It is probably inaccurate to =
cite
>>> "ASN.1 support" given that different parts of a system might each =
implement its
>>> own ASN.1 stack.
>>=20
>> How would you change this text to improve it?
>=20
> Two likely candidates for encoding are ASN.1 and CBOR, both of which =
already have
> support in current IoT crypto libraries.
>=20
> --Paul Hoffman
>=20
> _______________________________________________
> Suit mailing list
> Suit@ietf.org
> https://www.ietf.org/mailman/listinfo/suit


From nobody Mon Nov  6 08:17:58 2017
Return-Path: <rsalz@akamai.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 71BA113FADB; Mon,  6 Nov 2017 08:17:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level: 
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dGV25U84WGoJ; Mon,  6 Nov 2017 08:17:50 -0800 (PST)
Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 578B013F88D; Mon,  6 Nov 2017 08:17:50 -0800 (PST)
Received: from pps.filterd (m0050095.ppops.net [127.0.0.1]) by mx0a-00190b01.pphosted.com (8.16.0.21/8.16.0.21) with SMTP id vA6GGaVf031039; Mon, 6 Nov 2017 16:17:44 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=jan2016.eng; bh=OgoV1ZvZtkZzG3FFjV6fTdf2BrBk/dWaLKrys0twCIM=; b=nt1wPGckdR1/27sP/Os1va568P0OxVYehhJeq4AEvyzg4Zoc8aAGEflW4BPaH7/8z+4I SIU9lVwfoEg6xE43jr9nkavEDw3NNhs3tman30RcyQYNFC3LiiqSg0sM9cqOQZCmRY9S cFuil9NccQa9DOh5EelL4tsrA1kL4rfRrGRMjOEKhczHkTqV6iiDIWY3uH32D5HXDi9U COUrTSM2KkA+91fdWoCL4HmCH/tNZWrqH64eXr9veJ0uEhxlhU1qpn5YgvkzPHmXepc4 vAK5dVdt43qeySi+jWbB/NA7ACKz0zd0ou0vTbmLaaksSDxKIoyKD3UH+2zqJPTw6oYM 6g== 
Received: from prod-mail-ppoint1 (prod-mail-ppoint1.akamai.com [184.51.33.18]) by m0050095.ppops.net-00190b01. with ESMTP id 2e15y5pxkd-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 06 Nov 2017 16:17:44 +0000
Received: from pps.filterd (prod-mail-ppoint1.akamai.com [127.0.0.1]) by prod-mail-ppoint1.akamai.com (8.16.0.21/8.16.0.21) with SMTP id vA6GFP1I020522; Mon, 6 Nov 2017 11:17:43 -0500
Received: from email.msg.corp.akamai.com ([172.27.123.31]) by prod-mail-ppoint1.akamai.com with ESMTP id 2e18vu5ma9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Mon, 06 Nov 2017 11:17:43 -0500
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb2.msg.corp.akamai.com (172.27.123.102) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Mon, 6 Nov 2017 11:17:42 -0500
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1263.000; Mon, 6 Nov 2017 11:17:42 -0500
From: "Salz, Rich" <rsalz@akamai.com>
To: Alexander Pelov <alexander@ackl.io>, Paul Hoffman <paul.hoffman@vpnc.org>
CC: "suit@ietf.org" <suit@ietf.org>, The IESG <iesg@ietf.org>
Thread-Topic: [Suit] WG Review: Software Updates for Internet of Things (suit)
Thread-Index: AQHTVMFLroaD6okIBEaw2xlN6RtpoqMDMdYAgAAD+YCAAAslgIAElsIAgAAHOACAAADrgA==
Date: Mon, 6 Nov 2017 16:17:41 +0000
Message-ID: <F8409E6E-0E6D-4824-BFEF-4AA0528FCFEF@akamai.com>
References: <150972672329.16422.18367622832369820976.idtracker@ietfa.amsl.com> <3DBC689C-8369-47DB-9B81-ACA8C28B5926@tzi.org> <E78F3C89-6D82-4338-8485-4CB945C4B406@vpnc.org> <CY4PR09MB1495F5E545222C79A6090357F05D0@CY4PR09MB1495.namprd09.prod.outlook.com> <1A13A291-F0E9-4F03-96D7-0393C6F12F5B@vpnc.org> <F06AC184-835E-4E6D-A000-C0C12094159C@ackl.io>
In-Reply-To: <F06AC184-835E-4E6D-A000-C0C12094159C@ackl.io>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
user-agent: Microsoft-MacOutlook/f.27.0.171010
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.19.36.177]
Content-Type: text/plain; charset="utf-8"
Content-ID: <4C07D6A28C09CB4F89C170DF03D803FB@akamai.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-11-06_05:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1707230000 definitions=main-1711060225
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-11-06_05:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1707230000 definitions=main-1711060225
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/xjxF3GycwPJp43n14-IxTaprEFU>
Subject: Re: [Suit] WG Review: Software Updates for Internet of Things (suit)
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Nov 2017 16:17:51 -0000

4p6iIFdl4oCZdmUgYWxyZWFkeSBoYWQgYSB2ZXJ5IGludGVyZXN0aW5nIG1haWwgZnJvbSBQaGls
aXAgSGFsbGFtLUJha2VyIHRoYXQgaGFkIHN0cm9uZyBhcmd1bWVudHMgQUdBSU5TVCBBU04uMSwg
YW5kIEkgaGF2ZSBub3Qgc2VlbiBhIHJlc3BvbnNlIHRvIGl0IG9uIHRoZSBNTC4gSWYgYW55b25l
IGhhcyBhIHZpZXcgb24gdGhpcyBJIHdvdWxkIGJlIHZlcnkgaW50ZXJlc3RlZCBpbiBoYXZpbmcg
bW9yZSBpbmZvcm1hdGlvbi4NCiAgICANCkkgYWdyZWUgd2l0aCBQaGlsaXAgdGhhdCB3ZSBzaG91
bGQgbm90IGJlIGNyZWF0aW5nIG5ldyBkYXRhIHN0cnVjdHVyZXMgaW4gQVNOLjE7IHRoZXJlIGFy
ZSBzaW1wbGVyLCBwZXJmb3JtYW50LCBmb3JtYXRzIHJlYWRpbHkgYXZhaWxhYmxlLg0KDQooSeKA
mW0gYSBtZW1iZXIgb2YgdGhlIGRldmVsb3BtZW50IHRlYW0gb2YgT3BlblNTTCwgYW5kIHdoaWxl
IHdl4oCZbGwgbmV2ZXIgZ2V0IGF3YXkgZnJvbSBBU04uMS9ERVIgZm9yIGNyeXB0byB3b3JrLCB0
aGVyZeKAmXMgZW5vdWdoIHNjaGFkZW5mcmV1ZGUgaW4gdGhlIHdvcmxkIHRoYXQgd2UgZG9u4oCZ
dCBuZWVkIHRvIGFkZCB0byBpdC4pDQoNCg0K


From nobody Mon Nov  6 08:24:23 2017
Return-Path: <mcr@sandelman.ca>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D7CA513FC55; Mon,  6 Nov 2017 08:24:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level: 
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8IdfuYfFP0_3; Mon,  6 Nov 2017 08:24:15 -0800 (PST)
Received: from relay.sandelman.ca (relay.cooperix.net [176.58.120.209]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 76EF613FC07; Mon,  6 Nov 2017 08:24:15 -0800 (PST)
Received: from dooku.sandelman.ca (ipv6.dooku.sandelman.ca [IPv6:2607:f0b0:f:6::1]) by relay.sandelman.ca (Postfix) with ESMTPS id 47E291F8FB; Mon,  6 Nov 2017 16:24:13 +0000 (UTC)
Received: by dooku.sandelman.ca (Postfix, from userid 179) id 880973507; Mon,  6 Nov 2017 11:23:20 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: The IESG <iesg@ietf.org>, "suit\@ietf.org" <suit@ietf.org>
In-reply-to: <CY4PR09MB1495F5E545222C79A6090357F05D0@CY4PR09MB1495.namprd09.prod.outlook.com>
References: <150972672329.16422.18367622832369820976.idtracker@ietfa.amsl.com> <3DBC689C-8369-47DB-9B81-ACA8C28B5926@tzi.org> <E78F3C89-6D82-4338-8485-4CB945C4B406@vpnc.org> <CY4PR09MB1495F5E545222C79A6090357F05D0@CY4PR09MB1495.namprd09.prod.outlook.com>
Comments: In-reply-to "Waltermire, David A. (Fed)" <david.waltermire@nist.gov> message dated "Fri, 03 Nov 2017 18:43:57 -0000."
X-Mailer: MH-E 8.6; nmh 1.6; GNU Emacs 24.5.1
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha1; protocol="application/pgp-signature"
Date: Mon, 06 Nov 2017 11:23:20 -0500
Message-ID: <4043.1509985400@dooku.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/N0jaJY4xelxuddSq13CR-9SZh14>
Subject: Re: [Suit] WG Review: Software Updates for Internet of Things (suit)
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Nov 2017 16:24:17 -0000

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable


Waltermire, David A. (Fed) <david.waltermire@nist.gov> wrote:
    > My comments are inline below.

    >> >> The initial focus of this group will be development of a manifest
    >> >> approach based on CMS and the ASN.1 encoding. This work will resu=
lt
    >> >> in a revision of RFC 4108 that reflects the current best practice=
s.
    >>=20
    >> > I=E2=80=99m slightly confused by this charter proposal.  > The rec=
ent
    >> mailing list discussion went into a different direction.  > Is this
    >> the current proposed text?
    >>=20
    >> I agree with Carsten: that's not what the recent list traffic was
    >> aiming for. The draft charter from a month ago didn't force the WG
    >> into ASN.1, and I don't see any list traffic asking for that.

    > The guidance we received from the IESG is that they want the question
    > around one or more formats resolved during the chartering process. We
    > have had a number of views expressed on the list. We need to focus in
    > on what the consensus within the group is. We need to identify what o=
ur
    > initial work items will be regarding format(s).

I can understand why the IESG would like the question resolved in the chart=
er
so that we can make progress rather than have a format war.

I do not believe that we have consensus for an RFC4108/ASN.1 based format,
and I think that writing that into the charter at this time will render
the WG dysfunctional. (People will go elsewhere).

I'm not convinced that we have consensus that we must have a single firmware
container format (a few people say it must be a single format).=20=20
I also do not think that we have consensus that multiple formats is bad,
there is still a tuscle here.

I think that the problem may be solved by splitting the manifest semantics
contents from the implementation format.  We have done this in ANIMA
with draft-ietf-anima-voucher: we abstracted to YANG, and then present
examples based upon a CMS/PKCS based solution as an example. We did this
based upon feedback from some developers that they needed this, yet we want
to move forward to JOSE and COSE/CWT solutions.=20

=2D-=20
]               Never tell me the odds!                 | ipv6 mesh network=
s [=20
]   Michael Richardson, Sandelman Software Works        | network architect=
  [=20
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails  =
  [=20
=09

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJaAIx4AAoJEJVM4Vb9/EKQa5MH/iM+RsfkSfVDOYtHe7dAIUyx
rhDPzbwgkJeV2q8c/mI7u78OrfoES5kfI9G/fL3AENBEvvpmbu82FtiZUO7Xk5PC
rtW9KrAcA9vxa1wcRZdj5ZgIkhetqr9qofrQQMS8tf3H0mqOcArraaOWkyBunQ6o
/E9nYcMeva+CCffBkVlcbYJ6CRHotDC+BO07+YAAxghxTkpqKC6bcUjyhUYne2F9
+J7JT4oK0gEo1jYGuZa6GCxwKYUsMb75fnBynbir8HwlM14H2Gg+fZ1oFJIL7pgC
Pw9ef4c5Kz3mE7kETRq2i+GiI2c3S1xf0CAQpOquajc12VuWlnHhi4Cj8kakjIU=
=R24b
-----END PGP SIGNATURE-----
--=-=-=--


From nobody Mon Nov  6 08:25:01 2017
Return-Path: <ekr@rtfm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A260213FB80 for <suit@ietfa.amsl.com>; Mon,  6 Nov 2017 08:24:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L-_Ge6HOor-h for <suit@ietfa.amsl.com>; Mon,  6 Nov 2017 08:24:53 -0800 (PST)
Received: from mail-yw0-x230.google.com (mail-yw0-x230.google.com [IPv6:2607:f8b0:4002:c05::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CF85413FB27 for <suit@ietf.org>; Mon,  6 Nov 2017 08:24:52 -0800 (PST)
Received: by mail-yw0-x230.google.com with SMTP id k11so8306395ywh.1 for <suit@ietf.org>; Mon, 06 Nov 2017 08:24:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=dlg6fL9vQc4I/K2A0h24XXxnhwyD2NHsRqddAsiUR6s=; b=nDMB7+Th1b6kmyx5IM8TEBUeT1+YfD0OexRwX/67T5kHg7SeH+wojxVpzhSMPq9JSt MgoBSQ7mrUWIPCo4SBVsIc4/oOxX0jFjlUlse+RGmg9HqdaN07tnCVYYNs48ABL+hJ1W yknkP0dnyC90R4RSdvt18v3o8r0nVD1OFj7l6Ed41C/kIXAna3dPwusgGu/1CoEJepop tnUVla7RHAiiFpTedkNcLs1Nsai3Kc7TiHjquzjA0RsuzFX6HVxM/8B9iT96csateQeO LDTXxPo0HbzqKosEavO/b/ZMaukHp/fn+sq6pRyfjl3anhl0Ym0GUCVTV6MYsrKkPibH Shtw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=dlg6fL9vQc4I/K2A0h24XXxnhwyD2NHsRqddAsiUR6s=; b=Izk61spfZmfTTgy04ovTvRBjCr4S8o1F9ZUEt8/vbIY2kG6SbbP87Wx/rNzrKBww1M LU7r9sdY/MwUIvNlWaLVir/rrAOafVLevb0P8h9a4eSWgI6wepLit04Uz4AcNydtMeKm OZNDMjmLe4Zp9JIeGM3LwQ300RXj5nIBvxS+5mulCj46BwQoP7IasZUhJlproS3CqFPr /IsdGH7LYJGE265DfX1aMEMSQEa0jTohvvKFYeX4niSRD0x9N1Lmz3r/pPQWLfUe01d4 6fhxkUQJHmJGRZS725YbTax5rk1+Zz/6yhZFYvBYt8NRk+EYyhpyOOurdohwFmu5VgIE YKYQ==
X-Gm-Message-State: AMCzsaUfznAXpgHL+DEW/fqLvEf6W2oX+kSk7Q0jADmKEb1bhI2agSaf o/BNiZdfs0Hxne58JfIfRIATYpyAIjEv8w6i6NcdOw==
X-Google-Smtp-Source: ABhQp+SOuxmupFhQhZ9qD8lLqsGF7LuL3Ruu2vVdrrO/1fi9vAznuPGQlI5p7Qc9i0NRT8m5JWcOzVVhPA3Y/j9SO1s=
X-Received: by 10.13.192.196 with SMTP id b187mr10376987ywd.416.1509985491980;  Mon, 06 Nov 2017 08:24:51 -0800 (PST)
MIME-Version: 1.0
Received: by 10.129.61.12 with HTTP; Mon, 6 Nov 2017 08:24:11 -0800 (PST)
In-Reply-To: <F06AC184-835E-4E6D-A000-C0C12094159C@ackl.io>
References: <150972672329.16422.18367622832369820976.idtracker@ietfa.amsl.com> <3DBC689C-8369-47DB-9B81-ACA8C28B5926@tzi.org> <E78F3C89-6D82-4338-8485-4CB945C4B406@vpnc.org> <CY4PR09MB1495F5E545222C79A6090357F05D0@CY4PR09MB1495.namprd09.prod.outlook.com> <1A13A291-F0E9-4F03-96D7-0393C6F12F5B@vpnc.org> <F06AC184-835E-4E6D-A000-C0C12094159C@ackl.io>
From: Eric Rescorla <ekr@rtfm.com>
Date: Mon, 6 Nov 2017 08:24:11 -0800
Message-ID: <CABcZeBPyuPkTsKgZ27eQKxfNcbDEDew4w5frQSzgGk=RG-Ahaw@mail.gmail.com>
To: Alexander Pelov <alexander@ackl.io>
Cc: Paul Hoffman <paul.hoffman@vpnc.org>, "suit@ietf.org" <suit@ietf.org>, The IESG <iesg@ietf.org>
Content-Type: multipart/alternative; boundary="001a114edd48ddacd5055d52e4a6"
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/VDHCRHKkoCJ6ozVuHHZ_8WItCSc>
Subject: Re: [Suit] WG Review: Software Updates for Internet of Things (suit)
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Nov 2017 16:24:56 -0000

--001a114edd48ddacd5055d52e4a6
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Mon, Nov 6, 2017 at 8:14 AM, Alexander Pelov <alexander@ackl.io> wrote:

> Dear Paul, all,
>
> > Le 6 nov. 2017 =C3=A0 16:48, Paul Hoffman <paul.hoffman@vpnc.org> a =C3=
=A9crit :
> >
> > On 3 Nov 2017, at 11:43, Waltermire, David A. (Fed) wrote:
> >
> >>>>> The initial focus of this group will be development of a manifest
> >>>>> approach based on CMS and the ASN.1 encoding. This work will result
> >>>>> in a revision of RFC 4108 that reflects the current best practices.
> >>>
> >>>> I=E2=80=99m slightly confused by this charter proposal.
> >>>> The recent mailing list discussion went into a different direction.
> >>>> Is this the current proposed text?
> >>>
> >>> I agree with Carsten: that's not what the recent list traffic was
> aiming for. The
> >>> draft charter from a month ago didn't force the WG into ASN.1, and I
> don't see
> >>> any list traffic asking for that.
> >>
> >> The guidance we received from the IESG is that they want the question
> around one or more formats resolved during the chartering process.
> >
> > That's not the way that I read the charter balloting comments on this
> list.  The mailing list clearly has no consensus yet, and nothing in the
> proposed manifest contents so far would make using ASN.1 or CBOR a more
> obvious choice.
>
> I agree with this one. Lots of things changed from the proposed charter
> discussed on the mailing list and the approved proposed one. (which is of
> course something to work out around the BoF) (It seems to me that there i=
s
> a pretty wide interest in the topic, so at least that one seems a spot-on=
.)
>
> We=E2=80=99ve already had a very interesting mail from Philip Hallam-Bake=
r that
> had strong arguments AGAINST ASN.1, and I have not seen a response to it =
on
> the ML. If anyone has a view on this I would be very interested in having
> more information.
>

I don't feel strongly about this, but RFC 4108 already is in ASN.1, so
presumably the argument is "we're revising that"

-Ekr


> Best,
> Alexander
>
>
>
> >
> >> We have had a number of views expressed on the list. We need to focus
> in on what the consensus within the group is. We need to identify what ou=
r
> initial work items will be regarding format(s).
> >>
> >> To that end, this text can be updated. Do you have alternate text to
> propose?
> >
> > The initial focus of this group will be development of the contents of =
a
> manifest.
> > Once there is general agreement on the contents, the group will pick on=
e
> format
> > (and its associated cryptographic mechanisms) to encode the manifest.
> >
> >>>>> Use of the ASN.1 encoding
> >>>>> is desirable due to existing ASN.1 support in crypto libraries used
> >>>>> within current IoT operating systems.
> >>>
> >>> The same could be said for CBOR/COSE. It is probably inaccurate to ci=
te
> >>> "ASN.1 support" given that different parts of a system might each
> implement its
> >>> own ASN.1 stack.
> >>
> >> How would you change this text to improve it?
> >
> > Two likely candidates for encoding are ASN.1 and CBOR, both of which
> already have
> > support in current IoT crypto libraries.
> >
> > --Paul Hoffman
> >
> > _______________________________________________
> > Suit mailing list
> > Suit@ietf.org
> > https://www.ietf.org/mailman/listinfo/suit
>
> _______________________________________________
> Suit mailing list
> Suit@ietf.org
> https://www.ietf.org/mailman/listinfo/suit
>

--001a114edd48ddacd5055d52e4a6
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><br><div class=3D"gmail_extra"><br><div class=3D"gmail_quo=
te">On Mon, Nov 6, 2017 at 8:14 AM, Alexander Pelov <span dir=3D"ltr">&lt;<=
a href=3D"mailto:alexander@ackl.io" target=3D"_blank">alexander@ackl.io</a>=
&gt;</span> wrote:<br><blockquote class=3D"gmail_quote" style=3D"margin:0 0=
 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Dear Paul, all,<br>
<span class=3D""><br>
&gt; Le 6 nov. 2017 =C3=A0 16:48, Paul Hoffman &lt;<a href=3D"mailto:paul.h=
offman@vpnc.org">paul.hoffman@vpnc.org</a>&gt; a =C3=A9crit :<br>
&gt;<br>
&gt; On 3 Nov 2017, at 11:43, Waltermire, David A. (Fed) wrote:<br>
&gt;<br>
&gt;&gt;&gt;&gt;&gt; The initial focus of this group will be development of=
 a manifest<br>
&gt;&gt;&gt;&gt;&gt; approach based on CMS and the ASN.1 encoding. This wor=
k will result<br>
&gt;&gt;&gt;&gt;&gt; in a revision of RFC 4108 that reflects the current be=
st practices.<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt;&gt; I=E2=80=99m slightly confused by this charter proposal.<br=
>
&gt;&gt;&gt;&gt; The recent mailing list discussion went into a different d=
irection.<br>
&gt;&gt;&gt;&gt; Is this the current proposed text?<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; I agree with Carsten: that&#39;s not what the recent list traf=
fic was aiming for. The<br>
&gt;&gt;&gt; draft charter from a month ago didn&#39;t force the WG into AS=
N.1, and I don&#39;t see<br>
&gt;&gt;&gt; any list traffic asking for that.<br>
&gt;&gt;<br>
&gt;&gt; The guidance we received from the IESG is that they want the quest=
ion around one or more formats resolved during the chartering process.<br>
&gt;<br>
&gt; That&#39;s not the way that I read the charter balloting comments on t=
his list.=C2=A0 The mailing list clearly has no consensus yet, and nothing =
in the proposed manifest contents so far would make using ASN.1 or CBOR a m=
ore obvious choice.<br>
<br>
</span>I agree with this one. Lots of things changed from the proposed char=
ter discussed on the mailing list and the approved proposed one. (which is =
of course something to work out around the BoF) (It seems to me that there =
is a pretty wide interest in the topic, so at least that one seems a spot-o=
n.)<br>
<br>
We=E2=80=99ve already had a very interesting mail from Philip Hallam-Baker =
that had strong arguments AGAINST ASN.1, and I have not seen a response to =
it on the ML. If anyone has a view on this I would be very interested in ha=
ving more information.<br></blockquote><div><br></div><div>I don&#39;t feel=
 strongly about this, but RFC 4108 already is in ASN.1, so presumably the a=
rgument is &quot;we&#39;re revising that&quot;</div><div><br></div><div>-Ek=
r</div><div><br></div><blockquote class=3D"gmail_quote" style=3D"margin:0 0=
 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
Best,<br>
Alexander<br>
<span class=3D"im HOEnZb"><br>
<br>
<br>
&gt;<br>
&gt;&gt; We have had a number of views expressed on the list. We need to fo=
cus in on what the consensus within the group is. We need to identify what =
our initial work items will be regarding format(s).<br>
&gt;&gt;<br>
&gt;&gt; To that end, this text can be updated. Do you have alternate text =
to propose?<br>
&gt;<br>
&gt; The initial focus of this group will be development of the contents of=
 a manifest.<br>
&gt; Once there is general agreement on the contents, the group will pick o=
ne format<br>
&gt; (and its associated cryptographic mechanisms) to encode the manifest.<=
br>
&gt;<br>
&gt;&gt;&gt;&gt;&gt; Use of the ASN.1 encoding<br>
&gt;&gt;&gt;&gt;&gt; is desirable due to existing ASN.1 support in crypto l=
ibraries used<br>
&gt;&gt;&gt;&gt;&gt; within current IoT operating systems.<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; The same could be said for CBOR/COSE. It is probably inaccurat=
e to cite<br>
&gt;&gt;&gt; &quot;ASN.1 support&quot; given that different parts of a syst=
em might each implement its<br>
&gt;&gt;&gt; own ASN.1 stack.<br>
&gt;&gt;<br>
&gt;&gt; How would you change this text to improve it?<br>
&gt;<br>
&gt; Two likely candidates for encoding are ASN.1 and CBOR, both of which a=
lready have<br>
&gt; support in current IoT crypto libraries.<br>
&gt;<br>
&gt; --Paul Hoffman<br>
&gt;<br>
</span><div class=3D"HOEnZb"><div class=3D"h5">&gt; _______________________=
_______<wbr>_________________<br>
&gt; Suit mailing list<br>
&gt; <a href=3D"mailto:Suit@ietf.org">Suit@ietf.org</a><br>
&gt; <a href=3D"https://www.ietf.org/mailman/listinfo/suit" rel=3D"noreferr=
er" target=3D"_blank">https://www.ietf.org/mailman/<wbr>listinfo/suit</a><b=
r>
<br>
______________________________<wbr>_________________<br>
Suit mailing list<br>
<a href=3D"mailto:Suit@ietf.org">Suit@ietf.org</a><br>
<a href=3D"https://www.ietf.org/mailman/listinfo/suit" rel=3D"noreferrer" t=
arget=3D"_blank">https://www.ietf.org/mailman/<wbr>listinfo/suit</a><br>
</div></div></blockquote></div><br></div></div>

--001a114edd48ddacd5055d52e4a6--


From nobody Mon Nov  6 08:47:13 2017
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 617F513FB36; Mon,  6 Nov 2017 08:47:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Level: 
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LFPCjmPA7Nfr; Mon,  6 Nov 2017 08:47:10 -0800 (PST)
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-he1eur01on0054.outbound.protection.outlook.com [104.47.0.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 22F1B13FAF6; Mon,  6 Nov 2017 08:47:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=KTUMBXKXn9WGt5ASvxBkeQkDjBE8cg+WETeOwaY4Cj8=; b=WvOFwY21I1QxmsfZr0Mg+IDROeC7z5x53SwSukBZ08Peey+91m+zZzjG4xgJQ47RJBJvmAFRgtdsZuqh1EJpR3sLJ2VeAP669TLh3VlSt2L78SCCl9YgYnzpUCoWInGpxz4y01F7IeHGF8f4Cbq+lhaka307vbxkoJtqZIHtseo=
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com (10.167.90.148) by AM4PR0801MB2708.eurprd08.prod.outlook.com (10.167.90.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.197.13; Mon, 6 Nov 2017 16:47:07 +0000
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::403b:850e:c32c:fad6]) by AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::403b:850e:c32c:fad6%13]) with mapi id 15.20.0197.017; Mon, 6 Nov 2017 16:47:07 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Paul Hoffman <paul.hoffman@vpnc.org>, The IESG <iesg@ietf.org>
CC: "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] WG Review: Software Updates for Internet of Things (suit)
Thread-Index: AQHTVMFL+iLnYCwU0kOnFPZGIVVbDKMC7sgAgAAD+ICAAAsmgIAEhf4AgAADkKA=
Date: Mon, 6 Nov 2017 16:47:07 +0000
Message-ID: <AM4PR0801MB270689363B97B9079939CF8EFA500@AM4PR0801MB2706.eurprd08.prod.outlook.com>
References: <150972672329.16422.18367622832369820976.idtracker@ietfa.amsl.com> <3DBC689C-8369-47DB-9B81-ACA8C28B5926@tzi.org> <E78F3C89-6D82-4338-8485-4CB945C4B406@vpnc.org> <CY4PR09MB1495F5E545222C79A6090357F05D0@CY4PR09MB1495.namprd09.prod.outlook.com> <1A13A291-F0E9-4F03-96D7-0393C6F12F5B@vpnc.org>
In-Reply-To: <1A13A291-F0E9-4F03-96D7-0393C6F12F5B@vpnc.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com; 
x-originating-ip: [80.92.116.199]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM4PR0801MB2708; 6:0wJsurGuJCZ7vbEoJbHPFq6geDKtk5Bm2mg9SSdDNA8k6e2DJNug7AtYJ+l7YJ+hKT+K6AlpUDn00KME55POS+Yi8fGqRLGmMsLeoNX89QzPJYuTkIpphA77g47knhML/x8nGHGJkwAquomCf6+locO7NB/8ktDGT43+y42+AjQ7qBk4DaIeTkHJsV1iBdlGmkORTeBC+l6sQEb05TCb8h7lXQMyZJwKEsqpEyPNVhDn6HKe4SQB8+I90mgDNl/Xc7/0/Ttf61gytzZpaYoDPd2NmWoPU/e42qL6kfrj32IUI1ic2eQIx2ZyQX4cX1fDPxs03xFD1bCw2K9u4tkCVgzJe7kZcOT11sOGGVdRZBo=; 5:G8WJT+himvL9bchlR8RwaL60VDFRVX2bn4+YfUFgCGAIoTuOm8/C7Q61n7BSO7lzYSiFPGjxwy4TNZrdhDtTSqeXD+fQvY6p3+euE9qeKZQvVaJcfiQLHKRkF1VXe/MoOpJZhWCURogBlkc3Nx4YYzng12XEH8SLLzWFYmsDYNo=; 24:QaMJ4U9LqgpdxefMBtvaXTC0KzoeqpScUt1jugXdmd+QZoMXbbe/2jahOgQoM8WXiF2Rh2DILgXY7v62At/CnKuuoRVTcncIXjQTl6KBXtk=; 7:FevbYE0KC8OSe+CkpDG/b3u7HyUbwvcLWnlzXoVXVmrZCC8wYqxOyzveBlhgX56+F52JwoWr/EHdhzk26TgYEGMgBqnAijx0nKy4KEIihy04cS+w4VhBX5YpRCAs1R6VU7C2ZYL4HEEICsusX8PHjVRd8ixmmUfaMUs6DpJLvYJ8KbvSVkgW49Fikz5iPuMx8mM651iMOr8ALM/z0C+wZ7Bjqdh0zq86hswHVHg4VMev+E3WzXJ8F+jS57Yf9miT
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 52697f10-5057-4f0c-f254-08d525360446
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603249); SRVR:AM4PR0801MB2708; 
x-ms-traffictypediagnostic: AM4PR0801MB2708:
x-exchange-antispam-report-test: UriScan:;
x-microsoft-antispam-prvs: <AM4PR0801MB27087B4C7482179E6C4BCA20FA500@AM4PR0801MB2708.eurprd08.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(3002001)(10201501046)(3231021)(93006095)(93001095)(100000703101)(100105400095)(6055026)(6041248)(20161123555025)(20161123558100)(20161123564025)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:AM4PR0801MB2708; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:AM4PR0801MB2708; 
x-forefront-prvs: 048396AFA0
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(376002)(39860400002)(346002)(40434004)(189002)(199003)(3846002)(2950100002)(102836003)(3280700002)(74316002)(25786009)(5660300001)(7696004)(33656002)(101416001)(50986999)(76176999)(54356999)(305945005)(7736002)(105586002)(15650500001)(6506006)(6246003)(6116002)(106356001)(4326008)(189998001)(53936002)(55016002)(6436002)(9686003)(3660700001)(8936002)(8676002)(81156014)(2906002)(81166006)(68736007)(229853002)(14454004)(86362001)(93886005)(97736004)(478600001)(5890100001)(5250100002)(99286004)(2900100001)(66066001)(316002)(72206003)(110136005); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR0801MB2708; H:AM4PR0801MB2706.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 52697f10-5057-4f0c-f254-08d525360446
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Nov 2017 16:47:07.1607 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0801MB2708
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/ebdXUl2YxQTDBGhxDdvTfcm1PU4>
Subject: Re: [Suit] WG Review: Software Updates for Internet of Things (suit)
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Nov 2017 16:47:12 -0000

UGF1bCBzYWlkOg0KDQo+IFR3byBsaWtlbHkgY2FuZGlkYXRlcyBmb3IgZW5jb2RpbmcgYXJlIEFT
Ti4xIGFuZCBDQk9SLCBib3RoIG9mIHdoaWNoIGFscmVhZHkgaGF2ZSBzdXBwb3J0IGluIGN1cnJl
bnQgSW9UIGNyeXB0byBsaWJyYXJpZXMuDQoNCldoaWxlIGFuIEFTTi4xIHBhcnNlciBpcyBwcmV0
dHkgbXVjaCBpbiBldmVyeSBjcnlwdG8gbGlicmFyeSB0aGUgdXNlIG9mIENCT1IgKHBhcnRpY3Vs
YXJseSB3aXRoIENPU0UpIGlzIHN0aWxsIGF0IGEgdmVyeSBlYXJseSBzdGFnZS4NCg0KQ2lhbw0K
SGFubmVzDQoNCklNUE9SVEFOVCBOT1RJQ0U6IFRoZSBjb250ZW50cyBvZiB0aGlzIGVtYWlsIGFu
ZCBhbnkgYXR0YWNobWVudHMgYXJlIGNvbmZpZGVudGlhbCBhbmQgbWF5IGFsc28gYmUgcHJpdmls
ZWdlZC4gSWYgeW91IGFyZSBub3QgdGhlIGludGVuZGVkIHJlY2lwaWVudCwgcGxlYXNlIG5vdGlm
eSB0aGUgc2VuZGVyIGltbWVkaWF0ZWx5IGFuZCBkbyBub3QgZGlzY2xvc2UgdGhlIGNvbnRlbnRz
IHRvIGFueSBvdGhlciBwZXJzb24sIHVzZSBpdCBmb3IgYW55IHB1cnBvc2UsIG9yIHN0b3JlIG9y
IGNvcHkgdGhlIGluZm9ybWF0aW9uIGluIGFueSBtZWRpdW0uIFRoYW5rIHlvdS4NCg==


From nobody Mon Nov  6 09:12:33 2017
Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DBA4213FAF7; Mon,  6 Nov 2017 09:12:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AKs12Yxmcdln; Mon,  6 Nov 2017 09:12:23 -0800 (PST)
Received: from mail.proper.com (Opus1.Proper.COM [207.182.41.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D80BF13FC58; Mon,  6 Nov 2017 09:12:22 -0800 (PST)
Received: from [169.254.83.43] (50-1-51-141.dsl.dynamic.fusionbroadband.com [50.1.51.141]) (authenticated bits=0) by mail.proper.com (8.15.2/8.14.9) with ESMTPSA id vA6HAtVj079676 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 6 Nov 2017 10:10:56 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
X-Authentication-Warning: mail.proper.com: Host 50-1-51-141.dsl.dynamic.fusionbroadband.com [50.1.51.141] claimed to be [169.254.83.43]
From: "Paul Hoffman" <paul.hoffman@vpnc.org>
To: "The IESG" <iesg@ietf.org>
Cc: "suit@ietf.org" <suit@ietf.org>
Date: Mon, 06 Nov 2017 09:12:20 -0800
Message-ID: <3E237CA3-A36E-4DAA-AFD7-601611798C4B@vpnc.org>
In-Reply-To: <CABcZeBPyuPkTsKgZ27eQKxfNcbDEDew4w5frQSzgGk=RG-Ahaw@mail.gmail.com>
References: <150972672329.16422.18367622832369820976.idtracker@ietfa.amsl.com> <3DBC689C-8369-47DB-9B81-ACA8C28B5926@tzi.org> <E78F3C89-6D82-4338-8485-4CB945C4B406@vpnc.org> <CY4PR09MB1495F5E545222C79A6090357F05D0@CY4PR09MB1495.namprd09.prod.outlook.com> <1A13A291-F0E9-4F03-96D7-0393C6F12F5B@vpnc.org> <F06AC184-835E-4E6D-A000-C0C12094159C@ackl.io> <CABcZeBPyuPkTsKgZ27eQKxfNcbDEDew4w5frQSzgGk=RG-Ahaw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; format=flowed
X-Mailer: MailMate (1.9.7r5425)
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/Qijh9NOhLKr1tFTOFQ3vvBeRIpo>
Subject: Re: [Suit] WG Review: Software Updates for Internet of Things (suit)
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Nov 2017 17:12:25 -0000

On 6 Nov 2017, at 8:24, Eric Rescorla wrote:

> I don't feel strongly about this, but RFC 4108 already is in ASN.1, so
> presumably the argument is "we're revising that"

I have not seen much desire for actually revising RFC 4108 on the 
mailing list. There is definitely interest in looking at the manifest in 
RFC 4108 and using the appropriate parts. RFC 4108 was an individual 
submission for a specific use case that preceded the idea of 
almost-unmanaged lightweight IoT devices, and thus might not be 
appropriate for revision in the eventual WG.

--Paul Hoffman


From nobody Mon Nov  6 12:41:54 2017
Return-Path: <mcr@sandelman.ca>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6764F13FBC9; Mon,  6 Nov 2017 12:41:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level: 
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id geTCQ0zsY5h5; Mon,  6 Nov 2017 12:41:51 -0800 (PST)
Received: from relay.sandelman.ca (relay.cooperix.net [176.58.120.209]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8F73C13FBC5; Mon,  6 Nov 2017 12:41:51 -0800 (PST)
Received: from dooku.sandelman.ca (unknown [IPv6:2001:0:53aa:64c:1885:6aa7:3888:140e]) by relay.sandelman.ca (Postfix) with ESMTPS id F242C1F8FB; Mon,  6 Nov 2017 20:41:48 +0000 (UTC)
Received: by dooku.sandelman.ca (Postfix, from userid 179) id 6773535A3; Mon,  6 Nov 2017 15:40:52 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: "The IESG" <iesg@ietf.org>, "suit\@ietf.org" <suit@ietf.org>
In-reply-to: <1A13A291-F0E9-4F03-96D7-0393C6F12F5B@vpnc.org>
References: <150972672329.16422.18367622832369820976.idtracker@ietfa.amsl.com> <3DBC689C-8369-47DB-9B81-ACA8C28B5926@tzi.org> <E78F3C89-6D82-4338-8485-4CB945C4B406@vpnc.org> <CY4PR09MB1495F5E545222C79A6090357F05D0@CY4PR09MB1495.namprd09.prod.outlook.com> <1A13A291-F0E9-4F03-96D7-0393C6F12F5B@vpnc.org>
Comments: In-reply-to "Paul Hoffman" <paul.hoffman@vpnc.org> message dated "Mon, 06 Nov 2017 07:48:34 -0800."
X-Mailer: MH-E 8.6; nmh 1.6; GNU Emacs 24.5.1
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha1; protocol="application/pgp-signature"
Date: Mon, 06 Nov 2017 15:40:52 -0500
Message-ID: <18637.1510000852@dooku.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/fihkIGDlNLuK-1RLoiOsjjBAXoo>
Subject: Re: [Suit] WG Review: Software Updates for Internet of Things (suit)
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Nov 2017 20:41:53 -0000

--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable


Paul Hoffman <paul.hoffman@vpnc.org> wrote:
    > The initial focus of this group will be development of the contents o=
f a
    > manifest.
    > Once there is general agreement on the contents, the group will pick =
one
    > format
    > (and its associated cryptographic mechanisms) to encode the manifest.

This seems good for me.

=2D-=20
]               Never tell me the odds!                 | ipv6 mesh network=
s [=20
]   Michael Richardson, Sandelman Software Works        | network architect=
  [=20
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails  =
  [=20
=09

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJaAMjUAAoJEJVM4Vb9/EKQSVMH/0WQtE6f0y/4nE2Uu4BdUgml
x0y+A1I/oRIPbI0e+P9JRCs8/PU7cdWoFhJ1zDLzxIk5HBGZN7sV46SfMfkc5zzJ
JPB6OkS0Ksf0iIm7vvO9PpadzaaUQUIEmRIjx/QDgWDnVaaYLyChXOtAO0XBYPc4
z6TbImX7yu9PAZtXxUBG1EAgA8tnrpuofwIc3BcJzqeECfuFpCFXEtJI/fBAEpzH
uEqQAtkZYNxCsbns/i/lX37rwxcWA2AU65P8pIe7f1Dr5RBQNHtmK9vYMUhlOPSX
PudX2A9Pn5j2IKMMAoeNRBMKtb8KjeE06tbFTZdx4bnh3WA7ELzgnr7jHYTU5T0=
=Py7l
-----END PGP SIGNATURE-----
--=-=-=--


From nobody Mon Nov  6 13:31:40 2017
Return-Path: <Brendan.Moran@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E4F5213FB5B for <suit@ietfa.amsl.com>; Mon,  6 Nov 2017 13:31:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Level: 
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Cw4ayOG26_HN for <suit@ietfa.amsl.com>; Mon,  6 Nov 2017 13:31:37 -0800 (PST)
Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-eopbgr00054.outbound.protection.outlook.com [40.107.0.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7CD8813FB39 for <suit@ietf.org>; Mon,  6 Nov 2017 13:31:36 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=WUmyA4ij5fAU4GuphZ2Gag4bh+ueg8K5Q5HEHB9r53c=; b=hG3HwH+IawVeLMBfk26wnzGlPcIqP61NP4NxbYE259v/8RBu5abPzHzco8UKUPqDDB+kvtiARJ43RmOZX4nZsY9Dy4ykL7L18UjX7meBKXlRp0zZKVvBjrPrnXtbq9G4R/xwXpqUn6Sd8PEv9DBS9nfHV2STBCfidCy4uPsbKpM=
Received: from DB5PR08MB0615.eurprd08.prod.outlook.com (10.169.32.149) by DB5PR08MB0614.eurprd08.prod.outlook.com (10.169.32.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.197.13; Mon, 6 Nov 2017 21:31:34 +0000
Received: from DB5PR08MB0615.eurprd08.prod.outlook.com ([fe80::b123:af71:1ed2:1057]) by DB5PR08MB0615.eurprd08.prod.outlook.com ([fe80::b123:af71:1ed2:1057%14]) with mapi id 15.20.0197.019; Mon, 6 Nov 2017 21:31:34 +0000
From: Brendan Moran <Brendan.Moran@arm.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
CC: "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] Manifest format encodings
Thread-Index: AQHTUYfYa0XpSehTu06UY2i08c5CLaL8hN0AgACcvICAAA3vgIABH9kAgAEOBwCAAJV/AIAH90SA
Date: Mon, 6 Nov 2017 21:31:34 +0000
Message-ID: <FF0A1E53-B45D-4F03-8B95-6FAA507EF8A3@arm.com>
References: <71CC2B06-F342-45F5-A0B2-EF822B2F2D54@arm.com> <CY4PR09MB14958A2CC978972951726C26F0590@CY4PR09MB1495.namprd09.prod.outlook.com> <17522.1509411065@obiwan.sandelman.ca> <d3b1f60b-f1d2-590c-93e4-46385c5b1654@sit.fraunhofer.de> <16556.1509475872@obiwan.sandelman.ca> <F259BEDC-A220-4FB7-A43D-5099D2B6BFA5@arm.com> <11838.1509565964@obiwan.sandelman.ca>
In-Reply-To: <11838.1509565964@obiwan.sandelman.ca>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-mailer: Apple Mail (2.3273)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Brendan.Moran@arm.com; 
x-originating-ip: [81.101.7.188]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DB5PR08MB0614; 6:0+0Bsv5FfWGqy+zqRAW1en4b0Di8UTtdJvLGHBZ23tuJkGbrZGkO583AAA/XcD7uj472uhHppQTqLLLuycqLhL24+/2nbtgjGKGVsIYnUB7A1jv7NVpvQV3zWDdjmZi6/VBjatdpzA4fAsWOLD36SNb9iN6eOztuY6UUJW2zPEWyA32BliGw2XUS4MVpnG3TyCaRVXDDTvnXBalQ7UBtASMsBSUurWsEQCTZtg6t4boRkbOsKTWLfIUpEVUWgtCm9jhsFatyLiKR+QX9n3YVuVbVQ/psM49PJMHxrTbP5mBdci98m28x/dSG/AfWb44zI+U9jlnOKM9iRL423tpIxK/daKnOcz6VNJHw6UKtZmU=; 5:DPfZo0bdLyIy0TE0OMbZuk99jzJnpIPKvIo8p154k3ijp/rLweZklwcB8h3fx2LDVg9ho/fU4I7J3WG+HE+5zWwqUrqwS3oPegVwAQe6pyTqe1nlvm3gED7+54kPRitzIOK2DWtRQG/jTj9W9ctXOmo9cWPQe0kFwuqq4YxHfTk=; 24:6ZAXNf0xwAEboee6LQTrxlHH8wvusTLvLOczPjhWd3M8xap4y7POq9zB2P+ZReNdfVizl1uLxrrxod/PDMeaNQSObNsF/PMc2HBdONrsiK4=; 7:xs2XFUy5RlXocc2MX9ghEci8kWcKsGdQgUE2hhD33ewFsxiStuEOppRpguANKfbNTNHb2ELvhAVw4BqRw7eW7510jEx88cQTyli+B+VofzfD294ialDFaKsBzxI6ID/HZgOCnoTPfLapzRRVBbFzz952fnCc064ZMvDM45KuaBO+GZ+8zgk+VC4MkIX1g2jvxhsSsgwhH27iff+RNwEKwJlD8uJvBXSduivNPEcUkRAhM6YotTeC/RcWfrrp26h7
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: e8bb9402-350e-4b4f-075c-08d5255dc0fa
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603199); SRVR:DB5PR08MB0614; 
x-ms-traffictypediagnostic: DB5PR08MB0614:
x-exchange-antispam-report-test: UriScan:;
x-microsoft-antispam-prvs: <DB5PR08MB0614584D24FF4FF0E360DC63EA500@DB5PR08MB0614.eurprd08.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(93006095)(93001095)(100000703101)(100105400095)(3231021)(10201501046)(3002001)(6055026)(6041248)(20161123562025)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123555025)(20161123560025)(20161123558100)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:DB5PR08MB0614; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:DB5PR08MB0614; 
x-forefront-prvs: 048396AFA0
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(39860400002)(346002)(376002)(40434004)(24454002)(189002)(199003)(6512007)(50226002)(57306001)(4326008)(33656002)(316002)(3280700002)(6506006)(66066001)(93886005)(25786009)(68736007)(6246003)(97736004)(105586002)(6486002)(99286004)(106356001)(53936002)(478600001)(3660700001)(101416001)(81166006)(72206003)(6436002)(50986999)(229853002)(76176999)(2950100002)(83716003)(2900100001)(82746002)(86362001)(189998001)(81156014)(53546010)(5250100002)(8676002)(14454004)(8936002)(6116002)(102836003)(3846002)(2906002)(36756003)(5890100001)(305945005)(7736002)(5660300001); DIR:OUT; SFP:1101; SCL:1; SRVR:DB5PR08MB0614; H:DB5PR08MB0615.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords;  MX:1; A:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <FCB6C863D969BE4EAD4116E8324704BA@eurprd08.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: e8bb9402-350e-4b4f-075c-08d5255dc0fa
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Nov 2017 21:31:34.1184 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB5PR08MB0614
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/leJMJMR9CazxYAibBZIQnNaXzcA>
Subject: Re: [Suit] Manifest format encodings
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Nov 2017 21:31:39 -0000

DQo+IE9uIDEgTm92IDIwMTcsIGF0IDE5OjUyLCBNaWNoYWVsIFJpY2hhcmRzb24gPG1jcitpZXRm
QHNhbmRlbG1hbi5jYT4gd3JvdGU6DQo+DQo+PiBNYW5pZmVzdHMgY291bGQgc3VwcG9ydCBjb25m
aWd1cmF0aW9uIGRhdGEgKGl04oCZcyBqdXN0IGFub3RoZXIgYmluYXJ5DQo+PiBibG9iLCByaWdo
dD8pIGFuZCB0aGlzIGNvbXBsaWNhdGVzIG1hdHRlcnMuDQo+DQo+IEl0IG1pZ2h0IG5vdCBiZSBh
IGJpbmFyeSBibG9nLCBpdCBtYXkgd2VsbCBiZSBzaWduZWQgSlNPTi4NCg0KU2lnbmVkIEpTT04g
aXMgcmVwcmVzZW50YWJsZSBpbiBiaW5hcnkuIEV2ZXJ5dGhpbmcgaXMgcmVwcmVzZW50YWJsZSBp
biBiaW5hcnkuIFRoYXQgaXMgdGhlIHBvaW50IG9mIG15IHN0YXRlbWVudC4gQXMgbG9uZyBhcyB0
aGUgcGF5bG9hZCBpcyBoYXNoYWJsZSwgaXQgZG9lc27igJl0IG1hdHRlciB3aGF0IHRoZSBlbmNv
ZGluZyBpcywgdGV4dCwgYmluYXJ5LCA3LWJpdCBBU0NJSSwgYmFzZS02NCBlbmNvZGVkIGJpbmFy
eS0taWYgeW91IGNhbiB1c2UgYSBtZXNzYWdlIGRpZ2VzdCBvbiBpdCwgdGhlIGNvbnRlbnQgaXMg
aXJyZWxldmFudCB0byB0aGUgbWV0YWRhdGEgZm9ybWF0Lg0KDQoNCj4gWW91IHNlZW0gdG8gYmUg
c3VnZ2VzdGluZyB0aGF0Og0KPiBhKSB0aGUgbWFuaWZlc3QgY29udGFpbnMgdGhlIGNvbmZpZ3Vy
YXRpb24gZGF0YS4NCj4gICBBbiBhbHRlcm5hdGl2ZSBpcyB0aGF0IHRoZSBjb25maWd1cmF0aW9u
IGRhdGEgaXMgYSBzZWNvbmQgYmxvYiB3aXRoIGENCj4gICBzZWNvbmQgbWFuaWZlc3QuDQo+DQo+
IGIpIHRoYXQgdG9vbGNoYWlucyBydW5uaW5nIG9uIG5vbi1jb25zdHJhaW5lZCBob3N0cyBhcmUg
ZXhwZW5zaXZlLg0KPiAgIEkgY2xhaW0gb3RoZXJ3aXNlLg0KDQpJ4oCZbSBzdWdnZXN0aW5nIHRo
YXQgaW5jbHVkaW5nIHRoZSBvcHRpb24gZm9yIG1hbnkgZW5jb2RpbmdzIHdpbGwgY3JlYXRlIGlu
dGVyb3BlcmFiaWxpdHkgY2hhbGxlbmdlcyB0aGF0IGRvIG5vdCBleGlzdCBmb3IgYSBzaW5nbGUg
ZW5jb2RpbmcuDQoNCj4NCj4+IENvbnRyYXN0IHRoaXMgd2l0aCBhIHNpbmdsZSBlbmNvZGluZywg
cmVnYXJkbGVzcyBvZiB3aGF0IHRoYXQgZW5jb2RpbmcNCj4+IGlzOiB0aGUgT3BlcmF0b3IgbmVl
ZHMgYSBzaW5nbGUsIHN0YW5kYXJkIHRvb2xjaGFpbiBmb3IgcHJvZHVjaW5nDQo+PiBtYW5pZmVz
dHMgZm9yIGFueSBtYW5hZ2VkIGRldmljZS4gVGhlIGRldmljZXMgY2FuIGFsd2F5cyBwYXJzZSB0
aGUNCj4+IG1hbmlmZXN0LCBhbmQgcHJvZHVjZSB1c2VmdWwgbWVzc2FnZXMgYWJvdXQgdGhlIGNv
bnRlbnQuDQo+DQo+IEkgZG9uJ3QgcmVhbGx5IHdhbnQgdG8gaGF2ZSBhbiBlbmNvZGluZyB3YXIu
DQoNCkkgZG9u4oCZdCB3YW50IGFuIGVuY29kaW5nIHdhciBlaXRoZXIsIGJ1dCBJIGFsc28gZG9u
4oCZdCB3YW50IHRvIGNyZWF0ZSBhIGxlZ2FjeSBvZiBpbnRlcm9wZXJhYmlsaXR5IGNoYWxsZW5n
ZXMuIFdoaWNoIGlzIHdvcnNlPw0KDQpJIGRvbuKAmXQgdGhpbmsgdGhpcyBpcyBhbGwgcGVyZmVj
dGx5IGNsZWFyOiBJIHRoaW5rIHRoZXJlIGFyZSBzb21lIHRyYWRlLW9mZnMgdG8gYmUgbWFkZS4N
Cg0KQmVzdCBSZWdhcmRzLA0KQnJlbmRhbg0KSU1QT1JUQU5UIE5PVElDRTogVGhlIGNvbnRlbnRz
IG9mIHRoaXMgZW1haWwgYW5kIGFueSBhdHRhY2htZW50cyBhcmUgY29uZmlkZW50aWFsIGFuZCBt
YXkgYWxzbyBiZSBwcml2aWxlZ2VkLiBJZiB5b3UgYXJlIG5vdCB0aGUgaW50ZW5kZWQgcmVjaXBp
ZW50LCBwbGVhc2Ugbm90aWZ5IHRoZSBzZW5kZXIgaW1tZWRpYXRlbHkgYW5kIGRvIG5vdCBkaXNj
bG9zZSB0aGUgY29udGVudHMgdG8gYW55IG90aGVyIHBlcnNvbiwgdXNlIGl0IGZvciBhbnkgcHVy
cG9zZSwgb3Igc3RvcmUgb3IgY29weSB0aGUgaW5mb3JtYXRpb24gaW4gYW55IG1lZGl1bS4gVGhh
bmsgeW91Lg0K


From nobody Mon Nov  6 14:31:24 2017
Return-Path: <Brendan.Moran@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C62E13FBDE for <suit@ietfa.amsl.com>; Mon,  6 Nov 2017 14:31:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.701
X-Spam-Level: 
X-Spam-Status: No, score=-4.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kJSHKqbeBolN for <suit@ietfa.amsl.com>; Mon,  6 Nov 2017 14:31:20 -0800 (PST)
Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-eopbgr00083.outbound.protection.outlook.com [40.107.0.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BBB9813FBD3 for <suit@ietf.org>; Mon,  6 Nov 2017 14:31:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=kz9NHQX2Eqat9wYRLthILeDNKK74mADw5YMRYjliSzo=; b=bGgJzadQKeMgYUKkzbb8fRPehIgFkhpGHnBko6jBuKwDDDE7c3xuIseUYNwwnXHZ/46HHDtPLduOvoZzVF14ikz2lpc/8em9BeayDUeLt6FBk1mgMJQE14vQVL7BYxFLu31mN/3oQ3duGjEuQQPlNALyk6UDdDSmqsLtSb06VcA=
Received: from DB5PR08MB0615.eurprd08.prod.outlook.com (10.169.32.149) by DB5PR08MB0613.eurprd08.prod.outlook.com (10.169.32.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.197.13; Mon, 6 Nov 2017 22:31:16 +0000
Received: from DB5PR08MB0615.eurprd08.prod.outlook.com ([fe80::b123:af71:1ed2:1057]) by DB5PR08MB0615.eurprd08.prod.outlook.com ([fe80::b123:af71:1ed2:1057%14]) with mapi id 15.20.0197.019; Mon, 6 Nov 2017 22:31:16 +0000
From: Brendan Moran <Brendan.Moran@arm.com>
To: Martin Thomson <martin.thomson@gmail.com>
CC: "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] draft-moran manifest thoughts
Thread-Index: AQHTVtpwo726ezaZCUe7o0REat1QtaMH8DSA
Date: Mon, 6 Nov 2017 22:31:16 +0000
Message-ID: <A5FA7785-91E9-4D4B-ABC3-82E7B0521661@arm.com>
References: <CABkgnnVe_LNGEfi8-b2Z9T_gCaM1uTVtNTpuzibxoz0tY=G-AA@mail.gmail.com>
In-Reply-To: <CABkgnnVe_LNGEfi8-b2Z9T_gCaM1uTVtNTpuzibxoz0tY=G-AA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-mailer: Apple Mail (2.3273)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Brendan.Moran@arm.com; 
x-originating-ip: [81.101.7.188]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DB5PR08MB0613; 6:sqU+NRRtPu1abRMcl768FWvHrWJHn3k4POMY0GRf+hPJkLSJiHjObleLnyBiBvWBbjjnrisgUuPsvp+4FK6r5hTdLItd8OQt23h/B6uZ+UDZDf2NRvDIpXeEwA8/+rGrlsKW4qrIIvjddcptomGorXsZKVI7i8tYuxAwrmvyk0KSuD3yY8DSrC5ihpSbucq6XlGIAJHkmiL2mbNBW4H8+eZr3C4lbT5aeomaeahYDO/2TpTtz6Lq6xK5Ou5TuZbdWmyZXsu/G5GUQRE6YLGgkXri9wMFjIQtDQi7UuS2QcscrNvK4IUo/MalFv9BRgpvBJljeD80Mhf+zLbiyzqOzLZkmvI/rLkx0Lzsz+18D58=; 5:GR+Tg8y0jSvCsek3ijlRsjb83f1mssGtH2OqBmhmJJXkoeSKVJbYMW5RTGiuUEpXkdmMqb4YlLZ/wGO5CwhXlHaJJhut7CSlGcexU3Ze7RP5SyQFVOWInFj8JJFMsvrwFMCJez1I0Tnz1iBTR/qjDoGDEYiEp7WC349QwS6rh24=; 24:ZcOTcQ22LrBzpLgvdm5Wkg/gKrRUX+nDfp+oh17NuzqqlyUR7za/SRmiVsFK5ILkGTPccScOCOFM47X/awK0E6SacVGHvlzl5AQ415zqKV0=; 7:y++E9iX6t/BPhXX6mAIPYR6CoYGFUdxK3VNTGhHO/ST8l03hiyCs28WGxN/YhXveSCvm592X76AICXtR5ffcsPS5wwVG8I0eJIEvWvJfP/crk498pBj/J4HyLc+xChKd6UxMks6iyo2khRijkEDkZ67kG6oSMav3k2QwSO4GFw8SkocG5pvNkcmsj6BBWIUoutU+UpGxsxb5r7qy3CmL2l+1QM5CPIinT5R9whcIQaqEXymlze4vP8TvMub73iXR
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 1735eb92-3e31-43b9-9f11-08d525661828
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(2017052603199); SRVR:DB5PR08MB0613; 
x-ms-traffictypediagnostic: DB5PR08MB0613:
x-exchange-antispam-report-test: UriScan:;
x-microsoft-antispam-prvs: <DB5PR08MB0613F928F1F579B0D4BF66ABEA500@DB5PR08MB0613.eurprd08.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(3002001)(10201501046)(3231021)(93006095)(93001095)(100000703101)(100105400095)(6055026)(6041248)(20161123555025)(20161123558100)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(20161123564025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:DB5PR08MB0613; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:DB5PR08MB0613; 
x-forefront-prvs: 048396AFA0
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(346002)(39860400002)(376002)(199003)(40434004)(51444003)(24454002)(189002)(305945005)(189998001)(2906002)(36756003)(2900100001)(81156014)(229853002)(7736002)(105586002)(106356001)(6512007)(6436002)(50986999)(76176999)(101416001)(81166006)(6246003)(8676002)(8936002)(316002)(82746002)(6916009)(2950100002)(6506006)(97736004)(6486002)(99286004)(68736007)(4326008)(25786009)(53936002)(39060400002)(478600001)(53546010)(5660300001)(3280700002)(3846002)(102836003)(83716003)(14454004)(6116002)(72206003)(3660700001)(50226002)(5890100001)(86362001)(57306001)(66066001)(5250100002)(33656002); DIR:OUT; SFP:1101; SCL:1; SRVR:DB5PR08MB0613; H:DB5PR08MB0615.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords;  A:1; MX:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <E678E84AAAD3604D90C1B0B6AD033C73@eurprd08.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 1735eb92-3e31-43b9-9f11-08d525661828
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Nov 2017 22:31:16.4062 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB5PR08MB0613
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/m9GQwVARCCJKszwm24cmP14KxEM>
Subject: Re: [Suit] draft-moran manifest thoughts
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Nov 2017 22:31:22 -0000

SGkgTWFydGluLA0KDQoNCj4gT24gNiBOb3YgMjAxNywgYXQgMDg6MzcsIE1hcnRpbiBUaG9tc29u
IDxtYXJ0aW4udGhvbXNvbkBnbWFpbC5jb20+IHdyb3RlOg0KPg0KPiBPbiB0aGUgZGVzaWduIGlu
IGRyYWZ0LW1vcmFuLXN1aXQtbWFuaWZlc3QsIGl0IHNlZW1zIGxpa2UgdGhlcmUgYXJlIGENCj4g
YnVuY2ggb2YgdGhpbmdzIHRoYXQgY291bGQgYmUgY3V0IGRvd24uICBJIHRoaW5rIHRoYXQgZXhw
YW5kaW5nIG9uDQo+IENhcnN0ZW4ncyBzZXQgb2YgdXNlIGNhc2VzIFsxXSBtaWdodCBiZSBhIGJl
dHRlciB3YXkgdG8gZHJpdmUgdGhlDQo+IGFkZGl0aW9uIG9mIGZpZWxkcy4NCj4NCj4+IEZyb20g
bXkgcGVyc3BlY3RpdmUsIHRoZXJlIGlzIGp1c3Qgb25lIHF1ZXN0aW9uOiBzaG91bGQgdGhpcyB1
cGRhdGUgYmUNCj4gYXBwbGllZCB0byB0aGlzIGRldmljZT8gIFRoZSBtaW5pbWFsIGV4YW1wbGUg
ZG9lcyB3b3JrLCBidXQgaXQNCj4gcmVxdWlyZXMgYSBwZXItZGV2aWNlIHNpZ25hdHVyZSBhbmQg
dGhhdCBpc24ndCBhd2Vzb21lLCBzbyB3ZSBjcmVhdGUNCj4gcG9saWNpZXMgdGhhdCBjYW4gYmUg
bW9yZSBicm9hZGx5IGFwcGxpZWQgdG8gYXR0cmlidXRlcyAob3IgY2xhaW1zKS4NCg0KVGhpcyBp
cyBhIGdyZWF0IHBsYWNlIHRvIHN0YXJ0LiBCdXQgSSBkb27igJl0IHRoaW5rIHRoYXQg4oCcc2hv
dWxkIHRoaXMgdXBkYXRlIGJlIGFwcGxpZWTigJ0gaXMgY29tcGxldGUuIFRoZXJlIGFsc28gbmVl
ZHMgdG8gYmUg4oCcT2theSwgaXQgc2hvdWxkIGJlIGFwcGxpZWQsIG5vdyB3aGF0IGRvIEkgZG8g
d2l0aCBpdC7igJ0NCg0KSGVyZSBpcyB0aGUgbGlzdCBvZiBxdWVzdGlvbnMgSSBoYXZlIGNvbGxl
Y3RlZCB0aGF0IGRldmljZXMgbmVlZCB0byBhbnN3ZXI6DQoNCiogRG9lcyB0aGUgZGV2aWNlIHRy
dXN0IHRoZSBhdXRob3Igb2YgdGhlIHVwZGF0ZT8NCiogSGFzIHRoZSB1cGRhdGUgYmVlbiBjb3Jy
dXB0ZWQ/DQoqIElzIHRoZSB1cGRhdGUgYXV0aGVudGljPw0KKiBEb2VzIHRoZSB1cGRhdGUgYXBw
bHkgdG8gdGhpcyBkZXZpY2U/DQoqIElzIHRoZSB1cGRhdGUgb2xkZXIgdGhhbiBhIHByZXZpb3Vz
IHVwZGF0ZT8NCiogV2hhdCBraW5kIG9mIHVwZGF0ZSBpcyBpdD8NCiogV2hlbiBzaG91bGQgdGhl
IGRldmljZSBhcHBseSB0aGUgdXBkYXRlPw0KKiBIb3cgc2hvdWxkIHRoZSBkZXZpY2UgYXBwbHkg
dGhlIHVwZGF0ZT8NCiogV2hlcmUgc2hvdWxkIGl0IG9idGFpbiB0aGUgdXBkYXRlIGZyb20/DQoq
IFdoZXJlIHNob3VsZCBpdCBzdG9yZSB0aGUgdXBkYXRlPw0KDQpUaGVyZSBhcmUgY2VydGFpbiB0
byBiZSBtb3JlIHF1ZXN0aW9ucyB0byBhbnN3ZXIuDQoNCj4gVGhlIDQxMjIgaWRlbnRpZmllcnMg
c2VlbSBvdmVybHkgcHJlc2NyaXB0aXZlOyBJIGNhbid0IHNlZSB3aHkgYQ0KPiB2ZW5kb3Itc3Bl
Y2lmaWVkIHN0cmluZyBpcyBub3QgT0s6IG9uZSBmb3IgdGhlIHR5cGUgb2YgZGV2aWNlLCBhbmQg
b25lDQo+IGZvciB0aGUgc3BlY2lmaWMgZGV2aWNlLiAgUGFydCBvZiB0aGUgbW90aXZhdGlvbiBm
b3IgNDEyMi1zdHlsZQ0KPiBpZGVudGlmaWVycyBpcyB0byBhdm9pZCBjb2xsaXNpb25zLCBidXQg
SSBkb24ndCBzZWUgdGhhdCBhcyBuZWNlc3NhcnkNCj4gaGVyZSAtIGFueSBwYXJ0eSB0aGF0IGlz
IGF1dGhvcml6aW5nIGNoYW5nZXMgY2FuIG1hbmFnZSB0byBlbnN1cmUgdGhhdA0KPiB0aGUgaWRl
bnRpZmllcnMgdGhleSBzaWduIGRvbid0IGNvbGxpZGUuDQoNClRoaXMgaXMgcGFydGx5IGFib3V0
IGlkZW50aWZpZXIgY29sbGlzaW9uLiBZb3XigJlyZSBxdWl0ZSByaWdodCB0aGF0IHRoaXMgaXMg
bm90IGEgY29uY2VybmluZyBwcm9ibGVtIGluIHRoZSBzaW1wbGUgY2FzZS4gSWYgdGhlIGRldmlj
ZSB0cnVzdHMgdGhlIGF1dGhvciBvZiBhbiB1cGRhdGUsIHRoZW4gaXQgc2hvdWxkIGJlIGZpbmUu
IEJ1dCB0aGluZ3MgZ2V0IG1vcmUgY29tcGxpY2F0ZWQgdGhlIGRlZXBlciBhIHN1cHBseSBjaGFp
biBnZXRzLiBFdmVudHVhbGx5LCBpdOKAmXMgZW50aXJlbHkgcG9zc2libGUgdG8gaGF2ZSB0d28s
IGlkZW50aWNhbGx5IG5hbWVkIG1vZGVscyBvZiBJb1QgbGlnaHQgc3dpdGNoIHdpdGggaWRlbnRp
Y2FsIG1hbnVmYWN0dXJlciBuYW1lcyBvbiB0aGUgc2FtZSBuZXR3b3JrLiBJZiB0aGF0IGhhcHBl
bnMgYW5kIGFuIG9wZXJhdG9yIGhhcyB0aGUgcmlnaHRzIHRvIHByb3Zpc2lvbiBjb25maWd1cmF0
aW9uIG9uIGJvdGggb2YgdGhlbSwgdGhlcmUgY291bGQgYmUgc2VyaW91cyBpbnRlcm9wZXJhYmls
aXR5IGNvbnNlcXVlbmNlcyB0byB0aGlzIHNpdHVhdGlvbi4NCg0KTm93LCBJ4oCZbGwgYWRtaXQg
dGhhdCB0aGlzIHNvdW5kcyBhIGxpdHRsZSBmYXItZmV0Y2hlZC4gSSB0aGluayBpdOKAmXMganVz
dCBvbiB0aGUgZWRnZSBvZiBwbGF1c2liaWxpdHkuIFRoYXQgYmVpbmcgc2FpZCwgd2hhdCBkb2Vz
IGl0IGNvc3QgdG8gZ3VhcmFudGVlIGl0IGRvZXNu4oCZdCBoYXBwZW4/DQoNClRoZSB1c2Ugb2Yg
NDEyMiBpZGVudGlmaWVycyBpcyBhbHNvIHBhcnRpYWxseSBhYm91dCBlbnN1cmluZyB0aGF0IHRo
ZSByaWdodCBtZXNzYWdlIGlzIGNvbnZleWVkIGFib3V0IHdoYXQgdGhlIGZpZWxkcyBhcmUgZm9y
LiBUaGV5IGFyZSBmb3IgZGV2aWNlIG1hdGNoaW5nIG9ubHkuIENvbmZsYXRpbmcgdGhlIHB1cnBv
c2VzIG9mIHR3byBmaWVsZHMgdGVuZHMgdG8gZW5kIHBvb3JseS4gQSBmaWVsZCB3aGljaCBpcyBm
b3IgaW5mb3JtYXRpb25hbCBwdXJwb3NlcyBzaG91bGQgYmUgaHVtYW4gcmVhZGFibGUuIEEgZmll
bGQgd2hpY2ggaXMgZm9yIGlkZW50aWZpY2F0aW9uIHNob3VsZCBiZSBhbiBpZGVudGlmaWVyLg0K
DQo+IEknbSBhbHNvIGEgbGl0dGxlIGxlZXJ5IGFib3V0IHRoZSBqdXN0aWZpY2F0aW9uIGZvciBz
b21lIG9mIHRoZQ0KPiBtZXRhLWluZm9ybWF0aW9uLCBsaWtlIHRpbWVzdGFtcCwgYWxsIG9mIHBh
eWxvYWQgaW5mbywgdGhlIG5vbmNlIChsZXQNCj4gdGhlIGNyeXB0byBkbyB0aGF0IGJpdCkuDQoN
ClRoZSB0aW1lc3RhbXAgaXMgbm90IHByb3Blcmx5IGp1c3RpZmllZCBpbiB0aGUgbWFuaWZlc3Qg
ZHJhZnQuIFRoZSB0aW1lc3RhbXAgaXMgaW4gcGxhY2UgZm9yIHJvbGxiYWNrIHByb3RlY3Rpb24u
IE9yaWdpbmFsbHksIHdlIGhhZCBpbnRlbmRlZCB0byBpbmNsdWRlIGEgbW9ub3RvbmljIGNvdW50
ZXIgZmllbGQgZm9yIHJvbGxiYWNrIHByb3RlY3Rpb24sIGhvd2V2ZXIgdGhpcyBjcmVhdGVzIHVz
YWJpbGl0eSBwcm9ibGVtcyB3aGVuIG11bHRpcGxlIGFjdG9ycyBtYXkgbmVlZCB0byB0cmFuc21p
dCB1cGRhdGVzLiBUbyBlbnN1cmUgdGhhdCBhbGwgYXV0aG9yaXNlZCBhY3RvcnMgd291bGQgYmUg
YWJsZSB0byB0cmFuc21pdCB1cGRhdGVzIHdpdGhvdXQgbmVlZGluZyB0byBmaXJzdCBkZXRlcm1p
bmUgdGhlIHZhbHVlIG9mIHRoZSBtb25vdG9uaWMgcm9sbGJhY2sgY291bnRlciwgd2UgZGVjaWRl
ZCB0byB1c2UgYW4gaW50ZWdlciBVVEMgZXBvY2ggdGltZXN0YW1wLiBUaGlzIGVuc3VyZXMgYSBt
b25vdG9uaWNhbGx5IGluY3JlYXNpbmcgYW50aS1yb2xsYmFjayBjb3VudGVyLCB0aGF0IGp1c3Qg
aGFwcGVucyB0byBiZSBnbG9iYWxseSBzeW5jaHJvbmlzZWQuDQoNClRoZSBwYXlsb2FkIGluZm8g
aXMgaW4gcGxhY2UgdG8gYW5zd2VyIHRoZXNlIHF1ZXN0aW9uczoNCiogV2hhdCBraW5kIG9mIHVw
ZGF0ZSBpcyBpdD8NCiogV2hlcmUgc2hvdWxkIHRoZSBkZXZpY2Ugb2J0YWluIHRoZSB1cGRhdGUg
ZnJvbT8NCiogV2hlcmUgc2hvdWxkIHRoZSBkZXZpY2Ugc3RvcmUgdGhlIHVwZGF0ZT8NCiogSG93
IGJpZyBpcyB0aGUgdXBkYXRlPw0KKiBIYXMgdGhlIHVwZGF0ZSBiZWVuIGNvcnJ1cHRlZD8NCg0K
VGhlIGFkZGl0aW9uYWwgZGlnZXN0cyBhcmUgcHJvdmlkZWQgdG8gaGFuZGxlIHNvbWUgc3BlY2lh
bGlzZWQgc2NlbmFyaW9zLiBXZSBzYXcgYSBuZWVkIGZvciBrbm93aW5nIGJvdGggdGhlIGRpZ2Vz
dCBvZiB0aGUgcGxhaW50ZXh0IG9mIGFuIHVwZGF0ZSBhbmQgdGhlIGRpZ2VzdCBvZiB0aGUgaW5z
dGFsbGVkIHVwZGF0ZSwgZm9yIGV4YW1wbGUsIHdoZW4gdXNpbmcgYSBjb21wcmVzc2VkIHVwZGF0
ZS4gVGhpcyBhbGxvd3MgYSBzaW1wbGUgKGluZGlyZWN0KSBzaWduYXR1cmUgdmVyaWZpY2F0aW9u
IG9mIHRoZSB1cGRhdGUgaW4gZWFjaCBvZiBpdHMgc3RhdGVzLiBUaGlzIGNvdWxkIGFsc28gYmUg
cmVzb2x2ZWQgYnkgcmVxdWlyaW5nIHRoZSBwYXlsb2Fk4oCZcyBpbnRlcm5hbCBmb3JtYXQgdG8g
cHJvdmlkZSBmb3Igb3RoZXIgaGFzaGVzLCBidXQgdGhpcyBpcyBmYXIgbW9yZSBjb21wbGljYXRl
ZCB0byBpbXBsZW1lbnQsIGFuZCByZXF1aXJlcyBrZWVwaW5nIHRoZSBwYXlsb2FkIGFmdGVyIGlu
c3RhbGxhdGlvbiwgd2hpY2ggbWF5IG5vdCBiZSBkZXNpcmFibGUgaW4gdGhlIGNhc2Ugb2Ygc29t
ZSB1cGRhdGVzLCBzdWNoIGFzIGNvbXByZXNzZWQgdXBkYXRlcy4gWW91IG1heSBhbHNvIHdhbnQg
dG8gdXNlIGEgcHJlLWltYWdlIGhhc2ggdG8gc3BlY2lmeSB3aGF0IHZlcnNpb24gb2YgZmlybXdh
cmUgYSBkaWZmZXJlbnRpYWwvaW5jZW1lbnRhbCB1cGRhdGUgcmVxdWlyZXMuDQoNCknigJltIHN1
cmUgYW5vdGhlciBkYXRhIG9yZ2FuaXNhdGlvbiBjb3VsZCBhbnN3ZXIgdGhlc2UgcXVlc3Rpb25z
IGFzIHdlbGwsIGhvd2V2ZXIgZWFjaCBvZiB0aGUgZXhpc3RpbmcgZmllbGRzIGhhcyBhIGp1c3Rp
ZmljYXRpb24uDQoNClNvbWUgb2YgdGhlIGNyeXB0byBzY2hlbWVzIEkgaGF2ZSBleGFtaW5lZCB3
aGlsZSBkZXZlbG9waW5nIGZpcm13YXJlIHVwZGF0ZSBoYXZlIG1hZGUgbm8gcHJvdmlzaW9uIGZv
ciBhIG5vbmNlIGluIGEgc2lnbmVkIG1lc3NhZ2UuIENPU0UgYW5kIENNUyBib3RoIHN1cHBvcnQg
cHJvdGVjdGVkIGhlYWRlcnMsIHNvIGl0IG1heSBiZSB0aGF0IHRoZSBiZXN0IG9wdGlvbiBpcyB0
byBlbWJlZCB0aGUgbm9uY2UgaW4gYSBwcm90ZWN0ZWQgaGVhZGVyIGFuZCByZW1vdmUgaXQgZnJv
bSB0aGUgbWV0YWRhdGEuDQoNCj4gc3RvcmFnZUlkZW50aWZpZXIgc2VlbXMgZXNwZWNpYWxseSBw
cm9ibGVtYXRpYy4gIElmIHlvdSBoYXZlIGEgZGV2aWNlDQo+IHR5cGUgaWRlbnRpZmllciwgdGhl
biB0aGF0IHNob3VsZCBzdWZmaWNlIGZvciB0aG9zZSBjYXNlcyB3aGVyZSB0aGVyZQ0KPiBhcmUg
bXVsdGlwbGUgdXBkYXRlIHRhcmdldHMgb24gYSBkZXZpY2UuICBUaGF0IGlzLCB5b3UgY2FuIGlk
ZW50aWZ5IGJ5DQo+IGdlbmVyaWNhbGx5IGlkZW50aWZ5aW5nIHRoZSB0eXBlIG9mIHRoaW5nIHRo
YXQgdGhpcyB1cGRhdGUgYXBwbGllcyB0bzoNCj4gInZlbmRvciBmb28gYWxhcm0gY2xvY2sgY29u
ZmlndXJhdGlvbiIgcmF0aGVyIHRoYW4gInZlbmRvciBmb28gYWxhcm0NCj4gY2xvY2siIGFuZCBp
dCBhbGwgd29ya3MgbmVhdGx5LiAgUmlnaHQgbm93IHRoZSBzdG9yYWdlSWRlbnRpZmllciBpcw0K
PiBhbGwgdGllZCB1cCBpbiB0aGUgd2F5IHRoYXQgdGhlIHVwZGF0ZSBpcyBpZGVudGlmaWVkLg0K
DQpJIGZhaWwgdG8gc2VlIGhvdyB0aGlzIGlzIHN1YnN0YW50aWFsbHkgZGlmZmVyZW50IHRoYW4g
dHdvIGZpZWxkcy4gSWYgSSBhbSByZWFkaW5nIHRoaXMgY29ycmVjdGx5LCB0aGVuIHlvdSBhcmUg
c3VnZ2VzdGluZyB0aGF0IGl0IGlzIGJldHRlciB0byBzYXkNCg0KRmlybXdhcmU6IFt2ZW5kb3Ig
Zm9vIGFsYXJtIGNsb2NrXQ0KQ29uZmlnOiBbdmVuZG9yIGZvbyBhbGFybSBjbG9jayBjb25maWd1
cmF0aW9uXQ0KDQpJbnN0ZWFkIG9mOg0KRmlybXdhcmU6IFt2ZW5kb3IgZm9vIGFsYXJtIGNsb2Nr
XVtmaXJtd2FyZV0NCkNvbmZpZzogW3ZlbmRvciBmb28gYWxhcm0gY2xvY2tdW2NvbmZpZ3VyYXRp
b25dDQoNClRoaXMgbG9va3MgdG8gbWUgbGlrZSBpdCBpcyBjb25mbGF0aW5nIHR3byBkaWZmZXJl
bnQgY29uY2VwdHMuIFdoYXQgcHJvYmxlbSBhcmUgeW91IHRyeWluZyB0byBzb2x2ZT8NCg0KPiBU
aGUgZHJhZnQgaWRlbnRpZmllcyB0aW1lc3RhbXAgYXMgY3JpdGljYWwsIGJ1dCBkb2VzIG5vdCBt
b3RpdmF0ZSB0aGlzDQo+IGF0IGFsbCB3ZWxsIChhbmQgdGhlIG1pbmltYWwgZXhhbXBsZSBpbiBb
MV0gZG9lc24ndCBzdXBwb3J0IHRoYXQgdmlldw0KPiBlaXRoZXIpLg0KDQpJIGhvcGUgdGhhdCBJ
IGhhdmUgYW5zd2VyZWQgdGhhdCBxdWVzdGlvbiBhYm92ZS4NCg0KPiBJIHRoaW5rIHRoYXQgZGly
ZWN0aXZlcywgY29uZGl0aW9ucywgYW5kIGV4dGVuc2lvbnMgY291bGQgYmUgcGhyYXNlZA0KPiBt
b3JlIGdlbmVyaWNhbGx5IGFzIGF0dHJpYnV0ZXMgKG9yICJjbGFpbXMiIFsxXSkuICBJbiBwYXJ0
aWN1bGFyLCB0aGUNCj4gcmVhc29uIHRoYXQgZGlyZWN0aXZlcyBleGlzdCBzZWVtIHRvIGJlIGRy
aXZlbiBieSBhIGdvYWwgdGhhdCBvbmx5DQo+IHJlYWxseSBleGlzdHMgaW4gdGhlIGNvbnRleHQg
b2YgYSBwcm90b2NvbC4gIFRoYXQgaXMsIHlvdSBoYXZlIGENCj4gcHJvdG9jb2wgdGhhdCBwdXNo
ZXMgdXBkYXRlcyBvdXQgYWhlYWQgb2YgdGltZSBzbyB0aGF0IHRoZXkgY2FuIGJlDQo+IGFwcGxp
ZWQgb24gYSBzcGVjaWZpYyBzY2hlZHVsZSBsYXRlci4gIEhhdmluZyB0d28gYXhlcyBmb3IgZXh0
ZW5zaW9uDQo+IGFuZCB2YXJpYXRpb24gKGRpcmVjdGl2ZXMgYW5kIGNvbmRpdGlvbnMpIGlzIGV4
cGVuc2l2ZSwgZXNwZWNpYWxseSBpZg0KPiBvbmUgb3Igb3RoZXIgaXMgbW9yZSByYXJlbHkgYWRk
ZWQgdG8uICBVbnVzZWQgZXh0ZW5zaW9uIHBvaW50cyBiZWNvbWUNCj4gdW51c2FibGUuICBVbmxl
c3MgdGhlcmUgaXMgYSBzdHJvbmdlciByZWFzb24gZm9yIGhhdmluZyB0d28gdGhpbmdzLA0KPiBJ
J2QgYXJndWUgZm9yIGhhdmluZyBvbmUuICBBbiBleHRlbnNpYmxlICJhdHRyaWJ1dGVzIiBvciAi
Y2xhaW1zIg0KPiBzZXR1cCBpbnN0ZWFkIHdpdGggY29yZSBhdHRyaWJ1dGVzIGFuZCB0aGUgYWJp
bGl0eSB0byBleHRlbmQgaXMgYSBtb3JlDQo+IHJvYnVzdCBkZXNpZ24gb3ZlcmFsbC4NCg0KVGhl
cmUgaXMgYSBzdHJvbmcgcmVhc29uIGZvciBoYXZpbmcgY29uZGl0aW9ucyBhbmQgZGlyZWN0aXZl
cyBhcyBkaXN0aW5jdCBjb25jZXB0cy4NCiogQ29uZGl0aW9ucyBhcmUgdGVzdHMgdGhhdCBtdXN0
IGJlIHBlcmZvcm1lZCBwcmlvciB0byBhY2NlcHRpbmcgYW4gdXBkYXRlLg0KKiBEaXJlY3RpdmVz
IGFyZSBkaXJlY3Rpb25zIGZvciBob3cgdG8gdXNlIGFuIHVwZGF0ZS4NCg0KSWYgdGhlc2UgdHdv
IGNvbmNlcHRzIGFyZSBtaXhlZCB3aXRoaW4gdGhlIHNhbWUg4oCcY2xhaW1z4oCdIGxpc3QsIHRo
ZW4gdGhpcyBkaXN0aW5jdGlvbiBpcyBsb3N0IGFuZCBkZXZpY2VzIGJlY29tZSByZXNwb25zaWJs
ZSBmb3Igc29ydGluZyB0aGVzZSB0d28gZGlmZmVyZW50IGFzc2VydGlvbnMgaW50byB0aGUgc2Ft
ZSB0d28gYnVja2V0cyAoY29uZGl0aW9ucywgZGlyZWN0aXZlcykuDQoNCj4gT25lIHRoaW5nIHRo
YXQgaXMgbGlrZWx5IG1pc3NpbmcgaGVyZSBpcyB0aGUgYWJpbGl0eSB0byBpZGVudGlmeQ0KPiBt
aW5pbXVtIHZlcnNpb25zIGZvciByZWxhdGVkIHNvZnR3YXJlIGxvYWRzLiAgSWYgeW91IGhhdmUN
Cj4gY29uZmlndXJhdGlvbiB0aGF0IHJlbGllcyBvbiBzb2Z0d2FyZSBvZiBhIHNwZWNpZmljIHZl
cnNpb24sIHlvdSB3YW50DQo+IHRvIGJlIGFibGUgdG8gZXhwcmVzcyB0aGF0IGRlcGVuZGVuY3kg
KHNvIHRoYXQgdGhlIGNvbmZpZ3VyYXRpb24NCj4gZG9lc24ndCBnZXQgYXBwbGllZCB0byBhbiBl
YXJsaWVyIHZlcnNpb24sIGZvciBleGFtcGxlKS4gIFRoaXMgYXBwZWFycw0KPiB0byByZWx5IG9u
IGRlcGVuZGVuY2llcyByaWdodCBub3csIGJ1dCBJIHRoaW5rIHRoYXQgeW91IHdhbnQgc29tZXRo
aW5nDQo+IHRoYXQgdXNlcyB0aGUgc2FtZSBpZGVudGlmaWVycyBjb25zaXN0ZW50bHksIHRoYXQg
aXMgdGhlIHR5cGUgb2YgdGhpbmcNCj4gdGhhdCBpcyB0aGUgdGFyZ2V0IG9mIGFuIHVwZGF0ZS4N
Cg0KRGVwZW5kZW5jaWVzIGNlcnRhaW5seSBhcmUgdGhlIGludGVuZGVkIG1lY2hhbmlzbSBhcyBp
dCBzdGFuZHMuIEkgaGF2ZSBzZWVuIHZlcnNpb24tYmFzZWQgZGVwZW5kZW5jeSBtYXRjaGluZyBn
byBxdWl0ZSBiYWRseSBpbiBzb21lIHNpdHVhdGlvbnMsIHNvIEnigJltIGxlZXJ5IHRvIHNwZWNp
ZnkgaW4gc29tZXRoaW5nIGVxdWl2YWxlbnQgdG8gc2VtYW50aWMgdmVyc2lvbmluZyBvZiBkZXBl
bmRlbmNpZXMsIGZvciBleGFtcGxlLiBVc2luZyBoYXNoZXMgZm9yIHZlcnNpb25zIHByb3ZpZGVz
IGEgdmVyeSBzdHJvbmcgYXNzZXJ0aW9uIGFib3V0IHRoZSBzdWl0YWJpbGl0eSBvZiBhIHBhcnRp
Y3VsYXIgZGVwZW5kZW5jeSB2ZXJzaW9uLiBBbmQgaXMgbm90IHZ1bG5lcmFibGUgdG8gdGhlIHNh
bWUgcHJvYmxlbXMgd2l0aCBkZXBlbmRlbmN5IG1pc21hdGNoZXMuDQoNCkkgY2FuIHNlZSBhbiBh
cmd1bWVudCBmb3IgcGxhY2luZyBzdG9yYWdlIElEcyBpbiBkZXBlbmRlbmNpZXMsIHNpbmNlIHRo
YXQgc2hvcnRjdXRzIHRoZSByZXF1aXJlbWVudCB0byB3YWxrIGEgdHJlZSBvZiBtYW5pZmVzdHMs
IHdoaWNoIGlzIGEgbWFqb3IgcHJvYmxlbSBpbiB0aGUgc3RvcmFnZSBvZiBtYW5pZmVzdHMgb24g
Y29uc3RyYWluZWQgZGV2aWNlcy4NCg0KSWYgeW91IGhhdmUgaWRlYXMgYWJvdXQgaG93IHRvIGlt
cGxlbWVudCBzdHJvbmcgdmVyc2lvbiByZXF1aXJlbWVudHMsIEnigJlkIGxpa2UgdG8gaGVhciBt
b3JlIQ0KDQpCZXN0IFJlZ2FyZHMsDQpCcmVuZGFuIE1vcmFuDQoNCklNUE9SVEFOVCBOT1RJQ0U6
IFRoZSBjb250ZW50cyBvZiB0aGlzIGVtYWlsIGFuZCBhbnkgYXR0YWNobWVudHMgYXJlIGNvbmZp
ZGVudGlhbCBhbmQgbWF5IGFsc28gYmUgcHJpdmlsZWdlZC4gSWYgeW91IGFyZSBub3QgdGhlIGlu
dGVuZGVkIHJlY2lwaWVudCwgcGxlYXNlIG5vdGlmeSB0aGUgc2VuZGVyIGltbWVkaWF0ZWx5IGFu
ZCBkbyBub3QgZGlzY2xvc2UgdGhlIGNvbnRlbnRzIHRvIGFueSBvdGhlciBwZXJzb24sIHVzZSBp
dCBmb3IgYW55IHB1cnBvc2UsIG9yIHN0b3JlIG9yIGNvcHkgdGhlIGluZm9ybWF0aW9uIGluIGFu
eSBtZWRpdW0uIFRoYW5rIHlvdS4NCg==


From nobody Mon Nov  6 14:50:58 2017
Return-Path: <henk.birkholz@sit.fraunhofer.de>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C90B513FB70; Mon,  6 Nov 2017 14:50:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.083
X-Spam-Level: 
X-Spam-Status: No, score=-6.083 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, HTML_TAG_BALANCE_HEAD=0.817, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ojyfnee_QC-5; Mon,  6 Nov 2017 14:50:52 -0800 (PST)
Received: from iron02.fraunhofer.de (iron02.fraunhofer.de [153.96.1.56]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DC33D13FAC5; Mon,  6 Nov 2017 14:50:50 -0800 (PST)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A2HUAgAh299Z/xoHYZleGwEBAQMBAQEJAQEBgwZXZG4nB4NzmVGBdpBwh1EKH4FigzoChD9XAQIBAQEBAQIDaCiEBywtPgEFI08XCQIEARMqAgJXBgESih0FAY4FnWeCJ4s8AQEBAQEBAQMBAQEBAQEBAQEBAR2DLYIHgVGCFYJ/hGUBAR6DEy+CMgWKHJcogQiBJpRQgXSEAINVBYcukgKDPAIEBgUCGQGBOViBDlMmbwGHC3WJIoEkAYEQAQEB
X-IPAS-Result: A2HUAgAh299Z/xoHYZleGwEBAQMBAQEJAQEBgwZXZG4nB4NzmVGBdpBwh1EKH4FigzoChD9XAQIBAQEBAQIDaCiEBywtPgEFI08XCQIEARMqAgJXBgESih0FAY4FnWeCJ4s8AQEBAQEBAQMBAQEBAQEBAQEBAR2DLYIHgVGCFYJ/hGUBAR6DEy+CMgWKHJcogQiBJpRQgXSEAINVBYcukgKDPAIEBgUCGQGBOViBDlMmbwGHC3WJIoEkAYEQAQEB
X-IronPort-AV: E=Sophos; i="5.43,368,1503352800"; d="scan'208,217"; a="81710361"
Received: from mail-mtas26.fraunhofer.de ([153.97.7.26]) by iron02.fraunhofer.de with ESMTP/TLS/DHE-RSA-AES256-SHA; 06 Nov 2017 23:50:47 +0100
X-IronPort-AV: E=Sophos;i="5.44,354,1505772000"; d="scan'208,217";a="955206"
Received: from mailext.sit.fraunhofer.de ([141.12.72.89]) by mail-mtaS26.fraunhofer.de with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 06 Nov 2017 23:50:46 +0100
Received: from mail.sit.fraunhofer.de (mail.sit.fraunhofer.de [141.12.84.171]) by mailext.sit.fraunhofer.de (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id vA6Moikn005341 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 6 Nov 2017 23:50:45 +0100
Received: from [10.142.7.89] (80.187.123.134) by mail.sit.fraunhofer.de (141.12.84.171) with Microsoft SMTP Server (TLS) id 14.3.361.1; Mon, 6 Nov 2017 23:50:39 +0100
Date: Mon, 6 Nov 2017 23:50:35 +0100
User-Agent: K-9 Mail for Android
In-Reply-To: <18637.1510000852@dooku.sandelman.ca>
References: <150972672329.16422.18367622832369820976.idtracker@ietfa.amsl.com> <3DBC689C-8369-47DB-9B81-ACA8C28B5926@tzi.org> <E78F3C89-6D82-4338-8485-4CB945C4B406@vpnc.org> <CY4PR09MB1495F5E545222C79A6090357F05D0@CY4PR09MB1495.namprd09.prod.outlook.com> <1A13A291-F0E9-4F03-96D7-0393C6F12F5B@vpnc.org> <18637.1510000852@dooku.sandelman.ca>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----DCZ5ISUPAWWWXPNOX0M4XIQUBZAIP0"
Content-Transfer-Encoding: 7bit
To: <suit@ietf.org>, Michael Richardson <mcr+ietf@sandelman.ca>, The IESG <iesg@ietf.org>
From: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
Message-ID: <31D7BECD-9B00-4D4F-AFE6-27FE38D8E742@sit.fraunhofer.de>
X-Originating-IP: [80.187.123.134]
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/lRMxWxSNboAXN5dlhSwWUNs8RIM>
Subject: Re: [Suit] WG Review: Software Updates for Internet of Things (suit)
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Nov 2017 22:50:57 -0000

------DCZ5ISUPAWWWXPNOX0M4XIQUBZAIP0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Hello,

my intend is not to annoy anyone, really, but I think I have to ask this o=
ne question: If the initial focus is not about format (+1) - in respect to =
rfc3444 - does this imply that the initial focus will be about a data model=
, including data types and the interconnected relationship of its contents?

Viele Gr=C3=BC=C3=9Fe,

Henk

On November 6, 2017 9:40:52 PM GMT+01:00, Michael Richardson <mcr+ietf@san=
delman=2Eca> wrote:
>
>Paul Hoffman <paul=2Ehoffman@vpnc=2Eorg> wrote:
>> The initial focus of this group will be development of the contents
>of a
>    > manifest=2E
>> Once there is general agreement on the contents, the group will pick
>one
>    > format
>> (and its associated cryptographic mechanisms) to encode the manifest=2E
>
>This seems good for me=2E
>
>--=20
>]               Never tell me the odds!                 | ipv6 mesh
>networks [=20
>]   Michael Richardson, Sandelman Software Works        | network
>architect  [=20
>]     mcr@sandelman=2Eca  http://www=2Esandelman=2Eca/        |   ruby on
>rails    [=20
>=09

--=20
Sent from my Android device with K-9 Mail=2E Please excuse my brevity=2E
------DCZ5ISUPAWWWXPNOX0M4XIQUBZAIP0
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

<html><head>
<meta http-Hello,<br>
<br>
my intend is not to annoy anyone, really, but I think I have to ask this o=
ne question: If the initial focus is not about format (+1) - in respect to =
rfc3444 - does this imply that the initial focus will be about a data model=
, including data types and the interconnected relationship of its contents?=
<br>
<br>
Viele Gr=C3=BC=C3=9Fe,<br>
<br>
Henk<br><br> that the initial focus is to create a data model, including d=
ata types?^<div class=3D"gmail_quote">On November 6, 2017 9:40:52 PM GMT&#4=
3;01:00, Michael Richardson &lt;mcr&#43;ietf@sandelman=2Eca&gt; wrote:<bloc=
kquote class=3D"gmail_quote" style=3D"margin: 0pt 0pt 0pt 0=2E8ex; border-l=
eft: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<pre class=3D"k9mail"><br>Paul Hoffman &lt;paul=2Ehoffman@vpnc=2Eorg&gt; w=
rote:<br><blockquote class=3D"gmail_quote" style=3D"margin: 0pt 0pt 1ex 0=
=2E8ex; border-left: 1px solid #729fcf; padding-left: 1ex;"> The initial fo=
cus of this group will be development of the contents of a<br> manifest=2E<=
br> Once there is general agreement on the contents, the group will pick on=
e<br> format<br> (and its associated cryptographic mechanisms) to encode th=
e manifest=2E<br></bloc<br>
-- <br>
Sent from my Android device with K-9 Mail=2E Please excuse my brevity=2Ekq=
uote><br>This seems good for me=2E<br></pre></blockquote></div></body></htm=
l>
------DCZ5ISUPAWWWXPNOX0M4XIQUBZAIP0--


From nobody Mon Nov  6 16:03:24 2017
Return-Path: <mcr@sandelman.ca>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC4D013FCA1; Mon,  6 Nov 2017 16:03:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.235
X-Spam-Level: 
X-Spam-Status: No, score=-1.235 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EBDBGbQa_4uO; Mon,  6 Nov 2017 16:03:21 -0800 (PST)
Received: from relay.sandelman.ca (honeydukes.sandelman.ca [IPv6:2a01:7e00::3d:b021]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2018E13F698; Mon,  6 Nov 2017 16:03:21 -0800 (PST)
Received: from dooku.sandelman.ca (unknown [199.119.235.201]) by relay.sandelman.ca (Postfix) with ESMTPS id 250461F8FB; Tue,  7 Nov 2017 00:03:18 +0000 (UTC)
Received: by dooku.sandelman.ca (Postfix, from userid 179) id 7DEA935A3; Mon,  6 Nov 2017 19:02:26 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
cc: suit@ietf.org, The IESG <iesg@ietf.org>
In-reply-to: <31D7BECD-9B00-4D4F-AFE6-27FE38D8E742@sit.fraunhofer.de>
References: <150972672329.16422.18367622832369820976.idtracker@ietfa.amsl.com> <3DBC689C-8369-47DB-9B81-ACA8C28B5926@tzi.org> <E78F3C89-6D82-4338-8485-4CB945C4B406@vpnc.org> <CY4PR09MB1495F5E545222C79A6090357F05D0@CY4PR09MB1495.namprd09.prod.outlook.com> <1A13A291-F0E9-4F03-96D7-0393C6F12F5B@vpnc.org> <18637.1510000852@dooku.sandelman.ca> <31D7BECD-9B00-4D4F-AFE6-27FE38D8E742@sit.fraunhofer.de>
Comments: In-reply-to Henk Birkholz <henk.birkholz@sit.fraunhofer.de> message dated "Mon, 06 Nov 2017 23:50:35 +0100."
X-Mailer: MH-E 8.6; nmh 1.6; GNU Emacs 24.5.1
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha1; protocol="application/pgp-signature"
Date: Mon, 06 Nov 2017 19:02:26 -0500
Message-ID: <24616.1510012946@dooku.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/xCSthL_Yb2kXRVgSz6u9sv0G3co>
Subject: Re: [Suit] WG Review: Software Updates for Internet of Things (suit)
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Nov 2017 00:03:23 -0000

--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable


Henk Birkholz <henk.birkholz@sit.fraunhofer.de> wrote:
    >    my intend is not to annoy anyone, really, but I think I have to ask
    > this one question: If the initial focus is not about format (+1) - in
    > respect to rfc3444 - does this imply that the initial focus will be
    > about a data model, including data types and the interconnected
    > relationship of its contents?=20=20
    > initial focus is to create a data model, including data types?^

If you mean, are we writing YANG (or some other meta-language), then then
answer could yes, but I interpret things to mean that it doesn't have to
be.  It could be just english.

Having said this, I have read draft-moran-suit-manifest-00 finally, and I
think that I could live with this specification.=20=20

=2D-=20
]               Never tell me the odds!                 | ipv6 mesh network=
s [=20
]   Michael Richardson, Sandelman Software Works        | network architect=
  [=20
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails  =
  [=20
=09

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJaAPgSAAoJEJVM4Vb9/EKQuKgH/13uH4SdQyr9wTaCEJtowSwj
XmsFHlNSzGhhaTqq7LQFwkX6YCicVUR3ccNE64ucB7g8n0+VQDUAZznqkC4LtTcf
2idb05DLFA+Sndj+Sv42yLRyPIWjOq+0sK1rPVEraD7fndeUjcCR/bSSedbpmX1V
dfmsZ9A/4N4rkp8/qeeotNWat0KIr2nr5jmpKldKJwJ//bDt3ChUhkd92wap74Eq
XpZJrMAKJMShBusBgm9F0vdADefUtgESXFenejpN+RYrLS80AkIGM6ye7RdVgmc2
0FcxRIswEf1jsXxt1LLXKxTIihwJotzVyU5dmwb4zoWPH8Q3SFViO+LsksjQg4o=
=ivPl
-----END PGP SIGNATURE-----
--=-=-=--


From nobody Mon Nov  6 20:03:38 2017
Return-Path: <martin.thomson@gmail.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 15DF313FADE for <suit@ietfa.amsl.com>; Mon,  6 Nov 2017 20:03:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level: 
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1AQ_jPCZtg_l for <suit@ietfa.amsl.com>; Mon,  6 Nov 2017 20:03:34 -0800 (PST)
Received: from mail-ot0-x22d.google.com (mail-ot0-x22d.google.com [IPv6:2607:f8b0:4003:c0f::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9FD3713FACD for <suit@ietf.org>; Mon,  6 Nov 2017 20:03:34 -0800 (PST)
Received: by mail-ot0-x22d.google.com with SMTP id k10so11007787otb.0 for <suit@ietf.org>; Mon, 06 Nov 2017 20:03:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;  h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=aMaILnSBexQcA/ePtg2i+5/cVUfSNTVj9jdUvuwwR70=; b=b0ocVhfDtgFaBNnMzozYoaD7masPUirwa65kcWEziVMMujApGRIXRE9Ae3UV2EZLiw iANfClFXCb7/fXilLfsWxUD1g6VNvlz1eF1AyOetDwpkdv0Ka7w0PyjJKS9HORJCrTQz qh9A/LFd37msq5/d6k/Az9dj1umDyiJkX71gh3gP0us6dfKlT14Hj/V530FH4R91wY4L IaM1i0R0IsyWo4kTF29FiiYhqmL4+kk7ItwSi7O22/+UneMeByUGgVdyJZO5zaPmfOU7 x1KZUdtNaGI+QskLZlQc50x2M4jY646XyvLItTr9mT5FtFrPvM86iON9rfKsdwq0gwB4 3Kmg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=aMaILnSBexQcA/ePtg2i+5/cVUfSNTVj9jdUvuwwR70=; b=kVphtrKYebJ5fNPvpb5ZV8GTGPTu6vUvGmGROspMHixVNh4H5S3pF8YtT+2ktWFm7F NgN9CnjuB5IStlOYrdCIgxWBPZ0K2qs2gh6Tp7LReE/DFjyAfDo7CEaIUDMOtIbwFRoj HSnZffnu+85DOWxpAJzcdfNczfZp9T/cDnc4lN7kDis8I57x90SwUQeLFlLLpLdeAXlj GH5OxIkAaWIU12h3Cgp68anvClosnsUts38jCdQwRDquvXdkX1KdL+7oCp3ULA7NKpZQ nlhT2fhRTzc8/WcHc+eDIGhfII4Dl5H+82RC/faHZXJtDO3k0ZRVevUeo/3x8VIjlqvQ 6iJQ==
X-Gm-Message-State: AJaThX5clggB/j4D6Nv/aMd1GW4UNG0yL8+e7g1jBnx1lYro12ZaW2yQ yNzXwFh69P0Qg/SjazJleZuRLejs7EezLSVzB6s=
X-Google-Smtp-Source: ABhQp+QZ6B9boZrQDPaVxHeHD7bsZEB0Iwh2sNr4MpGb97ywOmXnC+bpEDDmEnJ6mlq/Ukb/cFRO8q2agV0Yv5KXjc8=
X-Received: by 10.157.89.159 with SMTP id u31mr577550oth.401.1510027413753; Mon, 06 Nov 2017 20:03:33 -0800 (PST)
MIME-Version: 1.0
Received: by 10.157.15.155 with HTTP; Mon, 6 Nov 2017 20:03:33 -0800 (PST)
In-Reply-To: <A5FA7785-91E9-4D4B-ABC3-82E7B0521661@arm.com>
References: <CABkgnnVe_LNGEfi8-b2Z9T_gCaM1uTVtNTpuzibxoz0tY=G-AA@mail.gmail.com> <A5FA7785-91E9-4D4B-ABC3-82E7B0521661@arm.com>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Tue, 7 Nov 2017 15:03:33 +1100
Message-ID: <CABkgnnXNsDNo-z+j6BNPnn=4Qs5kG9sHjam5ZdwTu+jbBc1UTw@mail.gmail.com>
To: Brendan Moran <Brendan.Moran@arm.com>
Cc: "suit@ietf.org" <suit@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/Dvv7wirqBByBapPCb8i3KEtovKQ>
Subject: Re: [Suit] draft-moran manifest thoughts
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Nov 2017 04:03:37 -0000

On Tue, Nov 7, 2017 at 9:31 AM, Brendan Moran <Brendan.Moran@arm.com> wrote=
:
> Hi Martin,
>
> This is a great place to start. But I don=E2=80=99t think that =E2=80=9Cs=
hould this update be applied=E2=80=9D is complete. There also needs to be =
=E2=80=9COkay, it should be applied, now what do I do with it.=E2=80=9D
>
> Here is the list of questions I have collected that devices need to answe=
r:
>
> * Does the device trust the author of the update?
> * Has the update been corrupted?
> * Is the update authentic?
> * Does the update apply to this device?
> * Is the update older than a previous update?
> * What kind of update is it?
> * When should the device apply the update?
> * How should the device apply the update?
> * Where should it obtain the update from?
> * Where should it store the update?
>
> There are certain to be more questions to answer.

You miss my point.  Those are questions that might help you reach a
decision about whether to apply the update.  They might important
(though not all seem equally important in this context, see below),
but only to the extent that they aid in answering the primary
question.  They are only relevant to the extent that a decision
depends on them.  And that depends on the policy that the device is
applying.

Of the questions you have, I think that there might be several
policies that are implied.  Concentrating on the policies is more
likely to be productive.

1. Only apply updates that are authorized by the entity that I
understand to be an "owner" of this device.
2. Only apply updates that are identified as applying to this type of
device, as certified by the device manufacturer.
3. As 2, but identifying the component rather than the entire "thing".
4. Only apply updates that increase in version number, unless
additionally authorized by the "owner" of the device.
5. Only apply updates that increase the major version number if they
are explicitly authorized by the "owner" of the device.
6. Only apply updates if the version of all components the update
depends on matches those required by the update.

I don't understand why questions of storage can't be answered by the
device, using the information presented.  I mean, if the update is for
component X, then it should have a process for managing that update,
including how it applies it (i.e., storageIdentifer.type isn't needed)
and where it stores it.

>> The 4122 identifiers seem overly prescriptive; I can't see why a
>> vendor-specified string is not OK: one for the type of device, and one
>> for the specific device.  Part of the motivation for 4122-style
>> identifiers is to avoid collisions, but I don't see that as necessary
>> here - any party that is authorizing changes can manage to ensure that
>> the identifiers they sign don't collide.
>
> This is partly about identifier collision. You=E2=80=99re quite right tha=
t this is not a concerning problem in the simple case. If the device trusts=
 the author of an update, then it should be fine. But things get more compl=
icated the deeper a supply chain gets. Eventually, it=E2=80=99s entirely po=
ssible to have two, identically named models of IoT light switch with ident=
ical manufacturer names on the same network. If that happens and an operato=
r has the rights to provision configuration on both of them, there could be=
 serious interoperability consequences to this situation.
>
> Now, I=E2=80=99ll admit that this sounds a little far-fetched. I think it=
=E2=80=99s just on the edge of plausibility. That being said, what does it =
cost to guarantee it doesn=E2=80=99t happen?

OK, there are two different things: controller X in device A and
controller X in device B.  Isn't that how the manifest would identify
them?  "Vendor Foo, Device A, Controller X" ?

You are saying that you want to use the same identification all the
way through the supply chain.  And you want that because you have a
single manifest.  I think that's potentially problematic.  Taking
Carsten's example of signed claims, why could you not say two things:

Issuer: Controller X manufacturer
Audience: Controller X
Claim: This is a valid software update for controller X
Claim: This is version X.1.37

And separately:

Issuer: Device A Manufacturer
Audience: Device A
Claim: This is a valid software update for device A
Claim: This update requires that Controller Y have version Y.0.2

The device could then have a general policy that checked the second
set of claims.  If those checks pass, it applies the policy for the
controller, which only accepts updates for that controller.

The problem with a single flat manifest is that you have to have both
controller X manufacturer and device A manufacturer sign the same
manifest.  That doesn't suit a serialized supply chain.

> The timestamp is not properly justified in the manifest draft. The timest=
amp is in place for rollback protection. Originally, we had intended to inc=
lude a monotonic counter field for rollback protection, however this create=
s usability problems when multiple actors may need to transmit updates. To =
ensure that all authorised actors would be able to transmit updates without=
 needing to first determine the value of the monotonic rollback counter, we=
 decided to use an integer UTC epoch timestamp. This ensures a monotonicall=
y increasing anti-rollback counter, that just happens to be globally synchr=
onised.

That still doesn't justify making it mandatory.  It's a fine solution,
but you are recommending making everyone accept your design.  And
there are many devices that don't have clocks.

> The payload info is in place to answer these questions:
> * What kind of update is it?
> * Where should the device obtain the update from?
> * Where should the device store the update?
> * How big is the update?
> * Has the update been corrupted?

You need to better motivate why any of these questions need answers.

If the update needs to be authorized, and the update bits are signed,
then corruption is managed.  And the "kind of update" should be "the
kind of update that this device expects".  As for the rest of these,
you argue elsewhere that delivery of the bits is out of scope, but
these fields drag that delivery mechanism right back into scope.

> I=E2=80=99m sure another data organisation could answer these questions a=
s well, however each of the existing fields has a justification.

Great.  I look forward to reading it.

>> storageIdentifier seems especially problematic.  If you have a device
>> type identifier, then that should suffice for those cases where there
>> are multiple update targets on a device.  That is, you can identify by
>> generically identifying the type of thing that this update applies to:
>> "vendor foo alarm clock configuration" rather than "vendor foo alarm
>> clock" and it all works neatly.  Right now the storageIdentifier is
>> all tied up in the way that the update is identified.
>
> I fail to see how this is substantially different than two fields. If I a=
m reading this correctly, then you are suggesting that it is better to say
>
> Firmware: [vendor foo alarm clock]
> Config: [vendor foo alarm clock configuration]
>
> Instead of:
> Firmware: [vendor foo alarm clock][firmware]
> Config: [vendor foo alarm clock][configuration]
>
> This looks to me like it is conflating two different concepts. What probl=
em are you trying to solve?

Yes, I'm intentionally merging the two things.  The point being that
you have a single way to identify the *target* of the update.  We do
this with URIs all the time.  At the level at which we generally use a
URI, it's treated as an opaque string, and that goes double for paths.

The problem with splitting these down is that you risk making the cuts
at the wrong place.  You haven't really established that a split is
necessary for interoperability to have that split in the identifier,
and without that it is better to leave the structure of these
identifiers to those that manage those namespaces.

> There is a strong reason for having conditions and directives as distinct=
 concepts.
> * Conditions are tests that must be performed prior to accepting an updat=
e.
> * Directives are directions for how to use an update.

That's not a strong reason, that's an argument from taxonomy: you are
saying that because you can find a taxonomic difference, it is better
to put the fields into separate buckets.  But when it comes to
interoperable formats, the fewer extension points you have, the more
likely you are to find that those extensibility points work in 10
years time.  Generic claims might sound to you like a regression, but
we've experience that shows that fewer and better-used extension
points work more reliably.  Given that you have precisely one
directive, and the one directive could be trivially recast as a
condition (apply this update only when time >=3D X), that weakens the
case for more buckets.

> Dependencies certainly are the intended mechanism as it stands. I have se=
en version-based dependency matching go quite badly in some situations, so =
I=E2=80=99m leery to specify in something equivalent to semantic versioning=
 of dependencies, for example. Using hashes for versions provides a very st=
rong assertion about the suitability of a particular dependency version. An=
d is not vulnerable to the same problems with dependency mismatches.

You are explicitly ruling out the possibility of using versioning for
dependencies?  That seems unwise to me.  I agree that semantic version
can be a minefield, but I wouldn't go so far as to deny others the
possibility of using it.

Also, on the last subject... why isn't a dependency a condition?  You
could realistically create multiple types over time (a hash-based one,
and a version-based one later).

> I can see an argument for placing storage IDs in dependencies, since that=
 shortcuts the requirement to walk a tree of manifests, which is a major pr=
oblem in the storage of manifests on constrained devices.

Are you talking about software that queries a database of updates
searching for a compatible set of updates that it can apply?  For a
constrained device, I would have assumed that the device would more or
less be given marching orders rather than go out searching for an
upgrade path on its own.


From nobody Tue Nov  7 03:26:16 2017
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 269D313FDE3 for <suit@ietfa.amsl.com>; Tue,  7 Nov 2017 03:26:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.92
X-Spam-Level: 
X-Spam-Status: No, score=-1.92 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zlqkn0WbM5Yw for <suit@ietfa.amsl.com>; Tue,  7 Nov 2017 03:26:12 -0800 (PST)
Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-eopbgr50075.outbound.protection.outlook.com [40.107.5.75]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D089513FB28 for <suit@ietf.org>; Tue,  7 Nov 2017 03:26:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=IH3Rg+wzJKu0OOKqvMvA8d0mIIDWB0UnvQnXk3CEV2Q=; b=HN0JegQY0lC/eOQZ1BsRv7gkQ52c8/8/kQzHcQGJInNIpOLy/vEELgRQB5eH7HSV2O3kYAUnbumQGYeqxE9H82hKJ4JXo1KzL5Oof9B9RjyrOpD2smpMUN4NbXxRuPVoYGcoJHW7QSDIKoncEkkp/g4c6bMW7wLKbHj7uowUCqg=
Received: from VI1PR0801MB2717.eurprd08.prod.outlook.com (10.166.198.22) by VI1PR0801MB2719.eurprd08.prod.outlook.com (10.166.198.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.197.13; Tue, 7 Nov 2017 11:26:09 +0000
Received: from VI1PR0801MB2717.eurprd08.prod.outlook.com ([fe80::65d5:69ef:ba63:1cf9]) by VI1PR0801MB2717.eurprd08.prod.outlook.com ([fe80::65d5:69ef:ba63:1cf9%14]) with mapi id 15.20.0197.020; Tue, 7 Nov 2017 11:26:09 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>, "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] Thoughts on requirements and scope
Thread-Index: AQHTVsrbcaO6I4ob002QS4RFMwSvZ6MHDthQgABsvACAAUzFUA==
Date: Tue, 7 Nov 2017 11:26:09 +0000
Message-ID: <VI1PR0801MB27172A320AD4ECF98ACD0840FA510@VI1PR0801MB2717.eurprd08.prod.outlook.com>
References: <CABkgnnXEr7M7399MF3qkUrbdR_mjtnZxsgW_JyNYpa0NgRdbHA@mail.gmail.com> <AM4PR0801MB270672F8A7D64CD2C45C64FAFA500@AM4PR0801MB2706.eurprd08.prod.outlook.com> <1600.1509982404@dooku.sandelman.ca>
In-Reply-To: <1600.1509982404@dooku.sandelman.ca>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com; 
x-originating-ip: [80.92.118.86]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; VI1PR0801MB2719; 6:rcMv5Z0ebAc5ktjch1JXAy1iW4w2Sc/t1cB/V9O6Fh+LmUF16SgAkXaa8QTQTokeFKy9KOUrEOQ/wXRnaeq9xh4ib2GS8NlHSM+YxCaBV56zpCEvYcdnemWn6wE5uFeG0QxkKMKMX3/FGK5SNXpOxRxlWYjLdqcHAeNzoGikO9rmnQV2WeuaCEhWahMdN8MKkBif5veKQ1iG4i6vxL/k2bq6D9I5e0vb2YCp7qerbIgdpQceqNeCU1EIpVeXwEQwELM1e75D8OnIeje33On/J+/SGR5czDFvwGZza6e5MYF95eu4lCN7DNTqlTsT7sHRny6GC3bpd5UbecUsZnFPlMDhdJjng5wBOcuItAeCoFY=; 5:iTYaC+9iwOh2PQDeYHrkYjNRvVloQqCegGlpi7kUobZLRSzT1ibOI8zZQXYp6z4IyDn5mXWNz5pj+DoTiJGscS/hikz+qRMI6LhVeOJajxuXB6tCzMoRxbeiXnJ7ScRHxPsCPwP/mhYYZc4VfiEoj52qvRkbBINb1IoLGDAn+GM=; 24:Ksg1wPc5SZ2tn3dNZXs4Z+4itzC4RHtYaf4Fwcrc9bZB4nZvqgog3pBxhfKt25Nst45uvybI1wb/rDibCwmbW/6zofkZjHXi0hr5ib+XiG8=; 7:EfCk2JXFOSJw4L8SyQ9iVj5IO84yOf6HL1mXF+Ky4To+druJFevjL/N+Dit4+xAfm7BYlP4HQzjIBqBIadEd/k/macuk+4oPD2ybNKkvhsIk3xQ6cF1WUr9yJkh6nUqCpJ42vkkAjvZXomNZjGjqxsPPAnJZxqd2itB7v+SFN7LkZhlhcvrKielOS4f9k0mYidCisc+LlJMCqJMvcL1P2dikaodsWcGcKLJXfddCS55x3D2JEzjziJ3oORiAr0Pa
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 8ff3dab6-b8d3-4b6d-b7bd-08d525d257f0
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(2017052603199); SRVR:VI1PR0801MB2719; 
x-ms-traffictypediagnostic: VI1PR0801MB2719:
x-exchange-antispam-report-test: UriScan:(180628864354917);
x-microsoft-antispam-prvs: <VI1PR0801MB27190E5BB276F3A43CDB63BCFA510@VI1PR0801MB2719.eurprd08.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(100000703101)(100105400095)(10201501046)(3231021)(3002001)(93006095)(93001095)(6055026)(6041248)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(20161123555025)(20161123558100)(20161123564025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:VI1PR0801MB2719; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:VI1PR0801MB2719; 
x-forefront-prvs: 0484063412
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(39860400002)(376002)(346002)(199003)(189002)(13464003)(24454002)(40434004)(51444003)(7736002)(316002)(8676002)(14454004)(105586002)(99286004)(106356001)(25786009)(76176999)(6246003)(54356999)(50986999)(81156014)(81166006)(8936002)(229853002)(6436002)(3280700002)(66066001)(3846002)(9686003)(2900100001)(33656002)(189998001)(86362001)(72206003)(53936002)(305945005)(101416001)(97736004)(53546010)(74316002)(5660300001)(110136005)(6506006)(68736007)(6116002)(102836003)(5890100001)(3660700001)(55016002)(2906002)(478600001)(2950100002)(5250100002)(2501003)(7696004); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR0801MB2719; H:VI1PR0801MB2717.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 8ff3dab6-b8d3-4b6d-b7bd-08d525d257f0
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Nov 2017 11:26:09.0296 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0801MB2719
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/XaTA5XWNEj5FfNSejegWCmoptW4>
Subject: Re: [Suit] Thoughts on requirements and scope
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Nov 2017 11:26:14 -0000

Hi Michael,

> So my suggestion is that we should be focused on containers that support =
encryption, even if we choose not to provide a standard way to distribute t=
he decryption key(s).

I completely agree with you. We should focus on the requirements rather tha=
n what is easy to do.

Funny enough, it turns out that we have already a standardized way to distr=
ibute keys.

Ciao
Hannes

-----Original Message-----
From: Suit [mailto:suit-bounces@ietf.org] On Behalf Of Michael Richardson
Sent: 06 November 2017 16:33
To: suit@ietf.org
Subject: Re: [Suit] Thoughts on requirements and scope


Hannes Tschofenig <Hannes.Tschofenig@arm.com> wrote:
    > [Hannes] I am somewhat surprised to hear that there are people in the
    > industry that do not believe that encrypting firmware isn't a
    > requirement frequently raised. Note that this is not a requirement we
    > at ARM came up with. It is a requirement coming from the industry
    > partners. course, we can make everything proprietary as we do today. =
If
    > some people don't want to use encrypted firmware images then they do
    > not need to use that part of the spec.

I believe that we are all in agreement that integrity checks for the firmwa=
re image is mandatory.  There are different ways that we can accomplish thi=
s, but if we go the way of using an already specified container format that=
 supports signatures, it's usually the case that one can have encryption as=
 well.

Container formats would include: CMS, JOSE, COSE.

Signatures are sort of easy as the creator of the firmware signs it, and th=
e devices validate it with a (public) key.

The challenge with encryption is that one has to figure out how the decrypt=
ion key is distributed.  Of course, it could be baked in symmetric key, but=
 many would suggest that is as good as no key at all.

I think that this difficulty is where the conflict comes from.

So my suggestion is that we should be focused on containers that support en=
cryption, even if we choose not to provide a standard way to distribute the=
 decryption key(s).


--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works  -=3D =
IPv6 IoT consulting =3D-



IMPORTANT NOTICE: The contents of this email and any attachments are confid=
ential and may also be privileged. If you are not the intended recipient, p=
lease notify the sender immediately and do not disclose the contents to any=
 other person, use it for any purpose, or store or copy the information in =
any medium. Thank you.


From nobody Tue Nov  7 03:33:35 2017
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A29E13FBFC; Tue,  7 Nov 2017 03:33:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.919
X-Spam-Level: 
X-Spam-Status: No, score=-1.919 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W4jTp14M4Mpb; Tue,  7 Nov 2017 03:33:24 -0800 (PST)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-db5eur01on0084.outbound.protection.outlook.com [104.47.2.84]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 06B4F13FDF3; Tue,  7 Nov 2017 03:33:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=5WzsjCROG20XQyicOW4FM8DyzG99NTnEpRRaWnSiooM=; b=m37fYgQCLmlRP1BBXdLpiA1ND0HhFWIn0RBdXIj2XCzX38KueLGXp3JMwnm+HEN59WE7E/S9d99n4jjRSUTDuxbj1PV16RddkmV++eriewn4VbsWo8e7fAqrf5kkc8HKpWxhkRSHdgzUFEXb0pv5uZ1WRSbFfeFybAyp6kK0cqo=
Received: from VI1PR0801MB2717.eurprd08.prod.outlook.com (10.166.198.22) by VI1PR0801MB2718.eurprd08.prod.outlook.com (10.166.198.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.197.13; Tue, 7 Nov 2017 11:33:21 +0000
Received: from VI1PR0801MB2717.eurprd08.prod.outlook.com ([fe80::65d5:69ef:ba63:1cf9]) by VI1PR0801MB2717.eurprd08.prod.outlook.com ([fe80::65d5:69ef:ba63:1cf9%14]) with mapi id 15.20.0197.020; Tue, 7 Nov 2017 11:33:21 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>, "suit@ietf.org" <suit@ietf.org>, Michael Richardson <mcr+ietf@sandelman.ca>, The IESG <iesg@ietf.org>
Thread-Topic: [Suit] WG Review: Software Updates for Internet of Things (suit)
Thread-Index: AQHTVMFL+iLnYCwU0kOnFPZGIVVbDKMC7sgAgAAD+ICAAAsmgIAEhf4AgABRqwCAACQ+gIAA0+9g
Date: Tue, 7 Nov 2017 11:33:21 +0000
Message-ID: <VI1PR0801MB2717CEFB1C728ED7CC13C2F8FA510@VI1PR0801MB2717.eurprd08.prod.outlook.com>
References: <150972672329.16422.18367622832369820976.idtracker@ietfa.amsl.com> <3DBC689C-8369-47DB-9B81-ACA8C28B5926@tzi.org> <E78F3C89-6D82-4338-8485-4CB945C4B406@vpnc.org> <CY4PR09MB1495F5E545222C79A6090357F05D0@CY4PR09MB1495.namprd09.prod.outlook.com> <1A13A291-F0E9-4F03-96D7-0393C6F12F5B@vpnc.org> <18637.1510000852@dooku.sandelman.ca> <31D7BECD-9B00-4D4F-AFE6-27FE38D8E742@sit.fraunhofer.de>
In-Reply-To: <31D7BECD-9B00-4D4F-AFE6-27FE38D8E742@sit.fraunhofer.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com; 
x-originating-ip: [80.92.118.86]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; VI1PR0801MB2718; 6:4lZQRGQhzFjY80GKmX5UIw4ZBvTzGyiV/NOznRmzAHT9q3x0VEWymWggd7k/LPWsYM0JQ2Y7W7JKzzMEyOKf88USwPKZO1te8s6BM70GjOoxECirLBJmkqGEMOtDIZK4YYCaedAnE8a9wutVQYym++1ErQjgQoXRcObzilNq2clD0O2dfktItMwCZoyChTJ5pLDkPoyQ+tFSwIAHCWHpA57VB/znQ3pQVa7iIvWVMRYW0oMtAoivKTj1RGVWeSxESvQxU7VIuu1qj9lpNVmWZFQ6FgSwXlngfA56c9f09owyTPEDfWVg+hPRtPbYTm6vovj+eo80aaLa4WGasde0grZsSblvWlWqew5NxDMRMLE=; 5:/9dCNyv0XgZ3hH9/+N60ofa3cVYi4Dk+Lj/0ribGY3w1mTVRKRSqdozZLC2UOuxmI+uvt5BcQpJ3sHdHQ61Ai6S8qP4agi44DcdskJTVeL+I2IYtufFRgbnU11iacRolQ2QJqX/DcfjXruoPxsKj9/YbPo0AikOv42of0I2PdQo=; 24:DsSz08uzrjgybaZfo33LxYKR2/7k0TdTx5yp5uyitGSnplA/nzVa1En7eyjTT4JemOgWePG1e8JO+Dl3ZqjJ+AKTk+rupvkkQeAMcNbiJdc=; 7:yRy9o/vht6TmgzKnlr4TkRLQZfEmfbsQnfGIXl9CaXpRKqS6BEd9J0uIRW+UHGXw6hm7TqRtPgFzS8Rv3efII3beqyKDJYj7nVvFvLcWJli09CuZslJhdfs2ZL8joSl2j31atT77mypxzoNEnF4li9e4/8iu+klYqQ1tn3SuhETnJnVtRWL/RuX0ccbmewvD9UDcUXyuq9AjKcZuFPbuz2OR+0/Xl2YQYgQLd5c0ZRuSCh7S+FblMeAZEt0vEAFN
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: bfbb6f0d-2b3a-403f-9640-08d525d35970
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603199); SRVR:VI1PR0801MB2718; 
x-ms-traffictypediagnostic: VI1PR0801MB2718:
x-exchange-antispam-report-test: UriScan:(21748063052155);
x-microsoft-antispam-prvs: <VI1PR0801MB271878C1E772FEDDDA81E7ADFA510@VI1PR0801MB2718.eurprd08.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(10201501046)(93006095)(93001095)(3002001)(100000703101)(100105400095)(3231021)(6055026)(6041248)(20161123558100)(20161123560025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123555025)(20161123562025)(20161123564025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:VI1PR0801MB2718; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:VI1PR0801MB2718; 
x-forefront-prvs: 0484063412
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(39860400002)(346002)(24454002)(199003)(189002)(40434004)(66066001)(81156014)(236005)(15650500001)(81166006)(72206003)(2420400007)(8936002)(53936002)(2906002)(33656002)(7110500001)(229853002)(25786009)(105586002)(106356001)(6506006)(6436002)(5660300001)(10710500007)(7696004)(50986999)(76176999)(54356999)(55016002)(478600001)(54896002)(9686003)(6306002)(3280700002)(2950100002)(3660700001)(101416001)(93886005)(5250100002)(5890100001)(2501003)(102836003)(3846002)(6116002)(790700001)(110136005)(14454004)(53546010)(97736004)(316002)(99286004)(8676002)(86362001)(189998001)(6246003)(2900100001)(68736007)(74316002)(7736002); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR0801MB2718; H:VI1PR0801MB2717.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_VI1PR0801MB2717CEFB1C728ED7CC13C2F8FA510VI1PR0801MB2717_"
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: bfbb6f0d-2b3a-403f-9640-08d525d35970
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Nov 2017 11:33:21.0577 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0801MB2718
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/33u42d0uAXv20qT5WcxINOOOfAs>
Subject: Re: [Suit] WG Review: Software Updates for Internet of Things (suit)
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Nov 2017 11:33:27 -0000

--_000_VI1PR0801MB2717CEFB1C728ED7CC13C2F8FA510VI1PR0801MB2717_
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64

SGVuaywNCg0Kd2UgY291bGQgb2YgY291cnNlIHNlcGFyYXRlIHRoZSBlbmNvZGluZyBmcm9tIHRo
ZSBzZW1hbnRpYyBvZiB0aGUgaW5mb3JtYXRpb24gd2Ugd2FudCB0byBjb252ZXkuIElmIHdlIGRv
ICh1c2luZyBSRkMgMzQ0NCB0ZXJtaW5vbG9neSkgdGhhdCB0aGVuIHdlIHdvdWxkIGJlIHdvcmtp
bmcgb24gdGhlIGluZm9ybWF0aW9uIG1vZGVsIGluIG9uZSBkb2N1bWVudCBhbmQgaW4gb25lIG9y
IG1vcmUgZG9jdW1lbnRzIG9uIHRoZSBkYXRhIG1vZGVscy4NCg0KVGhpcyB3b3VsZCBqdXN0IGRl
bGF5IHRoZSBkaXNjdXNzaW9uIGFib3V0IGVuY29kaW5ncyBub3QgbmVjZXNzYXJpbHkgcmVzb2x2
ZSBpdC4gVGhhdCBtYXkgaGVscCBzaW5jZSBwZW9wbGUgaGF2ZSBtb3JlIHRpbWUgdG8gdGhpbmsg
YWJvdXQgaXQuIE9uIHRoZSBvdGhlciBoYW5kLCB3ZSBkaWRu4oCZdCB3YW50IHRvIHR1cm4gdGhp
cyBpbnRvIGEgbGlmZWxvbmcgcHJvamVjdC4NCg0KQ2lhbw0KSGFubmVzDQoNCkZyb206IFN1aXQg
W21haWx0bzpzdWl0LWJvdW5jZXNAaWV0Zi5vcmddIE9uIEJlaGFsZiBPZiBIZW5rIEJpcmtob2x6
DQpTZW50OiAwNiBOb3ZlbWJlciAyMDE3IDIzOjUxDQpUbzogc3VpdEBpZXRmLm9yZzsgTWljaGFl
bCBSaWNoYXJkc29uOyBUaGUgSUVTRw0KU3ViamVjdDogUmU6IFtTdWl0XSBXRyBSZXZpZXc6IFNv
ZnR3YXJlIFVwZGF0ZXMgZm9yIEludGVybmV0IG9mIFRoaW5ncyAoc3VpdCkNCg0KDQpteSBpbnRl
bmQgaXMgbm90IHRvIGFubm95IGFueW9uZSwgcmVhbGx5LCBidXQgSSB0aGluayBJIGhhdmUgdG8g
YXNrIHRoaXMgb25lIHF1ZXN0aW9uOiBJZiB0aGUgaW5pdGlhbCBmb2N1cyBpcyBub3QgYWJvdXQg
Zm9ybWF0ICgrMSkgLSBpbiByZXNwZWN0IHRvIHJmYzM0NDQgLSBkb2VzIHRoaXMgaW1wbHkgdGhh
dCB0aGUgaW5pdGlhbCBmb2N1cyB3aWxsIGJlIGFib3V0IGEgZGF0YSBtb2RlbCwgaW5jbHVkaW5n
IGRhdGEgdHlwZXMgYW5kIHRoZSBpbnRlcmNvbm5lY3RlZCByZWxhdGlvbnNoaXAgb2YgaXRzIGNv
bnRlbnRzPw0KDQpWaWVsZSBHcsO8w59lLA0KDQpIZW5rDQoNCnRoYXQgdGhlIGluaXRpYWwgZm9j
dXMgaXMgdG8gY3JlYXRlIGEgZGF0YSBtb2RlbCwgaW5jbHVkaW5nIGRhdGEgdHlwZXM/Xg0KT24g
Tm92ZW1iZXIgNiwgMjAxNyA5OjQwOjUyIFBNIEdNVCswMTowMCwgTWljaGFlbCBSaWNoYXJkc29u
IDxtY3IraWV0ZkBzYW5kZWxtYW4uY2E8bWFpbHRvOm1jcitpZXRmQHNhbmRlbG1hbi5jYT4+IHdy
b3RlOg0KDQpQYXVsIEhvZmZtYW4gPHBhdWwuaG9mZm1hbkB2cG5jLm9yZzxtYWlsdG86cGF1bC5o
b2ZmbWFuQHZwbmMub3JnPj4gd3JvdGU6DQoNCiBUaGUgaW5pdGlhbCBmb2N1cyBvZiB0aGlzIGdy
b3VwIHdpbGwgYmUgZGV2ZWxvcG1lbnQgb2YgdGhlIGNvbnRlbnRzIG9mIGENCiBtYW5pZmVzdC4N
CiBPbmNlIHRoZXJlIGlzIGdlbmVyYWwgYWdyZWVtZW50IG9uIHRoZSBjb250ZW50cywgdGhlIGdy
b3VwIHdpbGwgcGljayBvbmUNCiBmb3JtYXQNCiAoYW5kIGl0cyBhc3NvY2lhdGVkIGNyeXB0b2dy
YXBoaWMgbWVjaGFuaXNtcykgdG8gZW5jb2RlIHRoZSBtYW5pZmVzdC4NCjwvYmxvYw0KDQoNCi0t
DQoNCg0KU2VudCBmcm9tIG15IEFuZHJvaWQgZGV2aWNlIHdpdGggSy05IE1haWwuIFBsZWFzZSBl
eGN1c2UgbXkgYnJldml0eS5rcXVvdGU+DQpUaGlzIHNlZW1zIGdvb2QgZm9yIG1lLg0KDQpJTVBP
UlRBTlQgTk9USUNFOiBUaGUgY29udGVudHMgb2YgdGhpcyBlbWFpbCBhbmQgYW55IGF0dGFjaG1l
bnRzIGFyZSBjb25maWRlbnRpYWwgYW5kIG1heSBhbHNvIGJlIHByaXZpbGVnZWQuIElmIHlvdSBh
cmUgbm90IHRoZSBpbnRlbmRlZCByZWNpcGllbnQsIHBsZWFzZSBub3RpZnkgdGhlIHNlbmRlciBp
bW1lZGlhdGVseSBhbmQgZG8gbm90IGRpc2Nsb3NlIHRoZSBjb250ZW50cyB0byBhbnkgb3RoZXIg
cGVyc29uLCB1c2UgaXQgZm9yIGFueSBwdXJwb3NlLCBvciBzdG9yZSBvciBjb3B5IHRoZSBpbmZv
cm1hdGlvbiBpbiBhbnkgbWVkaXVtLiBUaGFuayB5b3UuDQo=

--_000_VI1PR0801MB2717CEFB1C728ED7CC13C2F8FA510VI1PR0801MB2717_
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: base64

PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy
bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt
YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj
cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv
VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg
Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv
ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTQgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl
PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6
Q2FsaWJyaTsNCglwYW5vc2UtMToyIDE1IDUgMiAyIDIgNCAzIDIgNDt9DQpAZm9udC1mYWNlDQoJ
e2ZvbnQtZmFtaWx5OlRhaG9tYTsNCglwYW5vc2UtMToyIDExIDYgNCAzIDUgNCA0IDIgNDt9DQpA
Zm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OkNvbnNvbGFzOw0KCXBhbm9zZS0xOjIgMTEgNiA5IDIg
MiA0IDMgMiA0O30NCi8qIFN0eWxlIERlZmluaXRpb25zICovDQpwLk1zb05vcm1hbCwgbGkuTXNv
Tm9ybWFsLCBkaXYuTXNvTm9ybWFsDQoJe21hcmdpbjowY207DQoJbWFyZ2luLWJvdHRvbTouMDAw
MXB0Ow0KCWZvbnQtc2l6ZToxMi4wcHQ7DQoJZm9udC1mYW1pbHk6IlRpbWVzIE5ldyBSb21hbiIs
InNlcmlmIjt9DQphOmxpbmssIHNwYW4uTXNvSHlwZXJsaW5rDQoJe21zby1zdHlsZS1wcmlvcml0
eTo5OTsNCgljb2xvcjpibHVlOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KYTp2aXNp
dGVkLCBzcGFuLk1zb0h5cGVybGlua0ZvbGxvd2VkDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsN
Cgljb2xvcjpwdXJwbGU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQpwcmUNCgl7bXNv
LXN0eWxlLXByaW9yaXR5Ojk5Ow0KCW1zby1zdHlsZS1saW5rOiJIVE1MIFByZWZvcm1hdHRlZCBD
aGFyIjsNCgltYXJnaW46MGNtOw0KCW1hcmdpbi1ib3R0b206LjAwMDFwdDsNCglmb250LXNpemU6
MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDb3VyaWVyIE5ldyI7fQ0Kc3Bhbi5IVE1MUHJlZm9ybWF0
dGVkQ2hhcg0KCXttc28tc3R5bGUtbmFtZToiSFRNTCBQcmVmb3JtYXR0ZWQgQ2hhciI7DQoJbXNv
LXN0eWxlLXByaW9yaXR5Ojk5Ow0KCW1zby1zdHlsZS1saW5rOiJIVE1MIFByZWZvcm1hdHRlZCI7
DQoJZm9udC1mYW1pbHk6Q29uc29sYXM7DQoJbXNvLWZhcmVhc3QtbGFuZ3VhZ2U6RU4tR0I7fQ0K
c3Bhbi5FbWFpbFN0eWxlMTkNCgl7bXNvLXN0eWxlLXR5cGU6cGVyc29uYWwtcmVwbHk7DQoJZm9u
dC1mYW1pbHk6IkNhbGlicmkiLCJzYW5zLXNlcmlmIjsNCgljb2xvcjojMUY0OTdEO30NCi5Nc29D
aHBEZWZhdWx0DQoJe21zby1zdHlsZS10eXBlOmV4cG9ydC1vbmx5Ow0KCWZvbnQtZmFtaWx5OiJD
YWxpYnJpIiwic2Fucy1zZXJpZiI7DQoJbXNvLWZhcmVhc3QtbGFuZ3VhZ2U6RU4tVVM7fQ0KQHBh
Z2UgV29yZFNlY3Rpb24xDQoJe3NpemU6NjEyLjBwdCA3OTIuMHB0Ow0KCW1hcmdpbjo3Mi4wcHQg
NzIuMHB0IDcyLjBwdCA3Mi4wcHQ7fQ0KZGl2LldvcmRTZWN0aW9uMQ0KCXtwYWdlOldvcmRTZWN0
aW9uMTt9DQotLT48L3N0eWxlPjwhLS1baWYgZ3RlIG1zbyA5XT48eG1sPg0KPG86c2hhcGVkZWZh
dWx0cyB2OmV4dD0iZWRpdCIgc3BpZG1heD0iMTAyNiIgLz4NCjwveG1sPjwhW2VuZGlmXS0tPjwh
LS1baWYgZ3RlIG1zbyA5XT48eG1sPg0KPG86c2hhcGVsYXlvdXQgdjpleHQ9ImVkaXQiPg0KPG86
aWRtYXAgdjpleHQ9ImVkaXQiIGRhdGE9IjEiIC8+DQo8L286c2hhcGVsYXlvdXQ+PC94bWw+PCFb
ZW5kaWZdLS0+DQo8L2hlYWQ+DQo8Ym9keSBsYW5nPSJFTi1HQiIgbGluaz0iYmx1ZSIgdmxpbms9
InB1cnBsZSI+DQo8ZGl2IGNsYXNzPSJXb3JkU2VjdGlvbjEiPg0KPHAgY2xhc3M9Ik1zb05vcm1h
bCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJy
aSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPkhlbmssDQo8bzpw
PjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9u
dC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMt
c2VyaWYmcXVvdDs7Y29sb3I6IzFGNDk3RCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0K
PHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1m
YW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9yOiMx
RjQ5N0QiPndlIGNvdWxkIG9mIGNvdXJzZSBzZXBhcmF0ZSB0aGUgZW5jb2RpbmcgZnJvbSB0aGUg
c2VtYW50aWMgb2YgdGhlIGluZm9ybWF0aW9uIHdlIHdhbnQgdG8gY29udmV5LiBJZiB3ZSBkbyAo
dXNpbmcgUkZDIDM0NDQgdGVybWlub2xvZ3kpIHRoYXQgdGhlbiB3ZSB3b3VsZCBiZQ0KIHdvcmtp
bmcgb24gdGhlIGluZm9ybWF0aW9uIG1vZGVsIGluIG9uZSBkb2N1bWVudCBhbmQgaW4gb25lIG9y
IG1vcmUgZG9jdW1lbnRzIG9uIHRoZSBkYXRhIG1vZGVscy4NCjxvOnA+PC9vOnA+PC9zcGFuPjwv
cD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2Zv
bnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xv
cjojMUY0OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9y
bWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxp
YnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6IzFGNDk3RCI+VGhpcyB3b3Vs
ZCBqdXN0IGRlbGF5IHRoZSBkaXNjdXNzaW9uIGFib3V0IGVuY29kaW5ncyBub3QgbmVjZXNzYXJp
bHkgcmVzb2x2ZSBpdC4gVGhhdCBtYXkgaGVscCBzaW5jZSBwZW9wbGUgaGF2ZSBtb3JlIHRpbWUg
dG8gdGhpbmsgYWJvdXQgaXQuIE9uIHRoZSBvdGhlciBoYW5kLA0KIHdlIGRpZG7igJl0IHdhbnQg
dG8gdHVybiB0aGlzIGludG8gYSBsaWZlbG9uZyBwcm9qZWN0LiA8bzpwPjwvbzpwPjwvc3Bhbj48
L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtm
b250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29s
b3I6IzFGNDk3RCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05v
cm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2Fs
aWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPkNpYW88YnI+
DQpIYW5uZXM8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48YSBu
YW1lPSJfTWFpbEVuZENvbXBvc2UiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQt
ZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjoj
MUY0OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L2E+PC9wPg0KPHAgY2xhc3M9Ik1zb05v
cm1hbCI+PGI+PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJmb250LXNpemU6MTAuMHB0O2ZvbnQt
ZmFtaWx5OiZxdW90O1RhaG9tYSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij5Gcm9tOjwv
c3Bhbj48L2I+PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJmb250LXNpemU6MTAuMHB0O2ZvbnQt
ZmFtaWx5OiZxdW90O1RhaG9tYSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij4gU3VpdCBb
bWFpbHRvOnN1aXQtYm91bmNlc0BpZXRmLm9yZ10NCjxiPk9uIEJlaGFsZiBPZiA8L2I+SGVuayBC
aXJraG9sejxicj4NCjxiPlNlbnQ6PC9iPiAwNiBOb3ZlbWJlciAyMDE3IDIzOjUxPGJyPg0KPGI+
VG86PC9iPiBzdWl0QGlldGYub3JnOyBNaWNoYWVsIFJpY2hhcmRzb247IFRoZSBJRVNHPGJyPg0K
PGI+U3ViamVjdDo8L2I+IFJlOiBbU3VpdF0gV0cgUmV2aWV3OiBTb2Z0d2FyZSBVcGRhdGVzIGZv
ciBJbnRlcm5ldCBvZiBUaGluZ3MgKHN1aXQpPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xh
c3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFs
Ij48YnI+DQpteSBpbnRlbmQgaXMgbm90IHRvIGFubm95IGFueW9uZSwgcmVhbGx5LCBidXQgSSB0
aGluayBJIGhhdmUgdG8gYXNrIHRoaXMgb25lIHF1ZXN0aW9uOiBJZiB0aGUgaW5pdGlhbCBmb2N1
cyBpcyBub3QgYWJvdXQgZm9ybWF0ICgmIzQzOzEpIC0gaW4gcmVzcGVjdCB0byByZmMzNDQ0IC0g
ZG9lcyB0aGlzIGltcGx5IHRoYXQgdGhlIGluaXRpYWwgZm9jdXMgd2lsbCBiZSBhYm91dCBhIGRh
dGEgbW9kZWwsIGluY2x1ZGluZyBkYXRhIHR5cGVzIGFuZCB0aGUgaW50ZXJjb25uZWN0ZWQNCiBy
ZWxhdGlvbnNoaXAgb2YgaXRzIGNvbnRlbnRzPzxicj4NCjxicj4NClZpZWxlIEdyw7zDn2UsPGJy
Pg0KPGJyPg0KSGVuazxicj4NCjxicj4NCnRoYXQgdGhlIGluaXRpYWwgZm9jdXMgaXMgdG8gY3Jl
YXRlIGEgZGF0YSBtb2RlbCwgaW5jbHVkaW5nIGRhdGEgdHlwZXM/XjxvOnA+PC9vOnA+PC9wPg0K
PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPk9uIE5vdmVtYmVyIDYsIDIwMTcgOTo0MDo1MiBQ
TSBHTVQmIzQzOzAxOjAwLCBNaWNoYWVsIFJpY2hhcmRzb24gJmx0OzxhIGhyZWY9Im1haWx0bzpt
Y3ImIzQzO2lldGZAc2FuZGVsbWFuLmNhIj5tY3ImIzQzO2lldGZAc2FuZGVsbWFuLmNhPC9hPiZn
dDsgd3JvdGU6PG86cD48L286cD48L3A+DQo8cHJlPjxicj5QYXVsIEhvZmZtYW4gJmx0OzxhIGhy
ZWY9Im1haWx0bzpwYXVsLmhvZmZtYW5AdnBuYy5vcmciPnBhdWwuaG9mZm1hbkB2cG5jLm9yZzwv
YT4mZ3Q7IHdyb3RlOjxvOnA+PC9vOnA+PC9wcmU+DQo8cHJlPiBUaGUgaW5pdGlhbCBmb2N1cyBv
ZiB0aGlzIGdyb3VwIHdpbGwgYmUgZGV2ZWxvcG1lbnQgb2YgdGhlIGNvbnRlbnRzIG9mIGE8YnI+
IG1hbmlmZXN0Ljxicj4gT25jZSB0aGVyZSBpcyBnZW5lcmFsIGFncmVlbWVudCBvbiB0aGUgY29u
dGVudHMsIHRoZSBncm91cCB3aWxsIHBpY2sgb25lPGJyPiBmb3JtYXQ8YnI+IChhbmQgaXRzIGFz
c29jaWF0ZWQgY3J5cHRvZ3JhcGhpYyBtZWNoYW5pc21zKSB0byBlbmNvZGUgdGhlIG1hbmlmZXN0
Ljxicj4mbHQ7L2Jsb2M8YnI+PGJyPjxvOnA+PC9vOnA+PC9wcmU+DQo8cHJlPi0tIDxicj48YnI+
PG86cD48L286cD48L3ByZT4NCjxwcmU+U2VudCBmcm9tIG15IEFuZHJvaWQgZGV2aWNlIHdpdGgg
Sy05IE1haWwuIFBsZWFzZSBleGN1c2UgbXkgYnJldml0eS5rcXVvdGUmZ3Q7PGJyPlRoaXMgc2Vl
bXMgZ29vZCBmb3IgbWUuPG86cD48L286cD48L3ByZT4NCjwvZGl2Pg0KPC9kaXY+DQpJTVBPUlRB
TlQgTk9USUNFOiBUaGUgY29udGVudHMgb2YgdGhpcyBlbWFpbCBhbmQgYW55IGF0dGFjaG1lbnRz
IGFyZSBjb25maWRlbnRpYWwgYW5kIG1heSBhbHNvIGJlIHByaXZpbGVnZWQuIElmIHlvdSBhcmUg
bm90IHRoZSBpbnRlbmRlZCByZWNpcGllbnQsIHBsZWFzZSBub3RpZnkgdGhlIHNlbmRlciBpbW1l
ZGlhdGVseSBhbmQgZG8gbm90IGRpc2Nsb3NlIHRoZSBjb250ZW50cyB0byBhbnkgb3RoZXIgcGVy
c29uLCB1c2UgaXQgZm9yIGFueSBwdXJwb3NlLA0KIG9yIHN0b3JlIG9yIGNvcHkgdGhlIGluZm9y
bWF0aW9uIGluIGFueSBtZWRpdW0uIFRoYW5rIHlvdS4NCjwvYm9keT4NCjwvaHRtbD4NCg==

--_000_VI1PR0801MB2717CEFB1C728ED7CC13C2F8FA510VI1PR0801MB2717_--


From nobody Tue Nov  7 05:03:18 2017
Return-Path: <henk.birkholz@sit.fraunhofer.de>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B6B113FE67; Tue,  7 Nov 2017 05:03:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level: 
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7YfcwEluTLIg; Tue,  7 Nov 2017 05:03:09 -0800 (PST)
Received: from mail-edgeKA27.fraunhofer.de (mail-edgeka27.fraunhofer.de [153.96.1.27]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6724D13FE68; Tue,  7 Nov 2017 05:03:04 -0800 (PST)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A2ElAgBp299Z/xoHYZlUChoBAQEBAgEBAQEIAQEBAYNdgVInB4NzmVGBSyuWLw6CBAqCAYM6AoQ/QRYBAgEBAQEBAQEDaCiFHQEBAQMBIw8BBTgCDAsJAhEEAQEBAgIjAwICRgEICAYBDAYCAQGKEgcBBI4HnWeCJ4s8AQEBAQEBBAEBAQEBAQEBIIEOgh+CB4FRgWorgn+EUgEHCgIBETmCZ4JhBaFEgQiBJoxzh10bhVmDVQWHLoohix0CBAYFAhkBgTkmDSWBAwtTJod7dYkVgTEBgRABAQE
X-IPAS-Result: A2ElAgBp299Z/xoHYZlUChoBAQEBAgEBAQEIAQEBAYNdgVInB4NzmVGBSyuWLw6CBAqCAYM6AoQ/QRYBAgEBAQEBAQEDaCiFHQEBAQMBIw8BBTgCDAsJAhEEAQEBAgIjAwICRgEICAYBDAYCAQGKEgcBBI4HnWeCJ4s8AQEBAQEBBAEBAQEBAQEBIIEOgh+CB4FRgWorgn+EUgEHCgIBETmCZ4JhBaFEgQiBJoxzh10bhVmDVQWHLoohix0CBAYFAhkBgTkmDSWBAwtTJod7dYkVgTEBgRABAQE
X-IronPort-AV: E=Sophos;i="5.43,368,1503352800";  d="scan'208";a="1285827"
Received: from mail-mtas26.fraunhofer.de ([153.97.7.26]) by mail-edgeKA27.fraunhofer.de with ESMTP/TLS/DHE-RSA-AES256-SHA; 07 Nov 2017 14:02:59 +0100
X-IronPort-AV: E=Sophos;i="5.44,358,1505772000";  d="scan'208";a="1078029"
Received: from mailext.sit.fraunhofer.de ([141.12.72.89]) by mail-mtaS26.fraunhofer.de with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 07 Nov 2017 14:02:30 +0100
Received: from mail.sit.fraunhofer.de (mail.sit.fraunhofer.de [141.12.84.171]) by mailext.sit.fraunhofer.de (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id vA7D2SEe029700 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 7 Nov 2017 14:02:29 +0100
Received: from [134.102.160.167] (134.102.160.167) by mail.sit.fraunhofer.de (141.12.84.171) with Microsoft SMTP Server (TLS) id 14.3.361.1; Tue, 7 Nov 2017 14:02:23 +0100
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, "suit@ietf.org" <suit@ietf.org>, Michael Richardson <mcr+ietf@sandelman.ca>, The IESG <iesg@ietf.org>
References: <150972672329.16422.18367622832369820976.idtracker@ietfa.amsl.com> <3DBC689C-8369-47DB-9B81-ACA8C28B5926@tzi.org> <E78F3C89-6D82-4338-8485-4CB945C4B406@vpnc.org> <CY4PR09MB1495F5E545222C79A6090357F05D0@CY4PR09MB1495.namprd09.prod.outlook.com> <1A13A291-F0E9-4F03-96D7-0393C6F12F5B@vpnc.org> <18637.1510000852@dooku.sandelman.ca> <31D7BECD-9B00-4D4F-AFE6-27FE38D8E742@sit.fraunhofer.de> <VI1PR0801MB2717CEFB1C728ED7CC13C2F8FA510@VI1PR0801MB2717.eurprd08.prod.outlook.com>
From: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
Message-ID: <6957528f-7a65-77b8-800e-ce52a1c79b2f@sit.fraunhofer.de>
Date: Tue, 7 Nov 2017 14:02:22 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <VI1PR0801MB2717CEFB1C728ED7CC13C2F8FA510@VI1PR0801MB2717.eurprd08.prod.outlook.com>
Content-Type: text/plain; charset="utf-8"; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Originating-IP: [134.102.160.167]
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/U_WYYKzdHnf55MuLfFK0PcBWNtY>
Subject: Re: [Suit] WG Review: Software Updates for Internet of Things (suit)
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Nov 2017 13:03:12 -0000

Hi Hannes,

that was why I suggested a data model and not an information model in 
this scope. A data model can be serialized in several encodings - the 
only requirement is that the encoding can represent the types required 
by the data model - at least on a level that enables 
unambiguous/canonical transcoding and therefore interoperability.

In a small scope like suit ("small" being relative in respect to other 
charters), I think one could start laying out a data model without 
requiring the extra steps of "finding the information elements".

I also have to voice to support the approach to "learn" from CMS and 
RFC 4108 - and not just refactoring the concepts/contents.

Also I would like to voice support for Phillip's and Rich's approach 
"that we should not be creating new data structures in ASN.1" as "there 
are simpler, performant, formats readily available."

Just yesterday I met with a vendor that does firmware upgrades in 
isolated computing context slices of singular things - and they were 
amazed that "providing the capability of indicating block-device 
lables/indexes", "block-offsets in a block-device" and semantic 
relationships, such as "requires", "supersedes", or "patches" is not an 
obvious thing to be included in a manifest. The literal question they 
voiced was: "Why going through the hassle of creating a manifest for 
metadata, if you are not going to put useful metadata in it?" And I 
could understand their point of view.

Additionally - on one hand - I would like to support the term claim in 
respect to the mix of terms highlighted by Martin:

> It's not just terminology.  There are three discrete fields in the
> draft for conditions, directives and extensions.  I am suggesting that
> there only needs to be one.

On the other hand, I am not so certain about this statement, Martin:

> storageIdentifier seems especially problematic.  If you have a device
> type identifier, then that should suffice for those cases where there
> are multiple update targets on a device.  That is, you can identify by
> generically identifying the type of thing that this update applies to:
> "vendor foo alarm clock configuration" rather than "vendor foo alarm
> clock" and it all works neatly.  Right now the storageIdentifier is
> all tied up in the way that the update is identified.

Optional standard claims that MAY be used to provide additional 
semantics to a manifest do not sound so bad to me. Am I missing 
something here?


Viele Grüße,

Henk




On 11/07/2017 12:33 PM, Hannes Tschofenig wrote:
> Henk,
> 
> we could of course separate the encoding from the semantic of the 
> information we want to convey. If we do (using RFC 3444 terminology) 
> that then we would be working on the information model in one document 
> and in one or more documents on the data models.
> 
> This would just delay the discussion about encodings not necessarily 
> resolve it. That may help since people have more time to think about it. 
> On the other hand, we didn’t want to turn this into a lifelong project.
> 
> Ciao
> Hannes
> 
> *From:*Suit [mailto:suit-bounces@ietf.org] *On Behalf Of *Henk Birkholz
> *Sent:* 06 November 2017 23:51
> *To:* suit@ietf.org; Michael Richardson; The IESG
> *Subject:* Re: [Suit] WG Review: Software Updates for Internet of Things 
> (suit)
> 
> 
> my intend is not to annoy anyone, really, but I think I have to ask this 
> one question: If the initial focus is not about format (+1) - in respect 
> to rfc3444 - does this imply that the initial focus will be about a data 
> model, including data types and the interconnected relationship of its 
> contents?
> 
> Viele Grüße,
> 
> Henk
> 
> that the initial focus is to create a data model, including data types?^
> 
> On November 6, 2017 9:40:52 PM GMT+01:00, Michael Richardson 
> <mcr+ietf@sandelman.ca <mailto:mcr+ietf@sandelman.ca>> wrote:
> 
> 
> Paul Hoffman <paul.hoffman@vpnc.org <mailto:paul.hoffman@vpnc.org>> wrote:
> 
>   The initial focus of this group will be development of the contents of a
>   manifest.
>   Once there is general agreement on the contents, the group will pick one
>   format
>   (and its associated cryptographic mechanisms) to encode the manifest.
> </bloc
> 
> -- 
> 
> Sent from my Android device with K-9 Mail. Please excuse my brevity.kquote>
> This seems good for me.
> 
> IMPORTANT NOTICE: The contents of this email and any attachments are 
> confidential and may also be privileged. If you are not the intended 
> recipient, please notify the sender immediately and do not disclose the 
> contents to any other person, use it for any purpose, or store or copy 
> the information in any medium. Thank you.


From nobody Tue Nov  7 05:12:33 2017
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 62F3813FE6C; Tue,  7 Nov 2017 05:12:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.91
X-Spam-Level: 
X-Spam-Status: No, score=-2.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=-1, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bdzx9w1Ep5J2; Tue,  7 Nov 2017 05:12:29 -0800 (PST)
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-he1eur01on0042.outbound.protection.outlook.com [104.47.0.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A0B2113FD6F; Tue,  7 Nov 2017 05:12:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=2Hs9UQR6BzpnPLECPmh11fK+PZmhFwvsxBMflpQMTwE=; b=EUshLKREx63cPaIII9jtoXV8Oa2n4v4A3EvfgBcIDRj55tyGEZ/QKrzts/RN0h4CYVWmhis0OXD/7KS9I1y4EHlPepAEZD8PCSKvIsxQ3GqhyXsT33Sbdm/N5uKYu1kplVaSgZ6f4SAgCQ98J3/aetogAGBP5ZlNbumGLW+SW3A=
Received: from VI1PR0801MB2717.eurprd08.prod.outlook.com (10.166.198.22) by VI1PR0801MB2718.eurprd08.prod.outlook.com (10.166.198.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.197.13; Tue, 7 Nov 2017 13:12:25 +0000
Received: from VI1PR0801MB2717.eurprd08.prod.outlook.com ([fe80::65d5:69ef:ba63:1cf9]) by VI1PR0801MB2717.eurprd08.prod.outlook.com ([fe80::65d5:69ef:ba63:1cf9%14]) with mapi id 15.20.0197.020; Tue, 7 Nov 2017 13:12:25 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>, "suit@ietf.org" <suit@ietf.org>, Michael Richardson <mcr+ietf@sandelman.ca>, The IESG <iesg@ietf.org>
Thread-Topic: [Suit] WG Review: Software Updates for Internet of Things (suit)
Thread-Index: AQHTVMFL+iLnYCwU0kOnFPZGIVVbDKMC7sgAgAAD+ICAAAsmgIAEhf4AgABRqwCAACQ+gIAA0+9ggAAaDgCAAAFMwA==
Date: Tue, 7 Nov 2017 13:12:24 +0000
Message-ID: <VI1PR0801MB271769D424FD117F5A76A280FA510@VI1PR0801MB2717.eurprd08.prod.outlook.com>
References: <150972672329.16422.18367622832369820976.idtracker@ietfa.amsl.com> <3DBC689C-8369-47DB-9B81-ACA8C28B5926@tzi.org> <E78F3C89-6D82-4338-8485-4CB945C4B406@vpnc.org> <CY4PR09MB1495F5E545222C79A6090357F05D0@CY4PR09MB1495.namprd09.prod.outlook.com> <1A13A291-F0E9-4F03-96D7-0393C6F12F5B@vpnc.org> <18637.1510000852@dooku.sandelman.ca> <31D7BECD-9B00-4D4F-AFE6-27FE38D8E742@sit.fraunhofer.de> <VI1PR0801MB2717CEFB1C728ED7CC13C2F8FA510@VI1PR0801MB2717.eurprd08.prod.outlook.com> <6957528f-7a65-77b8-800e-ce52a1c79b2f@sit.fraunhofer.de>
In-Reply-To: <6957528f-7a65-77b8-800e-ce52a1c79b2f@sit.fraunhofer.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com; 
x-originating-ip: [80.92.118.86]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; VI1PR0801MB2718; 6:HiEN5PMHqc88EyoLxScZpi5EjK2qRlJujHTwBVSDRXAYKRRj1Y6+yfNMSia1Q/BnV9donQG4gFVgjE6EEuCsGXoXJhuDT7o3mCQv0zbMtpN6DoqM4et1hAyzAqHduRrJyThKttyxJ7xudxR7oOIQbJHsZ5Tn6u4qywwL70h6bVyFnCFUVc59eTrjTHrhhW7uyFJkahBTbH8IEZytOTLQNvIwcQltVQ7vzX8f7Y1S6+nYi790MBTXYK1V4CD47ozew2oGRVCSWXya8Hp8oInOKBYm+NgqGMIZYKhF3say/IRUFPSwtu4EraY4169DQpl/TN7FdWYDMw43lQ0B5G+3bUJGnNWtuBc49r+YavG6zKM=; 5:74Fe+LCxTfOtslyCY44JLCarzFBCkh2JaLN37ScnO0/6AGAiuituS/Iq9rShrCRcPWRdGoyAMqzywhRgxKsuYcNnMdivvB0DK72F1ofuwrMZ8/AeDXERT7w7xzcpcO5tw8OwMSKFhczlB5mNpPComnDEe0dSvmxs41OhIUhluw0=; 24:kPcahDEaME4vwyJ0B5gkVpoBKdkyDr9fdXPjwqgzhxoYVLIUi512qJJTpr9JulEX+6ewLoQt0SXzZSV4deA1kmuFZh6MlVFYy1+UCL2aHR4=; 7:3vpimk4Z5fzi1F1DDa00HFokpw7FHmyP6y9w5bIJcypFYtDh9iM3aRG0k5GmyZJW33Q+RA5guL4xoP81MbhHDc6rZfHbyFzsIY3YXnlwjuKQ3p7WFUuQKrixKfBwWHtLYZVp4MRDtUplY4TisVSHrlF6YmQwAi5EYH4ov1GRebTuA3tuOc6CoN2gEf4KX5sFZPO2f35chzJFMVF0Q1ZsxgTbH1L4r6/Rbmy8xp5NrhiGPiJQhv97yLzVkFufGlzy
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: bb9a580b-21c2-4d43-1cfb-08d525e13040
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603199); SRVR:VI1PR0801MB2718; 
x-ms-traffictypediagnostic: VI1PR0801MB2718:
x-exchange-antispam-report-test: UriScan:(131327999870524);
x-microsoft-antispam-prvs: <VI1PR0801MB271804B08D385345101E6F78FA510@VI1PR0801MB2718.eurprd08.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(100000703101)(100105400095)(10201501046)(3231021)(3002001)(93006095)(93001095)(6055026)(6041248)(20161123562025)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123555025)(20161123558100)(20161123560025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:VI1PR0801MB2718; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:VI1PR0801MB2718; 
x-forefront-prvs: 0484063412
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(346002)(39860400002)(376002)(24454002)(199003)(189002)(40434004)(66066001)(81156014)(15650500001)(81166006)(72206003)(8936002)(53936002)(2906002)(33656002)(25786009)(229853002)(105586002)(106356001)(6506006)(6436002)(5660300001)(55016002)(7696004)(50986999)(76176999)(54356999)(478600001)(9686003)(3280700002)(2950100002)(3660700001)(101416001)(93886005)(5890100001)(5250100002)(2501003)(102836003)(3846002)(14454004)(110136005)(53546010)(6116002)(97736004)(316002)(99286004)(8676002)(86362001)(189998001)(6246003)(305945005)(2900100001)(68736007)(74316002)(7736002); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR0801MB2718; H:VI1PR0801MB2717.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: bb9a580b-21c2-4d43-1cfb-08d525e13040
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Nov 2017 13:12:24.9233 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0801MB2718
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/nC3Bw_wkAdqA_ATKJQ6Ui5Sd13M>
Subject: Re: [Suit] WG Review: Software Updates for Internet of Things (suit)
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Nov 2017 13:12:32 -0000

SGkgSGVuaywNCg0KSGkgSGFubmVzLA0KDQp0aGF0IHdhcyB3aHkgSSBzdWdnZXN0ZWQgYSBkYXRh
IG1vZGVsIGFuZCBub3QgYW4gaW5mb3JtYXRpb24gbW9kZWwgaW4gdGhpcyBzY29wZS4gQSBkYXRh
IG1vZGVsIGNhbiBiZSBzZXJpYWxpemVkIGluIHNldmVyYWwgZW5jb2RpbmdzIC0gdGhlIG9ubHkg
cmVxdWlyZW1lbnQgaXMgdGhhdCB0aGUgZW5jb2RpbmcgY2FuIHJlcHJlc2VudCB0aGUgdHlwZXMg
cmVxdWlyZWQgYnkgdGhlIGRhdGEgbW9kZWwgLSBhdCBsZWFzdCBvbiBhIGxldmVsIHRoYXQgZW5h
YmxlcyB1bmFtYmlndW91cy9jYW5vbmljYWwgdHJhbnNjb2RpbmcgYW5kIHRoZXJlZm9yZSBpbnRl
cm9wZXJhYmlsaXR5Lg0KDQpbSGFubmVzXSBNYXliZSBvdXIgdW5kZXJzdGFuZGluZyBvZiB3aGF0
IFJGQyAzNDQ0IHRyaWVzIHRvIHNheSBtYXkgZGlmZmVyICh3aGljaCB3b3VsZCBwcm9iYWJseSBh
bHNvIGV4cGxhaW4gdGhlIGNvbmZ1c2lvbiBpbiB0aGUgYXJlYSBvZiBzZW1hbnRpYyBpbnRlcm9w
ZXJhYmlsaXR5IGZvciBJb1QpLg0KDQpJbiBhIHNtYWxsIHNjb3BlIGxpa2Ugc3VpdCAoInNtYWxs
IiBiZWluZyByZWxhdGl2ZSBpbiByZXNwZWN0IHRvIG90aGVyIGNoYXJ0ZXJzKSwgSSB0aGluayBv
bmUgY291bGQgc3RhcnQgbGF5aW5nIG91dCBhIGRhdGEgbW9kZWwgd2l0aG91dCByZXF1aXJpbmcg
dGhlIGV4dHJhIHN0ZXBzIG9mICJmaW5kaW5nIHRoZSBpbmZvcm1hdGlvbiBlbGVtZW50cyIuDQoN
CltIYW5uZXNdIFRoYXQgc291bmRzIHJlYXNvbmFibGUgdG8gbWUuDQoNCkkgYWxzbyBoYXZlIHRv
IHZvaWNlIHRvIHN1cHBvcnQgdGhlIGFwcHJvYWNoIHRvICJsZWFybiIgZnJvbSBDTVMgYW5kIFJG
QyA0MTA4IC0gYW5kIG5vdCBqdXN0IHJlZmFjdG9yaW5nIHRoZSBjb25jZXB0cy9jb250ZW50cy4N
Cg0KQWxzbyBJIHdvdWxkIGxpa2UgdG8gdm9pY2Ugc3VwcG9ydCBmb3IgUGhpbGxpcCdzIGFuZCBS
aWNoJ3MgYXBwcm9hY2ggInRoYXQgd2Ugc2hvdWxkIG5vdCBiZSBjcmVhdGluZyBuZXcgZGF0YSBz
dHJ1Y3R1cmVzIGluIEFTTi4xIiBhcyAidGhlcmUgYXJlIHNpbXBsZXIsIHBlcmZvcm1hbnQsIGZv
cm1hdHMgcmVhZGlseSBhdmFpbGFibGUuIg0KDQpbSGFubmVzXSBJIGFncmVlIHdpdGggdGhvc2Ug
c3RhdGVtZW50cy4NCg0KSnVzdCB5ZXN0ZXJkYXkgSSBtZXQgd2l0aCBhIHZlbmRvciB0aGF0IGRv
ZXMgZmlybXdhcmUgdXBncmFkZXMgaW4gaXNvbGF0ZWQgY29tcHV0aW5nIGNvbnRleHQgc2xpY2Vz
IG9mIHNpbmd1bGFyIHRoaW5ncyAtIGFuZCB0aGV5IHdlcmUgYW1hemVkIHRoYXQgInByb3ZpZGlu
ZyB0aGUgY2FwYWJpbGl0eSBvZiBpbmRpY2F0aW5nIGJsb2NrLWRldmljZSBsYWJsZXMvaW5kZXhl
cyIsICJibG9jay1vZmZzZXRzIGluIGEgYmxvY2stZGV2aWNlIiBhbmQgc2VtYW50aWMgcmVsYXRp
b25zaGlwcywgc3VjaCBhcyAicmVxdWlyZXMiLCAic3VwZXJzZWRlcyIsIG9yICJwYXRjaGVzIiBp
cyBub3QgYW4gb2J2aW91cyB0aGluZyB0byBiZSBpbmNsdWRlZCBpbiBhIG1hbmlmZXN0LiBUaGUg
bGl0ZXJhbCBxdWVzdGlvbiB0aGV5IHZvaWNlZCB3YXM6ICJXaHkgZ29pbmcgdGhyb3VnaCB0aGUg
aGFzc2xlIG9mIGNyZWF0aW5nIGEgbWFuaWZlc3QgZm9yIG1ldGFkYXRhLCBpZiB5b3UgYXJlIG5v
dCBnb2luZyB0byBwdXQgdXNlZnVsIG1ldGFkYXRhIGluIGl0PyIgQW5kIEkgY291bGQgdW5kZXJz
dGFuZCB0aGVpciBwb2ludCBvZiB2aWV3Lg0KDQpbSGFubmVzXSBJIGFtIG5vdCBzdXJlIEkgdW5k
ZXJzdGFuZCB0aGVpciBjb21tZW50Lg0KDQpBZGRpdGlvbmFsbHkgLSBvbiBvbmUgaGFuZCAtIEkg
d291bGQgbGlrZSB0byBzdXBwb3J0IHRoZSB0ZXJtIGNsYWltIGluIHJlc3BlY3QgdG8gdGhlIG1p
eCBvZiB0ZXJtcyBoaWdobGlnaHRlZCBieSBNYXJ0aW46DQoNCj4gSXQncyBub3QganVzdCB0ZXJt
aW5vbG9neS4gIFRoZXJlIGFyZSB0aHJlZSBkaXNjcmV0ZSBmaWVsZHMgaW4gdGhlDQo+IGRyYWZ0
IGZvciBjb25kaXRpb25zLCBkaXJlY3RpdmVzIGFuZCBleHRlbnNpb25zLiAgSSBhbSBzdWdnZXN0
aW5nIHRoYXQNCj4gdGhlcmUgb25seSBuZWVkcyB0byBiZSBvbmUuDQoNCk9uIHRoZSBvdGhlciBo
YW5kLCBJIGFtIG5vdCBzbyBjZXJ0YWluIGFib3V0IHRoaXMgc3RhdGVtZW50LCBNYXJ0aW46DQoN
Cj4gc3RvcmFnZUlkZW50aWZpZXIgc2VlbXMgZXNwZWNpYWxseSBwcm9ibGVtYXRpYy4gIElmIHlv
dSBoYXZlIGEgZGV2aWNlDQo+IHR5cGUgaWRlbnRpZmllciwgdGhlbiB0aGF0IHNob3VsZCBzdWZm
aWNlIGZvciB0aG9zZSBjYXNlcyB3aGVyZSB0aGVyZQ0KPiBhcmUgbXVsdGlwbGUgdXBkYXRlIHRh
cmdldHMgb24gYSBkZXZpY2UuICBUaGF0IGlzLCB5b3UgY2FuIGlkZW50aWZ5IGJ5DQo+IGdlbmVy
aWNhbGx5IGlkZW50aWZ5aW5nIHRoZSB0eXBlIG9mIHRoaW5nIHRoYXQgdGhpcyB1cGRhdGUgYXBw
bGllcyB0bzoNCj4gInZlbmRvciBmb28gYWxhcm0gY2xvY2sgY29uZmlndXJhdGlvbiIgcmF0aGVy
IHRoYW4gInZlbmRvciBmb28gYWxhcm0NCj4gY2xvY2siIGFuZCBpdCBhbGwgd29ya3MgbmVhdGx5
LiAgUmlnaHQgbm93IHRoZSBzdG9yYWdlSWRlbnRpZmllciBpcw0KPiBhbGwgdGllZCB1cCBpbiB0
aGUgd2F5IHRoYXQgdGhlIHVwZGF0ZSBpcyBpZGVudGlmaWVkLg0KDQpPcHRpb25hbCBzdGFuZGFy
ZCBjbGFpbXMgdGhhdCBNQVkgYmUgdXNlZCB0byBwcm92aWRlIGFkZGl0aW9uYWwgc2VtYW50aWNz
IHRvIGEgbWFuaWZlc3QgZG8gbm90IHNvdW5kIHNvIGJhZCB0byBtZS4gQW0gSSBtaXNzaW5nIHNv
bWV0aGluZyBoZXJlPw0KDQpbSGFubmVzXSBNYXJ0aW4gd291bGQgbGlrZSB0byBjb21iaW5lIGVs
ZW1lbnRzIHdoaWxlIHdlIGhhZCBwcm9wb3NlZCB0byBzZXBhcmF0ZSB0aGVtLiBUbyBtZSBpdCBm
ZWVscyBsaWtlIGRlZmluaW5nIGFuIGF0dHJpYnV0ZSAnbmFtZScgdnMuIGhhdmluZyB0d28gYXR0
cmlidXRlcywgJ2ZpcnN0IG5hbWUnIGFuZCAnbGFzdCBuYW1lJy4gSSBwZXJzb25hbGx5IGRvbid0
IGhhdmUgYSBzdHJvbmcgb3BpbmlvbiBhYm91dCB0aGlzIHRvcGljLg0KDQpDaWFvDQpIYW5uZXMN
Cg0KDQpWaWVsZSBHcsO8w59lLA0KDQpIZW5rDQoNCg0KDQoNCk9uIDExLzA3LzIwMTcgMTI6MzMg
UE0sIEhhbm5lcyBUc2Nob2ZlbmlnIHdyb3RlOg0KPiBIZW5rLA0KPg0KPiB3ZSBjb3VsZCBvZiBj
b3Vyc2Ugc2VwYXJhdGUgdGhlIGVuY29kaW5nIGZyb20gdGhlIHNlbWFudGljIG9mIHRoZQ0KPiBp
bmZvcm1hdGlvbiB3ZSB3YW50IHRvIGNvbnZleS4gSWYgd2UgZG8gKHVzaW5nIFJGQyAzNDQ0IHRl
cm1pbm9sb2d5KQ0KPiB0aGF0IHRoZW4gd2Ugd291bGQgYmUgd29ya2luZyBvbiB0aGUgaW5mb3Jt
YXRpb24gbW9kZWwgaW4gb25lIGRvY3VtZW50DQo+IGFuZCBpbiBvbmUgb3IgbW9yZSBkb2N1bWVu
dHMgb24gdGhlIGRhdGEgbW9kZWxzLg0KPg0KPiBUaGlzIHdvdWxkIGp1c3QgZGVsYXkgdGhlIGRp
c2N1c3Npb24gYWJvdXQgZW5jb2RpbmdzIG5vdCBuZWNlc3NhcmlseQ0KPiByZXNvbHZlIGl0LiBU
aGF0IG1heSBoZWxwIHNpbmNlIHBlb3BsZSBoYXZlIG1vcmUgdGltZSB0byB0aGluayBhYm91dCBp
dC4NCj4gT24gdGhlIG90aGVyIGhhbmQsIHdlIGRpZG7igJl0IHdhbnQgdG8gdHVybiB0aGlzIGlu
dG8gYSBsaWZlbG9uZyBwcm9qZWN0Lg0KPg0KPiBDaWFvDQo+IEhhbm5lcw0KPg0KPiAqRnJvbToq
U3VpdCBbbWFpbHRvOnN1aXQtYm91bmNlc0BpZXRmLm9yZ10gKk9uIEJlaGFsZiBPZiAqSGVuaw0K
PiBCaXJraG9seg0KPiAqU2VudDoqIDA2IE5vdmVtYmVyIDIwMTcgMjM6NTENCj4gKlRvOiogc3Vp
dEBpZXRmLm9yZzsgTWljaGFlbCBSaWNoYXJkc29uOyBUaGUgSUVTRw0KPiAqU3ViamVjdDoqIFJl
OiBbU3VpdF0gV0cgUmV2aWV3OiBTb2Z0d2FyZSBVcGRhdGVzIGZvciBJbnRlcm5ldCBvZg0KPiBU
aGluZ3MNCj4gKHN1aXQpDQo+DQo+DQo+IG15IGludGVuZCBpcyBub3QgdG8gYW5ub3kgYW55b25l
LCByZWFsbHksIGJ1dCBJIHRoaW5rIEkgaGF2ZSB0byBhc2sNCj4gdGhpcyBvbmUgcXVlc3Rpb246
IElmIHRoZSBpbml0aWFsIGZvY3VzIGlzIG5vdCBhYm91dCBmb3JtYXQgKCsxKSAtIGluDQo+IHJl
c3BlY3QgdG8gcmZjMzQ0NCAtIGRvZXMgdGhpcyBpbXBseSB0aGF0IHRoZSBpbml0aWFsIGZvY3Vz
IHdpbGwgYmUNCj4gYWJvdXQgYSBkYXRhIG1vZGVsLCBpbmNsdWRpbmcgZGF0YSB0eXBlcyBhbmQg
dGhlIGludGVyY29ubmVjdGVkDQo+IHJlbGF0aW9uc2hpcCBvZiBpdHMgY29udGVudHM/DQo+DQo+
IFZpZWxlIEdyw7zDn2UsDQo+DQo+IEhlbmsNCj4NCj4gdGhhdCB0aGUgaW5pdGlhbCBmb2N1cyBp
cyB0byBjcmVhdGUgYSBkYXRhIG1vZGVsLCBpbmNsdWRpbmcgZGF0YQ0KPiB0eXBlcz9eDQo+DQo+
IE9uIE5vdmVtYmVyIDYsIDIwMTcgOTo0MDo1MiBQTSBHTVQrMDE6MDAsIE1pY2hhZWwgUmljaGFy
ZHNvbg0KPiA8bWNyK2lldGZAc2FuZGVsbWFuLmNhIDxtYWlsdG86bWNyK2lldGZAc2FuZGVsbWFu
LmNhPj4gd3JvdGU6DQo+DQo+DQo+IFBhdWwgSG9mZm1hbiA8cGF1bC5ob2ZmbWFuQHZwbmMub3Jn
IDxtYWlsdG86cGF1bC5ob2ZmbWFuQHZwbmMub3JnPj4gd3JvdGU6DQo+DQo+ICAgVGhlIGluaXRp
YWwgZm9jdXMgb2YgdGhpcyBncm91cCB3aWxsIGJlIGRldmVsb3BtZW50IG9mIHRoZSBjb250ZW50
cyBvZiBhDQo+ICAgbWFuaWZlc3QuDQo+ICAgT25jZSB0aGVyZSBpcyBnZW5lcmFsIGFncmVlbWVu
dCBvbiB0aGUgY29udGVudHMsIHRoZSBncm91cCB3aWxsIHBpY2sgb25lDQo+ICAgZm9ybWF0DQo+
ICAgKGFuZCBpdHMgYXNzb2NpYXRlZCBjcnlwdG9ncmFwaGljIG1lY2hhbmlzbXMpIHRvIGVuY29k
ZSB0aGUgbWFuaWZlc3QuDQo+IDwvYmxvYw0KPg0KPiAtLQ0KPg0KPiBTZW50IGZyb20gbXkgQW5k
cm9pZCBkZXZpY2Ugd2l0aCBLLTkgTWFpbC4gUGxlYXNlIGV4Y3VzZSBteQ0KPiBicmV2aXR5Lmtx
dW90ZT4gVGhpcyBzZWVtcyBnb29kIGZvciBtZS4NCj4NCj4gSU1QT1JUQU5UIE5PVElDRTogVGhl
IGNvbnRlbnRzIG9mIHRoaXMgZW1haWwgYW5kIGFueSBhdHRhY2htZW50cyBhcmUNCj4gY29uZmlk
ZW50aWFsIGFuZCBtYXkgYWxzbyBiZSBwcml2aWxlZ2VkLiBJZiB5b3UgYXJlIG5vdCB0aGUgaW50
ZW5kZWQNCj4gcmVjaXBpZW50LCBwbGVhc2Ugbm90aWZ5IHRoZSBzZW5kZXIgaW1tZWRpYXRlbHkg
YW5kIGRvIG5vdCBkaXNjbG9zZQ0KPiB0aGUgY29udGVudHMgdG8gYW55IG90aGVyIHBlcnNvbiwg
dXNlIGl0IGZvciBhbnkgcHVycG9zZSwgb3Igc3RvcmUgb3INCj4gY29weSB0aGUgaW5mb3JtYXRp
b24gaW4gYW55IG1lZGl1bS4gVGhhbmsgeW91Lg0KSU1QT1JUQU5UIE5PVElDRTogVGhlIGNvbnRl
bnRzIG9mIHRoaXMgZW1haWwgYW5kIGFueSBhdHRhY2htZW50cyBhcmUgY29uZmlkZW50aWFsIGFu
ZCBtYXkgYWxzbyBiZSBwcml2aWxlZ2VkLiBJZiB5b3UgYXJlIG5vdCB0aGUgaW50ZW5kZWQgcmVj
aXBpZW50LCBwbGVhc2Ugbm90aWZ5IHRoZSBzZW5kZXIgaW1tZWRpYXRlbHkgYW5kIGRvIG5vdCBk
aXNjbG9zZSB0aGUgY29udGVudHMgdG8gYW55IG90aGVyIHBlcnNvbiwgdXNlIGl0IGZvciBhbnkg
cHVycG9zZSwgb3Igc3RvcmUgb3IgY29weSB0aGUgaW5mb3JtYXRpb24gaW4gYW55IG1lZGl1bS4g
VGhhbmsgeW91Lg0K


From nobody Tue Nov  7 05:27:02 2017
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6854D13FE6C; Tue,  7 Nov 2017 05:26:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Level: 
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eEPxuQuQubX5; Tue,  7 Nov 2017 05:26:52 -0800 (PST)
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-he1eur01on0068.outbound.protection.outlook.com [104.47.0.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1621313FAF3; Tue,  7 Nov 2017 05:26:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=VnsXRfmbBnqiJ3WDpTNHJ7Pp96lb7ylrQBFUpxLJD5I=; b=Go1YYcVZVwJKi1cUrA0500/onMewIFBQBp/XRx0wNLitJPiLlrgX8Eyrc4n5HZZVrFfbS8wAKJW5GDQoOySeCb8lCFeo4brYHYexlxnULN2EDQ9W895oTaFLhSDLRr65wJdlqJIgINdXyF02taCZaT8w4xQqUkATqtDolhSrKEY=
Received: from VI1PR0801MB2717.eurprd08.prod.outlook.com (10.166.198.22) by VI1PR0801MB2720.eurprd08.prod.outlook.com (10.166.198.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.197.13; Tue, 7 Nov 2017 13:26:49 +0000
Received: from VI1PR0801MB2717.eurprd08.prod.outlook.com ([fe80::65d5:69ef:ba63:1cf9]) by VI1PR0801MB2717.eurprd08.prod.outlook.com ([fe80::65d5:69ef:ba63:1cf9%14]) with mapi id 15.20.0197.020; Tue, 7 Nov 2017 13:26:49 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Paul Hoffman <paul.hoffman@vpnc.org>, The IESG <iesg@ietf.org>
CC: "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] WG Review: Software Updates for Internet of Things (suit)
Thread-Index: AQHTVMFL+iLnYCwU0kOnFPZGIVVbDKMC7sgAgAAD+ICABdwvEA==
Date: Tue, 7 Nov 2017 13:26:49 +0000
Message-ID: <VI1PR0801MB2717BC87C81959E4F3052B8FFA510@VI1PR0801MB2717.eurprd08.prod.outlook.com>
References: <150972672329.16422.18367622832369820976.idtracker@ietfa.amsl.com> <3DBC689C-8369-47DB-9B81-ACA8C28B5926@tzi.org> <E78F3C89-6D82-4338-8485-4CB945C4B406@vpnc.org>
In-Reply-To: <E78F3C89-6D82-4338-8485-4CB945C4B406@vpnc.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com; 
x-originating-ip: [80.92.118.86]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; VI1PR0801MB2720; 6:gxcw9Z/u1GwNaXJBjQaqRxS1pEEhX/dsLdUVjygpSjWNiwM9w2XlDzKBnnpdtUf02Wyo5XLFAzpZ0cA+I0PgoXDrHGDH1bNXQXKq11Igqj8B1OWR5rn1owu3a3lp6ruTXEIxfdmwCIynTZGLAfPBf4eyo5EDf1F88gCpvw17yrF2GXmf7/qNSB0bJM3mApwX2XYaMX2HgTwMI/iXrxMBPE7eGMWoyhLuIOmB0WVo0zxNPbfQS1v4nuH7TBgnzko0DFy0Is5yYw8qCQ5ViPhHTMU0Pxx8exeKsvP1o5HCK7fATKXyIMunlpMA7jcPlHRHk7oGb/mCD6ejaGZ2dhc2Jt6rq0HzRuGOngsVK5Yx8Hs=; 5:GVDhTDwEmjXqZXqNfHHDi0UMKCaD7OgslcThKkRGJbDLT4i58UqXDJdsbmQF4FtCZOFyLvBjJ3ywUXmw4v1yOwpGkksRmxZ8Z1aZBeieP0geRNOPofic5pKk/EaW/588LBUNVZttofpmYqH4nd964iDsk2bXiCOfl8Y73Ng77kE=; 24:XKxi6EJNfkw7vi0zufHzZEtObFuSissf6Sz04j9cugpyFwhRFMEGQQy+Wzx8WO1kKidowpy+kjh5201sw1kd+uKoJzLFC7gctchv9thmk40=; 7:QuNW0wixL0BRXdAlDB/y71iGD+h4OZ+/Bzihk11vsTTc114IrZhqGkIbFZpAOsuh5vN0EQZDVfxb+LNHLWSuVXooebAqhrElOpqg0MNCzl2/mTqLnFReqx3GRnuKXZ0XvdPzCjczkfxgYyrG/cY8VYUK72t1EzMYEsMyKsI2oQriZpD2RmBm8D21yPuQKv3nD0Fz69Gj8nlIdDl0nZw+4XFWzIiqdHRJ68KtzmeqiSFVqAV5ke+6+c7MZMXGrpNB
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: dc7bbc46-ca14-4234-3271-08d525e33374
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603199); SRVR:VI1PR0801MB2720; 
x-ms-traffictypediagnostic: VI1PR0801MB2720:
x-exchange-antispam-report-test: UriScan:;
x-microsoft-antispam-prvs: <VI1PR0801MB27209D7071EF30FFA2701607FA510@VI1PR0801MB2720.eurprd08.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(93006095)(93001095)(100000703101)(100105400095)(3231021)(10201501046)(3002001)(6055026)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123564025)(20161123555025)(20161123558100)(20161123562025)(20161123560025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:VI1PR0801MB2720; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:VI1PR0801MB2720; 
x-forefront-prvs: 0484063412
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(346002)(376002)(39860400002)(40434004)(189002)(199003)(85644002)(2950100002)(101416001)(5660300001)(50986999)(76176999)(8936002)(5250100002)(8676002)(7696004)(189998001)(81166006)(81156014)(6506006)(5890100001)(72206003)(54356999)(3280700002)(3660700001)(6436002)(316002)(2906002)(33656002)(74316002)(7736002)(25786009)(14454004)(86362001)(305945005)(15650500001)(110136005)(66066001)(99286004)(478600001)(97736004)(229853002)(102836003)(6116002)(68736007)(2900100001)(3846002)(6246003)(4326008)(55016002)(53936002)(9686003)(106356001)(105586002); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR0801MB2720; H:VI1PR0801MB2717.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: dc7bbc46-ca14-4234-3271-08d525e33374
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Nov 2017 13:26:49.3068 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0801MB2720
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/FXdkQVDvasezHFFeCEXoI7-AHwM>
Subject: Re: [Suit] WG Review: Software Updates for Internet of Things (suit)
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Nov 2017 13:26:54 -0000

SGkgUGF1bCwNCg0KSnVzdCBhIGZldyBub3Rlcy4NCg0KPiBJIGFncmVlIHdpdGggQ2Fyc3Rlbjog
dGhhdCdzIG5vdCB3aGF0IHRoZSByZWNlbnQgbGlzdCB0cmFmZmljIHdhcyBhaW1pbmcgZm9yLiBU
aGUgZHJhZnQgY2hhcnRlciBmcm9tIGEgbW9udGggYWdvIGRpZG4ndCBmb3JjZSB0aGUgV0cgaW50
byBBU04uMSwgYW5kIEkgZG9uJ3Qgc2VlIGFueSBsaXN0IHRyYWZmaWMgYXNraW5nIGZvciB0aGF0
Lg0KDQpUaGVyZSBpcyBhIGNoaWNrZW4tYW5kLWVnZyBwcm9ibGVtIGhlcmU6IGlmIHRoZXJlIGlz
IG5vIHdvcmtpbmcgZ3JvdXAgaXQgaXMgZGlmZmljdWx0IHRvIGJyaW5nIHRoZSBjb21tdW5pdHkg
d29ya2luZyBvbiBlbWJlZGRlZCBvcGVyYXRpbmcgc3lzdGVtcywgd2hpY2ggYXJlIHRoZSBndXlz
IHdobyBhcmUgdWx0aW1hdGVseSBoYXZpbmcgdGhlIGltcGxlbWVudGF0aW9uIGJ1cmRlbiwgdG8g
dGhlIElFVEYuIFdlIGhhdmUgcmVhY2hlZCBvdXQgdG8gdmFyaW91cyBjb21wYW5pZXMgYW5kIGVu
Y291cmFnZWQgdGhlaXIgcGFydGljaXBhdGlvbiBidXQsIGFzIHlvdSBmb3Igc3VyZSBrbm93LCB0
aGlzIGlzIGRpZmZpY3VsdCB0byBkbyBzaW5jZSBtYW55IG9mIHRoZW0gaGF2ZSBubyBleHBlcmll
bmNlIHdpdGggdGhlIElFVEYuDQoNCj4gQWxzbzogaXMgUkZDIDQxMDggcmVhbGx5IGEgImN1cnJl
bnQgYmVzdCBwcmFjdGljZSI/IFRoZXJlIHNlZW1zIHRvIGJlIG5lYXJseSBubyBpbXBsZW1lbnRh
dGlvbnMgb2YgdGhhdCBpbiB0aGUgSW9UIHNwYWNlLCBvciBhdCBsZWFzdCBub25lIHRoYXQgaGF2
ZSBzcG9rZW4gdXAgYWJvdXQgaXQuDQoNCkl0IGlzIGhhcmQgdG8ganVkZ2UgaG93IHdlbGwgY29u
bmVjdGVkIHlvdSBhcmUgaW4gdGhlIGVtYmVkZGVkIGluZHVzdHJ5IGFuZCBob3cgbWFueSBlbWJl
ZGRlZCBPUyB2ZW5kb3JzIHlvdSBoYXZlIHNwb2tlbiB3aXRoLiBKdXN0IHllc3RlcmRheSBJIGhh
ZCBhbiBlbWFpbCBleGNoYW5nZSB3aXRoIGEgY29tcGFueSB0aGF0IGhhcyBpbXBsZW1lbnRlZCBS
RkMgNDEwOCBhbmQgYXNrZWQgdXMgYWJvdXQgdGhlIGRpZmZlcmVuY2UgYmV0d2VlbiBvdXIgd29y
ayBhbmQgdGhhdCBSRkMuIEkgZW5jb3VyYWdlZCB0aGVtIHRvIGpvaW4gdGhlIGxpc3QgYW5kIHBh
cnRpY2lwYXRlIGluIHRoZSBkaXNjdXNzaW9uLg0KDQpGV0lXLCB3ZSBhcmUgYm90aCBiaWFzZWQg
d2l0aCByZWdhcmRzIHRvIHRoZSBlbmNvZGluZyBmb3JtYXQ6IHlvdSBhcmUgdGhlIGNvLWF1dGhv
ciBvZiBDQk9SIGFuZCB3ZSBoYXZlIGltcGxlbWVudGVkIGFuIEFTTi4xIGJhc2VkIHNvbHV0aW9u
Lg0KDQpDaWFvDQpIYW5uZXMNCg0KSU1QT1JUQU5UIE5PVElDRTogVGhlIGNvbnRlbnRzIG9mIHRo
aXMgZW1haWwgYW5kIGFueSBhdHRhY2htZW50cyBhcmUgY29uZmlkZW50aWFsIGFuZCBtYXkgYWxz
byBiZSBwcml2aWxlZ2VkLiBJZiB5b3UgYXJlIG5vdCB0aGUgaW50ZW5kZWQgcmVjaXBpZW50LCBw
bGVhc2Ugbm90aWZ5IHRoZSBzZW5kZXIgaW1tZWRpYXRlbHkgYW5kIGRvIG5vdCBkaXNjbG9zZSB0
aGUgY29udGVudHMgdG8gYW55IG90aGVyIHBlcnNvbiwgdXNlIGl0IGZvciBhbnkgcHVycG9zZSwg
b3Igc3RvcmUgb3IgY29weSB0aGUgaW5mb3JtYXRpb24gaW4gYW55IG1lZGl1bS4gVGhhbmsgeW91
Lg0K


From nobody Tue Nov  7 10:25:07 2017
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CD6B313301B for <suit@ietfa.amsl.com>; Tue,  7 Nov 2017 10:25:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UWp6QIYiaGux for <suit@ietfa.amsl.com>; Tue,  7 Nov 2017 10:25:04 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 073B6127522 for <suit@ietf.org>; Tue,  7 Nov 2017 10:25:04 -0800 (PST)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 5FE8520096; Tue,  7 Nov 2017 13:26:17 -0500 (EST)
Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id B135880696; Tue,  7 Nov 2017 13:25:02 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
cc: "suit\@ietf.org" <suit@ietf.org>
In-Reply-To: <VI1PR0801MB27172A320AD4ECF98ACD0840FA510@VI1PR0801MB2717.eurprd08.prod.outlook.com>
References: <CABkgnnXEr7M7399MF3qkUrbdR_mjtnZxsgW_JyNYpa0NgRdbHA@mail.gmail.com> <AM4PR0801MB270672F8A7D64CD2C45C64FAFA500@AM4PR0801MB2706.eurprd08.prod.outlook.com> <1600.1509982404@dooku.sandelman.ca> <VI1PR0801MB27172A320AD4ECF98ACD0840FA510@VI1PR0801MB2717.eurprd08.prod.outlook.com>
X-Mailer: MH-E 8.6; nmh 1.7-RC3; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature"
Date: Tue, 07 Nov 2017 13:25:02 -0500
Message-ID: <29450.1510079102@obiwan.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/A4PssTCdNaGd3bdInucxW_RTN44>
Subject: Re: [Suit] Thoughts on requirements and scope
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Nov 2017 18:25:06 -0000

--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable


Hannes Tschofenig <Hannes.Tschofenig@arm.com> wrote:
    >> So my suggestion is that we should be focused on containers that
    >> support encryption, even if we choose not to provide a standard way =
to
    >> distribute the decryption key(s).

    > I completely agree with you. We should focus on the requirements rath=
er
    > than what is easy to do.

good...


    > Funny enough, it turns out that we have already a standardized way to
    > distribute keys.

We already have *A* method?   :-) :-)

I know of many standardized non-interactive ways in which to distribute keys
to groups, (from SMIME asymmetric methods to kerberos method). Then there a=
re
online ways like MIKEY, and we can also use ACE mechanisms too now!

I think that all of them require that the identities of the devices that wi=
ll
receive the keys be known to some entity/controller. If not in advance, then
perhaps online.

I think there are a very diverse set of situations and resulting
requirements, which is why I'm surprised to learn that we have a solution
that solves them all.

(and... even the DVDCSS method has some merit in some scenarios)

=2D-=20
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -=3D IPv6 IoT consulting =3D-




--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAloB+n4ACgkQgItw+93Q
3WWx/Qf+IHHfnluei9CxjB1biN/PO+9/roIaVqOGeBr2Qb/8Vt8jAvsZOi/sOydP
FydQYaz2aFziJPm230AN73/4G4fN4SyU4hpzHbptw3RSUMj3W1fPpo5H/hbOk+4b
th4jGXw+NslOH5KimGyCdmq7+BDHWSXe6WUyYRhrIL6L7MIN5/xqlAl+nxmYm1gu
TFACsBrwOlZNUGruDap8q47ZZUoxT1JYioQcLi2xy2mLR0OgrWBN2OefSwFKWoo7
ebAesuN1zLn9i/jo1H0A1CoRUBH1fF5C4T0n/eq7IV8OZxNMbcPXYBfSF0i/PPyV
4c5/wgSX7eslKaZiaPVU37PRNHy/RA==
=Jhs0
-----END PGP SIGNATURE-----
--=-=-=--


From nobody Tue Nov  7 10:32:37 2017
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 03D53133163 for <suit@ietfa.amsl.com>; Tue,  7 Nov 2017 10:32:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.91
X-Spam-Level: 
X-Spam-Status: No, score=-2.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=-1, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GAS6AA-7beZb for <suit@ietfa.amsl.com>; Tue,  7 Nov 2017 10:32:35 -0800 (PST)
Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-eopbgr40082.outbound.protection.outlook.com [40.107.4.82]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A5A68133141 for <suit@ietf.org>; Tue,  7 Nov 2017 10:32:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=TORm2VcrNEEeHnk1xQKui9R3tOyfvRPjZebgxVI232U=; b=Jn4QUyh1ip/95Av2UI/+AfIoePl+6SI605xsLq3YDEt0WRv2c7BNyn4mi27cyjQ9jDRX5PVB2wUfdDu3jFFO6YkM7WNZ15bg7K0VkKHD/xqEpTi4eCySwjDYovw3c0BbHkAPjrfIKmQgnU1tTT30yuXb5pJi6Ij/MI1Mf3EGthk=
Received: from VI1PR0801MB2717.eurprd08.prod.outlook.com (10.166.198.22) by VI1PR0801MB2718.eurprd08.prod.outlook.com (10.166.198.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.197.13; Tue, 7 Nov 2017 18:32:30 +0000
Received: from VI1PR0801MB2717.eurprd08.prod.outlook.com ([fe80::65d5:69ef:ba63:1cf9]) by VI1PR0801MB2717.eurprd08.prod.outlook.com ([fe80::65d5:69ef:ba63:1cf9%14]) with mapi id 15.20.0197.020; Tue, 7 Nov 2017 18:32:30 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
CC: "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] Thoughts on requirements and scope
Thread-Index: AQHTVsrbcaO6I4ob002QS4RFMwSvZ6MHDthQgABsvACAAUzFUIAAdYQAgAAB1MA=
Date: Tue, 7 Nov 2017 18:32:30 +0000
Message-ID: <VI1PR0801MB2717BE3EBD6E416F3AEC4348FA510@VI1PR0801MB2717.eurprd08.prod.outlook.com>
References: <CABkgnnXEr7M7399MF3qkUrbdR_mjtnZxsgW_JyNYpa0NgRdbHA@mail.gmail.com> <AM4PR0801MB270672F8A7D64CD2C45C64FAFA500@AM4PR0801MB2706.eurprd08.prod.outlook.com> <1600.1509982404@dooku.sandelman.ca> <VI1PR0801MB27172A320AD4ECF98ACD0840FA510@VI1PR0801MB2717.eurprd08.prod.outlook.com> <29450.1510079102@obiwan.sandelman.ca>
In-Reply-To: <29450.1510079102@obiwan.sandelman.ca>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com; 
x-originating-ip: [80.92.118.86]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; VI1PR0801MB2718; 6:ss6+PoO7RkQfCSfELGOVogwriGr9P9w3CJqUs+hRPfTCO1x45ieKgjlHrLXed1rAAG0ZJgR7nqng9srl664ukM9r7d1NAy2kycSkuTNzfeBMzj7fA3m7zG+2uyoKq0soIENgNwr1eT0FCkqkn6KBEE2+3Jf/HRxEnV8hKCdsYKmC6aLN0J55qR0VJudlQKFj+d5rAgixD02PXCX3hsFYQ8IsEDx0vJdkhb/NyfQ5dtIUiAaKGhmqETuIu8RPoyb4yP0IfW1BnjUxCvkjzgRJ2hxoeKJVKWwchOP9303UcGppIRQvboybr5PebEKx2GyF+gGiV1zppCRCa4fHtnSnRJUP/RaUMJe6D9iJcUWX/2o=; 5:WM3JTsCGqTP+U6W4NUM0xIr+XN21h6yIigkwdcFV4nYvQ949k032Db1Wwfh9ClspEX4/GOdw0S5krYlSaotKwKWpl5acSCDc28oOWEyuamKedfdIrNOkiU2TNIAUc/ut73kHJVQbC2m4pU/iV/gHgS1pbgyc2Uw4k9crdQHh9ms=; 24:pmBlwEmEIRdpBgZFaAjmV8UCJnbu9VbzBSWo7gFSuARik0TvfSf5fk3bW+4dPUHI74/cToWK6TixP7hBqOLNK2g76iPquI5W4y8uK59fFkw=; 7:xjnPniJYgXjSUthzqwaDAMckCADQlOZzG2vJSCirE+QXep03CvEonbUdR48oTUdzf98N9m1nHlQbc0H6AiIgIXaYRtxHyh8uus7EoVEQQLSHb27dcBCtrYYTwOjpIM7FgK+xlq0PfOphBBSB1Z3Z/gm7GSSX00Rvaw/ob8jULGVa3iiJf4LpM9BCDApr3HJsRQfwtkHkFklbTZgYCHWjY09sM5vj0/+DjhdMNXEAZcov9ka6piz1hMy9zOV8Iw3d
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: b9161aec-1099-4638-2a81-08d5260de794
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603199); SRVR:VI1PR0801MB2718; 
x-ms-traffictypediagnostic: VI1PR0801MB2718:
x-exchange-antispam-report-test: UriScan:(209352067349851);
x-microsoft-antispam-prvs: <VI1PR0801MB27188DAC047AB90795131EF4FA510@VI1PR0801MB2718.eurprd08.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(3002001)(3231021)(93006095)(93001095)(10201501046)(100000703101)(100105400095)(6055026)(6041248)(20161123560025)(20161123555025)(20161123558100)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123564025)(20161123562025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:VI1PR0801MB2718; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:VI1PR0801MB2718; 
x-forefront-prvs: 0484063412
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(346002)(376002)(39860400002)(51444003)(199003)(189002)(40434004)(66066001)(81166006)(81156014)(33656002)(8936002)(2906002)(53936002)(25786009)(105586002)(6506006)(106356001)(229853002)(6436002)(5660300001)(55016002)(7696004)(50986999)(76176999)(54356999)(478600001)(9686003)(101416001)(3660700001)(2950100002)(72206003)(14454004)(93886005)(5250100002)(5890100001)(3846002)(102836003)(3280700002)(6116002)(316002)(97736004)(99286004)(8676002)(86362001)(189998001)(4326008)(305945005)(2900100001)(6246003)(68736007)(74316002)(7736002); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR0801MB2718; H:VI1PR0801MB2717.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b9161aec-1099-4638-2a81-08d5260de794
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Nov 2017 18:32:30.3220 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0801MB2718
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/aS771Vf6S-CZR5o0TwryB4JYr-w>
Subject: Re: [Suit] Thoughts on requirements and scope
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Nov 2017 18:32:37 -0000

I guess I should have said that we already have plenty of ways .... ;-)

    > Funny enough, it turns out that we have already a standardized way to
    > distribute keys.

We already have *A* method?   :-) :-)

I know of many standardized non-interactive ways in which to distribute key=
s to groups, (from SMIME asymmetric methods to kerberos method). Then there=
 are online ways like MIKEY, and we can also use ACE mechanisms too now!

I think that all of them require that the identities of the devices that wi=
ll receive the keys be known to some entity/controller. If not in advance, =
then perhaps online.

I think there are a very diverse set of situations and resulting requiremen=
ts, which is why I'm surprised to learn that we have a solution that solves=
 them all.

(and... even the DVDCSS method has some merit in some scenarios)

--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works  -=3D =
IPv6 IoT consulting =3D-



IMPORTANT NOTICE: The contents of this email and any attachments are confid=
ential and may also be privileged. If you are not the intended recipient, p=
lease notify the sender immediately and do not disclose the contents to any=
 other person, use it for any purpose, or store or copy the information in =
any medium. Thank you.


From nobody Tue Nov  7 14:00:37 2017
Return-Path: <Brendan.Moran@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BCF01126C19 for <suit@ietfa.amsl.com>; Tue,  7 Nov 2017 14:00:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.92
X-Spam-Level: 
X-Spam-Status: No, score=-1.92 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ybz3ii5D1mqn for <suit@ietfa.amsl.com>; Tue,  7 Nov 2017 14:00:31 -0800 (PST)
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-he1eur01on0068.outbound.protection.outlook.com [104.47.0.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C757B1292F4 for <suit@ietf.org>; Tue,  7 Nov 2017 14:00:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=iKxI28ymzAA5WYhbwCZ7w3YWQgIjlEqNWszNXhSxPMU=; b=ReCuQ0Kpvl8l8h9nEN1yWOa7k3K4TT3MPxN/uOGgrO1rVMki4fZ77zhsLrvsRIOcFmaP7W8XhltYYTjyExZujLh5TILaG4oGD7EpsCQXoVc/FQXQa1/h6B2mhsLPEMm+objhDO8fGJb5VV5PmYjNUjKncoktovkooAYbNEJS3uk=
Received: from DB5PR08MB0615.eurprd08.prod.outlook.com (10.169.32.149) by DB5PR08MB0616.eurprd08.prod.outlook.com (10.169.32.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.197.13; Tue, 7 Nov 2017 22:00:27 +0000
Received: from DB5PR08MB0615.eurprd08.prod.outlook.com ([fe80::b123:af71:1ed2:1057]) by DB5PR08MB0615.eurprd08.prod.outlook.com ([fe80::b123:af71:1ed2:1057%14]) with mapi id 15.20.0197.020; Tue, 7 Nov 2017 22:00:27 +0000
From: Brendan Moran <Brendan.Moran@arm.com>
To: Martin Thomson <martin.thomson@gmail.com>
CC: "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] draft-moran manifest thoughts
Thread-Index: AQHTVtpwo726ezaZCUe7o0REat1QtaMH8DSAgABc2ICAASzhAA==
Date: Tue, 7 Nov 2017 22:00:27 +0000
Message-ID: <3A4F7138-1D26-4294-B994-6AE0C8A06225@arm.com>
References: <CABkgnnVe_LNGEfi8-b2Z9T_gCaM1uTVtNTpuzibxoz0tY=G-AA@mail.gmail.com> <A5FA7785-91E9-4D4B-ABC3-82E7B0521661@arm.com> <CABkgnnXNsDNo-z+j6BNPnn=4Qs5kG9sHjam5ZdwTu+jbBc1UTw@mail.gmail.com>
In-Reply-To: <CABkgnnXNsDNo-z+j6BNPnn=4Qs5kG9sHjam5ZdwTu+jbBc1UTw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-mailer: Apple Mail (2.3273)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Brendan.Moran@arm.com; 
x-originating-ip: [81.101.7.188]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DB5PR08MB0616; 6:z9wAbFiQbT5qyL53xhICSTcAq0FtlW4YohIEIE131NH+33kigEWspFgHm6b9cAqtwAWnbd96Z+vW7MJC0jf/OSPEL3zdqL55OGNKWUoR5Nmh3GXYKXs3iJQ+qR4m3oDfJE+H3Fb8/kFSicRoKZppLRE7QnaUaS4K+gc72l2vMBVtIzkLx6E7tV2inGAMFOxllAtcipjoxlSREk6mqF6N0Aj0wvbpeAKDWDpn4EMdCR5j/utPSj1OYv4TlucDEtzCz5BSu0F4HvcdnKvyt2fY+Jr3qHjcMwmdkhlVsgKJO8aD8smfkBV3V0Qvg/H9cRgsxtt8lTI5X/X4+U0bLxHzqkOJopR3CiuRl5c7k6eh7Sk=; 5:qoQfw0CExDmBuwUpgRFnShPUby/HLWkPk4Si+ldUE43Y1b6x3jkDMXRRdqXjjKrSJIgGcVE+UBlKzYRvExCrrlQsTpmExsQnoOHqe9MlRbp/5LDVvki7T5U4Kkf5//vckfWbKvMfmcClu5MwEg3TrD9KX4O34brE0CLpn04mCRM=; 24:sTP0jVozvxZ1y6Pzb/nGU4jglkuFj0SeNtDKj2YwIGP113IAqGOH2dnuAqwwpNN7dy1m4VC18H1nP6IZ9vqkdx5KRf+IVspKym56GqPlkZg=; 7:liyO20MqD2/arnKd7PLBOlvemI4HGM3VplFOBrc1vzBs5xQ6QeJ+0mGsLptwAkBvC6DqVi4D8/kUVLLNnJV+YFrvYKGxH5XwqbOnFSCnoohb8x5kxzIUIDWxPR8/WghyuAawjLMJRS0AhFOuEW7DtFJnbNDRPJwzjShNJtPPCN8ds3tNPYnzK/ftR/DZUn9MIwovVvrs4pI9qtyomZkIeN/ImmpAJdxmpiYhJAuTbgOVz/If1E80e9l0RAcbQk9C
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 04d53d81-9378-4783-6839-08d5262af4a0
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603249); SRVR:DB5PR08MB0616; 
x-ms-traffictypediagnostic: DB5PR08MB0616:
x-exchange-antispam-report-test: UriScan:(180628864354917)(192374486261705);
x-microsoft-antispam-prvs: <DB5PR08MB06162FA7A310693E44A977C8EA510@DB5PR08MB0616.eurprd08.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(3231021)(100000703101)(100105400095)(10201501046)(93006095)(93001095)(3002001)(6055026)(6041248)(20161123564025)(20161123555025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123562025)(20161123560025)(20161123558100)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:DB5PR08MB0616; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:DB5PR08MB0616; 
x-forefront-prvs: 0484063412
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(346002)(376002)(39860400002)(199003)(40434004)(189002)(24454002)(51444003)(72206003)(229853002)(53546010)(6506006)(83716003)(6486002)(81166006)(50986999)(7736002)(8676002)(6436002)(76176999)(8936002)(3846002)(102836003)(6116002)(36756003)(14454004)(81156014)(68736007)(305945005)(25786009)(99286004)(478600001)(97736004)(101416001)(189998001)(33656002)(316002)(6246003)(6512007)(53936002)(53946003)(4326008)(50226002)(39060400002)(82746002)(2950100002)(5660300001)(66066001)(106356001)(2906002)(86362001)(105586002)(2900100001)(5890100001)(3280700002)(5250100002)(3660700001)(57306001)(6916009); DIR:OUT; SFP:1101; SCL:1; SRVR:DB5PR08MB0616; H:DB5PR08MB0615.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords;  A:1; MX:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <14707A2992EA4B4186B5B618DBB4FA3C@eurprd08.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 04d53d81-9378-4783-6839-08d5262af4a0
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Nov 2017 22:00:27.5240 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB5PR08MB0616
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/bu7HATw6_LaWNtmtQOvGUrj8K3o>
Subject: Re: [Suit] draft-moran manifest thoughts
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Nov 2017 22:00:35 -0000

DQo+IE9uIDcgTm92IDIwMTcsIGF0IDA0OjAzLCBNYXJ0aW4gVGhvbXNvbiA8bWFydGluLnRob21z
b25AZ21haWwuY29tPiB3cm90ZToNCj4NCj4gT24gVHVlLCBOb3YgNywgMjAxNyBhdCA5OjMxIEFN
LCBCcmVuZGFuIE1vcmFuIDxCcmVuZGFuLk1vcmFuQGFybS5jb20+IHdyb3RlOg0KPj4gSGkgTWFy
dGluLA0KPj4NCj4+IFRoaXMgaXMgYSBncmVhdCBwbGFjZSB0byBzdGFydC4gQnV0IEkgZG9u4oCZ
dCB0aGluayB0aGF0IOKAnHNob3VsZCB0aGlzIHVwZGF0ZSBiZSBhcHBsaWVk4oCdIGlzIGNvbXBs
ZXRlLiBUaGVyZSBhbHNvIG5lZWRzIHRvIGJlIOKAnE9rYXksIGl0IHNob3VsZCBiZSBhcHBsaWVk
LCBub3cgd2hhdCBkbyBJIGRvIHdpdGggaXQu4oCdDQo+Pg0KPj4gSGVyZSBpcyB0aGUgbGlzdCBv
ZiBxdWVzdGlvbnMgSSBoYXZlIGNvbGxlY3RlZCB0aGF0IGRldmljZXMgbmVlZCB0byBhbnN3ZXI6
DQo+Pg0KPj4gKiBEb2VzIHRoZSBkZXZpY2UgdHJ1c3QgdGhlIGF1dGhvciBvZiB0aGUgdXBkYXRl
Pw0KPj4gKiBIYXMgdGhlIHVwZGF0ZSBiZWVuIGNvcnJ1cHRlZD8NCj4+ICogSXMgdGhlIHVwZGF0
ZSBhdXRoZW50aWM/DQo+PiAqIERvZXMgdGhlIHVwZGF0ZSBhcHBseSB0byB0aGlzIGRldmljZT8N
Cj4+ICogSXMgdGhlIHVwZGF0ZSBvbGRlciB0aGFuIGEgcHJldmlvdXMgdXBkYXRlPw0KPj4gKiBX
aGF0IGtpbmQgb2YgdXBkYXRlIGlzIGl0Pw0KPj4gKiBXaGVuIHNob3VsZCB0aGUgZGV2aWNlIGFw
cGx5IHRoZSB1cGRhdGU/DQo+PiAqIEhvdyBzaG91bGQgdGhlIGRldmljZSBhcHBseSB0aGUgdXBk
YXRlPw0KPj4gKiBXaGVyZSBzaG91bGQgaXQgb2J0YWluIHRoZSB1cGRhdGUgZnJvbT8NCj4+ICog
V2hlcmUgc2hvdWxkIGl0IHN0b3JlIHRoZSB1cGRhdGU/DQo+Pg0KPj4gVGhlcmUgYXJlIGNlcnRh
aW4gdG8gYmUgbW9yZSBxdWVzdGlvbnMgdG8gYW5zd2VyLg0KPg0KPiBZb3UgbWlzcyBteSBwb2lu
dC4gIFRob3NlIGFyZSBxdWVzdGlvbnMgdGhhdCBtaWdodCBoZWxwIHlvdSByZWFjaCBhDQo+IGRl
Y2lzaW9uIGFib3V0IHdoZXRoZXIgdG8gYXBwbHkgdGhlIHVwZGF0ZS4gIFRoZXkgbWlnaHQgaW1w
b3J0YW50DQo+ICh0aG91Z2ggbm90IGFsbCBzZWVtIGVxdWFsbHkgaW1wb3J0YW50IGluIHRoaXMg
Y29udGV4dCwgc2VlIGJlbG93KSwNCj4gYnV0IG9ubHkgdG8gdGhlIGV4dGVudCB0aGF0IHRoZXkg
YWlkIGluIGFuc3dlcmluZyB0aGUgcHJpbWFyeQ0KPiBxdWVzdGlvbi4gIFRoZXkgYXJlIG9ubHkg
cmVsZXZhbnQgdG8gdGhlIGV4dGVudCB0aGF0IGEgZGVjaXNpb24NCj4gZGVwZW5kcyBvbiB0aGVt
LiAgQW5kIHRoYXQgZGVwZW5kcyBvbiB0aGUgcG9saWN5IHRoYXQgdGhlIGRldmljZSBpcw0KPiBh
cHBseWluZy4NCj4NCj4gT2YgdGhlIHF1ZXN0aW9ucyB5b3UgaGF2ZSwgSSB0aGluayB0aGF0IHRo
ZXJlIG1pZ2h0IGJlIHNldmVyYWwNCj4gcG9saWNpZXMgdGhhdCBhcmUgaW1wbGllZC4gIENvbmNl
bnRyYXRpbmcgb24gdGhlIHBvbGljaWVzIGlzIG1vcmUNCj4gbGlrZWx5IHRvIGJlIHByb2R1Y3Rp
dmUuDQo+DQo+IDEuIE9ubHkgYXBwbHkgdXBkYXRlcyB0aGF0IGFyZSBhdXRob3JpemVkIGJ5IHRo
ZSBlbnRpdHkgdGhhdCBJDQo+IHVuZGVyc3RhbmQgdG8gYmUgYW4gIm93bmVyIiBvZiB0aGlzIGRl
dmljZS4NCj4gMi4gT25seSBhcHBseSB1cGRhdGVzIHRoYXQgYXJlIGlkZW50aWZpZWQgYXMgYXBw
bHlpbmcgdG8gdGhpcyB0eXBlIG9mDQo+IGRldmljZSwgYXMgY2VydGlmaWVkIGJ5IHRoZSBkZXZp
Y2UgbWFudWZhY3R1cmVyLg0KPiAzLiBBcyAyLCBidXQgaWRlbnRpZnlpbmcgdGhlIGNvbXBvbmVu
dCByYXRoZXIgdGhhbiB0aGUgZW50aXJlICJ0aGluZyIuDQo+IDQuIE9ubHkgYXBwbHkgdXBkYXRl
cyB0aGF0IGluY3JlYXNlIGluIHZlcnNpb24gbnVtYmVyLCB1bmxlc3MNCj4gYWRkaXRpb25hbGx5
IGF1dGhvcml6ZWQgYnkgdGhlICJvd25lciIgb2YgdGhlIGRldmljZS4NCj4gNS4gT25seSBhcHBs
eSB1cGRhdGVzIHRoYXQgaW5jcmVhc2UgdGhlIG1ham9yIHZlcnNpb24gbnVtYmVyIGlmIHRoZXkN
Cj4gYXJlIGV4cGxpY2l0bHkgYXV0aG9yaXplZCBieSB0aGUgIm93bmVyIiBvZiB0aGUgZGV2aWNl
Lg0KPiA2LiBPbmx5IGFwcGx5IHVwZGF0ZXMgaWYgdGhlIHZlcnNpb24gb2YgYWxsIGNvbXBvbmVu
dHMgdGhlIHVwZGF0ZQ0KPiBkZXBlbmRzIG9uIG1hdGNoZXMgdGhvc2UgcmVxdWlyZWQgYnkgdGhl
IHVwZGF0ZS4NCg0KVGFsa2luZyBhYm91dCBwb2xpY2llcyBpcyBpbnRlcmVzdGluZy4gQnV0LCBw
b2xpY2llcyBjYW7igJl0IGNvbWUgZnJvbSBub3doZXJlLiBUaGV5IG5lZWQgdG8gY29tZSBmcm9t
IGEgdXNhZ2UgbW9kZWwsIGEgcmVsaWFiaWxpdHkgbW9kZWwsIGFuZCBhIHRocmVhdCBtb2RlbC4g
SSBkbyBoYXZlIHBvbGljaWVzIHRoYXQgSeKAmW0gd29ya2luZyBhZ2FpbnN0LCBidXQgdGhleSBh
cmUgd3JpdHRlbiBtb3N0bHkgYXMgc2VjdXJpdHksIHVzYWJpbGl0eSwgb3IgcmVsaWFiaWxpdHkg
cmVxdWlyZW1lbnRzIGluc3RlYWQuDQoNCkZvciBleGFtcGxlLA0KMS4gVGhlIGF1dGhlbnRpY2l0
eSBvZiBhbiB1cGRhdGUgbXVzdCBiZSBwcm92YWJsZSwgd2l0aCBzdWZmaWNpZW50IGxldmVscyBv
ZiBlbnRyb3B5IHRvIHJlbWFpbiBzZWN1cmUgZm9yIHRoZSBsaWZldGltZSBvZiB0aGUgdXBkYXRl
LiBUaGlzIG1pdGlnYXRlcyB0aGUgdGhyZWF0IHBvc2VkIGJ5IGFuIGF0dGFja2VyIG1vZGlmeWlu
ZyBlaXRoZXIgdGhlIG1hbmlmZXN0IG9yIHRoZSBwYXlsb2FkIGluIHRyYW5zaXQgb3IgYXQgcmVz
dCBwcmlvciB0byByZWNlaXB0IGJ5IHRoZSB0YXJnZXQgZGV2aWNlLiBJdCBhbHNvIG1pdGlnYXRl
cyB0aGUgdGhyZWF0IHBvc2VkIGJ5IGFuIGF0dGFja2VyIGNyZWF0aW5nIGEgbmV3IHVwZGF0ZSBm
b3IgYSBkZXZpY2UuDQoyLiBUaGUgbWFuaWZlc3QgbXVzdCBjb250YWluIGEgZGlnZXN0IG9yIE1B
QyBvZiB0aGUgcGF5bG9hZC4gVGhpcyBtaXRpZ2F0ZXMgdGhlIHRocmVhdCBwb3NlZCBieSBhbiBh
dHRhY2tlciBtb2RpZnlpbmcgYSBwYXlsb2FkIGluIHRyYW5zaXQgb3IgYXQgcmVzdC4NCjMuIE1h
bmlmZXN0cyBNVVNUIGNvbnRhaW4gYSBnbG9iYWxseSwgbW9ub3RvbmljYWxseSBpbmNyZWFzaW5n
IHNlcXVlbmNlIG51bWJlci4gVGhpcyBtaXRpZ2F0ZXMgdGhlIHRocmVhdCBwb3NlZCBieSBhbiBh
dHRhY2tlciBzZW5kaW5nIGFuIG9sZCwgdmFsaWQgdXBkYXRlICh0aGF0IGNvbnRhaW5zIGEga25v
d24gZmxhdykgdG8gYSBkZXZpY2UuIE5vdGUgdGhhdCB0aGlzIGlzIE5PVCBhIHZlcnNpb24gbnVt
YmVyLiBBbiBvbGQgdXBkYXRlIGNhbiBiZSBkZWxpYmVyYXRlbHkgaW5zdGFsbGVkIGJ5IGFuIGF1
dGhvcmlzZWQgZmlybXdhcmUgaW5zdGFsbGVyIGJ5IGNyZWF0aW5nIGEgbmV3IG1hbmlmZXN0Lg0K
DQpFYWNoIG9mIHRoZXNlIGFyZSBwb2xpY2VzLCB0aGV54oCZcmUganVzdCBub3QgcXVpdGUgcGhy
YXNlZCB0aGUgc2FtZSB3YXkuIFB1dCBpbnRvIHRoZSBzYW1lIHBocmFzZW9sb2d5IGFzIHlvdSBo
YXZlIHVzZWQsIHRoZXNlIGFyZToNCg0KMS4gT25seSBhcHBseSB1cGRhdGVzIHRoYXQgYXJlIGF1
dGhvcmlzZWQgYnkgYSB0cnVzdGVkIGVudGl0eQ0KMi4gT25seSBpbnN0YWxsIHVwZGF0ZXMgaWYg
dGhlIHBheWxvYWQgbWF0Y2hlcyB0aGUgbWFuaWZlc3QNCjMuIE9ubHkgYXBwbHkgdXBkYXRlcyB0
aGF0IGFyZSBuZXdlciB0aGFuIHRoZSBjdXJyZW50IChOb3RlIHRoYXQgdXBkYXRlIGhlcmUgaXMg
dGhlIGNvbWJpbmF0aW9uIG9mIG1hbmlmZXN0IGFuZCBwYXlsb2FkLCB0aGlzIGlzIG5vdCBhYm91
dCBvbmx5IGluc3RhbGxpbmcgbmV3ZXIgZmlybXdhcmVzKQ0KDQpGcm9tIHRoaXMgcGVyc3BlY3Rp
dmUsIGl0IHNvdW5kcyBsaWtlIHdoYXQgd291bGQgcmVhbGx5IGJlIGhlbHBmdWwgaXMgdGhlICpy
ZXF1aXJlbWVudHMqIHRoYXQgbGVkIHRvIGVhY2ggZmllbGQuIEkgd2lsbCBzZWUgd2hhdCBJIGNh
biBkby4NCg0KPiBJIGRvbid0IHVuZGVyc3RhbmQgd2h5IHF1ZXN0aW9ucyBvZiBzdG9yYWdlIGNh
bid0IGJlIGFuc3dlcmVkIGJ5IHRoZQ0KPiBkZXZpY2UsIHVzaW5nIHRoZSBpbmZvcm1hdGlvbiBw
cmVzZW50ZWQuICBJIG1lYW4sIGlmIHRoZSB1cGRhdGUgaXMgZm9yDQo+IGNvbXBvbmVudCBYLCB0
aGVuIGl0IHNob3VsZCBoYXZlIGEgcHJvY2VzcyBmb3IgbWFuYWdpbmcgdGhhdCB1cGRhdGUsDQo+
IGluY2x1ZGluZyBob3cgaXQgYXBwbGllcyBpdCAoaS5lLiwgc3RvcmFnZUlkZW50aWZlci50eXBl
IGlzbid0IG5lZWRlZCkNCj4gYW5kIHdoZXJlIGl0IHN0b3JlcyBpdC4NCg0KSXQgaXMgYWJzb2x1
dGVseSBwb3NzaWJsZSB0byBleHByZXNzIGVhY2ggb2YgdGhlc2UgYXMgYSBjb21wb25lbnQuIEJ1
dCBpcyB0aGF0IG5lY2Vzc2FyaWx5IGFsaWduZWQgd2l0aCB3aGF0IGEgZGV2aWNlIG5lZWRzPyBB
IHN0b3JhZ2UgaWRlbnRpZmllciBiZWNvbWVzIGZ1bmN0aW9uYWxseSBlcXVpdmFsZW50IHRvIGEg
Y29tcG9uZW50IGlkZW50aWZpZXIuIEkgcmVhbGlzZSB0aGF0IHlvdeKAmXJlIHRhbGtpbmcgYWJv
dXQgcGF0aC1iYXNlZCBpZGVudGlmaWVycywgc3RhcnRpbmcgd2l0aCB0aGUgdmVuZG9yLiBUaGF0
IGlzIGFuIGludGVyZXN0aW5nIGFwcHJvYWNoLiBNb3JlIG9uIHRoYXQgbGF0ZXINCg0KPg0KPj4+
IFRoZSA0MTIyIGlkZW50aWZpZXJzIHNlZW0gb3Zlcmx5IHByZXNjcmlwdGl2ZTsgSSBjYW4ndCBz
ZWUgd2h5IGENCj4+PiB2ZW5kb3Itc3BlY2lmaWVkIHN0cmluZyBpcyBub3QgT0s6IG9uZSBmb3Ig
dGhlIHR5cGUgb2YgZGV2aWNlLCBhbmQgb25lDQo+Pj4gZm9yIHRoZSBzcGVjaWZpYyBkZXZpY2Uu
ICBQYXJ0IG9mIHRoZSBtb3RpdmF0aW9uIGZvciA0MTIyLXN0eWxlDQo+Pj4gaWRlbnRpZmllcnMg
aXMgdG8gYXZvaWQgY29sbGlzaW9ucywgYnV0IEkgZG9uJ3Qgc2VlIHRoYXQgYXMgbmVjZXNzYXJ5
DQo+Pj4gaGVyZSAtIGFueSBwYXJ0eSB0aGF0IGlzIGF1dGhvcml6aW5nIGNoYW5nZXMgY2FuIG1h
bmFnZSB0byBlbnN1cmUgdGhhdA0KPj4+IHRoZSBpZGVudGlmaWVycyB0aGV5IHNpZ24gZG9uJ3Qg
Y29sbGlkZS4NCj4+DQo+PiBUaGlzIGlzIHBhcnRseSBhYm91dCBpZGVudGlmaWVyIGNvbGxpc2lv
bi4gWW914oCZcmUgcXVpdGUgcmlnaHQgdGhhdCB0aGlzIGlzIG5vdCBhIGNvbmNlcm5pbmcgcHJv
YmxlbSBpbiB0aGUgc2ltcGxlIGNhc2UuIElmIHRoZSBkZXZpY2UgdHJ1c3RzIHRoZSBhdXRob3Ig
b2YgYW4gdXBkYXRlLCB0aGVuIGl0IHNob3VsZCBiZSBmaW5lLiBCdXQgdGhpbmdzIGdldCBtb3Jl
IGNvbXBsaWNhdGVkIHRoZSBkZWVwZXIgYSBzdXBwbHkgY2hhaW4gZ2V0cy4gRXZlbnR1YWxseSwg
aXTigJlzIGVudGlyZWx5IHBvc3NpYmxlIHRvIGhhdmUgdHdvLCBpZGVudGljYWxseSBuYW1lZCBt
b2RlbHMgb2YgSW9UIGxpZ2h0IHN3aXRjaCB3aXRoIGlkZW50aWNhbCBtYW51ZmFjdHVyZXIgbmFt
ZXMgb24gdGhlIHNhbWUgbmV0d29yay4gSWYgdGhhdCBoYXBwZW5zIGFuZCBhbiBvcGVyYXRvciBo
YXMgdGhlIHJpZ2h0cyB0byBwcm92aXNpb24gY29uZmlndXJhdGlvbiBvbiBib3RoIG9mIHRoZW0s
IHRoZXJlIGNvdWxkIGJlIHNlcmlvdXMgaW50ZXJvcGVyYWJpbGl0eSBjb25zZXF1ZW5jZXMgdG8g
dGhpcyBzaXR1YXRpb24uDQo+Pg0KPj4gTm93LCBJ4oCZbGwgYWRtaXQgdGhhdCB0aGlzIHNvdW5k
cyBhIGxpdHRsZSBmYXItZmV0Y2hlZC4gSSB0aGluayBpdOKAmXMganVzdCBvbiB0aGUgZWRnZSBv
ZiBwbGF1c2liaWxpdHkuIFRoYXQgYmVpbmcgc2FpZCwgd2hhdCBkb2VzIGl0IGNvc3QgdG8gZ3Vh
cmFudGVlIGl0IGRvZXNu4oCZdCBoYXBwZW4/DQo+DQo+IE9LLCB0aGVyZSBhcmUgdHdvIGRpZmZl
cmVudCB0aGluZ3M6IGNvbnRyb2xsZXIgWCBpbiBkZXZpY2UgQSBhbmQNCj4gY29udHJvbGxlciBY
IGluIGRldmljZSBCLiAgSXNuJ3QgdGhhdCBob3cgdGhlIG1hbmlmZXN0IHdvdWxkIGlkZW50aWZ5
DQo+IHRoZW0/ICAiVmVuZG9yIEZvbywgRGV2aWNlIEEsIENvbnRyb2xsZXIgWCIgPw0KPg0KPiBZ
b3UgYXJlIHNheWluZyB0aGF0IHlvdSB3YW50IHRvIHVzZSB0aGUgc2FtZSBpZGVudGlmaWNhdGlv
biBhbGwgdGhlDQo+IHdheSB0aHJvdWdoIHRoZSBzdXBwbHkgY2hhaW4uICBBbmQgeW91IHdhbnQg
dGhhdCBiZWNhdXNlIHlvdSBoYXZlIGENCj4gc2luZ2xlIG1hbmlmZXN0LiAgSSB0aGluayB0aGF0
J3MgcG90ZW50aWFsbHkgcHJvYmxlbWF0aWMuICBUYWtpbmcNCj4gQ2Fyc3RlbidzIGV4YW1wbGUg
b2Ygc2lnbmVkIGNsYWltcywgd2h5IGNvdWxkIHlvdSBub3Qgc2F5IHR3byB0aGluZ3M6DQoNClZl
bmRvciBuYW1lcyBhcmUgbm90IGd1YXJhbnRlZWQgdG8gYmUgdW5pcXVlLiBNYW55IG1heSBiZSB1
bmlxdWUsIGJ1dCB0aGlzIGlzIG5vdCBhIHN1ZmZpY2llbnQgdG8gYnVpbGQgYSBzdGFuZGFyZC4g
QmFua2luZyBvbiB2ZW5kb3IgbmFtZXMgYmVpbmcgdW5pcXVlIGlzIGEgZGVzaWduIGZsYXcuIE5v
dywgaXQgbWF5IGJlIHRoYXQgYSBtb2RlbCBuYW1lIGlzIGEgc3VmZmljaWVudCBkaWZmZXJlbnRp
YXRvciwgYnV0IGFnYWluIHRoaXMgaXMgbm90IGEgZ3VhcmFudGVlLiBDb21wYW5pZXMgZ28gb3V0
IG9mIGJ1c2luZXNzLiBUaGV5IHJlYnJhbmQuIFRoZXkgcHVyY2hhc2Ugb3RoZXIgY29tcGFuaWVz
IGFuZCBhc3N1bWUgdGhlaXIgbmFtZXMsIHRoZW4gY29tZSB1cCB3aXRoIG5ldyBwcm9kdWN0IG5h
bWVzIHRoYXQgYXJlIHRoZSBzYW1lIGFzIG9sZCBwcm9kdWN0IG5hbWVzLiBBc3N1bWluZyB0aGF0
IFt2ZW5kb3IgbmFtZSwgbW9kZWwgbmFtZV0gcGFpcnMgYXJlIHVuaXF1ZSBpcyBkYW5nZXJvdXMu
DQoNCkkgdGhpbmsgeW91IGhhdmUgbWlzdW5kZXJzdG9vZCB3aGF0IEkgbWVhbnQgYWJvdXQgc3Vw
cGx5IGNoYWlucy4gSSBtZWFuIHRoYXQgaXTigJlzIGVudGlyZWx5IHBvc3NpYmxlIHRoYXQgQnVp
bGRpbmcgQ29ycCAodGhlIGxhbmRsb3JkIG9mIGEgYnVpbGRpbmcpIGNvdWxkIGdldCB0d28gY29u
dHJhY3RvcnMgaW5zdGFsbGluZyB0d28gbGlnaHQgc3dpdGNoZXM6DQoNCkxpZ2h0IFN3aXRjaCBB
DQpWZW5kb3I6IFdpZGdldCBDb3JwDQpNb2RlbDogTGlnaHQgU3dpdGNoIHIxDQoNCkxpZ2h0IFN3
aXRjaCBCDQpWZW5kb3I6IFdpZGdldCBDb3JwDQpNb2RlbDogTGlnaHQgU3dpdGNoIHIxDQoNClRo
ZSBXaWRnZXQgQ29ycCB0aGF0IG1hbnVmYWN0dXJlZCBMaWdodCBTd2l0Y2ggQSBpcyBpbmNvcnBv
cmF0ZWQgaW4gQ291bnRyeSBBLiBUaGUgV2lkZ2V0IENvcnAgdGhhdCBtYW51ZmFjdHVyZWQgTGln
aHQgU3dpdGNoIEIgaXMgaW5jb3Jwb3JhdGVkIGluIENvdW50cnkgQi4NCg0KVXNpbmcgdGhlIHNj
aGVtZSB0aGF0IHlvdeKAmXZlIHN1Z2dlc3RlZCwgdGhpcyBpcyBzdGlsbCBva2F5LiBUaGUgYXV0
aG9yaXR5IHRoYXQgcmVzdHMgd2l0aCBlYWNoIGNvbXBhbnkgdG8gYXV0aG9yIGZpcm13YXJlIGZv
ciB0aGUgbGlnaHQgc3dpdGNoZXMgc3RpbGwgcmVxdWlyZXMgYSBrZXkgdmFsaWRhdGlvbi4gV2lk
Z2V0IENvcnAgKEEp4oCZcyBmaXJtd2FyZSB3aWxsIG5vdCBpbnN0YWxsIG9uIFdpZGdldCBDb3Jw
IChCKeKAmXMgbGlnaHQgc3dpdGNoLiBOb3csIHN1cHBvc2UgdGhhdCBib3RoIG9mIHRoZXNlIHZl
bmRvcnMgaGF2ZSBkZWxlZ2F0ZWQgY29uZmlndXJhdGlvbiBhdXRob3JpdHkgdG8gdGhlIHB1cmNo
YXNlciBvZiB0aGUgbGlnaHRzLiBUaGlzIG1lYW5zIHRoYXQgQnVpbGRpbmcgQ29ycCBjYW4gbWFr
ZSBjb25maWd1cmF0aW9uIGRhdGEgZm9yIGJvdGggTGlnaHQgU3dpdGNoIEEgYW5kIExpZ2h0IFN3
aXRjaCBCIEhvdyBjYW4gQnVpbGRpbmcgQ29ycCBlbnN1cmUgdGhhdCBvbmx5IGEgV2lkZ2V0IENv
cnAgKEEpIGNvbmZpZ3VyYXRpb24gYmxvYiBpcyBzZW50IHRvIGEgV2lkZ2V0IENvcnAgKEEpIGRl
dmljZSwga25vd2luZyB0aGF0IGl0IG1pZ2h0IHN0b3AgYSBXaWRnZXQgQ29ycCAoQikgZGV2aWNl
IGZyb20gZnVuY3Rpb25pbmc/DQoNCklmIHRoZXJlIGlzIGEgbmVlZCBmb3IgYSBndWFyYW50ZWUg
b2YgdW5pcXVlbmVzcyBhdCB0aGUgVmVuZG9yIGxldmVsLCB3ZSBhbHJlYWR5IGhhdmUgYSBtZWNo
YW5pc20gZm9yIHByb3ZpZGluZyB0aGF0OiBSRkM0MTIyLg0KDQo+DQo+PiBUaGUgdGltZXN0YW1w
IGlzIG5vdCBwcm9wZXJseSBqdXN0aWZpZWQgaW4gdGhlIG1hbmlmZXN0IGRyYWZ0LiBUaGUgdGlt
ZXN0YW1wIGlzIGluIHBsYWNlIGZvciByb2xsYmFjayBwcm90ZWN0aW9uLiBPcmlnaW5hbGx5LCB3
ZSBoYWQgaW50ZW5kZWQgdG8gaW5jbHVkZSBhIG1vbm90b25pYyBjb3VudGVyIGZpZWxkIGZvciBy
b2xsYmFjayBwcm90ZWN0aW9uLCBob3dldmVyIHRoaXMgY3JlYXRlcyB1c2FiaWxpdHkgcHJvYmxl
bXMgd2hlbiBtdWx0aXBsZSBhY3RvcnMgbWF5IG5lZWQgdG8gdHJhbnNtaXQgdXBkYXRlcy4gVG8g
ZW5zdXJlIHRoYXQgYWxsIGF1dGhvcmlzZWQgYWN0b3JzIHdvdWxkIGJlIGFibGUgdG8gdHJhbnNt
aXQgdXBkYXRlcyB3aXRob3V0IG5lZWRpbmcgdG8gZmlyc3QgZGV0ZXJtaW5lIHRoZSB2YWx1ZSBv
ZiB0aGUgbW9ub3RvbmljIHJvbGxiYWNrIGNvdW50ZXIsIHdlIGRlY2lkZWQgdG8gdXNlIGFuIGlu
dGVnZXIgVVRDIGVwb2NoIHRpbWVzdGFtcC4gVGhpcyBlbnN1cmVzIGEgbW9ub3RvbmljYWxseSBp
bmNyZWFzaW5nIGFudGktcm9sbGJhY2sgY291bnRlciwgdGhhdCBqdXN0IGhhcHBlbnMgdG8gYmUg
Z2xvYmFsbHkgc3luY2hyb25pc2VkLg0KPg0KPiBUaGF0IHN0aWxsIGRvZXNuJ3QganVzdGlmeSBt
YWtpbmcgaXQgbWFuZGF0b3J5LiAgSXQncyBhIGZpbmUgc29sdXRpb24sDQo+IGJ1dCB5b3UgYXJl
IHJlY29tbWVuZGluZyBtYWtpbmcgZXZlcnlvbmUgYWNjZXB0IHlvdXIgZGVzaWduLiAgQW5kDQo+
IHRoZXJlIGFyZSBtYW55IGRldmljZXMgdGhhdCBkb24ndCBoYXZlIGNsb2Nrcy4NCg0KTm8gY2xv
Y2sgaXMgbmVlZGVkLiBBcyBmYXIgYXMgdGhlIGRldmljZSBpcyBjb25jZXJuZWQsIGl04oCZcyBq
dXN0IGEgbW9ub3RvbmljIHNlcXVlbmNlIG51bWJlci4gQSBtb25vdG9uaWMgc2VxdWVuY2UgbnVt
YmVyIGlzIG1hbmRhdG9yeSAoZm9yIHRoZSBzZWN1cml0eSByZXF1aXJlbWVudCBJIGRldGFpbGVk
IGFib3ZlKS4gVXNpbmcgVVRDIHRpbWVzdGFtcHMgaXMgYSB1c2FiaWxpdHkgZmVhdHVyZS4NCg0K
VG8gcHV0IGl0IGluIFJGQzIxMTkgdGVybXMsIGEgbWFuaWZlc3QgTVVTVCBpbmNsdWRlIGEgbW9u
b3RvbmljIHNlcXVlbmNlIG51bWJlci4gQSBtYW5pZmVzdCBNQVkgdXNlIGEgVVRDIHRpbWVzdGFt
cCBhcyBhIG1vbm90b25pYyBzZXF1ZW5jZSBudW1iZXIuDQoNCj4NCj4+IFRoZSBwYXlsb2FkIGlu
Zm8gaXMgaW4gcGxhY2UgdG8gYW5zd2VyIHRoZXNlIHF1ZXN0aW9uczoNCj4+ICogV2hhdCBraW5k
IG9mIHVwZGF0ZSBpcyBpdD8NCj4+ICogV2hlcmUgc2hvdWxkIHRoZSBkZXZpY2Ugb2J0YWluIHRo
ZSB1cGRhdGUgZnJvbT8NCj4+ICogV2hlcmUgc2hvdWxkIHRoZSBkZXZpY2Ugc3RvcmUgdGhlIHVw
ZGF0ZT8NCj4+ICogSG93IGJpZyBpcyB0aGUgdXBkYXRlPw0KPj4gKiBIYXMgdGhlIHVwZGF0ZSBi
ZWVuIGNvcnJ1cHRlZD8NCj4NCj4gWW91IG5lZWQgdG8gYmV0dGVyIG1vdGl2YXRlIHdoeSBhbnkg
b2YgdGhlc2UgcXVlc3Rpb25zIG5lZWQgYW5zd2Vycy4NCj4NCj4gSWYgdGhlIHVwZGF0ZSBuZWVk
cyB0byBiZSBhdXRob3JpemVkLCBhbmQgdGhlIHVwZGF0ZSBiaXRzIGFyZSBzaWduZWQsDQo+IHRo
ZW4gY29ycnVwdGlvbiBpcyBtYW5hZ2VkLiAgQW5kIHRoZSAia2luZCBvZiB1cGRhdGUiIHNob3Vs
ZCBiZSAidGhlDQo+IGtpbmQgb2YgdXBkYXRlIHRoYXQgdGhpcyBkZXZpY2UgZXhwZWN0cyIuICBB
cyBmb3IgdGhlIHJlc3Qgb2YgdGhlc2UsDQo+IHlvdSBhcmd1ZSBlbHNld2hlcmUgdGhhdCBkZWxp
dmVyeSBvZiB0aGUgYml0cyBpcyBvdXQgb2Ygc2NvcGUsIGJ1dA0KPiB0aGVzZSBmaWVsZHMgZHJh
ZyB0aGF0IGRlbGl2ZXJ5IG1lY2hhbmlzbSByaWdodCBiYWNrIGludG8gc2NvcGUuDQoNCkkgdGhp
bmsgeW91IGFyZSBjb25mdXNpbmcgbWFuaWZlc3RzIHdpdGggaW50ZWdyYXRlZCBwYXlsb2FkcyB3
aXRoIG1hbmlmZXN0cyB0aGF0IGhhdmUgb3V0LW9mLWJhbmQgcGF5bG9hZHMuICBGb3IgaW50ZWdy
YXRlZCBwYXlsb2FkcywgeW91IGFyZSBjb3JyZWN0LiBObyBVUkkgaXMgbmVlZGVkLCBubyBoYXNo
IGlzIG5lZWRlZCwgbm8gc2l6ZSBpcyBuZWVkZWQuIEZvciBvdXQtb2YtYmFuZCBkaXN0cmlidXRp
b24sIGhvd2V2ZXIsIHRoZSBtb2RlbCBpcyBkaWZmZXJlbnQuDQoNClRoZSBkZXZpY2UgcmVjZWl2
ZXMgdGhlIG1hbmlmZXN0IGFuZCB0aGUgcGF5bG9hZCBhcyB0d28gc2VwYXJhdGUgcGllY2VzLiBU
aGVyZSBhcmUgZ29vZCByZWFzb25zIGZvciB0aGlzIGFwcHJvYWNoOg0KMS4gVGhlIGRldmljZSBj
YW4gcGVyZm9ybSBlYXJseSByZWplY3Rpb24gb2YgYSBtaXMtbWF0Y2hlZCB1cGRhdGUuDQoyLiBU
aGUgZGV2aWNlIGNhbiBjaG9vc2Ugb25lIG9mIHNldmVyYWwgcG9zc2libGUgbG9jYXRpb25zIHRv
IG9idGFpbiB0aGUgdXBkYXRlLg0KMy4gVGhlIGRldmljZSBjYW4gdmVyaWZ5IHRoYXQgdGhlIHNp
Z25pbmcgYXV0aG9yaXR5KHMpIGhhcyB0aGUgY29ycmVjdCByaWdodHMgZm9yIHRoZSBzdG9yYWdl
SUQvY29tcG9uZW50IHRhcmdldGVkIGJ5IHRoZSB1cGRhdGUuDQo0LiBUaGUgZGV2aWNlIGNhbiB2
ZXJpZnkgdGhlIHNpZ25hdHVyZSBwcmlvciB0byBkb3dubG9hZGluZyB0aGUgdXBkYXRlLCB3aGlj
aCBzYXZlcyBiYW5kd2lkdGggYW5kIGVuZXJneS4NCg0KSWYgdGhlIG1hbmlmZXN0IGRvZXMgbm90
IGNvbnRhaW4gdGhlIHBheWxvYWQsIHRoZSBkZXZpY2UgbmF0dXJhbGx5IG5lZWRzIHRvIGtub3cg
d2hlcmUgdG8gZmluZCBpdC4gSXQgYWxzbyBuZWVkcyB0aGUgc2l6ZSBhbmQgaGFzaCBvZiB0aGUg
cGF5bG9hZCB0byBlbnN1cmUgdGhhdCB0aGUgY29ycmVjdCBudW1iZXIgb2YgYnl0ZXMgYXJlIGRv
d25sb2FkZWQgYW5kIHRoYXQgdGhleSBoYXZlbuKAmXQgYmVlbiBjb3JydXB0ZWQgb3IgdGFtcGVy
ZWQgd2l0aC4gV2hldGhlciBvciBub3QgYSBVUkkgaXMgdGhlIGFwcHJvcHJpYXRlIG1ldGhvZCBv
ZiBzcGVjaWZ5aW5nIHdoZXJlIHRvIGZpbmQgaXQgaXMgYW5vdGhlciBxdWVzdGlvbiwgaG93ZXZl
ciBJIHRoaW5rIHRoYXQgYSBVUkkgZG9lcyBhIGZpbmUgam9iIG9mIHVuaXZlcnNhbGx5IGlkZW50
aWZ5aW5nIHJlc291cmNlcy4uDQoNCj4+DQo+PiBUaGlzIGxvb2tzIHRvIG1lIGxpa2UgaXQgaXMg
Y29uZmxhdGluZyB0d28gZGlmZmVyZW50IGNvbmNlcHRzLiBXaGF0IHByb2JsZW0gYXJlIHlvdSB0
cnlpbmcgdG8gc29sdmU/DQo+DQo+IFllcywgSSdtIGludGVudGlvbmFsbHkgbWVyZ2luZyB0aGUg
dHdvIHRoaW5ncy4gIFRoZSBwb2ludCBiZWluZyB0aGF0DQo+IHlvdSBoYXZlIGEgc2luZ2xlIHdh
eSB0byBpZGVudGlmeSB0aGUgKnRhcmdldCogb2YgdGhlIHVwZGF0ZS4gIFdlIGRvDQo+IHRoaXMg
d2l0aCBVUklzIGFsbCB0aGUgdGltZS4gIEF0IHRoZSBsZXZlbCBhdCB3aGljaCB3ZSBnZW5lcmFs
bHkgdXNlIGENCj4gVVJJLCBpdCdzIHRyZWF0ZWQgYXMgYW4gb3BhcXVlIHN0cmluZywgYW5kIHRo
YXQgZ29lcyBkb3VibGUgZm9yIHBhdGhzLg0KPg0KPiBUaGUgcHJvYmxlbSB3aXRoIHNwbGl0dGlu
ZyB0aGVzZSBkb3duIGlzIHRoYXQgeW91IHJpc2sgbWFraW5nIHRoZSBjdXRzDQo+IGF0IHRoZSB3
cm9uZyBwbGFjZS4gIFlvdSBoYXZlbid0IHJlYWxseSBlc3RhYmxpc2hlZCB0aGF0IGEgc3BsaXQg
aXMNCj4gbmVjZXNzYXJ5IGZvciBpbnRlcm9wZXJhYmlsaXR5IHRvIGhhdmUgdGhhdCBzcGxpdCBp
biB0aGUgaWRlbnRpZmllciwNCj4gYW5kIHdpdGhvdXQgdGhhdCBpdCBpcyBiZXR0ZXIgdG8gbGVh
dmUgdGhlIHN0cnVjdHVyZSBvZiB0aGVzZQ0KPiBpZGVudGlmaWVycyB0byB0aG9zZSB0aGF0IG1h
bmFnZSB0aG9zZSBuYW1lc3BhY2VzLg0KDQpUaGlzIHByZXN1cHBvc2VzIHVuaXF1ZSwgaHVtYW4t
cmVhZGFibGUgW3ZlbmRvciwgbW9kZWxdIHBhaXJzLiBVbmxlc3MgdGhlcmUgaXMgYSBtZWNoYW5p
c20gaW4gcGxhY2UgdG8gZ3VhcmFudGVlIHVuaXF1ZSBbdmVuZG9yLCBtb2RlbF0gcGFpcnMsIEkg
ZG9u4oCZdCBzZWUgd2hhdCB2YWx1ZSBhIG1lcmdlZCBpZGVudGlmaWVyIGJyaW5ncy4gVVJJcyBo
YXZlIHRoYXQgbWVjaGFuaXNtIGFscmVhZHksIGluIHRoZSBmb3JtIG9mIEROUy4gRE5TIHByb3Zp
ZGVzIGEgZ3VhcmFudGVlIG9mIHVuaXF1ZW5lc3MgZm9yIHRoZSBmaXJzdCBwYXJ0IG9mIGEgVVJJ
LiBUaGlzIGlzIHRoZSBvbmx5IHJlYXNvbiB0aGF0IHlvdXIgVVJJIGV4YW1wbGUgd29ya3MuIElm
IHRoZXJlIHdlcmUgbm8gZ3VhcmFudGVlIG9mIHVuaXF1ZW5lc3MgYXQgdGhlIEROUyBsZXZlbCwg
dGhlbiBubyBvbmUgd291bGQgdXNlIFVSSXMgYmVjYXVzZSB5b3Ugd291bGRu4oCZdCBrbm93IHdo
YXQgeW91IHdlcmUgZ29pbmcgdG8gZ2V0IGF0IHRoZSBvdGhlciBlbmQgb2YgdGhhdCBibG9jayBv
ZiB0ZXh0LiAoSeKAmW0gaWdub3JpbmcgRE5TIHNwb29maW5nLCBtb2RpZmllZCBob3N0IHRhYmxl
cywgZG5zbWFzcSwgZXRjLiBETlNTRUMgc29sdmVzIHNvbWUgb2YgdGhvc2UuKQ0KDQo+DQo+PiBU
aGVyZSBpcyBhIHN0cm9uZyByZWFzb24gZm9yIGhhdmluZyBjb25kaXRpb25zIGFuZCBkaXJlY3Rp
dmVzIGFzIGRpc3RpbmN0IGNvbmNlcHRzLg0KPj4gKiBDb25kaXRpb25zIGFyZSB0ZXN0cyB0aGF0
IG11c3QgYmUgcGVyZm9ybWVkIHByaW9yIHRvIGFjY2VwdGluZyBhbiB1cGRhdGUuDQo+PiAqIERp
cmVjdGl2ZXMgYXJlIGRpcmVjdGlvbnMgZm9yIGhvdyB0byB1c2UgYW4gdXBkYXRlLg0KPg0KPiBU
aGF0J3Mgbm90IGEgc3Ryb25nIHJlYXNvbiwgdGhhdCdzIGFuIGFyZ3VtZW50IGZyb20gdGF4b25v
bXk6IHlvdSBhcmUNCj4gc2F5aW5nIHRoYXQgYmVjYXVzZSB5b3UgY2FuIGZpbmQgYSB0YXhvbm9t
aWMgZGlmZmVyZW5jZSwgaXQgaXMgYmV0dGVyDQo+IHRvIHB1dCB0aGUgZmllbGRzIGludG8gc2Vw
YXJhdGUgYnVja2V0cy4gIEJ1dCB3aGVuIGl0IGNvbWVzIHRvDQo+IGludGVyb3BlcmFibGUgZm9y
bWF0cywgdGhlIGZld2VyIGV4dGVuc2lvbiBwb2ludHMgeW91IGhhdmUsIHRoZSBtb3JlDQo+IGxp
a2VseSB5b3UgYXJlIHRvIGZpbmQgdGhhdCB0aG9zZSBleHRlbnNpYmlsaXR5IHBvaW50cyB3b3Jr
IGluIDEwDQo+IHllYXJzIHRpbWUuICBHZW5lcmljIGNsYWltcyBtaWdodCBzb3VuZCB0byB5b3Ug
bGlrZSBhIHJlZ3Jlc3Npb24sIGJ1dA0KPiB3ZSd2ZSBleHBlcmllbmNlIHRoYXQgc2hvd3MgdGhh
dCBmZXdlciBhbmQgYmV0dGVyLXVzZWQgZXh0ZW5zaW9uDQo+IHBvaW50cyB3b3JrIG1vcmUgcmVs
aWFibHkuICBHaXZlbiB0aGF0IHlvdSBoYXZlIHByZWNpc2VseSBvbmUNCj4gZGlyZWN0aXZlLCBh
bmQgdGhlIG9uZSBkaXJlY3RpdmUgY291bGQgYmUgdHJpdmlhbGx5IHJlY2FzdCBhcyBhDQo+IGNv
bmRpdGlvbiAoYXBwbHkgdGhpcyB1cGRhdGUgb25seSB3aGVuIHRpbWUgPj0gWCksIHRoYXQgd2Vh
a2VucyB0aGUNCj4gY2FzZSBmb3IgbW9yZSBidWNrZXRzLg0KDQpJ4oCZbGwgYWRkIGEgZmV3IG1v
cmUuDQoqIEluc3RhbGwgdXNpbmcgcGFja2FnZSBoYW5kbGVyIFgNCiogVXNlIGEgdGFibGUgb2Yg
aGFzaGVzLCBmb3VuZCBhdCBZLCB0byBlbnN1cmUgdGhhdCBlYWNoIGJsb2NrIG9mIHRoZSBwYXls
b2FkIGlzIHZhbGlkYXRlIGJlZm9yZSB3cml0aW5nLg0KKiBSdW4gcG9zdC1wcm9jZXNzaW5nIHNj
cmlwdCBaDQoqIERvIG5vdCByZXBvcnQgcHJvZ3Jlc3MNCiogUHJlLWNhY2hlIHRoaXMgdXBkYXRl
LCBidXQgZG8gbm90IGluc3RhbGwNCiogSW5zdGFsbCB0aGUgcHJlLWNhY2hlZCB1cGRhdGUgbWF0
Y2hpbmcgdGhpcyBtYW5pZmVzdA0KKiBJbnN0YWxsIHRoaXMgdXBkYXRlIGltbWVkaWF0ZWx5LCBv
dmVycmlkaW5nIGFueSBsb25nLXJ1bm5pbmcgdGFza3MuDQoNCj4NCj4+IERlcGVuZGVuY2llcyBj
ZXJ0YWlubHkgYXJlIHRoZSBpbnRlbmRlZCBtZWNoYW5pc20gYXMgaXQgc3RhbmRzLiBJIGhhdmUg
c2VlbiB2ZXJzaW9uLWJhc2VkIGRlcGVuZGVuY3kgbWF0Y2hpbmcgZ28gcXVpdGUgYmFkbHkgaW4g
c29tZSBzaXR1YXRpb25zLCBzbyBJ4oCZbSBsZWVyeSB0byBzcGVjaWZ5IGluIHNvbWV0aGluZyBl
cXVpdmFsZW50IHRvIHNlbWFudGljIHZlcnNpb25pbmcgb2YgZGVwZW5kZW5jaWVzLCBmb3IgZXhh
bXBsZS4gVXNpbmcgaGFzaGVzIGZvciB2ZXJzaW9ucyBwcm92aWRlcyBhIHZlcnkgc3Ryb25nIGFz
c2VydGlvbiBhYm91dCB0aGUgc3VpdGFiaWxpdHkgb2YgYSBwYXJ0aWN1bGFyIGRlcGVuZGVuY3kg
dmVyc2lvbi4gQW5kIGlzIG5vdCB2dWxuZXJhYmxlIHRvIHRoZSBzYW1lIHByb2JsZW1zIHdpdGgg
ZGVwZW5kZW5jeSBtaXNtYXRjaGVzLg0KPg0KPiBZb3UgYXJlIGV4cGxpY2l0bHkgcnVsaW5nIG91
dCB0aGUgcG9zc2liaWxpdHkgb2YgdXNpbmcgdmVyc2lvbmluZyBmb3INCj4gZGVwZW5kZW5jaWVz
PyAgVGhhdCBzZWVtcyB1bndpc2UgdG8gbWUuICBJIGFncmVlIHRoYXQgc2VtYW50aWMgdmVyc2lv
bg0KPiBjYW4gYmUgYSBtaW5lZmllbGQsIGJ1dCBJIHdvdWxkbid0IGdvIHNvIGZhciBhcyB0byBk
ZW55IG90aGVycyB0aGUNCj4gcG9zc2liaWxpdHkgb2YgdXNpbmcgaXQuDQo+DQo+IEFsc28sIG9u
IHRoZSBsYXN0IHN1YmplY3QuLi4gd2h5IGlzbid0IGEgZGVwZW5kZW5jeSBhIGNvbmRpdGlvbj8g
IFlvdQ0KPiBjb3VsZCByZWFsaXN0aWNhbGx5IGNyZWF0ZSBtdWx0aXBsZSB0eXBlcyBvdmVyIHRp
bWUgKGEgaGFzaC1iYXNlZCBvbmUsDQo+IGFuZCBhIHZlcnNpb24tYmFzZWQgb25lIGxhdGVyKS4N
Cg0KRGVwZW5kZW5jaWVzIHdlcmUgaW50ZW5kZWQgbm90IHRvIGRlc2NyaWJlIHdoYXQgaXMgcmVx
dWlyZWQgb24gdGhlIGRldmljZSwgYnV0IHdoZXJlIHRvIGZpbmQgdGhlIHJlc3Qgb2YgdGhlIHVw
ZGF0ZS4gVGhlIGRlcGVuZGVuY2llcyB3ZXJlbuKAmXQgdGhlcmUgZm9yIHZlcnNpb25pbmcsIGJ1
dCByYXRoZXIgZm9yIGhhbmRsaW5nIG1vZHVsYXIgdXBkYXRlcywgd2l0aCBzaWduYXR1cmVzIGZy
b20gbXVsdGlwbGUgcGFydGllcyBiYXNlZCBvbiB3aGljaCBjb21wb25lbnRzL3N0b3JhZ2UgSURz
IHRoZXkgaGFkIHBlcm1pc3Npb25zIHRvIHdyaXRlLiBEZXBlbmRlbmNpZXMgd2VyZSBpbnRlbmRl
ZCB0byBwb2ludCBvbmx5IHRvIG90aGVyIG1hbmlmZXN0cy4gRnJvbSB0aGF0IHBlcnNwZWN0aXZl
LCBkZXBlbmRlbmNpZXMgYXJlbuKAmXQgY29uZGl0aW9ucyBhbmQgdGhleSBhcmVu4oCZdCBzdWl0
YWJsZSBmb3Igc2VtYW50aWMgdmVyc2lvbmluZy4gVGhlIHZlcnNpb24gcmVxdWlyZW1lbnRzIHNp
ZGUgY2VydGFpbmx5IGRvZXMgbG9vayBsaWtlIGEgY29uZGl0aW9uLiBIb3cgYWJvdXQgYSBuZXcg
Y29uZGl0aW9uPw0KDQpSZXF1aXJlLWNvbXBvbmVudC12ZXJzaW9uLCB3aXRoIGEgbWluaW11bSBh
biBhIG1heGltdW0gYXMgdHdvIG9wdGlvbmFsIE9DVEVUIFNUUkVBTSAvIGJzdHI/DQoNCj4+IEkg
Y2FuIHNlZSBhbiBhcmd1bWVudCBmb3IgcGxhY2luZyBzdG9yYWdlIElEcyBpbiBkZXBlbmRlbmNp
ZXMsIHNpbmNlIHRoYXQgc2hvcnRjdXRzIHRoZSByZXF1aXJlbWVudCB0byB3YWxrIGEgdHJlZSBv
ZiBtYW5pZmVzdHMsIHdoaWNoIGlzIGEgbWFqb3IgcHJvYmxlbSBpbiB0aGUgc3RvcmFnZSBvZiBt
YW5pZmVzdHMgb24gY29uc3RyYWluZWQgZGV2aWNlcy4NCj4NCj4gQXJlIHlvdSB0YWxraW5nIGFi
b3V0IHNvZnR3YXJlIHRoYXQgcXVlcmllcyBhIGRhdGFiYXNlIG9mIHVwZGF0ZXMNCj4gc2VhcmNo
aW5nIGZvciBhIGNvbXBhdGlibGUgc2V0IG9mIHVwZGF0ZXMgdGhhdCBpdCBjYW4gYXBwbHk/ICBG
b3IgYQ0KPiBjb25zdHJhaW5lZCBkZXZpY2UsIEkgd291bGQgaGF2ZSBhc3N1bWVkIHRoYXQgdGhl
IGRldmljZSB3b3VsZCBtb3JlIG9yDQo+IGxlc3MgYmUgZ2l2ZW4gbWFyY2hpbmcgb3JkZXJzIHJh
dGhlciB0aGFuIGdvIG91dCBzZWFyY2hpbmcgZm9yIGFuDQo+IHVwZ3JhZGUgcGF0aCBvbiBpdHMg
b3duLg0KDQpJ4oCZbSB0YWxraW5nIGFib3V0IGEgbW9kdWxhciB1cGRhdGUgdGhhdCB1c2VzIGRl
cGVuZGVuY2llcyB0byBjb25zdHJ1Y3QgYSB0cmVlIG9mIG1hbmlmZXN0cywgc29tZSBvZiB3aGlj
aCBoYXZlIHBheWxvYWRzIChpbnRlZ3JhdGVkIG9yIG91dC1vZi1iYW5kKS4gVmVyaWZ5aW5nIHRo
YXQgYWxsIG1hbmlmZXN0IGNvbmRpdGlvbnMgYXJlIG1ldCBhbmQgYWxsIHBheWxvYWRzIGFyZSBw
cmVzZW50IGluIGFuIGVmZmljaWVudCB3YXkgb24gYW4gY29uc3RyYWluZWQgZGV2aWNlIGlzIHNv
bWV3aGF0IGNvbXBsaWNhdGVkLg0KDQpCZXN0IFJlZ2FyZHMsDQpCcmVuZGFuIE1vcmFuDQoNCklN
UE9SVEFOVCBOT1RJQ0U6IFRoZSBjb250ZW50cyBvZiB0aGlzIGVtYWlsIGFuZCBhbnkgYXR0YWNo
bWVudHMgYXJlIGNvbmZpZGVudGlhbCBhbmQgbWF5IGFsc28gYmUgcHJpdmlsZWdlZC4gSWYgeW91
IGFyZSBub3QgdGhlIGludGVuZGVkIHJlY2lwaWVudCwgcGxlYXNlIG5vdGlmeSB0aGUgc2VuZGVy
IGltbWVkaWF0ZWx5IGFuZCBkbyBub3QgZGlzY2xvc2UgdGhlIGNvbnRlbnRzIHRvIGFueSBvdGhl
ciBwZXJzb24sIHVzZSBpdCBmb3IgYW55IHB1cnBvc2UsIG9yIHN0b3JlIG9yIGNvcHkgdGhlIGlu
Zm9ybWF0aW9uIGluIGFueSBtZWRpdW0uIFRoYW5rIHlvdS4NCg==


From nobody Tue Nov  7 14:55:09 2017
Return-Path: <Brendan.Moran@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F36E3129480 for <suit@ietfa.amsl.com>; Tue,  7 Nov 2017 14:55:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.92
X-Spam-Level: 
X-Spam-Status: No, score=-1.92 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N-Btfb_G9zkn for <suit@ietfa.amsl.com>; Tue,  7 Nov 2017 14:55:05 -0800 (PST)
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-he1eur01on0048.outbound.protection.outlook.com [104.47.0.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6D992129478 for <suit@ietf.org>; Tue,  7 Nov 2017 14:55:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Pa7iVs2t8IE7YrXUNDV+JYSCwcJh+waCU+TLTXNoIPY=; b=OGIQYBlEMhrAj4lfLpNi/nc2uVLVkXo3Ks0uqpPmVq5KPYBXpsyHVQP1xBVTHwa0AqYlVQkaKyoBeCJWvai6/81x+SmlbsHGcCO+BIZLEaKt9DH3LyGlywMX3r/MFOXbi6SZTeGapA9dMiGjvyaUEdPI1xOkd6lG9sGGRqFOaJk=
Received: from DB5PR08MB0615.eurprd08.prod.outlook.com (10.169.32.149) by DB5PR08MB0616.eurprd08.prod.outlook.com (10.169.32.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.197.13; Tue, 7 Nov 2017 22:55:01 +0000
Received: from DB5PR08MB0615.eurprd08.prod.outlook.com ([fe80::b123:af71:1ed2:1057]) by DB5PR08MB0615.eurprd08.prod.outlook.com ([fe80::b123:af71:1ed2:1057%14]) with mapi id 15.20.0197.020; Tue, 7 Nov 2017 22:55:01 +0000
From: Brendan Moran <Brendan.Moran@arm.com>
To: "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] WG Review: Software Updates for Internet of Things (suit)
Thread-Index: AQHTWBtxgRYVGfZJ1EmP1btbHqGApw==
Date: Tue, 7 Nov 2017 22:55:01 +0000
Message-ID: <D1B9CBA2-83DB-431F-B580-ED9D857ECC85@arm.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-mailer: Apple Mail (2.3273)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Brendan.Moran@arm.com; 
x-originating-ip: [81.101.7.188]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DB5PR08MB0616; 6:w5JOAwTofAZ+9PJppyPMDkduCUFYeHKoGNNUQCzTHNU0QNFU/vifh2luBaQi1OK9oTWDvzQrW5GwipY8tWhnujbeLx2Ls4InvQRuUrjeGtKYJSpnbBWQ7lcmsK1Ew0IpgakbkoYoJbFNmZ83WBj0h7UcyWVGUa1kLxU1HEbLQSVqWZvzUtRFUbsvdJaQ56IJJhs63fEi+SNZtK7XRkA0VB14a6N4e4WjUX0WCgnQ00Fm9Jb1RVAfsSQTbLO2K+fnpFJ5o5U7zMVZQEOMsUZi50nkEknIYEq2yq+1BfBqg0KzcEgkHnVMN7HJsu4WU3cORzk0O+x1zbuyYIHDfgkNO/OxXlJyhJ6RZGW0Oe3zE3s=; 5:dwpRA/uL5pDxtK1iFGHxf3k1pq6o5Ikm386ho6NB6tRZimpflf2emfhdIscf22Unp1xYZyC4oAle1z5BEx565yUJu80zG2f2Sf1/NMLfFLHAnCToUCKXOxd/LHEmVNVGGpVTL0YfxDYCXrnjFs3ZMkn9IZyNa/QJyOi3aYDJkiY=; 24:IOBSVKQZhjKMB7YJohNJmOEJJWlXmSAcBjXzY0KBM6lDrM/lserml/0h38ey84k7BjqCm57c6B6dDYNpS6wuYaNma/6tzQAJIwa5Fq+RMAw=; 7:zK/L4ncX9yPu1Ru6mN5czhkhkrJ7TicBO5liq+8+HQ1KQFqZNVTK9MRg1gj2EF3Fo8ZYCGj++b6lSgow6UirKciFBK/tocGyY1oKfTi5fgRGxqoQfhPHOIoOJG3wZeMp+n19PIUS9bA0agL0/HNBIyXGjRSj6fCGD7DB/hn0wOH2/II2HTAa8S+gOuUUbBl52c8xcuFdWNFI0efFD6QIvAhvG1l3Avuqxj8Y+ZEf28cWbrSr4dkYV8UaLH6WGcUW
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: b8f3cd92-7e14-4f75-0665-08d5263293de
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603249); SRVR:DB5PR08MB0616; 
x-ms-traffictypediagnostic: DB5PR08MB0616:
x-exchange-antispam-report-test: UriScan:(131327999870524);
x-microsoft-antispam-prvs: <DB5PR08MB06164EC12D944B1C7366E471EA510@DB5PR08MB0616.eurprd08.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(10201501046)(100000703101)(100105400095)(3231021)(3002001)(93006095)(93001095)(6055026)(6041248)(20161123555025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123564025)(20161123558100)(20161123562025)(20161123560025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:DB5PR08MB0616; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:DB5PR08MB0616; 
x-forefront-prvs: 0484063412
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(979002)(6009001)(39860400002)(346002)(376002)(199003)(40434004)(189002)(229853002)(72206003)(5640700003)(6506006)(6486002)(83716003)(81166006)(50986999)(7736002)(1730700003)(8676002)(6436002)(8936002)(3846002)(102836003)(6116002)(36756003)(14454004)(2501003)(81156014)(25786009)(68736007)(99286004)(478600001)(101416001)(189998001)(97736004)(316002)(33656002)(6246003)(6512007)(53936002)(54896002)(50226002)(2351001)(82746002)(15650500001)(5660300001)(66066001)(106356001)(2906002)(105586002)(86362001)(5890100001)(2900100001)(3280700002)(5250100002)(3660700001)(57306001)(6916009)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1101; SCL:1; SRVR:DB5PR08MB0616; H:DB5PR08MB0615.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords;  A:1; MX:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_D1B9CBA283DB431FB580ED9D857ECC85armcom_"
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b8f3cd92-7e14-4f75-0665-08d5263293de
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Nov 2017 22:55:01.3033 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB5PR08MB0616
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/jifEsnx4Rnm6GOKOVjSJGMTfNZ4>
Subject: Re: [Suit] WG Review: Software Updates for Internet of Things (suit)
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Nov 2017 22:55:07 -0000

--_000_D1B9CBA283DB431FB580ED9D857ECC85armcom_
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64

SGkgSGVuaywNCg0KDQpKdXN0IHllc3RlcmRheSBJIG1ldCB3aXRoIGEgdmVuZG9yIHRoYXQgZG9l
cyBmaXJtd2FyZSB1cGdyYWRlcyBpbiBpc29sYXRlZCBjb21wdXRpbmcgY29udGV4dCBzbGljZXMg
b2Ygc2luZ3VsYXIgdGhpbmdzIC0gYW5kIHRoZXkgd2VyZSBhbWF6ZWQgdGhhdCAicHJvdmlkaW5n
IHRoZSBjYXBhYmlsaXR5IG9mIGluZGljYXRpbmcgYmxvY2stZGV2aWNlIGxhYmxlcy9pbmRleGVz
IiwgImJsb2NrLW9mZnNldHMgaW4gYSBibG9jay1kZXZpY2UiIGFuZCBzZW1hbnRpYyByZWxhdGlv
bnNoaXBzLCBzdWNoIGFzICJyZXF1aXJlcyIsICJzdXBlcnNlZGVzIiwgb3IgInBhdGNoZXMiIGlz
IG5vdCBhbiBvYnZpb3VzIHRoaW5nIHRvIGJlIGluY2x1ZGVkIGluIGEgbWFuaWZlc3QuIFRoZSBs
aXRlcmFsIHF1ZXN0aW9uIHRoZXkgdm9pY2VkIHdhczogIldoeSBnb2luZyB0aHJvdWdoIHRoZSBo
YXNzbGUgb2YgY3JlYXRpbmcgYSBtYW5pZmVzdCBmb3IgbWV0YWRhdGEsIGlmIHlvdSBhcmUgbm90
IGdvaW5nIHRvIHB1dCB1c2VmdWwgbWV0YWRhdGEgaW4gaXQ/IiBBbmQgSSBjb3VsZCB1bmRlcnN0
YW5kIHRoZWlyIHBvaW50IG9mIHZpZXcuDQoNCltIYW5uZXNdIEkgYW0gbm90IHN1cmUgSSB1bmRl
cnN0YW5kIHRoZWlyIGNvbW1lbnQuDQoNCltCcmVuZGFuXSBUaGVzZSBjb25jZXB0cyBhcmUgcGFy
dGlhbGx5IGJ1aWx0LWluIHRvIHRoZSBtYW5pZmVzdCBmb3JtYXQgYWxyZWFkeS4gV2hlcmUgYSBm
aWxlc3lzdGVtIGlzIHByZXNlbnQsIHRoZSBTdG9yYWdlSWRlbnRpZmllciBjYW4gYWJzb2x1dGVs
eSBiZSBpbnRlcnByZXRlZCBhcyBhIGZpbGVzeXN0ZW0gcGF0aC4gV2hlcmUgb25seSBibG9jayBk
ZXZpY2VzIGFyZSBwcmVzZW50LCBpdCBjYW4gYmUgYSBibG9jay1kZXZpY2UgbGFiZWwvaW5kZXgu
IFByb3ZpZGluZyBmb3IgYW4gb2Zmc2V0IGJleW9uZCB0aGF0IGNhbiBiZSBkb25lIGluIHR3byB3
YXlzOiBlaXRoZXIgd2l0aCBhIHN0cmluZyBmb3JtYXQgaW4gdGhlIFN0b3JhZ2VJZGVudGlmaWVy
LCBvciB3aXRoIGEgZGlyZWN0aXZlLCB0aGF0IHN0YXRlcyDigJxibG9jayBkZXZpY2Ugb2Zmc2V0
4oCdLg0KDQpbQnJlbmRhbl0gInJlcXVpcmVzIiwgInN1cGVyc2VkZXMiLCBvciDigJxwYXRjaGVz
4oCdIGNhbiAoYW5kIHNob3VsZCkgYmUgaW1wbGVtZW50ZWQgYXMgY29uZGl0aW9ucy4NCg0KDQpB
ZGRpdGlvbmFsbHkgLSBvbiBvbmUgaGFuZCAtIEkgd291bGQgbGlrZSB0byBzdXBwb3J0IHRoZSB0
ZXJtIGNsYWltIGluIHJlc3BlY3QgdG8gdGhlIG1peCBvZiB0ZXJtcyBoaWdobGlnaHRlZCBieSBN
YXJ0aW46DQoNCj4gSXQncyBub3QganVzdCB0ZXJtaW5vbG9neS4gIFRoZXJlIGFyZSB0aHJlZSBk
aXNjcmV0ZSBmaWVsZHMgaW4gdGhlDQo+IGRyYWZ0IGZvciBjb25kaXRpb25zLCBkaXJlY3RpdmVz
IGFuZCBleHRlbnNpb25zLiAgSSBhbSBzdWdnZXN0aW5nIHRoYXQNCj4gdGhlcmUgb25seSBuZWVk
cyB0byBiZSBvbmUuDQoNCg0KW0JyZW5kYW5dIENvbmRpdGlvbnMgYW5kIGRpcmVjdGl2ZXMgaGF2
ZSBhIHNlbWFudGljIGRpZmZlcmVuY2U6IENvbmRpdGlvbnMgYXJlIGV2YWx1YXRlZCBiZWZvcmUg
YWNjZXB0YW5jZSBvZiBhIG1hbmlmZXN0LiBEaXJlY3RpdmVzIGFyZSBleGVjdXRlZCBhZnRlciBh
Y2NlcHRhbmNlIG9mIGEgbWFuaWZlc3QuIFRoaXMgaXMgYSBkaXN0aW5jdGlvbiB0aGF0IGlzIHRy
aXZpYWwgdG8gaW1wbGVtZW50IGFuZCBzaW1wbGlmaWVzIHByb2Nlc3Npbmcgb24gdGhlIHRhcmdl
dCBkZXZpY2UuIEkgYmVsaWV2ZSB0aGF0IHRoaXMgaXMgc3VmZmljaWVudCB0byBqdXN0aWZ5IHNw
bGl0dGluZyB0aGUgZmllbGQuDQoNCg0KT24gdGhlIG90aGVyIGhhbmQsIEkgYW0gbm90IHNvIGNl
cnRhaW4gYWJvdXQgdGhpcyBzdGF0ZW1lbnQsIE1hcnRpbjoNCg0KPiBzdG9yYWdlSWRlbnRpZmll
ciBzZWVtcyBlc3BlY2lhbGx5IHByb2JsZW1hdGljLiAgSWYgeW91IGhhdmUgYSBkZXZpY2UNCj4g
dHlwZSBpZGVudGlmaWVyLCB0aGVuIHRoYXQgc2hvdWxkIHN1ZmZpY2UgZm9yIHRob3NlIGNhc2Vz
IHdoZXJlIHRoZXJlDQo+IGFyZSBtdWx0aXBsZSB1cGRhdGUgdGFyZ2V0cyBvbiBhIGRldmljZS4g
IFRoYXQgaXMsIHlvdSBjYW4gaWRlbnRpZnkgYnkNCj4gZ2VuZXJpY2FsbHkgaWRlbnRpZnlpbmcg
dGhlIHR5cGUgb2YgdGhpbmcgdGhhdCB0aGlzIHVwZGF0ZSBhcHBsaWVzIHRvOg0KPiAidmVuZG9y
IGZvbyBhbGFybSBjbG9jayBjb25maWd1cmF0aW9uIiByYXRoZXIgdGhhbiAidmVuZG9yIGZvbyBh
bGFybQ0KPiBjbG9jayIgYW5kIGl0IGFsbCB3b3JrcyBuZWF0bHkuICBSaWdodCBub3cgdGhlIHN0
b3JhZ2VJZGVudGlmaWVyIGlzDQo+IGFsbCB0aWVkIHVwIGluIHRoZSB3YXkgdGhhdCB0aGUgdXBk
YXRlIGlzIGlkZW50aWZpZWQuDQoNCk9wdGlvbmFsIHN0YW5kYXJkIGNsYWltcyB0aGF0IE1BWSBi
ZSB1c2VkIHRvIHByb3ZpZGUgYWRkaXRpb25hbCBzZW1hbnRpY3MgdG8gYSBtYW5pZmVzdCBkbyBu
b3Qgc291bmQgc28gYmFkIHRvIG1lLiBBbSBJIG1pc3Npbmcgc29tZXRoaW5nIGhlcmU/DQoNCltI
YW5uZXNdIE1hcnRpbiB3b3VsZCBsaWtlIHRvIGNvbWJpbmUgZWxlbWVudHMgd2hpbGUgd2UgaGFk
IHByb3Bvc2VkIHRvIHNlcGFyYXRlIHRoZW0uIFRvIG1lIGl0IGZlZWxzIGxpa2UgZGVmaW5pbmcg
YW4gYXR0cmlidXRlICduYW1lJyB2cy4gaGF2aW5nIHR3byBhdHRyaWJ1dGVzLCAnZmlyc3QgbmFt
ZScgYW5kICdsYXN0IG5hbWUnLiBJIHBlcnNvbmFsbHkgZG9uJ3QgaGF2ZSBhIHN0cm9uZyBvcGlu
aW9uIGFib3V0IHRoaXMgdG9waWMuDQoNCg0KQmVzdCBSZWdhcmRzLA0KDQpCcmVuZGFuDQoNCklN
UE9SVEFOVCBOT1RJQ0U6IFRoZSBjb250ZW50cyBvZiB0aGlzIGVtYWlsIGFuZCBhbnkgYXR0YWNo
bWVudHMgYXJlIGNvbmZpZGVudGlhbCBhbmQgbWF5IGFsc28gYmUgcHJpdmlsZWdlZC4gSWYgeW91
IGFyZSBub3QgdGhlIGludGVuZGVkIHJlY2lwaWVudCwgcGxlYXNlIG5vdGlmeSB0aGUgc2VuZGVy
IGltbWVkaWF0ZWx5IGFuZCBkbyBub3QgZGlzY2xvc2UgdGhlIGNvbnRlbnRzIHRvIGFueSBvdGhl
ciBwZXJzb24sIHVzZSBpdCBmb3IgYW55IHB1cnBvc2UsIG9yIHN0b3JlIG9yIGNvcHkgdGhlIGlu
Zm9ybWF0aW9uIGluIGFueSBtZWRpdW0uIFRoYW5rIHlvdS4NCg==

--_000_D1B9CBA283DB431FB580ED9D857ECC85armcom_
Content-Type: text/html; charset="utf-8"
Content-ID: <B53326CBD0BEB54F8C27145435CBB42E@eurprd08.prod.outlook.com>
Content-Transfer-Encoding: base64

PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i
dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjwvaGVhZD4NCjxib2R5IHN0eWxlPSJ3b3JkLXdy
YXA6IGJyZWFrLXdvcmQ7IC13ZWJraXQtbmJzcC1tb2RlOiBzcGFjZTsgLXdlYmtpdC1saW5lLWJy
ZWFrOiBhZnRlci13aGl0ZS1zcGFjZTsiIGNsYXNzPSIiPg0KPHByZSBjbGFzcz0id29yZHdyYXAi
IHN0eWxlPSJib3gtc2l6aW5nOiBib3JkZXItYm94OyBvdmVyZmxvdzogYXV0bzsgZm9udC1mYW1p
bHk6IE1lbmxvLCBNb25hY28sIENvbnNvbGFzLCAnQ291cmllciBOZXcnLCBtb25vc3BhY2U7IGZv
bnQtc2l6ZTogMTNweDsgcGFkZGluZzogMHB4OyBtYXJnaW4tdG9wOiAwcHg7IG1hcmdpbi1ib3R0
b206IDEwcHg7IGxpbmUtaGVpZ2h0OiAxLjQyODU3OyB3b3JkLWJyZWFrOiBub3JtYWw7IHdvcmQt
d3JhcDogbm9ybWFsOyBjb2xvcjogcmdiKDUxLCA1MSwgNTEpOyBiYWNrZ3JvdW5kLWNvbG9yOiB3
aGl0ZTsgYm9yZGVyOiAwcHggbm9uZSBibGFjazsgYm9yZGVyLXRvcC1sZWZ0LXJhZGl1czogNHB4
OyBib3JkZXItdG9wLXJpZ2h0LXJhZGl1czogNHB4OyBib3JkZXItYm90dG9tLXJpZ2h0LXJhZGl1
czogNHB4OyBib3JkZXItYm90dG9tLWxlZnQtcmFkaXVzOiA0cHg7IHdoaXRlLXNwYWNlOiBwcmUt
d3JhcDsgZm9udC12YXJpYW50LWxpZ2F0dXJlczogbm9ybWFsOyBvcnBoYW5zOiAyOyB3aWRvd3M6
IDI7Ij5IaSBIZW5rLDwvcHJlPg0KPHByZSBjbGFzcz0id29yZHdyYXAiIHN0eWxlPSJib3gtc2l6
aW5nOiBib3JkZXItYm94OyBvdmVyZmxvdzogYXV0bzsgZm9udC1mYW1pbHk6IE1lbmxvLCBNb25h
Y28sIENvbnNvbGFzLCAnQ291cmllciBOZXcnLCBtb25vc3BhY2U7IGZvbnQtc2l6ZTogMTNweDsg
cGFkZGluZzogMHB4OyBtYXJnaW4tdG9wOiAwcHg7IG1hcmdpbi1ib3R0b206IDEwcHg7IGxpbmUt
aGVpZ2h0OiAxLjQyODU3OyB3b3JkLWJyZWFrOiBub3JtYWw7IHdvcmQtd3JhcDogbm9ybWFsOyBj
b2xvcjogcmdiKDUxLCA1MSwgNTEpOyBiYWNrZ3JvdW5kLWNvbG9yOiB3aGl0ZTsgYm9yZGVyOiAw
cHggbm9uZSBibGFjazsgYm9yZGVyLXRvcC1sZWZ0LXJhZGl1czogNHB4OyBib3JkZXItdG9wLXJp
Z2h0LXJhZGl1czogNHB4OyBib3JkZXItYm90dG9tLXJpZ2h0LXJhZGl1czogNHB4OyBib3JkZXIt
Ym90dG9tLWxlZnQtcmFkaXVzOiA0cHg7IHdoaXRlLXNwYWNlOiBwcmUtd3JhcDsgZm9udC12YXJp
YW50LWxpZ2F0dXJlczogbm9ybWFsOyBvcnBoYW5zOiAyOyB3aWRvd3M6IDI7Ij4NCkp1c3QgeWVz
dGVyZGF5IEkgbWV0IHdpdGggYSB2ZW5kb3IgdGhhdCBkb2VzIGZpcm13YXJlIHVwZ3JhZGVzIGlu
IGlzb2xhdGVkIGNvbXB1dGluZyBjb250ZXh0IHNsaWNlcyBvZiBzaW5ndWxhciB0aGluZ3MgLSBh
bmQgdGhleSB3ZXJlIGFtYXplZCB0aGF0ICZxdW90O3Byb3ZpZGluZyB0aGUgY2FwYWJpbGl0eSBv
ZiBpbmRpY2F0aW5nIGJsb2NrLWRldmljZSBsYWJsZXMvaW5kZXhlcyZxdW90OywgJnF1b3Q7Ymxv
Y2stb2Zmc2V0cyBpbiBhIGJsb2NrLWRldmljZSZxdW90OyBhbmQgc2VtYW50aWMgcmVsYXRpb25z
aGlwcywgc3VjaCBhcyAmcXVvdDtyZXF1aXJlcyZxdW90OywgJnF1b3Q7c3VwZXJzZWRlcyZxdW90
Oywgb3IgJnF1b3Q7cGF0Y2hlcyZxdW90OyBpcyBub3QgYW4gb2J2aW91cyB0aGluZyB0byBiZSBp
bmNsdWRlZCBpbiBhIG1hbmlmZXN0LiBUaGUgbGl0ZXJhbCBxdWVzdGlvbiB0aGV5IHZvaWNlZCB3
YXM6ICZxdW90O1doeSBnb2luZyB0aHJvdWdoIHRoZSBoYXNzbGUgb2YgY3JlYXRpbmcgYSBtYW5p
ZmVzdCBmb3IgbWV0YWRhdGEsIGlmIHlvdSBhcmUgbm90IGdvaW5nIHRvIHB1dCB1c2VmdWwgbWV0
YWRhdGEgaW4gaXQ/JnF1b3Q7IEFuZCBJIGNvdWxkIHVuZGVyc3RhbmQgdGhlaXIgcG9pbnQgb2Yg
dmlldy4NCg0KW0hhbm5lc10gSSBhbSBub3Qgc3VyZSBJIHVuZGVyc3RhbmQgdGhlaXIgY29tbWVu
dC48L3ByZT4NCjxwcmUgY2xhc3M9IndvcmR3cmFwIiBzdHlsZT0iYm94LXNpemluZzogYm9yZGVy
LWJveDsgb3ZlcmZsb3c6IGF1dG87IGZvbnQtZmFtaWx5OiBNZW5sbywgTW9uYWNvLCBDb25zb2xh
cywgJ0NvdXJpZXIgTmV3JywgbW9ub3NwYWNlOyBmb250LXNpemU6IDEzcHg7IHBhZGRpbmc6IDBw
eDsgbWFyZ2luLXRvcDogMHB4OyBtYXJnaW4tYm90dG9tOiAxMHB4OyBsaW5lLWhlaWdodDogMS40
Mjg1Nzsgd29yZC1icmVhazogbm9ybWFsOyB3b3JkLXdyYXA6IG5vcm1hbDsgY29sb3I6IHJnYig1
MSwgNTEsIDUxKTsgYmFja2dyb3VuZC1jb2xvcjogd2hpdGU7IGJvcmRlcjogMHB4IG5vbmUgYmxh
Y2s7IGJvcmRlci10b3AtbGVmdC1yYWRpdXM6IDRweDsgYm9yZGVyLXRvcC1yaWdodC1yYWRpdXM6
IDRweDsgYm9yZGVyLWJvdHRvbS1yaWdodC1yYWRpdXM6IDRweDsgYm9yZGVyLWJvdHRvbS1sZWZ0
LXJhZGl1czogNHB4OyB3aGl0ZS1zcGFjZTogcHJlLXdyYXA7IGZvbnQtdmFyaWFudC1saWdhdHVy
ZXM6IG5vcm1hbDsgb3JwaGFuczogMjsgd2lkb3dzOiAyOyI+W0JyZW5kYW5dIFRoZXNlIGNvbmNl
cHRzIGFyZSBwYXJ0aWFsbHkgYnVpbHQtaW4gdG8gdGhlIG1hbmlmZXN0IGZvcm1hdCBhbHJlYWR5
LiBXaGVyZSBhIGZpbGVzeXN0ZW0gaXMgcHJlc2VudCwgdGhlIFN0b3JhZ2VJZGVudGlmaWVyIGNh
biBhYnNvbHV0ZWx5IGJlIGludGVycHJldGVkIGFzIGEgZmlsZXN5c3RlbSBwYXRoLiBXaGVyZSBv
bmx5IGJsb2NrIGRldmljZXMgYXJlIHByZXNlbnQsIGl0IGNhbiBiZSBhIGJsb2NrLWRldmljZSBs
YWJlbC9pbmRleC4gUHJvdmlkaW5nIGZvciBhbiBvZmZzZXQgYmV5b25kIHRoYXQgY2FuIGJlIGRv
bmUgaW4gdHdvIHdheXM6IGVpdGhlciB3aXRoIGEgc3RyaW5nIGZvcm1hdCBpbiB0aGUgU3RvcmFn
ZUlkZW50aWZpZXIsIG9yIHdpdGggYSBkaXJlY3RpdmUsIHRoYXQgc3RhdGVzIOKAnGJsb2NrIGRl
dmljZSBvZmZzZXTigJ0uPC9wcmU+DQo8cHJlIGNsYXNzPSJ3b3Jkd3JhcCIgc3R5bGU9ImJveC1z
aXppbmc6IGJvcmRlci1ib3g7IG92ZXJmbG93OiBhdXRvOyBmb250LWZhbWlseTogTWVubG8sIE1v
bmFjbywgQ29uc29sYXMsICdDb3VyaWVyIE5ldycsIG1vbm9zcGFjZTsgZm9udC1zaXplOiAxM3B4
OyBwYWRkaW5nOiAwcHg7IG1hcmdpbi10b3A6IDBweDsgbWFyZ2luLWJvdHRvbTogMTBweDsgbGlu
ZS1oZWlnaHQ6IDEuNDI4NTc7IHdvcmQtYnJlYWs6IG5vcm1hbDsgd29yZC13cmFwOiBub3JtYWw7
IGNvbG9yOiByZ2IoNTEsIDUxLCA1MSk7IGJhY2tncm91bmQtY29sb3I6IHdoaXRlOyBib3JkZXI6
IDBweCBub25lIGJsYWNrOyBib3JkZXItdG9wLWxlZnQtcmFkaXVzOiA0cHg7IGJvcmRlci10b3At
cmlnaHQtcmFkaXVzOiA0cHg7IGJvcmRlci1ib3R0b20tcmlnaHQtcmFkaXVzOiA0cHg7IGJvcmRl
ci1ib3R0b20tbGVmdC1yYWRpdXM6IDRweDsgd2hpdGUtc3BhY2U6IHByZS13cmFwOyBmb250LXZh
cmlhbnQtbGlnYXR1cmVzOiBub3JtYWw7IG9ycGhhbnM6IDI7IHdpZG93czogMjsiPjxwcmUgY2xh
c3M9IndvcmR3cmFwIiBzdHlsZT0iYm94LXNpemluZzogYm9yZGVyLWJveDsgb3ZlcmZsb3c6IGF1
dG87IGZvbnQtZmFtaWx5OiBNZW5sbywgTW9uYWNvLCBDb25zb2xhcywgJ0NvdXJpZXIgTmV3Jywg
bW9ub3NwYWNlOyBwYWRkaW5nOiAwcHg7IG1hcmdpbi10b3A6IDBweDsgbWFyZ2luLWJvdHRvbTog
MTBweDsgbGluZS1oZWlnaHQ6IDEuNDI4NTc7IHdvcmQtYnJlYWs6IG5vcm1hbDsgd29yZC13cmFw
OiBub3JtYWw7IGJvcmRlcjogMHB4IG5vbmUgYmxhY2s7IGJvcmRlci10b3AtbGVmdC1yYWRpdXM6
IDRweDsgYm9yZGVyLXRvcC1yaWdodC1yYWRpdXM6IDRweDsgYm9yZGVyLWJvdHRvbS1yaWdodC1y
YWRpdXM6IDRweDsgYm9yZGVyLWJvdHRvbS1sZWZ0LXJhZGl1czogNHB4OyB3aGl0ZS1zcGFjZTog
cHJlLXdyYXA7IGZvbnQtdmFyaWFudC1saWdhdHVyZXM6IG5vcm1hbDsiPltCcmVuZGFuXSAmcXVv
dDtyZXF1aXJlcyZxdW90OywgJnF1b3Q7c3VwZXJzZWRlcyZxdW90Oywgb3Ig4oCccGF0Y2hlc+KA
nSBjYW4gKGFuZCBzaG91bGQpIGJlIGltcGxlbWVudGVkIGFzIGNvbmRpdGlvbnMuPC9wcmU+PGRp
diBjbGFzcz0iIj48YnIgY2xhc3M9IiI+PC9kaXY+PC9wcmU+DQo8cHJlIGNsYXNzPSJ3b3Jkd3Jh
cCIgc3R5bGU9ImJveC1zaXppbmc6IGJvcmRlci1ib3g7IG92ZXJmbG93OiBhdXRvOyBmb250LWZh
bWlseTogTWVubG8sIE1vbmFjbywgQ29uc29sYXMsICdDb3VyaWVyIE5ldycsIG1vbm9zcGFjZTsg
Zm9udC1zaXplOiAxM3B4OyBwYWRkaW5nOiAwcHg7IG1hcmdpbi10b3A6IDBweDsgbWFyZ2luLWJv
dHRvbTogMTBweDsgbGluZS1oZWlnaHQ6IDEuNDI4NTc7IHdvcmQtYnJlYWs6IG5vcm1hbDsgd29y
ZC13cmFwOiBub3JtYWw7IGNvbG9yOiByZ2IoNTEsIDUxLCA1MSk7IGJhY2tncm91bmQtY29sb3I6
IHdoaXRlOyBib3JkZXI6IDBweCBub25lIGJsYWNrOyBib3JkZXItdG9wLWxlZnQtcmFkaXVzOiA0
cHg7IGJvcmRlci10b3AtcmlnaHQtcmFkaXVzOiA0cHg7IGJvcmRlci1ib3R0b20tcmlnaHQtcmFk
aXVzOiA0cHg7IGJvcmRlci1ib3R0b20tbGVmdC1yYWRpdXM6IDRweDsgd2hpdGUtc3BhY2U6IHBy
ZS13cmFwOyBmb250LXZhcmlhbnQtbGlnYXR1cmVzOiBub3JtYWw7IG9ycGhhbnM6IDI7IHdpZG93
czogMjsiPkFkZGl0aW9uYWxseSAtIG9uIG9uZSBoYW5kIC0gSSB3b3VsZCBsaWtlIHRvIHN1cHBv
cnQgdGhlIHRlcm0gY2xhaW0gaW4gcmVzcGVjdCB0byB0aGUgbWl4IG9mIHRlcm1zIGhpZ2hsaWdo
dGVkIGJ5IE1hcnRpbjoNCg0KJmd0OyBJdCdzIG5vdCBqdXN0IHRlcm1pbm9sb2d5LiAgVGhlcmUg
YXJlIHRocmVlIGRpc2NyZXRlIGZpZWxkcyBpbiB0aGUNCiZndDsgZHJhZnQgZm9yIGNvbmRpdGlv
bnMsIGRpcmVjdGl2ZXMgYW5kIGV4dGVuc2lvbnMuICBJIGFtIHN1Z2dlc3RpbmcgdGhhdA0KJmd0
OyB0aGVyZSBvbmx5IG5lZWRzIHRvIGJlIG9uZS4NCjxiciBjbGFzcz0iIj48L3ByZT4NCjxwcmUg
Y2xhc3M9IndvcmR3cmFwIiBzdHlsZT0iYm94LXNpemluZzogYm9yZGVyLWJveDsgb3ZlcmZsb3c6
IGF1dG87IGZvbnQtZmFtaWx5OiBNZW5sbywgTW9uYWNvLCBDb25zb2xhcywgJ0NvdXJpZXIgTmV3
JywgbW9ub3NwYWNlOyBmb250LXNpemU6IDEzcHg7IHBhZGRpbmc6IDBweDsgbWFyZ2luLXRvcDog
MHB4OyBtYXJnaW4tYm90dG9tOiAxMHB4OyBsaW5lLWhlaWdodDogMS40Mjg1Nzsgd29yZC1icmVh
azogbm9ybWFsOyB3b3JkLXdyYXA6IG5vcm1hbDsgY29sb3I6IHJnYig1MSwgNTEsIDUxKTsgYmFj
a2dyb3VuZC1jb2xvcjogd2hpdGU7IGJvcmRlcjogMHB4IG5vbmUgYmxhY2s7IGJvcmRlci10b3At
bGVmdC1yYWRpdXM6IDRweDsgYm9yZGVyLXRvcC1yaWdodC1yYWRpdXM6IDRweDsgYm9yZGVyLWJv
dHRvbS1yaWdodC1yYWRpdXM6IDRweDsgYm9yZGVyLWJvdHRvbS1sZWZ0LXJhZGl1czogNHB4OyB3
aGl0ZS1zcGFjZTogcHJlLXdyYXA7IGZvbnQtdmFyaWFudC1saWdhdHVyZXM6IG5vcm1hbDsgb3Jw
aGFuczogMjsgd2lkb3dzOiAyOyI+W0JyZW5kYW5dIENvbmRpdGlvbnMgYW5kIGRpcmVjdGl2ZXMg
aGF2ZSBhIHNlbWFudGljIGRpZmZlcmVuY2U6IENvbmRpdGlvbnMgYXJlIGV2YWx1YXRlZCBiZWZv
cmUgYWNjZXB0YW5jZSBvZiBhIG1hbmlmZXN0LiBEaXJlY3RpdmVzIGFyZSBleGVjdXRlZCBhZnRl
ciBhY2NlcHRhbmNlIG9mIGEgbWFuaWZlc3QuIFRoaXMgaXMgYSBkaXN0aW5jdGlvbiB0aGF0IGlz
IHRyaXZpYWwgdG8gaW1wbGVtZW50IGFuZCBzaW1wbGlmaWVzIHByb2Nlc3Npbmcgb24gdGhlIHRh
cmdldCBkZXZpY2UuIEkgYmVsaWV2ZSB0aGF0IHRoaXMgaXMgc3VmZmljaWVudCB0byBqdXN0aWZ5
IHNwbGl0dGluZyB0aGUgZmllbGQuPC9wcmU+DQo8cHJlIGNsYXNzPSJ3b3Jkd3JhcCIgc3R5bGU9
ImJveC1zaXppbmc6IGJvcmRlci1ib3g7IG92ZXJmbG93OiBhdXRvOyBmb250LWZhbWlseTogTWVu
bG8sIE1vbmFjbywgQ29uc29sYXMsICdDb3VyaWVyIE5ldycsIG1vbm9zcGFjZTsgZm9udC1zaXpl
OiAxM3B4OyBwYWRkaW5nOiAwcHg7IG1hcmdpbi10b3A6IDBweDsgbWFyZ2luLWJvdHRvbTogMTBw
eDsgbGluZS1oZWlnaHQ6IDEuNDI4NTc7IHdvcmQtYnJlYWs6IG5vcm1hbDsgd29yZC13cmFwOiBu
b3JtYWw7IGNvbG9yOiByZ2IoNTEsIDUxLCA1MSk7IGJhY2tncm91bmQtY29sb3I6IHdoaXRlOyBi
b3JkZXI6IDBweCBub25lIGJsYWNrOyBib3JkZXItdG9wLWxlZnQtcmFkaXVzOiA0cHg7IGJvcmRl
ci10b3AtcmlnaHQtcmFkaXVzOiA0cHg7IGJvcmRlci1ib3R0b20tcmlnaHQtcmFkaXVzOiA0cHg7
IGJvcmRlci1ib3R0b20tbGVmdC1yYWRpdXM6IDRweDsgd2hpdGUtc3BhY2U6IHByZS13cmFwOyBm
b250LXZhcmlhbnQtbGlnYXR1cmVzOiBub3JtYWw7IG9ycGhhbnM6IDI7IHdpZG93czogMjsiPg0K
T24gdGhlIG90aGVyIGhhbmQsIEkgYW0gbm90IHNvIGNlcnRhaW4gYWJvdXQgdGhpcyBzdGF0ZW1l
bnQsIE1hcnRpbjoNCg0KJmd0OyBzdG9yYWdlSWRlbnRpZmllciBzZWVtcyBlc3BlY2lhbGx5IHBy
b2JsZW1hdGljLiAgSWYgeW91IGhhdmUgYSBkZXZpY2UNCiZndDsgdHlwZSBpZGVudGlmaWVyLCB0
aGVuIHRoYXQgc2hvdWxkIHN1ZmZpY2UgZm9yIHRob3NlIGNhc2VzIHdoZXJlIHRoZXJlDQomZ3Q7
IGFyZSBtdWx0aXBsZSB1cGRhdGUgdGFyZ2V0cyBvbiBhIGRldmljZS4gIFRoYXQgaXMsIHlvdSBj
YW4gaWRlbnRpZnkgYnkNCiZndDsgZ2VuZXJpY2FsbHkgaWRlbnRpZnlpbmcgdGhlIHR5cGUgb2Yg
dGhpbmcgdGhhdCB0aGlzIHVwZGF0ZSBhcHBsaWVzIHRvOg0KJmd0OyAmcXVvdDt2ZW5kb3IgZm9v
IGFsYXJtIGNsb2NrIGNvbmZpZ3VyYXRpb24mcXVvdDsgcmF0aGVyIHRoYW4gJnF1b3Q7dmVuZG9y
IGZvbyBhbGFybQ0KJmd0OyBjbG9jayZxdW90OyBhbmQgaXQgYWxsIHdvcmtzIG5lYXRseS4gIFJp
Z2h0IG5vdyB0aGUgc3RvcmFnZUlkZW50aWZpZXIgaXMNCiZndDsgYWxsIHRpZWQgdXAgaW4gdGhl
IHdheSB0aGF0IHRoZSB1cGRhdGUgaXMgaWRlbnRpZmllZC4NCg0KT3B0aW9uYWwgc3RhbmRhcmQg
Y2xhaW1zIHRoYXQgTUFZIGJlIHVzZWQgdG8gcHJvdmlkZSBhZGRpdGlvbmFsIHNlbWFudGljcyB0
byBhIG1hbmlmZXN0IGRvIG5vdCBzb3VuZCBzbyBiYWQgdG8gbWUuIEFtIEkgbWlzc2luZyBzb21l
dGhpbmcgaGVyZT8NCg0KW0hhbm5lc10gTWFydGluIHdvdWxkIGxpa2UgdG8gY29tYmluZSBlbGVt
ZW50cyB3aGlsZSB3ZSBoYWQgcHJvcG9zZWQgdG8gc2VwYXJhdGUgdGhlbS4gVG8gbWUgaXQgZmVl
bHMgbGlrZSBkZWZpbmluZyBhbiBhdHRyaWJ1dGUgJ25hbWUnIHZzLiBoYXZpbmcgdHdvIGF0dHJp
YnV0ZXMsICdmaXJzdCBuYW1lJyBhbmQgJ2xhc3QgbmFtZScuIEkgcGVyc29uYWxseSBkb24ndCBo
YXZlIGEgc3Ryb25nIG9waW5pb24gYWJvdXQgdGhpcyB0b3BpYy4NCjwvcHJlPg0KPHByZSBjbGFz
cz0id29yZHdyYXAiIHN0eWxlPSJib3gtc2l6aW5nOiBib3JkZXItYm94OyBvdmVyZmxvdzogYXV0
bzsgZm9udC1mYW1pbHk6IE1lbmxvLCBNb25hY28sIENvbnNvbGFzLCAnQ291cmllciBOZXcnLCBt
b25vc3BhY2U7IGZvbnQtc2l6ZTogMTNweDsgcGFkZGluZzogMHB4OyBtYXJnaW4tdG9wOiAwcHg7
IG1hcmdpbi1ib3R0b206IDEwcHg7IGxpbmUtaGVpZ2h0OiAxLjQyODU3OyB3b3JkLWJyZWFrOiBu
b3JtYWw7IHdvcmQtd3JhcDogbm9ybWFsOyBjb2xvcjogcmdiKDUxLCA1MSwgNTEpOyBiYWNrZ3Jv
dW5kLWNvbG9yOiB3aGl0ZTsgYm9yZGVyOiAwcHggbm9uZSBibGFjazsgYm9yZGVyLXRvcC1sZWZ0
LXJhZGl1czogNHB4OyBib3JkZXItdG9wLXJpZ2h0LXJhZGl1czogNHB4OyBib3JkZXItYm90dG9t
LXJpZ2h0LXJhZGl1czogNHB4OyBib3JkZXItYm90dG9tLWxlZnQtcmFkaXVzOiA0cHg7IHdoaXRl
LXNwYWNlOiBwcmUtd3JhcDsgZm9udC12YXJpYW50LWxpZ2F0dXJlczogbm9ybWFsOyBvcnBoYW5z
OiAyOyB3aWRvd3M6IDI7Ij5CZXN0IFJlZ2FyZHMsPC9wcmU+DQo8cHJlIGNsYXNzPSJ3b3Jkd3Jh
cCIgc3R5bGU9ImJveC1zaXppbmc6IGJvcmRlci1ib3g7IG92ZXJmbG93OiBhdXRvOyBmb250LWZh
bWlseTogTWVubG8sIE1vbmFjbywgQ29uc29sYXMsICdDb3VyaWVyIE5ldycsIG1vbm9zcGFjZTsg
Zm9udC1zaXplOiAxM3B4OyBwYWRkaW5nOiAwcHg7IG1hcmdpbi10b3A6IDBweDsgbWFyZ2luLWJv
dHRvbTogMTBweDsgbGluZS1oZWlnaHQ6IDEuNDI4NTc7IHdvcmQtYnJlYWs6IG5vcm1hbDsgd29y
ZC13cmFwOiBub3JtYWw7IGNvbG9yOiByZ2IoNTEsIDUxLCA1MSk7IGJhY2tncm91bmQtY29sb3I6
IHdoaXRlOyBib3JkZXI6IDBweCBub25lIGJsYWNrOyBib3JkZXItdG9wLWxlZnQtcmFkaXVzOiA0
cHg7IGJvcmRlci10b3AtcmlnaHQtcmFkaXVzOiA0cHg7IGJvcmRlci1ib3R0b20tcmlnaHQtcmFk
aXVzOiA0cHg7IGJvcmRlci1ib3R0b20tbGVmdC1yYWRpdXM6IDRweDsgd2hpdGUtc3BhY2U6IHBy
ZS13cmFwOyBmb250LXZhcmlhbnQtbGlnYXR1cmVzOiBub3JtYWw7IG9ycGhhbnM6IDI7IHdpZG93
czogMjsiPkJyZW5kYW48L3ByZT4NCklNUE9SVEFOVCBOT1RJQ0U6IFRoZSBjb250ZW50cyBvZiB0
aGlzIGVtYWlsIGFuZCBhbnkgYXR0YWNobWVudHMgYXJlIGNvbmZpZGVudGlhbCBhbmQgbWF5IGFs
c28gYmUgcHJpdmlsZWdlZC4gSWYgeW91IGFyZSBub3QgdGhlIGludGVuZGVkIHJlY2lwaWVudCwg
cGxlYXNlIG5vdGlmeSB0aGUgc2VuZGVyIGltbWVkaWF0ZWx5IGFuZCBkbyBub3QgZGlzY2xvc2Ug
dGhlIGNvbnRlbnRzIHRvIGFueSBvdGhlciBwZXJzb24sIHVzZSBpdCBmb3IgYW55IHB1cnBvc2Us
DQogb3Igc3RvcmUgb3IgY29weSB0aGUgaW5mb3JtYXRpb24gaW4gYW55IG1lZGl1bS4gVGhhbmsg
eW91Lg0KPC9ib2R5Pg0KPC9odG1sPg0K

--_000_D1B9CBA283DB431FB580ED9D857ECC85armcom_--


From nobody Tue Nov  7 15:14:06 2017
Return-Path: <Brendan.Moran@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BAFF4129B05 for <suit@ietfa.amsl.com>; Tue,  7 Nov 2017 15:14:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.92
X-Spam-Level: 
X-Spam-Status: No, score=-1.92 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5a6gE_ZUC2Zf for <suit@ietfa.amsl.com>; Tue,  7 Nov 2017 15:13:54 -0800 (PST)
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-ve1eur01on0062.outbound.protection.outlook.com [104.47.1.62]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EC781129B06 for <suit@ietf.org>; Tue,  7 Nov 2017 15:13:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=DwdZX7a8hANVph/ovamGy5N0RHLvzvKI44gYbj5lJKs=; b=PC2ywoLaeTkwdjQ4eJ3UyXHUFqw7t5z9v/1/QVlz4GZsW4xQUS42ojQWvFAn4Q9W1UaedfEKt9Xtwu+yjDJOCCTF6uCD0ix93u4+E6c8wA+Gkcb3rfAVreUmpgmKvI4WHxSlxUq1ckVvEl73bPCndNRhHcCy8Mp5gD4iYi5y3tU=
Received: from DB5PR08MB0615.eurprd08.prod.outlook.com (10.169.32.149) by DB5PR08MB0614.eurprd08.prod.outlook.com (10.169.32.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.197.13; Tue, 7 Nov 2017 23:13:35 +0000
Received: from DB5PR08MB0615.eurprd08.prod.outlook.com ([fe80::b123:af71:1ed2:1057]) by DB5PR08MB0615.eurprd08.prod.outlook.com ([fe80::b123:af71:1ed2:1057%14]) with mapi id 15.20.0197.020; Tue, 7 Nov 2017 23:13:35 +0000
From: Brendan Moran <Brendan.Moran@arm.com>
To: Carsten Bormann <cabo@tzi.org>
CC: Rajesh Kanungo <rajesh@talasecure.com>, "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] WG Review: Software Updates for Internet of Things (suit)
Thread-Index: AQHTVSwqgRYVGfZJ1EmP1btbHqGAp6MEDlqAgAWDYIA=
Date: Tue, 7 Nov 2017 23:13:35 +0000
Message-ID: <2576DC47-F202-472D-829A-AC6C04162441@arm.com>
References: <CALRhWcvFiVrC=wMGe7T6HDKg3PjF=4W+p=FJNOydH3EtT=6Ueg@mail.gmail.com> <80676780-A83B-4DE8-93F4-2C0D78C8250E@tzi.org>
In-Reply-To: <80676780-A83B-4DE8-93F4-2C0D78C8250E@tzi.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-mailer: Apple Mail (2.3273)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Brendan.Moran@arm.com; 
x-originating-ip: [81.101.7.188]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DB5PR08MB0614; 6:oJcETPWHan3q7hBB27coJtpsTdx11/wYgZxyaIQEkYWAl4941/Ke+OAyKci08sVKLrBphtiRoJVoZLnBNVGHKJI0Bzbf3Xl/Zfl3ztuWDVdXDxdP89ajqzD9wCWmyLgY3CBVmZZISGBnahAhBcPAFAlamLjQnDht9Kgtn7ZpI5p3XsIRcRAlS9v4COZDbow3iFG1FGFUEFHi87o9+evfYEAag2f10qzEg8lI0HSz/lTaGfeofIy5wYinhdkwRTXDOAp1ypJx855AUJXChxnst0oNykauAOB2EnraWUN32laZtR/sHqkt0Wnh2npY0RNBud3i6W+T2thG7pZLSFJHcQts9OGu5isPsluTCRMtxxk=; 5:ijhFLXOuXEIvmy1TSuyIf/rFKMz/V7pn0g47etKxLbcnwv7DUv7off/K+ixyNlHzp9dyz9VIb76Gkft4SmEq35FdxtVqpmrdFtQNL+Jenk+IENhpwqvXFVAYt47kJLVT5250ywTJosL62a5gnCL65LSovTuCC0O7P+jD17TO9Ls=; 24:3JlSpt9maM17XZqEVpNFxuKV431AJZ98FlmNY3dDrtTbHBHPhcJjODH2PjyzlApOqEQuJjxaSaMR+9vAZYPEoSoxNGRKveNVHTy4HHFiXeE=; 7:Wk5B10qNjP9TsAoeMaZijj6IWPrSwku+r5ew/kuiedgGr8Di+6oylk7xbw2N82r8k6W1kBIUjpves0Hrvw89dpskpljPYsbj1HJdPIoDU3J5XT+OxvUn8TWMSmY+euC93SmkQW5V98jUvcoPOcvy+3/Rhv/UXGHbghYtocC/77+f/mU3uAESuA7YBb2kyQ61fpELJmJdQCGvVPpdpObQH4XXIhKrPhEP2KTS1pVRHU69a/Y/VnJn/yTZB+Ct3ZJy
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: b0da17bf-ea91-4072-1af1-08d526352c25
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603199); SRVR:DB5PR08MB0614; 
x-ms-traffictypediagnostic: DB5PR08MB0614:
x-exchange-antispam-report-test: UriScan:(788757137089);
x-microsoft-antispam-prvs: <DB5PR08MB061402617F38F0F0D6890B53EA510@DB5PR08MB0614.eurprd08.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(3002001)(10201501046)(3231021)(93006095)(93001095)(100000703101)(100105400095)(6055026)(6041248)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123558100)(20161123560025)(20161123555025)(20161123562025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:DB5PR08MB0614; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:DB5PR08MB0614; 
x-forefront-prvs: 0484063412
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(39860400002)(346002)(376002)(24454002)(189002)(40434004)(199003)(82746002)(8676002)(81156014)(81166006)(8936002)(25786009)(15650500001)(345774005)(72206003)(966005)(57306001)(478600001)(106356001)(5660300001)(36756003)(3280700002)(86362001)(66066001)(2906002)(3660700001)(6916009)(2950100002)(33656002)(229853002)(50226002)(105586002)(101416001)(76176999)(50986999)(6506006)(6486002)(6436002)(2900100001)(7736002)(305945005)(68736007)(53936002)(5250100002)(6246003)(5890100001)(6512007)(6306002)(189998001)(316002)(54906003)(4326008)(97736004)(102836003)(3846002)(83716003)(6116002)(14454004)(53546010)(99286004); DIR:OUT; SFP:1101; SCL:1; SRVR:DB5PR08MB0614; H:DB5PR08MB0615.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords;  MX:1; A:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <2BC46EC0CE232148B555FC01A899D176@eurprd08.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b0da17bf-ea91-4072-1af1-08d526352c25
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Nov 2017 23:13:35.7607 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB5PR08MB0614
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/pMHNtl8Pq6cMmTSRkXDidN3ItY4>
Subject: Re: [Suit] WG Review: Software Updates for Internet of Things (suit)
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Nov 2017 23:14:05 -0000

SSBmaW5kIGl0IHVzZWZ1bCB0byBkaXN0aW5ndWlzaCBiZXR3ZWVuIGluZm9ybWF0aW9uIHRoYXQg
YSBkZXZpY2UgbmVlZHMgdG8ga25vdyBpbiBvcmRlciB0byBhdXRob3Jpc2UgYW4gdXBkYXRlLCBh
bmQgaW5mb3JtYXRpb24gdGhhdCBhIGRldmljZSBuZWVkcyB0byBrbm93IGluIG9yZGVyIHRvIGFw
cGx5IGFuIHVwZGF0ZS4gSeKAmWQgbGlrZSB0byBzZWUgYSB1c2UtY2FzZSB0aGF0IGRlc2NyaWJl
cyB3aGVyZSBhIGRldmljZSB3b3VsZCBuZWVkIHB1cmVseSBpbmZvcm1hdGlvbmFsIGNvbnRlbnQg
aW4gYSBtYW5pZmVzdC4NCg0KSSBoYXZlIGFubm90YXRlZCB0aGUgY2xhaW1zIHlvdSBoYXZlIGxp
c3RlZCBiZWxvdy4gVGhleSBzZWVtIHRvIGZhbGwgaW50byB0d28gZ3JvdXBzDQoqIHB1cmVseSBp
bmZvcm1hdGlvbmFsIGNsYWltcyAodGhlc2UgYXJlIG5vdCB1c2VkIGJ5IHRoZSBkZXZpY2UgdG8g
bWFrZSBkZWNpc2lvbnMpLg0KKiBwcmUtaW5zdGFsbGF0aW9uIGNvbmRpdGlvbnM6IGNoZWNrcyB0
aGF0IHRoZSBkZXZpY2UgbXVzdCBwZXJmb3JtIHByaW9yIHRvIGluc3RhbGxpbmcgYSBmaXJtd2Fy
ZSBwYWNrYWdlLg0KDQpJIGV4cGVjdCB0byBhbHNvIGZpbmQg4oCcY2xhaW1z4oCdIHRoYXQgYXJl
IGluc3RydWN0aW9ucyBhYm91dCBob3cgdG8gaW50ZXJwcmV0IHBheWxvYWRzLCBob3cgdG8gaW5z
dGFsbCB0aGVtLCBldGMuDQoNCkluIGFsbCwgSSBleHBlY3QgX19fIHNlbWFudGljcyBmb3IgY2xh
aW1zOg0KKiBwcmUtaW5zdGFsbGF0aW9uIGNvbmRpdGlvbnMNCiogaW5zdGFsbGF0aW9uIGluc3Ry
dWN0aW9ucw0KKiBwYXlsb2FkIGRlc2NyaXB0b3JzIChob3cgZG8gSSBvYnRhaW4gdGhlIHJlZmVy
ZW5jZWQgcGF5bG9hZD8gSG93IGJpZyBpcyBpdD8gSG93IGRvIEkgdmVyaWZ5IGl0cyBpbnRlZ3Jp
dHk/KQ0KKiBpbmZvcm1hdGlvbmFsIGNsYWltcyAodGhpcyBpcyBmaXJtd2FyZSB2ZXJzaW9uIDIu
MTcuMzMpDQoNClRoZSBkZXZpY2Ugc2hvdWxkbuKAmXQgbmVlZCB0byBrbm93IGFib3V0IGZpcm13
YXJlIHZlcnNpb25zIGZvciBzaW5nbGUtaW1hZ2UgdXBkYXRlcywgc2luY2UgdGhlIG1vbm90b25p
YyBzZXF1ZW5jZSBudW1iZXIgb2YgdGhlIG1hbmlmZXN0IGVuY2Fwc3VsYXRlcyByb2xsYmFjayBw
cm90ZWN0aW9uLg0KDQpJcyB0aGVyZSBhIGdvb2QgcmVhc29uIHRvIHRyeSBhbmQgY29tYmluZSBh
bGwgb2YgdGhlc2Ugc2VtYW50aWNzIGludG8gYSBzaW5nbGUgdHlwZSBvZiDigJxjbGFpbeKAnSBm
aWVsZD8NCg0KQmVzdCBSZWdhcmRzLA0KQnJlbmRhbiBNb3Jhbg0KDQo+IE9uIDQgTm92IDIwMTcs
IGF0IDExOjAyLCBDYXJzdGVuIEJvcm1hbm4gPGNhYm9AdHppLm9yZz4gd3JvdGU6DQo+DQo+IE9u
IE5vdiA0LCAyMDE3LCBhdCAwNjoxNywgUmFqZXNoIEthbnVuZ28gPHJhamVzaEB0YWxhc2VjdXJl
LmNvbT4gd3JvdGU6DQo+Pg0KPj4gb25lIGZlYXR1cmUgdGhhdCBJIHJlYWxseSBsaWtlZDogIGNv
LXNpZ25pbmcuICBUaGlzIGFsbG93cyBhIGZpcm13YXJlIHVwZGF0ZSB0byBiZSBjby1zaWduZWQg
YnkgYW4gb3BlcmF0b3Igc28gdGhhdCB0aGUgZGV2aWNlcyB3b3VsZCBhY2NlcHQgb25seSBmaXJt
d2FyZSBhcHByb3ZlZCBieSB0aGUgb3BlcmF0b3IgKGUuZy4gVXRpbGl0eSkgLiAgTWFueSB0aW1l
cywgdGhlIG9wZXJhdG9yIHdvdWxkIHRlc3Qgb3V0IGEgbWFudWZhY3R1cmVyIHNpZ25lZCBmaXJt
d2FyZSB1cGRhdGUgaW4gdGhlaXIgb3duIHNldHVwLCB3b3JrIHdpdGggdGhlIG1hbnVmYWN0dXJl
ciB0byBmaXggYW55IGlzc3VlcywgdGhlbiBjby1zaWduIHRoZSBmaXJtd2FyZSBiZWZvcmUgZGlz
dHJpYnV0aW9uLiAgVGhlIHRhcmdldCBkZXZpY2Ugd291bGQgb25seSBhY2NlcHQgdXRpbGl0eSBz
aWduZWQgZmlybXdhcmUg4oCmDQo+DQo+IFRoYW5rIHlvdSBmb3IgYWRkaW5nIGNvbnRlbnQgaGVy
ZSB0aGF0IGxlYWRzIHVzIGF3YXkgZnJvbSB0aGUgZm9ybWF0IHdhcnMuDQo+DQo+IFNvIGJhc2lj
YWxseSwgeW91IGhhdmUgdHdvIHNpZ25lZCBjbGFpbXM6DQo+DQo+IElzc3VlcjogbWFudWZhY3R1
cmVyDQo+IFN1YmplY3Q6ICh0aGUgZmlybXdhcmUpDQo+IENsYWltOiBUaGlzIGZpcm13YXJlIGlz
IGFwcHJvcHJpYXRlIGZvciBtYW51ZnggbW9kZWwgMDgxNSByZXYgNCB0byAxNywgd2hlbiBlcXVp
cHBlZCB3aXRoIDEyOCBLaUIgb2YgUkFNDQoNClRoaXMgaXMgYSBzZXQgb2YgcHJlLWluc3RhbGxh
dGlvbiBjb25kaXRpb25zLg0KDQo+IENsYWltOiBUaGlzIGZpcm13YXJlIHByb3ZpZGVzIGZlYXR1
cmUgc2V0IEEsIEIsIE0NCg0KVGhpcyBhcHBlYXJzIHRvIGJlIHB1cmVseSBpbmZvcm1hdGlvbmFs
Lg0KDQo+IENsYWltOiBUaGlzIGZpcm13YXJlIGhhcyB2ZXJzaW9uIDIuMTcuMzMgYW5kIHJlcGxh
Y2VzIGFsbCBudW1lcmljYWxseSBzbWFsbGVyIGZpcm13YXJlIHZlcnNpb25zDQoNClRoaXMgaXMg
bWF5IGJlIGluZm9ybWF0aW9uYWwuIEl0IGlzIGhhcmQgdG8gdGVsbC4gSWYgdGhlIG1ldGFkYXRh
IGhhcyBhIG1vbm90b25pYyBzZXF1ZW5jZSBudW1iZXIsIHRoaXMgc2hvdWxkIGJlIHVubmVjZXNz
YXJ5LCB1bmxlc3MgSeKAmW0gbWlzc2luZyBhIHVzZS1jYXNlLg0KDQo+IElzc3VlcjogdXRpbGl0
eQ0KPiBTdWJqZWN0OiAodGhlIGZpcm13YXJlKQ0KPiBDbGFpbTogVGhpcyBmaXJtd2FyZSBpcyBh
cHByb3ByaWF0ZSBmb3IgdXNlIGluIFdlc2VybmV0eiBpbiBlYXN0ZXJuIEJyZW1lbiwgY29udHJh
Y3QgdHlwZXMgMTcsIDMyLCBhbmQgMzgsIGluc3RhbGxhdGlvbiB0eXBlcyBiZXRhLCBnYW1tYSwg
YW5kIG55Lg0KDQpUaGlzIGlzIGEgc2V0IG9mIHByZS1pbnN0YWxsYXRpb24gY29uZGl0aW9ucw0K
DQo+IENsYWltOiBEbyBub3QgcmVwbGFjZSAyLjE3LjMxIHdpdGggdGhpcyBqdXN0IHlldCwgdGhl
cmUgaXMgYSBidWcgaW4gdGhlIHVwZGF0ZXIgdGhhdCB3aWxsIGJlIHdvcmtlZCBhcm91bmQgbGF0
ZXIuDQoNClRoaXMgaXMgYSBuZWdhdGl2ZSBwcmUtaW5zdGFsbGF0aW9uIGNvbmRpdGlvbg0KDQo+
DQo+IFRoZSBhdXRob3JpemF0aW9uIHBvbGljeSBmb3IgdGhlIHVwZ3JhZGUgd291bGQgY2hlY2sg
YWxsIHRoZXNlIGNsYWltcyBmb3IgKGF1dGhvcml6ZWQgYXV0aGVudGljYXRpb24gYW5kKSB0aGUg
cmVxdWlyZW1lbnRzIHRoYXQgYXJlIHNwZWNpZmljIHRvIHRoZSBkZXZpY2UvbW9kZWwgYW5kIHRo
ZSBpbnN0YWxsYXRpb24vdXNhZ2UvY29udHJhY3QgdHlwZS4NCj4NCj4gT2YgY291cnNlLCBhIHZl
cnkgY29uc3RyYWluZWQgZGV2aWNlIHdvdWxkIHByZWZlciB0byAoYWxzbz8pIGdldCBvbmUgY2xh
aW0gZnJvbSBpdHMgYXV0aG9yaXphdGlvbiBtYW5hZ2VyOg0KPg0KPiBJc3N1ZXI6IGF1dGhvcml6
YXRpb24gbWFuYWdlcg0KPiBTdWJqZWN0OiAodGhlIGZpcm13YXJlKQ0KPiBBdWRpZW5jZTogWW91
LCB0aGUgZGV2aWNlDQo+IENsYWltOiBUaGlzIGlzIGdvb2QgZm9yIHlvdQ0KPg0KPiBHcsO8w59l
LCBDYXJzdGVuDQo+DQo+IF9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fDQo+IFN1aXQgbWFpbGluZyBsaXN0DQo+IFN1aXRAaWV0Zi5vcmcNCj4gaHR0cHM6Ly93
d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9zdWl0DQoNCklNUE9SVEFOVCBOT1RJQ0U6IFRo
ZSBjb250ZW50cyBvZiB0aGlzIGVtYWlsIGFuZCBhbnkgYXR0YWNobWVudHMgYXJlIGNvbmZpZGVu
dGlhbCBhbmQgbWF5IGFsc28gYmUgcHJpdmlsZWdlZC4gSWYgeW91IGFyZSBub3QgdGhlIGludGVu
ZGVkIHJlY2lwaWVudCwgcGxlYXNlIG5vdGlmeSB0aGUgc2VuZGVyIGltbWVkaWF0ZWx5IGFuZCBk
byBub3QgZGlzY2xvc2UgdGhlIGNvbnRlbnRzIHRvIGFueSBvdGhlciBwZXJzb24sIHVzZSBpdCBm
b3IgYW55IHB1cnBvc2UsIG9yIHN0b3JlIG9yIGNvcHkgdGhlIGluZm9ybWF0aW9uIGluIGFueSBt
ZWRpdW0uIFRoYW5rIHlvdS4NCg==


From nobody Tue Nov  7 21:03:46 2017
Return-Path: <tk47@nyu.edu>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 79E1812EBD4 for <suit@ietfa.amsl.com>; Tue,  7 Nov 2017 21:03:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level: 
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nyu-edu.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f0GKzoMJbeBx for <suit@ietfa.amsl.com>; Tue,  7 Nov 2017 21:03:42 -0800 (PST)
Received: from mail-it0-x22c.google.com (mail-it0-x22c.google.com [IPv6:2607:f8b0:4001:c0b::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8AB5A12EBAE for <suit@ietf.org>; Tue,  7 Nov 2017 21:03:42 -0800 (PST)
Received: by mail-it0-x22c.google.com with SMTP id k70so8104072itk.0 for <suit@ietf.org>; Tue, 07 Nov 2017 21:03:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nyu-edu.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to:cc; bh=T3OOUZXAjM6GhwlGjf3nLe/kBf9Mqu+K2nkaEie+bcQ=; b=o1AQ6sTKPeqP3eSimXJao9tP2NjVoZH0UFcoPIvKhk/5J5+cNGgG009L7hKsmKus3k tnGOCrZHgbzmvh3U2wLPPuIXwIR407xZFvB+OXnLbSlKsRqE2IXIjwJMhbLADCIMA3WJ tICua8mF9b7FtMzQZW0nMYk2cOKILQ7Q3yETmHKicF+zbpiwaMcXdiTgr3uGKDNc+Gop IvdMZrPwe3S8eFGPH04ivZniyr7qM5lPHADiHwablY0kJHykjeoR6098mluh6IYIMEkK Wki1kYBcEDSjp6vWyNuuc3/NNrnINRMFbxzgarl9nlDVxsCCm2RBfpjbx1mUoznUjtUp pIsw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=T3OOUZXAjM6GhwlGjf3nLe/kBf9Mqu+K2nkaEie+bcQ=; b=KHIMlj2tUksCdQjnnaaYtjd/8fV3irVyyDan7/29DNCGU+NWmrMx6yGXWbIeZrfIMG QFXHKWlYLkzMcl7k8jhAwDzAjh4bIP5dTJffdhrTJHdXOiR4tA2zbEi+JGyT0e0cV60p Qs6/PrutzdDCGaFiJcMXRYHsg6UxPVia3qX+J4o4WQDe8IQy1d2eEIC/wTr3NEwNNazv jEYRyU5baOe94pZ3J+pLSHwPTnG79meCjThcJi2kIhL+lKG+fp4ympSjs7x4+/sTF98V 8d0TWNa9h3EQOrb6HS/bRzmU8qB5FcAdImcd1RPoaGOxUKac6c4vYX5d0rOb4jzNlwG+ Z3nA==
X-Gm-Message-State: AJaThX7KXAxLBh9Rw3Xvmg6Kedb/cy3HfBrOrt6W+3V7Swd7F30Shk4F p2HNlK1laqWh+VbeuYv9kUK5gVgoelQ0IX5fnzY6uEGmlck=
X-Google-Smtp-Source: ABhQp+TkVFCbFHup0Gct1MzJK8Y60kr0c203BdV/xXIjaBcj+avR9wXhVlVMI2HfF54Cj4ENTeWyxfvPvjd5LiBrWRE=
X-Received: by 10.36.46.4 with SMTP id i4mr2150177ita.145.1510117421517; Tue, 07 Nov 2017 21:03:41 -0800 (PST)
MIME-Version: 1.0
Received: by 10.79.145.16 with HTTP; Tue, 7 Nov 2017 21:03:01 -0800 (PST)
From: Trishank Karthik Kuppusamy <trishank@nyu.edu>
Date: Wed, 8 Nov 2017 00:03:01 -0500
Message-ID: <CAJa2m-pjbm_C9x-pM1sVyuFr1_Bk5hE-TZgVQk0WCAcuvcngAw@mail.gmail.com>
To: suit@ietf.org
Cc: Justin Cappos <jcappos@nyu.edu>, Vladimir Diaz <vladimir.v.diaz@gmail.com>, Shikhar Sakhuja <ss9131@nyu.edu>, Ariella C Feuchtwanger <acf469@nyu.edu>,  Sebastien Awwad <sebastienawwad@gmail.com>
Content-Type: multipart/alternative; boundary="001a114aa3747aa55b055d719c04"
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/nbWKu4RVyE_vAxwj4HFDs64cnZs>
Subject: [Suit] Towards building a secure software update standard for IoT
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Nov 2017 05:03:45 -0000

--001a114aa3747aa55b055d719c04
Content-Type: text/plain; charset="UTF-8"

Hello everyone,

I'm a Ph.D. graduate from NYU Tandon who worked on The Update Framework
(TUF) <https://theupdateframework.github.io/>, an open security standard
for building compromise-resilient software repositories. The Linux
Foundation recently named
<https://www.cncf.io/announcement/2017/10/24/cncf-host-two-security-projects-notary-tuf-specification/>
TUF as one of two new security projects hosted by its Cloud Native
Computing Foundation. TUF is being used in production by LEAP
<https://leap.se/en/2014/darkest-night>, VMware, Flynn
<https://flynn.io/docs/development#the-update-framework-%28tuf%29>, Kolide
<https://github.com/kolide/updater>, DigitalOcean
<https://github.com/digitalocean/do-agent/blob/1171266a8c5de9598a0d4b9e9967aeb5bf7df76b/vendor/vendor.json#L27-L51>,
Cloudflare
<https://blog.cloudflare.com/pal-a-container-identity-bootstrapping-tool/>,
CoreOS, and Docker
<https://blog.docker.com/2015/08/content-trust-docker-1-8/>.

I write to this group because I think the design principles behind TUF may
also be useful to secure software updates for IoT. The problem with two
common off-the-shelf systems used to transport updates from repositories
--- or servers used to host and distribute updates --- to devices is that
they are not compromise-resilient
<https://www.usenix.org/conference/nsdi16/technical-sessions/presentation/kuppusamy>
.

The first system, where repositories uses an encrypted transport mechanism
such as SSL / TLS, protects devices from man-in-the-middle attacks.
However, it does not protect devices when the repository itself has been
compromised, because attackers can use the same online SSL / TLS key to
sign and distribute malicious updates. This is true even if the private key
is protected behind a Hardware Security Module (HSM), because the point is
that attackers can use the HSM to sign malicious updates, even without
access to the private key itself.

In order to protect updates at rest, the second system uses an offline key,
typically using GPG or RSA, to sign all updates. Unfortunately, this system
usually suffers from problems with key revocation, or signing for new
metadata about updates on-demand.

TUF uses several design principles
<https://justinsamuel.com/papers/survivable-key-compromise-ccs2010.pdf> to
protect users as much as possible from installing malicious updates, even
if the repository used to serve those updates itself has been compromised:

   1. *Separation of duties*: different types of metadata are signed by
   different roles using different keys, so that a key compromise does not
   necessarily impact the security of the whole system.
   2. *Threshold signatures*: *m* out of *n* signatures may be required to
   sign an update, so that this minimum number of keys must be compromised in
   order to sign malware.
   3. *Implicit and explicit key revocation*: there must be ways to revoke
   and replace keys, because they may be lost or compromised.
   4. *Minimizing risk with offline keys*: metadata may be signed using
   signing keys kept off the repository, so that a repository compromise does
   not immediately result in signed malware.
   5. *Selective delegation of trust*: different developers may be trusted
   to sign for only a subset of updates, so that a developer key compromise
   does not affect all devices. Delegations are also useful for distributing,
   revoking, and replacing public keys belonging to developers.
   6. *Diversity of signing and hashing algorithms*: using multiple
   algorithms allows for surviving a compromise of one of them.

Uptane <https://uptane.github.io/> is a variant of TUF which is especially
designed for automobiles. It allows vehicle manufactures to customize which
updates are installed on which vehicles without compromising security. It
is being integrated by at least three automotive suppliers, including Advanced
Telematic Systems
<https://www.prnewswire.com/news-releases/ats-is-integrating-the-uptane-security-framework-for-over-the-air-software-updates-to-connected-vehicles-628170073.html>,
Lear Corporation, and OTAinfo
<https://www.crunchbase.com/organization/otainfo>.

The research group at NYU and I feel that many of the design principles
behind Uptane may be used in the IoT domain, as they appear to be share
some of the same requirements. Despite offering high security, Uptane is
flexible enough to accommodate a wide variety of deployment configurations.
For example, Uptane is agnostic to the precise data encoding format used to
describe metadata, so that ASN.1, CBOR, or XML may be used by different
implementors.

More information about TUF is available at:
https://www.theupdateframework.com/

More information about Uptane, a variant of TUF for automobiles, is
available at: https://uptane.github.io/

My thesis on TUF and Uptane is availabe at:
https://drive.google.com/file/d/0B5-9MEQ0SQN2SjdmdUxueThQNmM/view?usp=sharing

We hope to collaborate with you on designing a secure yet flexible software
update standard for IoT. In particular, we are interested in learning about
unique challenges in this domain that pertain to software updates. We look
forward to hearing from you!

With best regards,
Trishank

--001a114aa3747aa55b055d719c04
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div>Hello everyone,</div><div><br></div><div>I&#39;m a Ph=
.D. graduate from NYU Tandon who worked on <a href=3D"https://theupdatefram=
ework.github.io/">The Update Framework (TUF)</a>, an open security standard=
 for building compromise-resilient software repositories. The Linux Foundat=
ion recently <a href=3D"https://www.cncf.io/announcement/2017/10/24/cncf-ho=
st-two-security-projects-notary-tuf-specification/">named</a> TUF as one of=
 two new security projects hosted by its Cloud Native Computing Foundation.=
 TUF is being used in production by <a href=3D"https://leap.se/en/2014/dark=
est-night">LEAP</a>, VMware, <a href=3D"https://flynn.io/docs/development#t=
he-update-framework-%28tuf%29">Flynn</a>, <a href=3D"https://github.com/kol=
ide/updater">Kolide</a>, <a href=3D"https://github.com/digitalocean/do-agen=
t/blob/1171266a8c5de9598a0d4b9e9967aeb5bf7df76b/vendor/vendor.json#L27-L51"=
>DigitalOcean</a>, <a href=3D"https://blog.cloudflare.com/pal-a-container-i=
dentity-bootstrapping-tool/">Cloudflare</a>, CoreOS, and <a href=3D"https:/=
/blog.docker.com/2015/08/content-trust-docker-1-8/">Docker</a>.</div><div><=
br></div><div>I write to this group because I think the design principles b=
ehind TUF may also be useful to secure software updates for IoT. The proble=
m with two common off-the-shelf systems used to transport updates from repo=
sitories --- or servers used to host and distribute updates --- to devices =
is that they are not <a href=3D"https://www.usenix.org/conference/nsdi16/te=
chnical-sessions/presentation/kuppusamy">compromise-resilient</a>.</div><di=
v><br></div><div>The first system, where repositories uses an encrypted tra=
nsport mechanism such as SSL / TLS, protects devices from man-in-the-middle=
 attacks. However, it does not protect devices when the repository itself h=
as been compromised, because attackers can use the same online SSL / TLS ke=
y to sign and distribute malicious updates. This is true even if the privat=
e key is protected behind a Hardware Security Module (HSM), because the poi=
nt is that attackers can use the HSM to sign malicious updates, even withou=
t access to the private key itself.</div><div><br></div><div>In order to pr=
otect updates at rest, the second system uses an offline key, typically usi=
ng GPG or RSA, to sign all updates. Unfortunately, this system usually suff=
ers from problems with key revocation, or signing for new metadata about up=
dates on-demand.</div><div><br></div><div>TUF uses several <a href=3D"https=
://justinsamuel.com/papers/survivable-key-compromise-ccs2010.pdf">design pr=
inciples</a> to protect users as much as possible from installing malicious=
 updates, even if the repository used to serve those updates itself has bee=
n compromised:</div><div><ol><li><b>Separation of duties</b>: different typ=
es of metadata are signed by different roles using different keys, so that =
a key compromise does not necessarily impact the security of the whole syst=
em.<br></li><li><b>Threshold signatures</b>: <i>m</i> out of <i>n</i> signa=
tures may be required to sign an update, so that this minimum number of key=
s must be compromised in order to sign malware.<br></li><li><b>Implicit and=
 explicit key revocation</b>: there must be ways to revoke and replace keys=
, because they may be lost or compromised.<br></li><li><b>Minimizing risk w=
ith offline keys</b>: metadata may be signed using signing keys kept off th=
e repository, so that a repository compromise does not immediately result i=
n signed malware.<br></li><li><b>Selective delegation of trust</b>: differe=
nt developers may be trusted to sign for only a subset of updates, so that =
a developer key compromise does not affect all devices. Delegations are als=
o useful for distributing, revoking, and replacing public keys belonging to=
 developers.<br></li><li><b>Diversity of signing and hashing algorithms</b>=
: using multiple algorithms allows for surviving a compromise of one of the=
m.</li></ol></div><div><a href=3D"https://uptane.github.io/">Uptane</a> is =
a variant of TUF which is especially designed for automobiles. It allows ve=
hicle manufactures to customize which updates are installed on which vehicl=
es without compromising security. It is being integrated by at least three =
automotive suppliers, including <a href=3D"https://www.prnewswire.com/news-=
releases/ats-is-integrating-the-uptane-security-framework-for-over-the-air-=
software-updates-to-connected-vehicles-628170073.html">Advanced Telematic S=
ystems</a>, Lear Corporation, and <a href=3D"https://www.crunchbase.com/org=
anization/otainfo">OTAinfo</a>.</div><div><br></div><div>The research group=
 at NYU and I feel that many of the design principles behind Uptane may be =
used in the IoT domain, as they appear to be share some of the same require=
ments. Despite offering high security, Uptane is flexible enough to accommo=
date a wide variety of deployment configurations. For example, Uptane is ag=
nostic to the precise data encoding format used to describe metadata, so th=
at ASN.1, CBOR, or XML may be used by different implementors.</div><div><br=
></div><div>More information about TUF is available at: <a href=3D"https://=
www.theupdateframework.com/">https://www.theupdateframework.com/</a></div><=
div><br></div><div>More information about Uptane, a variant of TUF for auto=
mobiles, is available at: <a href=3D"https://uptane.github.io/">https://upt=
ane.github.io/</a></div><div><br></div><div>My thesis on TUF and Uptane is =
availabe at:=C2=A0<a href=3D"https://drive.google.com/file/d/0B5-9MEQ0SQN2S=
jdmdUxueThQNmM/view?usp=3Dsharing">https://drive.google.com/file/d/0B5-9MEQ=
0SQN2SjdmdUxueThQNmM/view?usp=3Dsharing</a></div><div><br></div><div><div>W=
e hope to collaborate with you on designing a secure yet flexible software =
update standard for IoT. In particular, we are interested in learning about=
 unique challenges in this domain that pertain to software updates. We look=
 forward to hearing from you!</div></div><div><br></div><div>With best rega=
rds,</div><div>Trishank</div></div>

--001a114aa3747aa55b055d719c04--


From nobody Tue Nov  7 23:16:20 2017
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A51712EC0F; Tue,  7 Nov 2017 23:16:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Level: 
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Uc7YnfZzEr80; Tue,  7 Nov 2017 23:16:11 -0800 (PST)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-db5eur01on0043.outbound.protection.outlook.com [104.47.2.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 771FE12F3D5; Tue,  7 Nov 2017 23:15:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=bxgo8r0mOgWwLno4ER7Hsieh0eL3ORyvNkYISru4kts=; b=AW/rWGQagh7NiBcJXWBdPavqVjJ5EhrYKosnJSn9AkYP7O+bCJsrZaWp0Oyk5nrPjfum2gIDa1b8jYgsss2olQJ+h2G29RS4BrG7TLgDqMLvpXQwURZ9uO9FGZz+9ZL9+hkUdjWiFkU2EoOlfE6b9/RmSpCO8pqCUOzD36toNbo=
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com (10.167.90.148) by AM4PR0801MB2707.eurprd08.prod.outlook.com (10.167.90.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.218.12; Wed, 8 Nov 2017 07:15:43 +0000
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::403b:850e:c32c:fad6]) by AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::403b:850e:c32c:fad6%13]) with mapi id 15.20.0218.011; Wed, 8 Nov 2017 07:15:43 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Paul Hoffman <paul.hoffman@vpnc.org>, The IESG <iesg@ietf.org>
CC: "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] WG Review: Software Updates for Internet of Things (suit)
Thread-Index: AQHTVMFL+iLnYCwU0kOnFPZGIVVbDKMC7sgAgAAD+ICABdwvEIABSUzQ
Date: Wed, 8 Nov 2017 07:15:43 +0000
Message-ID: <AM4PR0801MB2706DFBF50F90B6224B74EDFFA560@AM4PR0801MB2706.eurprd08.prod.outlook.com>
References: <150972672329.16422.18367622832369820976.idtracker@ietfa.amsl.com> <3DBC689C-8369-47DB-9B81-ACA8C28B5926@tzi.org> <E78F3C89-6D82-4338-8485-4CB945C4B406@vpnc.org> 
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [80.92.118.86]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM4PR0801MB2707; 6:Htd1jakF5QuaV4AtQf0+DUNM9uYWj03ZMK3+QqTSuB+k6/DS7uheXRzHDao7SoTqEmVsN9sHBTSNzi2hbXEptPk8RgTgcfApz6+XpWaN5MPVGS9uRgD/yWEserora+QRHjcbok345S1XZ388jfRzsp50CGgBF8VW7EkO5kT7hf+5SRIjhTWkyLmPOfGJHl0xyLzwZQpV1OIiIgeuM0yZvkuukWqpWjY6PWaw/ek2reZ/XPgaS4gh18Igjp0QGlX8vG936znLkw/0d4jzFGjfl5h26p8IWCev29UNyecZeLdJjk4QLkPgnEV/NNaEHaf5GqhxXFvaRKL0YJZl+y23IqcUp7K+V21rJTfTGR++WmM=; 5:UUEsiXjhJNVlx3Ju56fhVn9i4AMtrl7eoNnxhDT+WazfKoIXaowJEgHlM3agnqwL+nOaGpoE2Oq//9WJlOBBMdl2QbCgdtcM76v2+JMvBuTcnnthIPjDUDbVmjUQgzLvMsjJ6RlsmwCpV1inmrSirY30Glu/og4rLYLcZgz87vI=; 24:rIkX4LJXASP/G11ZNeMUfAK1ynBhkPCmxGalz+wAW1Ip4C3WY58yAFtJDpecob8BHT945NLZhprCIyJ1UpOf1osBaJBxBUTB1pl3di8epFA=; 7:vbhf2Tkos74/jAZ6kYjffxqmbxYrSqGhBORGiAS5iG1ldt7GSgXqdolbkZlC/4db1RQltReP5sg6lViKk4blZHQFM3XGSecZnmah63B+i6cgFPnXRWxZGevCgKPl/gzAcLvHhAOvVQIcVSeKAa2IC0qgt84GJocMTjfDcR5zMO2c3IQuB5TULQZ/LDefLgHbby6oIdWfJeal9GuSSaUMNLAFHRHTFGzq6TOemVvvLTuQ/Cf3S1muwylk8a54wqpf
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: c43c1fb7-53b1-4b78-945b-08d526788642
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603249); SRVR:AM4PR0801MB2707; 
x-ms-traffictypediagnostic: AM4PR0801MB2707:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com; 
x-exchange-antispam-report-test: UriScan:(155532106045638);
x-microsoft-antispam-prvs: <AM4PR0801MB270702331F1D38B6E9CE551EFA560@AM4PR0801MB2707.eurprd08.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(93006095)(93001095)(3231021)(3002001)(10201501046)(100000703101)(100105400095)(6055026)(6041248)(20161123562025)(20161123555025)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(20161123558100)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:AM4PR0801MB2707; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:AM4PR0801MB2707; 
x-forefront-prvs: 0485417665
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(39860400002)(376002)(346002)(199003)(40434004)(13464003)(85644002)(189002)(6116002)(102836003)(2900100001)(105586002)(6246003)(106356001)(15650500001)(3660700001)(14454004)(101416001)(68736007)(72206003)(50986999)(54356999)(76176999)(478600001)(33656002)(3280700002)(66066001)(229853002)(2906002)(25786009)(6506006)(9686003)(3846002)(189998001)(53936002)(53546010)(5890100001)(55016002)(110136005)(6436002)(5250100002)(81156014)(81166006)(5660300001)(316002)(74316002)(8936002)(7736002)(99286004)(97736004)(7696004)(4326008)(8676002)(86362001)(305945005); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR0801MB2707; H:AM4PR0801MB2706.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: c43c1fb7-53b1-4b78-945b-08d526788642
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Nov 2017 07:15:43.2296 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0801MB2707
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/felhbCQLQx_NGySQPtPG1bSlVXM>
Subject: Re: [Suit] WG Review: Software Updates for Internet of Things (suit)
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Nov 2017 07:16:13 -0000

SGkgUGF1bCwNCg0KSW4gYSBwcml2YXRlIG1haWwgSSB3YXMgbWFkZSBhd2FyZSB0aGF0IG15IGVt
YWlsIHJlc3BvbnNlIHRvIHlvdSBiZWxvdyBjb3VsZCBiZSBpbnRlcnByZXRlZCBhcyBhIHBlcnNv
bmFsIGF0dGFjay4gU29ycnkuIFRoYXQgd2FzIG9idmlvdXNseSBub3QgbXkgaW50ZW50aW9uLg0K
DQpMZXQgbWUgdGhlcmVmb3JlIHJlLXBoYXNlIHRoZSByZXNwb25zZSwgd2hpY2ggbWF5IGdpdmUg
dGhlIGdyb3VwIHNvbWUgaW5zaWdodDogWW91IGhhdmUgc3Bva2VuIHRvIChlbWJlZGRlZCkgY29t
cGFuaWVzIGFib3V0IHRoZWlyIHVwZGF0ZSBtZWNoYW5pc20gYW5kIHlvdSBzYWlkIHRoYXQgdGhl
eSBkaWRuJ3QgdXNlIFJGQyA0MTA4LiBXaG8gZGlkIHlvdSB0YWxrIHRvIGFuZCwgcHJvYmFibHkg
b2YgbW9yZSBpbnRlcmVzdCwgd2hhdCBkaWQgdGhleSB1c2U/DQoNCkNpYW8NCkhhbm5lcw0KDQot
LS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLQ0KRnJvbTogSGFubmVzIFRzY2hvZmVuaWcNClNlbnQ6
IDA3IE5vdmVtYmVyIDIwMTcgMTQ6MjcNClRvOiAnUGF1bCBIb2ZmbWFuJzsgVGhlIElFU0cNCkNj
OiBzdWl0QGlldGYub3JnDQpTdWJqZWN0OiBSRTogW1N1aXRdIFdHIFJldmlldzogU29mdHdhcmUg
VXBkYXRlcyBmb3IgSW50ZXJuZXQgb2YgVGhpbmdzIChzdWl0KQ0KDQpIaSBQYXVsLA0KDQpKdXN0
IGEgZmV3IG5vdGVzLg0KDQo+IEkgYWdyZWUgd2l0aCBDYXJzdGVuOiB0aGF0J3Mgbm90IHdoYXQg
dGhlIHJlY2VudCBsaXN0IHRyYWZmaWMgd2FzIGFpbWluZyBmb3IuIFRoZSBkcmFmdCBjaGFydGVy
IGZyb20gYSBtb250aCBhZ28gZGlkbid0IGZvcmNlIHRoZSBXRyBpbnRvIEFTTi4xLCBhbmQgSSBk
b24ndCBzZWUgYW55IGxpc3QgdHJhZmZpYyBhc2tpbmcgZm9yIHRoYXQuDQoNClRoZXJlIGlzIGEg
Y2hpY2tlbi1hbmQtZWdnIHByb2JsZW0gaGVyZTogaWYgdGhlcmUgaXMgbm8gd29ya2luZyBncm91
cCBpdCBpcyBkaWZmaWN1bHQgdG8gYnJpbmcgdGhlIGNvbW11bml0eSB3b3JraW5nIG9uIGVtYmVk
ZGVkIG9wZXJhdGluZyBzeXN0ZW1zLCB3aGljaCBhcmUgdGhlIGd1eXMgd2hvIGFyZSB1bHRpbWF0
ZWx5IGhhdmluZyB0aGUgaW1wbGVtZW50YXRpb24gYnVyZGVuLCB0byB0aGUgSUVURi4gV2UgaGF2
ZSByZWFjaGVkIG91dCB0byB2YXJpb3VzIGNvbXBhbmllcyBhbmQgZW5jb3VyYWdlZCB0aGVpciBw
YXJ0aWNpcGF0aW9uIGJ1dCwgYXMgeW91IGZvciBzdXJlIGtub3csIHRoaXMgaXMgZGlmZmljdWx0
IHRvIGRvIHNpbmNlIG1hbnkgb2YgdGhlbSBoYXZlIG5vIGV4cGVyaWVuY2Ugd2l0aCB0aGUgSUVU
Ri4NCg0KPiBBbHNvOiBpcyBSRkMgNDEwOCByZWFsbHkgYSAiY3VycmVudCBiZXN0IHByYWN0aWNl
Ij8gVGhlcmUgc2VlbXMgdG8gYmUgbmVhcmx5IG5vIGltcGxlbWVudGF0aW9ucyBvZiB0aGF0IGlu
IHRoZSBJb1Qgc3BhY2UsIG9yIGF0IGxlYXN0IG5vbmUgdGhhdCBoYXZlIHNwb2tlbiB1cCBhYm91
dCBpdC4NCg0KSXQgaXMgaGFyZCB0byBqdWRnZSBob3cgd2VsbCBjb25uZWN0ZWQgeW91IGFyZSBp
biB0aGUgZW1iZWRkZWQgaW5kdXN0cnkgYW5kIGhvdyBtYW55IGVtYmVkZGVkIE9TIHZlbmRvcnMg
eW91IGhhdmUgc3Bva2VuIHdpdGguIEp1c3QgeWVzdGVyZGF5IEkgaGFkIGFuIGVtYWlsIGV4Y2hh
bmdlIHdpdGggYSBjb21wYW55IHRoYXQgaGFzIGltcGxlbWVudGVkIFJGQyA0MTA4IGFuZCBhc2tl
ZCB1cyBhYm91dCB0aGUgZGlmZmVyZW5jZSBiZXR3ZWVuIG91ciB3b3JrIGFuZCB0aGF0IFJGQy4g
SSBlbmNvdXJhZ2VkIHRoZW0gdG8gam9pbiB0aGUgbGlzdCBhbmQgcGFydGljaXBhdGUgaW4gdGhl
IGRpc2N1c3Npb24uDQoNCkZXSVcsIHdlIGFyZSBib3RoIGJpYXNlZCB3aXRoIHJlZ2FyZHMgdG8g
dGhlIGVuY29kaW5nIGZvcm1hdDogeW91IGFyZSB0aGUgY28tYXV0aG9yIG9mIENCT1IgYW5kIHdl
IGhhdmUgaW1wbGVtZW50ZWQgYW4gQVNOLjEgYmFzZWQgc29sdXRpb24uDQoNCkNpYW8NCkhhbm5l
cw0KDQpJTVBPUlRBTlQgTk9USUNFOiBUaGUgY29udGVudHMgb2YgdGhpcyBlbWFpbCBhbmQgYW55
IGF0dGFjaG1lbnRzIGFyZSBjb25maWRlbnRpYWwgYW5kIG1heSBhbHNvIGJlIHByaXZpbGVnZWQu
IElmIHlvdSBhcmUgbm90IHRoZSBpbnRlbmRlZCByZWNpcGllbnQsIHBsZWFzZSBub3RpZnkgdGhl
IHNlbmRlciBpbW1lZGlhdGVseSBhbmQgZG8gbm90IGRpc2Nsb3NlIHRoZSBjb250ZW50cyB0byBh
bnkgb3RoZXIgcGVyc29uLCB1c2UgaXQgZm9yIGFueSBwdXJwb3NlLCBvciBzdG9yZSBvciBjb3B5
IHRoZSBpbmZvcm1hdGlvbiBpbiBhbnkgbWVkaXVtLiBUaGFuayB5b3UuDQo=


From nobody Wed Nov  8 02:19:28 2017
Return-Path: <Brendan.Moran@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 69474131999; Wed,  8 Nov 2017 02:19:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.91
X-Spam-Level: 
X-Spam-Status: No, score=-2.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=-1, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kYLBZudPTraW; Wed,  8 Nov 2017 02:19:24 -0800 (PST)
Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-eopbgr10043.outbound.protection.outlook.com [40.107.1.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3715F131993; Wed,  8 Nov 2017 02:19:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=k9ESPpDogiC/s1Ln9VY7/qrUf8ejTGqyHYWweCBk0UE=; b=Fc/d23nzLXdOhsJGZu/BTcIAR7F/DcETjhxjVjZFgEscNGgjScIc68/7CxEFxNX9RFqOm8g8LuUb9j7TTfuct17lJajZ9qLl9INoI4KbkFdxN37zG+DZORWer1AG0AXtPS9u9t9gcqoZpDAOKbU/ac0UoFIp7SFNJygVNZQsFO8=
Received: from DB5PR08MB0615.eurprd08.prod.outlook.com (10.169.32.149) by DB5PR0801MB2712.eurprd08.prod.outlook.com (10.166.176.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.197.13; Wed, 8 Nov 2017 10:19:20 +0000
Received: from DB5PR08MB0615.eurprd08.prod.outlook.com ([fe80::b123:af71:1ed2:1057]) by DB5PR08MB0615.eurprd08.prod.outlook.com ([fe80::b123:af71:1ed2:1057%14]) with mapi id 15.20.0197.020; Wed, 8 Nov 2017 10:19:20 +0000
From: Brendan Moran <Brendan.Moran@arm.com>
To: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
CC: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, "suit@ietf.org" <suit@ietf.org>, Michael Richardson <mcr+ietf@sandelman.ca>, The IESG <iesg@ietf.org>
Thread-Topic: [Suit] WG Review: Software Updates for Internet of Things (suit)
Thread-Index: AQHTVMFLgRYVGfZJ1EmP1btbHqGAp6MC7sgAgAAD+ICAAAsmgIAEhf4AgABRqwCAACQ+gIAA7j+DgAFkhIA=
Date: Wed, 8 Nov 2017 10:19:20 +0000
Message-ID: <A5027911-1A2C-4707-BD77-05D3FE1DAA88@arm.com>
References: <150972672329.16422.18367622832369820976.idtracker@ietfa.amsl.com> <3DBC689C-8369-47DB-9B81-ACA8C28B5926@tzi.org> <E78F3C89-6D82-4338-8485-4CB945C4B406@vpnc.org> <CY4PR09MB1495F5E545222C79A6090357F05D0@CY4PR09MB1495.namprd09.prod.outlook.com> <1A13A291-F0E9-4F03-96D7-0393C6F12F5B@vpnc.org> <18637.1510000852@dooku.sandelman.ca> <31D7BECD-9B00-4D4F-AFE6-27FE38D8E742@sit.fraunhofer.de> <VI1PR0801MB2717CEFB1C728ED7CC13C2F8FA510@VI1PR0801MB2717.eurprd08.prod.outlook.com> <6957528f-7a65-77b8-800e-ce52a1c79b2f@sit.fraunhofer.de>
In-Reply-To: <6957528f-7a65-77b8-800e-ce52a1c79b2f@sit.fraunhofer.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-mailer: Apple Mail (2.3273)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Brendan.Moran@arm.com; 
x-originating-ip: [217.140.96.140]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DB5PR0801MB2712; 6:aCChkUgfyTRKNfxokxnyvEW22tmzWYA1QDCqT8ll/Voh+q0wJ70WBGtOjQ1PYNC01GIvPkjIkHld6dGkRFddDlu5hBLIyrD+cpPaFVe+clf3r77Yzs+xVDYDm8F2LCz/X3pBnhH2+PHKeKDxq2O+hF1jdSSrOo1umijAyGZoD5BfufrpPr8mEwiCJdO7wguQcl0PnZnUdrUJ0nlGTaGxOAf1Gc6E/QXSqcYJUF6S2dqD02MLjM18755Z5KSqQdhWTq19T22YKm/JlY+KMY8bAGwYy4t043nAeckOm1nPaEwyP3F6eB0GmZyqFrypImTKHIso01RXigDAkQO0NQK2QP+UdyZp4PX+z/MhIxPnyKo=; 5:DWl4Owkz7FXdwRCzjZ8PSVqFyizIYv9TsSnRmidAhZ5FG3IlHL+yOawO0Ya13YWjsHYACf+qHKZUL4eowdaEfbbYRbtR/j/UYQuNVVzhLhqWNWu1d1+iYHCFCU33yu0bX+cx93ZSFvnHo0FwouqaPEui2YjM31qLXuKB5MtqPGw=; 24:HN3NKZZ//yxFc0q96AnMVOQq+wW5wW0mVPuGSIHkU67ZEfi9AgqeRinqCSz4uyK42hfLccmCjZjGU0ag5IvWJUw16dQnE+I1OwrStkdiAE0=; 7:EOD62kgABNatNB9A8oJVh/LF9tSM993Q4QwRtlcAr/nP2DotYoilVQDQ9GrvY7XxxISXgGTFhoPYP8+3N2VHJNXkkJmbftJDZhSDgz2lRMSagnV5XdQLU7rXwRl+gyfOjRF9lZuw/zl2r8CkCI7K6aeW6Ij4J9tVHh3JB3jc1vrXpecK3N4jVnTnnTt3ZO4lyd8WHznxnXGGDTRSGpHHbrSCRNYnNWj4j/melBT3m6nPWeECEZnmqK+EsJ81Jb3T
x-ms-exchange-antispam-srfa-diagnostics: SSOS;SSOR;
x-ms-office365-filtering-correlation-id: 18e35d1d-6c5b-4647-636b-08d526922d13
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603199); SRVR:DB5PR0801MB2712; 
x-ms-traffictypediagnostic: DB5PR0801MB2712:
x-exchange-antispam-report-test: UriScan:;
x-microsoft-antispam-prvs: <DB5PR0801MB2712FE4374EE8262225362EFEA560@DB5PR0801MB2712.eurprd08.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(93006095)(93001095)(3231021)(3002001)(100000703101)(100105400095)(10201501046)(6055026)(6041248)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123564025)(20161123555025)(20161123558100)(20161123560025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:DB5PR0801MB2712; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:DB5PR0801MB2712; 
x-forefront-prvs: 0485417665
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(346002)(24454002)(189002)(40434004)(199003)(40224003)(2900100001)(105586002)(3280700002)(25786009)(14454004)(7736002)(97736004)(82746002)(81156014)(8936002)(2906002)(8676002)(81166006)(189998001)(72206003)(3660700001)(15650500001)(86362001)(53546010)(54906003)(316002)(99286004)(36756003)(93886005)(5890100001)(5250100002)(478600001)(83716003)(2950100002)(76176999)(101416001)(6486002)(6916009)(68736007)(50226002)(6116002)(50986999)(5660300001)(53936002)(57306001)(4326008)(6512007)(561944003)(106356001)(33656002)(102836003)(6436002)(6246003)(3846002)(229853002)(54896002)(236005)(66066001)(6506006); DIR:OUT; SFP:1101; SCL:1; SRVR:DB5PR0801MB2712; H:DB5PR08MB0615.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords;  MX:1; A:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_A50279111A2C4707BD7705D3FE1DAA88armcom_"
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 18e35d1d-6c5b-4647-636b-08d526922d13
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Nov 2017 10:19:20.4712 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB5PR0801MB2712
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/sobgxaRIp8h124BgMcev2vS-J1I>
Subject: Re: [Suit] WG Review: Software Updates for Internet of Things (suit)
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Nov 2017 10:19:27 -0000

--_000_A50279111A2C4707BD7705D3FE1DAA88armcom_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable


On 7 Nov 2017, at 13:02, Henk Birkholz <henk.birkholz@sit.fraunhofer.de<mai=
lto:henk.birkholz@sit.fraunhofer.de>> wrote:

I also have to voice to support the approach to "learn" from CMS and RFC 41=
08 - and not just refactoring the concepts/contents.

Here are some thoughts on the differences between the manifest proposal and=
 RFC 4108:

The initial submission of the [FUD] manifest format shares many properties =
RFC4108, such as serial numbers (Device IDs), community identifiers (Device=
 Class IDs), and the Cryptographic Message Syntax. The current [Suit] manif=
est format still shares most of these properties, but uses COSE instead of =
CMS.

  *   RFC4108 specifies that signing should occur after encryption. This ca=
uses some problems:
     *   The entire package must be downloaded, then verified, then decrypt=
ed in-place, then installed, requiring double the flash cycles as decryptin=
g in-RAM, then verifying after decryption.
     *   The installed binary cannot have its signature verified.
     *   It is preferable to include multiple hashes of the firmware packag=
e in different states, such as:
        *   Ciphertext
        *   Plaintext
        *   Installed
        *   (Others, dependent on firmware format)
  *   RFC4108 defines a wrapped firmware object, whereas the [Suit] draft i=
ntentionally separates the metadata from the firmware. This has several ben=
efits:
     *   Signature verification can be done early, to ensure that the signe=
r(s) has the correct rights (in aggregate, for multiple signers) to perform=
 installation
     *   Manifests are small and can be distributed over a pre-established =
link, even if it is expensive. The manifest can contain discovery hints for=
 firmware acquisition, (e.g. a ranked list of URIs to search) which allows =
distribution over low-cost links.
        *   An example here is distribution in mesh networks. The manifest =
is small enough to be sent to every node, via LwM2M, for example, and the m=
anifest can contain a URI/directive that instructs the device to listen for=
 a broadcast firmware, which the whole of the mesh will receive. Only devic=
es that have been primed with a manifest will store the firmware. The rest =
will just participate in mesh broadcast.
     *   Storage is simpler. The same firmware can be distributed in multip=
le batches to different sets of devices without uploading multiple copies o=
f the firmware. Because it is merely linked by the manifest, rather than co=
ntained within a signed object, many manifests can refer to the same firmwa=
re.
  *   Key distribution is not well-specified in RFC4108. The only specified=
 option uses the EnvelopedData mechanism from RFC5652, and comes with drawb=
acks where broadcast (physical, or logical, i.e. untrusted CDNs) distributi=
on is used.
     *   The [Suit] draft no longer specifies key table distribution. Some =
of this can be handled within COSE, however there is some specification wor=
k to be done on how encrypted payloads can be made broadcast-friendly. I ex=
pect either tables of encrypted COSE Keys, or tables of key-wrapped bare ke=
ys to play a role.
  *   Firmware component naming is conflated with versioning. This is probl=
ematic for rollback protection, since the version number may require text p=
rocessing.

   Preferred firmware package names are a combination of the firmware
   package object identifier and a version number.


  *   A fat boot loader is mandated by the standard, which makes unbrickabl=
e updates of network stacks problematic:

   The bootstrap loader MUST have access to a physical interface and any
   related driver or protocol software necessary to obtain a firmware
   package.

Best Regards,
Brendan Moran
IMPORTANT NOTICE: The contents of this email and any attachments are confid=
ential and may also be privileged. If you are not the intended recipient, p=
lease notify the sender immediately and do not disclose the contents to any=
 other person, use it for any purpose, or store or copy the information in =
any medium. Thank you.

--_000_A50279111A2C4707BD7705D3FE1DAA88armcom_
Content-Type: text/html; charset="us-ascii"
Content-ID: <F03B30FF3439854EBE62B1D463F0EAED@eurprd08.prod.outlook.com>
Content-Transfer-Encoding: quoted-printable

<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
</head>
<body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-lin=
e-break: after-white-space;" class=3D"">
<br class=3D"">
<div>
<blockquote type=3D"cite" class=3D"">
<div class=3D"">On 7 Nov 2017, at 13:02, Henk Birkholz &lt;<a href=3D"mailt=
o:henk.birkholz@sit.fraunhofer.de" class=3D"">henk.birkholz@sit.fraunhofer.=
de</a>&gt; wrote:</div>
<div class=3D"">
<div class=3D""><br class=3D"">
I also have to voice to support the approach to &quot;learn&quot; from CMS =
and RFC 4108 - and not just refactoring the concepts/contents.<br class=3D"=
">
</div>
</div>
</blockquote>
</div>
<br class=3D"">
<div class=3D"">Here are some thoughts on the differences between the manif=
est proposal and RFC 4108:</div>
<div class=3D""><br class=3D"">
</div>
<div class=3D"">
<div class=3D"">The initial submission of the [FUD] manifest format shares =
many properties RFC4108, such as serial numbers (Device IDs), community ide=
ntifiers (Device Class IDs), and the Cryptographic Message Syntax. The curr=
ent [Suit] manifest format still shares
 most of these properties, but uses COSE instead of CMS.</div>
<div class=3D"">
<div class=3D"">
<ul class=3D"MailOutline">
<li class=3D"">RFC4108&nbsp;specifies that signing should occur after encry=
ption. This causes some problems:
<ul class=3D"">
<li class=3D"">The entire package must be downloaded, then verified, then d=
ecrypted in-place, then installed, requiring double the flash cycles as dec=
rypting in-RAM, then verifying after decryption.</li><li class=3D"">The ins=
talled binary cannot have its signature verified.</li><li class=3D"">It is =
preferable to include multiple hashes of the firmware package in different =
states, such as:
<ul class=3D"">
<li class=3D"">Ciphertext</li><li class=3D"">Plaintext</li><li class=3D"">I=
nstalled</li><li class=3D"">(Others, dependent on firmware format)</li></ul=
>
</li></ul>
</li><li class=3D"">RFC4108 defines a wrapped firmware object, whereas the =
[Suit] draft intentionally separates the metadata from the firmware. This h=
as several benefits:
<ul class=3D"">
<li class=3D"">Signature verification can be done early, to ensure that the=
 signer(s) has the correct rights (in aggregate, for multiple signers) to p=
erform installation&nbsp;</li><li class=3D"">Manifests are small and can be=
 distributed over a pre-established link, even if it is expensive. The mani=
fest can contain discovery hints for firmware acquisition, (e.g. a ranked l=
ist of URIs to search) which allows distribution over low-cost links.&nbsp;
<ul class=3D"">
<li class=3D"">An example here is distribution in mesh networks. The manife=
st is small enough to be sent to every node, via LwM2M, for example, and th=
e manifest can contain a URI/directive that instructs the device to listen =
for a broadcast firmware, which the
 whole of the mesh will receive. Only devices that have been primed with a =
manifest will store the firmware. The rest will just participate in mesh br=
oadcast.</li></ul>
</li><li class=3D"">Storage is simpler. The same firmware can be distribute=
d in multiple batches to different sets of devices without uploading multip=
le copies of the firmware. Because it is merely linked by the manifest, rat=
her than contained within a signed object,
 many manifests can refer to the same firmware.</li></ul>
</li><li class=3D"">Key distribution is not well-specified in RFC4108. The =
only specified option uses the EnvelopedData mechanism from RFC5652, and co=
mes with drawbacks where broadcast (physical, or logical, i.e. untrusted CD=
Ns) distribution is used.
<ul class=3D"">
<li class=3D"">The [Suit] draft no longer specifies key table distribution.=
 Some of this can be handled within COSE, however there is some specificati=
on work to be done on how encrypted payloads can be made broadcast-friendly=
. I expect either tables of encrypted
 COSE Keys, or tables of key-wrapped bare keys&nbsp;to play a role.</li></u=
l>
</li><li class=3D"">Firmware component naming is conflated with versioning.=
 This is problematic for rollback protection, since the version number may =
require text processing.</li></ul>
<div class=3D"">
<pre class=3D"newpage" style=3D"font-size: 13.3333px; margin-top: 0px; marg=
in-bottom: 0px; orphans: 2; widows: 2;"></pre>
<blockquote type=3D"cite" class=3D"">
<pre class=3D"newpage" style=3D"font-size: 13.3333px; margin-top: 0px; marg=
in-bottom: 0px; orphans: 2; widows: 2;">   Preferred firmware package names=
 are a combination of the firmware
   package object identifier and a version number. </pre>
</blockquote>
<br class=3D"">
</div>
</div>
<div class=3D"">
<ul class=3D"MailOutline">
<li class=3D"">A fat boot loader is mandated by the standard, which makes u=
nbrickable updates of network stacks problematic:</li></ul>
<div class=3D"">
<pre class=3D"newpage" style=3D"font-size: 13.3333px; margin-top: 0px; marg=
in-bottom: 0px; orphans: 2; widows: 2;"></pre>
<blockquote type=3D"cite" class=3D"">
<pre class=3D"newpage" style=3D"font-size: 13.3333px; margin-top: 0px; marg=
in-bottom: 0px; orphans: 2; widows: 2;">   The bootstrap loader MUST have a=
ccess to a physical interface and any
   related driver or protocol software necessary to obtain a firmware
   package. </pre>
</blockquote>
</div>
</div>
</div>
<div class=3D""><br class=3D"">
</div>
</div>
<div class=3D"">Best Regards,</div>
<div class=3D"">Brendan Moran</div>
IMPORTANT NOTICE: The contents of this email and any attachments are confid=
ential and may also be privileged. If you are not the intended recipient, p=
lease notify the sender immediately and do not disclose the contents to any=
 other person, use it for any purpose,
 or store or copy the information in any medium. Thank you.
</body>
</html>

--_000_A50279111A2C4707BD7705D3FE1DAA88armcom_--


From rod@proteancode.com  Wed Nov  8 03:10:22 2017
Return-Path: <rod@proteancode.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A7426131962 for <suit@ietfa.amsl.com>; Wed,  8 Nov 2017 03:10:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.6
X-Spam-Level: 
X-Spam-Status: No, score=-0.6 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=proteancode.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eeKI7ZkeeyFQ for <suit@ietfa.amsl.com>; Wed,  8 Nov 2017 03:10:21 -0800 (PST)
Received: from cloud01.winterhost.co.uk (cloud01.winterhost.co.uk [46.17.91.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3FC5B1270AB for <suit@ietf.org>; Wed,  8 Nov 2017 03:10:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=proteancode.com; s=default; h=Content-Type:MIME-Version:Date:Message-ID: Subject:From:To:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=70c53fRCGFiYPafcP2p7KlJs/CMG/YxDokXbLNN3j/M=; b=QEXaxGC7f4mNBu5mjEsfdZf7G0 I4KXNq6+j8c1eKoAE2tD6p4Cbp4RrMhl/swqMVVKMlu7K+XWP0A/LxqMqCIKBMiKX6YDh+buiXNlQ zwG/Y8MrFSD3RXDqij3tRcx5Bu4YVLAGrN0FlqJDSrGvQkEq/+75FAoJHVZ05WBzDZAI=;
Received: from [80.194.246.99] (port=61814 helo=RodPro.local) by cloud01.winterhost.co.uk with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.89) (envelope-from <rod@proteancode.com>) id 1eCOFP-0007kD-QE for suit@ietf.org; Wed, 08 Nov 2017 11:10:19 +0000
To: suit@ietf.org
From: Roderick Chapman <rod@proteancode.com>
Message-ID: <14d380f9-56ae-98eb-b22d-62bfbbf05bb4@proteancode.com>
Date: Wed, 8 Nov 2017 11:10:18 +0000
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="------------3EBD5DE9B82026A7964AA760"
Content-Language: en-US
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - cloud01.winterhost.co.uk
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - proteancode.com
X-Get-Message-Sender-Via: cloud01.winterhost.co.uk: authenticated_id: rod@proteancode.com
X-Authenticated-Sender: cloud01.winterhost.co.uk: rod@proteancode.com
X-Source: 
X-Source-Args: 
X-Source-Dir: 
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/gwHMkncbpBv6u64Hlg3AYwXX0-U>
Subject: [Suit] Implementing RFC 4108
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Nov 2017 11:16:41 -0000

This is a multi-part message in MIME format.
--------------3EBD5DE9B82026A7964AA760
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit

The guys from ARM have encouraged me to join this list.


Last year, I led a team that built an implementation of RFC 4108,

following NCSC guidance and technical specifications on choice of

crypto algorithms, key sizes and so on.


A short, and rather lacking-in-detail, presentation about our work

is here: 
http://www.his-2017.co.uk/session/secure-updates-for-embedded-systems.


I'll be happy to report on our experiences where possible.

  All the best,

  Rod Chapman, Protean Code Limited





--------------3EBD5DE9B82026A7964AA760
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 8bit

<html>
  <head>

    <meta http-equiv="content-type" content="text/html; charset=utf-8">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <p><font size="+1">The guys from ARM have encouraged me to join this
        list.</font></p>
    <p><font size="+1"><br>
      </font></p>
    <p><font size="+1">Last year, I led a team that built an implementation
        of RFC 4108,</font></p>
    <p><font size="+1">following NCSC guidance and technical specifications
        on choice of</font></p>
    <p><font size="+1">crypto algorithms, key sizes and so on.<br>
      </font></p>
    <p><font size="+1"><br>
      </font></p>
    <p><font size="+1">A short, and rather lacking-in-detail,
        presentation about our work</font></p>
    <p><font size="+1">is here:
        <a class="moz-txt-link-freetext" href="http://www.his-2017.co.uk/session/secure-updates-for-embedded-systems">http://www.his-2017.co.uk/session/secure-updates-for-embedded-systems</a>.</font></p>
    <p><font size="+1"><br>
      </font></p>
    <p><font size="+1">I'll be happy to report on our experiences where
        possible.</font></p>
    <p><font size="+1"> All the best,</font></p>
    <p><font size="+1"> Rod Chapman, Protean Code Limited</font></p>
    <p><font size="+1"><br>
      </font></p>
    <p><font size="+1"><br>
      </font></p>
    <p><font size="+1"><br>
      </font></p>
  </body>
</html>

--------------3EBD5DE9B82026A7964AA760--


From nobody Wed Nov  8 07:26:36 2017
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 279E112711B for <suit@ietfa.amsl.com>; Wed,  8 Nov 2017 07:26:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level: 
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z5Oq4rxdI8_8 for <suit@ietfa.amsl.com>; Wed,  8 Nov 2017 07:26:33 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BF5E912706D for <suit@ietf.org>; Wed,  8 Nov 2017 07:26:33 -0800 (PST)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 960FB206C8; Wed,  8 Nov 2017 10:27:50 -0500 (EST)
Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id E296F81F0B; Wed,  8 Nov 2017 10:26:32 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Trishank Karthik Kuppusamy <trishank@nyu.edu>
cc: suit@ietf.org, Shikhar Sakhuja <ss9131@nyu.edu>, Justin Cappos <jcappos@nyu.edu>, Sebastien Awwad <sebastienawwad@gmail.com>, Vladimir Diaz <vladimir.v.diaz@gmail.com>, Ariella C Feuchtwanger <acf469@nyu.edu>
In-Reply-To: <CAJa2m-pjbm_C9x-pM1sVyuFr1_Bk5hE-TZgVQk0WCAcuvcngAw@mail.gmail.com>
References: <CAJa2m-pjbm_C9x-pM1sVyuFr1_Bk5hE-TZgVQk0WCAcuvcngAw@mail.gmail.com>
X-Mailer: MH-E 8.6; nmh 1.7-RC3; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature"
Date: Wed, 08 Nov 2017 10:26:32 -0500
Message-ID: <16295.1510154792@obiwan.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/eYu-GUW5O-oRftPgInYW0zkKCDA>
Subject: Re: [Suit] Towards building a secure software update standard for IoT
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Nov 2017 15:26:35 -0000

--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable


Trishank Karthik Kuppusamy <trishank@nyu.edu> wrote:
    > I'm a Ph.D. graduate from NYU Tandon who worked on The Update Framewo=
rk
    > (TUF), an open security standard for building compromise-resilient

Awesome, so happy to have you join the discussion!

    > Uptane is a variant of TUF which is especially designed for
    > automobiles. It allows vehicle manufactures to customize which updates
    > are installed on which vehicles without compromising security. It is
    > being integrated by at least three automotive suppliers, including
    > Advanced Telematic Systems, Lear Corporation, and OTAinfo.

Can you tell us a bit about how uptane indicates which vehicles should apply
the update?  Can it get down to a single vehicle?  If so, are there any
privacy protections involved?

    > The research group at NYU and I feel that many of the design principl=
es
    > behind Uptane may be used in the IoT domain, as they appear to be sha=
re
    > some of the same requirements. Despite offering high security, Uptane
    > is flexible enough to accommodate a wide variety of deployment
    > configurations. For example, Uptane is agnostic to the precise data
    > encoding format used to describe metadata, so that ASN.1, CBOR, or XML
    > may be used by different implementors.

Very interesting.

I'm reading your github source code.

=2D-=20
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -=3D IPv6 IoT consulting =3D-




--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAloDIigACgkQgItw+93Q
3WXORwgApPR3zdqSXytI1RJ7jIjyAm5ZeWkgJLUIcKwlqJt8aKSmy7PTwx70Q4UY
TJuwM1HjlSzEmwSwwGTTZqlkzMjRMfc5WqCGbR7tk1W55ozqLCA9xKVvlVBBMY4z
25KtXOjjCDDAprGI4GLMyGKnmL3TH6H6R52/NJfAtTIsovW1ezYPUUbTQoUKjlv2
8rUYmYS2MfH1ZEVcjBoT3I0bl4IrcKToFwkzdNgd2DF3eAL3j7N+BF3bSV+4NIg3
Igv6UsGrtMaqPTh3K/Nomw8ctzb7APUoghi5K8CI/iPfhXnwvpwM22IOY43BpVeU
JInWeQ51HDuBZHsfla5IomCXQGDzZg==
=QnRm
-----END PGP SIGNATURE-----
--=-=-=--


From nobody Fri Nov 10 06:49:23 2017
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 242441241FC for <suit@ietfa.amsl.com>; Fri, 10 Nov 2017 06:49:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level: 
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HBx2kTHGQBAy for <suit@ietfa.amsl.com>; Fri, 10 Nov 2017 06:49:21 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BC5CD120046 for <suit@ietf.org>; Fri, 10 Nov 2017 06:49:21 -0800 (PST)
Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id CFE7720008 for <suit@ietf.org>; Fri, 10 Nov 2017 09:50:44 -0500 (EST)
Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 58AD480661 for <suit@ietf.org>; Fri, 10 Nov 2017 09:49:20 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: suit@ietf.org
X-Attribution: mcr
X-Mailer: MH-E 8.6; nmh 1.7-RC3; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature"
Date: Fri, 10 Nov 2017 09:49:20 -0500
Message-ID: <21176.1510325360@obiwan.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/bY7fXW1UmdHgZPGdTso-i_r102I>
Subject: [Suit] Quantum resistance in firmware formats
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Nov 2017 14:49:23 -0000

--=-=-=
Content-Type: text/plain


The proposed architectures that we have either assume a relatively capable
bootloader, or the ability to double buffer images.

One of the advantages of the double buffering is that the firmware update
code itself can easily be updated.
Updating a bootloader image may be significantly more risky, and so I imagine
that it might rarely or never occur in a device's lifetime.

So my question is: how much concern should we put into quantum resistant
signature algorithms?  Is it worth the risk of being on the bleeding edge
here with the hope of winning?  Should we perhaps plan on our manifests (and
images) being signed more than once by the same entity using different
algorithms?


--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-




--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAloFvHAACgkQgItw+93Q
3WXvawgAkDq97HwEzWTClJui3PVC3WwOh/fniq8GDo+uEbLlTkN5dI6ToeXD+8Sk
UHR5j09MjmcKdcVXYQoSzZZPoXCj26TzQXX3ZC1c0yVFaCg4W6PoKC7+XwC7u6o7
+9b0Vf/6a5gn/sgr6Kg4bI6ixjNxwJoFIOqoJoPFDdVs0lOAyLw0CqaYCei6MvWL
3Ee8+mTdNv8VQb0Nr6zdEHWTVaotxXcOuG5vomoQKPySliYG9sv9/OJXqZVt8tH4
w68KkxwQoLMFYZC6foatDCbyKRmyIPOqb1WsMrlmWzYkfFwPG5hBnTFxvUVMwezU
5JCAvB+ve8aoBVIlTE3ofllk1W8oTg==
=rGns
-----END PGP SIGNATURE-----
--=-=-=--


From nobody Fri Nov 10 07:27:20 2017
Return-Path: <Brendan.Moran@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 238BB124217 for <suit@ietfa.amsl.com>; Fri, 10 Nov 2017 07:27:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level: 
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GzmnbjiqeKMg for <suit@ietfa.amsl.com>; Fri, 10 Nov 2017 07:27:14 -0800 (PST)
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-he1eur01on0067.outbound.protection.outlook.com [104.47.0.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 19FD0120046 for <suit@ietf.org>; Fri, 10 Nov 2017 07:27:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=UQk1+KzRP4U0qfL25UXNZ27rWYQznxDa2N6k5qetF/0=; b=DeaYyUUgcCi159TpBCM9/gy5qc2xhkAbxdlR1duNAjlVgb2OnAwBp5Ye8CJl4Syda6SWedq8NsYWyKtC/WGY1wLpOVVQ1TQshdQMbIYaRurQjG8kWqEMdGWI2W9axIGNcp/12/IkH/skYodOabS9+nnVnHOEGoFdXoA5TDFYSck=
Received: from DB5PR08MB0615.eurprd08.prod.outlook.com (10.169.32.149) by DB5PR08MB0613.eurprd08.prod.outlook.com (10.169.32.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.218.12; Fri, 10 Nov 2017 15:27:09 +0000
Received: from DB5PR08MB0615.eurprd08.prod.outlook.com ([fe80::b123:af71:1ed2:1057]) by DB5PR08MB0615.eurprd08.prod.outlook.com ([fe80::b123:af71:1ed2:1057%14]) with mapi id 15.20.0218.011; Fri, 10 Nov 2017 15:27:09 +0000
From: Brendan Moran <Brendan.Moran@arm.com>
To: "suit@ietf.org" <suit@ietf.org>
CC: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Thread-Topic: Threat Model and User Stories for draft-moran-suit-manifest-00
Thread-Index: AQHTWjhfYHkcD8wPCUqoSt+k2PJ+2A==
Date: Fri, 10 Nov 2017 15:27:09 +0000
Message-ID: <52E90240-4041-4650-96CC-865E82935450@arm.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-mailer: Apple Mail (2.3273)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Brendan.Moran@arm.com; 
x-originating-ip: [217.140.96.140]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DB5PR08MB0613; 6:VIYktfCWDlB0Ka9rKXvJMPsA3oEkhZRF8Mjxja3WS46TzrVaXb8XzAOa628T/dagDcuycYMry0G/StumyT4QgMlv3pnS3A9mti4guf9rQroJXtYt/Iz3o9LQBV5gkrthToB7ar3X60F+KbyVRY8sZT5TjIb9OrF1nZUR+E4zxZFXrddvkC3bLfIn9IvFkUynxxlUfhuo6s9uQMz/iP6ZrirzbWrEcaB6WLlvWE1B6S9fth4O7WOCQLG//aZP4Ck8kJEYeS7XXLWboFQSrslRLGHwVS8H2BnXODxw/Lmn+FlyTJ2RYbbQB2PxdQhxDZt7oeA72ssqUyGla/hLdNK2DxYQ3Ec1mMEEa2nztjhcXV0=; 5:URspffBleGbkGFyX/kKl6IjTZY+qglofp4c5H8MgQxqtyf54ueaPYhe8eTpSQL9dvBOEvGSAmM4ZRg37JGxV4RAuBNZQjywz80hF/TsK6slu9kkBXviOGCKUp0ycYfiYcCr4UDRCZcdt6vI4ckHHDCo1+f0Iy9W6z+8TNQFtHIA=; 24:z4aKXDQ/SM1EQpafI4ZeAPIdgzYF4MCm8bvXqGzOMiYHWsY9rBv3LW6+9VUOohkNNP63vIvC6HJPcLYKZpwFcUSAa6piBRwu+J8yUS1d64U=; 7:m5n61Fb4ckELM82jcujWGaKBTRwFWSUyyaQKH8o5qTL39nJAIpe8VKQlBIpfIUVV1tdzhFt4kvJqCJlNOtFeK+wsCZ5468Eoh9MbckK0N2KDbSuSDwVKaUyCtFiNbE8yMWLC1KE34tMaQ3eM8bbPXshvlT5ivjdjOS0o99j8cBdqaKnynvDeraFJsKEBhkZ6DSalFdpuWHjS/D7LaH9VmoNjV6jBdO+fdRUaBWX5Ij4x2qnXswryP5Dh26ImY3vk
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 7077eb64-1d6a-44d5-05ec-08d5284f8244
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603199); SRVR:DB5PR08MB0613; 
x-ms-traffictypediagnostic: DB5PR08MB0613:
x-exchange-antispam-report-test: UriScan:(192374486261705)(176295241369792);
x-microsoft-antispam-prvs: <DB5PR08MB0613652E6C30BC83ADB9D86CEA540@DB5PR08MB0613.eurprd08.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(3002001)(10201501046)(3231021)(93006095)(93001095)(100000703101)(100105400095)(6055026)(6041248)(20161123555025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123558100)(20161123562025)(20161123564025)(20161123560025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:DB5PR08MB0613; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:DB5PR08MB0613; 
x-forefront-prvs: 0487C0DB7E
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39860400002)(376002)(346002)(40434004)(199003)(3905003)(189002)(83716003)(97736004)(86362001)(5250100002)(6436002)(5890100001)(72206003)(4326008)(316002)(3660700001)(236005)(1730700003)(2501003)(8676002)(99286004)(6506006)(6486002)(606006)(6116002)(14454004)(102836003)(3846002)(105586002)(5640700003)(5660300001)(66066001)(36756003)(7736002)(82746002)(6916009)(6512007)(2351001)(106356001)(45080400002)(50226002)(2906002)(33656002)(53946003)(81156014)(81166006)(2900100001)(50986999)(8936002)(25786009)(101416001)(478600001)(3280700002)(966005)(189998001)(68736007)(6306002)(54896002)(53936002)(57306001)(230783001)(579004)(559001); DIR:OUT; SFP:1101; SCL:1; SRVR:DB5PR08MB0613; H:DB5PR08MB0615.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords;  A:1; MX:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_52E902404041465096CC865E82935450armcom_"
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 7077eb64-1d6a-44d5-05ec-08d5284f8244
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Nov 2017 15:27:09.4879 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB5PR08MB0613
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/Hq8NjQJG-EEvHSWjIXMXhCgx1OA>
Subject: [Suit] Threat Model and User Stories for draft-moran-suit-manifest-00
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Nov 2017 15:27:19 -0000

--_000_52E902404041465096CC865E82935450armcom_
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64

VGhlIG1hbmlmZXN0IGZvcm1hdCBhcyBkZXNjcmliZWQgaW4gZHJhZnQtbW9yYW4tc3VpdC1tYW5p
ZmVzdC0wMCB3YXMgZGVzaWduZWQgdXNpbmcgYSB0aHJlYXQgbW9kZWwgYW5kIGEgc2V0IG9mIFVz
ZXIgc3Rvcmllcy4gRnJvbSB0aGUgdGhyZWF0IG1vZGVsLCB3ZSBleHRyYWN0ZWQgc2VjdXJpdHkg
cmVxdWlyZW1lbnRzIHRoYXQgbWl0aWdhdGUgdGhlIHRocmVhdHMgYW5kIHBsYWNlZCBmaWVsZHMg
aW4gdGhlIG1hbmlmZXN0IHRoYXQgZW5hYmxlIGltcGxlbWVudGF0aW9uIG9mIHRoZSBzZWN1cml0
eSByZXF1aXJlbWVudHMuIEZyb20gdGhlIHVzZXIgc3Rvcmllcywgd2UgZXh0cmFjdGVkIHVzYWJp
bGl0eSByZXF1aXJlbWVudHMgdGhhdCBlbmFibGUgdGhvc2UgdXNlciBzdG9yaWVzLCBhbmQgcGxh
Y2VkIGZpZWxkcyBpbiB0aGUgbWFuaWZlc3QgdGhhdCBpbXBsZW1lbnQgdGhvc2UgdXNhYmlsaXR5
IHJlcXVpcmVtZW50cy4NCg0KTm90ZSB0aGF0IG5vdCBhbGwgdXNlciBzdG9yaWVzIGFyZSBjb3Zl
cmVkIGhlcmUuIFRoaXMgaXMgaW50ZW50aW9uYWwsIHNpbmNlIHRoZXJlIGFyZSBhIGdyZWF0IG1h
bnkgcG9zc2libGUgdXNlciBzdG9yaWVzLCBvbmx5IHN1ZmZpY2llbnQgdXNlciBzdG9yaWVzIHRv
IGNvdmVyIHRoZSBmaWVsZHMgaW4gdGhlIE1hbmlmZXN0IGhhdmUgYmVlbiBpbmNsdWRlZC4NCg0K
QmVzdCBSZWdhcmRzLA0KQnJlbmRhbiBNb3Jhbg0KDQpUaHJlYXQgTW9kZWwNCj09PT09PT09PT09
PT09PT09PT09PT09DQpJIHdpbGwgZGVzY3JpYmUgdGhlIHRocmVhdHMgd2UgaGF2ZSBjb25zaWRl
cmVkLCB0aGUgc2VjdXJpdHkgcmVxdWlyZW1lbnRzIHRoYXQgYXJlIGRlcml2ZWQgZnJvbSB0aG9z
ZSB0aHJlYXRzIGFuZCB0aGUgZmllbGRzIHRoYXQgcGVybWl0IGltcGxlbWVudGF0aW9uIG9mIHRo
ZSBzZWN1cml0eSByZXF1aXJlbWVudHMuIEkgd2lsbCBhZGRyZXNzIHRoZSB0aHJlYXRzIGluIHRo
ZSBvcmRlciB0aGF0IHRoZSByZWxldmFudCBmaWVsZHMgYXBwZWFyLg0KDQpUaGlzIG1vZGVsIHVz
ZXMgdGhlIFMuVC5SLkkuRC5FLiBhcHByb2FjaC4gRWFjaCB0aHJlYXQgaXMgY2xhc3NpZmllZCBh
Y2NvcmRpbmcgdG86DQoqIFNwb29maW5nIElkZW50aXR5DQoqIFRhbXBlcmluZyB3aXRoIGRhdGEN
CiogUmVwdWRpYXRpb24NCiogSW5mb3JtYXRpb24gZGlzY2xvc3VyZQ0KKiBEZW5pYWwgb2Ygc2Vy
dmljZQ0KKiBFbGV2YXRpb24gb2YgcHJpdmlsZWdlDQpTZWUgaGVyZSBmb3IgbW9yZSBpbmZvcm1h
dGlvbiBvbiBUaGUgU1RSSURFIFRocmVhdCBNb2RlbDogaHR0cHM6Ly9tc2RuLm1pY3Jvc29mdC5j
b20vZW4tdXMvbGlicmFyeS9lZTgyMzg3OCh2PWNzLjIwKS5hc3B4DQoNCk4uQi4gSW4gZmlybXdh
cmUgdXBkYXRlLCBpdCBpcyBjb21tb24gZm9yIGFuIGF0dGFjayB0byBleHBvc2UgYWxsIGNsYXNz
ZXMgb2YgdGhyZWF0Lg0KDQpUaHJlYXQgRGVzY3JpcHRpb25zDQo9PT09PT09PT09PT09PT09PT09
PT09PQ0KDQpUaHJlYXQgTUZUMTogT2xkIEZpcm13YXJlDQotLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLQ0KQ2xhc3NpZmljYXRpb246IEVzY2FsYXRpb24gb2YgUHJpdmlsZWdlDQoN
CkFuIGF0dGFja2VyIHNlbmRzIGFuIG9sZCwgYnV0IHZhbGlkIG1hbmlmZXN0IHRvIGEgZGV2aWNl
IHdpdGggYW4gb2xkLCBidXQgdmFsaWQgcGF5bG9hZC4gSWYgdGhlcmUgaXMgYSBrbm93biB2dWxu
ZXJhYmlsaXR5IGluIHRoZSBwYXlsb2FkLCB0aGlzIGNhbiBhbGxvdyBhbiBhdHRhY2tlciB0byBn
YWluIGNvbXBsZXRlIGNvbnRyb2wgb2YgYSBkZXZpY2UuDQoNClRocmVhdCBFc2NhbGF0aW9uOiBJ
ZiB0aGUgYXR0YWNrZXIgaXMgYWJsZSB0byBleHBsb2l0IHRoZSBrbm93biB2dWxuZXJhYmlsaXR5
LCB0aGVuIHRoaXMgdGhyZWF0IGNhbiBiZSBlc2NhbGF0ZWQgdG8gQUxMIFRZUEVTDQoNClRocmVh
dCBNRlQyOiBNaXNtYXRjaGVkIEZpcm13YXJlDQotLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLQ0KQ2xhc3NpZmljYXRpb246IERlbmlhbCBvZiBTZXJ2aWNlDQoNCkFuIGF0dGFja2Vy
IHNlbmRzIHZhbGlkIGZpcm13YXJlLCBmb3IgdGhlIHdyb25nIHR5cGUgb2YgZGV2aWNlLCBzaWdu
ZWQgYnkgYW4gYWN0b3Igd2l0aCBmaXJtd2FyZSBpbnN0YWxsYXRpb24gYXV0aG9yaXR5IG9uIGJv
dGggdHlwZXMgb2YgZGV2aWNlLiBUaGUgZmlybXdhcmUgaXMgdHJ1c3RlZCBieSB0aGUgZGV2aWNl
IGJlY2F1c2UgaXQgaXMgc2lnbmVkIGJ5IGFuIGFjdG9yIHdpdGggZmlybXdhcmUgaW5zdGFsbGF0
aW9uIGF1dGhvcml0eS4gVGhpcyBjb3VsZCBoYXZlIHdpZGUtcmFuZ2luZyBjb25zZXF1ZW5jZXMu
IEZvciBkZXZpY2VzIHRoYXQgYXJlIHNpbWlsYXIsIGl0IGNvdWxkIGNhdXNlIG1pbm9yIGJyZWFr
YWdlLCBvciBleHBvc2Ugc2VjdXJpdHkgdnVsbmVyYWJpbGl0aWVzLiBGb3IgZGV2aWNlcyB0aGF0
IGFyZSB2ZXJ5IGRpZmZlcmVudCwgaXQgaXMgbGlrZWx5IHRvIHJlbmRlciBkZXZpY2VzIGlub3Bl
cmFibGUuDQoNClRocmVhdCBNRlQzOiBPZmZsaW5lIGRldmljZSArIE9sZCBGaXJtd2FyZQ0KLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCkNsYXNzaWZpY2F0aW9uOiBFc2NhbGF0
aW9uIG9mIFByaXZpbGVnZQ0KDQpBbiBhdHRhY2tlciB0YXJnZXRzIGEgZGV2aWNlIHRoYXQgaGFz
IGJlZW4gb2ZmbGluZSBmb3IgYSBsb25nIHRpbWUgYW5kIHJ1bnMgYW4gb2xkIGZpcm13YXJlIHZl
cnNpb24uIFRoZSBhdHRhY2tlciBzZW5kcyBhbiBvbGQsIGJ1dCB2YWxpZCBtYW5pZmVzdCB0byBh
IGRldmljZSB3aXRoIGFuIG9sZCwgYnV0IHZhbGlkIHBheWxvYWQuIFRoZSBhdHRhY2tlci1wcm92
aWRlZCBmaXJtd2FyZSBpcyBuZXdlciB0aGFuIHRoZSBpbnN0YWxsZWQgb25lIGJ1dCBvbGRlciB0
aGFuIHRoZSBtb3N0IHJlY2VudGx5IGF2YWlsYWJsZSBmaXJtd2FyZS4gSWYgdGhlcmUgaXMgYSBr
bm93biB2dWxuZXJhYmlsaXR5IGluIHRoZSBwYXlsb2FkLCB0aGlzIGNhbiBhbGxvdyBhbiBhdHRh
Y2tlciB0byBnYWluIGNvbXBsZXRlIGNvbnRyb2wgb2YgYSBkZXZpY2UuIEJlY2F1c2UgdGhlIGRl
dmljZSBoYXMgYmVlbiBvZmZsaW5lIGZvciBhIGxvbmcgdGltZSwgaXQgaXMgdW5hd2FyZSBvZiBh
bnkgbmV3IHVwZGF0ZXMuIEFzIHN1Y2ggaXQgd2lsbCB0cmVhdCB0aGUgb2xkIG1hbmlmZXN0IGFz
IHRoZSBtb3N0IGN1cnJlbnQuDQoNClRocmVhdCBFc2NhbGF0aW9uOiBJZiB0aGUgYXR0YWNrZXIg
aXMgYWJsZSB0byBleHBsb2l0IHRoZSBrbm93biB2dWxuZXJhYmlsaXR5LCB0aGVuIHRoaXMgdGhy
ZWF0IGNhbiBiZSBlc2NhbGF0ZWQgdG8gQUxMIFRZUEVTDQoNClRocmVhdCBNRlQ0OiBUaGUgdGFy
Z2V0IGRldmljZSBtaXNpbnRlcnByZXRzIHRoZSB0eXBlIG9mIHBheWxvYWQuDQotLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KQ2xhc3NpZmljYXRpb246IERlbmlhbCBvZiBTZXJ2
aWNlDQoNCklmIGEgZGV2aWNlIG1pc2ludGVycHJldHMgdGhlIHBheWxvYWQgdHlwZSwgaXQgbWF5
IGNhdXNlIGEgZGV2aWNlIHRvIGluc3RhbGwgYSBwYXlsb2FkIGluY29ycmVjdGx5LiBBbiBpbmNv
cnJlY3RseSBpbnN0YWxsZWQgcGF5bG9hZCB3b3VsZCBsaWtlbHkgY2F1c2UgdGhlIGRldmljZSB0
byBzdG9wIGZ1bmN0aW9uaW5nLg0KDQpUaHJlYXQgRXNjYWxhdGlvbjogQW4gYXR0YWNrZXIgdGhh
dCBjYW4gY2F1c2UgYSBkZXZpY2UgdG8gbWlzaW50ZXJwcmV0IHRoZSByZWNlaXZlZCBjb2RlIGFu
ZCBjb3VsZCBnYWluIGFuIEVzY2FsYXRpb24gb2YgUHJpdmlsZWdlIGFuZCBwb3RlbnRpYWxseSBl
eHBhbmQgdGhpcyB0byBhbGwgdHlwZXMgb2YgdGhyZWF0Lg0KDQpUaHJlYXQgTUZUNTogVGhlIHRh
cmdldCBkZXZpY2UgaW5zdGFsbHMgdGhlIHBheWxvYWQgdG8gdGhlIHdyb25nIGxvY2F0aW9uDQot
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KQ2xhc3NpZmljYXRpb246IERlbmlh
bCBvZiBTZXJ2aWNlDQoNCklmIGEgZGV2aWNlIGluc3RhbGxzIGNvZGUgb3IgZGF0YSB0byB0aGUg
d3JvbmcgcGFydCBvZiB0aGUgZGV2aWNlLCB0aGVuIGl0IGlzIGxpa2VseSB0byBicmVhay4gQSBm
aXJtd2FyZSBpbnN0YWxsZWQgYXMgY29uZmlndXJhdGlvbiBvciBhIG5ldHdvcmsgc3RhY2sgaW5z
dGFsbGVkIGFzIGFuIGFwcGxpY2F0aW9uIGNvdWxkIGNhdXNlIGEgZGV2aWNlIHRvIHN0b3AgZnVu
Y3Rpb25pbmcuDQoNClRocmVhdCBFc2NhbGF0aW9uOiBBbiBhdHRhY2tlciB0aGF0IGNhbiBjYXVz
ZSBhIGRldmljZSB0byBtaXNpbnRlcnByZXQgdGhlIHJlY2VpdmVkIGNvZGUgYW5kIGNvdWxkIGdh
aW4gYW4gRXNjYWxhdGlvbiBvZiBQcml2aWxlZ2UgYW5kIHBvdGVudGlhbGx5IGV4cGFuZCB0aGlz
IHRvIGFsbCB0eXBlcyBvZiB0aHJlYXQuDQoNClRocmVhdCBNRlQ2OiBSZWRpcmVjdGlvbg0KLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCkNsYXNzaWZpY2F0aW9uOiBEZW5pYWwg
b2YgU2VydmljZQ0KDQpJZiBhIGRldmljZSBkb2VzIG5vdCBrbm93IHdoZXJlIHRvIG9idGFpbiB0
aGUgcGF5bG9hZCBmb3IgYW4gdXBkYXRlLCBpdCBtYXkgYmUgcmVkaXJlY3RlZCB0byBhbiBhdHRh
Y2tlcuKAmXMgc2VydmVyLiBUaGlzIHdvdWxkIGFsbG93IGFuIGF0dGFja2VyIHRvIHByb3ZpZGUg
YnJva2VuIHBheWxvYWRzIHRvIGRldmljZXMgd2l0aG91dCBuZWVkaW5nIHRvIGNvbnN0cnVjdCBh
IE1hbiBpbiB0aGUgTWlkZGxlLg0KDQpUaHJlYXQgTUZUNzogUGF5bG9hZCBWZXJpZmljYXRpb24g
b24gQm9vdA0KLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCkNsYXNzaWZpY2F0
aW9uOiBBbGwgVHlwZXMNCg0KQW4gYXR0YWNrZXIgcmVwbGFjZXMgYSBuZXdseSBkb3dubG9hZGVk
IGZpcm13YXJlIGFmdGVyIGEgZGV2aWNlIGZpbmlzaGVzIHZlcmlmeWluZyBhIG1hbmlmZXN0LiBU
aGlzIGNvdWxkIGNhdXNlIHRoZSBkZXZpY2UgdG8gZXhlY3V0ZSB0aGUgYXR0YWNrZXLigJlzIGNv
ZGUuIFRoaXMgYXR0YWNrIGxpa2VseSByZXF1aXJlcyBwaHlzaWNhbCBhY2Nlc3MgdG8gdGhlIGRl
dmljZSwgaG93ZXZlciBpdCBpcyBwb3NzaWJsZSB0aGF0IGl0IGNvdWxkIGJlIGNhcnJpZWQgb3V0
IHdoZW4gY29tYmluZWQgd2l0aCBhbm90aGVyIHRocmVhdCB0aGF0IGFsbG93cyByZW1vdGUgZXhl
Y3V0aW9uLg0KDQpUaHJlYXQgTUZUODogVW5hdXRoZW50aWNhdGVkIFVwZGF0ZXMNCi0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpDbGFzc2lmaWNhdGlvbjogQWxsIFR5cGVzDQoN
CklmIGFuIGF0dGFja2VyIGNhbiBpbnN0YWxsIHRoZWlyIGZpcm13YXJlIG9uIGEgZGV2aWNlLCBi
eSBtYW5pcHVsYXRpbmcgZWl0aGVyIHBheWxvYWQgb3IgbWV0YWRhdGEsIHRoZW4gdGhleSBoYXZl
IGNvbXBsZXRlIGNvbnRyb2wgb2YgdGhlIGRldmljZS4NCg0KVGhyZWF0IE1GVDk6IFVuZXhwZWN0
ZWQgUHJlY3Vyc29yIGltYWdlcw0KLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0N
CkNsYXNzaWZpY2F0aW9uOiBEZW5pYWwgb2YgU2VydmljZQ0KDQpBbiBhdHRhY2tlciBzZW5kcyBh
IHZhbGlkLCBjdXJyZW50IG1hbmlmZXN0IHRvIGEgZGV2aWNlIHRoYXQgaGFzIGFuIHVuZXhwZWN0
ZWQgcHJlY3Vyc29yIGltYWdlLiBJZiBhIHBheWxvYWQgZm9ybWF0IHJlcXVpcmVzIGEgcHJlY3Vy
c29yIGltYWdlIChmb3IgZXhhbXBsZSwgZGVsdGEgdXBkYXRlcykgYW5kIHRoYXQgcHJlY3Vyc29y
IGltYWdlIGlzIG5vdCBhdmFpbGFibGUgb24gdGhlIHRhcmdldCBkZXZpY2UsIGl0IGNvdWxkIGNh
dXNlIHRoZSB1cGRhdGUgdG8gYnJlYWsuDQoNClRocmVhdCBFc2NhbGF0aW9uOiBBbiBhdHRhY2tl
ciB0aGF0IGNhbiBjYXVzZSBhIGRldmljZSB0byBpbnN0YWxsIGEgcGF5bG9hZCBhZ2FpbnN0IHRo
ZSB3cm9uZyBwcmVjdXJzb3IgaW1hZ2UgY291bGQgZ2FpbiBhbiBFc2NhbGF0aW9uIG9mIFByaXZp
bGVnZSBhbmQgcG90ZW50aWFsbHkgZXhwYW5kIHRoaXMgdG8gYWxsIHR5cGVzIG9mIHRocmVhdC4N
Cg0KDQpTZWN1cml0eSBSZXF1aXJlbWVudHMNCj09PT09PT09PT09PT09PT09PT09PT09DQpUaGUg
c2VjdXJpdHkgcmVxdWlyZW1lbnRzIGhlcmUgYXJlIGEgc2V0IG9mIHBvbGljaWVzIHRoYXQgbWl0
aWdhdGUgdGhlIHRocmVhdHMgZGVzY3JpYmVkIGluIHRoZSBwcmV2aW91cyBzZWN0aW9uDQoNClNl
Y3VyaXR5IFJlcXVpcmVtZW50IE1GU1IxOiBtb25vdG9uaWMgc2VxdWVuY2UgbnVtYmVycw0KLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCk9ubHkgYW4gYWN0b3Igd2l0aCBmaXJt
d2FyZSBpbnN0YWxsYXRpb24gYXV0aG9yaXR5IGlzIHBlcm1pdHRlZCB0byBkZWNpZGUgd2hlbiBk
ZXZpY2UgZmlybXdhcmUgY2FuIGJlIGluc3RhbGxlZC4gVG8gZW5mb3JjZSB0aGlzIHJ1bGUsIE1h
bmlmZXN0cyBNVVNUIGNvbnRhaW4gYSBtb25vdG9uaWMgc2VxdWVuY2UgbnVtYmVyLiBNYW5pZmVz
dHMgTUFZIHVzZSBVVEMgZXBvY2ggdGltZXN0YW1wcyB0byBjb29yZGluYXRlIG1vbm90b25pYyBz
ZXF1ZW5jZSBudW1iZXJzIGFjcm9zcyBtYW55IGFjdG9ycyBpbiBtYW55IGxvY2F0aW9ucy4gRGV2
aWNlcyBNVVNUIHJlamVjdCBtYW5pZmVzdHMgd2l0aCBzZXF1ZW5jZSBudW1iZXJzIHNtYWxsZXIg
dGhhbiBhbnkgb25ib2FyZCBzZXF1ZW5jZSBudW1iZXIuDQoNCk4uQi4gVGhpcyBpcyBub3QgYSBm
aXJtd2FyZSB2ZXJzaW9uLiBJdCBpcyBhIG1hbmlmZXN0IHNlcXVlbmNlIG51bWJlci4gQSBmaXJt
d2FyZSB2ZXJzaW9uIG1heSBiZSByb2xsZWQgYmFjayBieSBjcmVhdGluZyBhIG5ldyBtYW5pZmVz
dCBmb3IgdGhlIG9sZCBmaXJtd2FyZSB2ZXJzaW9uIHdpdGggYSBsYXRlciBzZXF1ZW5jZSBudW1i
ZXIuDQoNCk1pdGlnYXRlczogVGhyZWF0IE1GVDENCg0KU2VjdXJpdHkgUmVxdWlyZW1lbnQgTUZT
UjI6IFZlbmRvciwgZGV2aWNlLXR5cGUgaWRlbnRpZmllcnMNCi0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tDQpEZXZpY2VzIE1VU1Qgb25seSBhcHBseSBmaXJtd2FyZSB0aGF0IGlz
IGludGVuZGVkIGZvciB0aGVtLiBEZXZpY2VzIE1VU1Qga25vdyB3aXRoIGZpbmUgZ3JhbnVsYXJp
dHkgdGhhdCBhIGdpdmVuIHVwZGF0ZSBhcHBsaWVzIHRvIHRoZWlyIHZlbmRvciwgbW9kZWwsIGhh
cmR3YXJlIHJldmlzaW9uLCBzb2Z0d2FyZSByZXZpc2lvbi4gSHVtYW4tcmVhZGFibGUgaWRlbnRp
ZmllcnMgYXJlIG9mdGVuIGVycm9yLXByb25lIGluIHRoaXMgcmVnYXJkLCBzbyBVbmlxdWUtSURz
IFNIT1VMRCBiZSB1c2VkLg0KDQpNaXRpZ2F0ZXM6IFRocmVhdCBNRlQyDQoNClNlY3VyaXR5IFJl
cXVpcmVtZW50IE1GU1IzOiBCZXN0LUJlZm9yZSB0aW1lc3RhbXBzDQotLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLQ0KRmlybXdhcmUgTUFZIGV4cGlyZSBhZnRlciBhIGdpdmVuIHRp
bWUuIERldmljZXMgTUFZIHByb3ZpZGUgYSBzZWN1cmUgY2xvY2sgKGxvY2FsIG9yIHJlbW90ZSku
IElmIGEgc2VjdXJlIGNsb2NrIGlzIHByb3ZpZGVkIGFuZCB0aGUgRmlybXdhcmUgTWFuaWZlc3Qg
aGFzIGEgYmVzdC1iZWZvcmUgdGltZXN0YW1wLCB0aGUgZGV2aWNlIE1VU1QgcmVqZWN0IHRoZSBt
YW5pZmVzdCBpZiBjdXJyZW50IHRpbWUgaXMgbGFyZ2VyIHRoYW4gdGhlIGJlc3QtYmVmb3JlIHRp
bWUuDQoNCk1pdGlnYXRlczogVGhyZWF0IE1GVDMNCg0KU2VjdXJpdHkgUmVxdWlyZW1lbnQgTUZT
UjQ6IFNpZ25lZCBQYXlsb2FkIERlc2NyaXB0b3INCi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tDQpBbGwgZGVzY3JpcHRpdmUgaW5mb3JtYXRpb24gYWJvdXQgdGhlIHBheWxvYWQg
TVVTVCBiZSBzaWduZWQuIFRoaXMgTVVTVCBpbmNsdWRlOg0KKiBUaGUgbG9jYXRpb24gdG8gc3Rv
cmUgdGhlIHBheWxvYWQNCiogVGhlIHBheWxvYWQgZGlnZXN0LCBpbiBlYWNoIHN0YXRlIG9mIGlu
c3RhbGxhdGlvbiAoZW5jcnlwdGVkLCBwbGFpbnRleHQsIGluc3RhbGxlZCwgZXRjLikNCiogVGhl
IHBheWxvYWQgc2l6ZQ0KKiBUaGUgcGF5bG9hZCBmb3JtYXQNCiogV2hlcmUgdG8gb2J0YWluIHRo
ZSBwYXlsb2FkDQoqIEFsbCBpbnN0cnVjdGlvbnMgb3IgcGFyYW1ldGVycyBmb3IgYXBwbHlpbmcg
dGhlIHBheWxvYWQNCiogQW55IHJ1bGVzIHRoYXQgaWRlbnRpZnkgd2hldGhlciBvciBub3QgdGhl
IHBheWxvYWQgY2FuIGJlIHVzZWQgb24gdGhpcyBkZXZpY2UNCg0KTWl0aWdhdGVzOiBUaHJlYXRz
IE1GVDUsIE1GVDYsIE1GVDcsIE1GVDkNCg0KU2VjdXJpdHkgUmVxdWlyZW1lbnQgTUZTUjU6IFBy
b3ZhYmxlIGF1dGhlbnRpY2l0eQ0KLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0N
ClRoZSBhdXRoZW50aWNpdHkgb2YgYW4gdXBkYXRlIG11c3QgYmUgcHJvdmFibGUsIHdpdGggc3Vm
ZmljaWVudCBsZXZlbHMgb2YgZW50cm9weSB0byByZW1haW4gc2VjdXJlIGZvciB0aGUgbGlmZXRp
bWUgb2YgdGhlIGRldmljZS4gVHlwaWNhbGx5LCB0aGlzIG1lYW5zIHRoYXQgdXBkYXRlcyBtdXN0
IGJlIHNpZ25lZC4gT3RoZXIgcHJvb2YgbWVjaGFuaXNtcyBhcmUgYWNjZXB0YWJsZSwgc3VjaCBh
cyBNQUNzLCBvciBBdXRoZW50aWNhdGVkIEVuY3J5cHRpb24sIG9yIEFFQUQgYWxnb3JpdGhtcy4g
QmVjYXVzZSB0aGUgbWFuaWZlc3QgY29udGFpbnMgaW5mb3JtYXRpb24gYWJvdXQgaG93IHRvIGlu
c3RhbGwgdGhlIHVwZGF0ZSwgdGhlIG1hbmlmZXN0J3MgYXV0aGVudGljaXR5IG11c3QgYmUgcHJv
dmFibGUuIFRvIHJlZHVjZSB0aGUgb3ZlcmhlYWQgcmVxdWlyZWQgZm9yIHZhbGlkYXRpb24sIHRo
ZSBtYW5pZmVzdCBjb250YWlucyB0aGUgZGlnZXN0IG9mIHRoZSBwYXlsb2FkLCByYXRoZXIgdGhh
biBhbm90aGVyIHNpZ25hdHVyZS4gVGhpcyBkb2VzIG5vdCBjaGFuZ2UgdGhlIHByb3ZhYmlsaXR5
IG9mIHRoZSBwYXlsb2FkLiBUaGUgYXV0aGVudGljaXR5IG9mIHRoZSBtYW5pZmVzdCBpcyBwcm92
YWJsZSB3aXRoIGEgc2lnbmF0dXJlLCB0aGUgYXV0aGVudGljaXR5IG9mIHRoZSBwYXlsb2FkIGRp
Z2VzdCBpcyBwcm92YWJsZSB3aXRoIHRoZSBtYW5pZmVzdCwgYW5kIHRoZSBhdXRoZW50aWNpdHkg
b2YgdGhlIHBheWxvYWQgaXMgcHJvdmFibGUgd2l0aCB0aGUgcGF5bG9hZCBkaWdlc3QuDQoNCk1p
dGlnYXRlczogVGhyZWF0IE1GVDgNCg0KVXNlciBTdG9yaWVzDQo9PT09PT09PT09PT09PT09PT09
PT09PQ0KVXNlciBzdG9yaWVzIHByb3ZpZGUgZXhwZWN0ZWQgdXNlLWNhc2VzLiBUaGVzZSBhcmUg
dXNlZCB0byBmZWVkIGludG8gdXNhYmlsaXR5IHJlcXVpcmVtZW50cy4NCg0KVXNlIENhc2UgTUZV
QzE6IEluc3RhbGxhdGlvbiBJbnN0cnVjdGlvbnMNCi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tDQpBcyBhbiBPRU0gZm9yIElvVCBkZXZpY2VzLCBJIHdhbnQgdG8gcHJvdmlkZSBt
eSBkZXZpY2VzIHdpdGggYWRkaXRpb25hbCBpbnN0YWxsYXRpb24gaW5zdHJ1Y3Rpb25zIHNvIHRo
YXQgSSBjYW4ga2VlcCBwcm9jZXNzIGRldGFpbCBvdXQgb2YgbXkgcGF5bG9hZCBkYXRhLg0KDQpT
b21lIGluc3RhbGxhdGlvbiBpbnN0cnVjdGlvbnMgbWlnaHQgYmU6DQoqIFNwZWNpZnkgYSBwYWNr
YWdlIGhhbmRsZXINCiogVXNlIGEgdGFibGUgb2YgaGFzaGVzIHRvIGVuc3VyZSB0aGF0IGVhY2gg
YmxvY2sgb2YgdGhlIHBheWxvYWQgaXMgdmFsaWRhdGUgYmVmb3JlIHdyaXRpbmcuDQoqIFJ1biBw
b3N0LXByb2Nlc3Npbmcgc2NyaXB0IGFmdGVyIHRoZSB1cGRhdGUgaXMgaW5zdGFsbGVkDQoqIERv
IG5vdCByZXBvcnQgcHJvZ3Jlc3MNCiogUHJlLWNhY2hlIHRoZSB1cGRhdGUsIGJ1dCBkbyBub3Qg
aW5zdGFsbA0KKiBJbnN0YWxsIHRoZSBwcmUtY2FjaGVkIHVwZGF0ZSBtYXRjaGluZyB0aGlzIG1h
bmlmZXN0DQoqIEluc3RhbGwgdGhpcyB1cGRhdGUgaW1tZWRpYXRlbHksIG92ZXJyaWRpbmcgYW55
IGxvbmctcnVubmluZyB0YXNrcy4NCg0KDQpVc2UgQ2FzZSBNRlVDMjogT3BlcmF0b3IgSW5mcmFz
dHJ1Y3R1cmUNCi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpBcyBhbiBPcGVy
YXRvciBvZiBJb1QgZGV2aWNlcywgSSB3b3VsZCBsaWtlIHRvIHRlbGwgbXkgZGV2aWNlcyB0byBs
b29rIGF0IG15IG93biBpbmZyYXN0cnVjdHVyZSBmb3IgcGF5bG9hZHMgc28gdGhhdCBJIGNhbiBt
YW5hZ2UgdGhlIHRyYWZmaWMgZ2VuZXJhdGVkIGJ5IGZpcm13YXJlIHVwZGF0ZXMgb24gbXkgbmV0
d29yayBhbmQgbXkgcGVlcnPigJkgbmV0d29ya3MuDQoNClVzZSBDYXNlIE1GVUMzOiBNb2R1bGFy
IFVwZGF0ZQ0KLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCkFzIGFuIE9FTSBv
ZiBJb1QgZGV2aWNlcywgSSB3YW50IHRvIGRpdmlkZSBteSBmaXJtd2FyZSBpbnRvIGZyZXF1ZW50
bHkgdXBkYXRlZCBhbmQgaW5mcmVxdWVudGx5IHVwZGF0ZWQgY29tcG9uZW50cywgc28gdGhhdCBJ
IGNhbiByZWR1Y2UgdGhlIHNpemUgb2YgdXBkYXRlcyBhbmQgbWFrZSBkaWZmZXJlbnQgcGFydGll
cyByZXNwb25zaWJsZSBmb3IgZGlmZmVyZW50IGNvbXBvbmVudHMuDQoNClVzZSBDYXNlIE1GVUM0
OiBNdWx0aXBsZSBBdXRob3Jpc2F0aW9ucw0KLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0NCkFzIGFuIE9wZXJhdG9yLCBJIHdhbnQgdG8gZW5zdXJlIHRoZSBxdWFsaXR5IG9mIGEg
ZmlybXdhcmUgdXBkYXRlIGJlZm9yZSBpbnN0YWxsaW5nIGl0LCBzbyB0aGF0IEkgY2FuIGVuc3Vy
ZSBhIGhpZ2ggc3RhbmRhcmQgb2YgcmVsaWFiaWxpdHkgb24gbXkgbmV0d29yay4gVGhlIE9FTSBt
YXkgcmVzdHJpY3QgbXkgYWJpbGl0eSB0byBjcmVhdGUgZmlybXdhcmUsIHNvIEkgY2Fubm90IGJl
IHRoZSBvbmx5IGF1dGhvcml0eSBvbiB0aGUgZGV2aWNlLg0KDQpVc2UgQ2FzZSBNRlVDNTogTXVs
dGlwbGUgUGF5bG9hZCBGb3JtYXRzDQotLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LQ0KQXMgYSBPRU0gb3IgT3BlcmF0b3Igb2YgZGV2aWNlcywgSSB3YW50IHRvIGJlIGFibGUgdG8g
c2VuZCBtdWx0aXBsZSBwYXlsb2FkIGZvcm1hdHMgdG8gc3VpdCB0aGUgbmVlZHMgb2YgbXkgdXBk
YXRlLCBzbyB0aGF0IEkgY2FuIG9wdGltaXNlIHRoZSBiYW5kd2lkdGggdXNlZCBieSBteSBkZXZp
Y2VzLg0KDQoNClVzYWJpbGl0eSBSZXF1aXJlbWVudHMNCj09PT09PT09PT09PT09PT09PT09PT09
DQpUaGUgZm9sbG93aW5nIHVzYWJpbGl0eSByZXF1aXJlbWVudHMgc2F0aXNmeSB0aGUgdXNlciBz
dG9yaWVzIGxpc3RlZCBhYm92ZS4NCg0KVXNhYmlsaXR5IFJlcXVpcmVtZW50IE1GVVIxOg0KSXQg
bXVzdCBiZSBwb3NzaWJsZSB0byB3cml0ZSBhZGRpdGlvbmFsIGluc3RhbGxhdGlvbiBpbnN0cnVj
dGlvbnMgaW50byB0aGUgbWFuaWZlc3QuDQoNClNhdGlzZmllcyBVc2UtQ2FzZSBNRlVDMQ0KDQpV
c2FiaWxpdHkgUmVxdWlyZW1lbnQgTUZVUjI6DQotLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLQ0KSXQgbXVzdCBiZSBwb3NzaWJsZSB0byByZWRpcmVjdCBwYXlsb2FkIGZldGNoZXMu
IFRoaXMgYXBwbGllcyB3aGVyZSB0d28gbWFuaWZlc3RzIGFyZSB1c2VkIGluIGNvbmp1bmN0aW9u
LiBGb3IgZXhhbXBsZSwgYW4gT0VNIG1hbmlmZXN0IHNwZWNpZmllcyBhIHBheWxvYWQgYW5kIHNp
Z25zIGl0LCBhbmQgcHJvdmlkZXMgYSBVUkkgZm9yIHRoYXQgcGF5bG9hZC4gQW4gT3BlcmF0b3Ig
Y3JlYXRlcyBhIHNlY29uZCBtYW5pZmVzdCwgd2l0aCBhIGRlcGVuZGVuY3kgb24gdGhlIGZpcnN0
LiBUaGV5IHVzZSB0aGlzIHNlY29uZCBtYW5pZmVzdCB0byBvdmVycmlkZSB0aGUgVVJJcyBwcm92
aWRlZCBieSB0aGUgT0VNLCBkaXJlY3RpbmcgdGhlbSBpbnRvIHRoZWlyIG93biBpbmZyYXN0cnVj
dHVyZSBpbnN0ZWFkLg0KDQpTYXRpc2ZpZXMgVXNlLUNhc2UgTUZVQzINCg0KVXNhYmlsaXR5IFJl
cXVpcmVtZW50IE1GVVIzOg0KLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCkl0
IE1VU1QgYmUgcG9zc2libGUgdG8gbGluayBtdWx0aXBsZSBtYW5pZmVzdHMgdG9nZXRoZXIgc28g
dGhhdCBhIG11bHRpLWNvbXBvbmVudCB1cGRhdGUgY2FuIGJlIGRlc2NyaWJlZC4gVGhpcyBhbGxv
d3MgbXVsdGlwbGUgcGFydGllcyB3aXRoIGRpZmZlcmVudCBwZXJtaXNzaW9ucyB0byBjb2xsYWJv
cmF0ZSBpbiBjcmVhdGluZyBhIHNpbmdsZSB1cGRhdGUgZm9yIHRoZSBJb1QgZGV2aWNlLCBhY3Jv
c3MgbXVsdGlwbGUgY29tcG9uZW50cy4NCg0KU2F0aXNmaWVzIFVzZS1DYXNlIE1GVUMyLCBNRlVD
Mw0KDQpVc2FiaWxpdHkgUmVxdWlyZW1lbnQgTUZVUjQ6DQotLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLQ0KSXQgTVVTVCBiZSBwb3NzaWJsZSB0byBzaWduIGEgbWFuaWZlc3QgbXVs
dGlwbGUgdGltZXMgc28gdGhhdCBzaWduYXR1cmVzIGZyb20gbXVsdGlwbGUgcGFydGllcyB3aXRo
IGRpZmZlcmVudCBwZXJtaXNzaW9ucyBjYW4gYmUgcmVxdWlyZWQgaW4gb3JkZXIgdG8gYXV0aG9y
aXNlIGluc3RhbGxhdGlvbiBvZiBhIG1hbmlmZXN0Lg0KDQpTYXRpc2ZpZXMgVXNlLUNhc2UgTUZV
QzQNCg0KVXNhYmlsaXR5IFJlcXVpcmVtZW50IE1GVVI1Og0KLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0NClRoZSBtYW5pZmVzdCBmb3JtYXQgTVVTVCBhY2NvbW1vZGF0ZSBhbnkg
cGF5bG9hZCBmb3JtYXQgdGhhdCBhbiBvcGVyYXRvciBvciBPRU0gd2lzaGVzIHRvIHVzZS4gU29t
ZSBleGFtcGxlcyBvZiBwYXlsb2FkIGZvcm1hdCB3b3VsZCBiZToNCiogQmluYXJ5DQoqIEVsZg0K
KiBEaWZmZXJlbnRpYWwNCiogQ29tcHJlc3NlZA0KKiBQYWNrZWQgY29uZmlndXJhdGlvbg0KDQpT
YXRpc2ZpZXMgVXNlLUNhc2UgTUZVQzUNCg0KDQpNYW5pZmVzdCBGaWVsZHM6DQo9PT09PT09PT09
PT09PT09PT09PT09PQ0KRWFjaCBtYW5pZmVzdCBmaWVsZCBpcyBhbmNob3JlZCBpbiBhIHNlY3Vy
aXR5IHJlcXVpcmVtZW50IG9yIGEgdXNhYmlsaXR5IHJlcXVpcmVtZW50LiBUaGUgbWFuaWZlc3Qg
ZmllbGRzIGFyZSBkZXNjcmliZWQgYmVsb3cgYW5kIGp1c3RpZmllZCBieSB0aGVpciByZXF1aXJl
bWVudHMuDQoNCk1hbmlmZXN0IEZpZWxkOiBUaW1lc3RhbXANCi0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tDQpBIG1vbm90b25pYyBzZXF1ZW5jZSBudW1iZXIsIGltcGxlbWVudGVk
IGFzIGFuIGludGVnZXIgVGltZXN0YW1wLg0KDQpJbXBsZW1lbnRzOiBTZWN1cml0eSBSZXF1aXJl
bWVudCBNRlNSMS4NCg0KTWFuaWZlc3QgRmllbGQ6IFZlbmRvciBJRCBjb25kaXRpb24NCi0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpWZW5kb3IgSURzIE1VU1QgYmUgdW5pcXVl
LiBUaGlzIGlzIHRvIHByZXZlbnQgc2ltaWxhcmx5LCBvciBpZGVudGljYWxseSBuYW1lZCBlbnRp
dGllcyBmcm9tIGRpZmZlcmVudCBnZW9ncmFwaGljIHJlZ2lvbnMgZnJvbSBjb2xsaWRpbmcgaW4g
dGhlaXIgY3VzdG9tZXLigJlzIGluZnJhc3RydWN0dXJlLiBSZWNvbW1lbmRlZCBwcmFjdGljZSBp
cyB0byB1c2UgdHlwZSA1IFVVSURzIHdpdGggdGhlIHZlbmRvcuKAmXMgZG9tYWluIG5hbWUgYW5k
IHRoZSBVVUlEIEROUyBwcmVmaXguIE90aGVyIG9wdGlvbnMgaW5jbHVkZSB0eXBlIDEgYW5kIHR5
cGUgNCBVVUlEcy4NCg0KSW1wbGVtZW50czogU2VjdXJpdHkgUmVxdWlyZW1lbnQgTUZTUjIsIE1G
U1I0Lg0KDQpNYW5pZmVzdCBGaWVsZDogQ2xhc3MgSUQgY29uZGl0aW9uDQotLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KQ2xhc3MgSWRlbnRpZmllcnMgTVVTVCBiZSB1bmlxdWUg
d2l0aGluIGEgVmVuZG9yIElELiBUaGlzIGlzIHRvIHByZXZlbnQgc2ltaWxhcmx5LCBvciBpZGVu
dGljYWxseSBuYW1lZCBkZXZpY2VzIGNvbGxpZGluZyBpbiB0aGVpciBjdXN0b21lcuKAmXMgaW5m
cmFzdHJ1Y3R1cmUuIFJlY29tbWVuZGVkIHByYWN0aWNlIGlzIHRvIHVzZSB0eXBlIDUgVVVJRHMg
d2l0aCB0aGUgbW9kZWwsIGhhcmR3YXJlIHJldmlzaW9uLCBldGMuIGFuZCB1c2UgdGhlIFZlbmRv
ciBJRCBhcyB0aGUgVVVJRCBwcmVmaXguIE90aGVyIG9wdGlvbnMgaW5jbHVkZSB0eXBlIDEgYW5k
IHR5cGUgNCBVVUlEcy4gQSBkZXZpY2Ug4oCcQ2xhc3PigJ0gaXMgZGVmaW5lZCBhcyBhbnkgZGV2
aWNlIHRoYXQgY2FuIHJ1biB0aGUgc2FtZSBmaXJtd2FyZSB3aXRob3V0IG1vZGlmaWNhdGlvbi4g
Q2xhc3NlcyBNQVkgYmUgaW1wbGVtZW50ZWQgaW4gYSBtb3JlIGdyYW51bGFyIHdheS4gQ2xhc3Nl
cyBNVVNUIE5PVCBiZSBpbXBsZW1lbnRlZCBpbiBhIGxlc3MgZ3JhbnVsYXIgd2F5LiBDbGFzcyBJ
RCBjYW4gZW5jb21wYXNzIG1vZGVsIG5hbWUsIGhhcmR3YXJlIHJldmlzaW9uLCBzb2Z0d2FyZSBy
ZXZpc2lvbi4gRGV2aWNlcyBNQVkgaGF2ZSBtdWx0aXBsZSBDbGFzcyBJRHMuDQoNCkltcGxlbWVu
dHM6IFNlY3VyaXR5IFJlcXVpcmVtZW50IE1GU1IyLCBNRlNSNC4NCg0KTWFuaWZlc3QgRmllbGQ6
IFByZWN1cnNvciBJbWFnZSBEaWdlc3QgQ29uZGl0aW9uDQotLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLQ0KV2hlbiBhIHByZWN1cnNvciBpbWFnZSBpcyByZXF1aXJlZCBieSB0aGUg
cGF5bG9hZCBmb3JtYXQsIGEgcHJlY3Vyc29yIGltYWdlIGRpZ2VzdCBjb25kaXRpb24gTVVTVCBi
ZSBwcmVzZW50IGluIHRoZSBjb25kaXRpb25zIGxpc3QuDQoNCkltcGxlbWVudHM6IFNlY3VyaXR5
IFJlcXVpcmVtZW50IE1GU1I0DQoNCk1hbmlmZXN0IEZpZWxkOiBCZXN0LUJlZm9yZSB0aW1lc3Rh
bXANCi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpUaGlzIGZpZWxkIHRlbGxz
IGEgZGV2aWNlIHRoZSBsYXN0IGFwcGxpY2F0aW9uIHRpbWUuIFRoaXMgaXMgb25seSB1c2FibGUg
aW4gY29uanVuY3Rpb24gd2l0aCBhIHNlY3VyZSBjbG9jay4NCg0KSW1wbGVtZW50cyBTZWN1cml0
eSBSZXF1aXJlbWVudCBNRlNSMw0KDQpNYW5pZmVzdCBGaWVsZDogUGF5bG9hZCBGb3JtYXQNCi0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpUaGUgZm9ybWF0IG9mIHRoZSBwYXls
b2FkIG11c3QgYmUgaW5kaWNhdGVkIHRvIGRldmljZXMgaXMgaW4gYW4gdW5hbWJpZ3VvdXMgd2F5
LiBUaGlzIGZpZWxkIHByb3ZpZGVzIGEgbWVjaGFuaXNtIHRvIGRlc2NyaWJlIHRoZSBwYXlsb2Fk
IGZvcm1hdCwgd2l0aGluIHRoZSBzaWduZWQgbWV0YWRhdGEuDQoNCkltcGxlbWVudHMgU2VjdXJp
dHkgUmVxdWlyZW1lbnQgTUZTUjQsIFVzYWJpbGl0eSBSZXF1aXJlbWVudCBNRlVSNQ0KDQpNYW5p
ZmVzdCBGaWVsZDogU3RvcmFnZSBMb2NhdGlvbg0KLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0NClRoaXMgZmllbGQgdGVsbHMgdGhlIGRldmljZSB3aGljaCBjb21wb25lbnQgaXMg
YmVpbmcgdXBkYXRlZC4gVGhlIGRldmljZSBjYW4gdXNlIHRoaXMgdG8gZXN0YWJsaXNoIHdoaWNo
IHBlcm1pc3Npb25zIGFyZSBuZWNlc3NhcnkgYW5kIHRoZSBwaHlzaWNhbCBsb2NhdGlvbiB0byB1
c2UuDQoNCkltcGxlbWVudHMgU2VjdXJpdHkgUmVxdWlyZW1lbnQgTUZTUjQNCg0KTWFuaWZlc3Qg
RmllbGQ6IFVSSXMNCi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpUaGlzIGZp
ZWxkIGlzIGEgbGlzdCBvZiB3ZWlnaHRlZCBVUklzIHRoYXQgdGhlIGRldmljZSB1c2VzIHRvIHNl
bGVjdCB3aGVyZSB0byBvYnRhaW4gYSBwYXlsb2FkLg0KDQpJbXBsZW1lbnRzIFNlY3VyaXR5IFJl
cXVpcmVtZW50IE1GU1I0DQoNCk1hbmlmZXN0IEZpZWxkOiBkaWdlc3RzDQotLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KVGhpcyBmaWVsZCBpcyBhIG1hcCBvZiBkaWdlc3RzLCBl
YWNoIGZvciBhIHNlcGFyYXRlIHN0YWdlIG9mIGluc3RhbGxhdGlvbi4gVGhpcyBhbGxvd3MgdGhl
IHRhcmdldCBkZXZpY2UgdG8gZW5zdXJlIGF1dGhlbnRpY2l0eSBvZiB0aGUgcGF5bG9hZCBhdCBl
dmVyeSBzdGVwIG9mIGluc3RhbGxhdGlvbi4NCg0KSW1wbGVtZW50cyBTZWN1cml0eSBSZXF1aXJl
bWVudCBNRlNSNA0KDQpNYW5pZmVzdCBGaWVsZDogU2l6ZQ0KLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0NClRoZSBzaXplIG9mIHRoZSBwYXlsb2FkIGluIGJ5dGVzLg0KDQpJbXBs
ZW1lbnRzIFNlY3VyaXR5IFJlcXVpcmVtZW50IE1GU1I0DQoNCk1hbmlmZXN0IEZpZWxkOiBTaWdu
YXR1cmUNCi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpUaGlzIGlzIG5vdCBz
dHJpY3RseSBhIG1hbmlmZXN0IGZpZWxkLiBJbnN0ZWFkLCB0aGUgbWFuaWZlc3QgaXMgd3JhcHBl
ZCBieSBhIHN0YW5kYXJkaXNlZCBzaWduYXR1cmUgY29udGFpbmVyLCBzdWNoIGFzIGEgQ09TRSBv
ciBDTVMgc2lnbmF0dXJlIG9iamVjdC4gVGhlIHNpZ25hdHVyZSBjb250YWluZXIgTVVTVCBzdXBw
b3J0IG11bHRpcGxlIHNpZ25hdHVyZXMuDQoNCkltcGxlbWVudHMgU2VjdXJpdHkgUmVxdWlyZW1l
bnQgTUZTUjUsIE1GVVI0DQoNCk1hbmlmZXN0IEZpZWxkOiBEaXJlY3RpdmVzDQotLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KQSBsaXN0IG9mIGluc3RydWN0aW9ucyB0aGF0IHRo
ZSBkZXZpY2Ugc2hvdWxkIGV4ZWN1dGUsIGluIG9yZGVyLCB3aGVuIGluc3RhbGxpbmcgdGhlIHBh
eWxvYWQuDQoNCkltcGxlbWVudHMgVXNhYmlsaXR5IFJlcXVpcmVtZW50IE1GVVIxDQoNCk1hbmlm
ZXN0IEZpZWxkOiBBbGlhc2VzDQotLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0K
QSBsaXN0IG9mIFVSSS9EaWdlc3QgcGFpcnMuIEEgZGV2aWNlIHNob3VsZCBidWlsZCBhbiBhbGlh
cyB0YWJsZSB3aGlsZSBwYXJpbmcgYSBtYW5pZmVzdCB0cmVlIGFuZCB0cmVhdCBhbnkgYWxpYXNl
cyBhcyB0b3AtcmFua2VkIFVSSXMgZm9yIHRoZSBjb3JyZXNwb25kaW5nIGRpZ2VzdC4NCg0KSW1w
bGVtZW50cyBVc2FiaWxpdHkgUmVxdWlyZW1lbnQgTUZVUjINCg0KTWFuaWZlc3QgRmllbGQ6IERl
cGVuZGVuY2llcw0KLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCkEgbGlzdCBv
ZiBVUkkvRGlnZXN0IHBhaXJzIHRoYXQgcmVmZXIgdG8gb3RoZXIgbWFuaWZlc3RzIGJ5IGRpZ2Vz
dC4gVGhlIG1hbmlmZXN0cyB0aGF0IGFyZSBsaW5rZWQgaW4gdGhpcyB3YXkgbXVzdCBiZSBhY3F1
aXJlZCBhbmQgaW5zdGFsbGVkIHNpbXVsdGFuZW91c2x5IGluIG9yZGVyIHRvIGZvcm0gYSBjb21w
bGV0ZSB1cGRhdGUuDQoNCkltcGxlbWVudHMgVXNhYmlsaXR5IFJlcXVpcmVtZW50IE1GVVIzDQoN
Cg0KSU1QT1JUQU5UIE5PVElDRTogVGhlIGNvbnRlbnRzIG9mIHRoaXMgZW1haWwgYW5kIGFueSBh
dHRhY2htZW50cyBhcmUgY29uZmlkZW50aWFsIGFuZCBtYXkgYWxzbyBiZSBwcml2aWxlZ2VkLiBJ
ZiB5b3UgYXJlIG5vdCB0aGUgaW50ZW5kZWQgcmVjaXBpZW50LCBwbGVhc2Ugbm90aWZ5IHRoZSBz
ZW5kZXIgaW1tZWRpYXRlbHkgYW5kIGRvIG5vdCBkaXNjbG9zZSB0aGUgY29udGVudHMgdG8gYW55
IG90aGVyIHBlcnNvbiwgdXNlIGl0IGZvciBhbnkgcHVycG9zZSwgb3Igc3RvcmUgb3IgY29weSB0
aGUgaW5mb3JtYXRpb24gaW4gYW55IG1lZGl1bS4gVGhhbmsgeW91Lg0K

--_000_52E902404041465096CC865E82935450armcom_
Content-Type: text/html; charset="utf-8"
Content-ID: <8A9C8D545E15444D8B2F71DF3B41195B@eurprd08.prod.outlook.com>
Content-Transfer-Encoding: base64

PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i
dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjwvaGVhZD4NCjxib2R5IHN0eWxlPSJ3b3JkLXdy
YXA6IGJyZWFrLXdvcmQ7IC13ZWJraXQtbmJzcC1tb2RlOiBzcGFjZTsgLXdlYmtpdC1saW5lLWJy
ZWFrOiBhZnRlci13aGl0ZS1zcGFjZTsiIGNsYXNzPSIiPg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAw
Y20gMGNtIDAuMDAwMXB0OyBmb250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBz
YW5zLXNlcmlmOyIgY2xhc3M9IiI+DQpUaGUgbWFuaWZlc3QgZm9ybWF0IGFzIGRlc2NyaWJlZCBp
biBkcmFmdC1tb3Jhbi1zdWl0LW1hbmlmZXN0LTAwIHdhcyBkZXNpZ25lZCB1c2luZyBhIHRocmVh
dCBtb2RlbCBhbmQgYSBzZXQgb2YgVXNlciBzdG9yaWVzLiBGcm9tIHRoZSB0aHJlYXQgbW9kZWws
IHdlIGV4dHJhY3RlZCBzZWN1cml0eSByZXF1aXJlbWVudHMgdGhhdCBtaXRpZ2F0ZSB0aGUgdGhy
ZWF0cyBhbmQgcGxhY2VkIGZpZWxkcyBpbiB0aGUgbWFuaWZlc3QgdGhhdCBlbmFibGUgaW1wbGVt
ZW50YXRpb24NCiBvZiB0aGUgc2VjdXJpdHkgcmVxdWlyZW1lbnRzLiBGcm9tIHRoZSZuYnNwO3Vz
ZXIgc3Rvcmllcywgd2UgZXh0cmFjdGVkIHVzYWJpbGl0eSByZXF1aXJlbWVudHMgdGhhdCBlbmFi
bGUgdGhvc2UgdXNlciBzdG9yaWVzLCBhbmQgcGxhY2VkIGZpZWxkcyBpbiB0aGUgbWFuaWZlc3Qg
dGhhdCBpbXBsZW1lbnQgdGhvc2UgdXNhYmlsaXR5IHJlcXVpcmVtZW50cy48bzpwIGNsYXNzPSIi
PjwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyBmb250
LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+
DQo8YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGNtIDBjbSAwLjAw
MDFwdDsgZm9udC1zaXplOiAxMXB0OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsi
IGNsYXNzPSIiPg0KTm90ZSB0aGF0IG5vdCBhbGwgdXNlciBzdG9yaWVzIGFyZSBjb3ZlcmVkIGhl
cmUuIFRoaXMgaXMgaW50ZW50aW9uYWwsIHNpbmNlIHRoZXJlIGFyZSBhIGdyZWF0IG1hbnkgcG9z
c2libGUgdXNlciBzdG9yaWVzLCBvbmx5IHN1ZmZpY2llbnQgdXNlciBzdG9yaWVzIHRvIGNvdmVy
IHRoZSBmaWVsZHMgaW4gdGhlIE1hbmlmZXN0IGhhdmUgYmVlbiBpbmNsdWRlZC48L2Rpdj4NCjxk
aXYgc3R5bGU9Im1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsgZm9udC1zaXplOiAxMXB0OyBmb250
LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0K
PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IGZvbnQtc2l6ZTog
MTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4NCkJlc3Qg
UmVnYXJkcyw8L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsgZm9u
dC1zaXplOiAxMXB0OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIi
Pg0KQnJlbmRhbiBNb3JhbjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwY20gMGNtIDAuMDAw
MXB0OyBmb250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIg
Y2xhc3M9IiI+DQo8bzpwIGNsYXNzPSIiPiZuYnNwOzwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0i
bWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyBmb250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBD
YWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQpUaHJlYXQgTW9kZWw8bzpwIGNsYXNzPSIi
PjwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyBmb250
LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+
DQo9PT09PT09PT09PT09PT09PT09PT09PTwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwY20g
MGNtIDAuMDAwMXB0OyBmb250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5z
LXNlcmlmOyIgY2xhc3M9IiI+DQo8c3BhbiBzdHlsZT0iZm9udC1zaXplOiAxMXB0OyIgY2xhc3M9
IiI+SSB3aWxsIGRlc2NyaWJlIHRoZSB0aHJlYXRzIHdlIGhhdmUgY29uc2lkZXJlZCwgdGhlIHNl
Y3VyaXR5IHJlcXVpcmVtZW50cyB0aGF0IGFyZSBkZXJpdmVkIGZyb20gdGhvc2UgdGhyZWF0cyBh
bmQgdGhlIGZpZWxkcyB0aGF0IHBlcm1pdCBpbXBsZW1lbnRhdGlvbiBvZiB0aGUgc2VjdXJpdHkg
cmVxdWlyZW1lbnRzLiBJIHdpbGwgYWRkcmVzcyB0aGUgdGhyZWF0cyBpbiB0aGUgb3JkZXINCiB0
aGF0IHRoZSByZWxldmFudCBmaWVsZHMgYXBwZWFyLjwvc3Bhbj48L2Rpdj4NCjxkaXYgc3R5bGU9
Im1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsgZm9udC1zaXplOiAxMXB0OyBmb250LWZhbWlseTog
Q2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPg0KPG86cCBjbGFzcz0iIj48L286cD48L2Rp
dj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsgZm9udC1zaXplOiAxMXB0
OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPg0KPG86cCBjbGFz
cz0iIj4mbmJzcDs8L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGNtIDBjbSAwLjAw
MDFwdDsgZm9udC1zaXplOiAxMXB0OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsi
IGNsYXNzPSIiPg0KVGhpcyBtb2RlbCB1c2VzIHRoZSBTLlQuUi5JLkQuRS4gYXBwcm9hY2guIEVh
Y2ggdGhyZWF0IGlzIGNsYXNzaWZpZWQgYWNjb3JkaW5nIHRvOjxvOnAgY2xhc3M9IiI+PC9vOnA+
PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IGZvbnQtc2l6ZTog
MTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4NCiogU3Bv
b2ZpbmcgSWRlbnRpdHk8bzpwIGNsYXNzPSIiPjwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFy
Z2luOiAwY20gMGNtIDAuMDAwMXB0OyBmb250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxp
YnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQoqIFRhbXBlcmluZyB3aXRoIGRhdGE8bzpwIGNs
YXNzPSIiPjwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0
OyBmb250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xh
c3M9IiI+DQoqIFJlcHVkaWF0aW9uPG86cCBjbGFzcz0iIj48L286cD48L2Rpdj4NCjxkaXYgc3R5
bGU9Im1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsgZm9udC1zaXplOiAxMXB0OyBmb250LWZhbWls
eTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPg0KKiBJbmZvcm1hdGlvbiBkaXNjbG9z
dXJlPG86cCBjbGFzcz0iIj48L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGNtIDBj
bSAwLjAwMDFwdDsgZm9udC1zaXplOiAxMXB0OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1z
ZXJpZjsiIGNsYXNzPSIiPg0KKiBEZW5pYWwgb2Ygc2VydmljZTxvOnAgY2xhc3M9IiI+PC9vOnA+
PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IGZvbnQtc2l6ZTog
MTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4NCiogRWxl
dmF0aW9uIG9mIHByaXZpbGVnZTxvOnAgY2xhc3M9IiI+PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxl
PSJtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6
IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4NClNlZSBoZXJlIGZvciBtb3JlIGluZm9y
bWF0aW9uIG9uIFRoZSBTVFJJREUgVGhyZWF0IE1vZGVsOiZuYnNwOzxhIGhyZWY9Imh0dHBzOi8v
bXNkbi5taWNyb3NvZnQuY29tL2VuLXVzL2xpYnJhcnkvZWU4MjM4Nzgodj1jcy4yMCkuYXNweCIg
c3R5bGU9ImNvbG9yOiBwdXJwbGU7IiBjbGFzcz0iIj48c3BhbiBzdHlsZT0iY29sb3I6IHdpbmRv
d3RleHQ7IHRleHQtZGVjb3JhdGlvbjogbm9uZTsiIGNsYXNzPSIiPmh0dHBzOi8vbXNkbi5taWNy
b3NvZnQuY29tL2VuLXVzL2xpYnJhcnkvZWU4MjM4Nzgodj1jcy4yMCkuYXNweDwvc3Bhbj48L2E+
PG86cCBjbGFzcz0iIj48L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGNtIDBjbSAw
LjAwMDFwdDsgZm9udC1zaXplOiAxMXB0OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJp
ZjsiIGNsYXNzPSIiPg0KPG86cCBjbGFzcz0iIj4mbmJzcDs8L286cD48L2Rpdj4NCjxkaXYgc3R5
bGU9Im1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsgZm9udC1zaXplOiAxMXB0OyBmb250LWZhbWls
eTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPg0KTi5CLiBJbiBmaXJtd2FyZSB1cGRh
dGUsIGl0IGlzIGNvbW1vbiBmb3IgYW4gYXR0YWNrIHRvIGV4cG9zZSBhbGwgY2xhc3NlcyBvZiB0
aHJlYXQuPG86cCBjbGFzcz0iIj48L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGNt
IDBjbSAwLjAwMDFwdDsgZm9udC1zaXplOiAxMXB0OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fu
cy1zZXJpZjsiIGNsYXNzPSIiPg0KPG86cCBjbGFzcz0iIj4mbmJzcDs8L286cD48L2Rpdj4NCjxk
aXYgc3R5bGU9Im1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsgZm9udC1zaXplOiAxMXB0OyBmb250
LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPg0KPG86cCBjbGFzcz0iIj5U
aHJlYXQgRGVzY3JpcHRpb25zPC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBjbSAw
Y20gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMt
c2VyaWY7IiBjbGFzcz0iIj4NCj09PT09PT09PT09PT09PT09PT09PT09PC9kaXY+DQo8ZGl2IHN0
eWxlPSJtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1mYW1p
bHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4NCjxzcGFuIHN0eWxlPSJmb250LXNp
emU6IDExcHQ7IiBjbGFzcz0iIj4mbmJzcDs8L3NwYW4+PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJn
aW46IDBjbSAwY20gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6IENhbGli
cmksIHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4NClRocmVhdCBNRlQxOiBPbGQgRmlybXdhcmU8bzpw
IGNsYXNzPSIiPjwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwY20gMGNtIDAuMDAw
MXB0OyBmb250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIg
Y2xhc3M9IiI+DQotLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLTwvZGl2Pg0KPGRp
diBzdHlsZT0ibWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyBmb250LXNpemU6IDExcHQ7IGZvbnQt
ZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQpDbGFzc2lmaWNhdGlvbjog
RXNjYWxhdGlvbiBvZiBQcml2aWxlZ2U8bzpwIGNsYXNzPSIiPjwvbzpwPjwvZGl2Pg0KPGRpdiBz
dHlsZT0ibWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyBmb250LXNpemU6IDExcHQ7IGZvbnQtZmFt
aWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQo8bzpwIGNsYXNzPSIiPiZuYnNw
OzwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyBmb250
LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+
DQpBbiBhdHRhY2tlciBzZW5kcyBhbiBvbGQsIGJ1dCB2YWxpZCBtYW5pZmVzdCB0byBhIGRldmlj
ZSB3aXRoIGFuIG9sZCwgYnV0IHZhbGlkIHBheWxvYWQuIElmIHRoZXJlIGlzIGEga25vd24gdnVs
bmVyYWJpbGl0eSBpbiB0aGUgcGF5bG9hZCwgdGhpcyBjYW4gYWxsb3cgYW4gYXR0YWNrZXIgdG8g
Z2FpbiBjb21wbGV0ZSBjb250cm9sIG9mIGEgZGV2aWNlLjxvOnAgY2xhc3M9IiI+PC9vOnA+PC9k
aXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTFw
dDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4NCjxvOnAgY2xh
c3M9IiI+Jm5ic3A7PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBjbSAwY20gMC4w
MDAxcHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7
IiBjbGFzcz0iIj4NClRocmVhdCBFc2NhbGF0aW9uOiBJZiB0aGUgYXR0YWNrZXIgaXMgYWJsZSB0
byBleHBsb2l0IHRoZSBrbm93biB2dWxuZXJhYmlsaXR5LCB0aGVuIHRoaXMgdGhyZWF0IGNhbiBi
ZSBlc2NhbGF0ZWQgdG8gQUxMIFRZUEVTPG86cCBjbGFzcz0iIj48L286cD48L2Rpdj4NCjxkaXYg
c3R5bGU9Im1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsgZm9udC1zaXplOiAxMXB0OyBmb250LWZh
bWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPg0KPG86cCBjbGFzcz0iIj4mbmJz
cDs8L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsgZm9u
dC1zaXplOiAxMXB0OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIi
Pg0KVGhyZWF0IE1GVDI6IE1pc21hdGNoZWQgRmlybXdhcmU8bzpwIGNsYXNzPSIiPjwvbzpwPjwv
ZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyBmb250LXNpemU6IDEx
cHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQotLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLTwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAw
Y20gMGNtIDAuMDAwMXB0OyBmb250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBz
YW5zLXNlcmlmOyIgY2xhc3M9IiI+DQpDbGFzc2lmaWNhdGlvbjogRGVuaWFsIG9mIFNlcnZpY2U8
bzpwIGNsYXNzPSIiPjwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwY20gMGNtIDAu
MDAwMXB0OyBmb250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlm
OyIgY2xhc3M9IiI+DQo8bzpwIGNsYXNzPSIiPiZuYnNwOzwvbzpwPjwvZGl2Pg0KPGRpdiBzdHls
ZT0ibWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyBmb250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5
OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQpBbiBhdHRhY2tlciBzZW5kcyB2YWxp
ZCBmaXJtd2FyZSwgZm9yIHRoZSB3cm9uZyB0eXBlIG9mIGRldmljZSwgc2lnbmVkIGJ5IGFuIGFj
dG9yIHdpdGggZmlybXdhcmUgaW5zdGFsbGF0aW9uIGF1dGhvcml0eSBvbiBib3RoIHR5cGVzIG9m
IGRldmljZS4gVGhlIGZpcm13YXJlIGlzIHRydXN0ZWQgYnkgdGhlIGRldmljZSBiZWNhdXNlIGl0
IGlzIHNpZ25lZCBieSBhbiBhY3RvciB3aXRoIGZpcm13YXJlIGluc3RhbGxhdGlvbiBhdXRob3Jp
dHkuIFRoaXMNCiBjb3VsZCBoYXZlIHdpZGUtcmFuZ2luZyBjb25zZXF1ZW5jZXMuIEZvciBkZXZp
Y2VzIHRoYXQgYXJlIHNpbWlsYXIsIGl0IGNvdWxkIGNhdXNlIG1pbm9yIGJyZWFrYWdlLCBvciBl
eHBvc2Ugc2VjdXJpdHkgdnVsbmVyYWJpbGl0aWVzLiBGb3IgZGV2aWNlcyB0aGF0IGFyZSB2ZXJ5
IGRpZmZlcmVudCwgaXQgaXMgbGlrZWx5IHRvIHJlbmRlciBkZXZpY2VzIGlub3BlcmFibGUuPG86
cCBjbGFzcz0iIj48L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGNtIDBjbSAwLjAw
MDFwdDsgZm9udC1zaXplOiAxMXB0OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsi
IGNsYXNzPSIiPg0KPG86cCBjbGFzcz0iIj4mbmJzcDs8L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9
Im1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsgZm9udC1zaXplOiAxMXB0OyBmb250LWZhbWlseTog
Q2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPg0KVGhyZWF0IE1GVDM6IE9mZmxpbmUgZGV2
aWNlICYjNDM7IE9sZCBGaXJtd2FyZTxvOnAgY2xhc3M9IiI+PC9vOnA+PC9kaXY+DQo8ZGl2IHN0
eWxlPSJtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1mYW1p
bHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4NCi0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tPC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBjbSAwY20gMC4wMDAx
cHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBj
bGFzcz0iIj4NCkNsYXNzaWZpY2F0aW9uOiBFc2NhbGF0aW9uIG9mIFByaXZpbGVnZTwvZGl2Pg0K
PGRpdiBzdHlsZT0ibWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyBmb250LXNpemU6IDExcHQ7IGZv
bnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+
DQo8L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsiIGNsYXNzPSIi
Pjxmb250IGZhY2U9IkNhbGlicmksIHNhbnMtc2VyaWYiIGNsYXNzPSIiPjxzcGFuIHN0eWxlPSJm
b250LXNpemU6IDE0LjY2NjY2Njk4NDU1ODEwNXB4OyIgY2xhc3M9IiI+QW4gYXR0YWNrZXIgdGFy
Z2V0cyBhIGRldmljZSB0aGF0IGhhcyBiZWVuIG9mZmxpbmUgZm9yIGEgbG9uZyB0aW1lIGFuZCBy
dW5zIGFuIG9sZCBmaXJtd2FyZSB2ZXJzaW9uLiBUaGUgYXR0YWNrZXINCiBzZW5kcyBhbiBvbGQs
IGJ1dCB2YWxpZCBtYW5pZmVzdCB0byBhIGRldmljZSB3aXRoIGFuIG9sZCwgYnV0Jm5ic3A7dmFs
aWQgcGF5bG9hZC4gVGhlIGF0dGFja2VyLXByb3ZpZGVkIGZpcm13YXJlIGlzIG5ld2VyIHRoYW4g
dGhlIGluc3RhbGxlZCBvbmUgYnV0IG9sZGVyIHRoYW4gdGhlIG1vc3QgcmVjZW50bHkgYXZhaWxh
YmxlIGZpcm13YXJlLiBJZiB0aGVyZSBpcyBhIGtub3duIHZ1bG5lcmFiaWxpdHkgaW4gdGhlJm5i
c3A7cGF5bG9hZCwgdGhpcyBjYW4gYWxsb3cNCiBhbiBhdHRhY2tlciB0byBnYWluIGNvbXBsZXRl
IGNvbnRyb2wgb2YgYSBkZXZpY2UuIEJlY2F1c2UgdGhlIGRldmljZSBoYXMgYmVlbiBvZmZsaW5l
IGZvciBhIGxvbmcgdGltZSwgaXQgaXMgdW5hd2FyZSBvZiBhbnkgbmV3IHVwZGF0ZXMuIEFzIHN1
Y2ggaXQgd2lsbCZuYnNwO3RyZWF0IHRoZSBvbGQgbWFuaWZlc3QgYXMgdGhlIG1vc3QgY3VycmVu
dC48L3NwYW4+PC9mb250PjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwY20gMGNtIDAuMDAw
MXB0OyIgY2xhc3M9IiI+PGZvbnQgZmFjZT0iQ2FsaWJyaSwgc2Fucy1zZXJpZiIgY2xhc3M9IiI+
PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTogMTQuNjY2NjY2OTg0NTU4MTA1cHg7IiBjbGFzcz0iIj48
YnIgY2xhc3M9IiI+DQo8L3NwYW4+PC9mb250PjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAw
Y20gMGNtIDAuMDAwMXB0OyIgY2xhc3M9IiI+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBjbSAwY20g
MC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2Vy
aWY7IiBjbGFzcz0iIj4NClRocmVhdCBFc2NhbGF0aW9uOiBJZiB0aGUgYXR0YWNrZXIgaXMgYWJs
ZSB0byBleHBsb2l0IHRoZSBrbm93biB2dWxuZXJhYmlsaXR5LCB0aGVuIHRoaXMgdGhyZWF0IGNh
biBiZSBlc2NhbGF0ZWQgdG8gQUxMIFRZUEVTPG86cCBjbGFzcz0iIj48L286cD48L2Rpdj4NCjxk
aXYgc3R5bGU9Im1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsgZm9udC1zaXplOiAxMXB0OyBmb250
LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPg0KPG86cCBjbGFzcz0iIj4m
bmJzcDs8L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsg
Zm9udC1zaXplOiAxMXB0OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNz
PSIiPg0KVGhyZWF0IE1GVDQ6IFRoZSB0YXJnZXQgZGV2aWNlIG1pc2ludGVycHJldHMgdGhlIHR5
cGUgb2YgcGF5bG9hZC48bzpwIGNsYXNzPSIiPjwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFy
Z2luOiAwY20gMGNtIDAuMDAwMXB0OyBmb250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxp
YnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQotLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLTwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyBmb250
LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+
DQpDbGFzc2lmaWNhdGlvbjogRGVuaWFsIG9mIFNlcnZpY2U8bzpwIGNsYXNzPSIiPjwvbzpwPjwv
ZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyBmb250LXNpemU6IDEx
cHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQo8bzpwIGNs
YXNzPSIiPiZuYnNwOzwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwY20gMGNtIDAu
MDAwMXB0OyBmb250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlm
OyIgY2xhc3M9IiI+DQpJZiBhIGRldmljZSBtaXNpbnRlcnByZXRzIHRoZSBwYXlsb2FkIHR5cGUs
IGl0IG1heSBjYXVzZSBhIGRldmljZSB0byBpbnN0YWxsIGEgcGF5bG9hZCBpbmNvcnJlY3RseS4g
QW4gaW5jb3JyZWN0bHkgaW5zdGFsbGVkIHBheWxvYWQgd291bGQgbGlrZWx5IGNhdXNlIHRoZSBk
ZXZpY2UgdG8gc3RvcCBmdW5jdGlvbmluZy48bzpwIGNsYXNzPSIiPjwvbzpwPjwvZGl2Pg0KPGRp
diBzdHlsZT0ibWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyBmb250LXNpemU6IDExcHQ7IGZvbnQt
ZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQo8
L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsiIGNsYXNzPSIiPjxm
b250IGZhY2U9IkNhbGlicmksIHNhbnMtc2VyaWYiIGNsYXNzPSIiPjxzcGFuIHN0eWxlPSJmb250
LXNpemU6IDE0LjY2NjY2Njk4NDU1ODEwNXB4OyIgY2xhc3M9IiI+VGhyZWF0IEVzY2FsYXRpb246
IEFuIGF0dGFja2VyIHRoYXQgY2FuIGNhdXNlIGEgZGV2aWNlIHRvIG1pc2ludGVycHJldCB0aGUg
cmVjZWl2ZWQgY29kZSBhbmQgY291bGQgZ2FpbiBhbiBFc2NhbGF0aW9uDQogb2YgUHJpdmlsZWdl
IGFuZCBwb3RlbnRpYWxseSBleHBhbmQgdGhpcyB0byBhbGwgdHlwZXMgb2YmbmJzcDt0aHJlYXQu
PC9zcGFuPjwvZm9udD48L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGNtIDBjbSAwLjAwMDFw
dDsiIGNsYXNzPSIiPjxmb250IGZhY2U9IkNhbGlicmksIHNhbnMtc2VyaWYiIGNsYXNzPSIiPjxz
cGFuIHN0eWxlPSJmb250LXNpemU6IDE0LjY2NjY2Njk4NDU1ODEwNXB4OyIgY2xhc3M9IiI+PGJy
IGNsYXNzPSIiPg0KPC9zcGFuPjwvZm9udD48L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGNt
IDBjbSAwLjAwMDFwdDsiIGNsYXNzPSIiPg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwY20gMGNtIDAu
MDAwMXB0OyBmb250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlm
OyIgY2xhc3M9IiI+DQpUaHJlYXQgTUZUNTogVGhlIHRhcmdldCBkZXZpY2UgaW5zdGFsbHMgdGhl
IHBheWxvYWQgdG8gdGhlIHdyb25nIGxvY2F0aW9uPG86cCBjbGFzcz0iIj48L286cD48L2Rpdj4N
CjxkaXYgc3R5bGU9Im1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsgZm9udC1zaXplOiAxMXB0OyBm
b250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPg0KLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS08L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGNtIDBj
bSAwLjAwMDFwdDsgZm9udC1zaXplOiAxMXB0OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1z
ZXJpZjsiIGNsYXNzPSIiPg0KQ2xhc3NpZmljYXRpb246IERlbmlhbCBvZiBTZXJ2aWNlPG86cCBj
bGFzcz0iIj48L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGNtIDBjbSAwLjAwMDFw
dDsgZm9udC1zaXplOiAxMXB0OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNs
YXNzPSIiPg0KPG86cCBjbGFzcz0iIj4mbmJzcDs8L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9Im1h
cmdpbjogMGNtIDBjbSAwLjAwMDFwdDsgZm9udC1zaXplOiAxMXB0OyBmb250LWZhbWlseTogQ2Fs
aWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPg0KSWYgYSBkZXZpY2UgaW5zdGFsbHMgY29kZSBv
ciBkYXRhIHRvIHRoZSB3cm9uZyBwYXJ0IG9mIHRoZSBkZXZpY2UsIHRoZW4gaXQgaXMgbGlrZWx5
IHRvIGJyZWFrLiBBIGZpcm13YXJlIGluc3RhbGxlZCBhcyBjb25maWd1cmF0aW9uIG9yIGEgbmV0
d29yayBzdGFjayBpbnN0YWxsZWQgYXMgYW4gYXBwbGljYXRpb24gY291bGQgY2F1c2UgYSBkZXZp
Y2UgdG8gc3RvcCBmdW5jdGlvbmluZy48L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGNtIDBj
bSAwLjAwMDFwdDsgZm9udC1zaXplOiAxMXB0OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1z
ZXJpZjsiIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJn
aW46IDBjbSAwY20gMC4wMDAxcHQ7IiBjbGFzcz0iIj48Zm9udCBmYWNlPSJDYWxpYnJpLCBzYW5z
LXNlcmlmIiBjbGFzcz0iIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOiAxNC42NjY2NjY5ODQ1NTgx
MDVweDsiIGNsYXNzPSIiPlRocmVhdCBFc2NhbGF0aW9uOiBBbiBhdHRhY2tlciB0aGF0IGNhbiBj
YXVzZSBhIGRldmljZSB0byBtaXNpbnRlcnByZXQgdGhlIHJlY2VpdmVkIGNvZGUgYW5kIGNvdWxk
IGdhaW4gYW4gRXNjYWxhdGlvbg0KIG9mIFByaXZpbGVnZSBhbmQgcG90ZW50aWFsbHkgZXhwYW5k
IHRoaXMgdG8gYWxsIHR5cGVzIG9mJm5ic3A7dGhyZWF0Ljwvc3Bhbj48L2ZvbnQ+PC9kaXY+DQo8
ZGl2IHN0eWxlPSJtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IiBjbGFzcz0iIj48Zm9udCBmYWNl
PSJDYWxpYnJpLCBzYW5zLXNlcmlmIiBjbGFzcz0iIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOiAx
NC42NjY2NjY5ODQ1NTgxMDVweDsiIGNsYXNzPSIiPjxiciBjbGFzcz0iIj4NCjwvc3Bhbj48L2Zv
bnQ+PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IiBjbGFzcz0i
Ij4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsgZm9udC1zaXplOiAxMXB0
OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPg0KVGhyZWF0IE1G
VDY6IFJlZGlyZWN0aW9uPG86cCBjbGFzcz0iIj48L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9Im1h
cmdpbjogMGNtIDBjbSAwLjAwMDFwdDsgZm9udC1zaXplOiAxMXB0OyBmb250LWZhbWlseTogQ2Fs
aWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwY20gMGNt
IDAuMDAwMXB0OyBmb250LXNpemU6IDExcHQ7IiBjbGFzcz0iIj4tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLTwvZGl2Pg0KPGRpdiBjbGFzcz0iIj48c3BhbiBzdHlsZT0iZm9udC1z
aXplOiAxMXB0OyIgY2xhc3M9IiI+Q2xhc3NpZmljYXRpb246IERlbmlhbCBvZiBTZXJ2aWNlPC9z
cGFuPjwvZGl2Pg0KPC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7
IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFz
cz0iIj4NCjxvOnAgY2xhc3M9IiI+PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBj
bSAwY20gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNh
bnMtc2VyaWY7IiBjbGFzcz0iIj4NCjxvOnAgY2xhc3M9IiI+Jm5ic3A7PC9vOnA+PC9kaXY+DQo8
ZGl2IHN0eWxlPSJtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9u
dC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4NCklmIGEgZGV2aWNlIGRv
ZXMgbm90IGtub3cgd2hlcmUgdG8gb2J0YWluIHRoZSBwYXlsb2FkIGZvciBhbiB1cGRhdGUsIGl0
IG1heSBiZSByZWRpcmVjdGVkIHRvIGFuIGF0dGFja2Vy4oCZcyBzZXJ2ZXIuIFRoaXMgd291bGQg
YWxsb3cgYW4gYXR0YWNrZXIgdG8gcHJvdmlkZSBicm9rZW4gcGF5bG9hZHMgdG8gZGV2aWNlcyB3
aXRob3V0IG5lZWRpbmcgdG8gY29uc3RydWN0IGEgTWFuIGluIHRoZSBNaWRkbGUuPG86cCBjbGFz
cz0iIj48L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsg
Zm9udC1zaXplOiAxMXB0OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNz
PSIiPg0KPG86cCBjbGFzcz0iIj4mbmJzcDs8L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdp
bjogMGNtIDBjbSAwLjAwMDFwdDsgZm9udC1zaXplOiAxMXB0OyBmb250LWZhbWlseTogQ2FsaWJy
aSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPg0KVGhyZWF0IE1GVDc6IFBheWxvYWQgVmVyaWZpY2F0
aW9uIG9uIEJvb3Q8bzpwIGNsYXNzPSIiPjwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2lu
OiAwY20gMGNtIDAuMDAwMXB0OyBmb250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJp
LCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQotLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLTwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyBmb250LXNp
emU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQpD
bGFzc2lmaWNhdGlvbjogQWxsIFR5cGVzPG86cCBjbGFzcz0iIj48L286cD48L2Rpdj4NCjxkaXYg
c3R5bGU9Im1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsgZm9udC1zaXplOiAxMXB0OyBmb250LWZh
bWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPg0KPG86cCBjbGFzcz0iIj4mbmJz
cDs8L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsgZm9u
dC1zaXplOiAxMXB0OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIi
Pg0KQW4gYXR0YWNrZXIgcmVwbGFjZXMgYSBuZXdseSBkb3dubG9hZGVkIGZpcm13YXJlIGFmdGVy
IGEgZGV2aWNlIGZpbmlzaGVzIHZlcmlmeWluZyBhIG1hbmlmZXN0LiBUaGlzIGNvdWxkIGNhdXNl
IHRoZSBkZXZpY2UgdG8gZXhlY3V0ZSB0aGUgYXR0YWNrZXLigJlzIGNvZGUuIFRoaXMgYXR0YWNr
IGxpa2VseSByZXF1aXJlcyBwaHlzaWNhbCBhY2Nlc3MgdG8gdGhlIGRldmljZSwgaG93ZXZlciBp
dCBpcyBwb3NzaWJsZSB0aGF0IGl0IGNvdWxkIGJlIGNhcnJpZWQNCiBvdXQgd2hlbiBjb21iaW5l
ZCB3aXRoIGFub3RoZXIgdGhyZWF0IHRoYXQgYWxsb3dzIHJlbW90ZSBleGVjdXRpb24uPC9kaXY+
DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTFwdDsg
Zm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4NCjxiciBjbGFzcz0i
Ij4NCjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyBmb250LXNp
emU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQpU
aHJlYXQgTUZUODogVW5hdXRoZW50aWNhdGVkIFVwZGF0ZXM8L2Rpdj4NCjxkaXYgc3R5bGU9Im1h
cmdpbjogMGNtIDBjbSAwLjAwMDFwdDsiIGNsYXNzPSIiPg0KPGRpdiBzdHlsZT0iZm9udC1mYW1p
bHk6IENhbGlicmksIHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogMTFwdDsgbWFyZ2luOiAwY20gMGNt
IDAuMDAwMXB0OyIgY2xhc3M9IiI+DQotLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LTwvZGl2Pg0KPGRpdiBzdHlsZT0iZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IGZv
bnQtc2l6ZTogMTFwdDsgbWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyIgY2xhc3M9IiI+DQo8c3Bh
biBzdHlsZT0iZm9udC1zaXplOiAxMXB0OyIgY2xhc3M9IiI+Q2xhc3NpZmljYXRpb246IEFsbCBU
eXBlczwvc3Bhbj48L2Rpdj4NCjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5z
LXNlcmlmOyBmb250LXNpemU6IDExcHQ7IG1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsiIGNsYXNz
PSIiPg0KPGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8ZGl2IHN0eWxlPSJmb250LWZhbWlseTogQ2Fs
aWJyaSwgc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxMXB0OyBtYXJnaW46IDBjbSAwY20gMC4wMDAx
cHQ7IiBjbGFzcz0iIj4NCklmIGFuIGF0dGFja2VyIGNhbiBpbnN0YWxsIHRoZWlyIGZpcm13YXJl
IG9uIGEgZGV2aWNlLCBieSBtYW5pcHVsYXRpbmcgZWl0aGVyIHBheWxvYWQgb3IgbWV0YWRhdGEs
IHRoZW4gdGhleSBoYXZlIGNvbXBsZXRlIGNvbnRyb2wgb2YgdGhlIGRldmljZS48L2Rpdj4NCjxk
aXYgc3R5bGU9ImZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDEx
cHQ7IG1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsiIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0K
PC9kaXY+DQo8ZGl2IHN0eWxlPSJmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsgZm9u
dC1zaXplOiAxMXB0OyBtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IiBjbGFzcz0iIj4NClRocmVh
dCBNRlQ5OiBVbmV4cGVjdGVkIFByZWN1cnNvciBpbWFnZXM8L2Rpdj4NCjxkaXYgc3R5bGU9Im1h
cmdpbjogMGNtIDBjbSAwLjAwMDFwdDsiIGNsYXNzPSIiPg0KPGRpdiBzdHlsZT0iZm9udC1mYW1p
bHk6IENhbGlicmksIHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogMTFwdDsgbWFyZ2luOiAwY20gMGNt
IDAuMDAwMXB0OyIgY2xhc3M9IiI+DQotLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LTwvZGl2Pg0KPGRpdiBzdHlsZT0iZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IGZv
bnQtc2l6ZTogMTFwdDsgbWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyIgY2xhc3M9IiI+DQo8c3Bh
biBzdHlsZT0iZm9udC1zaXplOiAxMXB0OyIgY2xhc3M9IiI+Q2xhc3NpZmljYXRpb246Jm5ic3A7
PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6IDExcHQ7IiBjbGFzcz0iIj5EZW5pYWwgb2Yg
U2VydmljZTwvc3Bhbj48L2Rpdj4NCjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5OiBDYWxpYnJpLCBz
YW5zLXNlcmlmOyBmb250LXNpemU6IDExcHQ7IG1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsiIGNs
YXNzPSIiPg0KPHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTogMTFwdDsiIGNsYXNzPSIiPjxiciBjbGFz
cz0iIj4NCjwvc3Bhbj48L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGNtIDBjbSAwLjAwMDFw
dDsiIGNsYXNzPSIiPjxmb250IGZhY2U9IkNhbGlicmksIHNhbnMtc2VyaWYiIGNsYXNzPSIiPjxz
cGFuIHN0eWxlPSJmb250LXNpemU6IDExcHQ7IiBjbGFzcz0iIj5BbiBhdHRhY2tlciBzZW5kcyBh
IHZhbGlkLCBjdXJyZW50IG1hbmlmZXN0IHRvIGEgZGV2aWNlIHRoYXQgaGFzIGFuIHVuZXhwZWN0
ZWQgcHJlY3Vyc29yIGltYWdlLiBJZiBhIHBheWxvYWQgZm9ybWF0IHJlcXVpcmVzIGENCiBwcmVj
dXJzb3IgaW1hZ2UgKGZvciBleGFtcGxlLCBkZWx0YSB1cGRhdGVzKSBhbmQgdGhhdCBwcmVjdXJz
b3IgaW1hZ2UgaXMgbm90IGF2YWlsYWJsZSBvbiB0aGUgdGFyZ2V0IGRldmljZSwgaXQgY291bGQm
bmJzcDs8L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTogMTQuNjY2NjY2OTg0NTU4MTA1cHg7
IiBjbGFzcz0iIj5jYXVzZTwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOiAxMXB0OyIgY2xh
c3M9IiI+Jm5ic3A7dGhlIHVwZGF0ZSB0byBicmVhay48L3NwYW4+PC9mb250PjwvZGl2Pg0KPGRp
diBzdHlsZT0ibWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyIgY2xhc3M9IiI+PGZvbnQgZmFjZT0i
Q2FsaWJyaSwgc2Fucy1zZXJpZiIgY2xhc3M9IiI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTogMTFw
dDsiIGNsYXNzPSIiPjxiciBjbGFzcz0iIj4NCjwvc3Bhbj48L2ZvbnQ+PC9kaXY+DQo8ZGl2IHN0
eWxlPSJtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IiBjbGFzcz0iIj48c3BhbiBzdHlsZT0iZm9u
dC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogMTQuNjY2NjY2OTg0NTU4
MTA1cHg7IiBjbGFzcz0iIj5UaHJlYXQgRXNjYWxhdGlvbjogQW4gYXR0YWNrZXIgdGhhdCBjYW4g
Y2F1c2UgYSBkZXZpY2UgdG8gaW5zdGFsbCBhIHBheWxvYWQgYWdhaW5zdCB0aGUgd3JvbmcgcHJl
Y3Vyc29yIGltYWdlIGNvdWxkIGdhaW4NCiBhbiBFc2NhbGF0aW9uIG9mIFByaXZpbGVnZSBhbmQg
cG90ZW50aWFsbHkgZXhwYW5kIHRoaXMgdG8gYWxsIHR5cGVzIG9mJm5ic3A7dGhyZWF0Ljwvc3Bh
bj48L2Rpdj4NCjwvZGl2Pg0KPGRpdiBzdHlsZT0iZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMt
c2VyaWY7IGZvbnQtc2l6ZTogMTFwdDsgbWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyIgY2xhc3M9
IiI+DQo8YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5OiBDYWxp
YnJpLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDExcHQ7IG1hcmdpbjogMGNtIDBjbSAwLjAwMDFw
dDsiIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8L2Rpdj4NCjxkaXYgc3R5bGU9
Im1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsgZm9udC1zaXplOiAxMXB0OyBmb250LWZhbWlseTog
Q2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPg0KU2VjdXJpdHkgUmVxdWlyZW1lbnRzPC9k
aXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTFw
dDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4NCjxkaXYgc3R5
bGU9Im1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsgZm9udC1zaXplOiAxMXB0OyIgY2xhc3M9IiI+
PT09PT09PT09PT09PT09PT09PT09PT08L2Rpdj4NCjxkaXYgY2xhc3M9IiI+VGhlIHNlY3VyaXR5
IHJlcXVpcmVtZW50cyBoZXJlIGFyZSBhIHNldCBvZiBwb2xpY2llcyB0aGF0IG1pdGlnYXRlIHRo
ZSB0aHJlYXRzIGRlc2NyaWJlZCBpbiB0aGUgcHJldmlvdXMgc2VjdGlvbjwvZGl2Pg0KPGRpdiBj
bGFzcz0iIj48YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2lu
OiAwY20gMGNtIDAuMDAwMXB0OyIgY2xhc3M9IiI+DQo8ZGl2IHN0eWxlPSJmb250LWZhbWlseTog
Q2FsaWJyaSwgc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxMXB0OyBtYXJnaW46IDBjbSAwY20gMC4w
MDAxcHQ7IiBjbGFzcz0iIj4NClNlY3VyaXR5IFJlcXVpcmVtZW50IE1GU1IxOiBtb25vdG9uaWMg
c2VxdWVuY2UgbnVtYmVycyZuYnNwOzxvOnAgY2xhc3M9IiI+PC9vOnA+PC9kaXY+DQo8ZGl2IHN0
eWxlPSJmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxMXB0OyBt
YXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IiBjbGFzcz0iIj4NCjxzcGFuIHN0eWxlPSJmb250LXNp
emU6IDExcHQ7IiBjbGFzcz0iIj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLTwv
c3Bhbj48L2Rpdj4NCjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlm
OyBmb250LXNpemU6IDExcHQ7IiBjbGFzcz0iIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOiAxMXB0
OyIgY2xhc3M9IiI+T25seSBhbiBhY3RvciB3aXRoIGZpcm13YXJlIGluc3RhbGxhdGlvbiBhdXRo
b3JpdHkgaXMgcGVybWl0dGVkIHRvIGRlY2lkZSB3aGVuIGRldmljZSBmaXJtd2FyZSBjYW4gYmUg
aW5zdGFsbGVkLiBUbyBlbmZvcmNlIHRoaXMgcnVsZSwgTWFuaWZlc3RzDQogTVVTVCBjb250YWlu
IGEgbW9ub3RvbmljIHNlcXVlbmNlIG51bWJlci4gTWFuaWZlc3RzIE1BWSB1c2U8L3NwYW4+PHNw
YW4gc3R5bGU9ImZvbnQtc2l6ZTogMTFwdDsiIGNsYXNzPSIiPiZuYnNwOzwvc3Bhbj48cyBzdHls
ZT0iZm9udC1zaXplOiAxMXB0OyIgY2xhc3M9IiI+PHNwYW4gc3R5bGU9ImNvbG9yOiByZ2IoMTQ5
LCA1NSwgNTMpOyIgY2xhc3M9IiI+VVRDIGVwb2NoJm5ic3A7PC9zcGFuPjwvcz48c3BhbiBzdHls
ZT0iZm9udC1zaXplOiAxMXB0OyIgY2xhc3M9IiI+dGltZXN0YW1wcw0KIHRvIGNvb3JkaW5hdGUg
bW9ub3RvbmljIHNlcXVlbmNlIG51bWJlcnMgYWNyb3NzIG1hbnkgYWN0b3JzIGluIG1hbnkgbG9j
YXRpb25zLiBEZXZpY2VzIE1VU1QgcmVqZWN0IG1hbmlmZXN0cyB3aXRoIHNlcXVlbmNlIG51bWJl
cnMgc21hbGxlciB0aGFuIGFueSBvbmJvYXJkIHNlcXVlbmNlIG51bWJlci48L3NwYW4+PC9kaXY+
DQo8ZGl2IHN0eWxlPSJmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsgZm9udC1zaXpl
OiAxMXB0OyBtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IiBjbGFzcz0iIj4NCjxvOnAgY2xhc3M9
IiI+PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1z
ZXJpZjsgZm9udC1zaXplOiAxMXB0OyBtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IiBjbGFzcz0i
Ij4NCjxvOnAgY2xhc3M9IiI+Jm5ic3A7PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJmb250LWZh
bWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxMXB0OyBtYXJnaW46IDBjbSAw
Y20gMC4wMDAxcHQ7IiBjbGFzcz0iIj4NCk4uQi4gVGhpcyBpcyBub3QgYSBmaXJtd2FyZSB2ZXJz
aW9uLiBJdCBpcyBhIG1hbmlmZXN0IHNlcXVlbmNlIG51bWJlci4gQSBmaXJtd2FyZSB2ZXJzaW9u
IG1heSBiZSByb2xsZWQgYmFjayBieSBjcmVhdGluZyBhIG5ldyBtYW5pZmVzdCBmb3IgdGhlIG9s
ZCBmaXJtd2FyZSB2ZXJzaW9uIHdpdGggYSBsYXRlciBzZXF1ZW5jZSBudW1iZXIuPG86cCBjbGFz
cz0iIj48L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5z
LXNlcmlmOyBmb250LXNpemU6IDExcHQ7IG1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsiIGNsYXNz
PSIiPg0KPG86cCBjbGFzcz0iIj4mbmJzcDs8L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9ImZvbnQt
ZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDExcHQ7IG1hcmdpbjogMGNt
IDBjbSAwLjAwMDFwdDsiIGNsYXNzPSIiPg0KTWl0aWdhdGVzOiBUaHJlYXQgTUZUMTxvOnAgY2xh
c3M9IiI+PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fu
cy1zZXJpZjsgZm9udC1zaXplOiAxMXB0OyBtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IiBjbGFz
cz0iIj4NCjxvOnAgY2xhc3M9IiI+Jm5ic3A7PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJmb250
LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxMXB0OyBtYXJnaW46IDBj
bSAwY20gMC4wMDAxcHQ7IiBjbGFzcz0iIj4NClNlY3VyaXR5IFJlcXVpcmVtZW50IE1GU1IyOiBW
ZW5kb3IsIGRldmljZS10eXBlIGlkZW50aWZpZXJzJm5ic3A7PG86cCBjbGFzcz0iIj48L286cD48
L2Rpdj4NCjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyBmb250
LXNpemU6IDExcHQ7IG1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsiIGNsYXNzPSIiPg0KLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS08L2Rpdj4NCjxkaXYgc3R5bGU9ImZvbnQtZmFt
aWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDExcHQ7IG1hcmdpbjogMGNtIDBj
bSAwLjAwMDFwdDsiIGNsYXNzPSIiPg0KPHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTogMTFwdDsiIGNs
YXNzPSIiPkRldmljZXMgTVVTVCBvbmx5IGFwcGx5IGZpcm13YXJlIHRoYXQgaXMgaW50ZW5kZWQg
Zm9yIHRoZW0uIERldmljZXMgTVVTVCBrbm93IHdpdGggZmluZSBncmFudWxhcml0eSB0aGF0IGEg
Z2l2ZW4gdXBkYXRlIGFwcGxpZXMgdG8gdGhlaXIgdmVuZG9yLCBtb2RlbCwgaGFyZHdhcmUgcmV2
aXNpb24sIHNvZnR3YXJlIHJldmlzaW9uLiBIdW1hbi1yZWFkYWJsZSBpZGVudGlmaWVycw0KIGFy
ZSBvZnRlbiBlcnJvci1wcm9uZSBpbiB0aGlzIHJlZ2FyZCwgc28gVW5pcXVlLUlEcyBTSE9VTEQg
YmUgdXNlZC48L3NwYW4+PC9kaXY+DQo8ZGl2IHN0eWxlPSJmb250LWZhbWlseTogQ2FsaWJyaSwg
c2Fucy1zZXJpZjsgZm9udC1zaXplOiAxMXB0OyBtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IiBj
bGFzcz0iIj4NCjxvOnAgY2xhc3M9IiI+PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJmb250LWZh
bWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxMXB0OyBtYXJnaW46IDBjbSAw
Y20gMC4wMDAxcHQ7IiBjbGFzcz0iIj4NCjxvOnAgY2xhc3M9IiI+Jm5ic3A7PC9vOnA+PC9kaXY+
DQo8ZGl2IHN0eWxlPSJmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsgZm9udC1zaXpl
OiAxMXB0OyBtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IiBjbGFzcz0iIj4NCk1pdGlnYXRlczog
VGhyZWF0IE1GVDI8bzpwIGNsYXNzPSIiPjwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0iZm9udC1m
YW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogMTFwdDsgbWFyZ2luOiAwY20g
MGNtIDAuMDAwMXB0OyIgY2xhc3M9IiI+DQo8bzpwIGNsYXNzPSIiPiZuYnNwOzwvbzpwPjwvZGl2
Pg0KPGRpdiBzdHlsZT0iZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IGZvbnQtc2l6
ZTogMTFwdDsgbWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyIgY2xhc3M9IiI+DQpTZWN1cml0eSBS
ZXF1aXJlbWVudCBNRlNSMzogQmVzdC1CZWZvcmUgdGltZXN0YW1wczwvZGl2Pg0KPGRpdiBzdHls
ZT0ibWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyIgY2xhc3M9IiI+DQo8ZGl2IHN0eWxlPSJmb250
LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxMXB0OyBtYXJnaW46IDBj
bSAwY20gMC4wMDAxcHQ7IiBjbGFzcz0iIj4NCi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tPC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IiBjbGFz
cz0iIj48Zm9udCBmYWNlPSJDYWxpYnJpLCBzYW5zLXNlcmlmIiBjbGFzcz0iIj48c3BhbiBzdHls
ZT0iZm9udC1zaXplOiAxNC42NjY2NjY5ODQ1NTgxMDVweDsiIGNsYXNzPSIiPkZpcm13YXJlIE1B
WSBleHBpcmUgYWZ0ZXIgYSBnaXZlbiB0aW1lLiBEZXZpY2VzIE1BWSBwcm92aWRlIGEgc2VjdXJl
IGNsb2NrIChsb2NhbCBvciByZW1vdGUpLiBJZiBhIHNlY3VyZSBjbG9jaw0KIGlzIHByb3ZpZGVk
IGFuZCB0aGUgRmlybXdhcmUgTWFuaWZlc3QgaGFzIGEgYmVzdC1iZWZvcmUmbmJzcDt0aW1lc3Rh
bXAsIHRoZSBkZXZpY2UgTVVTVCByZWplY3QgdGhlIG1hbmlmZXN0Jm5ic3A7aWYgY3VycmVudCB0
aW1lIGlzIGxhcmdlciB0aGFuIHRoZSBiZXN0LWJlZm9yZSB0aW1lLjxiciBjbGFzcz0iIj4NCiZu
YnNwOzxiciBjbGFzcz0iIj4NCk1pdGlnYXRlczogVGhyZWF0IE1GVDM8L3NwYW4+PC9mb250Pjwv
ZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyIgY2xhc3M9IiI+PGZv
bnQgZmFjZT0iQ2FsaWJyaSwgc2Fucy1zZXJpZiIgY2xhc3M9IiI+PHNwYW4gc3R5bGU9ImZvbnQt
c2l6ZTogMTQuNjY2NjY2OTg0NTU4MTA1cHg7IiBjbGFzcz0iIj48YnIgY2xhc3M9IiI+DQo8L3Nw
YW4+PC9mb250PjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyIg
Y2xhc3M9IiI+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IGZvbnQtc2l6
ZTogMTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4NClNl
Y3VyaXR5IFJlcXVpcmVtZW50IE1GU1I0OiBTaWduZWQgUGF5bG9hZCBEZXNjcmlwdG9yPG86cCBj
bGFzcz0iIj48L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5OiBDYWxpYnJpLCBz
YW5zLXNlcmlmOyBmb250LXNpemU6IDExcHQ7IG1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsiIGNs
YXNzPSIiPg0KLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS08L2Rpdj4NCjxkaXYg
c3R5bGU9Im1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsgZm9udC1zaXplOiAxMXB0OyBmb250LWZh
bWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPg0KPHNwYW4gc3R5bGU9ImZvbnQt
c2l6ZTogMTFwdDsiIGNsYXNzPSIiPkFsbCBkZXNjcmlwdGl2ZSBpbmZvcm1hdGlvbiBhYm91dCB0
aGUgcGF5bG9hZCBNVVNUIGJlIHNpZ25lZC4gVGhpcyBNVVNUIGluY2x1ZGU6PC9zcGFuPjwvZGl2
Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyBmb250LXNpemU6IDExcHQ7
IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQo8bzpwIGNsYXNz
PSIiPjwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyBm
b250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9
IiI+DQoqIFRoZSBsb2NhdGlvbiB0byBzdG9yZSB0aGUgcGF5bG9hZDxvOnAgY2xhc3M9IiI+PC9v
OnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IGZvbnQtc2l6
ZTogMTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4NCiog
VGhlIHBheWxvYWQgZGlnZXN0LCBpbiBlYWNoIHN0YXRlIG9mIGluc3RhbGxhdGlvbiAoZW5jcnlw
dGVkLCBwbGFpbnRleHQsIGluc3RhbGxlZCwgZXRjLik8bzpwIGNsYXNzPSIiPjwvbzpwPjwvZGl2
Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyBmb250LXNpemU6IDExcHQ7
IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQoqIFRoZSBwYXls
b2FkIHNpemU8bzpwIGNsYXNzPSIiPjwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAw
Y20gMGNtIDAuMDAwMXB0OyBmb250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBz
YW5zLXNlcmlmOyIgY2xhc3M9IiI+DQoqIFRoZSBwYXlsb2FkIGZvcm1hdDxvOnAgY2xhc3M9IiI+
PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IGZvbnQt
c2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4N
CiogV2hlcmUgdG8gb2J0YWluIHRoZSBwYXlsb2FkPG86cCBjbGFzcz0iIj48L286cD48L2Rpdj4N
CjxkaXYgc3R5bGU9Im1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsgZm9udC1zaXplOiAxMXB0OyBm
b250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPg0KKiBBbGwgaW5zdHJ1
Y3Rpb25zIG9yIHBhcmFtZXRlcnMgZm9yIGFwcGx5aW5nIHRoZSBwYXlsb2FkPG86cCBjbGFzcz0i
Ij48L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsgZm9u
dC1zaXplOiAxMXB0OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsiIGNsYXNzPSIi
Pg0KKiBBbnkgcnVsZXMgdGhhdCBpZGVudGlmeSB3aGV0aGVyIG9yIG5vdCB0aGUgcGF5bG9hZCBj
YW4gYmUgdXNlZCBvbiB0aGlzIGRldmljZTxvOnAgY2xhc3M9IiI+PC9vOnA+PC9kaXY+DQo8ZGl2
IHN0eWxlPSJtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IGZvbnQtc2l6ZTogMTFwdDsgZm9udC1m
YW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFzcz0iIj4NCjxvOnAgY2xhc3M9IiI+Jm5i
c3A7PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IGZv
bnQtc2l6ZTogMTFwdDsgZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IiBjbGFzcz0i
Ij4NCk1pdGlnYXRlczogVGhyZWF0cyBNRlQ1LCBNRlQ2LCBNRlQ3LCZuYnNwOzxvOnAgY2xhc3M9
IiI+PC9vOnA+TUZUOTwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0
OyBmb250LXNpemU6IDExcHQ7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xh
c3M9IiI+DQo8YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCjxkaXYgc3R5bGU9Im1hcmdpbjogMGNtIDBj
bSAwLjAwMDFwdDsgZm9udC1zaXplOiAxMXB0OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1z
ZXJpZjsiIGNsYXNzPSIiPg0KU2VjdXJpdHkgUmVxdWlyZW1lbnQgTUZTUjU6IFByb3ZhYmxlIGF1
dGhlbnRpY2l0eTwvZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyIg
Y2xhc3M9IiI+DQo8ZGl2IHN0eWxlPSJmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsg
Zm9udC1zaXplOiAxMXB0OyBtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IiBjbGFzcz0iIj4NCi0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPjxm
b250IGZhY2U9IkNhbGlicmksIHNhbnMtc2VyaWYiIGNsYXNzPSIiPjxzcGFuIHN0eWxlPSJmb250
LXNpemU6IDE0LjY2NjY2Njk4NDU1ODEwNXB4OyIgY2xhc3M9IiI+VGhlIGF1dGhlbnRpY2l0eSBv
ZiBhbiB1cGRhdGUgbXVzdCBiZSBwcm92YWJsZSwgd2l0aCBzdWZmaWNpZW50IGxldmVscyBvZiBl
bnRyb3B5IHRvIHJlbWFpbiBzZWN1cmUgZm9yIHRoZSBsaWZldGltZSBvZiB0aGUgZGV2aWNlLiBU
eXBpY2FsbHksIHRoaXMNCiBtZWFucyB0aGF0IHVwZGF0ZXMgbXVzdCBiZSBzaWduZWQuIE90aGVy
IHByb29mIG1lY2hhbmlzbXMgYXJlIGFjY2VwdGFibGUsIHN1Y2ggYXMgTUFDcywgb3IgQXV0aGVu
dGljYXRlZCBFbmNyeXB0aW9uLCBvciBBRUFEIGFsZ29yaXRobXMuIEJlY2F1c2UgdGhlIG1hbmlm
ZXN0IGNvbnRhaW5zJm5ic3A7aW5mb3JtYXRpb24gYWJvdXQgaG93IHRvIGluc3RhbGwgdGhlIHVw
ZGF0ZSwgdGhlIG1hbmlmZXN0J3MgYXV0aGVudGljaXR5IG11c3QgYmUgcHJvdmFibGUuDQogVG8g
cmVkdWNlIHRoZSBvdmVyaGVhZCByZXF1aXJlZCBmb3IgdmFsaWRhdGlvbiwgdGhlIG1hbmlmZXN0
IGNvbnRhaW5zIHRoZSBkaWdlc3Qgb2YgdGhlIHBheWxvYWQsJm5ic3A7cmF0aGVyIHRoYW4gYW5v
dGhlciBzaWduYXR1cmUuIFRoaXMgZG9lcyBub3QgY2hhbmdlIHRoZSBwcm92YWJpbGl0eSBvZiB0
aGUgcGF5bG9hZC4gVGhlIGF1dGhlbnRpY2l0eSBvZiB0aGUgbWFuaWZlc3QgaXMgcHJvdmFibGUg
d2l0aCBhIHNpZ25hdHVyZSwgdGhlIGF1dGhlbnRpY2l0eQ0KIG9mIHRoZSBwYXlsb2FkIGRpZ2Vz
dCBpcyZuYnNwO3Byb3ZhYmxlIHdpdGggdGhlIG1hbmlmZXN0LCBhbmQgdGhlIGF1dGhlbnRpY2l0
eSBvZiB0aGUgcGF5bG9hZCBpcyBwcm92YWJsZSB3aXRoIHRoZSBwYXlsb2FkIGRpZ2VzdC48L3Nw
YW4+PC9mb250PjwvZGl2Pg0KPGRpdiBzdHlsZT0iZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMt
c2VyaWY7IGZvbnQtc2l6ZTogMTFwdDsiIGNsYXNzPSIiPjxiciBjbGFzcz0iIj4NCjwvZGl2Pg0K
PGRpdiBzdHlsZT0iZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTog
MTFwdDsiIGNsYXNzPSIiPk1pdGlnYXRlczogVGhyZWF0IE1GVDg8L2Rpdj4NCjwvZGl2Pg0KPGRp
diBzdHlsZT0ibWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyBmb250LXNpemU6IDExcHQ7IGZvbnQt
ZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+DQo8bzpwIGNsYXNzPSIiPiZu
YnNwOzwvbzpwPjwvZGl2Pg0KPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPg0KPGRpdiBzdHlsZT0iZm9u
dC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogMTFwdDsgbWFyZ2luOiAw
Y20gMGNtIDAuMDAwMXB0OyIgY2xhc3M9IiI+DQpVc2VyIFN0b3JpZXM8bzpwIGNsYXNzPSIiPjwv
bzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0iZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7
IGZvbnQtc2l6ZTogMTFwdDsgbWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyIgY2xhc3M9IiI+DQo9
PT09PT09PT09PT09PT09PT09PT09PTwvZGl2Pg0KPGRpdiBzdHlsZT0iZm9udC1mYW1pbHk6IENh
bGlicmksIHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogMTFwdDsgbWFyZ2luOiAwY20gMGNtIDAuMDAw
MXB0OyIgY2xhc3M9IiI+DQpVc2VyIHN0b3JpZXMgcHJvdmlkZSBleHBlY3RlZCB1c2UtY2FzZXMu
IFRoZXNlIGFyZSB1c2VkIHRvIGZlZWQgaW50byB1c2FiaWxpdHkgcmVxdWlyZW1lbnRzLjxvOnAg
Y2xhc3M9IiI+PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJmb250LWZhbWlseTogQ2FsaWJyaSwg
c2Fucy1zZXJpZjsgZm9udC1zaXplOiAxMXB0OyBtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IiBj
bGFzcz0iIj4NCjxvOnAgY2xhc3M9IiI+Jm5ic3A7PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJm
b250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxMXB0OyBtYXJnaW46
IDBjbSAwY20gMC4wMDAxcHQ7IiBjbGFzcz0iIj4NClVzZSBDYXNlIE1GVUMxOiBJbnN0YWxsYXRp
b24gSW5zdHJ1Y3Rpb25zPG86cCBjbGFzcz0iIj48L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9ImZv
bnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDExcHQ7IG1hcmdpbjog
MGNtIDBjbSAwLjAwMDFwdDsiIGNsYXNzPSIiPg0KLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS08L2Rpdj4NCjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNl
cmlmOyBmb250LXNpemU6IDExcHQ7IG1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsiIGNsYXNzPSIi
Pg0KQXMgYW4gT0VNIGZvciBJb1QgZGV2aWNlcywgSSB3YW50IHRvIHByb3ZpZGUgbXkgZGV2aWNl
cyB3aXRoIGFkZGl0aW9uYWwgaW5zdGFsbGF0aW9uIGluc3RydWN0aW9ucyBzbyB0aGF0IEkgY2Fu
IGtlZXAgcHJvY2VzcyBkZXRhaWwgb3V0IG9mIG15IHBheWxvYWQgZGF0YS48bzpwIGNsYXNzPSIi
PjwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0iZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2Vy
aWY7IGZvbnQtc2l6ZTogMTFwdDsgbWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyIgY2xhc3M9IiI+
DQo8bzpwIGNsYXNzPSIiPiZuYnNwOzwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0iZm9udC1mYW1p
bHk6IENhbGlicmksIHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogMTFwdDsgbWFyZ2luOiAwY20gMGNt
IDAuMDAwMXB0OyIgY2xhc3M9IiI+DQpTb21lIGluc3RhbGxhdGlvbiBpbnN0cnVjdGlvbnMgbWln
aHQgYmU6PG86cCBjbGFzcz0iIj48L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5
OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDExcHQ7IG1hcmdpbjogMGNtIDBjbSAw
LjAwMDFwdDsiIGNsYXNzPSIiPg0KKiBTcGVjaWZ5IGEgcGFja2FnZSBoYW5kbGVyPG86cCBjbGFz
cz0iIj48L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5z
LXNlcmlmOyBmb250LXNpemU6IDExcHQ7IG1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsiIGNsYXNz
PSIiPg0KKiBVc2UgYSB0YWJsZSBvZiBoYXNoZXMgdG8gZW5zdXJlIHRoYXQgZWFjaCBibG9jayBv
ZiB0aGUgcGF5bG9hZCBpcyB2YWxpZGF0ZSBiZWZvcmUgd3JpdGluZy48bzpwIGNsYXNzPSIiPjwv
bzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0iZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7
IGZvbnQtc2l6ZTogMTFwdDsgbWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyIgY2xhc3M9IiI+DQoq
IFJ1biBwb3N0LXByb2Nlc3Npbmcgc2NyaXB0IGFmdGVyIHRoZSB1cGRhdGUgaXMgaW5zdGFsbGVk
PG86cCBjbGFzcz0iIj48L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5OiBDYWxp
YnJpLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDExcHQ7IG1hcmdpbjogMGNtIDBjbSAwLjAwMDFw
dDsiIGNsYXNzPSIiPg0KKiBEbyBub3QgcmVwb3J0IHByb2dyZXNzPG86cCBjbGFzcz0iIj48L286
cD48L2Rpdj4NCjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyBm
b250LXNpemU6IDExcHQ7IG1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsiIGNsYXNzPSIiPg0KKiBQ
cmUtY2FjaGUgdGhlIHVwZGF0ZSwgYnV0IGRvIG5vdCBpbnN0YWxsPG86cCBjbGFzcz0iIj48L286
cD48L2Rpdj4NCjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyBm
b250LXNpemU6IDExcHQ7IG1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsiIGNsYXNzPSIiPg0KKiBJ
bnN0YWxsIHRoZSBwcmUtY2FjaGVkIHVwZGF0ZSBtYXRjaGluZyB0aGlzIG1hbmlmZXN0PG86cCBj
bGFzcz0iIj48L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5OiBDYWxpYnJpLCBz
YW5zLXNlcmlmOyBmb250LXNpemU6IDExcHQ7IG1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsiIGNs
YXNzPSIiPg0KKiBJbnN0YWxsIHRoaXMgdXBkYXRlIGltbWVkaWF0ZWx5LCBvdmVycmlkaW5nIGFu
eSBsb25nLXJ1bm5pbmcgdGFza3MuPG86cCBjbGFzcz0iIj48L286cD48L2Rpdj4NCjxkaXYgc3R5
bGU9ImZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDExcHQ7IG1h
cmdpbjogMGNtIDBjbSAwLjAwMDFwdDsiIGNsYXNzPSIiPg0KPG86cCBjbGFzcz0iIj4mbmJzcDs8
L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlm
OyBmb250LXNpemU6IDExcHQ7IG1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsiIGNsYXNzPSIiPg0K
PG86cCBjbGFzcz0iIj4mbmJzcDs8L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5
OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDExcHQ7IG1hcmdpbjogMGNtIDBjbSAw
LjAwMDFwdDsiIGNsYXNzPSIiPg0KVXNlIENhc2UgTUZVQzI6IE9wZXJhdG9yIEluZnJhc3RydWN0
dXJlPG86cCBjbGFzcz0iIj48L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5OiBD
YWxpYnJpLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDExcHQ7IG1hcmdpbjogMGNtIDBjbSAwLjAw
MDFwdDsiIGNsYXNzPSIiPg0KLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS08L2Rp
dj4NCjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyBmb250LXNp
emU6IDExcHQ7IG1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsiIGNsYXNzPSIiPg0KQXMgYW4gT3Bl
cmF0b3Igb2YgSW9UIGRldmljZXMsIEkgd291bGQgbGlrZSB0byB0ZWxsIG15IGRldmljZXMgdG8g
bG9vayBhdCBteSBvd24gaW5mcmFzdHJ1Y3R1cmUgZm9yIHBheWxvYWRzIHNvIHRoYXQgSSBjYW4g
bWFuYWdlIHRoZSB0cmFmZmljIGdlbmVyYXRlZCBieSBmaXJtd2FyZSB1cGRhdGVzIG9uIG15IG5l
dHdvcmsgYW5kIG15IHBlZXJz4oCZIG5ldHdvcmtzLjxvOnAgY2xhc3M9IiI+PC9vOnA+PC9kaXY+
DQo8ZGl2IHN0eWxlPSJmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsgZm9udC1zaXpl
OiAxMXB0OyBtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IiBjbGFzcz0iIj4NCjxvOnAgY2xhc3M9
IiI+Jm5ic3A7PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJmb250LWZhbWlseTogQ2FsaWJyaSwg
c2Fucy1zZXJpZjsgZm9udC1zaXplOiAxMXB0OyBtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IiBj
bGFzcz0iIj4NClVzZSBDYXNlIE1GVUMzOiBNb2R1bGFyIFVwZGF0ZTxvOnAgY2xhc3M9IiI+PC9v
OnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsg
Zm9udC1zaXplOiAxMXB0OyBtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IiBjbGFzcz0iIj4NCi0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tPC9kaXY+DQo8ZGl2IHN0eWxlPSJmb250
LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxMXB0OyBtYXJnaW46IDBj
bSAwY20gMC4wMDAxcHQ7IiBjbGFzcz0iIj4NCkFzIGFuIE9FTSBvZiBJb1QgZGV2aWNlcywgSSB3
YW50IHRvIGRpdmlkZSBteSBmaXJtd2FyZSBpbnRvIGZyZXF1ZW50bHkgdXBkYXRlZCBhbmQgaW5m
cmVxdWVudGx5IHVwZGF0ZWQgY29tcG9uZW50cywgc28gdGhhdCBJIGNhbiByZWR1Y2UgdGhlIHNp
emUgb2YgdXBkYXRlcyBhbmQgbWFrZSBkaWZmZXJlbnQgcGFydGllcyByZXNwb25zaWJsZSBmb3Ig
ZGlmZmVyZW50IGNvbXBvbmVudHMuPG86cCBjbGFzcz0iIj48L286cD48L2Rpdj4NCjxkaXYgc3R5
bGU9ImZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDExcHQ7IG1h
cmdpbjogMGNtIDBjbSAwLjAwMDFwdDsiIGNsYXNzPSIiPg0KPG86cCBjbGFzcz0iIj48YnIgY2xh
c3M9IiI+DQo8L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5OiBDYWxpYnJpLCBz
YW5zLXNlcmlmOyBmb250LXNpemU6IDExcHQ7IG1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsiIGNs
YXNzPSIiPg0KPG86cCBjbGFzcz0iIj5Vc2UgQ2FzZSBNRlVDNDogTXVsdGlwbGUgQXV0aG9yaXNh
dGlvbnM8L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5z
LXNlcmlmOyBmb250LXNpemU6IDExcHQ7IG1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsiIGNsYXNz
PSIiPg0KLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS08L2Rpdj4NCjxkaXYgc3R5
bGU9ImZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDExcHQ7IG1h
cmdpbjogMGNtIDBjbSAwLjAwMDFwdDsiIGNsYXNzPSIiPg0KPG86cCBjbGFzcz0iIj5BcyBhbiBP
cGVyYXRvciwgSSB3YW50IHRvIGVuc3VyZSB0aGUgcXVhbGl0eSBvZiBhIGZpcm13YXJlIHVwZGF0
ZSBiZWZvcmUgaW5zdGFsbGluZyBpdCwgc28gdGhhdCBJIGNhbiBlbnN1cmUgYSBoaWdoIHN0YW5k
YXJkIG9mIHJlbGlhYmlsaXR5IG9uIG15IG5ldHdvcmsuIFRoZSBPRU0gbWF5IHJlc3RyaWN0IG15
IGFiaWxpdHkgdG8gY3JlYXRlIGZpcm13YXJlLCBzbyBJIGNhbm5vdCBiZSB0aGUgb25seSBhdXRo
b3JpdHkgb24NCiB0aGUgZGV2aWNlLjwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0iZm9udC1mYW1p
bHk6IENhbGlicmksIHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogMTFwdDsgbWFyZ2luOiAwY20gMGNt
IDAuMDAwMXB0OyIgY2xhc3M9IiI+DQo8bzpwIGNsYXNzPSIiPjxiciBjbGFzcz0iIj4NCjwvbzpw
PjwvZGl2Pg0KPGRpdiBzdHlsZT0iZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IGZv
bnQtc2l6ZTogMTFwdDsgbWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyIgY2xhc3M9IiI+DQo8bzpw
IGNsYXNzPSIiPlVzZSBDYXNlIE1GVUM1OiBNdWx0aXBsZSBQYXlsb2FkIEZvcm1hdHM8L286cD48
L2Rpdj4NCjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyBmb250
LXNpemU6IDExcHQ7IG1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsiIGNsYXNzPSIiPg0KLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS08L2Rpdj4NCjxkaXYgc3R5bGU9ImZvbnQtZmFt
aWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDExcHQ7IG1hcmdpbjogMGNtIDBj
bSAwLjAwMDFwdDsiIGNsYXNzPSIiPg0KPG86cCBjbGFzcz0iIj5BcyBhIE9FTSBvciBPcGVyYXRv
ciBvZiBkZXZpY2VzLCBJIHdhbnQgdG8gYmUgYWJsZSB0byBzZW5kIG11bHRpcGxlIHBheWxvYWQg
Zm9ybWF0cyB0byBzdWl0IHRoZSBuZWVkcyBvZiBteSB1cGRhdGUsIHNvIHRoYXQgSSBjYW4gb3B0
aW1pc2UgdGhlIGJhbmR3aWR0aCB1c2VkIGJ5IG15IGRldmljZXMuPC9vOnA+PC9kaXY+DQo8ZGl2
IHN0eWxlPSJmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxMXB0
OyBtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IiBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCjwv
ZGl2Pg0KPGRpdiBzdHlsZT0iZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IGZvbnQt
c2l6ZTogMTFwdDsgbWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyIgY2xhc3M9IiI+DQo8c3BhbiBz
dHlsZT0iZm9udC1zaXplOiAxMXB0OyIgY2xhc3M9IiI+Jm5ic3A7PC9zcGFuPjwvZGl2Pg0KPGRp
diBzdHlsZT0iZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogMTFw
dDsgbWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyIgY2xhc3M9IiI+DQpVc2FiaWxpdHkgUmVxdWly
ZW1lbnRzPG86cCBjbGFzcz0iIj48L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5
OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDExcHQ7IG1hcmdpbjogMGNtIDBjbSAw
LjAwMDFwdDsiIGNsYXNzPSIiPg0KPT09PT09PT09PT09PT09PT09PT09PT08L2Rpdj4NCjxkaXYg
c3R5bGU9ImZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDExcHQ7
IG1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsiIGNsYXNzPSIiPg0KVGhlIGZvbGxvd2luZyB1c2Fi
aWxpdHkgcmVxdWlyZW1lbnRzIHNhdGlzZnkgdGhlIHVzZXIgc3RvcmllcyBsaXN0ZWQgYWJvdmUu
PG86cCBjbGFzcz0iIj48L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5OiBDYWxp
YnJpLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDExcHQ7IG1hcmdpbjogMGNtIDBjbSAwLjAwMDFw
dDsiIGNsYXNzPSIiPg0KPG86cCBjbGFzcz0iIj4mbmJzcDs8L286cD48L2Rpdj4NCjxkaXYgc3R5
bGU9ImZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDExcHQ7IG1h
cmdpbjogMGNtIDBjbSAwLjAwMDFwdDsiIGNsYXNzPSIiPg0KVXNhYmlsaXR5IFJlcXVpcmVtZW50
IE1GVVIxOjxvOnAgY2xhc3M9IiI+PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJmb250LWZhbWls
eTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxMXB0OyBtYXJnaW46IDBjbSAwY20g
MC4wMDAxcHQ7IiBjbGFzcz0iIj4NCkl0IG11c3QgYmUgcG9zc2libGUgdG8gd3JpdGUgYWRkaXRp
b25hbCBpbnN0YWxsYXRpb24gaW5zdHJ1Y3Rpb25zIGludG8gdGhlIG1hbmlmZXN0LjxvOnAgY2xh
c3M9IiI+PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fu
cy1zZXJpZjsgZm9udC1zaXplOiAxMXB0OyBtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IiBjbGFz
cz0iIj4NCjxvOnAgY2xhc3M9IiI+Jm5ic3A7PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJmb250
LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxMXB0OyBtYXJnaW46IDBj
bSAwY20gMC4wMDAxcHQ7IiBjbGFzcz0iIj4NClNhdGlzZmllcyBVc2UtQ2FzZSBNRlVDMTxvOnAg
Y2xhc3M9IiI+PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJmb250LWZhbWlseTogQ2FsaWJyaSwg
c2Fucy1zZXJpZjsgZm9udC1zaXplOiAxMXB0OyBtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IiBj
bGFzcz0iIj4NCjxvOnAgY2xhc3M9IiI+Jm5ic3A7PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJm
b250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxMXB0OyBtYXJnaW46
IDBjbSAwY20gMC4wMDAxcHQ7IiBjbGFzcz0iIj4NClVzYWJpbGl0eSBSZXF1aXJlbWVudCBNRlVS
Mjo8bzpwIGNsYXNzPSIiPjwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0iZm9udC1mYW1pbHk6IENh
bGlicmksIHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogMTFwdDsgbWFyZ2luOiAwY20gMGNtIDAuMDAw
MXB0OyIgY2xhc3M9IiI+DQotLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLTwvZGl2
Pg0KPGRpdiBzdHlsZT0iZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IGZvbnQtc2l6
ZTogMTFwdDsgbWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyIgY2xhc3M9IiI+DQpJdCBtdXN0IGJl
IHBvc3NpYmxlIHRvIHJlZGlyZWN0IHBheWxvYWQgZmV0Y2hlcy4gVGhpcyBhcHBsaWVzIHdoZXJl
IHR3byBtYW5pZmVzdHMgYXJlIHVzZWQgaW4gY29uanVuY3Rpb24uIEZvciBleGFtcGxlLCBhbiBP
RU0gbWFuaWZlc3Qgc3BlY2lmaWVzIGEgcGF5bG9hZCBhbmQgc2lnbnMgaXQsIGFuZCBwcm92aWRl
cyBhIFVSSSBmb3IgdGhhdCBwYXlsb2FkLiBBbiBPcGVyYXRvciBjcmVhdGVzIGEgc2Vjb25kIG1h
bmlmZXN0LCB3aXRoIGEgZGVwZW5kZW5jeQ0KIG9uIHRoZSBmaXJzdC4gVGhleSB1c2UgdGhpcyBz
ZWNvbmQgbWFuaWZlc3QgdG8gb3ZlcnJpZGUgdGhlIFVSSXMgcHJvdmlkZWQgYnkgdGhlIE9FTSwg
ZGlyZWN0aW5nIHRoZW0gaW50byB0aGVpciBvd24gaW5mcmFzdHJ1Y3R1cmUgaW5zdGVhZC48bzpw
IGNsYXNzPSIiPjwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0iZm9udC1mYW1pbHk6IENhbGlicmks
IHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogMTFwdDsgbWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyIg
Y2xhc3M9IiI+DQo8bzpwIGNsYXNzPSIiPiZuYnNwOzwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0i
Zm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogMTFwdDsgbWFyZ2lu
OiAwY20gMGNtIDAuMDAwMXB0OyIgY2xhc3M9IiI+DQpTYXRpc2ZpZXMgVXNlLUNhc2UgTUZVQzI8
bzpwIGNsYXNzPSIiPjwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0iZm9udC1mYW1pbHk6IENhbGli
cmksIHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogMTFwdDsgbWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0
OyIgY2xhc3M9IiI+DQo8bzpwIGNsYXNzPSIiPiZuYnNwOzwvbzpwPjwvZGl2Pg0KPGRpdiBzdHls
ZT0iZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogMTFwdDsgbWFy
Z2luOiAwY20gMGNtIDAuMDAwMXB0OyIgY2xhc3M9IiI+DQpVc2FiaWxpdHkgUmVxdWlyZW1lbnQg
TUZVUjM6PG86cCBjbGFzcz0iIj48L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5
OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDExcHQ7IG1hcmdpbjogMGNtIDBjbSAw
LjAwMDFwdDsiIGNsYXNzPSIiPg0KLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS08
L2Rpdj4NCjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyBmb250
LXNpemU6IDExcHQ7IG1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsiIGNsYXNzPSIiPg0KSXQgTVVT
VCBiZSBwb3NzaWJsZSB0byBsaW5rIG11bHRpcGxlIG1hbmlmZXN0cyB0b2dldGhlciBzbyB0aGF0
IGEgbXVsdGktY29tcG9uZW50IHVwZGF0ZSBjYW4gYmUgZGVzY3JpYmVkLiBUaGlzIGFsbG93cyBt
dWx0aXBsZSBwYXJ0aWVzIHdpdGggZGlmZmVyZW50IHBlcm1pc3Npb25zIHRvIGNvbGxhYm9yYXRl
IGluIGNyZWF0aW5nIGEgc2luZ2xlIHVwZGF0ZSBmb3IgdGhlIElvVCBkZXZpY2UsIGFjcm9zcyBt
dWx0aXBsZSBjb21wb25lbnRzLjxvOnAgY2xhc3M9IiI+PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxl
PSJmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxMXB0OyBtYXJn
aW46IDBjbSAwY20gMC4wMDAxcHQ7IiBjbGFzcz0iIj4NCjxvOnAgY2xhc3M9IiI+Jm5ic3A7PC9v
OnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsg
Zm9udC1zaXplOiAxMXB0OyBtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IiBjbGFzcz0iIj4NClNh
dGlzZmllcyBVc2UtQ2FzZSBNRlVDMiwgTUZVQzM8bzpwIGNsYXNzPSIiPjwvbzpwPjwvZGl2Pg0K
PGRpdiBzdHlsZT0iZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTog
MTFwdDsgbWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyIgY2xhc3M9IiI+DQo8bzpwIGNsYXNzPSIi
PiZuYnNwOzwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0iZm9udC1mYW1pbHk6IENhbGlicmksIHNh
bnMtc2VyaWY7IGZvbnQtc2l6ZTogMTFwdDsgbWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyIgY2xh
c3M9IiI+DQpVc2FiaWxpdHkgUmVxdWlyZW1lbnQgTUZVUjQ6PC9kaXY+DQo8ZGl2IHN0eWxlPSJm
b250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxMXB0OyBtYXJnaW46
IDBjbSAwY20gMC4wMDAxcHQ7IiBjbGFzcz0iIj4NCjxkaXYgc3R5bGU9ImZvbnQtc2l6ZTogMTFw
dDsgbWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyIgY2xhc3M9IiI+LS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS08L2Rpdj4NCjxkaXYgY2xhc3M9IiI+SXQgTVVTVCBiZSBwb3NzaWJs
ZSB0byBzaWduIGEgbWFuaWZlc3QgbXVsdGlwbGUgdGltZXMgc28gdGhhdCBzaWduYXR1cmVzIGZy
b20gbXVsdGlwbGUgcGFydGllcyB3aXRoIGRpZmZlcmVudCBwZXJtaXNzaW9ucyBjYW4gYmUgcmVx
dWlyZWQgaW4gb3JkZXIgdG8gYXV0aG9yaXNlIGluc3RhbGxhdGlvbiBvZiBhIG1hbmlmZXN0Ljwv
ZGl2Pg0KPGRpdiBjbGFzcz0iIj48YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+
U2F0aXNmaWVzIFVzZS1DYXNlIE1GVUM0PC9kaXY+DQo8ZGl2IGNsYXNzPSIiPjxiciBjbGFzcz0i
Ij4NCjwvZGl2Pg0KPGRpdiBzdHlsZT0iZm9udC1zaXplOiAxMXB0OyBtYXJnaW46IDBjbSAwY20g
MC4wMDAxcHQ7IiBjbGFzcz0iIj5Vc2FiaWxpdHkgUmVxdWlyZW1lbnQgTUZVUjU6PC9kaXY+DQo8
ZGl2IHN0eWxlPSJmb250LXNpemU6IDExcHQ7IG1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsiIGNs
YXNzPSIiPg0KPGRpdiBzdHlsZT0iZm9udC1zaXplOiAxMXB0OyBtYXJnaW46IDBjbSAwY20gMC4w
MDAxcHQ7IiBjbGFzcz0iIj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLTwvZGl2
Pg0KPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPlRoZSBtYW5pZmVzdCBmb3JtYXQgTVVTVCBhY2NvbW1v
ZGF0ZSBhbnkgcGF5bG9hZCBmb3JtYXQgdGhhdCBhbiBvcGVyYXRvciBvciBPRU0gd2lzaGVzIHRv
IHVzZS4mbmJzcDs8c3BhbiBzdHlsZT0iZm9udC1zaXplOiAxMXB0OyIgY2xhc3M9IiI+U29tZSBl
eGFtcGxlcyBvZiBwYXlsb2FkIGZvcm1hdCB3b3VsZCBiZTombmJzcDs8L3NwYW4+PC9kaXY+DQo8
ZGl2IHN0eWxlPSJmb250LXNpemU6IDExcHQ7IG1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsiIGNs
YXNzPSIiPjxvOnAgY2xhc3M9IiI+KiBCaW5hcnk8L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9ImZv
bnQtc2l6ZTogMTFwdDsgbWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyIgY2xhc3M9IiI+PG86cCBj
bGFzcz0iIj4qIEVsZjwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0iZm9udC1zaXplOiAxMXB0OyBt
YXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IiBjbGFzcz0iIj48bzpwIGNsYXNzPSIiPiogRGlmZmVy
ZW50aWFsPC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJmb250LXNpemU6IDExcHQ7IG1hcmdpbjog
MGNtIDBjbSAwLjAwMDFwdDsiIGNsYXNzPSIiPjxvOnAgY2xhc3M9IiI+KiBDb21wcmVzc2VkPC9v
OnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJmb250LXNpemU6IDExcHQ7IG1hcmdpbjogMGNtIDBjbSAw
LjAwMDFwdDsiIGNsYXNzPSIiPiogUGFja2VkIGNvbmZpZ3VyYXRpb248L2Rpdj4NCjxkaXYgY2xh
c3M9IiI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTogMTFwdDsiIGNsYXNzPSIiPjxiciBjbGFzcz0i
Ij4NCjwvc3Bhbj48L2Rpdj4NCjxkaXYgY2xhc3M9IiI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTog
MTFwdDsiIGNsYXNzPSIiPlNhdGlzZmllcyBVc2UtQ2FzZSBNRlVDNTwvc3Bhbj48L2Rpdj4NCjxk
aXYgY2xhc3M9IiI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTogMTFwdDsiIGNsYXNzPSIiPjxiciBj
bGFzcz0iIj4NCjwvc3Bhbj48L2Rpdj4NCjxkaXYgY2xhc3M9IiI+PHNwYW4gc3R5bGU9ImZvbnQt
c2l6ZTogMTFwdDsiIGNsYXNzPSIiPjxiciBjbGFzcz0iIj4NCjwvc3Bhbj48L2Rpdj4NCjwvZGl2
Pg0KPGRpdiBzdHlsZT0iZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IGZvbnQtc2l6
ZTogMTFwdDsgbWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyIgY2xhc3M9IiI+DQpNYW5pZmVzdCBG
aWVsZHM6PG86cCBjbGFzcz0iIj48L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5
OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDExcHQ7IG1hcmdpbjogMGNtIDBjbSAw
LjAwMDFwdDsiIGNsYXNzPSIiPg0KPT09PT09PT09PT09PT09PT09PT09PT08L2Rpdj4NCjxkaXYg
c3R5bGU9ImZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDExcHQ7
IG1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsiIGNsYXNzPSIiPg0KRWFjaCBtYW5pZmVzdCBmaWVs
ZCBpcyBhbmNob3JlZCBpbiBhIHNlY3VyaXR5IHJlcXVpcmVtZW50IG9yIGEgdXNhYmlsaXR5IHJl
cXVpcmVtZW50LiBUaGUgbWFuaWZlc3QgZmllbGRzIGFyZSBkZXNjcmliZWQgYmVsb3cgYW5kIGp1
c3RpZmllZCBieSB0aGVpciByZXF1aXJlbWVudHMuPG86cCBjbGFzcz0iIj48L286cD48L2Rpdj4N
CjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyBmb250LXNpemU6
IDExcHQ7IG1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsiIGNsYXNzPSIiPg0KPG86cCBjbGFzcz0i
Ij4mbmJzcDs8L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5OiBDYWxpYnJpLCBz
YW5zLXNlcmlmOyBmb250LXNpemU6IDExcHQ7IG1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsiIGNs
YXNzPSIiPg0KTWFuaWZlc3QgRmllbGQ6IFRpbWVzdGFtcDxvOnAgY2xhc3M9IiI+PC9vOnA+PC9k
aXY+DQo8ZGl2IHN0eWxlPSJmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsgZm9udC1z
aXplOiAxMXB0OyBtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IiBjbGFzcz0iIj4NCi0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tPC9kaXY+DQo8ZGl2IHN0eWxlPSJmb250LWZhbWls
eTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxMXB0OyBtYXJnaW46IDBjbSAwY20g
MC4wMDAxcHQ7IiBjbGFzcz0iIj4NCkEgbW9ub3RvbmljIHNlcXVlbmNlIG51bWJlciwgaW1wbGVt
ZW50ZWQgYXMgYW4gaW50ZWdlcjxzcGFuIHN0eWxlPSJjb2xvcjogcmdiKDE0OSwgNTUsIDUzKTsi
IGNsYXNzPSIiPiZuYnNwOzwvc3Bhbj5UaW1lc3RhbXAuPG86cCBjbGFzcz0iIj48L286cD48L2Rp
dj4NCjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyBmb250LXNp
emU6IDExcHQ7IG1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsiIGNsYXNzPSIiPg0KPG86cCBjbGFz
cz0iIj4mbmJzcDs8L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5OiBDYWxpYnJp
LCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDExcHQ7IG1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsi
IGNsYXNzPSIiPg0KSW1wbGVtZW50czogU2VjdXJpdHkgUmVxdWlyZW1lbnQgTUZTUjEuPG86cCBj
bGFzcz0iIj48L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5OiBDYWxpYnJpLCBz
YW5zLXNlcmlmOyBmb250LXNpemU6IDExcHQ7IG1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsiIGNs
YXNzPSIiPg0KPG86cCBjbGFzcz0iIj4mbmJzcDs8L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9ImZv
bnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDExcHQ7IG1hcmdpbjog
MGNtIDBjbSAwLjAwMDFwdDsiIGNsYXNzPSIiPg0KTWFuaWZlc3QgRmllbGQ6IFZlbmRvciBJRCBj
b25kaXRpb248bzpwIGNsYXNzPSIiPjwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0iZm9udC1mYW1p
bHk6IENhbGlicmksIHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogMTFwdDsgbWFyZ2luOiAwY20gMGNt
IDAuMDAwMXB0OyIgY2xhc3M9IiI+DQotLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LTwvZGl2Pg0KPGRpdiBzdHlsZT0iZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IGZv
bnQtc2l6ZTogMTFwdDsgbWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyIgY2xhc3M9IiI+DQpWZW5k
b3IgSURzIE1VU1QgYmUgdW5pcXVlLiBUaGlzIGlzIHRvIHByZXZlbnQgc2ltaWxhcmx5LCBvciBp
ZGVudGljYWxseSBuYW1lZCBlbnRpdGllcyBmcm9tIGRpZmZlcmVudCBnZW9ncmFwaGljIHJlZ2lv
bnMgZnJvbSBjb2xsaWRpbmcgaW4gdGhlaXIgY3VzdG9tZXLigJlzIGluZnJhc3RydWN0dXJlLiBS
ZWNvbW1lbmRlZCBwcmFjdGljZSBpcyB0byB1c2UgdHlwZSA1IFVVSURzIHdpdGggdGhlIHZlbmRv
cuKAmXMgZG9tYWluIG5hbWUgYW5kIHRoZSBVVUlEDQogRE5TIHByZWZpeC4gT3RoZXIgb3B0aW9u
cyBpbmNsdWRlIHR5cGUgMSBhbmQgdHlwZSA0IFVVSURzLjxvOnAgY2xhc3M9IiI+PC9vOnA+PC9k
aXY+DQo8ZGl2IHN0eWxlPSJmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsgZm9udC1z
aXplOiAxMXB0OyBtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IiBjbGFzcz0iIj4NCjxvOnAgY2xh
c3M9IiI+Jm5ic3A7PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJmb250LWZhbWlseTogQ2FsaWJy
aSwgc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxMXB0OyBtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7
IiBjbGFzcz0iIj4NCkltcGxlbWVudHM6IFNlY3VyaXR5IFJlcXVpcmVtZW50IE1GU1IyLCBNRlNS
NC48bzpwIGNsYXNzPSIiPjwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0iZm9udC1mYW1pbHk6IENh
bGlicmksIHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogMTFwdDsgbWFyZ2luOiAwY20gMGNtIDAuMDAw
MXB0OyIgY2xhc3M9IiI+DQo8bzpwIGNsYXNzPSIiPiZuYnNwOzwvbzpwPjwvZGl2Pg0KPGRpdiBz
dHlsZT0iZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogMTFwdDsg
bWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyIgY2xhc3M9IiI+DQpNYW5pZmVzdCBGaWVsZDogQ2xh
c3MgSUQgY29uZGl0aW9uPG86cCBjbGFzcz0iIj48L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9ImZv
bnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDExcHQ7IG1hcmdpbjog
MGNtIDBjbSAwLjAwMDFwdDsiIGNsYXNzPSIiPg0KLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS08L2Rpdj4NCjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNl
cmlmOyBmb250LXNpemU6IDExcHQ7IG1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsiIGNsYXNzPSIi
Pg0KQ2xhc3MgSWRlbnRpZmllcnMgTVVTVCBiZSB1bmlxdWUgd2l0aGluIGEgVmVuZG9yIElELiBU
aGlzIGlzIHRvIHByZXZlbnQgc2ltaWxhcmx5LCBvciBpZGVudGljYWxseSBuYW1lZCBkZXZpY2Vz
IGNvbGxpZGluZyBpbiB0aGVpciBjdXN0b21lcuKAmXMgaW5mcmFzdHJ1Y3R1cmUuIFJlY29tbWVu
ZGVkIHByYWN0aWNlIGlzIHRvIHVzZSB0eXBlIDUgVVVJRHMgd2l0aCB0aGUgbW9kZWwsIGhhcmR3
YXJlIHJldmlzaW9uLCBldGMuIGFuZCB1c2UgdGhlIFZlbmRvcg0KIElEIGFzIHRoZSBVVUlEIHBy
ZWZpeC4gT3RoZXIgb3B0aW9ucyBpbmNsdWRlIHR5cGUgMSBhbmQgdHlwZSA0IFVVSURzLiBBIGRl
dmljZSDigJxDbGFzc+KAnSBpcyBkZWZpbmVkIGFzIGFueSBkZXZpY2UgdGhhdCBjYW4gcnVuIHRo
ZSBzYW1lIGZpcm13YXJlIHdpdGhvdXQgbW9kaWZpY2F0aW9uLiBDbGFzc2VzIE1BWSBiZSBpbXBs
ZW1lbnRlZCBpbiBhIG1vcmUgZ3JhbnVsYXIgd2F5LiBDbGFzc2VzIE1VU1QgTk9UIGJlIGltcGxl
bWVudGVkIGluIGEgbGVzcw0KIGdyYW51bGFyIHdheS4gQ2xhc3MgSUQgY2FuIGVuY29tcGFzcyBt
b2RlbCBuYW1lLCBoYXJkd2FyZSByZXZpc2lvbiwgc29mdHdhcmUgcmV2aXNpb24uIERldmljZXMg
TUFZIGhhdmUgbXVsdGlwbGUgQ2xhc3MgSURzLjxvOnAgY2xhc3M9IiI+PC9vOnA+PC9kaXY+DQo8
ZGl2IHN0eWxlPSJmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsgZm9udC1zaXplOiAx
MXB0OyBtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IiBjbGFzcz0iIj4NCjxvOnAgY2xhc3M9IiI+
Jm5ic3A7PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fu
cy1zZXJpZjsgZm9udC1zaXplOiAxMXB0OyBtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IiBjbGFz
cz0iIj4NCkltcGxlbWVudHM6IFNlY3VyaXR5IFJlcXVpcmVtZW50IE1GU1IyLCBNRlNSNC48bzpw
IGNsYXNzPSIiPjwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0iZm9udC1mYW1pbHk6IENhbGlicmks
IHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogMTFwdDsgbWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyIg
Y2xhc3M9IiI+DQo8bzpwIGNsYXNzPSIiPiZuYnNwOzwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0i
Zm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogMTFwdDsgbWFyZ2lu
OiAwY20gMGNtIDAuMDAwMXB0OyIgY2xhc3M9IiI+DQo8bzpwIGNsYXNzPSIiPk1hbmlmZXN0IEZp
ZWxkOiBQcmVjdXJzb3IgSW1hZ2UgRGlnZXN0IENvbmRpdGlvbjwvbzpwPjwvZGl2Pg0KPGRpdiBz
dHlsZT0iZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogMTFwdDsg
bWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyIgY2xhc3M9IiI+DQo8bzpwIGNsYXNzPSIiPg0KPGRp
diBzdHlsZT0iZm9udC1zaXplOiAxMXB0OyBtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IiBjbGFz
cz0iIj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLTwvZGl2Pg0KPGRpdiBjbGFz
cz0iIj5XaGVuIGEgcHJlY3Vyc29yIGltYWdlIGlzIHJlcXVpcmVkIGJ5IHRoZSBwYXlsb2FkIGZv
cm1hdCwgYSBwcmVjdXJzb3IgaW1hZ2UgZGlnZXN0IGNvbmRpdGlvbiBNVVNUIGJlIHByZXNlbnQg
aW4gdGhlIGNvbmRpdGlvbnMgbGlzdC48L2Rpdj4NCjxkaXYgY2xhc3M9IiI+PGJyIGNsYXNzPSIi
Pg0KPC9kaXY+DQo8L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5OiBDYWxpYnJp
LCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDExcHQ7IG1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsi
IGNsYXNzPSIiPg0KPG86cCBjbGFzcz0iIj5JbXBsZW1lbnRzOiBTZWN1cml0eSBSZXF1aXJlbWVu
dCBNRlNSNDwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0iZm9udC1mYW1pbHk6IENhbGlicmksIHNh
bnMtc2VyaWY7IGZvbnQtc2l6ZTogMTFwdDsgbWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyIgY2xh
c3M9IiI+DQo8bzpwIGNsYXNzPSIiPjxiciBjbGFzcz0iIj4NCjwvbzpwPjwvZGl2Pg0KPGRpdiBz
dHlsZT0iZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogMTFwdDsg
bWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyIgY2xhc3M9IiI+DQpNYW5pZmVzdCBGaWVsZDogQmVz
dC1CZWZvcmUgdGltZXN0YW1wPG86cCBjbGFzcz0iIj48L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9
ImZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDExcHQ7IG1hcmdp
bjogMGNtIDBjbSAwLjAwMDFwdDsiIGNsYXNzPSIiPg0KLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS08L2Rpdj4NCjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5z
LXNlcmlmOyBmb250LXNpemU6IDExcHQ7IG1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsiIGNsYXNz
PSIiPg0KVGhpcyBmaWVsZCB0ZWxscyBhIGRldmljZSB0aGUgbGFzdCBhcHBsaWNhdGlvbiB0aW1l
LiBUaGlzIGlzIG9ubHkgdXNhYmxlIGluIGNvbmp1bmN0aW9uIHdpdGggYSBzZWN1cmUgY2xvY2su
PG86cCBjbGFzcz0iIj48L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5OiBDYWxp
YnJpLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDExcHQ7IG1hcmdpbjogMGNtIDBjbSAwLjAwMDFw
dDsiIGNsYXNzPSIiPg0KPG86cCBjbGFzcz0iIj4mbmJzcDs8L286cD48L2Rpdj4NCjxkaXYgc3R5
bGU9ImZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDExcHQ7IG1h
cmdpbjogMGNtIDBjbSAwLjAwMDFwdDsiIGNsYXNzPSIiPg0KSW1wbGVtZW50cyBTZWN1cml0eSBS
ZXF1aXJlbWVudCBNRlNSMzxvOnAgY2xhc3M9IiI+PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJm
b250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxMXB0OyBtYXJnaW46
IDBjbSAwY20gMC4wMDAxcHQ7IiBjbGFzcz0iIj4NCjxvOnAgY2xhc3M9IiI+Jm5ic3A7PC9vOnA+
PC9kaXY+DQo8ZGl2IHN0eWxlPSJmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsgZm9u
dC1zaXplOiAxMXB0OyBtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IiBjbGFzcz0iIj4NCk1hbmlm
ZXN0IEZpZWxkOiBQYXlsb2FkIEZvcm1hdDxvOnAgY2xhc3M9IiI+PC9vOnA+PC9kaXY+DQo8ZGl2
IHN0eWxlPSJmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxMXB0
OyBtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IiBjbGFzcz0iIj4NCi0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tPC9kaXY+DQo8ZGl2IHN0eWxlPSJmb250LWZhbWlseTogQ2FsaWJy
aSwgc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxMXB0OyBtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7
IiBjbGFzcz0iIj4NClRoZSBmb3JtYXQgb2YgdGhlIHBheWxvYWQgbXVzdCBiZSBpbmRpY2F0ZWQg
dG8gZGV2aWNlcyBpcyBpbiBhbiB1bmFtYmlndW91cyB3YXkuIFRoaXMgZmllbGQgcHJvdmlkZXMg
YSBtZWNoYW5pc20gdG8gZGVzY3JpYmUgdGhlIHBheWxvYWQgZm9ybWF0LCB3aXRoaW4gdGhlIHNp
Z25lZCBtZXRhZGF0YS48bzpwIGNsYXNzPSIiPjwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0iZm9u
dC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogMTFwdDsgbWFyZ2luOiAw
Y20gMGNtIDAuMDAwMXB0OyIgY2xhc3M9IiI+DQo8bzpwIGNsYXNzPSIiPiZuYnNwOzwvbzpwPjwv
ZGl2Pg0KPGRpdiBzdHlsZT0iZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IGZvbnQt
c2l6ZTogMTFwdDsgbWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyIgY2xhc3M9IiI+DQpJbXBsZW1l
bnRzIFNlY3VyaXR5IFJlcXVpcmVtZW50IE1GU1I0LCBVc2FiaWxpdHkgUmVxdWlyZW1lbnQmbmJz
cDs8bzpwIGNsYXNzPSIiPjwvbzpwPk1GVVI1PC9kaXY+DQo8ZGl2IHN0eWxlPSJmb250LWZhbWls
eTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxMXB0OyBtYXJnaW46IDBjbSAwY20g
MC4wMDAxcHQ7IiBjbGFzcz0iIj4NCjxvOnAgY2xhc3M9IiI+Jm5ic3A7PC9vOnA+PC9kaXY+DQo8
ZGl2IHN0eWxlPSJmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsgZm9udC1zaXplOiAx
MXB0OyBtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IiBjbGFzcz0iIj4NCk1hbmlmZXN0IEZpZWxk
OiBTdG9yYWdlIExvY2F0aW9uPG86cCBjbGFzcz0iIj48L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9
ImZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDExcHQ7IG1hcmdp
bjogMGNtIDBjbSAwLjAwMDFwdDsiIGNsYXNzPSIiPg0KLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS08L2Rpdj4NCjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5z
LXNlcmlmOyBmb250LXNpemU6IDExcHQ7IG1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsiIGNsYXNz
PSIiPg0KVGhpcyBmaWVsZCB0ZWxscyB0aGUgZGV2aWNlIHdoaWNoIGNvbXBvbmVudCBpcyBiZWlu
ZyB1cGRhdGVkLiBUaGUgZGV2aWNlIGNhbiB1c2UgdGhpcyB0byBlc3RhYmxpc2ggd2hpY2ggcGVy
bWlzc2lvbnMgYXJlIG5lY2Vzc2FyeSBhbmQgdGhlIHBoeXNpY2FsIGxvY2F0aW9uIHRvIHVzZS48
bzpwIGNsYXNzPSIiPjwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0iZm9udC1mYW1pbHk6IENhbGli
cmksIHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogMTFwdDsgbWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0
OyIgY2xhc3M9IiI+DQo8bzpwIGNsYXNzPSIiPiZuYnNwOzwvbzpwPjwvZGl2Pg0KPGRpdiBzdHls
ZT0iZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogMTFwdDsgbWFy
Z2luOiAwY20gMGNtIDAuMDAwMXB0OyIgY2xhc3M9IiI+DQpJbXBsZW1lbnRzIFNlY3VyaXR5IFJl
cXVpcmVtZW50IE1GU1I0PG86cCBjbGFzcz0iIj48L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9ImZv
bnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDExcHQ7IG1hcmdpbjog
MGNtIDBjbSAwLjAwMDFwdDsiIGNsYXNzPSIiPg0KPG86cCBjbGFzcz0iIj4mbmJzcDs8L286cD48
L2Rpdj4NCjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyBmb250
LXNpemU6IDExcHQ7IG1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsiIGNsYXNzPSIiPg0KTWFuaWZl
c3QgRmllbGQ6IFVSSXM8bzpwIGNsYXNzPSIiPjwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0iZm9u
dC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogMTFwdDsgbWFyZ2luOiAw
Y20gMGNtIDAuMDAwMXB0OyIgY2xhc3M9IiI+DQotLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLTwvZGl2Pg0KPGRpdiBzdHlsZT0iZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2Vy
aWY7IGZvbnQtc2l6ZTogMTFwdDsgbWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyIgY2xhc3M9IiI+
DQpUaGlzIGZpZWxkIGlzIGEgbGlzdCBvZiB3ZWlnaHRlZCBVUklzIHRoYXQgdGhlIGRldmljZSB1
c2VzIHRvIHNlbGVjdCB3aGVyZSB0byBvYnRhaW4gYSBwYXlsb2FkLjxvOnAgY2xhc3M9IiI+PC9v
OnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsg
Zm9udC1zaXplOiAxMXB0OyBtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IiBjbGFzcz0iIj4NCjxv
OnAgY2xhc3M9IiI+Jm5ic3A7PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJmb250LWZhbWlseTog
Q2FsaWJyaSwgc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxMXB0OyBtYXJnaW46IDBjbSAwY20gMC4w
MDAxcHQ7IiBjbGFzcz0iIj4NCkltcGxlbWVudHMgU2VjdXJpdHkgUmVxdWlyZW1lbnQgTUZTUjQ8
bzpwIGNsYXNzPSIiPjwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0iZm9udC1mYW1pbHk6IENhbGli
cmksIHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogMTFwdDsgbWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0
OyIgY2xhc3M9IiI+DQo8bzpwIGNsYXNzPSIiPiZuYnNwOzwvbzpwPjwvZGl2Pg0KPGRpdiBzdHls
ZT0iZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogMTFwdDsgbWFy
Z2luOiAwY20gMGNtIDAuMDAwMXB0OyIgY2xhc3M9IiI+DQpNYW5pZmVzdCBGaWVsZDogZGlnZXN0
czxvOnAgY2xhc3M9IiI+PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJmb250LWZhbWlseTogQ2Fs
aWJyaSwgc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxMXB0OyBtYXJnaW46IDBjbSAwY20gMC4wMDAx
cHQ7IiBjbGFzcz0iIj4NCi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tPC9kaXY+
DQo8ZGl2IHN0eWxlPSJmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsgZm9udC1zaXpl
OiAxMXB0OyBtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IiBjbGFzcz0iIj4NClRoaXMgZmllbGQg
aXMgYSBtYXAgb2YgZGlnZXN0cywgZWFjaCBmb3IgYSBzZXBhcmF0ZSBzdGFnZSBvZiBpbnN0YWxs
YXRpb24uIFRoaXMgYWxsb3dzIHRoZSB0YXJnZXQgZGV2aWNlIHRvIGVuc3VyZSBhdXRoZW50aWNp
dHkgb2YgdGhlIHBheWxvYWQgYXQgZXZlcnkgc3RlcCBvZiBpbnN0YWxsYXRpb24uPG86cCBjbGFz
cz0iIj48L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5z
LXNlcmlmOyBmb250LXNpemU6IDExcHQ7IG1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsiIGNsYXNz
PSIiPg0KPG86cCBjbGFzcz0iIj4mbmJzcDs8L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9ImZvbnQt
ZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDExcHQ7IG1hcmdpbjogMGNt
IDBjbSAwLjAwMDFwdDsiIGNsYXNzPSIiPg0KSW1wbGVtZW50cyBTZWN1cml0eSBSZXF1aXJlbWVu
dCBNRlNSNDxvOnAgY2xhc3M9IiI+PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJmb250LWZhbWls
eTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxMXB0OyBtYXJnaW46IDBjbSAwY20g
MC4wMDAxcHQ7IiBjbGFzcz0iIj4NCjxvOnAgY2xhc3M9IiI+Jm5ic3A7PC9vOnA+PC9kaXY+DQo8
ZGl2IHN0eWxlPSJmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsgZm9udC1zaXplOiAx
MXB0OyBtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IiBjbGFzcz0iIj4NCk1hbmlmZXN0IEZpZWxk
OiBTaXplPG86cCBjbGFzcz0iIj48L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5
OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDExcHQ7IG1hcmdpbjogMGNtIDBjbSAw
LjAwMDFwdDsiIGNsYXNzPSIiPg0KLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS08
L2Rpdj4NCjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyBmb250
LXNpemU6IDExcHQ7IG1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsiIGNsYXNzPSIiPg0KVGhlIHNp
emUgb2YgdGhlIHBheWxvYWQgaW4gYnl0ZXMuPG86cCBjbGFzcz0iIj48L286cD48L2Rpdj4NCjxk
aXYgc3R5bGU9ImZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDEx
cHQ7IG1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsiIGNsYXNzPSIiPg0KPG86cCBjbGFzcz0iIj4m
bmJzcDs8L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5z
LXNlcmlmOyBmb250LXNpemU6IDExcHQ7IG1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsiIGNsYXNz
PSIiPg0KSW1wbGVtZW50cyBTZWN1cml0eSBSZXF1aXJlbWVudCBNRlNSNDxvOnAgY2xhc3M9IiI+
PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJp
ZjsgZm9udC1zaXplOiAxMXB0OyBtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IiBjbGFzcz0iIj4N
CjxvOnAgY2xhc3M9IiI+PGJyIGNsYXNzPSIiPg0KPC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJm
b250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxMXB0OyBtYXJnaW46
IDBjbSAwY20gMC4wMDAxcHQ7IiBjbGFzcz0iIj4NCk1hbmlmZXN0IEZpZWxkOiBTaWduYXR1cmU8
L2Rpdj4NCjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyBmb250
LXNpemU6IDExcHQ7IG1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsiIGNsYXNzPSIiPg0KPG86cCBj
bGFzcz0iIj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLTwvbzpwPjwvZGl2Pg0K
PGRpdiBzdHlsZT0ibWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyIgY2xhc3M9IiI+PG86cCBjbGFz
cz0iIj48Zm9udCBmYWNlPSJDYWxpYnJpLCBzYW5zLXNlcmlmIiBjbGFzcz0iIj48c3BhbiBzdHls
ZT0iZm9udC1zaXplOiAxMXB0OyIgY2xhc3M9IiI+VGhpcyBpcyBub3Qgc3RyaWN0bHkgYSBtYW5p
ZmVzdCBmaWVsZC4gSW5zdGVhZCwgdGhlIG1hbmlmZXN0IGlzIHdyYXBwZWQgYnkgYSZuYnNwOzwv
c3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOiAxNC42NjY2NjY5ODQ1NTgxMDVweDsiIGNsYXNz
PSIiPnN0YW5kYXJkaXNlZDwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOiAxMXB0OyIgY2xh
c3M9IiI+Jm5ic3A7c2lnbmF0dXJlDQogY29udGFpbmVyLCBzdWNoIGFzIGEgQ09TRSBvciBDTVMg
c2lnbmF0dXJlIG9iamVjdC4gVGhlIHNpZ25hdHVyZSBjb250YWluZXIgTVVTVCBzdXBwb3J0IG11
bHRpcGxlIHNpZ25hdHVyZXMuPC9zcGFuPjwvZm9udD48L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9
Im1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsiIGNsYXNzPSIiPjxvOnAgY2xhc3M9IiI+PGZvbnQg
ZmFjZT0iQ2FsaWJyaSwgc2Fucy1zZXJpZiIgY2xhc3M9IiI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6
ZTogMTFwdDsiIGNsYXNzPSIiPjxiciBjbGFzcz0iIj4NCjwvc3Bhbj48L2ZvbnQ+PC9vOnA+PC9k
aXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IiBjbGFzcz0iIj48bzpw
IGNsYXNzPSIiPjxmb250IGZhY2U9IkNhbGlicmksIHNhbnMtc2VyaWYiIGNsYXNzPSIiPjxzcGFu
IHN0eWxlPSJmb250LXNpemU6IDExcHQ7IiBjbGFzcz0iIj5JbXBsZW1lbnRzIFNlY3VyaXR5IFJl
cXVpcmVtZW50IE1GU1I1LCBNRlVSNDwvc3Bhbj48L2ZvbnQ+PC9vOnA+PC9kaXY+DQo8ZGl2IHN0
eWxlPSJmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxMXB0OyBt
YXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IiBjbGFzcz0iIj4NCjxvOnAgY2xhc3M9IiI+Jm5ic3A7
PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJp
ZjsgZm9udC1zaXplOiAxMXB0OyBtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IiBjbGFzcz0iIj4N
Ck1hbmlmZXN0IEZpZWxkOiBEaXJlY3RpdmVzPG86cCBjbGFzcz0iIj48L286cD48L2Rpdj4NCjxk
aXYgc3R5bGU9ImZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDEx
cHQ7IG1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsiIGNsYXNzPSIiPg0KLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS08L2Rpdj4NCjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5OiBDYWxp
YnJpLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDExcHQ7IG1hcmdpbjogMGNtIDBjbSAwLjAwMDFw
dDsiIGNsYXNzPSIiPg0KQSBsaXN0IG9mIGluc3RydWN0aW9ucyB0aGF0IHRoZSBkZXZpY2Ugc2hv
dWxkIGV4ZWN1dGUsIGluIG9yZGVyLCB3aGVuIGluc3RhbGxpbmcgdGhlIHBheWxvYWQuPG86cCBj
bGFzcz0iIj48L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5OiBDYWxpYnJpLCBz
YW5zLXNlcmlmOyBmb250LXNpemU6IDExcHQ7IG1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsiIGNs
YXNzPSIiPg0KPG86cCBjbGFzcz0iIj4mbmJzcDs8L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9ImZv
bnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDExcHQ7IG1hcmdpbjog
MGNtIDBjbSAwLjAwMDFwdDsiIGNsYXNzPSIiPg0KSW1wbGVtZW50cyBVc2FiaWxpdHkgUmVxdWly
ZW1lbnQgTUZVUjE8bzpwIGNsYXNzPSIiPjwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0iZm9udC1m
YW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogMTFwdDsgbWFyZ2luOiAwY20g
MGNtIDAuMDAwMXB0OyIgY2xhc3M9IiI+DQo8bzpwIGNsYXNzPSIiPiZuYnNwOzwvbzpwPjwvZGl2
Pg0KPGRpdiBzdHlsZT0iZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IGZvbnQtc2l6
ZTogMTFwdDsgbWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyIgY2xhc3M9IiI+DQpNYW5pZmVzdCBG
aWVsZDogQWxpYXNlczxvOnAgY2xhc3M9IiI+PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJmb250
LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxMXB0OyBtYXJnaW46IDBj
bSAwY20gMC4wMDAxcHQ7IiBjbGFzcz0iIj4NCi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tPC9kaXY+DQo8ZGl2IHN0eWxlPSJmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJp
ZjsgZm9udC1zaXplOiAxMXB0OyBtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IiBjbGFzcz0iIj4N
CkEgbGlzdCBvZiBVUkkvRGlnZXN0IHBhaXJzLiBBIGRldmljZSBzaG91bGQgYnVpbGQgYW4gYWxp
YXMgdGFibGUgd2hpbGUgcGFyaW5nIGEgbWFuaWZlc3QgdHJlZSBhbmQgdHJlYXQgYW55IGFsaWFz
ZXMgYXMgdG9wLXJhbmtlZCBVUklzIGZvciB0aGUgY29ycmVzcG9uZGluZyBkaWdlc3QuPG86cCBj
bGFzcz0iIj48L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5OiBDYWxpYnJpLCBz
YW5zLXNlcmlmOyBmb250LXNpemU6IDExcHQ7IG1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsiIGNs
YXNzPSIiPg0KPG86cCBjbGFzcz0iIj4mbmJzcDs8L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9ImZv
bnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDExcHQ7IG1hcmdpbjog
MGNtIDBjbSAwLjAwMDFwdDsiIGNsYXNzPSIiPg0KSW1wbGVtZW50cyBVc2FiaWxpdHkgUmVxdWly
ZW1lbnQgTUZVUjI8bzpwIGNsYXNzPSIiPjwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0iZm9udC1m
YW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogMTFwdDsgbWFyZ2luOiAwY20g
MGNtIDAuMDAwMXB0OyIgY2xhc3M9IiI+DQo8bzpwIGNsYXNzPSIiPiZuYnNwOzwvbzpwPjwvZGl2
Pg0KPGRpdiBzdHlsZT0iZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IGZvbnQtc2l6
ZTogMTFwdDsgbWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyIgY2xhc3M9IiI+DQpNYW5pZmVzdCBG
aWVsZDogRGVwZW5kZW5jaWVzPG86cCBjbGFzcz0iIj48L286cD48L2Rpdj4NCjxkaXYgc3R5bGU9
ImZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5zLXNlcmlmOyBmb250LXNpemU6IDExcHQ7IG1hcmdp
bjogMGNtIDBjbSAwLjAwMDFwdDsiIGNsYXNzPSIiPg0KLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS08L2Rpdj4NCjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5OiBDYWxpYnJpLCBzYW5z
LXNlcmlmOyBmb250LXNpemU6IDExcHQ7IG1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsiIGNsYXNz
PSIiPg0KQSBsaXN0IG9mIFVSSS9EaWdlc3QgcGFpcnMgdGhhdCByZWZlciB0byBvdGhlciBtYW5p
ZmVzdHMgYnkgZGlnZXN0LiBUaGUgbWFuaWZlc3RzIHRoYXQgYXJlIGxpbmtlZCBpbiB0aGlzIHdh
eSBtdXN0IGJlIGFjcXVpcmVkIGFuZCBpbnN0YWxsZWQgc2ltdWx0YW5lb3VzbHkgaW4gb3JkZXIg
dG8gZm9ybSBhIGNvbXBsZXRlIHVwZGF0ZS48bzpwIGNsYXNzPSIiPjwvbzpwPjwvZGl2Pg0KPGRp
diBzdHlsZT0iZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogMTFw
dDsgbWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyIgY2xhc3M9IiI+DQo8bzpwIGNsYXNzPSIiPiZu
YnNwOzwvbzpwPjwvZGl2Pg0KPGRpdiBzdHlsZT0iZm9udC1mYW1pbHk6IENhbGlicmksIHNhbnMt
c2VyaWY7IGZvbnQtc2l6ZTogMTFwdDsgbWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyIgY2xhc3M9
IiI+DQpJbXBsZW1lbnRzIFVzYWJpbGl0eSBSZXF1aXJlbWVudCBNRlVSMzxvOnAgY2xhc3M9IiI+
PC9vOnA+PC9kaXY+DQo8ZGl2IHN0eWxlPSJmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJp
ZjsgZm9udC1zaXplOiAxMXB0OyBtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IiBjbGFzcz0iIj4N
CjxiciBjbGFzcz0iIj4NCjwvZGl2Pg0KPGRpdiBzdHlsZT0iZm9udC1mYW1pbHk6IENhbGlicmks
IHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogMTFwdDsgbWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyIg
Y2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4N
CjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCklNUE9SVEFOVCBOT1RJQ0U6IFRoZSBjb250ZW50cyBv
ZiB0aGlzIGVtYWlsIGFuZCBhbnkgYXR0YWNobWVudHMgYXJlIGNvbmZpZGVudGlhbCBhbmQgbWF5
IGFsc28gYmUgcHJpdmlsZWdlZC4gSWYgeW91IGFyZSBub3QgdGhlIGludGVuZGVkIHJlY2lwaWVu
dCwgcGxlYXNlIG5vdGlmeSB0aGUgc2VuZGVyIGltbWVkaWF0ZWx5IGFuZCBkbyBub3QgZGlzY2xv
c2UgdGhlIGNvbnRlbnRzIHRvIGFueSBvdGhlciBwZXJzb24sIHVzZSBpdCBmb3IgYW55IHB1cnBv
c2UsDQogb3Igc3RvcmUgb3IgY29weSB0aGUgaW5mb3JtYXRpb24gaW4gYW55IG1lZGl1bS4gVGhh
bmsgeW91Lg0KPC9ib2R5Pg0KPC9odG1sPg0K

--_000_52E902404041465096CC865E82935450armcom_--


From nobody Fri Nov 10 07:35:40 2017
Return-Path: <Brendan.Moran@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE0C5126CC4 for <suit@ietfa.amsl.com>; Fri, 10 Nov 2017 07:35:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Level: 
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zHVq063oyxJJ for <suit@ietfa.amsl.com>; Fri, 10 Nov 2017 07:35:36 -0800 (PST)
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-ve1eur01on0081.outbound.protection.outlook.com [104.47.1.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1CE92126C3D for <suit@ietf.org>; Fri, 10 Nov 2017 07:35:36 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=XgnYnCYQ8J1R6QT+LcvQpSbSqXz9UkXmsIpFick9Yes=; b=f1AlDCaJWhQCaXrL6bBeozaCw7nhZqZaBqhVdmyziAmNiZouGmsBDMuXifcVcINbg2JPXLxYGItTkyBsXKZLCokZ79Tupg+RMlRS6iT2jNbbl0vNaMU9ru7tm4c/JwhAtYrSWsFlVoMv+qFdsu5bZ4rqkrhob8ogvKLMTeCCKoI=
Received: from DB5PR08MB0615.eurprd08.prod.outlook.com (10.169.32.149) by DB5PR08MB0616.eurprd08.prod.outlook.com (10.169.32.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.218.12; Fri, 10 Nov 2017 15:35:33 +0000
Received: from DB5PR08MB0615.eurprd08.prod.outlook.com ([fe80::b123:af71:1ed2:1057]) by DB5PR08MB0615.eurprd08.prod.outlook.com ([fe80::b123:af71:1ed2:1057%14]) with mapi id 15.20.0218.011; Fri, 10 Nov 2017 15:35:33 +0000
From: Brendan Moran <Brendan.Moran@arm.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
CC: "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] Quantum resistance in firmware formats
Thread-Index: AQHTWjMbF/n5gxF7AUeqWeCW2Qgfi6MNvrGA
Date: Fri, 10 Nov 2017 15:35:33 +0000
Message-ID: <0C94DD02-3E70-41B2-B594-F500DD14E4C7@arm.com>
References: <21176.1510325360@obiwan.sandelman.ca>
In-Reply-To: <21176.1510325360@obiwan.sandelman.ca>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-mailer: Apple Mail (2.3273)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Brendan.Moran@arm.com; 
x-originating-ip: [217.140.96.140]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DB5PR08MB0616; 6:7VAgziAb67/W7YJIl2NNYlb7hZUGNGKpkmdS3gLtE64YBNodw0n5QR7KADOlh5irclfeBt2XpJLJtnut3vjGUz8ua1xT9rkdjZaisqpHhzssfZ9gkmkvIvybj12k3Qr0K1ttyUTJhZR4vB1uh6qV/TYz1do7k4NwEmF0PVzDyZ+tVc46DehM9Q0ByNjydOr3BSgSpyeYLV2zyBlyKZjfl4+UOBHxQRFqtu/ua512gT8qSIeSkWuV848qaJ6/U9eziLIi0CLcnU5etjA+cL54R8e2czebGP9vwUvFo9/UtaAl1puUprUhg4AhheIKMMckCLJd8H0q08sM9cZX8huGKIGZWx0/SWK4H/9eoW9Q2HA=; 5:QMeG7AGOZaSNg9hbAdyFpWbtZkuot4eLQLmiOlghjpSR2wz5xD//g4N/ZYU68c9MvuqFtYNTzb1mhYQA24fooMcWXP1HbHxr7TyMZtpLsLY7Vdoert6Ql+CxnBCbEYQFhRFEeoQY6EgycQFS1Cj7KB0NsnGd/GbDLWL25CE/1NI=; 24:Z+OUomuPc3L9Sl5A9o0t5nN1zDaFD2WWN8NaotZrnZ8GLR5ejYJatHa93hthqWelaRRWtBC3cyNI0ixFBxDdACIdZ7lkFGdGhW90nBkyEmw=; 7:sNH/7U4JR5+S5yK/XPSsOZwasAN/iOGP2YeJlXf0I29+B0BrsXQz0Y6HGJxV2L9brj920+zE5GhUXs0DvExaVdVmRgYkrUW+riMJCs4ZkEBBmR7kW06VYQiNeieW7UkwxJ22ZFmxzgYZevWL2UI+b0VByEsUhHArcADpGgHCrr+dVoplbHSiGnPYP64o9sMXHuxwbXQfEuT/YVjIdAdw/C7C68Xic2i+cphi1z2ccDT+fbWxeI3P57VSJBTbddsd
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: b43786b9-176e-482e-052d-08d52850aea1
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603258); SRVR:DB5PR08MB0616; 
x-ms-traffictypediagnostic: DB5PR08MB0616:
x-exchange-antispam-report-test: UriScan:;
x-microsoft-antispam-prvs: <DB5PR08MB06162569EB37BB917F93D0AFEA540@DB5PR08MB0616.eurprd08.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(100000703101)(100105400095)(93006095)(93001095)(3231021)(10201501046)(3002001)(6055026)(6041248)(20161123560025)(20161123564025)(20161123562025)(20161123558100)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123555025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:DB5PR08MB0616; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:DB5PR08MB0616; 
x-forefront-prvs: 0487C0DB7E
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(376002)(346002)(39860400002)(199003)(24454002)(189002)(40434004)(6116002)(14454004)(102836003)(3846002)(478600001)(53936002)(2950100002)(6246003)(86362001)(66066001)(97736004)(6512007)(6306002)(316002)(5660300001)(4326008)(57306001)(81166006)(36756003)(8676002)(2906002)(25786009)(81156014)(50226002)(8936002)(101416001)(33656002)(68736007)(106356001)(6486002)(76176999)(3280700002)(5890100001)(50986999)(229853002)(3660700001)(105586002)(2900100001)(83716003)(189998001)(53546010)(966005)(5250100002)(99286004)(6506006)(6436002)(72206003)(305945005)(7736002)(82746002); DIR:OUT; SFP:1101; SCL:1; SRVR:DB5PR08MB0616; H:DB5PR08MB0615.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords;  A:1; MX:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <BAE68D72DD76814BAD03AADC9AE79C4F@eurprd08.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b43786b9-176e-482e-052d-08d52850aea1
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Nov 2017 15:35:33.4294 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB5PR08MB0616
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/HvQYzWHhXU9eH9e3NxZR8k7P5-I>
Subject: Re: [Suit] Quantum resistance in firmware formats
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Nov 2017 15:35:39 -0000

VGhpcyBpcyB2ZXJ5IGludGVyZXN0aW5nLiBJIGRvbuKAmXQgdGhpbmsgdGhlcmXigJlzIGEgcHJv
YmxlbSBpbiB0ZXJtcyBvZiBtdWx0aXBsZSBzaWduYXR1cmVzIHNvIGZhci4NCg0KVGhlIHdheSB0
aGF0IEkgZW52aXNpb24gc2lnbmF0dXJlIHZlcmlmaWNhdGlvbiB3b3JraW5nIGlzIHRoYXQgdGhl
IGRldmljZSBtdXN0IHNpbXBseSBhY2NydWUgc3VmZmljaWVudCBwZXJtaXNzaW9ucyB0byBpbnN0
YWxsIGFuIHVwZGF0ZToNCiogRWFjaCBzaWduZXIgaGFzIGEgc2V0IG9mIHBlcm1pc3Npb25zIGZv
ciBlYWNoIGNvbXBvbmVudC9zdG9yYWdlSWQNCiogRWFjaCBjb21wb25lbnQgc3BlY2lmaWVzIHdo
aWNoIHBlcm1pc3Npb25zIGFyZSByZXF1aXJlZCB0byBpbnN0YWxsIHRvIHRoYXQgY29tcG9uZW50
L3N0b3JhZ2VJZA0KDQpUaGUgZGV2aWNlIHByb2NlZWRzLCB2ZXJpZnlpbmcgdGhlIHNpZ25hdHVy
ZXMgdGhhdCBpdCBjYW4sIGFnZ3JlZ2F0aW5nIHRoZSBwZXJtaXNzaW9ucyBvZiB2YWxpZCBzaWdu
YXR1cmVzLiBPbmNlIGl0IGhhcyBzdWZmaWNpZW50IHBlcm1pc3Npb25zIHRvIG1lZXQgdGhlIHBl
cm1pc3Npb24gcmVxdWlyZW1lbnRzIG9mIHRoZSB0YXJnZXQgY29tcG9uZW50L3N0b3JhZ2VJZC4N
Cg0KSWYgdGhhdCBpcyB0aGUgd2F5IHRoYXQgdGhlIHN1aXQgY2xpZW50IHdvcmtzIG9uIGEgZGV2
aWNlLCB0aGVuIHJlY2VpdmluZyBtdWx0aXBsZSBzaWduYXR1cmVzIHNob3VsZCBiZSByZWFzb25h
YmxlLg0KDQpUbyBrZWVwIHRoZSBib290IGxvYWRlciBzaW1wbGUsIHlvdSBjYW4gdGVybWluYXRl
IHRoZSB0cnVzdCByZWxhdGlvbnNoaXAgd2l0aCB0aGUgdXBkYXRlIGF1dGhvcml0eSBpbiB0aGUg
c3VpdCBjbGllbnQuIElmIHRoYXTigJlzIHRoZSBjYXNlLCB0aGVuIHRoZSBib290IGxvYWRlciBj
YW4gd29yayB3aXRoIE1BQyBpbnN0ZWFkLiBUaGlzIGRvZXMgbm90IHByb3ZpZGUgZm9yIGEgZnVs
bCBzZWN1cmUtYm9vdCBzdG9yeSwgYnV0IGl0IGRvZXMgcHJvdmlkZSBmb3IgdXBkYXRlZCBjcnlw
dG9ncmFwaGljIHByaW1pdGl2ZXMuDQoNCkJlc3QgUmVnYXJkcywNCkJyZW5kYW4gTW9yYW4NCg0K
DQo+IE9uIDEwIE5vdiAyMDE3LCBhdCAxNDo0OSwgTWljaGFlbCBSaWNoYXJkc29uIDxtY3IraWV0
ZkBzYW5kZWxtYW4uY2E+IHdyb3RlOg0KPg0KPg0KPiBUaGUgcHJvcG9zZWQgYXJjaGl0ZWN0dXJl
cyB0aGF0IHdlIGhhdmUgZWl0aGVyIGFzc3VtZSBhIHJlbGF0aXZlbHkgY2FwYWJsZQ0KPiBib290
bG9hZGVyLCBvciB0aGUgYWJpbGl0eSB0byBkb3VibGUgYnVmZmVyIGltYWdlcy4NCj4NCj4gT25l
IG9mIHRoZSBhZHZhbnRhZ2VzIG9mIHRoZSBkb3VibGUgYnVmZmVyaW5nIGlzIHRoYXQgdGhlIGZp
cm13YXJlIHVwZGF0ZQ0KPiBjb2RlIGl0c2VsZiBjYW4gZWFzaWx5IGJlIHVwZGF0ZWQuDQo+IFVw
ZGF0aW5nIGEgYm9vdGxvYWRlciBpbWFnZSBtYXkgYmUgc2lnbmlmaWNhbnRseSBtb3JlIHJpc2t5
LCBhbmQgc28gSSBpbWFnaW5lDQo+IHRoYXQgaXQgbWlnaHQgcmFyZWx5IG9yIG5ldmVyIG9jY3Vy
IGluIGEgZGV2aWNlJ3MgbGlmZXRpbWUuDQo+DQo+IFNvIG15IHF1ZXN0aW9uIGlzOiBob3cgbXVj
aCBjb25jZXJuIHNob3VsZCB3ZSBwdXQgaW50byBxdWFudHVtIHJlc2lzdGFudA0KPiBzaWduYXR1
cmUgYWxnb3JpdGhtcz8gIElzIGl0IHdvcnRoIHRoZSByaXNrIG9mIGJlaW5nIG9uIHRoZSBibGVl
ZGluZyBlZGdlDQo+IGhlcmUgd2l0aCB0aGUgaG9wZSBvZiB3aW5uaW5nPyAgU2hvdWxkIHdlIHBl
cmhhcHMgcGxhbiBvbiBvdXIgbWFuaWZlc3RzIChhbmQNCj4gaW1hZ2VzKSBiZWluZyBzaWduZWQg
bW9yZSB0aGFuIG9uY2UgYnkgdGhlIHNhbWUgZW50aXR5IHVzaW5nIGRpZmZlcmVudA0KPiBhbGdv
cml0aG1zPw0KPg0KPg0KPiAtLQ0KPiBNaWNoYWVsIFJpY2hhcmRzb24gPG1jcitJRVRGQHNhbmRl
bG1hbi5jYT4sIFNhbmRlbG1hbiBTb2Z0d2FyZSBXb3Jrcw0KPiAtPSBJUHY2IElvVCBjb25zdWx0
aW5nID0tDQo+DQo+DQo+DQo+IF9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fDQo+IFN1aXQgbWFpbGluZyBsaXN0DQo+IFN1aXRAaWV0Zi5vcmcNCj4gaHR0cHM6
Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9zdWl0DQoNCklNUE9SVEFOVCBOT1RJQ0U6
IFRoZSBjb250ZW50cyBvZiB0aGlzIGVtYWlsIGFuZCBhbnkgYXR0YWNobWVudHMgYXJlIGNvbmZp
ZGVudGlhbCBhbmQgbWF5IGFsc28gYmUgcHJpdmlsZWdlZC4gSWYgeW91IGFyZSBub3QgdGhlIGlu
dGVuZGVkIHJlY2lwaWVudCwgcGxlYXNlIG5vdGlmeSB0aGUgc2VuZGVyIGltbWVkaWF0ZWx5IGFu
ZCBkbyBub3QgZGlzY2xvc2UgdGhlIGNvbnRlbnRzIHRvIGFueSBvdGhlciBwZXJzb24sIHVzZSBp
dCBmb3IgYW55IHB1cnBvc2UsIG9yIHN0b3JlIG9yIGNvcHkgdGhlIGluZm9ybWF0aW9uIGluIGFu
eSBtZWRpdW0uIFRoYW5rIHlvdS4NCg==


From nobody Fri Nov 10 07:38:55 2017
Return-Path: <henk.birkholz@sit.fraunhofer.de>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2BFE5126FDC for <suit@ietfa.amsl.com>; Fri, 10 Nov 2017 07:38:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.89
X-Spam-Level: 
X-Spam-Status: No, score=-6.89 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H5RepZl78wqC for <suit@ietfa.amsl.com>; Fri, 10 Nov 2017 07:38:45 -0800 (PST)
Received: from iron01.fraunhofer.de (iron01.fraunhofer.de [153.96.1.54]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CC7A8126C3D for <suit@ietf.org>; Fri, 10 Nov 2017 07:38:43 -0800 (PST)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A2EZAQDh299Z/xoHYZlUAQkZAQEBAQEBAQEBAQEHAQEBAQGCb0AuZG4nB4NzmVGBdnmVRIFBQwojgV6DOgKEP1cBAgEBAQEBAgNoKIJmBEYhBQExAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQcCDUMCGQEFGgEIRAUEBAIDEAsYFQsBCQICVwYBDQMCih0FAQurYoInizwBAQEBAQEBAQEBAQEBAQEBAQEBAQEYBYMpBIE1MSGBUW58K4FxWTWEQBIBBwEJAgEIAhQsE4JUL4IyBYdHgk+HMIEQjm6BCIEmhTCDYoNhh10bhVmDVYcziiGLHQIEBgUCGQGBOViBAwtTJl0SAYUEAxyBdDcyAYkTASUHgQUBgRABAQE
X-IPAS-Result: A2EZAQDh299Z/xoHYZlUAQkZAQEBAQEBAQEBAQEHAQEBAQGCb0AuZG4nB4NzmVGBdnmVRIFBQwojgV6DOgKEP1cBAgEBAQEBAgNoKIJmBEYhBQExAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQcCDUMCGQEFGgEIRAUEBAIDEAsYFQsBCQICVwYBDQMCih0FAQurYoInizwBAQEBAQEBAQEBAQEBAQEBAQEBAQEYBYMpBIE1MSGBUW58K4FxWTWEQBIBBwEJAgEIAhQsE4JUL4IyBYdHgk+HMIEQjm6BCIEmhTCDYoNhh10bhVmDVYcziiGLHQIEBgUCGQGBOViBAwtTJl0SAYUEAxyBdDcyAYkTASUHgQUBgRABAQE
X-IronPort-AV: E=Sophos;i="5.43,368,1503352800";  d="scan'208,217";a="100132877"
Received: from mail-mtas26.fraunhofer.de ([153.97.7.26]) by iron01.fraunhofer.de with ESMTP/TLS/DHE-RSA-AES256-SHA; 10 Nov 2017 16:38:38 +0100
X-IronPort-AV: E=Sophos;i="5.44,374,1505772000"; d="scan'208,217";a="1703011"
Received: from mailext.sit.fraunhofer.de ([141.12.72.89]) by mail-mtaS26.fraunhofer.de with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 10 Nov 2017 16:38:37 +0100
Received: from mail.sit.fraunhofer.de (mail.sit.fraunhofer.de [141.12.84.171]) by mailext.sit.fraunhofer.de (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id vAAFcaDL022472 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Nov 2017 16:38:37 +0100
Received: from dhcp-98f7.meeting.ietf.org (31.133.152.247) by mail.sit.fraunhofer.de (141.12.84.171) with Microsoft SMTP Server (TLS) id 14.3.361.1; Fri, 10 Nov 2017 16:38:30 +0100
Date: Fri, 10 Nov 2017 23:38:23 +0800
User-Agent: K-9 Mail for Android
In-Reply-To: <52E90240-4041-4650-96CC-865E82935450@arm.com>
References: <52E90240-4041-4650-96CC-865E82935450@arm.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----XOP3XW6MU6GYAXVJJOVY9V8LRH2L9D"
Content-Transfer-Encoding: 7bit
To: <suit@ietf.org>, Brendan Moran <Brendan.Moran@arm.com>
CC: Hannes Tschofenig <hannes.tschofenig@gmx.net>
From: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
Message-ID: <8A6AFD99-24A3-44E5-9D2B-313DB52D1BBC@sit.fraunhofer.de>
X-Originating-IP: [31.133.152.247]
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/E5BaYauBl2G_aqpJnWXiAzyiL0U>
Subject: Re: [Suit] Threat Model and User Stories for draft-moran-suit-manifest-00
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Nov 2017 15:38:53 -0000

------XOP3XW6MU6GYAXVJJOVY9V8LRH2L9D
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

+1 to STRIDE in respect to achievable threat models=2E Please consider that=
 additional use cases e=2Eg from Richard & Caraten might have to be taken i=
nto account, resulting in merged or added use cases (or usage scenarios, so=
me of the use cases look more like those)=2E

In any case, your approach is commendable and should be applied more rigor=
ously in many cases, I think=2E

Alas, it is a very resource consuming  process, but I will try my best to =
provide comments and feedback after =2Esg, because your approach deserves b=
oth attention and support=2E

Thank you for taking on the effort, Brendon=2E You are addressing an impor=
tant prerequisite=2E

Hochachtungsvoll,

Henk

On November 10, 2017 11:27:09 PM GMT+08:00, Brendan Moran <Brendan=2EMoran=
@arm=2Ecom> wrote:
>The manifest format as described in draft-moran-suit-manifest-00 was
>designed using a threat model and a set of User stories=2E From the
>threat model, we extracted security requirements that mitigate the
>threats and placed fields in the manifest that enable implementation of
>the security requirements=2E From the user stories, we extracted
>usability requirements that enable those user stories, and placed
>fields in the manifest that implement those usability requirements=2E
>
>Note that not all user stories are covered here=2E This is intentional,
>since there are a great many possible user stories, only sufficient
>user stories to cover the fields in the Manifest have been included=2E
>
>Best Regards,
>Brendan Moran
>
>Threat Model
>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>I will describe the threats we have considered, the security
>requirements that are derived from those threats and the fields that
>permit implementation of the security requirements=2E I will address the
>threats in the order that the relevant fields appear=2E
>
>This model uses the S=2ET=2ER=2EI=2ED=2EE=2E approach=2E Each threat is c=
lassified
>according to:
>* Spoofing Identity
>* Tampering with data
>* Repudiation
>* Information disclosure
>* Denial of service
>* Elevation of privilege
>See here for more information on The STRIDE Threat Model:
>https://msdn=2Emicrosoft=2Ecom/en-us/library/ee823878(v=3Dcs=2E20)=2Easpx
>
>N=2EB=2E In firmware update, it is common for an attack to expose all
>classes of threat=2E
>
>Threat Descriptions
>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>
>Threat MFT1: Old Firmware
>-----------------------------------
>Classification: Escalation of Privilege
>
>An attacker sends an old, but valid manifest to a device with an old,
>but valid payload=2E If there is a known vulnerability in the payload,
>this can allow an attacker to gain complete control of a device=2E
>
>Threat Escalation: If the attacker is able to exploit the known
>vulnerability, then this threat can be escalated to ALL TYPES
>
>Threat MFT2: Mismatched Firmware
>-----------------------------------
>Classification: Denial of Service
>
>An attacker sends valid firmware, for the wrong type of device, signed
>by an actor with firmware installation authority on both types of
>device=2E The firmware is trusted by the device because it is signed by
>an actor with firmware installation authority=2E This could have
>wide-ranging consequences=2E For devices that are similar, it could cause
>minor breakage, or expose security vulnerabilities=2E For devices that
>are very different, it is likely to render devices inoperable=2E
>
>Threat MFT3: Offline device + Old Firmware
>-----------------------------------
>Classification: Escalation of Privilege
>
>An attacker targets a device that has been offline for a long time and
>runs an old firmware version=2E The attacker sends an old, but valid
>manifest to a device with an old, but valid payload=2E The
>attacker-provided firmware is newer than the installed one but older
>than the most recently available firmware=2E If there is a known
>vulnerability in the payload, this can allow an attacker to gain
>complete control of a device=2E Because the device has been offline for a
>long time, it is unaware of any new updates=2E As such it will treat the
>old manifest as the most current=2E
>
>Threat Escalation: If the attacker is able to exploit the known
>vulnerability, then this threat can be escalated to ALL TYPES
>
>Threat MFT4: The target device misinterprets the type of payload=2E
>-----------------------------------
>Classification: Denial of Service
>
>If a device misinterprets the payload type, it may cause a device to
>install a payload incorrectly=2E An incorrectly installed payload would
>likely cause the device to stop functioning=2E
>
>Threat Escalation: An attacker that can cause a device to misinterpret
>the received code and could gain an Escalation of Privilege and
>potentially expand this to all types of threat=2E
>
>Threat MFT5: The target device installs the payload to the wrong
>location
>-----------------------------------
>Classification: Denial of Service
>
>If a device installs code or data to the wrong part of the device, then
>it is likely to break=2E A firmware installed as configuration or a
>network stack installed as an application could cause a device to stop
>functioning=2E
>
>Threat Escalation: An attacker that can cause a device to misinterpret
>the received code and could gain an Escalation of Privilege and
>potentially expand this to all types of threat=2E
>
>Threat MFT6: Redirection
>-----------------------------------
>Classification: Denial of Service
>
>If a device does not know where to obtain the payload for an update, it
>may be redirected to an attacker=E2=80=99s server=2E This would allow an =
attacker
>to provide broken payloads to devices without needing to construct a
>Man in the Middle=2E
>
>Threat MFT7: Payload Verification on Boot
>-----------------------------------
>Classification: All Types
>
>An attacker replaces a newly downloaded firmware after a device
>finishes verifying a manifest=2E This could cause the device to execute
>the attacker=E2=80=99s code=2E This attack likely requires physical acces=
s to the
>device, however it is possible that it could be carried out when
>combined with another threat that allows remote execution=2E
>
>Threat MFT8: Unauthenticated Updates
>-----------------------------------
>Classification: All Types
>
>If an attacker can install their firmware on a device, by manipulating
>either payload or metadata, then they have complete control of the
>device=2E
>
>Threat MFT9: Unexpected Precursor images
>-----------------------------------
>Classification: Denial of Service
>
>An attacker sends a valid, current manifest to a device that has an
>unexpected precursor image=2E If a payload format requires a precursor
>image (for example, delta updates) and that precursor image is not
>available on the target device, it could cause the update to break=2E
>
>Threat Escalation: An attacker that can cause a device to install a
>payload against the wrong precursor image could gain an Escalation of
>Privilege and potentially expand this to all types of threat=2E
>
>
>Security Requirements
>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>The security requirements here are a set of policies that mitigate the
>threats described in the previous section
>
>Security Requirement MFSR1: monotonic sequence numbers
>-----------------------------------
>Only an actor with firmware installation authority is permitted to
>decide when device firmware can be installed=2E To enforce this rule,
>Manifests MUST contain a monotonic sequence number=2E Manifests MAY use
>UTC epoch timestamps to coordinate monotonic sequence numbers across
>many actors in many locations=2E Devices MUST reject manifests with
>sequence numbers smaller than any onboard sequence number=2E
>
>N=2EB=2E This is not a firmware version=2E It is a manifest sequence numb=
er=2E
>A firmware version may be rolled back by creating a new manifest for
>the old firmware version with a later sequence number=2E
>
>Mitigates: Threat MFT1
>
>Security Requirement MFSR2: Vendor, device-type identifiers
>-----------------------------------
>Devices MUST only apply firmware that is intended for them=2E Devices
>MUST know with fine granularity that a given update applies to their
>vendor, model, hardware revision, software revision=2E Human-readable
>identifiers are often error-prone in this regard, so Unique-IDs SHOULD
>be used=2E
>
>Mitigates: Threat MFT2
>
>Security Requirement MFSR3: Best-Before timestamps
>-----------------------------------
>Firmware MAY expire after a given time=2E Devices MAY provide a secure
>clock (local or remote)=2E If a secure clock is provided and the Firmware
>Manifest has a best-before timestamp, the device MUST reject the
>manifest if current time is larger than the best-before time=2E
>
>Mitigates: Threat MFT3
>
>Security Requirement MFSR4: Signed Payload Descriptor
>-----------------------------------
>All descriptive information about the payload MUST be signed=2E This MUST
>include:
>* The location to store the payload
>* The payload digest, in each state of installation (encrypted,
>plaintext, installed, etc=2E)
>* The payload size
>* The payload format
>* Where to obtain the payload
>* All instructions or parameters for applying the payload
>* Any rules that identify whether or not the payload can be used on
>this device
>
>Mitigates: Threats MFT5, MFT6, MFT7, MFT9
>
>Security Requirement MFSR5: Provable authenticity
>-----------------------------------
>The authenticity of an update must be provable, with sufficient levels
>of entropy to remain secure for the lifetime of the device=2E Typically,
>this means that updates must be signed=2E Other proof mechanisms are
>acceptable, such as MACs, or Authenticated Encryption, or AEAD
>algorithms=2E Because the manifest contains information about how to
>install the update, the manifest's authenticity must be provable=2E To
>reduce the overhead required for validation, the manifest contains the
>digest of the payload, rather than another signature=2E This does not
>change the provability of the payload=2E The authenticity of the manifest
>is provable with a signature, the authenticity of the payload digest is
>provable with the manifest, and the authenticity of the payload is
>provable with the payload digest=2E
>
>Mitigates: Threat MFT8
>
>User Stories
>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>User stories provide expected use-cases=2E These are used to feed into
>usability requirements=2E
>
>Use Case MFUC1: Installation Instructions
>-----------------------------------
>As an OEM for IoT devices, I want to provide my devices with additional
>installation instructions so that I can keep process detail out of my
>payload data=2E
>
>Some installation instructions might be:
>* Specify a package handler
>* Use a table of hashes to ensure that each block of the payload is
>validate before writing=2E
>* Run post-processing script after the update is installed
>* Do not report progress
>* Pre-cache the update, but do not install
>* Install the pre-cached update matching this manifest
>* Install this update immediately, overriding any long-running tasks=2E
>
>
>Use Case MFUC2: Operator Infrastructure
>-----------------------------------
>As an Operator of IoT devices, I would like to tell my devices to look
>at my own infrastructure for payloads so that I can manage the traffic
>generated by firmware updates on my network and my peers=E2=80=99 network=
s=2E
>
>Use Case MFUC3: Modular Update
>-----------------------------------
>As an OEM of IoT devices, I want to divide my firmware into frequently
>updated and infrequently updated components, so that I can reduce the
>size of updates and make different parties responsible for different
>components=2E
>
>Use Case MFUC4: Multiple Authorisations
>-----------------------------------
>As an Operator, I want to ensure the quality of a firmware update
>before installing it, so that I can ensure a high standard of
>reliability on my network=2E The OEM may restrict my ability to create
>firmware, so I cannot be the only authority on the device=2E
>
>Use Case MFUC5: Multiple Payload Formats
>-----------------------------------
>As a OEM or Operator of devices, I want to be able to send multiple
>payload formats to suit the needs of my update, so that I can optimise
>the bandwidth used by my devices=2E
>
>
>Usability Requirements
>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>The following usability requirements satisfy the user stories listed
>above=2E
>
>Usability Requirement MFUR1:
>It must be possible to write additional installation instructions into
>the manifest=2E
>
>Satisfies Use-Case MFUC1
>
>Usability Requirement MFUR2:
>-----------------------------------
>It must be possible to redirect payload fetches=2E This applies where two
>manifests are used in conjunction=2E For example, an OEM manifest
>specifies a payload and signs it, and provides a URI for that payload=2E
>An Operator creates a second manifest, with a dependency on the first=2E
>They use this second manifest to override the URIs provided by the OEM,
>directing them into their own infrastructure instead=2E
>
>Satisfies Use-Case MFUC2
>
>Usability Requirement MFUR3:
>-----------------------------------
>It MUST be possible to link multiple manifests together so that a
>multi-component update can be described=2E This allows multiple parties
>with different permissions to collaborate in creating a single update
>for the IoT device, across multiple components=2E
>
>Satisfies Use-Case MFUC2, MFUC3
>
>Usability Requirement MFUR4:
>-----------------------------------
>It MUST be possible to sign a manifest multiple times so that
>signatures from multiple parties with different permissions can be
>required in order to authorise installation of a manifest=2E
>
>Satisfies Use-Case MFUC4
>
>Usability Requirement MFUR5:
>-----------------------------------
>The manifest format MUST accommodate any payload format that an
>operator or OEM wishes to use=2E Some examples of payload format would
>be:
>* Binary
>* Elf
>* Differential
>* Compressed
>* Packed configuration
>
>Satisfies Use-Case MFUC5
>
>
>Manifest Fields:
>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>Each manifest field is anchored in a security requirement or a
>usability requirement=2E The manifest fields are described below and
>justified by their requirements=2E
>
>Manifest Field: Timestamp
>-----------------------------------
>A monotonic sequence number, implemented as an integer Timestamp=2E
>
>Implements: Security Requirement MFSR1=2E
>
>Manifest Field: Vendor ID condition
>-----------------------------------
>Vendor IDs MUST be unique=2E This is to prevent similarly, or identically
>named entities from different geographic regions from colliding in
>their customer=E2=80=99s infrastructure=2E Recommended practice is to use=
 type 5
>UUIDs with the vendor=E2=80=99s domain name and the UUID DNS prefix=2E Ot=
her
>options include type 1 and type 4 UUIDs=2E
>
>Implements: Security Requirement MFSR2, MFSR4=2E
>
>Manifest Field: Class ID condition
>-----------------------------------
>Class Identifiers MUST be unique within a Vendor ID=2E This is to prevent
>similarly, or identically named devices colliding in their customer=E2=80=
=99s
>infrastructure=2E Recommended practice is to use type 5 UUIDs with the
>model, hardware revision, etc=2E and use the Vendor ID as the UUID
>prefix=2E Other options include type 1 and type 4 UUIDs=2E A device =E2=
=80=9CClass=E2=80=9D
>is defined as any device that can run the same firmware without
>modification=2E Classes MAY be implemented in a more granular way=2E
>Classes MUST NOT be implemented in a less granular way=2E Class ID can
>encompass model name, hardware revision, software revision=2E Devices MAY
>have multiple Class IDs=2E
>
>Implements: Security Requirement MFSR2, MFSR4=2E
>
>Manifest Field: Precursor Image Digest Condition
>-----------------------------------
>When a precursor image is required by the payload format, a precursor
>image digest condition MUST be present in the conditions list=2E
>
>Implements: Security Requirement MFSR4
>
>Manifest Field: Best-Before timestamp
>-----------------------------------
>This field tells a device the last application time=2E This is only
>usable in conjunction with a secure clock=2E
>
>Implements Security Requirement MFSR3
>
>Manifest Field: Payload Format
>-----------------------------------
>The format of the payload must be indicated to devices is in an
>unambiguous way=2E This field provides a mechanism to describe the
>payload format, within the signed metadata=2E
>
>Implements Security Requirement MFSR4, Usability Requirement MFUR5
>
>Manifest Field: Storage Location
>-----------------------------------
>This field tells the device which component is being updated=2E The
>device can use this to establish which permissions are necessary and
>the physical location to use=2E
>
>Implements Security Requirement MFSR4
>
>Manifest Field: URIs
>-----------------------------------
>This field is a list of weighted URIs that the device uses to select
>where to obtain a payload=2E
>
>Implements Security Requirement MFSR4
>
>Manifest Field: digests
>-----------------------------------
>This field is a map of digests, each for a separate stage of
>installation=2E This allows the target device to ensure authenticity of
>the payload at every step of installation=2E
>
>Implements Security Requirement MFSR4
>
>Manifest Field: Size
>-----------------------------------
>The size of the payload in bytes=2E
>
>Implements Security Requirement MFSR4
>
>Manifest Field: Signature
>-----------------------------------
>This is not strictly a manifest field=2E Instead, the manifest is wrapped
>by a standardised signature container, such as a COSE or CMS signature
>object=2E The signature container MUST support multiple signatures=2E
>
>Implements Security Requirement MFSR5, MFUR4
>
>Manifest Field: Directives
>-----------------------------------
>A list of instructions that the device should execute, in order, when
>installing the payload=2E
>
>Implements Usability Requirement MFUR1
>
>Manifest Field: Aliases
>-----------------------------------
>A list of URI/Digest pairs=2E A device should build an alias table while
>paring a manifest tree and treat any aliases as top-ranked URIs for the
>corresponding digest=2E
>
>Implements Usability Requirement MFUR2
>
>Manifest Field: Dependencies
>-----------------------------------
>A list of URI/Digest pairs that refer to other manifests by digest=2E The
>manifests that are linked in this way must be acquired and installed
>simultaneously in order to form a complete update=2E
>
>Implements Usability Requirement MFUR3
>
>
>IMPORTANT NOTICE: The contents of this email and any attachments are
>confidential and may also be privileged=2E If you are not the intended
>recipient, please notify the sender immediately and do not disclose the
>contents to any other person, use it for any purpose, or store or copy
>the information in any medium=2E Thank you=2E

--=20
Sent from my Android device with K-9 Mail=2E Please excuse my brevity=2E
------XOP3XW6MU6GYAXVJJOVY9V8LRH2L9D
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

<html><head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dutf-8" /=
>

</head><body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -we=
bkit-line-break: after-white-space;" class=3D"">+1 to STRIDE in respect to =
achievable threat models=2E Please consider that additional use cases e=2Eg=
 from Richard &amp; Caraten might have to be taken into account, resulting =
in merged or added use cases (or usage scenarios, some of the use cases loo=
k more like those)=2E<br>
<br>
In any case, your approach is commendable and should be applied more rigor=
ously in many cases, I think=2E<br>
<br>
Alas, it is a very resource consuming  process, but I will try my best to =
provide comments and feedback after =2Esg, because your approach deserves b=
oth attention and support=2E<br>
<br>
Thank you for taking on the effort, Brendon=2E You are addressing an impor=
tant prerequisite=2E<br>
<br>
Hochachtungsvoll,<br>
<br>
Henk<br><br><div class=3D"gmail_quote">On November 10, 2017 11:27:09 PM GM=
T+08:00, Brendan Moran &lt;Brendan=2EMoran@arm=2Ecom&gt; wrote:<blockquote =
class=3D"gmail_quote" style=3D"margin: 0pt 0pt 0pt 0=2E8ex; border-left: 1p=
x solid rgb(204, 204, 204); padding-left: 1ex;">

<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
The manifest format as described in draft-moran-suit-manifest-00 was desig=
ned using a threat model and a set of User stories=2E From the threat model=
, we extracted security requirements that mitigate the threats and placed f=
ields in the manifest that enable implementation
 of the security requirements=2E From the&nbsp;user stories, we extracted =
usability requirements that enable those user stories, and placed fields in=
 the manifest that implement those usability requirements=2E<p class=3D""><=
/p></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
<br class=3D"" />
</div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
Note that not all user stories are covered here=2E This is intentional, si=
nce there are a great many possible user stories, only sufficient user stor=
ies to cover the fields in the Manifest have been included=2E</div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
<br class=3D"" />
</div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
Best Regards,</div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
Brendan Moran</div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
<p class=3D"">&nbsp;</p></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
Threat Model<p class=3D""></p></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</div=
>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
<span style=3D"font-size: 11pt;" class=3D"">I will describe the threats we=
 have considered, the security requirements that are derived from those thr=
eats and the fields that permit implementation of the security requirements=
=2E I will address the threats in the order
 that the relevant fields appear=2E</span></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
<p class=3D""></p></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
<p class=3D"">&nbsp;</p></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
This model uses the S=2ET=2ER=2EI=2ED=2EE=2E approach=2E Each threat is cl=
assified according to:<p class=3D""></p></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
* Spoofing Identity<p class=3D""></p></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
* Tampering with data<p class=3D""></p></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
* Repudiation<p class=3D""></p></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
* Information disclosure<p class=3D""></p></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
* Denial of service<p class=3D""></p></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
* Elevation of privilege<p class=3D""></p></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
See here for more information on The STRIDE Threat Model:&nbsp;<a href=3D"=
https://msdn=2Emicrosoft=2Ecom/en-us/library/ee823878(v=3Dcs=2E20)=2Easpx" =
style=3D"color: purple;" class=3D""><span style=3D"color: windowtext; text-=
decoration: none;" class=3D"">https://msdn=2Emicrosoft=2Ecom/en-us/library/=
ee823878(v=3Dcs=2E20)=2Easpx</span></a><p class=3D""></p></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
<p class=3D"">&nbsp;</p></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
N=2EB=2E In firmware update, it is common for an attack to expose all clas=
ses of threat=2E<p class=3D""></p></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
<p class=3D"">&nbsp;</p></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
<p class=3D"">Threat Descriptions</p></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</div=
>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
<span style=3D"font-size: 11pt;" class=3D"">&nbsp;</span></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
Threat MFT1: Old Firmware<p class=3D""></p></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
-----------------------------------</div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
Classification: Escalation of Privilege<p class=3D""></p></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
<p class=3D"">&nbsp;</p></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
An attacker sends an old, but valid manifest to a device with an old, but =
valid payload=2E If there is a known vulnerability in the payload, this can=
 allow an attacker to gain complete control of a device=2E<p class=3D""></p=
></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
<p class=3D"">&nbsp;</p></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
Threat Escalation: If the attacker is able to exploit the known vulnerabil=
ity, then this threat can be escalated to ALL TYPES<p class=3D""></p></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
<p class=3D"">&nbsp;</p></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
Threat MFT2: Mismatched Firmware<p class=3D""></p></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
-----------------------------------</div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
Classification: Denial of Service<p class=3D""></p></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
<p class=3D"">&nbsp;</p></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
An attacker sends valid firmware, for the wrong type of device, signed by =
an actor with firmware installation authority on both types of device=2E Th=
e firmware is trusted by the device because it is signed by an actor with f=
irmware installation authority=2E This
 could have wide-ranging consequences=2E For devices that are similar, it =
could cause minor breakage, or expose security vulnerabilities=2E For devic=
es that are very different, it is likely to render devices inoperable=2E<p =
class=3D""></p></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
<p class=3D"">&nbsp;</p></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
Threat MFT3: Offline device + Old Firmware<p class=3D""></p></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
-----------------------------------</div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
Classification: Escalation of Privilege</div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
<br class=3D"" />
</div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt;" class=3D""><font face=3D"Calibr=
i, sans-serif" class=3D""><span style=3D"font-size: 14=2E666666984558105px;=
" class=3D"">An attacker targets a device that has been offline for a long =
time and runs an old firmware version=2E The attacker
 sends an old, but valid manifest to a device with an old, but&nbsp;valid =
payload=2E The attacker-provided firmware is newer than the installed one b=
ut older than the most recently available firmware=2E If there is a known v=
ulnerability in the&nbsp;payload, this can allow
 an attacker to gain complete control of a device=2E Because the device ha=
s been offline for a long time, it is unaware of any new updates=2E As such=
 it will&nbsp;treat the old manifest as the most current=2E</span></font></=
div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt;" class=3D""><font face=3D"Calibr=
i, sans-serif" class=3D""><span style=3D"font-size: 14=2E666666984558105px;=
" class=3D""><br class=3D"" />
</span></font></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt;" class=3D"">
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
Threat Escalation: If the attacker is able to exploit the known vulnerabil=
ity, then this threat can be escalated to ALL TYPES<p class=3D""></p></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
<p class=3D"">&nbsp;</p></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
Threat MFT4: The target device misinterprets the type of payload=2E<p clas=
s=3D""></p></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
-----------------------------------</div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
Classification: Denial of Service<p class=3D""></p></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
<p class=3D"">&nbsp;</p></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
If a device misinterprets the payload type, it may cause a device to insta=
ll a payload incorrectly=2E An incorrectly installed payload would likely c=
ause the device to stop functioning=2E<p class=3D""></p></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
<br class=3D"" />
</div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt;" class=3D""><font face=3D"Calibr=
i, sans-serif" class=3D""><span style=3D"font-size: 14=2E666666984558105px;=
" class=3D"">Threat Escalation: An attacker that can cause a device to misi=
nterpret the received code and could gain an Escalation
 of Privilege and potentially expand this to all types of&nbsp;threat=2E</=
span></font></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt;" class=3D""><font face=3D"Calibr=
i, sans-serif" class=3D""><span style=3D"font-size: 14=2E666666984558105px;=
" class=3D""><br class=3D"" />
</span></font></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt;" class=3D"">
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
Threat MFT5: The target device installs the payload to the wrong location<=
p class=3D""></p></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
-----------------------------------</div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
Classification: Denial of Service<p class=3D""></p></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
<p class=3D"">&nbsp;</p></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
If a device installs code or data to the wrong part of the device, then it=
 is likely to break=2E A firmware installed as configuration or a network s=
tack installed as an application could cause a device to stop functioning=
=2E</div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
<br class=3D"" />
</div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt;" class=3D""><font face=3D"Calibr=
i, sans-serif" class=3D""><span style=3D"font-size: 14=2E666666984558105px;=
" class=3D"">Threat Escalation: An attacker that can cause a device to misi=
nterpret the received code and could gain an Escalation
 of Privilege and potentially expand this to all types of&nbsp;threat=2E</=
span></font></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt;" class=3D""><font face=3D"Calibr=
i, sans-serif" class=3D""><span style=3D"font-size: 14=2E666666984558105px;=
" class=3D""><br class=3D"" />
</span></font></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt;" class=3D"">
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
Threat MFT6: Redirection<p class=3D""></p></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt;" class=3D"">---=
--------------------------------</div>
<div class=3D""><span style=3D"font-size: 11pt;" class=3D"">Classification=
: Denial of Service</span></div>
</div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
<p class=3D""></p></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
<p class=3D"">&nbsp;</p></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
If a device does not know where to obtain the payload for an update, it ma=
y be redirected to an attacker&rsquo;s server=2E This would allow an attack=
er to provide broken payloads to devices without needing to construct a Man=
 in the Middle=2E<p class=3D""></p></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
<p class=3D"">&nbsp;</p></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
Threat MFT7: Payload Verification on Boot<p class=3D""></p></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
-----------------------------------</div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
Classification: All Types<p class=3D""></p></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
<p class=3D"">&nbsp;</p></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
An attacker replaces a newly downloaded firmware after a device finishes v=
erifying a manifest=2E This could cause the device to execute the attacker&=
rsquo;s code=2E This attack likely requires physical access to the device, =
however it is possible that it could be carried
 out when combined with another threat that allows remote execution=2E</di=
v>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
<br class=3D"" />
</div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
Threat MFT8: Unauthenticated Updates</div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt;" class=3D"">
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
-----------------------------------</div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<span style=3D"font-size: 11pt;" class=3D"">Classification: All Types</spa=
n></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<br class=3D"" />
</div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
If an attacker can install their firmware on a device, by manipulating eit=
her payload or metadata, then they have complete control of the device=2E</=
div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<br class=3D"" />
</div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
Threat MFT9: Unexpected Precursor images</div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt;" class=3D"">
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
-----------------------------------</div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<span style=3D"font-size: 11pt;" class=3D"">Classification:&nbsp;</span><s=
pan style=3D"font-size: 11pt;" class=3D"">Denial of Service</span></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<span style=3D"font-size: 11pt;" class=3D""><br class=3D"" />
</span></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt;" class=3D""><font face=3D"Calibr=
i, sans-serif" class=3D""><span style=3D"font-size: 11pt;" class=3D"">An at=
tacker sends a valid, current manifest to a device that has an unexpected p=
recursor image=2E If a payload format requires a
 precursor image (for example, delta updates) and that precursor image is =
not available on the target device, it could&nbsp;</span><span style=3D"fon=
t-size: 14=2E666666984558105px;" class=3D"">cause</span><span style=3D"font=
-size: 11pt;" class=3D"">&nbsp;the update to break=2E</span></font></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt;" class=3D""><font face=3D"Calibr=
i, sans-serif" class=3D""><span style=3D"font-size: 11pt;" class=3D""><br c=
lass=3D"" />
</span></font></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt;" class=3D""><span style=3D"font-=
family: Calibri, sans-serif; font-size: 14=2E666666984558105px;" class=3D""=
>Threat Escalation: An attacker that can cause a device to install a payloa=
d against the wrong precursor image could gain
 an Escalation of Privilege and potentially expand this to all types of&nb=
sp;threat=2E</span></div>
</div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<br class=3D"" />
</div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<br class=3D"" />
</div>
</div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
Security Requirements</div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt;" class=3D"">=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</div>
<div class=3D"">The security requirements here are a set of policies that =
mitigate the threats described in the previous section</div>
<div class=3D""><br class=3D"" />
</div>
</div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt;" class=3D"">
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
Security Requirement MFSR1: monotonic sequence numbers&nbsp;<p class=3D"">=
</p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<span style=3D"font-size: 11pt;" class=3D"">------------------------------=
-----</span></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt;" class=3D=
""><span style=3D"font-size: 11pt;" class=3D"">Only an actor with firmware =
installation authority is permitted to decide when device firmware can be i=
nstalled=2E To enforce this rule, Manifests
 MUST contain a monotonic sequence number=2E Manifests MAY use</span><span=
 style=3D"font-size: 11pt;" class=3D"">&nbsp;</span><s style=3D"font-size: =
11pt;" class=3D""><span style=3D"color: rgb(149, 55, 53);" class=3D"">UTC e=
poch&nbsp;</span></s><span style=3D"font-size: 11pt;" class=3D"">timestamps
 to coordinate monotonic sequence numbers across many actors in many locat=
ions=2E Devices MUST reject manifests with sequence numbers smaller than an=
y onboard sequence number=2E</span></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<p class=3D""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<p class=3D"">&nbsp;</p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
N=2EB=2E This is not a firmware version=2E It is a manifest sequence numbe=
r=2E A firmware version may be rolled back by creating a new manifest for t=
he old firmware version with a later sequence number=2E<p class=3D""></p></=
div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<p class=3D"">&nbsp;</p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
Mitigates: Threat MFT1<p class=3D""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<p class=3D"">&nbsp;</p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
Security Requirement MFSR2: Vendor, device-type identifiers&nbsp;<p class=
=3D""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
-----------------------------------</div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<span style=3D"font-size: 11pt;" class=3D"">Devices MUST only apply firmwa=
re that is intended for them=2E Devices MUST know with fine granularity tha=
t a given update applies to their vendor, model, hardware revision, softwar=
e revision=2E Human-readable identifiers
 are often error-prone in this regard, so Unique-IDs SHOULD be used=2E</sp=
an></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<p class=3D""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<p class=3D"">&nbsp;</p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
Mitigates: Threat MFT2<p class=3D""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<p class=3D"">&nbsp;</p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
Security Requirement MFSR3: Best-Before timestamps</div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt;" class=3D"">
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
-----------------------------------</div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt;" class=3D""><font face=3D"Calibr=
i, sans-serif" class=3D""><span style=3D"font-size: 14=2E666666984558105px;=
" class=3D"">Firmware MAY expire after a given time=2E Devices MAY provide =
a secure clock (local or remote)=2E If a secure clock
 is provided and the Firmware Manifest has a best-before&nbsp;timestamp, t=
he device MUST reject the manifest&nbsp;if current time is larger than the =
best-before time=2E<br class=3D"" />
&nbsp;<br class=3D"" />
Mitigates: Threat MFT3</span></font></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt;" class=3D""><font face=3D"Calibr=
i, sans-serif" class=3D""><span style=3D"font-size: 14=2E666666984558105px;=
" class=3D""><br class=3D"" />
</span></font></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt;" class=3D"">
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
Security Requirement MFSR4: Signed Payload Descriptor<p class=3D""></p></d=
iv>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
-----------------------------------</div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
<span style=3D"font-size: 11pt;" class=3D"">All descriptive information ab=
out the payload MUST be signed=2E This MUST include:</span></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
<p class=3D""></p></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
* The location to store the payload<p class=3D""></p></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
* The payload digest, in each state of installation (encrypted, plaintext,=
 installed, etc=2E)<p class=3D""></p></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
* The payload size<p class=3D""></p></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
* The payload format<p class=3D""></p></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
* Where to obtain the payload<p class=3D""></p></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
* All instructions or parameters for applying the payload<p class=3D""></p=
></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
* Any rules that identify whether or not the payload can be used on this d=
evice<p class=3D""></p></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
<p class=3D"">&nbsp;</p></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
Mitigates: Threats MFT5, MFT6, MFT7,&nbsp;<p class=3D""></p>MFT9</div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
<br class=3D"" />
</div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
Security Requirement MFSR5: Provable authenticity</div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt;" class=3D"">
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
-----------------------------------</div>
<div class=3D""><font face=3D"Calibri, sans-serif" class=3D""><span style=
=3D"font-size: 14=2E666666984558105px;" class=3D"">The authenticity of an u=
pdate must be provable, with sufficient levels of entropy to remain secure =
for the lifetime of the device=2E Typically, this
 means that updates must be signed=2E Other proof mechanisms are acceptabl=
e, such as MACs, or Authenticated Encryption, or AEAD algorithms=2E Because=
 the manifest contains&nbsp;information about how to install the update, th=
e manifest's authenticity must be provable=2E
 To reduce the overhead required for validation, the manifest contains the=
 digest of the payload,&nbsp;rather than another signature=2E This does not=
 change the provability of the payload=2E The authenticity of the manifest =
is provable with a signature, the authenticity
 of the payload digest is&nbsp;provable with the manifest, and the authent=
icity of the payload is provable with the payload digest=2E</span></font></=
div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt;" class=3D=
""><br class=3D"" />
</div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt;" class=3D=
"">Mitigates: Threat MFT8</div>
</div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt; font-size: 11pt; font-family: Ca=
libri, sans-serif;" class=3D"">
<p class=3D"">&nbsp;</p></div>
</div>
<div class=3D"">
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
User Stories<p class=3D""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</div=
>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
User stories provide expected use-cases=2E These are used to feed into usa=
bility requirements=2E<p class=3D""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<p class=3D"">&nbsp;</p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
Use Case MFUC1: Installation Instructions<p class=3D""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
-----------------------------------</div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
As an OEM for IoT devices, I want to provide my devices with additional in=
stallation instructions so that I can keep process detail out of my payload=
 data=2E<p class=3D""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<p class=3D"">&nbsp;</p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
Some installation instructions might be:<p class=3D""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
* Specify a package handler<p class=3D""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
* Use a table of hashes to ensure that each block of the payload is valida=
te before writing=2E<p class=3D""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
* Run post-processing script after the update is installed<p class=3D""></=
p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
* Do not report progress<p class=3D""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
* Pre-cache the update, but do not install<p class=3D""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
* Install the pre-cached update matching this manifest<p class=3D""></p></=
div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
* Install this update immediately, overriding any long-running tasks=2E<p =
class=3D""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<p class=3D"">&nbsp;</p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<p class=3D"">&nbsp;</p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
Use Case MFUC2: Operator Infrastructure<p class=3D""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
-----------------------------------</div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
As an Operator of IoT devices, I would like to tell my devices to look at =
my own infrastructure for payloads so that I can manage the traffic generat=
ed by firmware updates on my network and my peers&rsquo; networks=2E<p clas=
s=3D""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<p class=3D"">&nbsp;</p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
Use Case MFUC3: Modular Update<p class=3D""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
-----------------------------------</div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
As an OEM of IoT devices, I want to divide my firmware into frequently upd=
ated and infrequently updated components, so that I can reduce the size of =
updates and make different parties responsible for different components=2E<=
p class=3D""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<p class=3D""><br class=3D"" />
</p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<p class=3D"">Use Case MFUC4: Multiple Authorisations</p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
-----------------------------------</div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<p class=3D"">As an Operator, I want to ensure the quality of a firmware u=
pdate before installing it, so that I can ensure a high standard of reliabi=
lity on my network=2E The OEM may restrict my ability to create firmware, s=
o I cannot be the only authority on
 the device=2E</p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<p class=3D""><br class=3D"" />
</p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<p class=3D"">Use Case MFUC5: Multiple Payload Formats</p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
-----------------------------------</div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<p class=3D"">As a OEM or Operator of devices, I want to be able to send m=
ultiple payload formats to suit the needs of my update, so that I can optim=
ise the bandwidth used by my devices=2E</p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<br class=3D"" />
</div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<span style=3D"font-size: 11pt;" class=3D"">&nbsp;</span></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
Usability Requirements<p class=3D""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</div=
>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
The following usability requirements satisfy the user stories listed above=
=2E<p class=3D""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<p class=3D"">&nbsp;</p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
Usability Requirement MFUR1:<p class=3D""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
It must be possible to write additional installation instructions into the=
 manifest=2E<p class=3D""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<p class=3D"">&nbsp;</p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
Satisfies Use-Case MFUC1<p class=3D""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<p class=3D"">&nbsp;</p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
Usability Requirement MFUR2:<p class=3D""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
-----------------------------------</div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
It must be possible to redirect payload fetches=2E This applies where two =
manifests are used in conjunction=2E For example, an OEM manifest specifies=
 a payload and signs it, and provides a URI for that payload=2E An Operator=
 creates a second manifest, with a dependency
 on the first=2E They use this second manifest to override the URIs provid=
ed by the OEM, directing them into their own infrastructure instead=2E<p cl=
ass=3D""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<p class=3D"">&nbsp;</p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
Satisfies Use-Case MFUC2<p class=3D""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<p class=3D"">&nbsp;</p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
Usability Requirement MFUR3:<p class=3D""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
-----------------------------------</div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
It MUST be possible to link multiple manifests together so that a multi-co=
mponent update can be described=2E This allows multiple parties with differ=
ent permissions to collaborate in creating a single update for the IoT devi=
ce, across multiple components=2E<p class=3D""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<p class=3D"">&nbsp;</p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
Satisfies Use-Case MFUC2, MFUC3<p class=3D""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<p class=3D"">&nbsp;</p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
Usability Requirement MFUR4:</div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<div style=3D"font-size: 11pt; margin: 0cm 0cm 0=2E0001pt;" class=3D"">---=
--------------------------------</div>
<div class=3D"">It MUST be possible to sign a manifest multiple times so t=
hat signatures from multiple parties with different permissions can be requ=
ired in order to authorise installation of a manifest=2E</div>
<div class=3D""><br class=3D"" />
</div>
<div class=3D"">Satisfies Use-Case MFUC4</div>
<div class=3D""><br class=3D"" />
</div>
<div style=3D"font-size: 11pt; margin: 0cm 0cm 0=2E0001pt;" class=3D"">Usa=
bility Requirement MFUR5:</div>
<div style=3D"font-size: 11pt; margin: 0cm 0cm 0=2E0001pt;" class=3D"">
<div style=3D"font-size: 11pt; margin: 0cm 0cm 0=2E0001pt;" class=3D"">---=
--------------------------------</div>
</div>
<div class=3D"">The manifest format MUST accommodate any payload format th=
at an operator or OEM wishes to use=2E&nbsp;<span style=3D"font-size: 11pt;=
" class=3D"">Some examples of payload format would be:&nbsp;</span></div>
<div style=3D"font-size: 11pt; margin: 0cm 0cm 0=2E0001pt;" class=3D""><p =
class=3D"">* Binary</p></div>
<div style=3D"font-size: 11pt; margin: 0cm 0cm 0=2E0001pt;" class=3D""><p =
class=3D"">* Elf</p></div>
<div style=3D"font-size: 11pt; margin: 0cm 0cm 0=2E0001pt;" class=3D""><p =
class=3D"">* Differential</p></div>
<div style=3D"font-size: 11pt; margin: 0cm 0cm 0=2E0001pt;" class=3D""><p =
class=3D"">* Compressed</p></div>
<div style=3D"font-size: 11pt; margin: 0cm 0cm 0=2E0001pt;" class=3D"">* P=
acked configuration</div>
<div class=3D""><span style=3D"font-size: 11pt;" class=3D""><br class=3D""=
 />
</span></div>
<div class=3D""><span style=3D"font-size: 11pt;" class=3D"">Satisfies Use-=
Case MFUC5</span></div>
<div class=3D""><span style=3D"font-size: 11pt;" class=3D""><br class=3D""=
 />
</span></div>
<div class=3D""><span style=3D"font-size: 11pt;" class=3D""><br class=3D""=
 />
</span></div>
</div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
Manifest Fields:<p class=3D""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</div=
>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
Each manifest field is anchored in a security requirement or a usability r=
equirement=2E The manifest fields are described below and justified by thei=
r requirements=2E<p class=3D""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<p class=3D"">&nbsp;</p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
Manifest Field: Timestamp<p class=3D""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
-----------------------------------</div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
A monotonic sequence number, implemented as an integer<span style=3D"color=
: rgb(149, 55, 53);" class=3D"">&nbsp;</span>Timestamp=2E<p class=3D""></p>=
</div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<p class=3D"">&nbsp;</p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
Implements: Security Requirement MFSR1=2E<p class=3D""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<p class=3D"">&nbsp;</p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
Manifest Field: Vendor ID condition<p class=3D""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
-----------------------------------</div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
Vendor IDs MUST be unique=2E This is to prevent similarly, or identically =
named entities from different geographic regions from colliding in their cu=
stomer&rsquo;s infrastructure=2E Recommended practice is to use type 5 UUID=
s with the vendor&rsquo;s domain name and the UUID
 DNS prefix=2E Other options include type 1 and type 4 UUIDs=2E<p class=3D=
""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<p class=3D"">&nbsp;</p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
Implements: Security Requirement MFSR2, MFSR4=2E<p class=3D""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<p class=3D"">&nbsp;</p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
Manifest Field: Class ID condition<p class=3D""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
-----------------------------------</div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
Class Identifiers MUST be unique within a Vendor ID=2E This is to prevent =
similarly, or identically named devices colliding in their customer&rsquo;s=
 infrastructure=2E Recommended practice is to use type 5 UUIDs with the mod=
el, hardware revision, etc=2E and use the Vendor
 ID as the UUID prefix=2E Other options include type 1 and type 4 UUIDs=2E=
 A device &ldquo;Class&rdquo; is defined as any device that can run the sam=
e firmware without modification=2E Classes MAY be implemented in a more gra=
nular way=2E Classes MUST NOT be implemented in a less
 granular way=2E Class ID can encompass model name, hardware revision, sof=
tware revision=2E Devices MAY have multiple Class IDs=2E<p class=3D""></p><=
/div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<p class=3D"">&nbsp;</p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
Implements: Security Requirement MFSR2, MFSR4=2E<p class=3D""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<p class=3D"">&nbsp;</p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<p class=3D"">Manifest Field: Precursor Image Digest Condition</p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<p class=3D"">
</p><div style=3D"font-size: 11pt; margin: 0cm 0cm 0=2E0001pt;" class=3D""=
>-----------------------------------</div><div class=3D"">When a precursor =
image is required by the payload format, a precursor image digest condition=
 MUST be present in the conditions list=2E</div><div class=3D""><br class=
=3D"" />
</div></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<p class=3D"">Implements: Security Requirement MFSR4</p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<p class=3D""><br class=3D"" />
</p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
Manifest Field: Best-Before timestamp<p class=3D""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
-----------------------------------</div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
This field tells a device the last application time=2E This is only usable=
 in conjunction with a secure clock=2E<p class=3D""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<p class=3D"">&nbsp;</p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
Implements Security Requirement MFSR3<p class=3D""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<p class=3D"">&nbsp;</p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
Manifest Field: Payload Format<p class=3D""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
-----------------------------------</div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
The format of the payload must be indicated to devices is in an unambiguou=
s way=2E This field provides a mechanism to describe the payload format, wi=
thin the signed metadata=2E<p class=3D""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<p class=3D"">&nbsp;</p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
Implements Security Requirement MFSR4, Usability Requirement&nbsp;<p class=
=3D""></p>MFUR5</div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<p class=3D"">&nbsp;</p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
Manifest Field: Storage Location<p class=3D""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
-----------------------------------</div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
This field tells the device which component is being updated=2E The device=
 can use this to establish which permissions are necessary and the physical=
 location to use=2E<p class=3D""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<p class=3D"">&nbsp;</p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
Implements Security Requirement MFSR4<p class=3D""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<p class=3D"">&nbsp;</p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
Manifest Field: URIs<p class=3D""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
-----------------------------------</div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
This field is a list of weighted URIs that the device uses to select where=
 to obtain a payload=2E<p class=3D""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<p class=3D"">&nbsp;</p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
Implements Security Requirement MFSR4<p class=3D""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<p class=3D"">&nbsp;</p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
Manifest Field: digests<p class=3D""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
-----------------------------------</div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
This field is a map of digests, each for a separate stage of installation=
=2E This allows the target device to ensure authenticity of the payload at =
every step of installation=2E<p class=3D""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<p class=3D"">&nbsp;</p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
Implements Security Requirement MFSR4<p class=3D""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<p class=3D"">&nbsp;</p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
Manifest Field: Size<p class=3D""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
-----------------------------------</div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
The size of the payload in bytes=2E<p class=3D""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<p class=3D"">&nbsp;</p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
Implements Security Requirement MFSR4<p class=3D""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<p class=3D""><br class=3D"" />
</p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
Manifest Field: Signature</div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<p class=3D"">-----------------------------------</p></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt;" class=3D""><p class=3D""><font =
face=3D"Calibri, sans-serif" class=3D""><span style=3D"font-size: 11pt;" cl=
ass=3D"">This is not strictly a manifest field=2E Instead, the manifest is =
wrapped by a&nbsp;</span><span style=3D"font-size: 14=2E666666984558105px;"=
 class=3D"">standardised</span><span style=3D"font-size: 11pt;" class=3D"">=
&nbsp;signature
 container, such as a COSE or CMS signature object=2E The signature contai=
ner MUST support multiple signatures=2E</span></font></p></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt;" class=3D""><p class=3D""><font =
face=3D"Calibri, sans-serif" class=3D""><span style=3D"font-size: 11pt;" cl=
ass=3D""><br class=3D"" />
</span></font></p></div>
<div style=3D"margin: 0cm 0cm 0=2E0001pt;" class=3D""><p class=3D""><font =
face=3D"Calibri, sans-serif" class=3D""><span style=3D"font-size: 11pt;" cl=
ass=3D"">Implements Security Requirement MFSR5, MFUR4</span></font></p></di=
v>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<p class=3D"">&nbsp;</p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
Manifest Field: Directives<p class=3D""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
-----------------------------------</div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
A list of instructions that the device should execute, in order, when inst=
alling the payload=2E<p class=3D""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<p class=3D"">&nbsp;</p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
Implements Usability Requirement MFUR1<p class=3D""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<p class=3D"">&nbsp;</p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
Manifest Field: Aliases<p class=3D""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
-----------------------------------</div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
A list of URI/Digest pairs=2E A device should build an alias table while p=
aring a manifest tree and treat any aliases as top-ranked URIs for the corr=
esponding digest=2E<p class=3D""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<p class=3D"">&nbsp;</p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
Implements Usability Requirement MFUR2<p class=3D""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<p class=3D"">&nbsp;</p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
Manifest Field: Dependencies<p class=3D""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
-----------------------------------</div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
A list of URI/Digest pairs that refer to other manifests by digest=2E The =
manifests that are linked in this way must be acquired and installed simult=
aneously in order to form a complete update=2E<p class=3D""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<p class=3D"">&nbsp;</p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
Implements Usability Requirement MFUR3<p class=3D""></p></div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<br class=3D"" />
</div>
<div style=3D"font-family: Calibri, sans-serif; font-size: 11pt; margin: 0=
cm 0cm 0=2E0001pt;" class=3D"">
<br class=3D"" />
</div>
</div>
</div>
</div>
</div>
</div>
</div>
IMPORTANT NOTICE: The contents of this email and any attachments are confi=
dential and may also be privileged=2E If you are not the intended recipient=
, please notify the sender immediately and do not disclose the contents to =
any other person, use it for any purpose,
 or store or copy the information in any medium=2E Thank you=2E

</blockquote></div><br>
-- <br>
Sent from my Android device with K-9 Mail=2E Please excuse my brevity=2E</=
body></html>
------XOP3XW6MU6GYAXVJJOVY9V8LRH2L9D--


From nobody Fri Nov 10 08:02:15 2017
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 363DE126CE8 for <suit@ietfa.amsl.com>; Fri, 10 Nov 2017 08:02:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.911
X-Spam-Level: 
X-Spam-Status: No, score=-2.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=-1, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eF2rnt81N1EL for <suit@ietfa.amsl.com>; Fri, 10 Nov 2017 08:02:10 -0800 (PST)
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-he1eur01on0057.outbound.protection.outlook.com [104.47.0.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D9E55126C3D for <suit@ietf.org>; Fri, 10 Nov 2017 08:02:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=1VUoT1J0RMjhNZPGPhgkLJf74g/QDATUMBmmMhcz2vY=; b=q3uvXQl8Eom8EzQBfbL3DuJN6wou2WNHpDaSrDYbHw/0jOdLZmogpEJ2OxE5785jI1e4emFUt7HQ4na6QEk31mRUUcgFMiHWq26pOz+RsIrj78uVxLmZfcSXuihDk4cAEH2+C2luyyYGDt6OnV9bOGDWjp1A1ZXJyK/kmQj2Npo=
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com (10.167.90.148) by AM4PR0801MB2706.eurprd08.prod.outlook.com (10.167.90.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.218.12; Fri, 10 Nov 2017 16:02:06 +0000
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::403b:850e:c32c:fad6]) by AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::403b:850e:c32c:fad6%13]) with mapi id 15.20.0218.011; Fri, 10 Nov 2017 16:02:06 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>, "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] Quantum resistance in firmware formats
Thread-Index: AQHTWjMb7NAX9YMRP02quzSoZVQCRKMNwOEw
Date: Fri, 10 Nov 2017 16:02:06 +0000
Message-ID: <AM4PR0801MB2706EB600DEC5774C133CFCDFA540@AM4PR0801MB2706.eurprd08.prod.outlook.com>
References: <21176.1510325360@obiwan.sandelman.ca>
In-Reply-To: <21176.1510325360@obiwan.sandelman.ca>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com; 
x-originating-ip: [118.200.143.81]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM4PR0801MB2706; 6:bikw9b+J1DcoPmss+dDChN0k9NfwYS6ricrJv73hZn2F3wvLH2TBd7J8pH13M19ZYl67+woHgEd/5xeuVabb60ySOHtVs5M8INw5ZHmzA23cfvJ2b60HhBZWKHMhEJU6H9t8zX411MwOwiWC/gksdyVv5f00JZsqAnBxn4klYRPQJn1IrGizPF62V0Shz6H/fcTPCRTPvSNIpN4tuQoBRIDYWRffJuhcWe/W/tijlHW2l8l41MZmgxJIlEUMYgnq4zh30gvJ34CxPbpYHGqbivR7U2gUaR7f7uLjLpiKWagrCXydiihbaIAXrb8RYfIO0QN4UjSW+kPEzRqym5ym7Oms7p/YMvwOLhahL/pLYuY=; 5:o4Ao8cf39947lyX5EKMANw77vhvWN/sYfkKH+QDFCxn9y5+E6KanT4kJQRLtQLhCUhJ0/46oYrV6prorQckF9zP+bE45KMxe4T5iPhstmKRcj2CTMgkaRR+OlGRLahX7aCXU5uOKnOVZUisNlzY39MUAriBDLvlIhUDaVc1JEGY=; 24:VcT+5UT1mZPo+R7/8FRIMij+9jRJJ//RCch4FUPXy/Wb4rbTAl6KRrNUXnBGMUvf97oK5NjMaw18LTu2PFMBgcvYCJ5acF0HPvpC1IyvHAk=; 7:+w22nylGHlhPgG+YASg4DOK9nMKPK8/b4ahLtIRl8iZ6VVNtUmIT+7iaTsmWKBJ3iTeIPw0cALIHinzn1I22ofmMu2bauRXzRQnzYzSa8OjwYBA21W29mKNJQRxnoh9JZqwR7KEK51Nvb20jSTAWL066a2qLFGmtF2/2cJ4FDvo02Y7aY7fpBWkPA39f0oAqcoUoGspRm0R03C1Luxu2YyWZQPwq8rW4rvxk+KhnchxzFnC0i3e27Ku2Kfj3ztHo
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: fca12ac8-786e-48e3-1dd5-08d5285463f6
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603258); SRVR:AM4PR0801MB2706; 
x-ms-traffictypediagnostic: AM4PR0801MB2706:
x-exchange-antispam-report-test: UriScan:(192374486261705);
x-microsoft-antispam-prvs: <AM4PR0801MB27064BC8BE00F5EBCCB45740FA540@AM4PR0801MB2706.eurprd08.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(100000703101)(100105400095)(3231021)(93006095)(93001095)(10201501046)(3002001)(6055026)(6041248)(20161123562025)(20161123555025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(20161123564025)(20161123558100)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:AM4PR0801MB2706; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:AM4PR0801MB2706; 
x-forefront-prvs: 0487C0DB7E
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(346002)(39860400002)(376002)(13464003)(199003)(189002)(40434004)(97736004)(5660300001)(25786009)(50986999)(2906002)(54356999)(55016002)(101416001)(33656002)(86362001)(6246003)(7696004)(81156014)(81166006)(8936002)(2501003)(8676002)(3660700001)(76176999)(74316002)(2900100001)(5250100002)(5890100001)(68736007)(53936002)(3280700002)(3846002)(7736002)(6306002)(6116002)(102836003)(9686003)(305945005)(189998001)(316002)(110136005)(53546010)(6506006)(6436002)(105586002)(72206003)(478600001)(106356001)(14454004)(229853002)(99286004)(2950100002)(966005)(66066001); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR0801MB2706; H:AM4PR0801MB2706.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: fca12ac8-786e-48e3-1dd5-08d5285463f6
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Nov 2017 16:02:06.1449 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0801MB2706
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/H3EdJ8xLU1-lGhz1SVhWRlNVxEs>
Subject: Re: [Suit] Quantum resistance in firmware formats
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Nov 2017 16:02:13 -0000

Hi Michael,

Only a quick remark (since I am jetlagged).

When quantum resistance was mentioned in earlier discussions it referred to=
 the use of different algorithms rather than signing multiple times (see Se=
ction 10 of RFC 8240).

I haven't looked at the quantum resistant crypto proposals, such as https:/=
/tools.ietf.org/html/draft-housley-cms-mts-hash-sig-07, and their performan=
ce implications myself. It would indeed be useful/interesting if someone co=
uld explore this space a bit more and collect some data. While large signat=
ure sizes have been reported those may not necessary matter as much since t=
he firmware updates are less frequent and the firmware images are generally=
 larger (and therefore the overhead from the signature itself may be relati=
vely small).
In general, however, IoT device security will not look great if quantum com=
puters become a reality since IoT devices are typically tailored for the gi=
ven task. OEMs do not seem to over-dimension the CPU, and other aspects of =
the system (unless there are other reasons). These devices have limited spa=
ce for storing keys in secure memory, and switching to other algorithms may=
 not be easy either when hardware crypto is used.

Authorizing a firmware update by multiple parties is a requirement, as expl=
ained in https://mailarchive.ietf.org/arch/msg/suit/Hq8NjQJG-EEvHSWjIXMXhCg=
x1OA. It has surfaced also on the mailing list in discussions before. Hence=
, I think this functionality should be covered. Authorizing a firmware upda=
te by multiple parties will not necessarily imply signing it multiple times=
 (as discussed in Section 3 of RFC 8240). It remains to be seen how often i=
t will be used in low end IoT devices a lot.

Ciao
Hannes

-----Original Message-----
From: Suit [mailto:suit-bounces@ietf.org] On Behalf Of Michael Richardson
Sent: 10 November 2017 22:49
To: suit@ietf.org
Subject: [Suit] Quantum resistance in firmware formats


The proposed architectures that we have either assume a relatively capable =
bootloader, or the ability to double buffer images.

One of the advantages of the double buffering is that the firmware update c=
ode itself can easily be updated.
Updating a bootloader image may be significantly more risky, and so I imagi=
ne that it might rarely or never occur in a device's lifetime.

So my question is: how much concern should we put into quantum resistant si=
gnature algorithms?  Is it worth the risk of being on the bleeding edge her=
e with the hope of winning?  Should we perhaps plan on our manifests (and
images) being signed more than once by the same entity using different algo=
rithms?


--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works  -=3D =
IPv6 IoT consulting =3D-



IMPORTANT NOTICE: The contents of this email and any attachments are confid=
ential and may also be privileged. If you are not the intended recipient, p=
lease notify the sender immediately and do not disclose the contents to any=
 other person, use it for any purpose, or store or copy the information in =
any medium. Thank you.


From nobody Fri Nov 10 08:37:33 2017
Return-Path: <housley@vigilsec.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF9EB126CD6 for <suit@ietfa.amsl.com>; Fri, 10 Nov 2017 08:37:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5PBKqR6Drqlk for <suit@ietfa.amsl.com>; Fri, 10 Nov 2017 08:37:30 -0800 (PST)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7DFAE126BF6 for <suit@ietf.org>; Fri, 10 Nov 2017 08:37:30 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id CB2753005B4 for <suit@ietf.org>; Fri, 10 Nov 2017 11:37:29 -0500 (EST)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id mHsGRoYHYIiz for <suit@ietf.org>; Fri, 10 Nov 2017 11:37:28 -0500 (EST)
Received: from a860b60074bd.home (pool-108-45-101-150.washdc.fios.verizon.net [108.45.101.150]) by mail.smeinc.net (Postfix) with ESMTPSA id AAE51300526; Fri, 10 Nov 2017 11:37:28 -0500 (EST)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <21176.1510325360@obiwan.sandelman.ca>
Date: Fri, 10 Nov 2017 11:37:28 -0500
Cc: suit@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <74B896C8-2C93-4AEB-9508-69E8CE5CB7CE@vigilsec.com>
References: <21176.1510325360@obiwan.sandelman.ca>
To: Michael Richardson <mcr+ietf@sandelman.ca>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/KP2-i3WIh1sAGHmAtLvwkOG9v6c>
Subject: Re: [Suit] Quantum resistance in firmware formats
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Nov 2017 16:37:32 -0000

Please take a look at draft-housley-cms-mts-hash-sig-07.  It show how =
hash-based signatures would be used with RFC 4108.

Russ


> On Nov 10, 2017, at 9:49 AM, Michael Richardson =
<mcr+ietf@sandelman.ca> wrote:
>=20
>=20
> The proposed architectures that we have either assume a relatively =
capable
> bootloader, or the ability to double buffer images.
>=20
> One of the advantages of the double buffering is that the firmware =
update
> code itself can easily be updated.
> Updating a bootloader image may be significantly more risky, and so I =
imagine
> that it might rarely or never occur in a device's lifetime.
>=20
> So my question is: how much concern should we put into quantum =
resistant
> signature algorithms?  Is it worth the risk of being on the bleeding =
edge
> here with the hope of winning?  Should we perhaps plan on our =
manifests (and
> images) being signed more than once by the same entity using different
> algorithms?
>=20
>=20
> --
> Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
> -=3D IPv6 IoT consulting =3D-


From nobody Fri Nov 10 09:52:44 2017
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0FC2712EC79 for <suit@ietfa.amsl.com>; Fri, 10 Nov 2017 09:52:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level: 
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 81BrTu151o8v for <suit@ietfa.amsl.com>; Fri, 10 Nov 2017 09:52:40 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8FCB312EC81 for <suit@ietf.org>; Fri, 10 Nov 2017 09:52:40 -0800 (PST)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id B2F6320008; Fri, 10 Nov 2017 12:54:04 -0500 (EST)
Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id C081F80661; Fri, 10 Nov 2017 12:52:39 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Brendan Moran <Brendan.Moran@arm.com>
cc: "suit\@ietf.org" <suit@ietf.org>
In-Reply-To: <0C94DD02-3E70-41B2-B594-F500DD14E4C7@arm.com>
References: <21176.1510325360@obiwan.sandelman.ca> <0C94DD02-3E70-41B2-B594-F500DD14E4C7@arm.com>
X-Mailer: MH-E 8.6; nmh 1.7-RC3; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature"
Date: Fri, 10 Nov 2017 12:52:39 -0500
Message-ID: <2360.1510336359@obiwan.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/kkGLSkEOdo7DwomseZU4kCElWYQ>
Subject: Re: [Suit] Quantum resistance in firmware formats
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Nov 2017 17:52:42 -0000

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable


Brendan Moran <Brendan.Moran@arm.com> wrote:
    > This is very interesting. I don=E2=80=99t think there=E2=80=99s a pro=
blem in terms of
    > multiple signatures so far.

Agreed.

    > The way that I envision signature verification working is that the
    > device must simply accrue sufficient permissions to install an update:
    > * Each signer has a set of permissions for each component/storageId *
    > Each component specifies which permissions are required to install to
    > that component/storageId

Sure... but I was specifically thinking is that a manufacturer could
introduce the new Quantum-resistant signatures to the packages as soon as
such a standard (in the form of an OID or IANA allocation) became available.
I think that there is some concern that the quantum-resistant methods may
prove to be secure.  But, if one introduced them soon, and continued to rely
on E{C,d}DSA signatures as well, then there a double hedge against each one
being defeated.
(If both are defeated, then we are in short-term trouble if we have no third
method, but in any case, we have to get third method deployed)

    > To keep the boot loader simple, you can terminate the trust
    > relationship with the update authority in the suit client. If that=E2=
=80=99s
    > the case, then the boot loader can work with MAC instead. This does n=
ot
    > provide for a full secure-boot story, but it does provide for updated
    > cryptographic primitives.

I'm not sure I understand what you are saying here.
I think you are talking about secure boot (validating the image is good
before booting it), vs validating the image is good before storing it to fl=
ash?

=2D-
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -=3D IPv6 IoT consulting =3D-




--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAloF52cACgkQgItw+93Q
3WVgmQf/ZfFni1xkaqGTTcQ9IiaAjkzCHcueRjD2PDzxS5us/iAxhlSNranqFIzH
jyxUmzDC0KbONBWmi/W+h/WaVHqOhuzTCYRDDCtnAhtl6Ri+TGZitP82ZczeNbu+
btPyHhBcWkXayaRR9a/PSFG/eO2xiTs9ZgDYY+I0m13gJnjKZcza6nu63G2UzEQX
VmevntqqndoMYzVS6MAUXz0A/oGm19bu+mrnqlB4I0cZ8DPSFxKFeiSOra0Ag7lc
QE9arTHLMy9ALlQWKbNItPCYKq0WKWS5i+ZcTJ1/AKVpGKjlbnhOkpa0CBJlaxBK
GLWho249ztlf/TAO3qFHLe5kJUx+qQ==
=88Nc
-----END PGP SIGNATURE-----
--=-=-=--


From nobody Fri Nov 10 09:55:54 2017
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6EA4512EC97 for <suit@ietfa.amsl.com>; Fri, 10 Nov 2017 09:55:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level: 
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6B9tFkBALhd3 for <suit@ietfa.amsl.com>; Fri, 10 Nov 2017 09:55:51 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 27D0912EC94 for <suit@ietf.org>; Fri, 10 Nov 2017 09:55:51 -0800 (PST)
Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id 0B75120008; Fri, 10 Nov 2017 12:57:15 -0500 (EST)
Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 1B13680661; Fri, 10 Nov 2017 12:55:50 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
cc: "suit\@ietf.org" <suit@ietf.org>
In-Reply-To: <AM4PR0801MB2706EB600DEC5774C133CFCDFA540@AM4PR0801MB2706.eurprd08.prod.outlook.com>
References: <21176.1510325360@obiwan.sandelman.ca> <AM4PR0801MB2706EB600DEC5774C133CFCDFA540@AM4PR0801MB2706.eurprd08.prod.outlook.com>
X-Mailer: MH-E 8.6; nmh 1.7-RC3; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature"
Date: Fri, 10 Nov 2017 12:55:50 -0500
Message-ID: <3091.1510336550@obiwan.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/NtPMcimnotj5NMWlJ0sVMPHgt2s>
Subject: Re: [Suit] Quantum resistance in firmware formats
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Nov 2017 17:55:53 -0000

--=-=-=
Content-Type: text/plain


Hannes Tschofenig <Hannes.Tschofenig@arm.com> wrote:
    > I haven't looked at the quantum resistant crypto proposals, such as
    > https://tools.ietf.org/html/draft-housley-cms-mts-hash-sig-07, and
    > their performance implications myself. It would indeed be
    > useful/interesting if someone could explore this space a bit more and
    > collect some data. While large signature sizes have been reported those

Agreed.

...

    > Authorizing a firmware update by multiple parties is a requirement, as
    > explained in
    > https://mailarchive.ietf.org/arch/msg/suit/Hq8NjQJG-EEvHSWjIXMXhCgx1OA. It
    > has surfaced also on the mailing list in discussions before. Hence, I
    > think this functionality should be covered. Authorizing a firmware
    > update by multiple parties will not necessarily imply signing it
    > multiple times (as discussed in Section 3 of RFC 8240). It remains to
    > be seen how often it will be used in low end IoT devices a lot.

exactly: multiple signatures from different parties was already in scope.
I'm suggesting that multiple signatures from the same entity should be in
scope.  (Note this also covers some ways of doing key-rollover!)


--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-




--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAloF6CUACgkQgItw+93Q
3WV+bQf9Fow/VWiFnwY83Fgebbu8DuJdvMUf2f1LKzXG727qvi28Idk145Wtdwpz
HAOwNJynI2uet8Jf1PgCo1vLiDLRsA9NKkzqkMORTYK/WUIdeIKBPmzpbkLzJdWL
VRz+VdcdwYZy35xNU/EXYfS5Oio9pE3iK1e7vjMGB9YTWadphGclndOQL3dh3Yzq
IphxrDMdOmxJfOAJUh8CDG4pqJMt2UfHBO50W31v9dvOczS47SJhHANv/wMETOfh
ZXshw5exGOdP+uBidfdTO6AodCqJKeMAeTtC+mx6yGdbuK5du0+6Gsr36K+7NcKX
HSADDaV4N6Kt8q+DpzA2hth6gSiwlA==
=0tka
-----END PGP SIGNATURE-----
--=-=-=--


From nobody Fri Nov 10 10:14:55 2017
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B0B712ECEB for <suit@ietfa.amsl.com>; Fri, 10 Nov 2017 10:14:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level: 
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e92ckopC4h35 for <suit@ietfa.amsl.com>; Fri, 10 Nov 2017 10:14:53 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0759E12ECCE for <suit@ietf.org>; Fri, 10 Nov 2017 10:14:53 -0800 (PST)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 05C9920008; Fri, 10 Nov 2017 13:16:17 -0500 (EST)
Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id F356A80661; Fri, 10 Nov 2017 13:14:51 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Russ Housley <housley@vigilsec.com>
cc: suit@ietf.org
In-Reply-To: <74B896C8-2C93-4AEB-9508-69E8CE5CB7CE@vigilsec.com>
References: <21176.1510325360@obiwan.sandelman.ca> <74B896C8-2C93-4AEB-9508-69E8CE5CB7CE@vigilsec.com>
X-Mailer: MH-E 8.6; nmh 1.7-RC3; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature"
Date: Fri, 10 Nov 2017 13:14:51 -0500
Message-ID: <8387.1510337691@obiwan.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/D8awdAuKpZSsOZujrCHydI8v6oc>
Subject: Re: [Suit] Quantum resistance in firmware formats
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Nov 2017 18:14:54 -0000

--=-=-=
Content-Type: text/plain


Russ Housley <housley@vigilsec.com> wrote:
    > Please take a look at draft-housley-cms-mts-hash-sig-07.  It show how
    > hash-based signatures would be used with RFC 4108.

Yes, I had no doubt that we had options we could include.

For a bootloader that won't get updated ever for the lifetime (20yr) of a
device, do you think that mts-hash SHOULD be a MTI?

(And if not, how would we transition to such a scheme?)

--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-




--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAloF7JsACgkQgItw+93Q
3WXCqwgAtedMbD1bUPjbz6xxNJB024DfNMlE5pb+57ixGR0QAdADfvPdZp88yoiN
FPZfJj0VmnaG4I7cRN2HG4Yx0ytaXSeJny5SwZEWZev6KsX8jRv2/jApelplcDLu
SYwO2k0ET3jg8glkoUvr9QoAsRtoWu2Co5KpNnMul6iH2kNkiNg7syJarw3bb9EY
+08/0cSQ88/SQqE9UJKKZ6caQWGDY6s5fq0mM1kGzV7NK7EBOFK3BZjCt2vCo92u
wg89B+C29K6URyrpnAYdEl3Wn9lxLPC7n/4ktY7lJG0GKFj+vvYb9x8FjQ/ckcik
nA6Td7AlcCLGFU4Z2KMX6/++8KCFew==
=zAsA
-----END PGP SIGNATURE-----
--=-=-=--


From nobody Fri Nov 10 10:53:35 2017
Return-Path: <Brendan.Moran@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 06DEA1289B0 for <suit@ietfa.amsl.com>; Fri, 10 Nov 2017 10:53:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.911
X-Spam-Level: 
X-Spam-Status: No, score=-2.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=-1, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eVFGN_L8Q0BC for <suit@ietfa.amsl.com>; Fri, 10 Nov 2017 10:53:31 -0800 (PST)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-db5eur01on0064.outbound.protection.outlook.com [104.47.2.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7D739128B93 for <suit@ietf.org>; Fri, 10 Nov 2017 10:53:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=EGiE7biFXQFZ4KT2x6ifzLz/lF44agP3NnSF7c6C1QQ=; b=f1HcJx5Q4qVEBZncnxu3siPZZw26Yq3zpLZTnNzEnw60ErRAOxla0D9xMnfBTgQqubI/NurqNULSMlkGTKT7XRiFiPALxL2rEK1TAIavS+geCgvptRH4xShISJin9aUR8CinK5HHrruo/zMOhmJC7u1QV0K3uiQ04gHziwHrBMU=
Received: from DB5PR08MB0615.eurprd08.prod.outlook.com (10.169.32.149) by DB5PR08MB0615.eurprd08.prod.outlook.com (10.169.32.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.218.12; Fri, 10 Nov 2017 18:53:29 +0000
Received: from DB5PR08MB0615.eurprd08.prod.outlook.com ([fe80::b123:af71:1ed2:1057]) by DB5PR08MB0615.eurprd08.prod.outlook.com ([fe80::b123:af71:1ed2:1057%14]) with mapi id 15.20.0218.011; Fri, 10 Nov 2017 18:53:28 +0000
From: Brendan Moran <Brendan.Moran@arm.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
CC: "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] Quantum resistance in firmware formats
Thread-Index: AQHTWjMbF/n5gxF7AUeqWeCW2Qgfi6MNvrGAgAAmToCAABD+AA==
Date: Fri, 10 Nov 2017 18:53:28 +0000
Message-ID: <8A8680C3-465E-428D-B614-8FCD8460E051@arm.com>
References: <21176.1510325360@obiwan.sandelman.ca> <0C94DD02-3E70-41B2-B594-F500DD14E4C7@arm.com> <2360.1510336359@obiwan.sandelman.ca>
In-Reply-To: <2360.1510336359@obiwan.sandelman.ca>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-mailer: Apple Mail (2.3273)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Brendan.Moran@arm.com; 
x-originating-ip: [81.101.7.188]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DB5PR08MB0615; 6:RH75rNriyMvHKsWXTtzPtpNOTdDXiifQl0GYPfS/eB78xu6Czs8zLfIj1K5Ig5qgbzclsVE7sJPDR9JftKGTH5chts0Hgzz5XgovIVAfN7TAJ9qtG4MBgALDDfVCFyaQOiZThiuJP12A0DfJvtgwej9zCnfRZ1y72oGKLGuseZjxwmHzQ9znWQyffeJoidZOGPRFRYyIMfBDfvH+PM18214ofnEN7yjQHgUUZyEJVqwXQn+x5EG/3McV3Vl8kHjlO5qoPMVpX3YEr6oAGOUIoriLNDy2u3SwQnDOReJ1y6x+DvKTXPwUy0i74kKs2cncodT6x4FJKnHnhwrHsaWrJpfZ2aPO8KfeIncSEI5itHs=; 5:sNajGK6SDfhljpgdar3BV8D9hPl9FClhvjXQVNr+NWZO5JstlH/ePuV5Y/LahaXxeND0ZUG7XBRbv8PX8farv51m/bVD/v4QavW57RFO4Ox+wfrVe8h/yC+7efQ0sallVdZ5QAtqJikndLUYtpPBBis8x5V7V0Dpfa8AQQ2cJTo=; 24:Y4dLy81dmXe4+31dkCwn6oJia0VQX6m8aGUPkB/8y9VZgkm3vQxmrvzdeAVQ/1sG/EsB6rIp4b2bZw+CNRUz++O0D3/sJn/Mxwsc3OC6aRQ=; 7:bSL4uKv0XSZTJCcjOQxwnnRsMCmvnlbqluGUVA+ORWjvcvLqvJn+GOyEIhhHZcV1JGx4+G+2F7ShCKFcqusc6hBAUIA7/J6l3XrfZKQrEWNaCdM1pjYfXawJAvbjKO6UeAzwvgTlQZxgAn6z478yPVLg2cPd6VKb21T2LGfTF6iYa+4bR1abZpEH2GrZf2xiRWnK9VSNUMxc5QOeLLRgQ14wBUhNcPvtKgTFpyLSBs7tSdooCPVdACL6mShjf8nU
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 12c6b5d8-f142-4e6f-7709-08d5286c54ea
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603199); SRVR:DB5PR08MB0615; 
x-ms-traffictypediagnostic: DB5PR08MB0615:
x-exchange-antispam-report-test: UriScan:;
x-microsoft-antispam-prvs: <DB5PR08MB0615C90E2ECDC602402321F9EA540@DB5PR08MB0615.eurprd08.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(100000703101)(100105400095)(93006095)(93001095)(3231021)(10201501046)(3002001)(6055026)(6041248)(20161123560025)(20161123564025)(20161123562025)(20161123558100)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123555025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:DB5PR08MB0615; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:DB5PR08MB0615; 
x-forefront-prvs: 0487C0DB7E
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(39860400002)(346002)(376002)(40434004)(199003)(24454002)(51444003)(189002)(57306001)(229853002)(5660300001)(25786009)(6116002)(102836003)(3846002)(101416001)(82746002)(305945005)(478600001)(66066001)(8936002)(4326008)(3660700001)(8676002)(7736002)(106356001)(6512007)(99286004)(33656002)(83716003)(97736004)(189998001)(105586002)(50986999)(2950100002)(6436002)(6246003)(76176999)(68736007)(53546010)(2900100001)(53936002)(6506006)(6486002)(316002)(72206003)(81166006)(3280700002)(5250100002)(86362001)(5890100001)(14454004)(50226002)(2906002)(36756003)(81156014); DIR:OUT; SFP:1101; SCL:1; SRVR:DB5PR08MB0615; H:DB5PR08MB0615.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords;  A:1; MX:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <2898F9E5A7537F4E98DE90142AE1B97F@eurprd08.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 12c6b5d8-f142-4e6f-7709-08d5286c54ea
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Nov 2017 18:53:28.7774 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB5PR08MB0615
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/cj2Cvj0rzBQCfc_bzvnrDqd7vmU>
Subject: Re: [Suit] Quantum resistance in firmware formats
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Nov 2017 18:53:34 -0000

DQo+IE9uIDEwIE5vdiAyMDE3LCBhdCAxNzo1MiwgTWljaGFlbCBSaWNoYXJkc29uIDxtY3IraWV0
ZkBzYW5kZWxtYW4uY2E+IHdyb3RlOg0KPj4gVGhlIHdheSB0aGF0IEkgZW52aXNpb24gc2lnbmF0
dXJlIHZlcmlmaWNhdGlvbiB3b3JraW5nIGlzIHRoYXQgdGhlDQo+PiBkZXZpY2UgbXVzdCBzaW1w
bHkgYWNjcnVlIHN1ZmZpY2llbnQgcGVybWlzc2lvbnMgdG8gaW5zdGFsbCBhbiB1cGRhdGU6DQo+
PiAqIEVhY2ggc2lnbmVyIGhhcyBhIHNldCBvZiBwZXJtaXNzaW9ucyBmb3IgZWFjaCBjb21wb25l
bnQvc3RvcmFnZUlkICoNCj4+IEVhY2ggY29tcG9uZW50IHNwZWNpZmllcyB3aGljaCBwZXJtaXNz
aW9ucyBhcmUgcmVxdWlyZWQgdG8gaW5zdGFsbCB0bw0KPj4gdGhhdCBjb21wb25lbnQvc3RvcmFn
ZUlkDQo+DQo+IFN1cmUuLi4gYnV0IEkgd2FzIHNwZWNpZmljYWxseSB0aGlua2luZyBpcyB0aGF0
IGEgbWFudWZhY3R1cmVyIGNvdWxkDQo+IGludHJvZHVjZSB0aGUgbmV3IFF1YW50dW0tcmVzaXN0
YW50IHNpZ25hdHVyZXMgdG8gdGhlIHBhY2thZ2VzIGFzIHNvb24gYXMNCj4gc3VjaCBhIHN0YW5k
YXJkIChpbiB0aGUgZm9ybSBvZiBhbiBPSUQgb3IgSUFOQSBhbGxvY2F0aW9uKSBiZWNhbWUgYXZh
aWxhYmxlLg0KPiBJIHRoaW5rIHRoYXQgdGhlcmUgaXMgc29tZSBjb25jZXJuIHRoYXQgdGhlIHF1
YW50dW0tcmVzaXN0YW50IG1ldGhvZHMgbWF5DQo+IHByb3ZlIHRvIGJlIHNlY3VyZS4gIEJ1dCwg
aWYgb25lIGludHJvZHVjZWQgdGhlbSBzb29uLCBhbmQgY29udGludWVkIHRvIHJlbHkNCj4gb24g
RXtDLGR9RFNBIHNpZ25hdHVyZXMgYXMgd2VsbCwgdGhlbiB0aGVyZSBhIGRvdWJsZSBoZWRnZSBh
Z2FpbnN0IGVhY2ggb25lDQo+IGJlaW5nIGRlZmVhdGVkLg0KPiAoSWYgYm90aCBhcmUgZGVmZWF0
ZWQsIHRoZW4gd2UgYXJlIGluIHNob3J0LXRlcm0gdHJvdWJsZSBpZiB3ZSBoYXZlIG5vIHRoaXJk
DQo+IG1ldGhvZCwgYnV0IGluIGFueSBjYXNlLCB3ZSBoYXZlIHRvIGdldCB0aGlyZCBtZXRob2Qg
ZGVwbG95ZWQpDQoNCj4gZXhhY3RseTogbXVsdGlwbGUgc2lnbmF0dXJlcyBmcm9tIGRpZmZlcmVu
dCBwYXJ0aWVzIHdhcyBhbHJlYWR5IGluIHNjb3BlLg0KPiBJJ20gc3VnZ2VzdGluZyB0aGF0IG11
bHRpcGxlIHNpZ25hdHVyZXMgZnJvbSB0aGUgc2FtZSBlbnRpdHkgc2hvdWxkIGJlIGluDQo+IHNj
b3BlLiAgKE5vdGUgdGhpcyBhbHNvIGNvdmVycyBzb21lIHdheXMgb2YgZG9pbmcga2V5LXJvbGxv
dmVyISkNCg0KDQpJ4oCZbSBoYXBweSB3aXRoIHRoaXMgYXBwcm9hY2guIEkgYmVsaWV2ZSB0aGF0
IHRoZSBkZXZpY2Ugd2lsbCBuZWVkIHRvIHNldCB0aGUgbXVsdGlwbGUtc2lnbmF0dXJlcyBwb2xp
Y3kuIE90aGVyd2lzZSwgaWYgb25lIHNpZ25hdHVyZSBhbGdvcml0aG0gaXMgYnJva2VuLCB0aGUg
Zm9yZ2luZyBwYXJ0eSBjYW4gc2ltcGx5IGRlc2lnbmF0ZSB0aGF0IG9uZSBzaWduYXR1cmUgaXMg
Z29vZCBlbm91Z2guDQoNCj4NCj4+IFRvIGtlZXAgdGhlIGJvb3QgbG9hZGVyIHNpbXBsZSwgeW91
IGNhbiB0ZXJtaW5hdGUgdGhlIHRydXN0DQo+PiByZWxhdGlvbnNoaXAgd2l0aCB0aGUgdXBkYXRl
IGF1dGhvcml0eSBpbiB0aGUgc3VpdCBjbGllbnQuIElmIHRoYXTigJlzDQo+PiB0aGUgY2FzZSwg
dGhlbiB0aGUgYm9vdCBsb2FkZXIgY2FuIHdvcmsgd2l0aCBNQUMgaW5zdGVhZC4gVGhpcyBkb2Vz
IG5vdA0KPj4gcHJvdmlkZSBmb3IgYSBmdWxsIHNlY3VyZS1ib290IHN0b3J5LCBidXQgaXQgZG9l
cyBwcm92aWRlIGZvciB1cGRhdGVkDQo+PiBjcnlwdG9ncmFwaGljIHByaW1pdGl2ZXMuDQo+DQo+
IEknbSBub3Qgc3VyZSBJIHVuZGVyc3RhbmQgd2hhdCB5b3UgYXJlIHNheWluZyBoZXJlLg0KPiBJ
IHRoaW5rIHlvdSBhcmUgdGFsa2luZyBhYm91dCBzZWN1cmUgYm9vdCAodmFsaWRhdGluZyB0aGUg
aW1hZ2UgaXMgZ29vZA0KPiBiZWZvcmUgYm9vdGluZyBpdCksIHZzIHZhbGlkYXRpbmcgdGhlIGlt
YWdlIGlzIGdvb2QgYmVmb3JlIHN0b3JpbmcgaXQgdG8gZmxhc2g/DQoNClllcywgdGhlIHBvaW50
IEkgYW0gbWFraW5nIGlzIHRoYXQgeW91IGNhbiBoYW5kbGUgYm9vdCBsb2FkZXIgdmVyaWZpY2F0
aW9uIGJ5IHVzaW5nIE1BQyB3aXRoIGEga2V5IHRoYXQgaXMgc2hhcmVkIG9ubHkgYmV0d2VlbiB0
aGUgU3VpdCBjbGllbnQgYW5kIHRoZSBib290IGxvYWRlci4gVGhlbiwgdGhlIGJvb3QgbG9hZGVy
IHRydXN0cyB0aGUgU3VpdCBjbGllbnQgdG8gdmFsaWRhdGUgdGhlIHVwZGF0ZSB1c2luZyB1cC10
by1kYXRlIGNyeXB0b2dyYXBoaWMgcHJpbWl0aXZlcy4gSW4gSW9UIGRldmljZXMgdGhhdCBzdXBw
b3J0IGEgc2VjdXJlIGV4ZWN1dGlvbiBjb250ZXh0LCBkZWxlZ2F0aW5nIHRoaXMgdG8gdGhlIFN1
aXQgY2xpZW50IG9uIGJlaGFsZiBvZiB0aGUgYm9vdCBsb2FkZXIgbWF5IGJlIGEgbW9yZSBhY2Nl
cHRhYmxlIHRyYWRlb2ZmLCBwcm92aWRlZCB0aGF0IHRoZSBzaWduYXR1cmUgdmVyaWZpY2F0aW9u
IHBvcnRpb24gb2YgdGhlIFN1aXQgY2xpZW50IHJ1bnMgaW4gdGhlIHNlY3VyZSBjb250ZXh0Lg0K
DQpJbiBvcmRlciB0byBjb252aW5jZSBhIGJvb3QgbG9hZGVyIHRvIGJvb3QgdGhlIHdyb25nIGlt
YWdlLCBhbiBhdHRhY2tlciB3b3VsZCByZXF1aXJlIGEgcHJpdmlsZWdlIGVzY2FsYXRpb24gb24g
dGhlIElvVCBkZXZpY2UgKGFjY2VzcyB0byB0aGUgQm9vdGxvYWRlci9TdWl0IGNsaWVudCBQU0sg
YW5kIHdyaXRlIGFjY2VzcyB0byB0aGUgZmlybXdhcmUgcGFydGl0aW9uKSBpbiBhZGRpdGlvbiB0
byBkZWxpdmVyeSBvZiBpbXByb3Blcmx5IHNpZ25lZCBmaXJtd2FyZS4gU28gZmFyLCBBRVMgYW5k
IFNIQS0yIGFsZ29yaXRobXMgYXBwZWFyIHRvIGJlIHF1YW50dW0tcmVzaXN0YW50LCBzbyB0aGlz
IHNob3VsZCBiZSBhIHJlYXNvbmFibGUgYXBwcm9hY2guDQoNClRoZSBkb3duLXNpZGUgb2YgdGhp
cyBhcHByb2FjaCBpcyB0aGF0IHdlIGxvc2Ugc29tZSBkZWZlbmNlIGluIGRlcHRoLiBJZiB0aGUg
Ym9vdCBsb2FkZXIgY2FuIHZlcmlmeSB0aGUgYXV0aG9y4oCZcyBzaWduYXR1cmUgZGlyZWN0bHks
IHRoZW4gaXQgY2FuIGRpc3RydXN0IHRoZSBTdWl0IGNsaWVudC4gVGhpcyBhbGxvd3MgbXVsdGlw
bGUgaW5kZXBlbmRlbnQgdmVyaWZpY2F0aW9ucyBvZiB0aGUgdXBkYXRlIGJlZm9yZSBpdCBpcyBl
eGVjdXRlZC4NCg0KU28sIHRoZXJlIGlzIGEgdHJhZGVvZmYgaGVyZS4gRWl0aGVyIHRoZSBib290
bG9hZGVyIGJlY29tZXMgY29tcGxleCBhbmQgbXVzdCBjb250YWluIHNldmVyYWwgbW9kZXJuIGFz
eW1tZXRyaWMgY3J5cHRvZ3JhcGhpYyBwcmltaXRpdmVzLCBvciBpdCBiZWNvbWVzIHNpbXBsZSwg
YnV0IHRydXN0cyB0aGUgU3VpdCBjbGllbnQuDQoNCg0KQmVzdCBSZWdhcmRzLA0KQnJlbmRhbg0K
SU1QT1JUQU5UIE5PVElDRTogVGhlIGNvbnRlbnRzIG9mIHRoaXMgZW1haWwgYW5kIGFueSBhdHRh
Y2htZW50cyBhcmUgY29uZmlkZW50aWFsIGFuZCBtYXkgYWxzbyBiZSBwcml2aWxlZ2VkLiBJZiB5
b3UgYXJlIG5vdCB0aGUgaW50ZW5kZWQgcmVjaXBpZW50LCBwbGVhc2Ugbm90aWZ5IHRoZSBzZW5k
ZXIgaW1tZWRpYXRlbHkgYW5kIGRvIG5vdCBkaXNjbG9zZSB0aGUgY29udGVudHMgdG8gYW55IG90
aGVyIHBlcnNvbiwgdXNlIGl0IGZvciBhbnkgcHVycG9zZSwgb3Igc3RvcmUgb3IgY29weSB0aGUg
aW5mb3JtYXRpb24gaW4gYW55IG1lZGl1bS4gVGhhbmsgeW91Lg0K


From nobody Fri Nov 10 11:03:22 2017
Return-Path: <marti@opensourcefoundries.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 73C861293E0 for <suit@ietfa.amsl.com>; Fri, 10 Nov 2017 11:03:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.889
X-Spam-Level: 
X-Spam-Status: No, score=-1.889 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=opensourcefoundries-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S0CAq_Vet3pg for <suit@ietfa.amsl.com>; Fri, 10 Nov 2017 11:03:16 -0800 (PST)
Received: from mail-wr0-x22e.google.com (mail-wr0-x22e.google.com [IPv6:2a00:1450:400c:c0c::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9755212922E for <suit@ietf.org>; Fri, 10 Nov 2017 11:03:15 -0800 (PST)
Received: by mail-wr0-x22e.google.com with SMTP id j23so9408862wra.9 for <suit@ietf.org>; Fri, 10 Nov 2017 11:03:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=opensourcefoundries-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=7tZ/2k3XMU7vwEXlz6xlnAXwrSBih5kMFEJ4J3FeLbs=; b=OAhQa2EMd0yiEBKlBFAQt3sNZYQJ4nrzG43aHKc2O3f9NuSMaACuHK5Jl3xYZ0Z4u6 hPPZsr9b5qShQ/lWCsEBLIl9uWuRiEauCIxB92pnkrZnlHHEhkvEXvAdJmCDM+BqeZUP LiQw98hQXJq73xJ9/gpgWbz21xe1Vuu77R2lTwGftqL0uXo5mTTGKfbPTY6IFF/sdJz6 lQpJZB3iSIJN4eHYORGE5zequJktdn2WtLWgRJJBJPU0eiOmdVGJveocKqlFXoJVcmQh WlrD40S9UDUU1NOjLOKcJUO8oXsjJiC/HTI3lBU+rsAWYtya5M1jHfOAJiJhfZnDi90W K4UA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=7tZ/2k3XMU7vwEXlz6xlnAXwrSBih5kMFEJ4J3FeLbs=; b=a1Nf9sUW7hH+3Ta3+07Abxz3zczXMeowYekvhFektJliugEDIQDJaQ0XVfFUsXcwuc D2kR2mP94ijaKaKExrsPhEdRtkoNps/crNtLn8YO5r1Nvq1KiKoAh0A3LaV5+l2qsI2M Mfx4iEB62Wge9opl4UU3qUQDfZHO1uj9XqGFTcSE3SKu5HZgrz/nTDh/VZzqBLmopKEu jl7/FMWDUEjKS3PzsLpFYIRj4p5i9jg29iIPZtKPURaCxXbPPH62/iucw3vC6oRNnzlK F8qyyssgA5K/AzXq0PZHquhlYrGRBcV7CuJKNler23mX9TBjV5QU7Wfj/3CpBcn0TdlK NG2w==
X-Gm-Message-State: AJaThX6a2HNzyblh7qa2JmQ4VjfqiNIijSt6Xy6pszOEjdwA4Lowf2dL yY6+fzWe2KwJN2F3lnvyNtz+PfcKaLTY5reQrtblIg==
X-Google-Smtp-Source: AGs4zMa/awBk3zoZaw0/Tqb2g+LrZCjxrD8z/n74lV7vgg3YsLuXfyTm5phQqo6ze5oXxBkMGWCJolR9nSXTuefFDoc=
X-Received: by 10.223.175.87 with SMTP id z81mr1153956wrc.12.1510340593949; Fri, 10 Nov 2017 11:03:13 -0800 (PST)
MIME-Version: 1.0
Received: by 10.223.182.8 with HTTP; Fri, 10 Nov 2017 11:03:13 -0800 (PST)
In-Reply-To: <8A6AFD99-24A3-44E5-9D2B-313DB52D1BBC@sit.fraunhofer.de>
References: <52E90240-4041-4650-96CC-865E82935450@arm.com> <8A6AFD99-24A3-44E5-9D2B-313DB52D1BBC@sit.fraunhofer.de>
From: Marti Bolivar <marti@opensourcefoundries.com>
Date: Fri, 10 Nov 2017 14:03:13 -0500
Message-ID: <CADxOM=vg+vmF73n-u8TP9XX2tY+H5c4xAC=Xso4NBigKgUgXKA@mail.gmail.com>
To: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
Cc: suit@ietf.org, Brendan Moran <Brendan.Moran@arm.com>,  Hannes Tschofenig <hannes.tschofenig@gmx.net>, trishank@nyu.edu
Content-Type: multipart/alternative; boundary="f403045f538c97aebd055da59223"
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/64mkEFlVs7wxrVnWMu29xWh6YqE>
Subject: Re: [Suit] Threat Model and User Stories for draft-moran-suit-manifest-00
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Nov 2017 19:03:20 -0000

--f403045f538c97aebd055da59223
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Hi,

This is my first post to the list, so as a partial introduction, I'm a
developer who has done some work on mcuboot [1]. SUIT invited the mcuboot
developers to lurk / participate, and here I am.

First off, let me emphatically second Henk's comments regarding the
commendable and important work done here, and add another +1 to STRIDE.

As a question to Brendan, do you have any comments on the relationship
between the threats listed here and the goals discussed by Trishank in his
recent email to the list regarding TUF / Uptane, especially those
pertaining to compromise resiliency? My company is also interested in TUF /
Notary / etc. in the Linux arena [2], and it'd be useful to have your
perspective comparing and contrasting TUF's threat model and SUIT's.

Thanks,
Marti


[1] https://github.com/runtimeco/mcuboot
[2]
http://events.linuxfoundation.org/events/embedded-linux-conference-europe/p=
rogram/schedule

On Fri, Nov 10, 2017 at 10:38 AM, Henk Birkholz <
henk.birkholz@sit.fraunhofer.de> wrote:

> +1 to STRIDE in respect to achievable threat models. Please consider that
> additional use cases e.g from Richard & Caraten might have to be taken in=
to
> account, resulting in merged or added use cases (or usage scenarios, some
> of the use cases look more like those).
>
> In any case, your approach is commendable and should be applied more
> rigorously in many cases, I think.
>
> Alas, it is a very resource consuming process, but I will try my best to
> provide comments and feedback after .sg, because your approach deserves
> both attention and support.
>
> Thank you for taking on the effort, Brendon. You are addressing an
> important prerequisite.
>
> Hochachtungsvoll,
>
> Henk
>
>
> On November 10, 2017 11:27:09 PM GMT+08:00, Brendan Moran <
> Brendan.Moran@arm.com> wrote:
>>
>> The manifest format as described in draft-moran-suit-manifest-00 was
>> designed using a threat model and a set of User stories. From the threat
>> model, we extracted security requirements that mitigate the threats and
>> placed fields in the manifest that enable implementation of the security
>> requirements. From the user stories, we extracted usability requirements
>> that enable those user stories, and placed fields in the manifest that
>> implement those usability requirements.
>>
>>
>> Note that not all user stories are covered here. This is intentional,
>> since there are a great many possible user stories, only sufficient user
>> stories to cover the fields in the Manifest have been included.
>>
>> Best Regards,
>> Brendan Moran
>>
>>
>> Threat Model
>>
>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>> I will describe the threats we have considered, the security requirement=
s
>> that are derived from those threats and the fields that permit
>> implementation of the security requirements. I will address the threats =
in
>> the order that the relevant fields appear.
>>
>>
>> This model uses the S.T.R.I.D.E. approach. Each threat is classified
>> according to:
>>
>> * Spoofing Identity
>>
>> * Tampering with data
>>
>> * Repudiation
>>
>> * Information disclosure
>>
>> * Denial of service
>>
>> * Elevation of privilege
>>
>> See here for more information on The STRIDE Threat Model:
>> https://msdn.microsoft.com/en-us/library/ee823878(v=3Dcs.20).aspx
>>
>>
>> N.B. In firmware update, it is common for an attack to expose all classe=
s
>> of threat.
>>
>>
>>
>> Threat Descriptions
>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>>
>> Threat MFT1: Old Firmware
>>
>> -----------------------------------
>> Classification: Escalation of Privilege
>>
>>
>> An attacker sends an old, but valid manifest to a device with an old, bu=
t
>> valid payload. If there is a known vulnerability in the payload, this ca=
n
>> allow an attacker to gain complete control of a device.
>>
>>
>> Threat Escalation: If the attacker is able to exploit the known
>> vulnerability, then this threat can be escalated to ALL TYPES
>>
>>
>> Threat MFT2: Mismatched Firmware
>>
>> -----------------------------------
>> Classification: Denial of Service
>>
>>
>> An attacker sends valid firmware, for the wrong type of device, signed b=
y
>> an actor with firmware installation authority on both types of device. T=
he
>> firmware is trusted by the device because it is signed by an actor with
>> firmware installation authority. This could have wide-ranging consequenc=
es.
>> For devices that are similar, it could cause minor breakage, or expose
>> security vulnerabilities. For devices that are very different, it is lik=
ely
>> to render devices inoperable.
>>
>>
>> Threat MFT3: Offline device + Old Firmware
>>
>> -----------------------------------
>> Classification: Escalation of Privilege
>>
>> An attacker targets a device that has been offline for a long time and
>> runs an old firmware version. The attacker sends an old, but valid manif=
est
>> to a device with an old, but valid payload. The attacker-provided firmwa=
re
>> is newer than the installed one but older than the most recently availab=
le
>> firmware. If there is a known vulnerability in the payload, this can all=
ow
>> an attacker to gain complete control of a device. Because the device has
>> been offline for a long time, it is unaware of any new updates. As such =
it
>> will treat the old manifest as the most current.
>>
>> Threat Escalation: If the attacker is able to exploit the known
>> vulnerability, then this threat can be escalated to ALL TYPES
>>
>>
>> Threat MFT4: The target device misinterprets the type of payload.
>>
>> -----------------------------------
>> Classification: Denial of Service
>>
>>
>> If a device misinterprets the payload type, it may cause a device to
>> install a payload incorrectly. An incorrectly installed payload would
>> likely cause the device to stop functioning.
>>
>>
>> Threat Escalation: An attacker that can cause a device to misinterpret
>> the received code and could gain an Escalation of Privilege and potentia=
lly
>> expand this to all types of threat.
>>
>> Threat MFT5: The target device installs the payload to the wrong locatio=
n
>>
>> -----------------------------------
>> Classification: Denial of Service
>>
>>
>> If a device installs code or data to the wrong part of the device, then
>> it is likely to break. A firmware installed as configuration or a networ=
k
>> stack installed as an application could cause a device to stop functioni=
ng.
>>
>> Threat Escalation: An attacker that can cause a device to misinterpret
>> the received code and could gain an Escalation of Privilege and potentia=
lly
>> expand this to all types of threat.
>>
>> Threat MFT6: Redirection
>>
>> -----------------------------------
>> Classification: Denial of Service
>>
>>
>> If a device does not know where to obtain the payload for an update, it
>> may be redirected to an attacker=E2=80=99s server. This would allow an a=
ttacker to
>> provide broken payloads to devices without needing to construct a Man in
>> the Middle.
>>
>>
>> Threat MFT7: Payload Verification on Boot
>>
>> -----------------------------------
>> Classification: All Types
>>
>>
>> An attacker replaces a newly downloaded firmware after a device finishes
>> verifying a manifest. This could cause the device to execute the attacke=
r=E2=80=99s
>> code. This attack likely requires physical access to the device, however=
 it
>> is possible that it could be carried out when combined with another thre=
at
>> that allows remote execution.
>>
>> Threat MFT8: Unauthenticated Updates
>> -----------------------------------
>> Classification: All Types
>>
>> If an attacker can install their firmware on a device, by manipulating
>> either payload or metadata, then they have complete control of the devic=
e.
>>
>> Threat MFT9: Unexpected Precursor images
>> -----------------------------------
>> Classification: Denial of Service
>>
>> An attacker sends a valid, current manifest to a device that has an
>> unexpected precursor image. If a payload format requires a precursor ima=
ge
>> (for example, delta updates) and that precursor image is not available o=
n
>> the target device, it could cause the update to break.
>>
>> Threat Escalation: An attacker that can cause a device to install a
>> payload against the wrong precursor image could gain an Escalation of
>> Privilege and potentially expand this to all types of threat.
>>
>>
>> Security Requirements
>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>> The security requirements here are a set of policies that mitigate the
>> threats described in the previous section
>>
>> Security Requirement MFSR1: monotonic sequence numbers
>>
>> -----------------------------------
>> Only an actor with firmware installation authority is permitted to decid=
e
>> when device firmware can be installed. To enforce this rule, Manifests M=
UST
>> contain a monotonic sequence number. Manifests MAY use UTC epoch timesta=
mps
>> to coordinate monotonic sequence numbers across many actors in many
>> locations. Devices MUST reject manifests with sequence numbers smaller t=
han
>> any onboard sequence number.
>>
>>
>> N.B. This is not a firmware version. It is a manifest sequence number. A
>> firmware version may be rolled back by creating a new manifest for the o=
ld
>> firmware version with a later sequence number.
>>
>>
>> Mitigates: Threat MFT1
>>
>>
>> Security Requirement MFSR2: Vendor, device-type identifiers
>>
>> -----------------------------------
>> Devices MUST only apply firmware that is intended for them. Devices MUST
>> know with fine granularity that a given update applies to their vendor,
>> model, hardware revision, software revision. Human-readable identifiers =
are
>> often error-prone in this regard, so Unique-IDs SHOULD be used.
>>
>>
>> Mitigates: Threat MFT2
>>
>>
>> Security Requirement MFSR3: Best-Before timestamps
>> -----------------------------------
>> Firmware MAY expire after a given time. Devices MAY provide a secure
>> clock (local or remote). If a secure clock is provided and the Firmware
>> Manifest has a best-before timestamp, the device MUST reject the
>> manifest if current time is larger than the best-before time.
>>
>> Mitigates: Threat MFT3
>>
>> Security Requirement MFSR4: Signed Payload Descriptor
>>
>> -----------------------------------
>> All descriptive information about the payload MUST be signed. This MUST
>> include:
>>
>> * The location to store the payload
>>
>> * The payload digest, in each state of installation (encrypted,
>> plaintext, installed, etc.)
>>
>> * The payload size
>>
>> * The payload format
>>
>> * Where to obtain the payload
>>
>> * All instructions or parameters for applying the payload
>>
>> * Any rules that identify whether or not the payload can be used on this
>> device
>>
>>
>> Mitigates: Threats MFT5, MFT6, MFT7,
>>
>> MFT9
>>
>> Security Requirement MFSR5: Provable authenticity
>> -----------------------------------
>> The authenticity of an update must be provable, with sufficient levels o=
f
>> entropy to remain secure for the lifetime of the device. Typically, this
>> means that updates must be signed. Other proof mechanisms are acceptable=
,
>> such as MACs, or Authenticated Encryption, or AEAD algorithms. Because t=
he
>> manifest contains information about how to install the update, the
>> manifest's authenticity must be provable. To reduce the overhead require=
d
>> for validation, the manifest contains the digest of the payload, rather
>> than another signature. This does not change the provability of the
>> payload. The authenticity of the manifest is provable with a signature, =
the
>> authenticity of the payload digest is provable with the manifest, and th=
e
>> authenticity of the payload is provable with the payload digest.
>>
>> Mitigates: Threat MFT8
>>
>>
>> User Stories
>>
>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>> User stories provide expected use-cases. These are used to feed into
>> usability requirements.
>>
>>
>> Use Case MFUC1: Installation Instructions
>>
>> -----------------------------------
>> As an OEM for IoT devices, I want to provide my devices with additional
>> installation instructions so that I can keep process detail out of my
>> payload data.
>>
>>
>> Some installation instructions might be:
>>
>> * Specify a package handler
>>
>> * Use a table of hashes to ensure that each block of the payload is
>> validate before writing.
>>
>> * Run post-processing script after the update is installed
>>
>> * Do not report progress
>>
>> * Pre-cache the update, but do not install
>>
>> * Install the pre-cached update matching this manifest
>>
>> * Install this update immediately, overriding any long-running tasks.
>>
>>
>>
>>
>> Use Case MFUC2: Operator Infrastructure
>>
>> -----------------------------------
>> As an Operator of IoT devices, I would like to tell my devices to look a=
t
>> my own infrastructure for payloads so that I can manage the traffic
>> generated by firmware updates on my network and my peers=E2=80=99 networ=
ks.
>>
>>
>> Use Case MFUC3: Modular Update
>>
>> -----------------------------------
>> As an OEM of IoT devices, I want to divide my firmware into frequently
>> updated and infrequently updated components, so that I can reduce the si=
ze
>> of updates and make different parties responsible for different componen=
ts.
>>
>>
>> Use Case MFUC4: Multiple Authorisations
>> -----------------------------------
>>
>> As an Operator, I want to ensure the quality of a firmware update before
>> installing it, so that I can ensure a high standard of reliability on my
>> network. The OEM may restrict my ability to create firmware, so I cannot=
 be
>> the only authority on the device.
>>
>>
>> Use Case MFUC5: Multiple Payload Formats
>> -----------------------------------
>>
>> As a OEM or Operator of devices, I want to be able to send multiple
>> payload formats to suit the needs of my update, so that I can optimise t=
he
>> bandwidth used by my devices.
>>
>>
>> Usability Requirements
>>
>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>> The following usability requirements satisfy the user stories listed
>> above.
>>
>>
>> Usability Requirement MFUR1:
>>
>> It must be possible to write additional installation instructions into
>> the manifest.
>>
>>
>> Satisfies Use-Case MFUC1
>>
>>
>> Usability Requirement MFUR2:
>>
>> -----------------------------------
>> It must be possible to redirect payload fetches. This applies where two
>> manifests are used in conjunction. For example, an OEM manifest specifie=
s a
>> payload and signs it, and provides a URI for that payload. An Operator
>> creates a second manifest, with a dependency on the first. They use this
>> second manifest to override the URIs provided by the OEM, directing them
>> into their own infrastructure instead.
>>
>>
>> Satisfies Use-Case MFUC2
>>
>>
>> Usability Requirement MFUR3:
>>
>> -----------------------------------
>> It MUST be possible to link multiple manifests together so that a
>> multi-component update can be described. This allows multiple parties wi=
th
>> different permissions to collaborate in creating a single update for the
>> IoT device, across multiple components.
>>
>>
>> Satisfies Use-Case MFUC2, MFUC3
>>
>>
>> Usability Requirement MFUR4:
>> -----------------------------------
>> It MUST be possible to sign a manifest multiple times so that signatures
>> from multiple parties with different permissions can be required in orde=
r
>> to authorise installation of a manifest.
>>
>> Satisfies Use-Case MFUC4
>>
>> Usability Requirement MFUR5:
>> -----------------------------------
>> The manifest format MUST accommodate any payload format that an operator
>> or OEM wishes to use. Some examples of payload format would be:
>>
>> * Binary
>>
>> * Elf
>>
>> * Differential
>>
>> * Compressed
>> * Packed configuration
>>
>> Satisfies Use-Case MFUC5
>>
>>
>> Manifest Fields:
>>
>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>> Each manifest field is anchored in a security requirement or a usability
>> requirement. The manifest fields are described below and justified by th=
eir
>> requirements.
>>
>>
>> Manifest Field: Timestamp
>>
>> -----------------------------------
>> A monotonic sequence number, implemented as an integer Timestamp.
>>
>>
>> Implements: Security Requirement MFSR1.
>>
>>
>> Manifest Field: Vendor ID condition
>>
>> -----------------------------------
>> Vendor IDs MUST be unique. This is to prevent similarly, or identically
>> named entities from different geographic regions from colliding in their
>> customer=E2=80=99s infrastructure. Recommended practice is to use type 5=
 UUIDs with
>> the vendor=E2=80=99s domain name and the UUID DNS prefix. Other options =
include
>> type 1 and type 4 UUIDs.
>>
>>
>> Implements: Security Requirement MFSR2, MFSR4.
>>
>>
>> Manifest Field: Class ID condition
>>
>> -----------------------------------
>> Class Identifiers MUST be unique within a Vendor ID. This is to prevent
>> similarly, or identically named devices colliding in their customer=E2=
=80=99s
>> infrastructure. Recommended practice is to use type 5 UUIDs with the mod=
el,
>> hardware revision, etc. and use the Vendor ID as the UUID prefix. Other
>> options include type 1 and type 4 UUIDs. A device =E2=80=9CClass=E2=80=
=9D is defined as any
>> device that can run the same firmware without modification. Classes MAY =
be
>> implemented in a more granular way. Classes MUST NOT be implemented in a
>> less granular way. Class ID can encompass model name, hardware revision,
>> software revision. Devices MAY have multiple Class IDs.
>>
>>
>> Implements: Security Requirement MFSR2, MFSR4.
>>
>>
>>
>> Manifest Field: Precursor Image Digest Condition
>>
>> -----------------------------------
>> When a precursor image is required by the payload format, a precursor
>> image digest condition MUST be present in the conditions list.
>>
>> Implements: Security Requirement MFSR4
>>
>>
>> Manifest Field: Best-Before timestamp
>>
>> -----------------------------------
>> This field tells a device the last application time. This is only usable
>> in conjunction with a secure clock.
>>
>>
>> Implements Security Requirement MFSR3
>>
>>
>> Manifest Field: Payload Format
>>
>> -----------------------------------
>> The format of the payload must be indicated to devices is in an
>> unambiguous way. This field provides a mechanism to describe the payload
>> format, within the signed metadata.
>>
>>
>> Implements Security Requirement MFSR4, Usability Requirement
>>
>> MFUR5
>>
>>
>> Manifest Field: Storage Location
>>
>> -----------------------------------
>> This field tells the device which component is being updated. The device
>> can use this to establish which permissions are necessary and the physic=
al
>> location to use.
>>
>>
>> Implements Security Requirement MFSR4
>>
>>
>> Manifest Field: URIs
>>
>> -----------------------------------
>> This field is a list of weighted URIs that the device uses to select
>> where to obtain a payload.
>>
>>
>> Implements Security Requirement MFSR4
>>
>>
>> Manifest Field: digests
>>
>> -----------------------------------
>> This field is a map of digests, each for a separate stage of
>> installation. This allows the target device to ensure authenticity of th=
e
>> payload at every step of installation.
>>
>>
>> Implements Security Requirement MFSR4
>>
>>
>> Manifest Field: Size
>>
>> -----------------------------------
>> The size of the payload in bytes.
>>
>>
>> Implements Security Requirement MFSR4
>>
>>
>> Manifest Field: Signature
>>
>> -----------------------------------
>>
>> This is not strictly a manifest field. Instead, the manifest is wrapped
>> by a standardised signature container, such as a COSE or CMS signature
>> object. The signature container MUST support multiple signatures.
>>
>>
>> Implements Security Requirement MFSR5, MFUR4
>>
>>
>> Manifest Field: Directives
>>
>> -----------------------------------
>> A list of instructions that the device should execute, in order, when
>> installing the payload.
>>
>>
>> Implements Usability Requirement MFUR1
>>
>>
>> Manifest Field: Aliases
>>
>> -----------------------------------
>> A list of URI/Digest pairs. A device should build an alias table while
>> paring a manifest tree and treat any aliases as top-ranked URIs for the
>> corresponding digest.
>>
>>
>> Implements Usability Requirement MFUR2
>>
>>
>> Manifest Field: Dependencies
>>
>> -----------------------------------
>> A list of URI/Digest pairs that refer to other manifests by digest. The
>> manifests that are linked in this way must be acquired and installed
>> simultaneously in order to form a complete update.
>>
>>
>> Implements Usability Requirement MFUR3
>>
>>
>>
>> IMPORTANT NOTICE: The contents of this email and any attachments are
>> confidential and may also be privileged. If you are not the intended
>> recipient, please notify the sender immediately and do not disclose the
>> contents to any other person, use it for any purpose, or store or copy t=
he
>> information in any medium. Thank you.
>
>
> --
> Sent from my Android device with K-9 Mail. Please excuse my brevity.
>
> _______________________________________________
> Suit mailing list
> Suit@ietf.org
> https://www.ietf.org/mailman/listinfo/suit
>
>

--f403045f538c97aebd055da59223
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Hi,<div><br></div><div>This is my first post to the list, =
so as a partial introduction, I&#39;m a developer who has done some work on=
 mcuboot [1]. SUIT invited the mcuboot developers to lurk / participate, an=
d here I am.</div><div><br></div><div>First off, let me emphatically second=
 Henk&#39;s comments regarding the commendable and important work done here=
, and add another +1 to STRIDE.</div><div><br></div><div>As a question to B=
rendan, do you have any comments on the relationship between the threats li=
sted here and the goals discussed by Trishank in his recent email to the li=
st regarding TUF / Uptane, especially those pertaining to compromise resili=
ency? My company is also interested in TUF / Notary / etc. in the Linux are=
na [2], and it&#39;d be useful to have your perspective comparing and contr=
asting TUF&#39;s threat model and SUIT&#39;s.</div><div><br></div><div>Than=
ks,</div><div>Marti</div><div><br></div><div><br></div><div>[1]=C2=A0<a hre=
f=3D"https://github.com/runtimeco/mcuboot">https://github.com/runtimeco/mcu=
boot</a></div><div>[2]=C2=A0<a href=3D"http://events.linuxfoundation.org/ev=
ents/embedded-linux-conference-europe/program/schedule">http://events.linux=
foundation.org/events/embedded-linux-conference-europe/program/schedule</a>=
</div></div><div class=3D"gmail_extra"><br><div class=3D"gmail_quote">On Fr=
i, Nov 10, 2017 at 10:38 AM, Henk Birkholz <span dir=3D"ltr">&lt;<a href=3D=
"mailto:henk.birkholz@sit.fraunhofer.de" target=3D"_blank">henk.birkholz@si=
t.fraunhofer.de</a>&gt;</span> wrote:<br><blockquote class=3D"gmail_quote" =
style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">


<div style=3D"word-wrap:break-word">+1 to STRIDE in respect to achievable t=
hreat models. Please consider that additional use cases e.g from Richard &a=
mp; Caraten might have to be taken into account, resulting in merged or add=
ed use cases (or usage scenarios, some of the use cases look more like thos=
e).<br>
<br>
In any case, your approach is commendable and should be applied more rigoro=
usly in many cases, I think.<br>
<br>
Alas, it is a very resource consuming  process, but I will try my best to p=
rovide comments and feedback after .sg, because your approach deserves both=
 attention and support.<br>
<br>
Thank you for taking on the effort, Brendon. You are addressing an importan=
t prerequisite.<br>
<br>
Hochachtungsvoll,<br>
<br>
Henk<div><div class=3D"h5"><br><br><div class=3D"gmail_quote">On November 1=
0, 2017 11:27:09 PM GMT+08:00, Brendan Moran &lt;<a href=3D"mailto:Brendan.=
Moran@arm.com" target=3D"_blank">Brendan.Moran@arm.com</a>&gt; wrote:<block=
quote class=3D"gmail_quote" style=3D"margin:0pt 0pt 0pt 0.8ex;border-left:1=
px solid rgb(204,204,204);padding-left:1ex">

<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
The manifest format as described in draft-moran-suit-manifest-00 was design=
ed using a threat model and a set of User stories. From the threat model, w=
e extracted security requirements that mitigate the threats and placed fiel=
ds in the manifest that enable implementation
 of the security requirements. From the=C2=A0user stories, we extracted usa=
bility requirements that enable those user stories, and placed fields in th=
e manifest that implement those usability requirements.<p></p></div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
<br>
</div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
Note that not all user stories are covered here. This is intentional, since=
 there are a great many possible user stories, only sufficient user stories=
 to cover the fields in the Manifest have been included.</div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
<br>
</div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
Best Regards,</div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
Brendan Moran</div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
<p>=C2=A0</p></div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
Threat Model<p></p></div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
<span style=3D"font-size:11pt">I will describe the threats we have consider=
ed, the security requirements that are derived from those threats and the f=
ields that permit implementation of the security requirements. I will addre=
ss the threats in the order
 that the relevant fields appear.</span></div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
<p></p></div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
<p>=C2=A0</p></div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
This model uses the S.T.R.I.D.E. approach. Each threat is classified accord=
ing to:<p></p></div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
* Spoofing Identity<p></p></div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
* Tampering with data<p></p></div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
* Repudiation<p></p></div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
* Information disclosure<p></p></div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
* Denial of service<p></p></div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
* Elevation of privilege<p></p></div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
See here for more information on The STRIDE Threat Model:=C2=A0<a href=3D"h=
ttps://msdn.microsoft.com/en-us/library/ee823878(v=3Dcs.20).aspx" style=3D"=
color:purple" target=3D"_blank"><span style=3D"color:windowtext;text-decora=
tion:none">https://msdn.microsoft.<wbr>com/en-us/library/ee823878(v=3D<wbr>=
cs.20).aspx</span></a><p></p></div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
<p>=C2=A0</p></div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
N.B. In firmware update, it is common for an attack to expose all classes o=
f threat.<p></p></div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
<p>=C2=A0</p></div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
<p>Threat Descriptions</p></div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
<span style=3D"font-size:11pt">=C2=A0</span></div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
Threat MFT1: Old Firmware<p></p></div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
------------------------------<wbr>-----</div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
Classification: Escalation of Privilege<p></p></div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
<p>=C2=A0</p></div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
An attacker sends an old, but valid manifest to a device with an old, but v=
alid payload. If there is a known vulnerability in the payload, this can al=
low an attacker to gain complete control of a device.<p></p></div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
<p>=C2=A0</p></div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
Threat Escalation: If the attacker is able to exploit the known vulnerabili=
ty, then this threat can be escalated to ALL TYPES<p></p></div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
<p>=C2=A0</p></div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
Threat MFT2: Mismatched Firmware<p></p></div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
------------------------------<wbr>-----</div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
Classification: Denial of Service<p></p></div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
<p>=C2=A0</p></div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
An attacker sends valid firmware, for the wrong type of device, signed by a=
n actor with firmware installation authority on both types of device. The f=
irmware is trusted by the device because it is signed by an actor with firm=
ware installation authority. This
 could have wide-ranging consequences. For devices that are similar, it cou=
ld cause minor breakage, or expose security vulnerabilities. For devices th=
at are very different, it is likely to render devices inoperable.<p></p></d=
iv>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
<p>=C2=A0</p></div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
Threat MFT3: Offline device + Old Firmware<p></p></div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
------------------------------<wbr>-----</div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
Classification: Escalation of Privilege</div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
<br>
</div>
<div style=3D"margin:0cm 0cm 0.0001pt"><font face=3D"Calibri, sans-serif"><=
span style=3D"font-size:14.666666984558105px">An attacker targets a device =
that has been offline for a long time and runs an old firmware version. The=
 attacker
 sends an old, but valid manifest to a device with an old, but=C2=A0valid p=
ayload. The attacker-provided firmware is newer than the installed one but =
older than the most recently available firmware. If there is a known vulner=
ability in the=C2=A0payload, this can allow
 an attacker to gain complete control of a device. Because the device has b=
een offline for a long time, it is unaware of any new updates. As such it w=
ill=C2=A0treat the old manifest as the most current.</span></font></div>
<div style=3D"margin:0cm 0cm 0.0001pt"><font face=3D"Calibri, sans-serif"><=
span style=3D"font-size:14.666666984558105px"><br>
</span></font></div>
<div style=3D"margin:0cm 0cm 0.0001pt">
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
Threat Escalation: If the attacker is able to exploit the known vulnerabili=
ty, then this threat can be escalated to ALL TYPES<p></p></div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
<p>=C2=A0</p></div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
Threat MFT4: The target device misinterprets the type of payload.<p></p></d=
iv>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
------------------------------<wbr>-----</div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
Classification: Denial of Service<p></p></div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
<p>=C2=A0</p></div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
If a device misinterprets the payload type, it may cause a device to instal=
l a payload incorrectly. An incorrectly installed payload would likely caus=
e the device to stop functioning.<p></p></div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
<br>
</div>
<div style=3D"margin:0cm 0cm 0.0001pt"><font face=3D"Calibri, sans-serif"><=
span style=3D"font-size:14.666666984558105px">Threat Escalation: An attacke=
r that can cause a device to misinterpret the received code and could gain =
an Escalation
 of Privilege and potentially expand this to all types of=C2=A0threat.</spa=
n></font></div>
<div style=3D"margin:0cm 0cm 0.0001pt"><font face=3D"Calibri, sans-serif"><=
span style=3D"font-size:14.666666984558105px"><br>
</span></font></div>
<div style=3D"margin:0cm 0cm 0.0001pt">
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
Threat MFT5: The target device installs the payload to the wrong location<p=
></p></div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
------------------------------<wbr>-----</div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
Classification: Denial of Service<p></p></div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
<p>=C2=A0</p></div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
If a device installs code or data to the wrong part of the device, then it =
is likely to break. A firmware installed as configuration or a network stac=
k installed as an application could cause a device to stop functioning.</di=
v>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
<br>
</div>
<div style=3D"margin:0cm 0cm 0.0001pt"><font face=3D"Calibri, sans-serif"><=
span style=3D"font-size:14.666666984558105px">Threat Escalation: An attacke=
r that can cause a device to misinterpret the received code and could gain =
an Escalation
 of Privilege and potentially expand this to all types of=C2=A0threat.</spa=
n></font></div>
<div style=3D"margin:0cm 0cm 0.0001pt"><font face=3D"Calibri, sans-serif"><=
span style=3D"font-size:14.666666984558105px"><br>
</span></font></div>
<div style=3D"margin:0cm 0cm 0.0001pt">
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
Threat MFT6: Redirection<p></p></div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt">---------------------=
---------<wbr>-----</div>
<div><span style=3D"font-size:11pt">Classification: Denial of Service</span=
></div>
</div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
<p></p></div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
<p>=C2=A0</p></div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
If a device does not know where to obtain the payload for an update, it may=
 be redirected to an attacker=E2=80=99s server. This would allow an attacke=
r to provide broken payloads to devices without needing to construct a Man =
in the Middle.<p></p></div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
<p>=C2=A0</p></div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
Threat MFT7: Payload Verification on Boot<p></p></div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
------------------------------<wbr>-----</div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
Classification: All Types<p></p></div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
<p>=C2=A0</p></div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
An attacker replaces a newly downloaded firmware after a device finishes ve=
rifying a manifest. This could cause the device to execute the attacker=E2=
=80=99s code. This attack likely requires physical access to the device, ho=
wever it is possible that it could be carried
 out when combined with another threat that allows remote execution.</div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
<br>
</div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
Threat MFT8: Unauthenticated Updates</div>
<div style=3D"margin:0cm 0cm 0.0001pt">
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
------------------------------<wbr>-----</div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<span style=3D"font-size:11pt">Classification: All Types</span></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<br>
</div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
If an attacker can install their firmware on a device, by manipulating eith=
er payload or metadata, then they have complete control of the device.</div=
>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<br>
</div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
Threat MFT9: Unexpected Precursor images</div>
<div style=3D"margin:0cm 0cm 0.0001pt">
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
------------------------------<wbr>-----</div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<span style=3D"font-size:11pt">Classification:=C2=A0</span><span style=3D"f=
ont-size:11pt">Denial of Service</span></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<span style=3D"font-size:11pt"><br>
</span></div>
<div style=3D"margin:0cm 0cm 0.0001pt"><font face=3D"Calibri, sans-serif"><=
span style=3D"font-size:11pt">An attacker sends a valid, current manifest t=
o a device that has an unexpected precursor image. If a payload format requ=
ires a
 precursor image (for example, delta updates) and that precursor image is n=
ot available on the target device, it could=C2=A0</span><span style=3D"font=
-size:14.666666984558105px">cause</span><span style=3D"font-size:11pt">=C2=
=A0the update to break.</span></font></div>
<div style=3D"margin:0cm 0cm 0.0001pt"><font face=3D"Calibri, sans-serif"><=
span style=3D"font-size:11pt"><br>
</span></font></div>
<div style=3D"margin:0cm 0cm 0.0001pt"><span style=3D"font-family:Calibri,s=
ans-serif;font-size:14.666666984558105px">Threat Escalation: An attacker th=
at can cause a device to install a payload against the wrong precursor imag=
e could gain
 an Escalation of Privilege and potentially expand this to all types of=C2=
=A0threat.</span></div>
</div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<br>
</div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<br>
</div>
</div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
Security Requirements</div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt">=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</div>
<div>The security requirements here are a set of policies that mitigate the=
 threats described in the previous section</div>
<div><br>
</div>
</div>
<div style=3D"margin:0cm 0cm 0.0001pt">
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
Security Requirement MFSR1: monotonic sequence numbers=C2=A0<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<span style=3D"font-size:11pt">------------------------------<wbr>-----</sp=
an></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt"><span style=3D=
"font-size:11pt">Only an actor with firmware installation authority is perm=
itted to decide when device firmware can be installed. To enforce this rule=
, Manifests
 MUST contain a monotonic sequence number. Manifests MAY use</span><span st=
yle=3D"font-size:11pt">=C2=A0</span><s style=3D"font-size:11pt"><span style=
=3D"color:rgb(149,55,53)">UTC epoch=C2=A0</span></s><span style=3D"font-siz=
e:11pt">timestamps
 to coordinate monotonic sequence numbers across many actors in many locati=
ons. Devices MUST reject manifests with sequence numbers smaller than any o=
nboard sequence number.</span></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<p>=C2=A0</p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
N.B. This is not a firmware version. It is a manifest sequence number. A fi=
rmware version may be rolled back by creating a new manifest for the old fi=
rmware version with a later sequence number.<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<p>=C2=A0</p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
Mitigates: Threat MFT1<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<p>=C2=A0</p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
Security Requirement MFSR2: Vendor, device-type identifiers=C2=A0<p></p></d=
iv>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
------------------------------<wbr>-----</div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<span style=3D"font-size:11pt">Devices MUST only apply firmware that is int=
ended for them. Devices MUST know with fine granularity that a given update=
 applies to their vendor, model, hardware revision, software revision. Huma=
n-readable identifiers
 are often error-prone in this regard, so Unique-IDs SHOULD be used.</span>=
</div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<p>=C2=A0</p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
Mitigates: Threat MFT2<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<p>=C2=A0</p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
Security Requirement MFSR3: Best-Before timestamps</div>
<div style=3D"margin:0cm 0cm 0.0001pt">
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
------------------------------<wbr>-----</div>
<div style=3D"margin:0cm 0cm 0.0001pt"><font face=3D"Calibri, sans-serif"><=
span style=3D"font-size:14.666666984558105px">Firmware MAY expire after a g=
iven time. Devices MAY provide a secure clock (local or remote). If a secur=
e clock
 is provided and the Firmware Manifest has a best-before=C2=A0timestamp, th=
e device MUST reject the manifest=C2=A0if current time is larger than the b=
est-before time.<br>
=C2=A0<br>
Mitigates: Threat MFT3</span></font></div>
<div style=3D"margin:0cm 0cm 0.0001pt"><font face=3D"Calibri, sans-serif"><=
span style=3D"font-size:14.666666984558105px"><br>
</span></font></div>
<div style=3D"margin:0cm 0cm 0.0001pt">
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
Security Requirement MFSR4: Signed Payload Descriptor<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
------------------------------<wbr>-----</div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
<span style=3D"font-size:11pt">All descriptive information about the payloa=
d MUST be signed. This MUST include:</span></div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
<p></p></div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
* The location to store the payload<p></p></div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
* The payload digest, in each state of installation (encrypted, plaintext, =
installed, etc.)<p></p></div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
* The payload size<p></p></div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
* The payload format<p></p></div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
* Where to obtain the payload<p></p></div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
* All instructions or parameters for applying the payload<p></p></div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
* Any rules that identify whether or not the payload can be used on this de=
vice<p></p></div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
<p>=C2=A0</p></div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
Mitigates: Threats MFT5, MFT6, MFT7,=C2=A0<p></p>MFT9</div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
<br>
</div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
Security Requirement MFSR5: Provable authenticity</div>
<div style=3D"margin:0cm 0cm 0.0001pt">
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
------------------------------<wbr>-----</div>
<div><font face=3D"Calibri, sans-serif"><span style=3D"font-size:14.6666669=
84558105px">The authenticity of an update must be provable, with sufficient=
 levels of entropy to remain secure for the lifetime of the device. Typical=
ly, this
 means that updates must be signed. Other proof mechanisms are acceptable, =
such as MACs, or Authenticated Encryption, or AEAD algorithms. Because the =
manifest contains=C2=A0information about how to install the update, the man=
ifest&#39;s authenticity must be provable.
 To reduce the overhead required for validation, the manifest contains the =
digest of the payload,=C2=A0rather than another signature. This does not ch=
ange the provability of the payload. The authenticity of the manifest is pr=
ovable with a signature, the authenticity
 of the payload digest is=C2=A0provable with the manifest, and the authenti=
city of the payload is provable with the payload digest.</span></font></div=
>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt"><br>
</div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt">Mitigates: Thr=
eat MFT8</div>
</div>
<div style=3D"margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sa=
ns-serif">
<p>=C2=A0</p></div>
</div>
<div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
User Stories<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
User stories provide expected use-cases. These are used to feed into usabil=
ity requirements.<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<p>=C2=A0</p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
Use Case MFUC1: Installation Instructions<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
------------------------------<wbr>-----</div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
As an OEM for IoT devices, I want to provide my devices with additional ins=
tallation instructions so that I can keep process detail out of my payload =
data.<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<p>=C2=A0</p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
Some installation instructions might be:<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
* Specify a package handler<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
* Use a table of hashes to ensure that each block of the payload is validat=
e before writing.<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
* Run post-processing script after the update is installed<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
* Do not report progress<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
* Pre-cache the update, but do not install<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
* Install the pre-cached update matching this manifest<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
* Install this update immediately, overriding any long-running tasks.<p></p=
></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<p>=C2=A0</p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<p>=C2=A0</p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
Use Case MFUC2: Operator Infrastructure<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
------------------------------<wbr>-----</div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
As an Operator of IoT devices, I would like to tell my devices to look at m=
y own infrastructure for payloads so that I can manage the traffic generate=
d by firmware updates on my network and my peers=E2=80=99 networks.<p></p><=
/div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<p>=C2=A0</p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
Use Case MFUC3: Modular Update<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
------------------------------<wbr>-----</div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
As an OEM of IoT devices, I want to divide my firmware into frequently upda=
ted and infrequently updated components, so that I can reduce the size of u=
pdates and make different parties responsible for different components.<p><=
/p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<p><br>
</p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<p>Use Case MFUC4: Multiple Authorisations</p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
------------------------------<wbr>-----</div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<p>As an Operator, I want to ensure the quality of a firmware update before=
 installing it, so that I can ensure a high standard of reliability on my n=
etwork. The OEM may restrict my ability to create firmware, so I cannot be =
the only authority on
 the device.</p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<p><br>
</p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<p>Use Case MFUC5: Multiple Payload Formats</p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
------------------------------<wbr>-----</div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<p>As a OEM or Operator of devices, I want to be able to send multiple payl=
oad formats to suit the needs of my update, so that I can optimise the band=
width used by my devices.</p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<br>
</div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<span style=3D"font-size:11pt">=C2=A0</span></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
Usability Requirements<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
The following usability requirements satisfy the user stories listed above.=
<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<p>=C2=A0</p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
Usability Requirement MFUR1:<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
It must be possible to write additional installation instructions into the =
manifest.<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<p>=C2=A0</p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
Satisfies Use-Case MFUC1<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<p>=C2=A0</p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
Usability Requirement MFUR2:<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
------------------------------<wbr>-----</div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
It must be possible to redirect payload fetches. This applies where two man=
ifests are used in conjunction. For example, an OEM manifest specifies a pa=
yload and signs it, and provides a URI for that payload. An Operator create=
s a second manifest, with a dependency
 on the first. They use this second manifest to override the URIs provided =
by the OEM, directing them into their own infrastructure instead.<p></p></d=
iv>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<p>=C2=A0</p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
Satisfies Use-Case MFUC2<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<p>=C2=A0</p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
Usability Requirement MFUR3:<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
------------------------------<wbr>-----</div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
It MUST be possible to link multiple manifests together so that a multi-com=
ponent update can be described. This allows multiple parties with different=
 permissions to collaborate in creating a single update for the IoT device,=
 across multiple components.<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<p>=C2=A0</p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
Satisfies Use-Case MFUC2, MFUC3<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<p>=C2=A0</p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
Usability Requirement MFUR4:</div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<div style=3D"font-size:11pt;margin:0cm 0cm 0.0001pt">---------------------=
---------<wbr>-----</div>
<div>It MUST be possible to sign a manifest multiple times so that signatur=
es from multiple parties with different permissions can be required in orde=
r to authorise installation of a manifest.</div>
<div><br>
</div>
<div>Satisfies Use-Case MFUC4</div>
<div><br>
</div>
<div style=3D"font-size:11pt;margin:0cm 0cm 0.0001pt">Usability Requirement=
 MFUR5:</div>
<div style=3D"font-size:11pt;margin:0cm 0cm 0.0001pt">
<div style=3D"font-size:11pt;margin:0cm 0cm 0.0001pt">---------------------=
---------<wbr>-----</div>
</div>
<div>The manifest format MUST accommodate any payload format that an operat=
or or OEM wishes to use.=C2=A0<span style=3D"font-size:11pt">Some examples =
of payload format would be:=C2=A0</span></div>
<div style=3D"font-size:11pt;margin:0cm 0cm 0.0001pt"><p>* Binary</p></div>
<div style=3D"font-size:11pt;margin:0cm 0cm 0.0001pt"><p>* Elf</p></div>
<div style=3D"font-size:11pt;margin:0cm 0cm 0.0001pt"><p>* Differential</p>=
</div>
<div style=3D"font-size:11pt;margin:0cm 0cm 0.0001pt"><p>* Compressed</p></=
div>
<div style=3D"font-size:11pt;margin:0cm 0cm 0.0001pt">* Packed configuratio=
n</div>
<div><span style=3D"font-size:11pt"><br>
</span></div>
<div><span style=3D"font-size:11pt">Satisfies Use-Case MFUC5</span></div>
<div><span style=3D"font-size:11pt"><br>
</span></div>
<div><span style=3D"font-size:11pt"><br>
</span></div>
</div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
Manifest Fields:<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
Each manifest field is anchored in a security requirement or a usability re=
quirement. The manifest fields are described below and justified by their r=
equirements.<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<p>=C2=A0</p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
Manifest Field: Timestamp<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
------------------------------<wbr>-----</div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
A monotonic sequence number, implemented as an integer<span style=3D"color:=
rgb(149,55,53)">=C2=A0</span>Timestamp.<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<p>=C2=A0</p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
Implements: Security Requirement MFSR1.<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<p>=C2=A0</p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
Manifest Field: Vendor ID condition<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
------------------------------<wbr>-----</div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
Vendor IDs MUST be unique. This is to prevent similarly, or identically nam=
ed entities from different geographic regions from colliding in their custo=
mer=E2=80=99s infrastructure. Recommended practice is to use type 5 UUIDs w=
ith the vendor=E2=80=99s domain name and the UUID
 DNS prefix. Other options include type 1 and type 4 UUIDs.<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<p>=C2=A0</p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
Implements: Security Requirement MFSR2, MFSR4.<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<p>=C2=A0</p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
Manifest Field: Class ID condition<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
------------------------------<wbr>-----</div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
Class Identifiers MUST be unique within a Vendor ID. This is to prevent sim=
ilarly, or identically named devices colliding in their customer=E2=80=99s =
infrastructure. Recommended practice is to use type 5 UUIDs with the model,=
 hardware revision, etc. and use the Vendor
 ID as the UUID prefix. Other options include type 1 and type 4 UUIDs. A de=
vice =E2=80=9CClass=E2=80=9D is defined as any device that can run the same=
 firmware without modification. Classes MAY be implemented in a more granul=
ar way. Classes MUST NOT be implemented in a less
 granular way. Class ID can encompass model name, hardware revision, softwa=
re revision. Devices MAY have multiple Class IDs.<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<p>=C2=A0</p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
Implements: Security Requirement MFSR2, MFSR4.<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<p>=C2=A0</p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<p>Manifest Field: Precursor Image Digest Condition</p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<p>
</p><div style=3D"font-size:11pt;margin:0cm 0cm 0.0001pt">-----------------=
-------------<wbr>-----</div><div>When a precursor image is required by the=
 payload format, a precursor image digest condition MUST be present in the =
conditions list.</div><div><br>
</div></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<p>Implements: Security Requirement MFSR4</p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<p><br>
</p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
Manifest Field: Best-Before timestamp<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
------------------------------<wbr>-----</div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
This field tells a device the last application time. This is only usable in=
 conjunction with a secure clock.<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<p>=C2=A0</p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
Implements Security Requirement MFSR3<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<p>=C2=A0</p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
Manifest Field: Payload Format<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
------------------------------<wbr>-----</div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
The format of the payload must be indicated to devices is in an unambiguous=
 way. This field provides a mechanism to describe the payload format, withi=
n the signed metadata.<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<p>=C2=A0</p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
Implements Security Requirement MFSR4, Usability Requirement=C2=A0<p></p>MF=
UR5</div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<p>=C2=A0</p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
Manifest Field: Storage Location<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
------------------------------<wbr>-----</div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
This field tells the device which component is being updated. The device ca=
n use this to establish which permissions are necessary and the physical lo=
cation to use.<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<p>=C2=A0</p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
Implements Security Requirement MFSR4<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<p>=C2=A0</p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
Manifest Field: URIs<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
------------------------------<wbr>-----</div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
This field is a list of weighted URIs that the device uses to select where =
to obtain a payload.<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<p>=C2=A0</p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
Implements Security Requirement MFSR4<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<p>=C2=A0</p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
Manifest Field: digests<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
------------------------------<wbr>-----</div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
This field is a map of digests, each for a separate stage of installation. =
This allows the target device to ensure authenticity of the payload at ever=
y step of installation.<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<p>=C2=A0</p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
Implements Security Requirement MFSR4<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<p>=C2=A0</p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
Manifest Field: Size<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
------------------------------<wbr>-----</div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
The size of the payload in bytes.<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<p>=C2=A0</p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
Implements Security Requirement MFSR4<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<p><br>
</p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
Manifest Field: Signature</div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<p>------------------------------<wbr>-----</p></div>
<div style=3D"margin:0cm 0cm 0.0001pt"><p><font face=3D"Calibri, sans-serif=
"><span style=3D"font-size:11pt">This is not strictly a manifest field. Ins=
tead, the manifest is wrapped by a=C2=A0</span><span style=3D"font-size:14.=
666666984558105px">standardised</span><span style=3D"font-size:11pt">=C2=A0=
signature
 container, such as a COSE or CMS signature object. The signature container=
 MUST support multiple signatures.</span></font></p></div>
<div style=3D"margin:0cm 0cm 0.0001pt"><p><font face=3D"Calibri, sans-serif=
"><span style=3D"font-size:11pt"><br>
</span></font></p></div>
<div style=3D"margin:0cm 0cm 0.0001pt"><p><font face=3D"Calibri, sans-serif=
"><span style=3D"font-size:11pt">Implements Security Requirement MFSR5, MFU=
R4</span></font></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<p>=C2=A0</p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
Manifest Field: Directives<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
------------------------------<wbr>-----</div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
A list of instructions that the device should execute, in order, when insta=
lling the payload.<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<p>=C2=A0</p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
Implements Usability Requirement MFUR1<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<p>=C2=A0</p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
Manifest Field: Aliases<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
------------------------------<wbr>-----</div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
A list of URI/Digest pairs. A device should build an alias table while pari=
ng a manifest tree and treat any aliases as top-ranked URIs for the corresp=
onding digest.<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<p>=C2=A0</p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
Implements Usability Requirement MFUR2<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<p>=C2=A0</p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
Manifest Field: Dependencies<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
------------------------------<wbr>-----</div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
A list of URI/Digest pairs that refer to other manifests by digest. The man=
ifests that are linked in this way must be acquired and installed simultane=
ously in order to form a complete update.<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<p>=C2=A0</p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
Implements Usability Requirement MFUR3<p></p></div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<br>
</div>
<div style=3D"font-family:Calibri,sans-serif;font-size:11pt;margin:0cm 0cm =
0.0001pt">
<br>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
IMPORTANT NOTICE: The contents of this email and any attachments are confid=
ential and may also be privileged. If you are not the intended recipient, p=
lease notify the sender immediately and do not disclose the contents to any=
 other person, use it for any purpose,
 or store or copy the information in any medium. Thank you.

</blockquote></div><br></div></div><span class=3D"HOEnZb"><font color=3D"#8=
88888">
-- <br>
Sent from my Android device with K-9 Mail. Please excuse my brevity.</font>=
</span></div><br>______________________________<wbr>_________________<br>
Suit mailing list<br>
<a href=3D"mailto:Suit@ietf.org">Suit@ietf.org</a><br>
<a href=3D"https://www.ietf.org/mailman/listinfo/suit" rel=3D"noreferrer" t=
arget=3D"_blank">https://www.ietf.org/mailman/<wbr>listinfo/suit</a><br>
<br></blockquote></div><br></div>

--f403045f538c97aebd055da59223--


From nobody Fri Nov 10 13:25:33 2017
Return-Path: <Brendan.Moran@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 579731294BF for <suit@ietfa.amsl.com>; Fri, 10 Nov 2017 13:25:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.7
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k2w4JVmaYy-q for <suit@ietfa.amsl.com>; Fri, 10 Nov 2017 13:25:26 -0800 (PST)
Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-eopbgr50063.outbound.protection.outlook.com [40.107.5.63]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 203641294B2 for <suit@ietf.org>; Fri, 10 Nov 2017 13:25:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=cuT0U8x/TtACkGK3DdjOhs7LIDtW558aIlyPGwd5NII=; b=qAUEwEujCDLzPZB8tVHCOtG9ocmo3Gz6iR3c4XIpc2mXH36Ey/bEsfdUzzA+/Vhjm+ar9zV05wzlwM9p+qGYbfa5PyvBEccEIS+E15Yjbl3nAueX0MLohRJt79psS8fO43jqOS2g1nUqGZtUTg6U4RntpIdO0GJefKo2iJafQFg=
Received: from DB5PR08MB0615.eurprd08.prod.outlook.com (10.169.32.149) by DB5PR08MB0615.eurprd08.prod.outlook.com (10.169.32.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.218.12; Fri, 10 Nov 2017 21:25:22 +0000
Received: from DB5PR08MB0615.eurprd08.prod.outlook.com ([fe80::b123:af71:1ed2:1057]) by DB5PR08MB0615.eurprd08.prod.outlook.com ([fe80::b123:af71:1ed2:1057%14]) with mapi id 15.20.0218.011; Fri, 10 Nov 2017 21:25:22 +0000
From: Brendan Moran <Brendan.Moran@arm.com>
To: Trishank Karthik Kuppusamy <trishank@nyu.edu>
CC: "suit@ietf.org" <suit@ietf.org>, Shikhar Sakhuja <ss9131@nyu.edu>, "Justin Cappos" <jcappos@nyu.edu>, Sebastien Awwad <sebastienawwad@gmail.com>, Vladimir Diaz <vladimir.v.diaz@gmail.com>, Ariella C Feuchtwanger <acf469@nyu.edu>
Thread-Topic: [Suit] Towards building a secure software update standard for IoT
Thread-Index: AQHTWE74npA845icuEaPHL7SNlFr46MOJDWA
Date: Fri, 10 Nov 2017 21:25:21 +0000
Message-ID: <59D85B3E-F838-4FBC-9012-82ABC997024B@arm.com>
References: <CAJa2m-pjbm_C9x-pM1sVyuFr1_Bk5hE-TZgVQk0WCAcuvcngAw@mail.gmail.com>
In-Reply-To: <CAJa2m-pjbm_C9x-pM1sVyuFr1_Bk5hE-TZgVQk0WCAcuvcngAw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-mailer: Apple Mail (2.3273)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Brendan.Moran@arm.com; 
x-originating-ip: [81.101.7.188]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DB5PR08MB0615; 6:7Q7slfTvHjyHNpNKaLN//JugMhbw1N1etuHiiT8c7uxGeGSfYNo2o6qMKMVm4GGNCbewKGX3tc5ukprRWKm6dbyQWu8uniw6lTG9dlUFL09wlsle+tyJBHtrqkysJ+ZFtM44+4msGp/U8NNZr0GcEYIaJqgqXvbj8NmgFiFumSH5ZmPNgZIVLkDEHMZ0/Bb9uzmxNinDt/p9wI3zaprTwjIll3dy430TrcDZZRmYQ+x6MKyhWU1KQ2uMh2O/ePTPJ27eOUpmJ6gw/laoJAoGP1SQ+8zatBy3Jua+kbrB/rXmujwiYg7NYTMZDbuW5iP1FMQ6tLKMAX0lubWuNAsyklpmKL+uS2BNzUpxdFI2D+g=; 5:OsXuOeyI+YWK3tl0Q6SStAsxwnT3n2xin7NqyaEkUb7SIkvOVme72WYo6tL68NYHms5v7kvYQtMYSeCEjTaWBu+qKhoR1YL3a0ZCiGOu5+uT9AizTJc1OnbwN7n4Ii2cw0EN+hg71iSJeKT9Ig2yrVgEcLlqhYIA+/wZGCoA/cY=; 24:UgVAaC6gCVaihekO+iYGQ0TyGOYpshtZdUjCLLpEjQgWtFtTVsaa7rtNr5o80eZvKlwK/ALAZogushbsB5bmOKcrOcOMfbq6RD7h6Fyg1Dc=; 7:sztKOq7Za/YwTQ3dybUiDJ3eqKxviNlaWNX0tnqTrjqNnNOivn3tETFcuMjCqvq1n9gb/rcnW7AQB24Ve7QgyuZ3mu3RMVbfjmSPpmJkcPad6NvTNn1uIcAB/bCPEu5Yrf6eYi3I6GTVfo003M6O1y9YJnYwDKMVrIAQxUD35B8sB8b/El6xA4QwN6VtOWTaOD6972LS/Fk/qHpmie8V2Xmdqy/Pl/AH0q8Ex2OTfgs5Zu666TUCjCjVEhaPHkD9
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 2494d626-b248-411d-8d4d-08d528818cce
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603199); SRVR:DB5PR08MB0615; 
x-ms-traffictypediagnostic: DB5PR08MB0615:
x-exchange-antispam-report-test: UriScan:(118646460840905)(166708455590820)(209352067349851)(192374486261705)(788757137089)(211936372134217)(123025131177801)(5213294742642)(145926492361056)(231250463719595);
x-microsoft-antispam-prvs: <DB5PR08MB0615664C654F94D0077F18C6EA540@DB5PR08MB0615.eurprd08.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(10201501046)(3231022)(920507027)(3002001)(93006095)(93001095)(100000703101)(100105400095)(6055026)(6041248)(20161123562025)(20161123555025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123558100)(20161123560025)(20161123564025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:DB5PR08MB0615; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:DB5PR08MB0615; 
x-forefront-prvs: 0487C0DB7E
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39860400002)(376002)(346002)(40434004)(199003)(84964002)(53754006)(24454002)(51444003)(189002)(57306001)(229853002)(5660300001)(25786009)(3846002)(6116002)(102836003)(6306002)(101416001)(34040400001)(82746002)(478600001)(66066001)(8936002)(236005)(8656006)(4326008)(3660700001)(15650500001)(8676002)(54896002)(7736002)(106356001)(6512007)(99286004)(33656002)(83716003)(97736004)(105586002)(189998001)(2171002)(6916009)(606006)(2950100002)(50986999)(6436002)(76176999)(68736007)(575784001)(6246003)(53546010)(2900100001)(39060400002)(53936002)(966005)(6506006)(6486002)(316002)(72206003)(3280700002)(5250100002)(36756003)(54906003)(86362001)(5890100001)(14454004)(50226002)(81166006)(2906002)(81156014); DIR:OUT; SFP:1101; SCL:1; SRVR:DB5PR08MB0615; H:DB5PR08MB0615.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords;  A:1; MX:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_59D85B3EF8384FBC901282ABC997024Barmcom_"
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 2494d626-b248-411d-8d4d-08d528818cce
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Nov 2017 21:25:21.9782 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB5PR08MB0615
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/mMO1LUl71rgMLedvRSO_VhzVopA>
Subject: Re: [Suit] Towards building a secure software update standard for IoT
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Nov 2017 21:25:31 -0000

--_000_59D85B3EF8384FBC901282ABC997024Barmcom_
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64

SGkgVHJpc2hhbmssDQoNCk9uIDggTm92IDIwMTcsIGF0IDA1OjAzLCBUcmlzaGFuayBLYXJ0aGlr
IEt1cHB1c2FteSA8dHJpc2hhbmtAbnl1LmVkdTxtYWlsdG86dHJpc2hhbmtAbnl1LmVkdT4+IHdy
b3RlOg0KDQpIZWxsbyBldmVyeW9uZSwNCg0KSSdtIGEgUGguRC4gZ3JhZHVhdGUgZnJvbSBOWVUg
VGFuZG9uIHdobyB3b3JrZWQgb24gVGhlIFVwZGF0ZSBGcmFtZXdvcmsgKFRVRik8aHR0cHM6Ly90
aGV1cGRhdGVmcmFtZXdvcmsuZ2l0aHViLmlvLz4sIGFuIG9wZW4gc2VjdXJpdHkgc3RhbmRhcmQg
Zm9yIGJ1aWxkaW5nIGNvbXByb21pc2UtcmVzaWxpZW50IHNvZnR3YXJlIHJlcG9zaXRvcmllcy4g
VGhlIExpbnV4IEZvdW5kYXRpb24gcmVjZW50bHkgbmFtZWQ8aHR0cHM6Ly93d3cuY25jZi5pby9h
bm5vdW5jZW1lbnQvMjAxNy8xMC8yNC9jbmNmLWhvc3QtdHdvLXNlY3VyaXR5LXByb2plY3RzLW5v
dGFyeS10dWYtc3BlY2lmaWNhdGlvbi8+IFRVRiBhcyBvbmUgb2YgdHdvIG5ldyBzZWN1cml0eSBw
cm9qZWN0cyBob3N0ZWQgYnkgaXRzIENsb3VkIE5hdGl2ZSBDb21wdXRpbmcgRm91bmRhdGlvbi4g
VFVGIGlzIGJlaW5nIHVzZWQgaW4gcHJvZHVjdGlvbiBieSBMRUFQPGh0dHBzOi8vbGVhcC5zZS9l
bi8yMDE0L2Rhcmtlc3QtbmlnaHQ+LCBWTXdhcmUsIEZseW5uPGh0dHBzOi8vZmx5bm4uaW8vZG9j
cy9kZXZlbG9wbWVudCN0aGUtdXBkYXRlLWZyYW1ld29yay0lMjh0dWYlMjk+LCBLb2xpZGU8aHR0
cHM6Ly9naXRodWIuY29tL2tvbGlkZS91cGRhdGVyPiwgRGlnaXRhbE9jZWFuPGh0dHBzOi8vZ2l0
aHViLmNvbS9kaWdpdGFsb2NlYW4vZG8tYWdlbnQvYmxvYi8xMTcxMjY2YThjNWRlOTU5OGEwZDRi
OWU5OTY3YWViNWJmN2RmNzZiL3ZlbmRvci92ZW5kb3IuanNvbiNMMjctTDUxPiwgQ2xvdWRmbGFy
ZTxodHRwczovL2Jsb2cuY2xvdWRmbGFyZS5jb20vcGFsLWEtY29udGFpbmVyLWlkZW50aXR5LWJv
b3RzdHJhcHBpbmctdG9vbC8+LCBDb3JlT1MsIGFuZCBEb2NrZXI8aHR0cHM6Ly9ibG9nLmRvY2tl
ci5jb20vMjAxNS8wOC9jb250ZW50LXRydXN0LWRvY2tlci0xLTgvPi4NCg0KSSB3cml0ZSB0byB0
aGlzIGdyb3VwIGJlY2F1c2UgSSB0aGluayB0aGUgZGVzaWduIHByaW5jaXBsZXMgYmVoaW5kIFRV
RiBtYXkgYWxzbyBiZSB1c2VmdWwgdG8gc2VjdXJlIHNvZnR3YXJlIHVwZGF0ZXMgZm9yIElvVC4g
VGhlIHByb2JsZW0gd2l0aCB0d28gY29tbW9uIG9mZi10aGUtc2hlbGYgc3lzdGVtcyB1c2VkIHRv
IHRyYW5zcG9ydCB1cGRhdGVzIGZyb20gcmVwb3NpdG9yaWVzIC0tLSBvciBzZXJ2ZXJzIHVzZWQg
dG8gaG9zdCBhbmQgZGlzdHJpYnV0ZSB1cGRhdGVzIC0tLSB0byBkZXZpY2VzIGlzIHRoYXQgdGhl
eSBhcmUgbm90IGNvbXByb21pc2UtcmVzaWxpZW50PGh0dHBzOi8vd3d3LnVzZW5peC5vcmcvY29u
ZmVyZW5jZS9uc2RpMTYvdGVjaG5pY2FsLXNlc3Npb25zL3ByZXNlbnRhdGlvbi9rdXBwdXNhbXk+
Lg0KDQpXZSBhcmUgZ2xhZCB0byBoYXZlIHlvdXIgaW5wdXQhDQoNClRoZSBmaXJzdCBzeXN0ZW0s
IHdoZXJlIHJlcG9zaXRvcmllcyB1c2VzIGFuIGVuY3J5cHRlZCB0cmFuc3BvcnQgbWVjaGFuaXNt
IHN1Y2ggYXMgU1NMIC8gVExTLCBwcm90ZWN0cyBkZXZpY2VzIGZyb20gbWFuLWluLXRoZS1taWRk
bGUgYXR0YWNrcy4gSG93ZXZlciwgaXQgZG9lcyBub3QgcHJvdGVjdCBkZXZpY2VzIHdoZW4gdGhl
IHJlcG9zaXRvcnkgaXRzZWxmIGhhcyBiZWVuIGNvbXByb21pc2VkLCBiZWNhdXNlIGF0dGFja2Vy
cyBjYW4gdXNlIHRoZSBzYW1lIG9ubGluZSBTU0wgLyBUTFMga2V5IHRvIHNpZ24gYW5kIGRpc3Ry
aWJ1dGUgbWFsaWNpb3VzIHVwZGF0ZXMuIFRoaXMgaXMgdHJ1ZSBldmVuIGlmIHRoZSBwcml2YXRl
IGtleSBpcyBwcm90ZWN0ZWQgYmVoaW5kIGEgSGFyZHdhcmUgU2VjdXJpdHkgTW9kdWxlIChIU00p
LCBiZWNhdXNlIHRoZSBwb2ludCBpcyB0aGF0IGF0dGFja2VycyBjYW4gdXNlIHRoZSBIU00gdG8g
c2lnbiBtYWxpY2lvdXMgdXBkYXRlcywgZXZlbiB3aXRob3V0IGFjY2VzcyB0byB0aGUgcHJpdmF0
ZSBrZXkgaXRzZWxmLg0KDQpJIGFncmVlLiBUaGlzIGlzIHdoeSBkcmFmdC1tb3Jhbi1zdWl0LW1h
bmlmZXN0LTAwIGRlZmluZXMgYW4gZW5kLXRvLWVuZCBzZWN1cml0eSByZWxhdGlvbnNoaXAgYmV0
d2VlbiBhbiB1cGRhdGUgYXV0aG9yaXR5IChlLmcuIHRoZSBPRU0pIGFuZCB0aGUgdGFyZ2V0IElv
VCBkZXZpY2UuIFRoaXMgcmVsYXRpb25zaGlwIGlzIGZ1bmN0aW9uYWxseSBlcXVpdmFsZW50IHRv
IHRoZSByZWxhdGlvbnNoaXAgZGVmaW5lZCBpbiBUVUbigJlzIHJvb3QuanNvbiwgYnV0IGl0IGlz
IG5vdCBhcyBmb3JtYWxpc2VkLCBzaW5jZSBJb1QgZGV2aWNlIGhhdmUgbWFueSBkaWZmZXJlbnQg
d2F5cyBvZiBzcGVjaWZ5aW5nIGEgcm9vdCBrZXkuDQoNCkluIG9yZGVyIHRvIHByb3RlY3QgdXBk
YXRlcyBhdCByZXN0LCB0aGUgc2Vjb25kIHN5c3RlbSB1c2VzIGFuIG9mZmxpbmUga2V5LCB0eXBp
Y2FsbHkgdXNpbmcgR1BHIG9yIFJTQSwgdG8gc2lnbiBhbGwgdXBkYXRlcy4gVW5mb3J0dW5hdGVs
eSwgdGhpcyBzeXN0ZW0gdXN1YWxseSBzdWZmZXJzIGZyb20gcHJvYmxlbXMgd2l0aCBrZXkgcmV2
b2NhdGlvbiwgb3Igc2lnbmluZyBmb3IgbmV3IG1ldGFkYXRhIGFib3V0IHVwZGF0ZXMgb24tZGVt
YW5kLg0KDQpUVUYgdXNlcyBzZXZlcmFsIGRlc2lnbiBwcmluY2lwbGVzPGh0dHBzOi8vanVzdGlu
c2FtdWVsLmNvbS9wYXBlcnMvc3Vydml2YWJsZS1rZXktY29tcHJvbWlzZS1jY3MyMDEwLnBkZj4g
dG8gcHJvdGVjdCB1c2VycyBhcyBtdWNoIGFzIHBvc3NpYmxlIGZyb20gaW5zdGFsbGluZyBtYWxp
Y2lvdXMgdXBkYXRlcywgZXZlbiBpZiB0aGUgcmVwb3NpdG9yeSB1c2VkIHRvIHNlcnZlIHRob3Nl
IHVwZGF0ZXMgaXRzZWxmIGhhcyBiZWVuIGNvbXByb21pc2VkOg0KDQogIDEuICBTZXBhcmF0aW9u
IG9mIGR1dGllczogZGlmZmVyZW50IHR5cGVzIG9mIG1ldGFkYXRhIGFyZSBzaWduZWQgYnkgZGlm
ZmVyZW50IHJvbGVzIHVzaW5nIGRpZmZlcmVudCBrZXlzLCBzbyB0aGF0IGEga2V5IGNvbXByb21p
c2UgZG9lcyBub3QgbmVjZXNzYXJpbHkgaW1wYWN0IHRoZSBzZWN1cml0eSBvZiB0aGUgd2hvbGUg
c3lzdGVtLg0KICAyLiAgVGhyZXNob2xkIHNpZ25hdHVyZXM6IG0gb3V0IG9mIG4gc2lnbmF0dXJl
cyBtYXkgYmUgcmVxdWlyZWQgdG8gc2lnbiBhbiB1cGRhdGUsIHNvIHRoYXQgdGhpcyBtaW5pbXVt
IG51bWJlciBvZiBrZXlzIG11c3QgYmUgY29tcHJvbWlzZWQgaW4gb3JkZXIgdG8gc2lnbiBtYWx3
YXJlLg0KICAzLiAgSW1wbGljaXQgYW5kIGV4cGxpY2l0IGtleSByZXZvY2F0aW9uOiB0aGVyZSBt
dXN0IGJlIHdheXMgdG8gcmV2b2tlIGFuZCByZXBsYWNlIGtleXMsIGJlY2F1c2UgdGhleSBtYXkg
YmUgbG9zdCBvciBjb21wcm9taXNlZC4NCiAgNC4gIE1pbmltaXppbmcgcmlzayB3aXRoIG9mZmxp
bmUga2V5czogbWV0YWRhdGEgbWF5IGJlIHNpZ25lZCB1c2luZyBzaWduaW5nIGtleXMga2VwdCBv
ZmYgdGhlIHJlcG9zaXRvcnksIHNvIHRoYXQgYSByZXBvc2l0b3J5IGNvbXByb21pc2UgZG9lcyBu
b3QgaW1tZWRpYXRlbHkgcmVzdWx0IGluIHNpZ25lZCBtYWx3YXJlLg0KICA1LiAgU2VsZWN0aXZl
IGRlbGVnYXRpb24gb2YgdHJ1c3Q6IGRpZmZlcmVudCBkZXZlbG9wZXJzIG1heSBiZSB0cnVzdGVk
IHRvIHNpZ24gZm9yIG9ubHkgYSBzdWJzZXQgb2YgdXBkYXRlcywgc28gdGhhdCBhIGRldmVsb3Bl
ciBrZXkgY29tcHJvbWlzZSBkb2VzIG5vdCBhZmZlY3QgYWxsIGRldmljZXMuIERlbGVnYXRpb25z
IGFyZSBhbHNvIHVzZWZ1bCBmb3IgZGlzdHJpYnV0aW5nLCByZXZva2luZywgYW5kIHJlcGxhY2lu
ZyBwdWJsaWMga2V5cyBiZWxvbmdpbmcgdG8gZGV2ZWxvcGVycy4NCiAgNi4gIERpdmVyc2l0eSBv
ZiBzaWduaW5nIGFuZCBoYXNoaW5nIGFsZ29yaXRobXM6IHVzaW5nIG11bHRpcGxlIGFsZ29yaXRo
bXMgYWxsb3dzIGZvciBzdXJ2aXZpbmcgYSBjb21wcm9taXNlIG9mIG9uZSBvZiB0aGVtLg0KDQpN
b3N0IG9mIHRoZXNlIGNvbmNlcHRzIGFyZSBhbHJlYWR5IGNvdmVyZWQgaW4gZHJhZnQtbW9yYW4t
c3VpdC1tYW5pZmVzdC0wMC4gV2UgaGF2ZSBub3QgZXhwbGljaXRseSBsYWlkIG91dCBUaHJlc2hv
bGQgc2lnbmF0dXJlcywgbm9yIGRpdmVyc2l0eSBvZiBzaWduaW5nIGFuZCBoYXNoaW5nIGFsZ29y
aXRobXMsIHRob3VnaCB0aGVyZSBpcyBub3RoaW5nIGluIGRyYWZ0LW1vcmFuLXN1aXQtbWFuaWZl
c3QtMDAgdGhhdCBzaG91bGQgcHJldmVudCBlaXRoZXIgb2YgdGhlc2UgY29uY2VwdHMgZnJvbSB3
b3JraW5nLiBPbiBjb25zdHJhaW5lZCBkZXZpY2VzLCBkaXZlcnNpdHkgb2YgY3J5cHRvZ3JhcGhp
YyBwcmltaXRpdmVzIGlzIGEgZGlmZmljdWx0IHRyYWRlb2ZmIHNpbmNlIGNyeXB0b2dyYXBoaWMg
YWxnb3JpdGhtcywgcGFydGljdWxhcmx5IGFzeW1tZXRyaWMgb25lcywgY29uc3VtZSBhIGxvdCBv
ZiBjb2RlIHNwYWNlLg0KDQpXZSBleHBsaWNpdGx5IGxlYXZlIGtleSByZXZvY2F0aW9uIG91dCBv
ZiBzY29wZS4gQmVjYXVzZSB3ZSBkb27igJl0IGRlZmluZSBrZXkgcHJvdmlzaW9uaW5nIG1lY2hh
bmlzbXMsIHRoaXMgaXMgYSBwcm9ibGVtIHRoYXQgaXMgbm90IHNvbHZlZCBpbiBkcmFmdC1tb3Jh
bi1zdWl0LW1hbmlmZXN0LTAwLiBTaW5jZSBJb1QgcGxhdGZvcm1zIGFyZSBzbyBkaXNwYXJhdGUg
aW4gbmF0dXJlLCBpdCBpcyBkaWZmaWN1bHQgdG8gcHJlc2NyaWJlIHRoZSBoYW5kbGluZyBvZiBr
ZXlzLCBzaW5jZSBhbnkgc3BlY2lmaWVkIG1lY2hhbmlzbSBtYXkgbm90IGJlIHByYWN0aWNhbCBm
b3IgYSBnaXZlbiBhcHBsaWNhdGlvbi4NCg0KVXB0YW5lPGh0dHBzOi8vdXB0YW5lLmdpdGh1Yi5p
by8+IGlzIGEgdmFyaWFudCBvZiBUVUYgd2hpY2ggaXMgZXNwZWNpYWxseSBkZXNpZ25lZCBmb3Ig
YXV0b21vYmlsZXMuIEl0IGFsbG93cyB2ZWhpY2xlIG1hbnVmYWN0dXJlcyB0byBjdXN0b21pemUg
d2hpY2ggdXBkYXRlcyBhcmUgaW5zdGFsbGVkIG9uIHdoaWNoIHZlaGljbGVzIHdpdGhvdXQgY29t
cHJvbWlzaW5nIHNlY3VyaXR5LiBJdCBpcyBiZWluZyBpbnRlZ3JhdGVkIGJ5IGF0IGxlYXN0IHRo
cmVlIGF1dG9tb3RpdmUgc3VwcGxpZXJzLCBpbmNsdWRpbmcgQWR2YW5jZWQgVGVsZW1hdGljIFN5
c3RlbXM8aHR0cHM6Ly93d3cucHJuZXdzd2lyZS5jb20vbmV3cy1yZWxlYXNlcy9hdHMtaXMtaW50
ZWdyYXRpbmctdGhlLXVwdGFuZS1zZWN1cml0eS1mcmFtZXdvcmstZm9yLW92ZXItdGhlLWFpci1z
b2Z0d2FyZS11cGRhdGVzLXRvLWNvbm5lY3RlZC12ZWhpY2xlcy02MjgxNzAwNzMuaHRtbD4sIExl
YXIgQ29ycG9yYXRpb24sIGFuZCBPVEFpbmZvPGh0dHBzOi8vd3d3LmNydW5jaGJhc2UuY29tL29y
Z2FuaXphdGlvbi9vdGFpbmZvPi4NCg0KVGhlIHJlc2VhcmNoIGdyb3VwIGF0IE5ZVSBhbmQgSSBm
ZWVsIHRoYXQgbWFueSBvZiB0aGUgZGVzaWduIHByaW5jaXBsZXMgYmVoaW5kIFVwdGFuZSBtYXkg
YmUgdXNlZCBpbiB0aGUgSW9UIGRvbWFpbiwgYXMgdGhleSBhcHBlYXIgdG8gYmUgc2hhcmUgc29t
ZSBvZiB0aGUgc2FtZSByZXF1aXJlbWVudHMuIERlc3BpdGUgb2ZmZXJpbmcgaGlnaCBzZWN1cml0
eSwgVXB0YW5lIGlzIGZsZXhpYmxlIGVub3VnaCB0byBhY2NvbW1vZGF0ZSBhIHdpZGUgdmFyaWV0
eSBvZiBkZXBsb3ltZW50IGNvbmZpZ3VyYXRpb25zLiBGb3IgZXhhbXBsZSwgVXB0YW5lIGlzIGFn
bm9zdGljIHRvIHRoZSBwcmVjaXNlIGRhdGEgZW5jb2RpbmcgZm9ybWF0IHVzZWQgdG8gZGVzY3Jp
YmUgbWV0YWRhdGEsIHNvIHRoYXQgQVNOLjEsIENCT1IsIG9yIFhNTCBtYXkgYmUgdXNlZCBieSBk
aWZmZXJlbnQgaW1wbGVtZW50b3JzLg0KDQpJIGFncmVlLiBJIHRoaW5rIHRoZXJlIGlzIGEgbG90
IG9mIG92ZXJsYXAgYmV0d2VlbiBvdXIgdHdvIGFwcHJvYWNoZXMgYW5kIHRoZXJlIGlzIGxpa2Vs
eSBhIGxvdCBvZiBjb2xsYWJvcmF0aW9uIHdlIGNhbiBkby4NCg0KTW9yZSBpbmZvcm1hdGlvbiBh
Ym91dCBUVUYgaXMgYXZhaWxhYmxlIGF0OiBodHRwczovL3d3dy50aGV1cGRhdGVmcmFtZXdvcmsu
Y29tLw0KDQpNb3JlIGluZm9ybWF0aW9uIGFib3V0IFVwdGFuZSwgYSB2YXJpYW50IG9mIFRVRiBm
b3IgYXV0b21vYmlsZXMsIGlzIGF2YWlsYWJsZSBhdDogaHR0cHM6Ly91cHRhbmUuZ2l0aHViLmlv
Lw0KDQpNeSB0aGVzaXMgb24gVFVGIGFuZCBVcHRhbmUgaXMgYXZhaWxhYmUgYXQ6IGh0dHBzOi8v
ZHJpdmUuZ29vZ2xlLmNvbS9maWxlL2QvMEI1LTlNRVEwU1FOMlNqZG1kVXh1ZVRoUU5tTS92aWV3
P3VzcD1zaGFyaW5nDQoNCldlIGhvcGUgdG8gY29sbGFib3JhdGUgd2l0aCB5b3Ugb24gZGVzaWdu
aW5nIGEgc2VjdXJlIHlldCBmbGV4aWJsZSBzb2Z0d2FyZSB1cGRhdGUgc3RhbmRhcmQgZm9yIElv
VC4gSW4gcGFydGljdWxhciwgd2UgYXJlIGludGVyZXN0ZWQgaW4gbGVhcm5pbmcgYWJvdXQgdW5p
cXVlIGNoYWxsZW5nZXMgaW4gdGhpcyBkb21haW4gdGhhdCBwZXJ0YWluIHRvIHNvZnR3YXJlIHVw
ZGF0ZXMuIFdlIGxvb2sgZm9yd2FyZCB0byBoZWFyaW5nIGZyb20geW91IQ0KDQoNCkkgdGhpbmsg
dGhhdCBUVUYgYW5kIFN1aXQgY292ZXIgbWFueSBvZiB0aGUgc2FtZSBnb2Fscy4gSSB0aGluayB0
aGF0IG91ciB0aHJlYXQgbW9kZWxzIGFyZSBsYXJnZWx5IGNvbXBhdGlibGU7IEnigJl2ZSBqdXN0
IGZpbmlzaGVkIHNlbmRpbmcgb3V0IHRoZSB0aHJlYXQgbW9kZWwgdGhhdCB3ZSB1c2VkIGZvciB0
aGUgc3VpdCBtYW5pZmVzdCBkcmFmdC4gSSBmdWxseSBhbnRpY2lwYXRlIHRoYXQgeW91IGNvdWxk
IGNvbnN0cnVjdCBhIFRVRiBlbmRwb2ludCB1c2luZyB0aGUgU3VpdCBtYW5pZmVzdC4NCg0KDQpC
eSB0aGUgd2F5IGl0IGlzIHdyaXR0ZW4sIEkgdGhpbmsgaXQgaXMgZmFpciB0byBzYXkgdGhhdCBU
VUYgaXMgbGFyZ2VseSBhaW1lZCBhdCBoaWdoLWJhbmR3aWR0aCBuZXR3b3JrcyBhbmQgaG9tb2dl
bm91cyB0aGljayBjbGllbnRzLCBwYXJ0aWN1bGFybHkgd2l0aCBodW1hbiBpbnRlcmZhY2UuIFVw
dGFuZSBkZWFscyB3aXRoIG1hbnkgb2YgdGhlc2UgaXNzdWVzLiBUaGUgcHJvYmxlbSBpcyBkaWZm
ZXJlbnQgaW4gdGhlIElvVCBzcGFjZS4gRm9yIGV4YW1wbGUsIFRVRiBzYXlzOg0KDQo+IDEuOC4g
Q2hlY2sgZm9yIGEgZnJlZXplIGF0dGFjay4NCj4gVGhlIGxhdGVzdCBrbm93biB0aW1lIHNob3Vs
ZCBiZSBsb3dlciB0aGFuIHRoZSBleHBpcmF0aW9uIHRpbWVzdGFtcCBpbiB0aGUgdHJ1c3RlZCBy
b290IG1ldGFkYXRhIGZpbGUuDQoNCkFuIElvVCBkZXZpY2UgbWF5IG5vdCBrbm93IHRoZSB0aW1l
IG9yLCBpZiBpdCBkb2VzLCB0aGUgdGltZSBtYXkgYmUgY29uc2lkZXJlZCBzdXNwZWN0IHVubGVz
cyBhIHNlY3VyZSB0aW1lIHNvdXJjZSBpcyBhdmFpbGFibGUgKGFuZCBpbmRlZWQgdGhpcyBpcyB0
aGUgc29sdXRpb24gdGhhdCBVcHRhbmUgc2VlbXMgdG8gcmVjb21tZW5kKS4gVGhhdCBjcmVhdGVz
IGEgbmV3IHRydXN0IHJlbGF0aW9uc2hpcCB0aGF0IG11c3QgYWxzbyBiZSBtYW5hZ2VkLiBUaGlz
IGlzIGZhciBtb3JlIHByb2JsZW1hdGljIG9uIGFuIElvVCBkZXZpY2UsIHNpbmNlIGEgdXNlciB3
b3VsZCB0eXBpY2FsbHkgbm90IGhhdmUgdGltZSBzZXQgd3JvbmcgYnkgbW9yZSB0aGFuIGEgZmV3
IGhvdXJzLCB3aGljaCBhcmUgbW9zdGx5IGlycmVsZXZhbnQgaW4ga2V5IHJvdGF0aW9uIHNjaGVk
dWxlcy4gSW4gSW9UIGRldmljZXMgd2l0aG91dCByZWFsdGltZSBjbG9ja3MsIHRoZXkgbXVzdCBv
YnRhaW4gYSB0cnVzdGVkIHRpbWUgYXQgZWFjaCBwb3dlci1vbiBmb3IgYW55IGltcGxpY2l0IGtl
eSByZXZvY2F0aW9uLCBvciBmcmVlemUgYXR0YWNrIGRldGVjdGlvbiB0byB3b3JrLg0KDQpUVUYg
ZG9lc27igJl0IHNwZWNpZnkgYW55IHdheSB0byBwZXJmb3JtIG1hdGNoaW5nIG9mIHRhcmdldCBo
YXJkd2FyZSwgYnV0IFVwdGFuZSBoYW5kbGVzIHRoaXMgaW4gdGhlIEN1c3RvbSBibG9jayBvZiBU
YXJnZXRzLg0KDQpUVUbigJlzIHNwZWNpZmljYXRpb24gcmVxdWlyZXMgdGhlIGV4aXN0ZW5jZSBv
ZiBhIGZpbGVzeXN0ZW0sIGhvd2V2ZXIgSeKAmW0gc3VyZSB5b3UgY291bGQgY29uc3RydWN0IGEg
cmVhc29uYWJsZSBUVUYgZW5kcG9pbnQgd2hpbGUgaWdub3JpbmcgdGhpcy4gVFVGIGFsc28gc3Bl
Y2lmaWVzIGEgc2lnbmF0dXJlIHZlcmlmaWNhdGlvbiBvdmVyaGVhZCB0aGF0IGlzIHByb2JsZW1h
dGljIGZvciBJb1QuIEJhc2VkIG9uIHRoZSBUVUYgdXBkYXRlIHByb2Nlc3Mgb3V0bGluZWQgaGVy
ZTogaHR0cHM6Ly9naXRodWIuY29tL3RoZXVwZGF0ZWZyYW1ld29yay9zcGVjaWZpY2F0aW9uL2Js
b2IvbWFzdGVyL3R1Zi1zcGVjLm1kIzUtZGV0YWlsZWQtd29ya2Zsb3dzLCBJIGNvdW50IGEgbWlu
aW11bSBvZiAzIHNpZ25hdHVyZSB2ZXJpZmljYXRpb25zIGZvciBhIGZpcnN0LXRpbWUgdXBkYXRl
Og0KDQpUICogKE4gKyAzKSBzaWduYXR1cmUgdmVyaWZpY2F0aW9ucw0KDQpXaGVyZToNCiogdGhl
cmUgYXJlIE4gaW50ZXJtZWRpYXRlIHJvb3QgbWV0YWRhdGEgZmlsZXMsDQoqIHRoZXJlIGlzIDEg
dGltZXN0YW1wIGZpbGUNCiogdGhlcmUgaXMgMSBzbmFwc2hvdCBmaWxlDQoqIHRoZXJlIGlzIDEg
dGFyZ2V0cyBmaWxlDQoqIGEgdGhyZXNob2xkIG9mIFQgc2lnbmF0dXJlcyBhcmUgbmVlZGVkIChJ
4oCZbSBhc3N1bWluZyBpdOKAmXMgdGhlIHNhbWUgZm9yIGFsbCBmaWxlcywgYnV0IHRoaXMgbWF5
IG5vdCBiZSB0aGUgY2FzZSkNCg0KRXZlbiB3aXRoIGEgcmVsYXRpdmVseSBtb2Rlc3QgbnVtYmVy
IG9mIHJvb3QgbWV0YWRhdGEgZmlsZXMsIGFuZCBhIHNtYWxsIG51bWJlciBmb3IgVCwgdGhpcyBj
b3VsZCBjb25zdW1lIGEgc2lnbmlmaWNhbnQgcXVhbnRpdHkgb2YgYSBiYXR0ZXJ5LXBvd2VyZWQg
ZGV2aWNl4oCZcyBsaWZldGltZSBwb3dlciBidWRnZXQuDQoNCk9uZSBvdGhlciBjb25zaWRlcmF0
aW9uIGZvciBJb1QgZGV2aWNlcyBpcyB0aGF0IHdyaXRpbmcgdG8gZmxhc2ggaXMgYW4gZXhwZW5z
aXZlIG9wZXJhdGlvbi4gVGhpcyBtZWFucyB0aGF0IGl0IHNob3VsZCBiZSBsaW1pdGVkLCBwYXJ0
aWN1bGFybHkgd2hlbiBhIGRldmljZSBtYXkgYmUgdW5kZXIgYXR0YWNrLiBUaGlzIGlzIHdoeSB3
ZSBzcGVjaWZ5IG1ldGFkYXRhIHRoYXQgY2FuIGVhc2lseSBmaXQgaW4gUkFNLCB3aXRoIG5vIGF0
dGFjaGVkIHBheWxvYWQuIFRoaXMgYWxsb3dzIHNpZ25hdHVyZSB2ZXJpZmljYXRpb24gcHJpb3Ig
dG8gc3RvcmFnZSBvbiBjb25zdHJhaW5lZCBkZXZpY2VzLg0KDQpUaGUgdGllcmVkIG1ldGFkYXRh
IGFwcHJvYWNoIGluIFRVRiBpcyBpbnRlcmVzdGluZy4gUHJldmlvdXNseSwgSSBoYWQgY29uc2lk
ZXJlZCB0aGUgZGV2aWNlLXNpZGUg4oCccG9saWNpZXPigJ0gb2YgaG93IHRvIGFwcGx5IHVwZGF0
ZXMgKHN1Y2ggYXMgaG93IG1hbnkgc2lnbmF0dXJlcyB0byByZXF1aXJlKSB0byBiZSBhIGZpcm13
YXJlIHByb2JsZW0sIGJ1dCBpdCBjb3VsZCBiZSBkb25lIHdpdGggc2lnbmVkIG1ldGFkYXRhIGFz
IHdlbGwuIEkgdGhpbmsgdGhhdCBmb3IgdGhlIG1vc3QgY29uc3RyYWluZWQgY2xpZW50cywgbGVh
dmluZyBwb2xpY2llcyBpbiBmaXJtd2FyZSBpcyBsaWtlbHkgdGhlIGJlc3QgY2hvaWNlLCBzdGls
bC4NCg0KQmVzdCBSZWdhcmRzLA0KQnJlbmRhbg0KSU1QT1JUQU5UIE5PVElDRTogVGhlIGNvbnRl
bnRzIG9mIHRoaXMgZW1haWwgYW5kIGFueSBhdHRhY2htZW50cyBhcmUgY29uZmlkZW50aWFsIGFu
ZCBtYXkgYWxzbyBiZSBwcml2aWxlZ2VkLiBJZiB5b3UgYXJlIG5vdCB0aGUgaW50ZW5kZWQgcmVj
aXBpZW50LCBwbGVhc2Ugbm90aWZ5IHRoZSBzZW5kZXIgaW1tZWRpYXRlbHkgYW5kIGRvIG5vdCBk
aXNjbG9zZSB0aGUgY29udGVudHMgdG8gYW55IG90aGVyIHBlcnNvbiwgdXNlIGl0IGZvciBhbnkg
cHVycG9zZSwgb3Igc3RvcmUgb3IgY29weSB0aGUgaW5mb3JtYXRpb24gaW4gYW55IG1lZGl1bS4g
VGhhbmsgeW91Lg0K

--_000_59D85B3EF8384FBC901282ABC997024Barmcom_
Content-Type: text/html; charset="utf-8"
Content-ID: <D3175224E104A9409D6E9E74292C261F@eurprd08.prod.outlook.com>
Content-Transfer-Encoding: base64

PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i
dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjwvaGVhZD4NCjxib2R5IHN0eWxlPSJ3b3JkLXdy
YXA6IGJyZWFrLXdvcmQ7IC13ZWJraXQtbmJzcC1tb2RlOiBzcGFjZTsgLXdlYmtpdC1saW5lLWJy
ZWFrOiBhZnRlci13aGl0ZS1zcGFjZTsiIGNsYXNzPSIiPg0KSGkgVHJpc2hhbmssDQo8ZGl2IGNs
YXNzPSIiPjxiciBjbGFzcz0iIj4NCjxkaXY+DQo8YmxvY2txdW90ZSB0eXBlPSJjaXRlIiBjbGFz
cz0iIj4NCjxkaXYgY2xhc3M9IiI+T24gOCBOb3YgMjAxNywgYXQgMDU6MDMsIFRyaXNoYW5rIEth
cnRoaWsgS3VwcHVzYW15ICZsdDs8YSBocmVmPSJtYWlsdG86dHJpc2hhbmtAbnl1LmVkdSIgY2xh
c3M9IiI+dHJpc2hhbmtAbnl1LmVkdTwvYT4mZ3Q7IHdyb3RlOjwvZGl2Pg0KPGJyIGNsYXNzPSJB
cHBsZS1pbnRlcmNoYW5nZS1uZXdsaW5lIj4NCjxkaXYgY2xhc3M9IiI+DQo8ZGl2IGRpcj0ibHRy
IiBjbGFzcz0iIj4NCjxkaXYgY2xhc3M9IiI+SGVsbG8gZXZlcnlvbmUsPC9kaXY+DQo8ZGl2IGNs
YXNzPSIiPjxiciBjbGFzcz0iIj4NCjwvZGl2Pg0KPGRpdiBjbGFzcz0iIj5JJ20gYSBQaC5ELiBn
cmFkdWF0ZSBmcm9tIE5ZVSBUYW5kb24gd2hvIHdvcmtlZCBvbiA8YSBocmVmPSJodHRwczovL3Ro
ZXVwZGF0ZWZyYW1ld29yay5naXRodWIuaW8vIiBjbGFzcz0iIj4NClRoZSBVcGRhdGUgRnJhbWV3
b3JrIChUVUYpPC9hPiwgYW4gb3BlbiBzZWN1cml0eSBzdGFuZGFyZCBmb3IgYnVpbGRpbmcgY29t
cHJvbWlzZS1yZXNpbGllbnQgc29mdHdhcmUgcmVwb3NpdG9yaWVzLiBUaGUgTGludXggRm91bmRh
dGlvbiByZWNlbnRseQ0KPGEgaHJlZj0iaHR0cHM6Ly93d3cuY25jZi5pby9hbm5vdW5jZW1lbnQv
MjAxNy8xMC8yNC9jbmNmLWhvc3QtdHdvLXNlY3VyaXR5LXByb2plY3RzLW5vdGFyeS10dWYtc3Bl
Y2lmaWNhdGlvbi8iIGNsYXNzPSIiPg0KbmFtZWQ8L2E+IFRVRiBhcyBvbmUgb2YgdHdvIG5ldyBz
ZWN1cml0eSBwcm9qZWN0cyBob3N0ZWQgYnkgaXRzIENsb3VkIE5hdGl2ZSBDb21wdXRpbmcgRm91
bmRhdGlvbi4gVFVGIGlzIGJlaW5nIHVzZWQgaW4gcHJvZHVjdGlvbiBieQ0KPGEgaHJlZj0iaHR0
cHM6Ly9sZWFwLnNlL2VuLzIwMTQvZGFya2VzdC1uaWdodCIgY2xhc3M9IiI+TEVBUDwvYT4sIFZN
d2FyZSwgPGEgaHJlZj0iaHR0cHM6Ly9mbHlubi5pby9kb2NzL2RldmVsb3BtZW50I3RoZS11cGRh
dGUtZnJhbWV3b3JrLSUyOHR1ZiUyOSIgY2xhc3M9IiI+DQpGbHlubjwvYT4sIDxhIGhyZWY9Imh0
dHBzOi8vZ2l0aHViLmNvbS9rb2xpZGUvdXBkYXRlciIgY2xhc3M9IiI+S29saWRlPC9hPiwgPGEg
aHJlZj0iaHR0cHM6Ly9naXRodWIuY29tL2RpZ2l0YWxvY2Vhbi9kby1hZ2VudC9ibG9iLzExNzEy
NjZhOGM1ZGU5NTk4YTBkNGI5ZTk5NjdhZWI1YmY3ZGY3NmIvdmVuZG9yL3ZlbmRvci5qc29uI0wy
Ny1MNTEiIGNsYXNzPSIiPg0KRGlnaXRhbE9jZWFuPC9hPiwgPGEgaHJlZj0iaHR0cHM6Ly9ibG9n
LmNsb3VkZmxhcmUuY29tL3BhbC1hLWNvbnRhaW5lci1pZGVudGl0eS1ib290c3RyYXBwaW5nLXRv
b2wvIiBjbGFzcz0iIj4NCkNsb3VkZmxhcmU8L2E+LCBDb3JlT1MsIGFuZCA8YSBocmVmPSJodHRw
czovL2Jsb2cuZG9ja2VyLmNvbS8yMDE1LzA4L2NvbnRlbnQtdHJ1c3QtZG9ja2VyLTEtOC8iIGNs
YXNzPSIiPg0KRG9ja2VyPC9hPi48L2Rpdj4NCjxkaXYgY2xhc3M9IiI+PGJyIGNsYXNzPSIiPg0K
PC9kaXY+DQo8ZGl2IGNsYXNzPSIiPkkgd3JpdGUgdG8gdGhpcyBncm91cCBiZWNhdXNlIEkgdGhp
bmsgdGhlIGRlc2lnbiBwcmluY2lwbGVzIGJlaGluZCBUVUYgbWF5IGFsc28gYmUgdXNlZnVsIHRv
IHNlY3VyZSBzb2Z0d2FyZSB1cGRhdGVzIGZvciBJb1QuIFRoZSBwcm9ibGVtIHdpdGggdHdvIGNv
bW1vbiBvZmYtdGhlLXNoZWxmIHN5c3RlbXMgdXNlZCB0byB0cmFuc3BvcnQgdXBkYXRlcyBmcm9t
IHJlcG9zaXRvcmllcyAtLS0gb3Igc2VydmVycyB1c2VkIHRvDQogaG9zdCBhbmQgZGlzdHJpYnV0
ZSB1cGRhdGVzIC0tLSB0byBkZXZpY2VzIGlzIHRoYXQgdGhleSBhcmUgbm90IDxhIGhyZWY9Imh0
dHBzOi8vd3d3LnVzZW5peC5vcmcvY29uZmVyZW5jZS9uc2RpMTYvdGVjaG5pY2FsLXNlc3Npb25z
L3ByZXNlbnRhdGlvbi9rdXBwdXNhbXkiIGNsYXNzPSIiPg0KY29tcHJvbWlzZS1yZXNpbGllbnQ8
L2E+LjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvYmxvY2txdW90ZT4NCjxkaXY+PGJyIGNsYXNz
PSIiPg0KPC9kaXY+DQo8ZGl2PldlIGFyZSBnbGFkIHRvIGhhdmUgeW91ciBpbnB1dCE8L2Rpdj4N
CjxiciBjbGFzcz0iIj4NCjxibG9ja3F1b3RlIHR5cGU9ImNpdGUiIGNsYXNzPSIiPg0KPGRpdiBj
bGFzcz0iIj4NCjxkaXYgZGlyPSJsdHIiIGNsYXNzPSIiPg0KPGRpdiBjbGFzcz0iIj5UaGUgZmly
c3Qgc3lzdGVtLCB3aGVyZSByZXBvc2l0b3JpZXMgdXNlcyBhbiBlbmNyeXB0ZWQgdHJhbnNwb3J0
IG1lY2hhbmlzbSBzdWNoIGFzIFNTTCAvIFRMUywgcHJvdGVjdHMgZGV2aWNlcyBmcm9tIG1hbi1p
bi10aGUtbWlkZGxlIGF0dGFja3MuIEhvd2V2ZXIsIGl0IGRvZXMgbm90IHByb3RlY3QgZGV2aWNl
cyB3aGVuIHRoZSByZXBvc2l0b3J5IGl0c2VsZiBoYXMgYmVlbiBjb21wcm9taXNlZCwgYmVjYXVz
ZSBhdHRhY2tlcnMNCiBjYW4gdXNlIHRoZSBzYW1lIG9ubGluZSBTU0wgLyBUTFMga2V5IHRvIHNp
Z24gYW5kIGRpc3RyaWJ1dGUgbWFsaWNpb3VzIHVwZGF0ZXMuIFRoaXMgaXMgdHJ1ZSBldmVuIGlm
IHRoZSBwcml2YXRlIGtleSBpcyBwcm90ZWN0ZWQgYmVoaW5kIGEgSGFyZHdhcmUgU2VjdXJpdHkg
TW9kdWxlIChIU00pLCBiZWNhdXNlIHRoZSBwb2ludCBpcyB0aGF0IGF0dGFja2VycyBjYW4gdXNl
IHRoZSBIU00gdG8gc2lnbiBtYWxpY2lvdXMgdXBkYXRlcywgZXZlbiB3aXRob3V0DQogYWNjZXNz
IHRvIHRoZSBwcml2YXRlIGtleSBpdHNlbGYuPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9ibG9j
a3F1b3RlPg0KPGRpdj48YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCkkgYWdyZWUuIFRoaXMgaXMgd2h5
IGRyYWZ0LW1vcmFuLXN1aXQtbWFuaWZlc3QtMDAgZGVmaW5lcyBhbiBlbmQtdG8tZW5kIHNlY3Vy
aXR5IHJlbGF0aW9uc2hpcCBiZXR3ZWVuIGFuIHVwZGF0ZSBhdXRob3JpdHkgKGUuZy4gdGhlIE9F
TSkgYW5kIHRoZSB0YXJnZXQgSW9UIGRldmljZS4gVGhpcyByZWxhdGlvbnNoaXAgaXMgZnVuY3Rp
b25hbGx5IGVxdWl2YWxlbnQgdG8gdGhlIHJlbGF0aW9uc2hpcCBkZWZpbmVkIGluIFRVRuKAmXMg
cm9vdC5qc29uLA0KIGJ1dCBpdCBpcyBub3QgYXMgZm9ybWFsaXNlZCwgc2luY2UgSW9UIGRldmlj
ZSBoYXZlIG1hbnkgZGlmZmVyZW50IHdheXMgb2Ygc3BlY2lmeWluZyBhIHJvb3Qga2V5LjxiciBj
bGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCjxibG9ja3F1b3RlIHR5cGU9ImNpdGUiIGNsYXNzPSIi
Pg0KPGRpdiBjbGFzcz0iIj4NCjxkaXYgZGlyPSJsdHIiIGNsYXNzPSIiPg0KPGRpdiBjbGFzcz0i
Ij5JbiBvcmRlciB0byBwcm90ZWN0IHVwZGF0ZXMgYXQgcmVzdCwgdGhlIHNlY29uZCBzeXN0ZW0g
dXNlcyBhbiBvZmZsaW5lIGtleSwgdHlwaWNhbGx5IHVzaW5nIEdQRyBvciBSU0EsIHRvIHNpZ24g
YWxsIHVwZGF0ZXMuIFVuZm9ydHVuYXRlbHksIHRoaXMgc3lzdGVtIHVzdWFsbHkgc3VmZmVycyBm
cm9tIHByb2JsZW1zIHdpdGgga2V5IHJldm9jYXRpb24sIG9yIHNpZ25pbmcgZm9yIG5ldyBtZXRh
ZGF0YSBhYm91dCB1cGRhdGVzDQogb24tZGVtYW5kLjwvZGl2Pg0KPGRpdiBjbGFzcz0iIj48YnIg
Y2xhc3M9IiI+DQo8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+VFVGIHVzZXMgc2V2ZXJhbCA8YSBocmVm
PSJodHRwczovL2p1c3RpbnNhbXVlbC5jb20vcGFwZXJzL3N1cnZpdmFibGUta2V5LWNvbXByb21p
c2UtY2NzMjAxMC5wZGYiIGNsYXNzPSIiPg0KZGVzaWduIHByaW5jaXBsZXM8L2E+IHRvIHByb3Rl
Y3QgdXNlcnMgYXMgbXVjaCBhcyBwb3NzaWJsZSBmcm9tIGluc3RhbGxpbmcgbWFsaWNpb3VzIHVw
ZGF0ZXMsIGV2ZW4gaWYgdGhlIHJlcG9zaXRvcnkgdXNlZCB0byBzZXJ2ZSB0aG9zZSB1cGRhdGVz
IGl0c2VsZiBoYXMgYmVlbiBjb21wcm9taXNlZDo8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+DQo8b2wg
Y2xhc3M9IiI+DQo8bGkgY2xhc3M9IiI+PGIgY2xhc3M9IiI+U2VwYXJhdGlvbiBvZiBkdXRpZXM8
L2I+OiBkaWZmZXJlbnQgdHlwZXMgb2YgbWV0YWRhdGEgYXJlIHNpZ25lZCBieSBkaWZmZXJlbnQg
cm9sZXMgdXNpbmcgZGlmZmVyZW50IGtleXMsIHNvIHRoYXQgYSBrZXkgY29tcHJvbWlzZSBkb2Vz
IG5vdCBuZWNlc3NhcmlseSBpbXBhY3QgdGhlIHNlY3VyaXR5IG9mIHRoZSB3aG9sZSBzeXN0ZW0u
PGJyIGNsYXNzPSIiPg0KPC9saT48bGkgY2xhc3M9IiI+PGIgY2xhc3M9IiI+VGhyZXNob2xkIHNp
Z25hdHVyZXM8L2I+OiA8aSBjbGFzcz0iIj5tPC9pPiBvdXQgb2YgPGkgY2xhc3M9IiI+DQpuPC9p
PiBzaWduYXR1cmVzIG1heSBiZSByZXF1aXJlZCB0byBzaWduIGFuIHVwZGF0ZSwgc28gdGhhdCB0
aGlzIG1pbmltdW0gbnVtYmVyIG9mIGtleXMgbXVzdCBiZSBjb21wcm9taXNlZCBpbiBvcmRlciB0
byBzaWduIG1hbHdhcmUuPGJyIGNsYXNzPSIiPg0KPC9saT48bGkgY2xhc3M9IiI+PGIgY2xhc3M9
IiI+SW1wbGljaXQgYW5kIGV4cGxpY2l0IGtleSByZXZvY2F0aW9uPC9iPjogdGhlcmUgbXVzdCBi
ZSB3YXlzIHRvIHJldm9rZSBhbmQgcmVwbGFjZSBrZXlzLCBiZWNhdXNlIHRoZXkgbWF5IGJlIGxv
c3Qgb3IgY29tcHJvbWlzZWQuPGJyIGNsYXNzPSIiPg0KPC9saT48bGkgY2xhc3M9IiI+PGIgY2xh
c3M9IiI+TWluaW1pemluZyByaXNrIHdpdGggb2ZmbGluZSBrZXlzPC9iPjogbWV0YWRhdGEgbWF5
IGJlIHNpZ25lZCB1c2luZyBzaWduaW5nIGtleXMga2VwdCBvZmYgdGhlIHJlcG9zaXRvcnksIHNv
IHRoYXQgYSByZXBvc2l0b3J5IGNvbXByb21pc2UgZG9lcyBub3QgaW1tZWRpYXRlbHkgcmVzdWx0
IGluIHNpZ25lZCBtYWx3YXJlLjxiciBjbGFzcz0iIj4NCjwvbGk+PGxpIGNsYXNzPSIiPjxiIGNs
YXNzPSIiPlNlbGVjdGl2ZSBkZWxlZ2F0aW9uIG9mIHRydXN0PC9iPjogZGlmZmVyZW50IGRldmVs
b3BlcnMgbWF5IGJlIHRydXN0ZWQgdG8gc2lnbiBmb3Igb25seSBhIHN1YnNldCBvZiB1cGRhdGVz
LCBzbyB0aGF0IGEgZGV2ZWxvcGVyIGtleSBjb21wcm9taXNlIGRvZXMgbm90IGFmZmVjdCBhbGwg
ZGV2aWNlcy4gRGVsZWdhdGlvbnMgYXJlIGFsc28gdXNlZnVsIGZvciBkaXN0cmlidXRpbmcsIHJl
dm9raW5nLCBhbmQNCiByZXBsYWNpbmcgcHVibGljIGtleXMgYmVsb25naW5nIHRvIGRldmVsb3Bl
cnMuPGJyIGNsYXNzPSIiPg0KPC9saT48bGkgY2xhc3M9IiI+PGIgY2xhc3M9IiI+RGl2ZXJzaXR5
IG9mIHNpZ25pbmcgYW5kIGhhc2hpbmcgYWxnb3JpdGhtczwvYj46IHVzaW5nIG11bHRpcGxlIGFs
Z29yaXRobXMgYWxsb3dzIGZvciBzdXJ2aXZpbmcgYSBjb21wcm9taXNlIG9mIG9uZSBvZiB0aGVt
LjwvbGk+PC9vbD4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvYmxvY2txdW90ZT4NCjxkaXY+
TW9zdCBvZiB0aGVzZSBjb25jZXB0cyBhcmUgYWxyZWFkeSBjb3ZlcmVkIGluIGRyYWZ0LW1vcmFu
LXN1aXQtbWFuaWZlc3QtMDAuIFdlIGhhdmUgbm90IGV4cGxpY2l0bHkgbGFpZCBvdXQgVGhyZXNo
b2xkIHNpZ25hdHVyZXMsIG5vciBkaXZlcnNpdHkgb2Ygc2lnbmluZyBhbmQgaGFzaGluZyBhbGdv
cml0aG1zLCB0aG91Z2ggdGhlcmUgaXMgbm90aGluZyBpbiBkcmFmdC1tb3Jhbi1zdWl0LW1hbmlm
ZXN0LTAwIHRoYXQgc2hvdWxkIHByZXZlbnQNCiBlaXRoZXIgb2YgdGhlc2UgY29uY2VwdHMgZnJv
bSB3b3JraW5nLiBPbiBjb25zdHJhaW5lZCBkZXZpY2VzLCBkaXZlcnNpdHkgb2YgY3J5cHRvZ3Jh
cGhpYyBwcmltaXRpdmVzIGlzIGEgZGlmZmljdWx0IHRyYWRlb2ZmIHNpbmNlIGNyeXB0b2dyYXBo
aWMgYWxnb3JpdGhtcywgcGFydGljdWxhcmx5IGFzeW1tZXRyaWMgb25lcywgY29uc3VtZSBhIGxv
dCBvZiBjb2RlIHNwYWNlLjwvZGl2Pg0KPGRpdj48YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCjxkaXY+
V2UgZXhwbGljaXRseSBsZWF2ZSBrZXkgcmV2b2NhdGlvbiBvdXQgb2Ygc2NvcGUuIEJlY2F1c2Ug
d2UgZG9u4oCZdCBkZWZpbmUga2V5IHByb3Zpc2lvbmluZyBtZWNoYW5pc21zLCB0aGlzIGlzIGEg
cHJvYmxlbSB0aGF0IGlzIG5vdCBzb2x2ZWQgaW4gZHJhZnQtbW9yYW4tc3VpdC1tYW5pZmVzdC0w
MC4gU2luY2UgSW9UIHBsYXRmb3JtcyBhcmUgc28gZGlzcGFyYXRlIGluIG5hdHVyZSwgaXQgaXMg
ZGlmZmljdWx0IHRvIHByZXNjcmliZSB0aGUNCiBoYW5kbGluZyBvZiBrZXlzLCBzaW5jZSBhbnkg
c3BlY2lmaWVkIG1lY2hhbmlzbSBtYXkgbm90IGJlIHByYWN0aWNhbCBmb3IgYSBnaXZlbiBhcHBs
aWNhdGlvbi48L2Rpdj4NCjxkaXY+PGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8YmxvY2txdW90ZSB0
eXBlPSJjaXRlIiBjbGFzcz0iIj4NCjxkaXYgY2xhc3M9IiI+DQo8ZGl2IGRpcj0ibHRyIiBjbGFz
cz0iIj4NCjxkaXYgY2xhc3M9IiI+PGEgaHJlZj0iaHR0cHM6Ly91cHRhbmUuZ2l0aHViLmlvLyIg
Y2xhc3M9IiI+VXB0YW5lPC9hPiBpcyBhIHZhcmlhbnQgb2YgVFVGIHdoaWNoIGlzIGVzcGVjaWFs
bHkgZGVzaWduZWQgZm9yIGF1dG9tb2JpbGVzLiBJdCBhbGxvd3MgdmVoaWNsZSBtYW51ZmFjdHVy
ZXMgdG8gY3VzdG9taXplIHdoaWNoIHVwZGF0ZXMgYXJlIGluc3RhbGxlZCBvbiB3aGljaCB2ZWhp
Y2xlcyB3aXRob3V0IGNvbXByb21pc2luZyBzZWN1cml0eS4NCiBJdCBpcyBiZWluZyBpbnRlZ3Jh
dGVkIGJ5IGF0IGxlYXN0IHRocmVlIGF1dG9tb3RpdmUgc3VwcGxpZXJzLCBpbmNsdWRpbmcgPGEg
aHJlZj0iaHR0cHM6Ly93d3cucHJuZXdzd2lyZS5jb20vbmV3cy1yZWxlYXNlcy9hdHMtaXMtaW50
ZWdyYXRpbmctdGhlLXVwdGFuZS1zZWN1cml0eS1mcmFtZXdvcmstZm9yLW92ZXItdGhlLWFpci1z
b2Z0d2FyZS11cGRhdGVzLXRvLWNvbm5lY3RlZC12ZWhpY2xlcy02MjgxNzAwNzMuaHRtbCIgY2xh
c3M9IiI+DQpBZHZhbmNlZCBUZWxlbWF0aWMgU3lzdGVtczwvYT4sIExlYXIgQ29ycG9yYXRpb24s
IGFuZCA8YSBocmVmPSJodHRwczovL3d3dy5jcnVuY2hiYXNlLmNvbS9vcmdhbml6YXRpb24vb3Rh
aW5mbyIgY2xhc3M9IiI+DQpPVEFpbmZvPC9hPi48L2Rpdj4NCjxkaXYgY2xhc3M9IiI+PGJyIGNs
YXNzPSIiPg0KPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPlRoZSByZXNlYXJjaCBncm91cCBhdCBOWVUg
YW5kIEkgZmVlbCB0aGF0IG1hbnkgb2YgdGhlIGRlc2lnbiBwcmluY2lwbGVzIGJlaGluZCBVcHRh
bmUgbWF5IGJlIHVzZWQgaW4gdGhlIElvVCBkb21haW4sIGFzIHRoZXkgYXBwZWFyIHRvIGJlIHNo
YXJlIHNvbWUgb2YgdGhlIHNhbWUgcmVxdWlyZW1lbnRzLiBEZXNwaXRlIG9mZmVyaW5nIGhpZ2gg
c2VjdXJpdHksIFVwdGFuZSBpcyBmbGV4aWJsZSBlbm91Z2ggdG8gYWNjb21tb2RhdGUNCiBhIHdp
ZGUgdmFyaWV0eSBvZiBkZXBsb3ltZW50IGNvbmZpZ3VyYXRpb25zLiBGb3IgZXhhbXBsZSwgVXB0
YW5lIGlzIGFnbm9zdGljIHRvIHRoZSBwcmVjaXNlIGRhdGEgZW5jb2RpbmcgZm9ybWF0IHVzZWQg
dG8gZGVzY3JpYmUgbWV0YWRhdGEsIHNvIHRoYXQgQVNOLjEsIENCT1IsIG9yIFhNTCBtYXkgYmUg
dXNlZCBieSBkaWZmZXJlbnQgaW1wbGVtZW50b3JzLjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwv
YmxvY2txdW90ZT4NCjxkaXY+PGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8ZGl2PkkgYWdyZWUuIEkg
dGhpbmsgdGhlcmUgaXMgYSBsb3Qgb2Ygb3ZlcmxhcCBiZXR3ZWVuIG91ciB0d28gYXBwcm9hY2hl
cyBhbmQgdGhlcmUgaXMgbGlrZWx5IGEgbG90IG9mIGNvbGxhYm9yYXRpb24gd2UgY2FuIGRvLjwv
ZGl2Pg0KPGJyIGNsYXNzPSIiPg0KPGJsb2NrcXVvdGUgdHlwZT0iY2l0ZSIgY2xhc3M9IiI+DQo8
ZGl2IGNsYXNzPSIiPg0KPGRpdiBkaXI9Imx0ciIgY2xhc3M9IiI+DQo8ZGl2IGNsYXNzPSIiPk1v
cmUgaW5mb3JtYXRpb24gYWJvdXQgVFVGIGlzIGF2YWlsYWJsZSBhdDogPGEgaHJlZj0iaHR0cHM6
Ly93d3cudGhldXBkYXRlZnJhbWV3b3JrLmNvbS8iIGNsYXNzPSIiPg0KaHR0cHM6Ly93d3cudGhl
dXBkYXRlZnJhbWV3b3JrLmNvbS88L2E+PC9kaXY+DQo8ZGl2IGNsYXNzPSIiPjxiciBjbGFzcz0i
Ij4NCjwvZGl2Pg0KPGRpdiBjbGFzcz0iIj5Nb3JlIGluZm9ybWF0aW9uIGFib3V0IFVwdGFuZSwg
YSB2YXJpYW50IG9mIFRVRiBmb3IgYXV0b21vYmlsZXMsIGlzIGF2YWlsYWJsZSBhdDoNCjxhIGhy
ZWY9Imh0dHBzOi8vdXB0YW5lLmdpdGh1Yi5pby8iIGNsYXNzPSIiPmh0dHBzOi8vdXB0YW5lLmdp
dGh1Yi5pby88L2E+PC9kaXY+DQo8ZGl2IGNsYXNzPSIiPjxiciBjbGFzcz0iIj4NCjwvZGl2Pg0K
PGRpdiBjbGFzcz0iIj5NeSB0aGVzaXMgb24gVFVGIGFuZCBVcHRhbmUgaXMgYXZhaWxhYmUgYXQ6
Jm5ic3A7PGEgaHJlZj0iaHR0cHM6Ly9kcml2ZS5nb29nbGUuY29tL2ZpbGUvZC8wQjUtOU1FUTBT
UU4yU2pkbWRVeHVlVGhRTm1NL3ZpZXc/dXNwPXNoYXJpbmciIGNsYXNzPSIiPmh0dHBzOi8vZHJp
dmUuZ29vZ2xlLmNvbS9maWxlL2QvMEI1LTlNRVEwU1FOMlNqZG1kVXh1ZVRoUU5tTS92aWV3P3Vz
cD1zaGFyaW5nPC9hPjwvZGl2Pg0KPGRpdiBjbGFzcz0iIj48YnIgY2xhc3M9IiI+DQo8L2Rpdj4N
CjxkaXYgY2xhc3M9IiI+DQo8ZGl2IGNsYXNzPSIiPldlIGhvcGUgdG8gY29sbGFib3JhdGUgd2l0
aCB5b3Ugb24gZGVzaWduaW5nIGEgc2VjdXJlIHlldCBmbGV4aWJsZSBzb2Z0d2FyZSB1cGRhdGUg
c3RhbmRhcmQgZm9yIElvVC4gSW4gcGFydGljdWxhciwgd2UgYXJlIGludGVyZXN0ZWQgaW4gbGVh
cm5pbmcgYWJvdXQgdW5pcXVlIGNoYWxsZW5nZXMgaW4gdGhpcyBkb21haW4gdGhhdCBwZXJ0YWlu
IHRvIHNvZnR3YXJlIHVwZGF0ZXMuIFdlIGxvb2sgZm9yd2FyZCB0byBoZWFyaW5nDQogZnJvbSB5
b3UhPC9kaXY+DQo8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+PGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8
L2Rpdj4NCjwvZGl2Pg0KPC9ibG9ja3F1b3RlPg0KPGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8ZGl2
PkkgdGhpbmsgdGhhdCBUVUYgYW5kIFN1aXQgY292ZXIgbWFueSBvZiB0aGUgc2FtZSBnb2Fscy4g
SSB0aGluayB0aGF0IG91ciB0aHJlYXQgbW9kZWxzIGFyZSBsYXJnZWx5IGNvbXBhdGlibGU7IEni
gJl2ZSBqdXN0IGZpbmlzaGVkIHNlbmRpbmcgb3V0IHRoZSB0aHJlYXQgbW9kZWwgdGhhdCB3ZSB1
c2VkIGZvciB0aGUgc3VpdCBtYW5pZmVzdCBkcmFmdC4gSSBmdWxseSBhbnRpY2lwYXRlIHRoYXQg
eW91IGNvdWxkIGNvbnN0cnVjdCBhIFRVRiBlbmRwb2ludA0KIHVzaW5nIHRoZSBTdWl0IG1hbmlm
ZXN0LjwvZGl2Pg0KPC9kaXY+DQo8ZGl2Pg0KPGRpdiBjbGFzcz0iIj48YnIgY2xhc3M9IiI+DQo8
L2Rpdj4NCjwvZGl2Pg0KPGRpdiBjbGFzcz0iIj4NCjxkaXYgY2xhc3M9IiI+PGJyIGNsYXNzPSIi
Pg0KPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPkJ5IHRoZSB3YXkgaXQgaXMgd3JpdHRlbiwgSSB0aGlu
ayBpdCBpcyBmYWlyIHRvIHNheSB0aGF0IFRVRiBpcyBsYXJnZWx5IGFpbWVkIGF0IGhpZ2gtYmFu
ZHdpZHRoIG5ldHdvcmtzIGFuZCBob21vZ2Vub3VzIHRoaWNrIGNsaWVudHMsIHBhcnRpY3VsYXJs
eSB3aXRoIGh1bWFuIGludGVyZmFjZS4gVXB0YW5lIGRlYWxzIHdpdGggbWFueSBvZiB0aGVzZSBp
c3N1ZXMuIFRoZSBwcm9ibGVtIGlzIGRpZmZlcmVudCBpbiB0aGUgSW9UDQogc3BhY2UuIEZvciBl
eGFtcGxlLCBUVUYgc2F5czombmJzcDs8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+PGJyIGNsYXNzPSIi
Pg0KPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPiZndDsgMS44LiZuYnNwO0NoZWNrIGZvciBhIGZyZWV6
ZSBhdHRhY2suJm5ic3A7PC9kaXY+DQo8ZGl2IGNsYXNzPSIiPiZndDsgVGhlIGxhdGVzdCBrbm93
biB0aW1lIHNob3VsZCBiZSBsb3dlciB0aGFuIHRoZSBleHBpcmF0aW9uIHRpbWVzdGFtcCBpbiB0
aGUgdHJ1c3RlZCByb290IG1ldGFkYXRhIGZpbGUuPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPjxiciBj
bGFzcz0iIj4NCjwvZGl2Pg0KPGRpdiBjbGFzcz0iIj5BbiBJb1QgZGV2aWNlIG1heSBub3Qga25v
dyB0aGUgdGltZSBvciwgaWYgaXQgZG9lcywgdGhlIHRpbWUgbWF5IGJlIGNvbnNpZGVyZWQgc3Vz
cGVjdCB1bmxlc3MgYSBzZWN1cmUgdGltZSBzb3VyY2UgaXMgYXZhaWxhYmxlIChhbmQgaW5kZWVk
IHRoaXMgaXMgdGhlIHNvbHV0aW9uIHRoYXQgVXB0YW5lIHNlZW1zIHRvIHJlY29tbWVuZCkuIFRo
YXQgY3JlYXRlcyBhIG5ldyB0cnVzdCByZWxhdGlvbnNoaXAgdGhhdCBtdXN0IGFsc28NCiBiZSBt
YW5hZ2VkLiBUaGlzIGlzIGZhciBtb3JlIHByb2JsZW1hdGljIG9uIGFuIElvVCBkZXZpY2UsIHNp
bmNlIGEgdXNlciB3b3VsZCB0eXBpY2FsbHkgbm90IGhhdmUgdGltZSBzZXQgd3JvbmcgYnkgbW9y
ZSB0aGFuIGEgZmV3IGhvdXJzLCB3aGljaCBhcmUgbW9zdGx5IGlycmVsZXZhbnQgaW4ga2V5IHJv
dGF0aW9uIHNjaGVkdWxlcy4gSW4gSW9UIGRldmljZXMgd2l0aG91dCByZWFsdGltZSBjbG9ja3Ms
IHRoZXkgbXVzdCBvYnRhaW4gYSB0cnVzdGVkDQogdGltZSBhdCBlYWNoIHBvd2VyLW9uIGZvciBh
bnkgaW1wbGljaXQga2V5IHJldm9jYXRpb24sIG9yIGZyZWV6ZSBhdHRhY2sgZGV0ZWN0aW9uIHRv
IHdvcmsuPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPjxiciBjbGFzcz0iIj4NCjwvZGl2Pg0KPGRpdiBj
bGFzcz0iIj5UVUYgZG9lc27igJl0IHNwZWNpZnkgYW55IHdheSB0byBwZXJmb3JtIG1hdGNoaW5n
IG9mIHRhcmdldCBoYXJkd2FyZSwgYnV0IFVwdGFuZSBoYW5kbGVzIHRoaXMgaW4gdGhlIEN1c3Rv
bSBibG9jayBvZiBUYXJnZXRzLjwvZGl2Pg0KPGRpdiBjbGFzcz0iIj48YnIgY2xhc3M9IiI+DQo8
L2Rpdj4NCjxkaXYgY2xhc3M9IiI+VFVG4oCZcyBzcGVjaWZpY2F0aW9uIHJlcXVpcmVzIHRoZSBl
eGlzdGVuY2Ugb2YgYSBmaWxlc3lzdGVtLCBob3dldmVyIEnigJltIHN1cmUgeW91IGNvdWxkIGNv
bnN0cnVjdCBhIHJlYXNvbmFibGUgVFVGIGVuZHBvaW50IHdoaWxlIGlnbm9yaW5nIHRoaXMuIFRV
RiBhbHNvIHNwZWNpZmllcyBhIHNpZ25hdHVyZSB2ZXJpZmljYXRpb24gb3ZlcmhlYWQgdGhhdCBp
cyBwcm9ibGVtYXRpYyBmb3IgSW9ULiBCYXNlZCBvbiB0aGUgVFVGDQogdXBkYXRlIHByb2Nlc3Mg
b3V0bGluZWQgaGVyZTombmJzcDs8YSBocmVmPSJodHRwczovL2dpdGh1Yi5jb20vdGhldXBkYXRl
ZnJhbWV3b3JrL3NwZWNpZmljYXRpb24vYmxvYi9tYXN0ZXIvdHVmLXNwZWMubWQjNS1kZXRhaWxl
ZC13b3JrZmxvd3MiIGNsYXNzPSIiPmh0dHBzOi8vZ2l0aHViLmNvbS90aGV1cGRhdGVmcmFtZXdv
cmsvc3BlY2lmaWNhdGlvbi9ibG9iL21hc3Rlci90dWYtc3BlYy5tZCM1LWRldGFpbGVkLXdvcmtm
bG93czwvYT4sIEkgY291bnQNCiBhIG1pbmltdW0gb2YgMyBzaWduYXR1cmUgdmVyaWZpY2F0aW9u
cyBmb3IgYSBmaXJzdC10aW1lIHVwZGF0ZTo8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+PGJyIGNsYXNz
PSIiPg0KPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPlQgKiAoTiAmIzQzOyAzKSBzaWduYXR1cmUgdmVy
aWZpY2F0aW9uczwvZGl2Pg0KPGRpdiBjbGFzcz0iIj48YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCjxk
aXYgY2xhc3M9IiI+V2hlcmU6PC9kaXY+DQo8ZGl2IGNsYXNzPSIiPiogdGhlcmUgYXJlIE4gaW50
ZXJtZWRpYXRlIHJvb3QgbWV0YWRhdGEgZmlsZXMsPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPiogdGhl
cmUgaXMgMSB0aW1lc3RhbXAgZmlsZTwvZGl2Pg0KPGRpdiBjbGFzcz0iIj4qIHRoZXJlIGlzIDEg
c25hcHNob3QgZmlsZTwvZGl2Pg0KPGRpdiBjbGFzcz0iIj4qIHRoZXJlIGlzIDEgdGFyZ2V0cyBm
aWxlPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPiogYSB0aHJlc2hvbGQgb2YgVCBzaWduYXR1cmVzIGFy
ZSBuZWVkZWQgKEnigJltIGFzc3VtaW5nIGl04oCZcyB0aGUgc2FtZSBmb3IgYWxsIGZpbGVzLCBi
dXQgdGhpcyBtYXkgbm90IGJlIHRoZSBjYXNlKTwvZGl2Pg0KPGRpdiBjbGFzcz0iIj48YnIgY2xh
c3M9IiI+DQo8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+RXZlbiB3aXRoIGEgcmVsYXRpdmVseSBtb2Rl
c3QgbnVtYmVyIG9mIHJvb3QgbWV0YWRhdGEgZmlsZXMsIGFuZCBhIHNtYWxsIG51bWJlciBmb3Ig
VCwgdGhpcyBjb3VsZCBjb25zdW1lIGEgc2lnbmlmaWNhbnQgcXVhbnRpdHkgb2YgYSBiYXR0ZXJ5
LXBvd2VyZWQgZGV2aWNl4oCZcyBsaWZldGltZSBwb3dlciBidWRnZXQuPC9kaXY+DQo8L2Rpdj4N
CjxkaXYgY2xhc3M9IiI+PGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8ZGl2IGNsYXNzPSIiPk9uZSBv
dGhlciBjb25zaWRlcmF0aW9uIGZvciBJb1QgZGV2aWNlcyBpcyB0aGF0IHdyaXRpbmcgdG8gZmxh
c2ggaXMgYW4gZXhwZW5zaXZlIG9wZXJhdGlvbi4gVGhpcyBtZWFucyB0aGF0IGl0IHNob3VsZCBi
ZSBsaW1pdGVkLCBwYXJ0aWN1bGFybHkgd2hlbiBhIGRldmljZSBtYXkgYmUgdW5kZXIgYXR0YWNr
LiBUaGlzIGlzIHdoeSB3ZSBzcGVjaWZ5IG1ldGFkYXRhIHRoYXQgY2FuIGVhc2lseSBmaXQgaW4g
UkFNLCB3aXRoDQogbm8gYXR0YWNoZWQgcGF5bG9hZC4gVGhpcyBhbGxvd3Mgc2lnbmF0dXJlIHZl
cmlmaWNhdGlvbiBwcmlvciB0byBzdG9yYWdlIG9uIGNvbnN0cmFpbmVkIGRldmljZXMuPC9kaXY+
DQo8ZGl2IGNsYXNzPSIiPjxiciBjbGFzcz0iIj4NCjwvZGl2Pg0KPGRpdiBjbGFzcz0iIj5UaGUg
dGllcmVkIG1ldGFkYXRhIGFwcHJvYWNoIGluIFRVRiBpcyBpbnRlcmVzdGluZy4gUHJldmlvdXNs
eSwgSSBoYWQgY29uc2lkZXJlZCB0aGUgZGV2aWNlLXNpZGUg4oCccG9saWNpZXPigJ0gb2YgaG93
IHRvIGFwcGx5IHVwZGF0ZXMgKHN1Y2ggYXMgaG93IG1hbnkgc2lnbmF0dXJlcyB0byByZXF1aXJl
KSB0byBiZSBhIGZpcm13YXJlIHByb2JsZW0sIGJ1dCBpdCBjb3VsZCBiZSBkb25lIHdpdGggc2ln
bmVkIG1ldGFkYXRhIGFzDQogd2VsbC4gSSB0aGluayB0aGF0IGZvciB0aGUgbW9zdCBjb25zdHJh
aW5lZCBjbGllbnRzLCBsZWF2aW5nIHBvbGljaWVzIGluIGZpcm13YXJlIGlzIGxpa2VseSB0aGUg
YmVzdCBjaG9pY2UsIHN0aWxsLjwvZGl2Pg0KPGRpdiBjbGFzcz0iIj48YnIgY2xhc3M9IiI+DQo8
L2Rpdj4NCjxkaXYgY2xhc3M9IiI+QmVzdCBSZWdhcmRzLDwvZGl2Pg0KPGRpdiBjbGFzcz0iIj5C
cmVuZGFuPC9kaXY+DQpJTVBPUlRBTlQgTk9USUNFOiBUaGUgY29udGVudHMgb2YgdGhpcyBlbWFp
bCBhbmQgYW55IGF0dGFjaG1lbnRzIGFyZSBjb25maWRlbnRpYWwgYW5kIG1heSBhbHNvIGJlIHBy
aXZpbGVnZWQuIElmIHlvdSBhcmUgbm90IHRoZSBpbnRlbmRlZCByZWNpcGllbnQsIHBsZWFzZSBu
b3RpZnkgdGhlIHNlbmRlciBpbW1lZGlhdGVseSBhbmQgZG8gbm90IGRpc2Nsb3NlIHRoZSBjb250
ZW50cyB0byBhbnkgb3RoZXIgcGVyc29uLCB1c2UgaXQgZm9yIGFueSBwdXJwb3NlLA0KIG9yIHN0
b3JlIG9yIGNvcHkgdGhlIGluZm9ybWF0aW9uIGluIGFueSBtZWRpdW0uIFRoYW5rIHlvdS4NCjwv
Ym9keT4NCjwvaHRtbD4NCg==

--_000_59D85B3EF8384FBC901282ABC997024Barmcom_--


From nobody Fri Nov 10 13:43:27 2017
Return-Path: <cabo@tzi.org>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 55B6B1294B7 for <suit@ietfa.amsl.com>; Fri, 10 Nov 2017 13:43:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 61bmtQ3AusbZ for <suit@ietfa.amsl.com>; Fri, 10 Nov 2017 13:43:24 -0800 (PST)
Received: from mailhost.informatik.uni-bremen.de (mailhost.informatik.uni-bremen.de [IPv6:2001:638:708:30c9::12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1EDA8126BF3 for <suit@ietf.org>; Fri, 10 Nov 2017 13:43:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at informatik.uni-bremen.de
Received: from submithost.informatik.uni-bremen.de (submithost.informatik.uni-bremen.de [IPv6:2001:638:708:30c9::b]) by mailhost.informatik.uni-bremen.de (8.14.5/8.14.5) with ESMTP id vAALhJBp014984; Fri, 10 Nov 2017 22:43:19 +0100 (CET)
Received: from dhcp-9924.meeting.ietf.org (dhcp-9924.meeting.ietf.org [31.133.153.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by submithost.informatik.uni-bremen.de (Postfix) with ESMTPSA id 3yYYS50vZmzDWYq; Fri, 10 Nov 2017 22:43:16 +0100 (CET)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <CAJa2m-pjbm_C9x-pM1sVyuFr1_Bk5hE-TZgVQk0WCAcuvcngAw@mail.gmail.com>
Date: Sat, 11 Nov 2017 05:43:11 +0800
Cc: suit@ietf.org, Shikhar Sakhuja <ss9131@nyu.edu>, Justin Cappos <jcappos@nyu.edu>, Sebastien Awwad <sebastienawwad@gmail.com>, Vladimir Diaz <vladimir.v.diaz@gmail.com>, Ariella C Feuchtwanger <acf469@nyu.edu>
X-Mao-Original-Outgoing-Id: 532042991.435232-787da5a8c162cee91a057f4656196d64
Content-Transfer-Encoding: quoted-printable
Message-Id: <CD2EE148-045E-4056-A87F-33B0AB625851@tzi.org>
References: <CAJa2m-pjbm_C9x-pM1sVyuFr1_Bk5hE-TZgVQk0WCAcuvcngAw@mail.gmail.com>
To: Trishank Karthik Kuppusamy <trishank@nyu.edu>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/tH1wrclquveYGOb3SMZAdyQg5Jc>
Subject: Re: [Suit] Towards building a secure software update standard for IoT
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Nov 2017 21:43:26 -0000

At the HRPC RG meeting on Friday, there will be talk on Chainiac [1].

I think there is a lot we can learn from the ongoing academic work on =
software updating.
We do need to find a translation of these principles to the IoT, though, =
and Brendan has started pointing out some technical considerations.  =
There may also be differences in the kinds of stakeholders involved =
which lead to different security workflows.

For SUIT, we may want to layer the approach a bit so we can separate =
properties of the software update itself from the signed claims we need =
about (1) its provenance and (2) its appropriateness for installation at =
the specific device targeted.

Gr=C3=BC=C3=9Fe, Carsten

[1]: =
https://www.usenix.org/conference/usenixsecurity17/technical-sessions/pres=
entation/nikitin


From nobody Fri Nov 10 14:08:26 2017
Return-Path: <cabo@tzi.org>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D1891200E5 for <suit@ietfa.amsl.com>; Fri, 10 Nov 2017 14:08:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wmSHwRK3updM for <suit@ietfa.amsl.com>; Fri, 10 Nov 2017 14:08:24 -0800 (PST)
Received: from mailhost.informatik.uni-bremen.de (mailhost.informatik.uni-bremen.de [IPv6:2001:638:708:30c9::12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C95CB128C9C for <suit@ietf.org>; Fri, 10 Nov 2017 14:08:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at informatik.uni-bremen.de
Received: from submithost.informatik.uni-bremen.de (submithost.informatik.uni-bremen.de [134.102.201.11]) by mailhost.informatik.uni-bremen.de (8.14.5/8.14.5) with ESMTP id vAAM8HxB005001; Fri, 10 Nov 2017 23:08:17 +0100 (CET)
Received: from dhcp-9924.meeting.ietf.org (dhcp-9924.meeting.ietf.org [31.133.153.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by submithost.informatik.uni-bremen.de (Postfix) with ESMTPSA id 3yYZ0w15jYzDWZ1; Fri, 10 Nov 2017 23:08:15 +0100 (CET)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <2360.1510336359@obiwan.sandelman.ca>
Date: Sat, 11 Nov 2017 06:08:12 +0800
Cc: Brendan Moran <Brendan.Moran@arm.com>, "suit@ietf.org" <suit@ietf.org>
X-Mao-Original-Outgoing-Id: 532044492.419073-9541c7369a0e14115884254324b8dcaf
Content-Transfer-Encoding: quoted-printable
Message-Id: <C72222DC-F217-4658-8C56-E20CEFC99E1C@tzi.org>
References: <21176.1510325360@obiwan.sandelman.ca> <0C94DD02-3E70-41B2-B594-F500DD14E4C7@arm.com> <2360.1510336359@obiwan.sandelman.ca>
To: Michael Richardson <mcr+ietf@sandelman.ca>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/y7z8aZSyIhOm1qxm-1g-BOtIaBY>
Subject: Re: [Suit] Quantum resistance in firmware formats
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Nov 2017 22:08:25 -0000

On Nov 11, 2017, at 01:52, Michael Richardson <mcr+ietf@sandelman.ca> =
wrote:
>=20
>> To keep the boot loader simple, you can terminate the trust
>> relationship with the update authority in the suit client. If =
that=E2=80=99s
>> the case, then the boot loader can work with MAC instead. This does =
not
>> provide for a full secure-boot story, but it does provide for updated
>> cryptographic primitives.
>=20
> I'm not sure I understand what you are saying here.
> I think you are talking about secure boot (validating the image is =
good
> before booting it), vs validating the image is good before storing it =
to flash?

I think Brendan is saying that a device that delegates most of its =
authorization functions to an authorization manager may be able to use =
its security association with that to check a simple MAC on a signed =
(here really: MACed) claim by the authorization manager.

Complexity arguments about the format are important.
But we also need to keep in mind that support in the format for more =
complex validation may not be needed in specific deployments.  As long =
as there is a way to express simple cases (such as the single-MAC based =
one above) in the format without undue complexity, there is no problem =
with supporting more complex validation as well for those deployments =
that need it and can support it.

Gr=C3=BC=C3=9Fe, Carsten


From nobody Fri Nov 10 14:35:40 2017
Return-Path: <m.nakhjiri@samsung.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A39B126CBF for <suit@ietfa.amsl.com>; Fri, 10 Nov 2017 14:35:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.811
X-Spam-Level: 
X-Spam-Status: No, score=-6.811 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral (1024-bit key) reason="invalid (public key: does not support hash algorithm 'sha256')" header.d=samsung.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d1XZYuQ-BP19 for <suit@ietfa.amsl.com>; Fri, 10 Nov 2017 14:35:35 -0800 (PST)
Received: from mailout1.w2.samsung.com (mailout1.w2.samsung.com [211.189.100.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CA2211241F5 for <suit@ietf.org>; Fri, 10 Nov 2017 14:35:35 -0800 (PST)
Received: from uscas1p1.samsung.com (unknown [182.198.245.206]) by mailout1.w2.samsung.com (KnoxPortal) with ESMTP id 20171110223534usoutp01dfcee87e9c34881097d8a595cfa30b7a~12lr0G_NA3070030700usoutp01f for <suit@ietf.org>; Fri, 10 Nov 2017 22:35:34 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 mailout1.w2.samsung.com 20171110223534usoutp01dfcee87e9c34881097d8a595cfa30b7a~12lr0G_NA3070030700usoutp01f
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=samsung.com; s=mail20170921; t=1510353334; bh=HDlkNsC08bw9BtXdbkbB+yk0C5+SeLI6xCirBdGpkOM=; h=From:To:Subject:Date:References:From; b=KUedqCKt3JVZaEia6uhIMQtNOrU8Eo9R8GQ4RgSufDE26i2QqR6k7wkZgl7dmePHh BMezO+7qTjtTrYn0v/F+996xBKWMS5Ltp2HkY5BAVUPi8FG0cKJbo9YTV73z8dPhlP 9uv4T9ACjPvCBV6KoNrgWsg57dTmnT/habj1nqc0=
Received: from ussmges1.samsung.com (u109.gpu85.samsung.co.kr [203.254.195.109]) by uscas1p2.samsung.com (KnoxPortal) with ESMTP id 20171110223533uscas1p21655f4dbe657aae624de8c7747f767a2~12lrbEHr72891428914uscas1p2F for <suit@ietf.org>; Fri, 10 Nov 2017 22:35:33 +0000 (GMT)
Received: from uscas1p2.samsung.com ( [182.198.245.207]) by ussmges1.samsung.com (USCPEMTA) with SMTP id 17.15.32262.5B9260A5; Fri, 10 Nov 2017 17:35:33 -0500 (EST)
Received: from ussmgxs1.samsung.com (u122.gpu85.samsung.co.kr [203.254.195.122]) by uscas1p1.samsung.com (KnoxPortal) with ESMTP id 20171110223533uscas1p149fc0bf1a9945d37329f99fa4c97191e~12lrKJDLw1825718257uscas1p1_ for <suit@ietf.org>; Fri, 10 Nov 2017 22:35:33 +0000 (GMT)
X-AuditID: cbfec36d-f79696d000007e06-c3-5a0629b5a73f
Received: from usmmp2.samsung.com ( [203.254.195.78]) by ussmgxs1.samsung.com (USCPEXMTA) with SMTP id 63.20.03147.5B9260A5; Fri, 10 Nov 2017 17:35:33 -0500 (EST)
Received: from SSI-EX3.ssi.samsung.com ([105.128.2.145]) by usmmp2.samsung.com (Oracle Communications Messaging Server 7.0.5.31.0 64bit (built May  5 2014)) with ESMTP id <0OZ800J86438IK70@usmmp2.samsung.com> for suit@ietf.org; Fri, 10 Nov 2017 17:35:33 -0500 (EST)
Received: from SSI-EX3.ssi.samsung.com (105.128.2.228) by SSI-EX3.ssi.samsung.com (105.128.2.228) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.1.669.32; Fri, 10 Nov 2017 14:35:31 -0800
Received: from SSI-EX3.ssi.samsung.com ([fe80::8d80:5816:c578:8c36]) by SSI-EX3.ssi.samsung.com ([fe80::8d80:5816:c578:8c36%3]) with mapi id 15.01.0669.032; Fri, 10 Nov 2017 14:35:31 -0800
From: Madjid Nakhjiri <m.nakhjiri@samsung.com>
To: "suit@ietf.org" <suit@ietf.org>
Thread-topic: Feedback/ comments on moran-suit-architecture
Thread-index: AQHTWnQ3dXo+ZwOWZUW3U3xb08I8gg==
Date: Fri, 10 Nov 2017 22:35:31 +0000
Message-id: <D62B69B1.1118B%m.nakhjiri@ssi.samsung.com>
Accept-Language: en-US
Content-language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-ms-exchange-messagesentrepresentingtype: 1
X-Originating-IP: [105.128.2.176]
Content-type: text/plain; charset="iso-8859-1"
Content-id: <6559B559BBBD0941A45AC9F7D4A5982B@ssi.samsung.com>
Content-transfer-encoding: quoted-printable
MIME-version: 1.0
X-CFilter-Loop: Reflected
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmpkleLIzCtJLcpLzFFi42LZduzred2tmmxRBic+aFnMPHqb0YHRY8mS n0wBjFFcNimpOZllqUX6dglcGbcu97MXbBao6Nl9ga2BcTpvFyMnh4SAicSiQwuYIWwxiQv3 1rN1MXJxCAksY5TYtOQ1K4Qzg0ni6asWli5GDrCOl4fZ4Yrall5lB+kWEuhnkjg5mRMi8ZFR YnPLVqiqA4wSe36eAKtiE9CT2D9vBtg+EQFliZezH4PZwgJmEgtnLmaHiFtLXP/bxAJh60nc PriPCWQzi4CqxOSnCSBhXgFziVcPbzKB2IxAZ38/tQbMZhYQl2huvckC8Y6gxKLZe+Be+7fr IRuErSNx9voTRghbUeJ5y0lGiF49iSsNJ1ggbDuJI/uvQsW1JZ68u8AKsVdQ4sfke1DzJSUO rrgBZV9nk1h+UwvCdpHYu+4bE4QtLPHq+Bagt9iBbBmJR3IQ0WqJT2+ms0xgVJ+F5OhZSI6Y heSIWUiOmIXkiAWMrKsYRUqLi3PTU4sN9YoTc4tL89L1kvNzNzECE8bpf4dzdzDO3h1wiFGA g1GJh/fDXZYoIdbEsuLK3EOMEhzMSiK8gfNYo4R4UxIrq1KL8uOLSnNSiw8xSnOwKInzKsxc HSkkkJ5YkpqdmlqQWgSTZeLglGpgjONmb+GMLpnxVLe5uc2uKrj5xLWAd0qGxx7tdNXeXbvz ec6HBSz8S5ayrb6+/aNNRrtIrYPl7asNafOmhCswrgz5UyTkZvSU4+7X19UdqY8iS7LfWdnt rP9jvOulMLP898nXq+67zXu1aI0sfy2L7pplW6u6eBf8PTfjxEcO53T7yYk52jcslViKMxIN tZiLihMBOoAMtBQDAAA=
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrEIsWRmVeSWpSXmKPExsVy+t9hP92tmmxRBs+2SlrMPHqb0YHRY8mS n0wBjFFcNimpOZllqUX6dglcGbcu97MXbBao6Nl9ga2BcTpvFyMHh4SAicTLw+xdjJxAppjE hXvr2boYuTiEBJYwSvx53cUK4fQzSXSd2cgE4XxklNj0/xE7hHOAUeLF1qlg/WwCehL7581g BrFFBJQlXs5+DGYLC5hJLJy5mB0ibi1x/W8TC4StJ3H74D4mkDNYBFQlJj9NAAnzCphLvHp4 kwnEZgQ66fupNWA2s4C4RHPrTRaIUwUkluw5zwxhi0q8fPyPFcLWkTh7/QkjhK0o8bzlJCNE r45E7/dvzBC2ncSR/Veh4toST95dYIXYKyjxY/I9qPmSEgdX3GCZwCgxC8nqWUhGzUIyahaS UbOQjFrAyLqKUaS0uDg3vaLYUK84Mbe4NC9dLzk/dxMjJOaqdjDe+WpziFGAg1GJh/fDXZYo IdbEsuLK3EOMEhzMSiK8gfNYo4R4UxIrq1KL8uOLSnNSiw8xSnOwKInzbtyzOlJIID2xJDU7 NbUgtQgmy8TBKdXAaL6M+9fExDg1X5Ot5VoPWeJqFMKcRCrC14fnMpfvUhJ+PuHsPdboev+V M46z7Y/bLjk94Ko714Y/84IUpXO0NC4/v5MiZLyo6+t0XtuUxp0iji0aT/nmhRvXmCQ5avtw tu/YIPHD5pfP3NdLL99vWlW37PamGrbYz+enteaxzZWJOJ141uCREktxRqKhFnNRcSIAUJ9N x7UCAAA=
X-CMS-MailID: 20171110223533uscas1p149fc0bf1a9945d37329f99fa4c97191e
X-Msg-Generator: CA
CMS-TYPE: 301P
X-CMS-RootMailID: 20171110223533uscas1p149fc0bf1a9945d37329f99fa4c97191e
X-RootMTR: 20171110223533uscas1p149fc0bf1a9945d37329f99fa4c97191e
References: <CGME20171110223533uscas1p149fc0bf1a9945d37329f99fa4c97191e@uscas1p1.samsung.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/z4Pzf25gDqgvbtko698ffV5f0eY>
Subject: [Suit] Feedback/ comments on moran-suit-architecture
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Nov 2017 22:35:38 -0000

Hi all, suit-architecture authors

I reviewed the draft and have some comments. I had originally embedded the =
comments in a txt file and sent to Hannes, but he asked to send to the list=
 and I am assuming the list does not accept attachment, so here it is. Sorr=
y for the long-winded list.

Introduction:
I wonder if 3rd use case is "Augmenting uninitiated devices with provisioni=
ng and configuration data from service operators"

Section 3.2 on broadcast delivery not relying on transport security. True a=
nd it should be pointed out:
integrity or confidentiality protection mechanisms should be applied during=
 image preparation and later installation process, instead. The same applie=
s for requirements regarding authorization for receiving the update by devi=
ces.
Note: I am wondering what the use case for FW update broadcast in true sens=
e is?

Section 3.3 regarding "the information that is encrypted individually for e=
ach device must be an absolute
   minimum."
This is hard to meet if the entire firmware image has to be protected.

Regarding "All information necessary for a device to make a decision about =
the
   installation of an update must fit into the available RAM of a
   constrained IoT device.  This prevents flash write exhaustion."

I am not clear on this ,if I hash the entire image and sign the hash, what =
is "all information necessary" in that case?
Are we saying all image has to fit in the RAM when the hash is being calcul=
ated? What if it resides on external flash?

Section 3.4
To be added IMO: download/distribution servers shall properly log informati=
on on download operation along with relevant metadata, such as device ident=
ity, FW metadata (manifest), result of download. Access to the logs shall b=
e protected through proper IAM mechanisms.


Section 6
Manifest should include "signing time" and version of image, so it can read=
ily be available for distribution servers w/o having to parse the image bef=
ore sending..


Regards,
Madjid Nakhjiri,
Sr. Director, ARTIK Security Architect


From nobody Fri Nov 10 14:48:20 2017
Return-Path: <housley@vigilsec.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C5A6126579 for <suit@ietfa.amsl.com>; Fri, 10 Nov 2017 14:48:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hsrRz4ifFSeH for <suit@ietfa.amsl.com>; Fri, 10 Nov 2017 14:48:18 -0800 (PST)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EA1EF126C25 for <suit@ietf.org>; Fri, 10 Nov 2017 14:48:17 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 4D354300568 for <suit@ietf.org>; Fri, 10 Nov 2017 17:48:17 -0500 (EST)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id zOwosZVfs6N0 for <suit@ietf.org>; Fri, 10 Nov 2017 17:48:16 -0500 (EST)
Received: from a860b60074bd.home (pool-108-45-101-150.washdc.fios.verizon.net [108.45.101.150]) by mail.smeinc.net (Postfix) with ESMTPSA id 5A9E9300526; Fri, 10 Nov 2017 17:48:16 -0500 (EST)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <8387.1510337691@obiwan.sandelman.ca>
Date: Fri, 10 Nov 2017 17:48:14 -0500
Cc: suit@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <6FFC42C7-5049-432B-B608-598D2596B3A2@vigilsec.com>
References: <21176.1510325360@obiwan.sandelman.ca> <74B896C8-2C93-4AEB-9508-69E8CE5CB7CE@vigilsec.com> <8387.1510337691@obiwan.sandelman.ca>
To: Michael Richardson <mcr+ietf@sandelman.ca>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/yR9WAXvtL_SeWsZZ_BYNybq6BhY>
Subject: Re: [Suit] Quantum resistance in firmware formats
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Nov 2017 22:48:19 -0000

>> Please take a look at draft-housley-cms-mts-hash-sig-07.  It show how
>> hash-based signatures would be used with RFC 4108.
>=20
> Yes, I had no doubt that we had options we could include.
>=20
> For a bootloader that won't get updated ever for the lifetime (20yr) =
of a
> device, do you think that mts-hash SHOULD be a MTI?

If we do not deploy a quantum-resistant signature algorithm now, then we =
will not be able to trust the signature on the firmware that deploys the =
next generation of cryptographic algorithm after a large-scale quantum =
computer gets invented.  We need to deploy this protection now.  We will =
not get enough notice to roll it out later.  Look how long it too to =
transition away from SHA-1.

Russ


From nobody Fri Nov 10 14:55:35 2017
Return-Path: <m.nakhjiri@samsung.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA3A7126DD9 for <suit@ietfa.amsl.com>; Fri, 10 Nov 2017 14:55:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.791
X-Spam-Level: 
X-Spam-Status: No, score=-6.791 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral (1024-bit key) reason="invalid (public key: does not support hash algorithm 'sha256')" header.d=samsung.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BOCD_8S-6C_7 for <suit@ietfa.amsl.com>; Fri, 10 Nov 2017 14:55:31 -0800 (PST)
Received: from mailout2.w2.samsung.com (mailout2.w2.samsung.com [211.189.100.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 31187126579 for <suit@ietf.org>; Fri, 10 Nov 2017 14:55:30 -0800 (PST)
Received: from uscas1p2.samsung.com (unknown [182.198.245.207]) by mailout2.w2.samsung.com (KnoxPortal) with ESMTP id 20171110225529usoutp02fa156b063810902bef7089a7c5e6671a~123FcLC7-0092300923usoutp026; Fri, 10 Nov 2017 22:55:29 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 mailout2.w2.samsung.com 20171110225529usoutp02fa156b063810902bef7089a7c5e6671a~123FcLC7-0092300923usoutp026
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=samsung.com; s=mail20170921; t=1510354530; bh=fWmrYAQ01FtcRuiW5YVAc7ewbARE7RaUqkrAnNs1i/E=; h=From:To:Cc:Subject:Date:In-reply-to:References:From; b=oZpBOOprTRCSyw8ZakO07g30yF5WgSnS/SeOt/ehK/4/cj7P/NhVrlyZ1rjiQ1NhE +XLgtTmhHAS5AlhDobumDXl8108y7ApKjD3Z1hwvat7LBg8gAVqJ4gn7njQmWSiN7Z dqFqx42dBJLI1VmncUH3BIgo4r2Cvj/NP0usLewc=
Received: from ussmges3.samsung.com (u112.gpu85.samsung.co.kr [203.254.195.112]) by uscas1p2.samsung.com (KnoxPortal) with ESMTP id 20171110225529uscas1p201a4cfda1a838a5ae8bd99898be3a5a4~123E8I9Cl0757207572uscas1p2L; Fri, 10 Nov 2017 22:55:29 +0000 (GMT)
Received: from uscas1p2.samsung.com ( [182.198.245.207]) by ussmges3.samsung.com (USCPEMTA) with SMTP id 57.06.00894.06E260A5; Fri, 10 Nov 2017 17:55:28 -0500 (EST)
Received: from ussmgxs4.samsung.com (u125.gpu85.samsung.co.kr [203.254.195.125]) by uscas1p2.samsung.com (KnoxPortal) with ESMTP id 20171110225528uscas1p272d435502369cd3d4df4d9ef73a782de~123EJTjEX1756117561uscas1p2t; Fri, 10 Nov 2017 22:55:28 +0000 (GMT)
X-AuditID: cbfec370-f797d6d00000037e-bd-5a062e60e808
Received: from usmmp2.samsung.com ( [203.254.195.78]) by ussmgxs4.samsung.com (USCPEXMTA) with SMTP id 57.C0.02085.06E260A5; Fri, 10 Nov 2017 17:55:28 -0500 (EST)
Received: from SSI-EX4.ssi.samsung.com ([105.128.2.145]) by usmmp2.samsung.com (Oracle Communications Messaging Server 7.0.5.31.0 64bit (built May  5 2014)) with ESMTP id <0OZ800JKX50GII70@usmmp2.samsung.com>; Fri, 10 Nov 2017 17:55:28 -0500 (EST)
Received: from SSI-EX3.ssi.samsung.com (105.128.2.228) by SSI-EX4.ssi.samsung.com (105.128.2.229) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.1.669.32; Fri, 10 Nov 2017 14:55:26 -0800
Received: from SSI-EX3.ssi.samsung.com ([fe80::8d80:5816:c578:8c36]) by SSI-EX3.ssi.samsung.com ([fe80::8d80:5816:c578:8c36%3]) with mapi id 15.01.0669.032; Fri, 10 Nov 2017 14:55:26 -0800
From: Madjid Nakhjiri <m.nakhjiri@samsung.com>
To: Russ Housley <housley@vigilsec.com>, Michael Richardson <mcr+ietf@sandelman.ca>
Cc: "suit@ietf.org" <suit@ietf.org>
Thread-topic: [Suit] Quantum resistance in firmware formats
Thread-index: AQHTWjMeLRxOFmcmCkK5kHIWXf5Q5qMOVhoAgAAbNYCAAExiAP//e+aA
Date: Fri, 10 Nov 2017 22:55:25 +0000
Message-id: <D62B6E19.11193%m.nakhjiri@ssi.samsung.com>
In-reply-to: <6FFC42C7-5049-432B-B608-598D2596B3A2@vigilsec.com>
Accept-Language: en-US
Content-language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-ms-exchange-messagesentrepresentingtype: 1
X-Originating-IP: [105.128.2.176]
Content-type: text/plain; charset="us-ascii"
Content-id: <9B99F6652E68844CB969DF676607BF59@ssi.samsung.com>
Content-transfer-encoding: quoted-printable
MIME-version: 1.0
X-CFilter-Loop: Reflected
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprBKsWRmVeSWpSXmKPExsWy7djX87oJemxRBl+uGFu8enGT3aLnUD+7 xcyjtxkdmD2WLPnJ5NEyZw+zx6o7X1gDmKO4bFJSczLLUov07RK4Ml6+PMdYcJSzYvuXa0wN jLfZuxg5OSQETCTmHm1hhrDFJC7cW8/WxcjFISSwjFFiZd99pi5GDiCnhUmiWQim/vT7Jaxw NacOvWSBcP4ySvxs/g6V+cgocfX3KqhRBxglNn19wATSzyagJ7F/3gywfSICoRKPP09hBLGZ BZQl3n1tBrOFBawkbl3ayw5RYy3R1bIcynaT+PGqgwXEZhFQlVixqwGsnlfAXGLq/M1gMzkF HCQ+HO0DizMC/fP91BomiPniEs2tN1kgfhCUWDR7D9zP/3Y9ZIOwdSTOXn/CCGErSjxvOQl1 G1D82Doo207i9ZvvLBC2tsSTdxdYIW4QlPgx+R7UfEmJgytuQNmT2SUW9NVA2C4Sr+cugYoL S7w6voV9AqPmLCTnzUKybhaSdbOQrJuFZN0CRtZVjCKlxcW56anFxnrFibnFpXnpesn5uZsY genl9L/DBTsYH26wOsQowMGoxMPbsJw1Sog1say4MvcQowQHs5IIb+A8oBBvSmJlVWpRfnxR aU5q8SFGaQ4WJXFehZmrI4UE0hNLUrNTUwtSi2CyTBycUg2McgdK58r5m9993z1bs1XnWcIB aYPjPqL3fXwmeknPfd/yZ15zqsfbXQrZRz5ca9IxDSla0+hQVKURLvK5Iv8nU2XSpQ6he30i 2mdjy3NcSn0iphm/47vJf1DdkLFBI7mge+O7y/1bJ8x46b41dXGGasvKR40tslIPWsvzOf+L +59pifRrZVJiKc5INNRiLipOBABVo9M8KwMAAA==
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrLIsWRmVeSWpSXmKPExsVy+t9hP90EPbYog2M7ZC1evbjJbtFzqJ/d YubR24wOzB5Llvxk8miZs4fZY9WdL6wBzFFcNimpOZllqUX6dglcGS9fnmMsOMpZsf3LNaYG xtvsXYycHBICJhKn3y9hhbDFJC7cW8/WxcjFISSwhFHiwuQGdgjnL6PE/IvXmSCcj4wSra07 oJwDjBJ9S+6zgPSzCehJ7J83gxnEFhEIldix9DwTiM0soCzx7mszI4gtLGAlcevSXnaIGmuJ rpblULabxI9XHWBzWARUJVbsagCr5xUwl5g6fzMzxLJZTBLbPy0AS3AKOEh8ONoHZjMCHf79 1BqoZeISza03WSAeEpBYsuc8M4QtKvHy8T+oR3Ukzl5/wghhK0o8bznJCNGrJbF+53GoOXYS r998Z4GwtSWevLvACnGQoMSPyfeg5ktKHFxxg2UCo/QsJKtnIRk1C8moWUhGzUIyagEj6ypG kdLi4tz0imITveLE3OLSvHS95PzcTYyQSK/dwXj/q80hRgEORiUe3g93WaKEWBPLiitzDzFK cDArifAGzmONEuJNSaysSi3Kjy8qzUktPsQozcGiJM67cc/qSCGB9MSS1OzU1ILUIpgsEwen VANju+efCw1Hekw+KazlNtvSZNQyN22RutUOg82W8o9V+09KTOIMtrrAlH3z8pTf7CoP7Kf1 pGlatTLoxS3Mb1eYVMWQdUNu4/15yx9m3CwRjLrfZjC3IPjrfeNKP+mzSsu6r8w+8PLXZZO/ AtrBNrPdwz0ObBab1xshv671r9ZVo+DPG3mjsq4psRRnJBpqMRcVJwIAu9UJw/ACAAA=
X-CMS-MailID: 20171110225528uscas1p272d435502369cd3d4df4d9ef73a782de
X-Msg-Generator: CA
CMS-TYPE: 301P
X-CMS-RootMailID: 20171110224828epcas2p4b29c2e1e0a6e9eaecc89e4c6c178256c
X-RootMTR: 20171110224828epcas2p4b29c2e1e0a6e9eaecc89e4c6c178256c
References: <21176.1510325360@obiwan.sandelman.ca> <74B896C8-2C93-4AEB-9508-69E8CE5CB7CE@vigilsec.com> <8387.1510337691@obiwan.sandelman.ca> <CGME20171110224828epcas2p4b29c2e1e0a6e9eaecc89e4c6c178256c@epcas2p4.samsung.com> <6FFC42C7-5049-432B-B608-598D2596B3A2@vigilsec.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/3l4DyKp6hiqElS0xtS01gJQxR6c>
Subject: Re: [Suit] Quantum resistance in firmware formats
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Nov 2017 22:55:34 -0000

Hi Russ,=20

Has been a long time. Are there SOCs out there with quantum resistant
signature algorithm support?


Regards,
Madjid Nakhjiri,=20
Sr. Director, ARTIK Security Architect




On 11/10/17, 2:48 PM, "Suit on behalf of Russ Housley"
<suit-bounces@ietf.org on behalf of housley@vigilsec.com> wrote:

>
>>> Please take a look at draft-housley-cms-mts-hash-sig-07.  It show how
>>> hash-based signatures would be used with RFC 4108.
>>=20
>> Yes, I had no doubt that we had options we could include.
>>=20
>> For a bootloader that won't get updated ever for the lifetime (20yr) of
>>a
>> device, do you think that mts-hash SHOULD be a MTI?
>
>If we do not deploy a quantum-resistant signature algorithm now, then we
>will not be able to trust the signature on the firmware that deploys the
>next generation of cryptographic algorithm after a large-scale quantum
>computer gets invented.  We need to deploy this protection now.  We will
>not get enough notice to roll it out later.  Look how long it too to
>transition away from SHA-1.
>
>Russ
>
>_______________________________________________
>Suit mailing list
>Suit@ietf.org
>https://www.ietf.org/mailman/listinfo/suit
>


From justincappos@gmail.com  Fri Nov 10 14:56:11 2017
Return-Path: <justincappos@gmail.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B5F2B126DD9 for <suit@ietfa.amsl.com>; Fri, 10 Nov 2017 14:56:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.399
X-Spam-Level: 
X-Spam-Status: No, score=-2.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.199, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CNGvBF29IuLC for <suit@ietfa.amsl.com>; Fri, 10 Nov 2017 14:56:09 -0800 (PST)
Received: from mail-lf0-x22a.google.com (mail-lf0-x22a.google.com [IPv6:2a00:1450:4010:c07::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 84A88126CBF for <suit@ietf.org>; Fri, 10 Nov 2017 14:56:09 -0800 (PST)
Received: by mail-lf0-x22a.google.com with SMTP id b190so12673747lfg.9 for <suit@ietf.org>; Fri, 10 Nov 2017 14:56:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;  h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=mFTh5pU9fgrHtY63aYSULTRdyTyBvyyqbWLgqwZIHso=; b=mvWi3fZUo07epo1yV29BJkXdlUv+FJv/FpUF3C3ZGkl6/Djly0d8Wb7u4+yH7WHagL ROzSq7UpAasjhORz5TmjD7qyr2SKXG9ZWipw9cgmqxGwZ0+bHO57qC1qwaSLWPS8POIj lxuzUkQfAo4N1Ew0omoOc5/WmFA1vgYHPjOAyixuJ3zq3gxTlwtyB5/Q4Kuyu0Ou1QkW vxAHbyWnWd4bLHFZFu91kyW79Df4NAIUc9A6BAewRi1Xg3QWv1vwN+hs7NAetxnrTOu1 7i0QisAohVaH0jzMmGedluNFwO84CQSnKoBcDk8EGu3B4xMbmTgIdw92Pa4+8b1fNNwv GVdQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=mFTh5pU9fgrHtY63aYSULTRdyTyBvyyqbWLgqwZIHso=; b=MCetARlA1dzKcADhi2acECmTmrMX/6qu8RM17NmsocqfG5HqA2SmfgyUG027xVVgrl /TKnHMGzF75Lc2V/TimKk+kDVMD7of1YN3byfIqJ+YJ72mW/u3NzMWzEdOloDV7GKtBM pCgnpUtU9Ud488VbNKgMDxNTxivAN2jLiIh+yV7cV6cOq5J1Zut5ibKrHV9Sgpdz97su amJjOaSWjMdq+APkARGpplAME5XZSc4E2Xym1lEEG5yRV5UibK+QtTfZ7GONjuxR0W7G f7BzZ/OOme5fmUYlPediFkIYMC4ZVkPIjQ16Cl/VdNPzoYSkN3a3dhZhDSAqL6guHKOg uj6w==
X-Gm-Message-State: AJaThX588U691aNrB6XCui+ajK01hf5js0i/crvehqDzuFJHhyX9a5lQ avJCy9VWKAQrpyCzwmUmyPxZbEflj37Rvz5iV1M=
X-Google-Smtp-Source: AGs4zMYymmY5pbHm/vtMSG4MhpOucMvyStU1bXyPRkOr4pw9lAiGEuJdGqhlq8nKqmJbraPkWiUu+raUClXPo3CoROA=
X-Received: by 10.46.84.1 with SMTP id i1mr682378ljb.60.1510354567900; Fri, 10 Nov 2017 14:56:07 -0800 (PST)
MIME-Version: 1.0
Sender: justincappos@gmail.com
Received: by 10.46.46.14 with HTTP; Fri, 10 Nov 2017 14:55:47 -0800 (PST)
In-Reply-To: <CD2EE148-045E-4056-A87F-33B0AB625851@tzi.org>
References: <CAJa2m-pjbm_C9x-pM1sVyuFr1_Bk5hE-TZgVQk0WCAcuvcngAw@mail.gmail.com> <CD2EE148-045E-4056-A87F-33B0AB625851@tzi.org>
From: Justin Cappos <jcappos@nyu.edu>
Date: Fri, 10 Nov 2017 17:55:47 -0500
X-Google-Sender-Auth: PzPpswAvnsF0na6psQZ-sFdBlKM
Message-ID: <CAMVss_ou9ccQMBg_-Zz1e10sR8hA4XSGfmPY9+rq23qA0L5cEA@mail.gmail.com>
To: Carsten Bormann <cabo@tzi.org>
Cc: Trishank Karthik Kuppusamy <trishank@nyu.edu>, suit@ietf.org, Shikhar Sakhuja <ss9131@nyu.edu>,  Sebastien Awwad <sebastienawwad@gmail.com>, Vladimir Diaz <vladimir.v.diaz@gmail.com>,  Ariella C Feuchtwanger <acf469@nyu.edu>
Content-Type: multipart/alternative; boundary="f403045fbb06813583055da8d3e7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/xk2Bk9qSnN89zOnrkZXDHo8pkwc>
Subject: Re: [Suit] Towards building a secure software update standard for IoT
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Nov 2017 23:00:57 -0000

--f403045fbb06813583055da8d3e7
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Good to hear about this!  I'm an author on Chainiac as well as being the
BDFL for TUF.

We're happy to help however we can (join a call, Skype, answer questions
via email, etc.)...

Thanks,
Justin

On Fri, Nov 10, 2017 at 4:43 PM, Carsten Bormann <cabo@tzi.org> wrote:

> At the HRPC RG meeting on Friday, there will be talk on Chainiac [1].
>
> I think there is a lot we can learn from the ongoing academic work on
> software updating.
> We do need to find a translation of these principles to the IoT, though,
> and Brendan has started pointing out some technical considerations.  Ther=
e
> may also be differences in the kinds of stakeholders involved which lead =
to
> different security workflows.
>
> For SUIT, we may want to layer the approach a bit so we can separate
> properties of the software update itself from the signed claims we need
> about (1) its provenance and (2) its appropriateness for installation at
> the specific device targeted.
>
> Gr=C3=BC=C3=9Fe, Carsten
>
> [1]: https://www.usenix.org/conference/usenixsecurity17/
> technical-sessions/presentation/nikitin
>
>

--f403045fbb06813583055da8d3e7
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Good to hear about this!=C2=A0 I&#39;m an author on Chaini=
ac as well as being the BDFL for TUF.=C2=A0=C2=A0<div><br></div><div>We&#39=
;re happy to help however we can (join a call, Skype, answer questions via =
email, etc.)...</div><div><br></div><div>Thanks,</div><div>Justin</div></di=
v><div class=3D"gmail_extra"><br><div class=3D"gmail_quote">On Fri, Nov 10,=
 2017 at 4:43 PM, Carsten Bormann <span dir=3D"ltr">&lt;<a href=3D"mailto:c=
abo@tzi.org" target=3D"_blank">cabo@tzi.org</a>&gt;</span> wrote:<br><block=
quote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc=
 solid;padding-left:1ex">At the HRPC RG meeting on Friday, there will be ta=
lk on Chainiac [1].<br>
<br>
I think there is a lot we can learn from the ongoing academic work on softw=
are updating.<br>
We do need to find a translation of these principles to the IoT, though, an=
d Brendan has started pointing out some technical considerations.=C2=A0 The=
re may also be differences in the kinds of stakeholders involved which lead=
 to different security workflows.<br>
<br>
For SUIT, we may want to layer the approach a bit so we can separate proper=
ties of the software update itself from the signed claims we need about (1)=
 its provenance and (2) its appropriateness for installation at the specifi=
c device targeted.<br>
<br>
Gr=C3=BC=C3=9Fe, Carsten<br>
<br>
[1]: <a href=3D"https://www.usenix.org/conference/usenixsecurity17/technica=
l-sessions/presentation/nikitin" rel=3D"noreferrer" target=3D"_blank">https=
://www.usenix.org/<wbr>conference/usenixsecurity17/<wbr>technical-sessions/=
<wbr>presentation/nikitin</a><br>
<br>
</blockquote></div><br></div>

--f403045fbb06813583055da8d3e7--


From nobody Fri Nov 10 22:54:46 2017
Return-Path: <rsalz@akamai.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1026F128891 for <suit@ietfa.amsl.com>; Fri, 10 Nov 2017 22:54:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level: 
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3vsGQ-N-qOMH for <suit@ietfa.amsl.com>; Fri, 10 Nov 2017 22:54:44 -0800 (PST)
Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BF5F612706D for <suit@ietf.org>; Fri, 10 Nov 2017 22:54:44 -0800 (PST)
Received: from pps.filterd (m0050093.ppops.net [127.0.0.1]) by mx0a-00190b01.pphosted.com (8.16.0.21/8.16.0.21) with SMTP id vAB6q7Jv012924; Sat, 11 Nov 2017 06:54:40 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : subject : date : message-id : content-type : mime-version; s=jan2016.eng; bh=oUW0mz2NdOakh0+nGaitqz9DS6eq3KLffdFlgi5Q70I=; b=jrIrJqASTKTKrtYy70EjoVDSGCZCbXY/55c/QF76SpqoVzv7O343Eg+hY/gVFYcomfkv pllsWnbaXVt8JyDWgXDc86FtlkwJuhC63eklp/VclcAncVeFI3YPW1+vfKK8stgvQZ73 TFw5N6IbCXr0IoOG8ysNwgRDEFO2x3cn2QRFrZRbhfvrpsmwqaQnoBQ6vwBc8692ObMV Wt/uPibsrQ+P3rNEgLNFZIo219JPiRe0ESo6amXj0yHKUm0S66NtxLJFRvPs6KAoBdn8 LCCXkCCyyXXPpNvAVtnDjy3OJrTPuHRxbphRe8BQZgpskt+DZwrw4FRFxpPkrzfEzBiE lA== 
Received: from prod-mail-ppoint2 (prod-mail-ppoint2.akamai.com [184.51.33.19]) by m0050093.ppops.net-00190b01. with ESMTP id 2e5sbr0df8-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 11 Nov 2017 06:54:39 +0000
Received: from pps.filterd (prod-mail-ppoint2.akamai.com [127.0.0.1]) by prod-mail-ppoint2.akamai.com (8.16.0.21/8.16.0.21) with SMTP id vAB6ot8Y018484; Sat, 11 Nov 2017 01:54:38 -0500
Received: from email.msg.corp.akamai.com ([172.27.123.31]) by prod-mail-ppoint2.akamai.com with ESMTP id 2e18vup97e-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Sat, 11 Nov 2017 01:54:38 -0500
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb1.msg.corp.akamai.com (172.27.123.101) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Sat, 11 Nov 2017 01:54:38 -0500
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1263.000; Sat, 11 Nov 2017 01:54:38 -0500
From: "Salz, Rich" <rsalz@akamai.com>
To: Brendan Moran <Brendan.Moran@arm.com>, "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] Threat Model and User Stories for draft-moran-suit-manifest-00
Thread-Index: AQHTWrnwYHkcD8wPCUqoSt+k2PJ+2A==
Date: Sat, 11 Nov 2017 06:54:37 +0000
Message-ID: <0A063690-1A92-4E19-9CDE-8047CF10CCC8@akamai.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
user-agent: Microsoft-MacOutlook/f.27.0.171010
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.19.147.22]
Content-Type: multipart/alternative; boundary="_000_0A0636901A924E199CDE8047CF10CCC8akamaicom_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-11-11_02:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1707230000 definitions=main-1711110099
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-11-11_02:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1707230000 definitions=main-1711110100
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/dt8ed2zWsqWNwNFyP9494JFyGG8>
Subject: Re: [Suit] Threat Model and User Stories for draft-moran-suit-manifest-00
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Nov 2017 06:54:46 -0000

--_000_0A0636901A924E199CDE8047CF10CCC8akamaicom_
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64

ICAqICAgVGhlIG1hbmlmZXN0IGZvcm1hdCBhcyBkZXNjcmliZWQgaW4gZHJhZnQtbW9yYW4tc3Vp
dC1tYW5pZmVzdC0wMCB3YXMgZGVzaWduZWQgdXNpbmcgYSB0aHJlYXQgbW9kZWwgYW5kIGEgc2V0
IG9mIFVzZXIgc3Rvcmllcy4gRnJvbSB0aGUgdGhyZWF0IG1vZGVsLCB3ZSBleHRyYWN0ZWQgc2Vj
dXJpdHkgcmVxdWlyZW1lbnRzIHRoYXQgbWl0aWdhdGUgdGhlIHRocmVhdHMgYW5kIHBsYWNlZCBm
aWVsZHMgaW4gdGhlIG1hbmlmZXN0IHRoYXQgZW5hYmxlIGltcGxlbWVudGF0aW9uIG9mIHRoZSBz
ZWN1cml0eSByZXF1aXJlbWVudHMuIEZyb20gdGhlIHVzZXIgc3Rvcmllcywgd2UgZXh0cmFjdGVk
IHVzYWJpbGl0eSByZXF1aXJlbWVudHMgdGhhdCBlbmFibGUgdGhvc2UgdXNlciBzdG9yaWVzLCBh
bmQgcGxhY2VkIGZpZWxkcyBpbiB0aGUgbWFuaWZlc3QgdGhhdCBpbXBsZW1lbnQgdGhvc2UgdXNh
YmlsaXR5IHJlcXVpcmVtZW50cy4NCg0KTXVjaCBvZiB0aGlzIHdvdWxkIGJlIGhpZ2hseSB1c2Vm
dWwgYXMgYXBwZW5kaWNlcyB0byB5b3VyIG5leHQgdXBkYXRlIG9mIHRoZSBkcmFmdC4NCg==

--_000_0A0636901A924E199CDE8047CF10CCC8akamaicom_
Content-Type: text/html; charset="utf-8"
Content-ID: <BCBD2540058F0B4BBDC9703EDC26CD76@akamai.com>
Content-Transfer-Encoding: base64

PGh0bWwgeG1sbnM6bz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6b2ZmaWNlIiB4
bWxuczp3PSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTp3b3JkIiB4bWxuczptPSJo
dHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL29mZmljZS8yMDA0LzEyL29tbWwiIHhtbG5zPSJo
dHRwOi8vd3d3LnczLm9yZy9UUi9SRUMtaHRtbDQwIj4NCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVp
dj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgiPg0KPG1l
dGEgbmFtZT0iVGl0bGUiIGNvbnRlbnQ9IiI+DQo8bWV0YSBuYW1lPSJLZXl3b3JkcyIgY29udGVu
dD0iIj4NCjxtZXRhIG5hbWU9IkdlbmVyYXRvciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUg
KGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxlPjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8N
CkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6IkNvdXJpZXIgTmV3IjsNCglwYW5vc2UtMToyIDcg
MyA5IDIgMiA1IDIgNCA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6V2luZ2RpbmdzOw0K
CXBhbm9zZS0xOjUgMCAwIDAgMCAwIDAgMCAwIDA7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWls
eToiQ2FtYnJpYSBNYXRoIjsNCglwYW5vc2UtMToyIDQgNSAzIDUgNCA2IDMgMiA0O30NCkBmb250
LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsNCglwYW5vc2UtMToyIDE1IDUgMiAyIDIgNCAz
IDIgNDt9DQovKiBTdHlsZSBEZWZpbml0aW9ucyAqLw0KcC5Nc29Ob3JtYWwsIGxpLk1zb05vcm1h
bCwgZGl2Lk1zb05vcm1hbA0KCXttYXJnaW46MGluOw0KCW1hcmdpbi1ib3R0b206LjAwMDFwdDsN
Cglmb250LXNpemU6MTEuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmO30N
CmE6bGluaywgc3Bhbi5Nc29IeXBlcmxpbmsNCgl7bXNvLXN0eWxlLXByaW9yaXR5Ojk5Ow0KCWNv
bG9yOmJsdWU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQphOnZpc2l0ZWQsIHNwYW4u
TXNvSHlwZXJsaW5rRm9sbG93ZWQNCgl7bXNvLXN0eWxlLXByaW9yaXR5Ojk5Ow0KCWNvbG9yOnB1
cnBsZTsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lO30NCnAuTXNvTGlzdFBhcmFncmFwaCwg
bGkuTXNvTGlzdFBhcmFncmFwaCwgZGl2Lk1zb0xpc3RQYXJhZ3JhcGgNCgl7bXNvLXN0eWxlLXBy
aW9yaXR5OjM0Ow0KCW1hcmdpbi10b3A6MGluOw0KCW1hcmdpbi1yaWdodDowaW47DQoJbWFyZ2lu
LWJvdHRvbTowaW47DQoJbWFyZ2luLWxlZnQ6LjVpbjsNCgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7
DQoJZm9udC1zaXplOjExLjBwdDsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjt9
DQpzcGFuLkVtYWlsU3R5bGUxNw0KCXttc28tc3R5bGUtdHlwZTpwZXJzb25hbC1yZXBseTsNCglm
b250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjsNCgljb2xvcjp3aW5kb3d0ZXh0O30NCnNw
YW4ubXNvSW5zDQoJe21zby1zdHlsZS10eXBlOmV4cG9ydC1vbmx5Ow0KCW1zby1zdHlsZS1uYW1l
OiIiOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7DQoJY29sb3I6dGVhbDt9DQouTXNvQ2hw
RGVmYXVsdA0KCXttc28tc3R5bGUtdHlwZTpleHBvcnQtb25seTsNCglmb250LXNpemU6MTAuMHB0
O30NCkBwYWdlIFdvcmRTZWN0aW9uMQ0KCXtzaXplOjguNWluIDExLjBpbjsNCgltYXJnaW46MS4w
aW4gMS4waW4gMS4waW4gMS4waW47fQ0KZGl2LldvcmRTZWN0aW9uMQ0KCXtwYWdlOldvcmRTZWN0
aW9uMTt9DQovKiBMaXN0IERlZmluaXRpb25zICovDQpAbGlzdCBsMA0KCXttc28tbGlzdC1pZDox
NzMzODkxMjM2Ow0KCW1zby1saXN0LXR5cGU6aHlicmlkOw0KCW1zby1saXN0LXRlbXBsYXRlLWlk
czotMTMyNjQxMjYwMCAxNDI4ODY1NzI4IDY3Njk4NjkxIDY3Njk4NjkzIDY3Njk4Njg5IDY3Njk4
NjkxIDY3Njk4NjkzIDY3Njk4Njg5IDY3Njk4NjkxIDY3Njk4NjkzO30NCkBsaXN0IGwwOmxldmVs
MQ0KCXttc28tbGV2ZWwtc3RhcnQtYXQ6MDsNCgltc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxs
ZXQ7DQoJbXNvLWxldmVsLXRleHQ674OYOw0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1z
by1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJbXNv
LWFuc2ktZm9udC1zaXplOjEyLjBwdDsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7DQoJbXNvLWZh
cmVhc3QtZm9udC1mYW1pbHk6IlRpbWVzIE5ldyBSb21hbiI7DQoJbXNvLWJpZGktZm9udC1mYW1p
bHk6IlRpbWVzIE5ldyBSb21hbiI7DQoJY29sb3I6YmxhY2s7DQoJbXNvLWFuc2ktZm9udC13ZWln
aHQ6Ym9sZDt9DQpAbGlzdCBsMDpsZXZlbDINCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVs
bGV0Ow0KCW1zby1sZXZlbC10ZXh0Om87DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNv
LWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCglmb250
LWZhbWlseToiQ291cmllciBOZXciLHNlcmlmO30NCkBsaXN0IGwwOmxldmVsMw0KCXttc28tbGV2
ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674KnOw0KCW1zby1sZXZl
bC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0
LWluZGVudDotLjI1aW47DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCkBsaXN0IGwwOmxldmVs
NA0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3
Ow0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246
bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0
IGwwOmxldmVsNQ0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVs
LXRleHQ6bzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBv
c2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCWZvbnQtZmFtaWx5OiJDb3VyaWVy
IE5ldyIsc2VyaWY7fQ0KQGxpc3QgbDA6bGV2ZWw2DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0
OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7
DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsN
Cglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxpc3QgbDA6bGV2ZWw3DQoJe21zby1sZXZlbC1u
dW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgrc7DQoJbXNvLWxldmVsLXRh
Yi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5k
ZW50Oi0uMjVpbjsNCglmb250LWZhbWlseTpTeW1ib2w7fQ0KQGxpc3QgbDA6bGV2ZWw4DQoJe21z
by1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDpvOw0KCW1zby1s
ZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0
ZXh0LWluZGVudDotLjI1aW47DQoJZm9udC1mYW1pbHk6IkNvdXJpZXIgTmV3IixzZXJpZjt9DQpA
bGlzdCBsMDpsZXZlbDkNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1s
ZXZlbC10ZXh0Ou+CpzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVt
YmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCWZvbnQtZmFtaWx5Oldp
bmdkaW5nczt9DQpvbA0KCXttYXJnaW4tYm90dG9tOjBpbjt9DQp1bA0KCXttYXJnaW4tYm90dG9t
OjBpbjt9DQotLT48L3N0eWxlPg0KPC9oZWFkPg0KPGJvZHkgYmdjb2xvcj0id2hpdGUiIGxhbmc9
IkVOLVVTIiBsaW5rPSJibHVlIiB2bGluaz0icHVycGxlIj4NCjxkaXYgY2xhc3M9IldvcmRTZWN0
aW9uMSI+DQo8dWwgc3R5bGU9Im1hcmdpbi10b3A6MGluIiB0eXBlPSJkaXNjIj4NCjxsaSBjbGFz
cz0iTXNvTGlzdFBhcmFncmFwaCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjBpbjttc28tbGlzdDpsMCBs
ZXZlbDEgbGZvMSI+VGhlIG1hbmlmZXN0IGZvcm1hdCBhcyBkZXNjcmliZWQgaW4gZHJhZnQtbW9y
YW4tc3VpdC1tYW5pZmVzdC0wMCB3YXMgZGVzaWduZWQgdXNpbmcgYSB0aHJlYXQgbW9kZWwgYW5k
IGEgc2V0IG9mIFVzZXIgc3Rvcmllcy4gRnJvbSB0aGUgdGhyZWF0IG1vZGVsLCB3ZSBleHRyYWN0
ZWQgc2VjdXJpdHkgcmVxdWlyZW1lbnRzDQogdGhhdCBtaXRpZ2F0ZSB0aGUgdGhyZWF0cyBhbmQg
cGxhY2VkIGZpZWxkcyBpbiB0aGUgbWFuaWZlc3QgdGhhdCBlbmFibGUgaW1wbGVtZW50YXRpb24g
b2YgdGhlIHNlY3VyaXR5IHJlcXVpcmVtZW50cy4gRnJvbSB0aGUmbmJzcDt1c2VyIHN0b3JpZXMs
IHdlIGV4dHJhY3RlZCB1c2FiaWxpdHkgcmVxdWlyZW1lbnRzIHRoYXQgZW5hYmxlIHRob3NlIHVz
ZXIgc3RvcmllcywgYW5kIHBsYWNlZCBmaWVsZHMgaW4gdGhlIG1hbmlmZXN0IHRoYXQgaW1wbGVt
ZW50DQogdGhvc2UgdXNhYmlsaXR5IHJlcXVpcmVtZW50cy48bzpwPjwvbzpwPjwvbGk+PC91bD4N
CjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxwIGNs
YXNzPSJNc29Ob3JtYWwiPk11Y2ggb2YgdGhpcyB3b3VsZCBiZSBoaWdobHkgdXNlZnVsIGFzIGFw
cGVuZGljZXMgdG8geW91ciBuZXh0IHVwZGF0ZSBvZiB0aGUgZHJhZnQuPG86cD48L286cD48L3A+
DQo8L2Rpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8
L2JvZHk+DQo8L2h0bWw+DQo=

--_000_0A0636901A924E199CDE8047CF10CCC8akamaicom_--


From nobody Sat Nov 11 02:43:12 2017
Return-Path: <brynosaurus@gmail.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E5571294E8 for <suit@ietfa.amsl.com>; Sat, 11 Nov 2017 02:43:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Level: 
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VJSjOcXZSXth for <suit@ietfa.amsl.com>; Sat, 11 Nov 2017 02:43:09 -0800 (PST)
Received: from mail-wm0-x22b.google.com (mail-wm0-x22b.google.com [IPv6:2a00:1450:400c:c09::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 533E61294E6 for <suit@ietf.org>; Sat, 11 Nov 2017 02:43:09 -0800 (PST)
Received: by mail-wm0-x22b.google.com with SMTP id b189so161902wmd.5 for <suit@ietf.org>; Sat, 11 Nov 2017 02:43:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;  h=from:mime-version:subject:message-id:date:to; bh=D+DZUwWo3feDD7j+zqOosQkg17d2YBhNduEnWVC1HZY=; b=CJpN5mux0dWP71sCVBQRlQqXnoyYY/xrFIx5T9UemWzmGBt9LNa4OJtrUUyA2ZPfRV YlqpXV4CM63pANSv0XjAURFo2bRi+LHbjSC1H/lo7xybuTSRSMTDfbDVbZDgP8LfTe8k j1yk/P6HGRBFyvsl3lCSkWD3JZVlFBUgFo3XhPj8/MRobnV5zrU3g58PaDuIvINyM9PC tD4f0LNWVQwBa1pYFVe0CP5iHa/j+Ow/jYEx0YR8fbgbH6tzTUSo/9gNQ/jLjHI+0v56 6bTLFJ07wL8sUwNmnpHMJz7SPJFiSCh/q5WBSFavLuTgyTFS3txMXsuZIW1Pdk6isBcC K5+Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:mime-version:subject:message-id:date:to; bh=D+DZUwWo3feDD7j+zqOosQkg17d2YBhNduEnWVC1HZY=; b=jnVdUBwicXWYFdIPzacY/5eQ8ZRwy+gZgxp1osvxqWen4teFZfltRiFabj/YuTDTOP 48PHRLQOnRuTl8DrKFTgnmF6/cWQwLhvgBFGwM9XW2D+1jA5OplaL7VtsLVRIA6zx0bI Va9MSlHbxYo21Xokkz/lC+CUxiljjuXGx0xs8etrC9ct/r83Ecb9iYu4YjHphdTZOdbH atxMYUfqd0VR3Ti77tK8Jl7vNa8Vl2MhRBZ6FQkyDthzvzJr7Ux1VPI9aPHTHRu/kEP3 jdk+sfsHaEiMQwe3W/fBF/oC30bMLLOalu6DseDuwugtAJ2RUJcbrBBsk6ZEzEuKVMIq uEug==
X-Gm-Message-State: AJaThX6iXV+p9mAgO6Z2O72L6gJ5wVmNz6uSSG4ksoGNPTrnSi3qZ2HO xAWUFGWke2rLf/MnpgOozAr+/Xxh
X-Google-Smtp-Source: AGs4zMZ0ynYZUON5mkbd81nF5NiR4cSZKrbQCp2rJaYvB2l94MpTad+XPxK5v5Tl7USFQpYbt+xr6Q==
X-Received: by 10.80.157.141 with SMTP id w13mr4580824ede.151.1510396987534; Sat, 11 Nov 2017 02:43:07 -0800 (PST)
Received: from [192.168.0.26] (85-218-6-197.dclient.lsne.ch. [85.218.6.197]) by smtp.gmail.com with ESMTPSA id b36sm10253675edd.67.2017.11.11.02.43.06 for <suit@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 11 Nov 2017 02:43:06 -0800 (PST)
From: Bryan Ford <brynosaurus@gmail.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_BA15EAF3-EF9C-4787-872C-96BDB1A89391"; protocol="application/pgp-signature"; micalg=pgp-sha256
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Message-Id: <07463B83-C6ED-4263-92BD-24522C851DDE@gmail.com>
Date: Sat, 11 Nov 2017 11:43:09 +0100
To: suit@ietf.org
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/nkdeMNS0VtsjgrtHVwU7dyZOlnM>
Subject: [Suit] Chainiac software update transparency work, presentations at CFRG and HRPC
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Nov 2017 10:43:11 -0000

--Apple-Mail=_BA15EAF3-EF9C-4787-872C-96BDB1A89391
Content-Type: multipart/alternative;
	boundary="Apple-Mail=_91B9B2CD-1548-4EAF-AB43-D71594589812"


--Apple-Mail=_91B9B2CD-1548-4EAF-AB43-D71594589812
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=utf-8

Dear SUIT folks,

I just wanted to let you know about some recent transparency work from =
my lab at EPFL, which we presented at USENIX Security =E2=80=9917 and =
may be of interest to this group:

CHAINIAC: Proactive Software-Update Transparency via Collectively Signed =
Skipchains and Verified Builds
=
https://www.usenix.org/conference/usenixsecurity17/technical-sessions/pres=
entation/nikitin =
<https://www.usenix.org/conference/usenixsecurity17/technical-sessions/pre=
sentation/nikitin>

Abstract: Software-update mechanisms are critical to the security of =
modern systems, but their typically centralized design presents a =
lucrative and frequently attacked target. In this work, we propose =
CHAINIAC, a decentralized software-update framework that eliminates =
single points of failure, enforces transparency, and provides efficient =
verifiability of integrity and authenticity for software-release =
processes. Independent witness servers collectively verify conformance =
of software updates to release policies, build verifiers validate the =
source-to-binary correspondence, and a tamper-proof release log stores =
collectively signed updates, thus ensuring that no release is accepted =
by clients before being widely disclosed and validated. The release log =
embodies a skipchain, a novel data structure, enabling arbitrarily =
out-of-date clients to efficiently validate updates and signing keys. =
Evaluation of our CHAINIAC prototype on reproducible Debian packages =
shows that the automated update process takes the average of 5 minutes =
per release for individual packages, and only 20 seconds for the =
aggregate timeline. We further evaluate the framework using real-world =
data from the PyPI package repository and show that it offers clients =
security comparable to verifying every single update themselves while =
consuming only one-fifth of the bandwidth and having a minimal =
computational overhead.

I=E2=80=99ll be at IETF 100 but unfortunately can=E2=80=99t make it =
until after the trans meeting.  But I will be doing two brief =
Chainiac-related presentations in two IRTF meetings later in the week:

- In the CFRG meeting on Wednesday I=E2=80=99ll talk about SkipChains, =
the cryptographically traversable blockchain structure enabling offline =
and peer-to-peer verification of updates.
- In the HRPC meeting on Friday I=E2=80=99ll talk about the end-to-end =
software supply chain security and transparency issues that the Chainiac =
architecture addresses.

Thanks
Bryan


--Apple-Mail=_91B9B2CD-1548-4EAF-AB43-D71594589812
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=utf-8

<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html =
charset=3Dutf-8"></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" =
class=3D"">Dear SUIT folks,<div class=3D""><br class=3D""></div><div =
class=3D"">I just wanted to let you know about some recent transparency =
work from my lab at EPFL, which we presented at USENIX Security =E2=80=991=
7 and may be of interest to this group:</div><div class=3D""><br =
class=3D""></div><div class=3D"">CHAINIAC: Proactive =
Software-Update&nbsp;Transparency via Collectively =
Signed&nbsp;Skipchains and Verified Builds</div><div class=3D""><a =
href=3D"https://www.usenix.org/conference/usenixsecurity17/technical-sessi=
ons/presentation/nikitin" =
class=3D"">https://www.usenix.org/conference/usenixsecurity17/technical-se=
ssions/presentation/nikitin</a></div><div class=3D""><br =
class=3D""></div><div class=3D"">Abstract: Software-update mechanisms =
are critical to the security of modern systems, but their typically =
centralized design presents a lucrative and&nbsp;frequently attacked =
target. In this work, we propose CHAINIAC, a decentralized =
software-update framework that eliminates single points of&nbsp;failure, =
enforces transparency, and provides efficient verifiability of integrity =
and authenticity for software-release processes. =
Independent&nbsp;witness servers&nbsp;collectively verify conformance of =
software updates to release policies,&nbsp;build verifiers&nbsp;validate =
the source-to-binary&nbsp;correspondence, and a tamper-proof release log =
stores collectively signed updates, thus ensuring that no release is =
accepted by clients&nbsp;before being widely disclosed and validated. =
The release log embodies a&nbsp;skipchain, a novel data structure, =
enabling arbitrarily out-of-date&nbsp;clients to efficiently validate =
updates and signing keys. Evaluation of our CHAINIAC&nbsp;prototype on =
reproducible Debian packages shows that&nbsp;the automated update =
process takes the average of 5 minutes per release for individual =
packages, and only 20 seconds for the aggregate&nbsp;timeline. We =
further evaluate the framework using real-world data from the PyPI =
package repository and show that it offers clients =
security&nbsp;comparable to verifying every single update themselves =
while consuming only one-fifth of the bandwidth and having a =
minimal&nbsp;computational overhead.</div><br class=3D"">I=E2=80=99ll be =
at IETF 100 but unfortunately can=E2=80=99t make it until after the =
trans meeting. &nbsp;But I will be doing two brief Chainiac-related =
presentations in two IRTF meetings later in the week:<div class=3D""><br =
class=3D""></div><div class=3D"">- In the CFRG meeting on Wednesday =
I=E2=80=99ll talk about SkipChains, the cryptographically traversable =
blockchain structure enabling offline and peer-to-peer verification of =
updates.</div><div class=3D"">- In the HRPC meeting on Friday I=E2=80=99ll=
 talk about the end-to-end software supply chain security and =
transparency issues that the Chainiac architecture addresses.<div =
class=3D""><br class=3D""></div><div class=3D"">Thanks</div></div><div =
class=3D"">Bryan</div><div class=3D""><br class=3D""></div></body></html>=

--Apple-Mail=_91B9B2CD-1548-4EAF-AB43-D71594589812--

--Apple-Mail=_BA15EAF3-EF9C-4787-872C-96BDB1A89391
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename=signature.asc
Content-Type: application/pgp-signature;
	name=signature.asc
Content-Description: Message signed with OpenPGP

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCAAGBQJaBtQ9AAoJEGt1rlrP7+d/wNUP/icX1dPrAXpNTrVCpWFPgF97
PsigJvB+uoPdYZ848+5/6MhTQRAseSIYy4yCUrbbatO5loU8WwxKtgmouBs07qUr
rH4eKZfYSksg7c/jQICCZomo6mUwnDe+G6bSXnisqLhi0a+lZBSn/tdx/9xtFsK6
ZzUUeDy+tMX25LlUvKARg0mHplW/W0SoOvyG/zik4tTQf5L7xnfYGntK58eLkybH
up4HYAH5T2v5YIfdSHJwczOXbY411OBxBmal0C3r9V45NPFdCqtBJLusZ1TuguJ1
/s15nMVwwhi/BINE4ZkniKmyZKzACTyeQQs1pLMbXHJbqprKXPQ9d8qsBeoSrUz9
qOGSjwMdxwwilUvhPAN9y2IvcTKy7ct1WP2iHoAoOVZD0BQAhcrWU4L6uHAnnfg1
ItnT9lIFw6fdHe7EuBpFTQXspUXPfrATUd4lomr9Tpr7rqMw44EmQeZH0+fRqZqU
VQc2oHf6DTZTckbAWC1ecISXUZMyOjOcJQNGOvLLmlhuWXgm+7hjPmFZydZyH24Y
tBGLeG+TotUNLpNzkW45k/vzEAN7XGBPImjv+CfZuagXbzVQW3ypX7qWw/kTuY08
B1qni1wLqLFkwjFz/Fu/gms9Q4CDr5JmdmZS1FgM0ihz5hhjrMVEgkhRWspl+RsQ
62FidBPTYg2t/34tlBEf
=42cH
-----END PGP SIGNATURE-----

--Apple-Mail=_BA15EAF3-EF9C-4787-872C-96BDB1A89391--


From nobody Sat Nov 11 03:47:28 2017
Return-Path: <emmanuel.baccelli@gmail.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B1B01294FA for <suit@ietfa.amsl.com>; Sat, 11 Nov 2017 03:47:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.698
X-Spam-Level: 
X-Spam-Status: No, score=-1.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.199, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WlSp9R8MzCoE for <suit@ietfa.amsl.com>; Sat, 11 Nov 2017 03:47:25 -0800 (PST)
Received: from mail-vk0-x230.google.com (mail-vk0-x230.google.com [IPv6:2607:f8b0:400c:c05::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 104821242EA for <suit@ietf.org>; Sat, 11 Nov 2017 03:47:25 -0800 (PST)
Received: by mail-vk0-x230.google.com with SMTP id g11so7570323vkd.13 for <suit@ietf.org>; Sat, 11 Nov 2017 03:47:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;  h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to; bh=CLSKpnxn+eD4k8ZMXXaPY/jiSl8yJyBorNcy3sAARRM=; b=LOeJvDSzjyK790+GqLPahrlAbXDVDUWR34ERDwo8MA8CxsQenhLRuIOyp57nCc06+J 0F6egwg7xh6fc5gUJwhOOrtcjoGsZhQGG8Ob5J0lEcLGQoqplwPzloSsMX9Dv1ZiFLGM TuD7EWOwVWntfh4eua3CvCvRcZ80KL0Pk55rR5NYXnuSEgB4KYC/8sRpa67NxtpR1IPZ Qtn4QfZ7ltkX41796bwMh471lF9DM/BcuZxLFHxjsYTypJbBdhYmPQkrsOwZP9ARtg2a mEXGfaMxtepizWDCEeT5+TGxrp6WGYNdIQb15tkdQshpiBVwL98/2DDYxGRMSb34/C4h xNiA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to; bh=CLSKpnxn+eD4k8ZMXXaPY/jiSl8yJyBorNcy3sAARRM=; b=o11MFVKP0VQWW66kDII1mNtMwl+M3rQDJeKaGmlgAdfjBld8JNtF6iqPvlUIJ1V52U +1sv3+P/DtYyDmhjWERuUGnNcEd4hQpqgY4x9ur8XI3BKX2NMnrYpaK1G8pd0j8cpVsz BKiuxAhCQYgITj15CeQhIs/7GUSXzjuYNvuQYstfMQRuXIpwT+rrd61ImvPSK6Mo+KfB a7QE2d3I7XCHZKkq/B7JAQlqNMC0K6hC/SUyvtW7p/Bvm9qqqftka64w+/fw3AqdXKt5 QMMX8oMLLWS+X0mf4VJsui+etL0e8Fq4Y+z7JVfFJvRtEwNrk8KJ9mxW/UFNhNSVZLhY m1aA==
X-Gm-Message-State: AJaThX58wMz1/MzIAM4cd1U9BZHMK841wpNVGZt1zTCCyDUn5I8SM8IO OJ3sby7wp0YqAcMueYTrRmYbRZWf/oprAI1vMnlmMw==
X-Google-Smtp-Source: AGs4zMZAzZsSu+27AT/xnDN6KqNDKU1hJoENHU722oVy/SY5JzwiRHk7jd7wXmUnuNep0ib6gp6zL86rRZAcTi4ivpI=
X-Received: by 10.31.133.197 with SMTP id h188mr2193022vkd.99.1510400843892; Sat, 11 Nov 2017 03:47:23 -0800 (PST)
MIME-Version: 1.0
Sender: emmanuel.baccelli@gmail.com
Received: by 10.176.83.206 with HTTP; Sat, 11 Nov 2017 03:47:03 -0800 (PST)
In-Reply-To: <C72222DC-F217-4658-8C56-E20CEFC99E1C@tzi.org>
References: <21176.1510325360@obiwan.sandelman.ca> <0C94DD02-3E70-41B2-B594-F500DD14E4C7@arm.com> <2360.1510336359@obiwan.sandelman.ca> <C72222DC-F217-4658-8C56-E20CEFC99E1C@tzi.org>
From: Emmanuel Baccelli <Emmanuel.Baccelli@inria.fr>
Date: Sat, 11 Nov 2017 12:47:03 +0100
X-Google-Sender-Auth: edaKX254J_gevrNtoaJu198lbB4
Message-ID: <CANK0pbYTJB5BkJ27_uxUYvudJmWK_2z0846SPT0etFrZNVmCAQ@mail.gmail.com>
To: "suit@ietf.org" <suit@ietf.org>
Content-Type: multipart/alternative; boundary="001a1143dfd6c4cbff055db3991b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/Pi9BGPf644z_u-O19L67TIqUBao>
Subject: Re: [Suit] Quantum resistance in firmware formats
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Nov 2017 11:47:26 -0000

--001a1143dfd6c4cbff055db3991b
Content-Type: text/plain; charset="UTF-8"

On Fri, Nov 10, 2017 at 11:08 PM, Carsten Bormann <cabo@tzi.org> wrote:

>
>
> Complexity arguments about the format are important.
> [...] As long as there is a way to express simple cases (such as the
> single-MAC based one above) in the format without undue complexity, there
> is no problem with supporting more complex validation as well for those
> deployments that need it and can support it.
>
>
+1

We need to keep in mind the basic case of:

- single authority/signature,
- IoT devices with ~10 KiB RAM and ~100 KiB flash,
- single firmware,

which *cannot* be burdened with too much complexity while we try to cover
more elaborate use-cases.

Best,

Emmanuel

--001a1143dfd6c4cbff055db3991b
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><br><div class=3D"gmail_extra"><br><div class=3D"gmail_quo=
te">On Fri, Nov 10, 2017 at 11:08 PM, Carsten Bormann <span dir=3D"ltr">&lt=
;<a href=3D"mailto:cabo@tzi.org" target=3D"_blank">cabo@tzi.org</a>&gt;</sp=
an> wrote:<br><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px=
 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(=
204,204,204);padding-left:1ex"><br>
<br>
Complexity arguments about the format are important.<br>
[...] As long as there is a way to express simple cases (such as the single=
-MAC based one above) in the format without undue complexity, there is no p=
roblem with supporting more complex validation as well for those deployment=
s that need it and can support it.<br>
<br></blockquote><div><br></div><div>+1</div><div><br></div><div>We need to=
 keep in mind the basic case of:</div><div><br></div><div>- single authorit=
y/signature,</div><div>- IoT devices with ~10 KiB RAM and ~100 KiB flash,</=
div><div>- single firmware,</div><div><br></div><div>which *cannot* be burd=
ened with too much complexity while we try to cover more elaborate use-case=
s.</div><div><br></div><div>Best,</div><div><br></div><div>Emmanuel</div><d=
iv>=C2=A0</div></div></div></div>

--001a1143dfd6c4cbff055db3991b--


From nobody Sat Nov 11 05:19:32 2017
Return-Path: <cabo@tzi.org>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC043129535 for <suit@ietfa.amsl.com>; Sat, 11 Nov 2017 05:19:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level: 
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EE75hxGoiohX for <suit@ietfa.amsl.com>; Sat, 11 Nov 2017 05:19:29 -0800 (PST)
Received: from mailhost.informatik.uni-bremen.de (mailhost.informatik.uni-bremen.de [IPv6:2001:638:708:30c9::12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BD3C512717E for <suit@ietf.org>; Sat, 11 Nov 2017 05:19:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at informatik.uni-bremen.de
Received: from submithost.informatik.uni-bremen.de (submithost.informatik.uni-bremen.de [IPv6:2001:638:708:30c9::b]) by mailhost.informatik.uni-bremen.de (8.14.5/8.14.5) with ESMTP id vABDJNbA016779; Sat, 11 Nov 2017 14:19:23 +0100 (CET)
Received: from [IPv6:2001:638:708:18::48] (unknown [IPv6:2001:638:708:18::48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by submithost.informatik.uni-bremen.de (Postfix) with ESMTPSA id 3yYyD93HfyzDWgH; Sat, 11 Nov 2017 14:19:21 +0100 (CET)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <D62B6E19.11193%m.nakhjiri@ssi.samsung.com>
Date: Sat, 11 Nov 2017 21:19:18 +0800
Cc: Russ Housley <housley@vigilsec.com>, Michael Richardson <mcr+ietf@sandelman.ca>, "suit@ietf.org" <suit@ietf.org>
X-Mao-Original-Outgoing-Id: 532099158.279894-d692435646e7bac2eeacf54679e8ef1d
Content-Transfer-Encoding: quoted-printable
Message-Id: <F91D5062-E690-47CC-AD3C-9FA15017B485@tzi.org>
References: <21176.1510325360@obiwan.sandelman.ca> <74B896C8-2C93-4AEB-9508-69E8CE5CB7CE@vigilsec.com> <8387.1510337691@obiwan.sandelman.ca> <CGME20171110224828epcas2p4b29c2e1e0a6e9eaecc89e4c6c178256c@epcas2p4.samsung.com> <6FFC42C7-5049-432B-B608-598D2596B3A2@vigilsec.com> <D62B6E19.11193%m.nakhjiri@ssi.samsung.com>
To: Madjid Nakhjiri <m.nakhjiri@samsung.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/whA4MV5dC_1vi7Kh4KnhVIuyDy4>
Subject: Re: [Suit] Quantum resistance in firmware formats
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Nov 2017 13:19:31 -0000

On Nov 11, 2017, at 06:55, Madjid Nakhjiri <m.nakhjiri@samsung.com> =
wrote:
>=20
> Hi Russ,=20
>=20
> Has been a long time. Are there SOCs out there with quantum resistant
> signature algorithm support?

All of them do support verifying Merkle-tree signatures (as long as they =
can run programs).

draft-mcgrew-hash-sigs-07 is based on SHA-256, which you can either run =
in CPU code or may have hardware support for.  Since firmware upgrades =
don=E2=80=99t happen every second, the overhead for that should be =
negligible (and is dominated by computing the hash of the firmware =
itself, anyway).

Gr=C3=BC=C3=9Fe, Carsten


From nobody Sat Nov 11 07:14:19 2017
Return-Path: <dwheeler@dwheeler.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CFF28129A8D for <suit@ietfa.amsl.com>; Sat, 11 Nov 2017 07:14:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.621
X-Spam-Level: 
X-Spam-Status: No, score=-2.621 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PgIzNevlhAD3 for <suit@ietfa.amsl.com>; Sat, 11 Nov 2017 07:14:17 -0800 (PST)
Received: from aibo.runbox.com (aibo.runbox.com [91.220.196.211]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 414CE12956D for <suit@ietf.org>; Sat, 11 Nov 2017 07:14:17 -0800 (PST)
Received: from [10.9.9.210] (helo=mailfront10.runbox.com) by mailtransmit03.runbox with esmtp (Exim 4.86_2) (envelope-from <dwheeler@dwheeler.com>) id 1eDXU6-0001t5-CH; Sat, 11 Nov 2017 16:14:14 +0100
Received: from 153.sub-174-204-18.myvzw.com ([174.204.18.153] helo=[100.89.114.138]) by mailfront10.runbox.com with esmtpsa (uid:258406 ) (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82) id 1eDXTx-0003Zp-8w; Sat, 11 Nov 2017 16:14:05 +0100
Date: Sat, 11 Nov 2017 10:13:36 -0500
In-Reply-To: <59D85B3E-F838-4FBC-9012-82ABC997024B@arm.com>
References: <CAJa2m-pjbm_C9x-pM1sVyuFr1_Bk5hE-TZgVQk0WCAcuvcngAw@mail.gmail.com> <59D85B3E-F838-4FBC-9012-82ABC997024B@arm.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
To: suit@ietf.org, Brendan Moran <Brendan.Moran@arm.com>, Trishank Karthik Kuppusamy <trishank@nyu.edu>
CC: Justin Cappos <jcappos@nyu.edu>, "suit@ietf.org" <suit@ietf.org>, Shikhar Sakhuja <ss9131@nyu.edu>, Ariella C Feuchtwanger <acf469@nyu.edu>, Sebastien Awwad <sebastienawwad@gmail.com>, Vladimir Diaz <vladimir.v.diaz@gmail.com>
From: "David A. Wheeler" <dwheeler@dwheeler.com>
Message-ID: <484D7E7D-EA9B-42A6-BEE4-84A71368BCC5@dwheeler.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/hyhi4e4n6Tk6q7nA2DgFnvxm-LM>
Subject: Re: [Suit] Towards building a secure software update standard for IoT
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Nov 2017 15:14:19 -0000

>By the way it is written, I think it is fair to say that TUF is largely
>aimed at high-bandwidth networks and homogenous thick clients,
>particularly with human interface=2E Uptane deals with many of these
>issues=2E The problem is different in the IoT space=2E=2E=2E

I think the suit spec should specifically note TUF and uptane, and do a qu=
ick comparison of the differences and rationales for them=2E Many people wi=
ll want to know the difference is, and why=2E Making the relationship clear=
 would really help=2E

--- David A=2EWheeler


From nobody Sat Nov 11 09:47:26 2017
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EC2A71205D3 for <suit@ietfa.amsl.com>; Sat, 11 Nov 2017 09:47:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gbixM52bXP6v for <suit@ietfa.amsl.com>; Sat, 11 Nov 2017 09:47:23 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4AB501201F8 for <suit@ietf.org>; Sat, 11 Nov 2017 09:47:22 -0800 (PST)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 1C3CE20008; Sat, 11 Nov 2017 12:48:50 -0500 (EST)
Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id B18D182639; Sat, 11 Nov 2017 12:47:21 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Madjid Nakhjiri <m.nakhjiri@samsung.com>
cc: Russ Housley <housley@vigilsec.com>, "suit\@ietf.org" <suit@ietf.org>
In-Reply-To: <D62B6E19.11193%m.nakhjiri@ssi.samsung.com>
References: <21176.1510325360@obiwan.sandelman.ca> <74B896C8-2C93-4AEB-9508-69E8CE5CB7CE@vigilsec.com> <8387.1510337691@obiwan.sandelman.ca> <CGME20171110224828epcas2p4b29c2e1e0a6e9eaecc89e4c6c178256c@epcas2p4.samsung.com> <6FFC42C7-5049-432B-B608-598D2596B3A2@vigilsec.com> <D62B6E19.11193%m.nakhjiri@ssi.samsung.com>
X-Mailer: MH-E 8.6; nmh 1.7-RC3; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature"
Date: Sat, 11 Nov 2017 12:47:21 -0500
Message-ID: <6384.1510422441@obiwan.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/iOHUVosfInAB9xI6fqqSvw8H0m0>
Subject: Re: [Suit] Quantum resistance in firmware formats
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Nov 2017 17:47:25 -0000

--=-=-=
Content-Type: text/plain


Madjid Nakhjiri <m.nakhjiri@samsung.com> wrote:
    > Has been a long time. Are there SOCs out there with quantum resistant
    > signature algorithm support?

As Carsten said, we can run SHA256-based merkle-tree algorithms today.

There are some quantum resistant asymmetric methods which are being
development (NIST is having a competition I think), but my understanding that
none have the confidence we need, and there are IPR on some of them.

So, I think that I agree strongly with Russ.

Russ said:
    >> If we do not deploy a quantum-resistant signature algorithm now, then
    >> we will not be able to trust the signature on the firmware that
    >> deploys the next generation of cryptographic algorithm after a
    >> large-scale quantum computer gets invented.  We need to deploy this
    >> protection now.  We will not get enough notice to roll it out later.
    >> Look how long it too to transition away from SHA-1.


--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-




--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAloHN6kACgkQgItw+93Q
3WXbqAf+Jmo0U0n6dcupoas0OesD73ITfBbIoaaZa8o2Q4xGZ+vM08sHhr/aA8kY
XOlFv7kZ+vsMxTV7Dsz6/6Fyv4K1xb/nwlX3BQxq2Qa5kZgA04PbyNkcCv6vMf9s
5LW6te2XhSlkhdL0tuMvsLqk0lFKO0HbGJUB3BpZR6xh5J4VuKOAOatnuBHPt9T9
iwPKQE26kB3W6MzPJqJTkcSZSIjGHoN64PKfzZoKbFwFbU9Y9AAe3OF64mHpEaNK
ta4GWSEo9AjKwy+WXTGKOj0maWxeOVZg1D5ZJbd4KU2KyfjbAgE5fFzPakWTZ0qb
GzXau9VSIjuXuKpUEQjxhs67Bxijbw==
=FN1v
-----END PGP SIGNATURE-----
--=-=-=--


From nobody Sat Nov 11 09:58:13 2017
Return-Path: <mcr@sandelman.ca>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 760DE124D85 for <suit@ietfa.amsl.com>; Sat, 11 Nov 2017 09:58:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DKC54_UK51aQ for <suit@ietfa.amsl.com>; Sat, 11 Nov 2017 09:58:09 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D66B71201F2 for <suit@ietf.org>; Sat, 11 Nov 2017 09:58:09 -0800 (PST)
Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id 8646D20008; Sat, 11 Nov 2017 12:59:37 -0500 (EST)
Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 22EAF82639; Sat, 11 Nov 2017 12:58:09 -0500 (EST)
From: Michael Richardson <mcr@sandelman.ca>
To: Brendan Moran <Brendan.Moran@arm.com>
cc: "suit\@ietf.org" <suit@ietf.org>
In-Reply-To: <8A8680C3-465E-428D-B614-8FCD8460E051@arm.com>
References: <21176.1510325360@obiwan.sandelman.ca> <0C94DD02-3E70-41B2-B594-F500DD14E4C7@arm.com> <2360.1510336359@obiwan.sandelman.ca> <8A8680C3-465E-428D-B614-8FCD8460E051@arm.com>
X-Mailer: MH-E 8.6; nmh 1.7-RC3; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature"
Date: Sat, 11 Nov 2017 12:58:09 -0500
Message-ID: <9163.1510423089@obiwan.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/Cq9sbH8PbFQAq5CK0PZAlCR5Bh8>
Subject: Re: [Suit] Quantum resistance in firmware formats
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Nov 2017 17:58:11 -0000

--=-=-=
Content-Type: text/plain


Brendan Moran <Brendan.Moran@arm.com> wrote:
    mcr> I'm not sure I understand what you are saying here.  I think you are
    mcr> talking about secure boot (validating the image is good before booting
    mcr> it), vs validating the image is good before storing it to flash?

    > Yes, the point I am making is that you can handle boot loader
    > verification by using MAC with a key that is shared only between the
    > Suit client and the boot loader. Then, the boot loader trusts the Suit
    > client to validate the update using up-to-date cryptographic

    > primitives. In IoT devices that support a secure execution context,
    > delegating this to the Suit client on behalf of the boot loader may be
    > a more acceptable tradeoff, provided that the signature verification
    > portion of the Suit client runs in the secure context.

i.e. the SUIT client has to have enough priveledge to update the MAC
     that the boot loader uses to validate the firmware.

In a double-buffer approach, the SUIT client would be in the main firmware.
You are saying, I think that the problem with this approach is that an
exploit again the SUIT client permits the attacker to write/update the MAC
that the boot loader uses, while an asymetric validation by the boot loader
requires no priveledged write.

I feel uncomfortable with the assumption that the SUIT manifest->boot loader
can be run in a trusted environment.  I think we are just trading one set of
potentially reviewable trusted code for another set of unreviewable trusted code.

{I keep typing "boat loader"...}

    > So, there is a tradeoff here. Either the bootloader becomes complex and
    > must contain several modern asymmetric cryptographic primitives, or it
    > becomes simple, but trusts the Suit client.

But, I think that we can consider this all an implementation detail, and that
really it does not affect whether or not we can support a Quantum resistant
signature.

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        | network architect  [
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [


--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAloHOjAACgkQgItw+93Q
3WV1wAgAl84LhCKI4QbPFKsozatu7iU9Ehl+ZETv9n56V2VYM10C64CufhLS4zkU
/8XklBcmkdXM41/e13OPTOXMrcKaz/ASV1xQR9dOUd96QwXUu1bmE0bkx9MsPdgJ
eYqaxwr0vXXQazP8MMHo/R3z+FvcJn6HWLHmfZxJ65QY1uU8FSgTamtj+9/Tah9U
dXtv0xn3/Ezkew8zJjdNzgvneoSAgpoGEVbXrV14rQwZsEUffW8K1KeFKpLX4jnt
WuzlGddgT0m690SGZYfHnAsIxt9P1v81Ui1ayH8i39cNNpGarsvSVKIf7J+MdNIH
nQYxb78XJBLNQQsGrfwgvORT0RprKw==
=JeH+
-----END PGP SIGNATURE-----
--=-=-=--


From nobody Sat Nov 11 10:13:03 2017
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9A9B41201F8 for <suit@ietfa.amsl.com>; Sat, 11 Nov 2017 10:13:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AWNkoEIeDUUz for <suit@ietfa.amsl.com>; Sat, 11 Nov 2017 10:13:00 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6C1C51201F2 for <suit@ietf.org>; Sat, 11 Nov 2017 10:13:00 -0800 (PST)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id D124620008; Sat, 11 Nov 2017 13:14:27 -0500 (EST)
Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 64D0782639; Sat, 11 Nov 2017 13:12:59 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Emmanuel Baccelli <Emmanuel.Baccelli@inria.fr>
cc: "suit\@ietf.org" <suit@ietf.org>
In-Reply-To: <CANK0pbYTJB5BkJ27_uxUYvudJmWK_2z0846SPT0etFrZNVmCAQ@mail.gmail.com>
References: <21176.1510325360@obiwan.sandelman.ca> <0C94DD02-3E70-41B2-B594-F500DD14E4C7@arm.com> <2360.1510336359@obiwan.sandelman.ca> <C72222DC-F217-4658-8C56-E20CEFC99E1C@tzi.org> <CANK0pbYTJB5BkJ27_uxUYvudJmWK_2z0846SPT0etFrZNVmCAQ@mail.gmail.com>
X-Mailer: MH-E 8.6; nmh 1.7-RC3; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature"
Date: Sat, 11 Nov 2017 13:12:59 -0500
Message-ID: <12686.1510423979@obiwan.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/Rub5c_RqisaJaVa6Hr9L0l1IWmA>
Subject: Re: [Suit] Quantum resistance in firmware formats
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Nov 2017 18:13:02 -0000

--=-=-=
Content-Type: text/plain


Emmanuel Baccelli <Emmanuel.Baccelli@inria.fr> wrote:
    > Complexity arguments about the format are important.
    > [...] As long as there is a way to express simple cases (such as
    > the single-MAC based one above) in the format without undue
    > complexity, there is no problem with supporting more complex
    > validation as well for those deployments that need it and can
    > support it.



    > +1

    > We need to keep in mind the basic case of:

    > - single authority/signature,
    > - IoT devices with ~10 KiB RAM and ~100 KiB flash,
    > - single firmware,

    > which *cannot* be burdened with too much complexity while we try to
    > cover more elaborate use-cases.

So, by "single firmware" are you saying that boot-loader downloads and validates?
Do you think we need need to make transfer protocol accomodations for such a
boot-loader?   This might be LWIG rather than SUIT work.


--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-




--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAloHPasACgkQgItw+93Q
3WUm/Af/aX4buJSuU3xar9SaqwAyDmsProyMHqhOWAXRxOaXTSp0u6YBdvZd1qU6
3X62umB0zz7lctIh85BqgZX4TZiMGimfXa9+dKgKol33NeFVCAHXBrtRqsNmqMG/
oXYUPFAp+DnyoZlLNa3WT81hHcH3ZcyTYKwStwToSk1t2xREKLyKTsX/Ofxg5K34
OC4daGfjbFIsp3fJWFXiwma6kAv98T0Xbk6vj0v6EBh3zQmX1fs0aLIGhEiwFbbZ
8c2Rsw1ms/2dJbL9wPDKwSWKXhDP5YwRxJAke1s4wE4iGgJqRz33N36M3OicsjCf
7Kpmf5ioeTFyshJtC46o1a7x6/Japg==
=hdiT
-----END PGP SIGNATURE-----
--=-=-=--


From nobody Sat Nov 11 23:32:34 2017
Return-Path: <rgm-sec@htt-consult.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D0F9C127873 for <suit@ietfa.amsl.com>; Sat, 11 Nov 2017 23:32:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.751
X-Spam-Level: 
X-Spam-Status: No, score=-2.751 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_BRBL_LASTEXT=1.449, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e0E5O3ISLhDS for <suit@ietfa.amsl.com>; Sat, 11 Nov 2017 23:32:29 -0800 (PST)
Received: from z9m9z.htt-consult.com (z9m9z.htt-consult.com [50.253.254.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E5C2E12711E for <suit@ietf.org>; Sat, 11 Nov 2017 23:32:28 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by z9m9z.htt-consult.com (Postfix) with ESMTP id 9B1FE6223F for <suit@ietf.org>; Sun, 12 Nov 2017 02:32:27 -0500 (EST)
X-Virus-Scanned: amavisd-new at htt-consult.com
Received: from z9m9z.htt-consult.com ([127.0.0.1]) by localhost (z9m9z.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id q6FQ03qF1ATC for <suit@ietf.org>; Sun, 12 Nov 2017 02:32:22 -0500 (EST)
Received: from lx120e.htt-consult.com (dhcp-80f0.meeting.ietf.org [31.133.128.240]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by z9m9z.htt-consult.com (Postfix) with ESMTPSA id 956DA6223B for <suit@ietf.org>; Sun, 12 Nov 2017 02:32:18 -0500 (EST)
To: suit@ietf.org
From: Robert Moskowitz <rgm-sec@htt-consult.com>
Message-ID: <42e3ab34-917c-5499-f529-e1edab77c82a@htt-consult.com>
Date: Sun, 12 Nov 2017 15:30:48 +0800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="------------0C0F081D6180F0ED989156E5"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/lLu7D7j1KIilZZurU38R33HMid8>
Subject: [Suit] Observation on Manifest discussions
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 12 Nov 2017 07:32:32 -0000

This is a multi-part message in MIME format.
--------------0C0F081D6180F0ED989156E5
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit

Fellow suits from one of the real IETF suits...  :)

I was pointed today to this work and the Manifest discussion.  I would 
like to share some work I am involved in along with Carsten Bormann and 
Henk Birkholz:

Building "CBOR Concise Identities", or said in another way, mapping 
X.509 content into CBOR.

Here is a paste of a slide I have been using:

Goal is to use CBOR to replace all encodings in constrained IoT

  * Where possible
  * e.g. COSE – RFC8152
      o CBOR Object Signing and Encryption
  * Next step is elimination of need of ASN.1
      o And thus replacement for X.509

So work on the basis that there will be IoT devices with NO ASN.1.

Bob


--------------0C0F081D6180F0ED989156E5
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 8bit

<html>
  <head>

    <meta http-equiv="content-type" content="text/html; charset=utf-8">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    Fellow suits from one of the real IETF suits...  :)<br>
    <br>
    I was pointed today to this work and the Manifest discussion.  I
    would like to share some work I am involved in along with Carsten
    Bormann and Henk Birkholz:  <br>
    <br>
    Building "CBOR Concise Identities", or said in another way, mapping
    X.509 content into CBOR.<br>
    <br>
    Here is a paste of a slide I have been using:<br>
    <br>
    Goal is to use CBOR to replace all encodings in constrained IoT<br>
    <ul>
      <li>Where possible</li>
      <li>e.g. COSE – RFC8152</li>
      <ul>
        <li>CBOR Object Signing and Encryption</li>
      </ul>
      <li>Next step is elimination of need of ASN.1</li>
      <ul>
        <li>And thus replacement for X.509</li>
      </ul>
    </ul>
    So work on the basis that there will be IoT devices with NO ASN.1.<br>
    <br>
    Bob<br>
    <br>
  </body>
</html>

--------------0C0F081D6180F0ED989156E5--


From nobody Sun Nov 12 23:15:11 2017
Return-Path: <director@openca.org>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BCBED12949E for <suit@ietfa.amsl.com>; Sun, 12 Nov 2017 23:15:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.889
X-Spam-Level: 
X-Spam-Status: No, score=-1.889 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_HK_NAME_DR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5ND2crpCX9gi for <suit@ietfa.amsl.com>; Sun, 12 Nov 2017 23:15:08 -0800 (PST)
Received: from mail.katezarealty.com (mail.katezarealty.com [104.168.158.213]) by ietfa.amsl.com (Postfix) with ESMTP id C3374129483 for <suit@ietf.org>; Sun, 12 Nov 2017 23:15:07 -0800 (PST)
Received: from localhost (unknown [127.0.0.1]) by mail.katezarealty.com (Postfix) with ESMTP id 80C0E3741029 for <suit@ietf.org>; Mon, 13 Nov 2017 07:15:07 +0000 (UTC)
X-Virus-Scanned: amavisd-new at katezarealty.com
Received: from mail.katezarealty.com ([127.0.0.1]) by localhost (mail.katezarealty.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 3PTQRLThVlmF for <suit@ietf.org>; Mon, 13 Nov 2017 02:15:05 -0500 (EST)
Received: from dhcp-8b1d.meeting.ietf.org (dhcp-8b1d.meeting.ietf.org [31.133.139.29]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.katezarealty.com (Postfix) with ESMTPSA id A56CB374083D for <suit@ietf.org>; Mon, 13 Nov 2017 02:15:04 -0500 (EST)
To: suit@ietf.org
From: "Dr. Pala" <director@openca.org>
Organization: OpenCA Labs
Message-ID: <cac69656-c20b-f385-97e7-44e0a3ba1ca2@openca.org>
Date: Mon, 13 Nov 2017 15:15:02 +0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="------------ms020503050704080101070709"
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/GkpkXNZMUY-9i3VwZU1LxdBXwd0>
Subject: [Suit] Possible additional considerations for Suit
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Nov 2017 07:15:10 -0000

This is a cryptographically signed message in MIME format.

--------------ms020503050704080101070709
Content-Type: multipart/alternative;
 boundary="------------82FC7B3115CCEFFCB11DE686"
Content-Language: en-US

This is a multi-part message in MIME format.
--------------82FC7B3115CCEFFCB11DE686
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable

Hi all,

after reading the material for the meeting, few high-level=20
considerations popped into my mind that I think it might be useful to=20
raise early. Here's the laundry list:

  * *Device Credentials for Firmware Access.* It seems that an
    alternative to per-device encryption is the possibility of allowing
    only authenticated devices to access/download/retrieve the firmware
    itself (This requires a transport protocol that would support the
    use of device-provided credentials)

  * *IP vs. non-IP Devices.* I wonder if some special considerations
    shall be given for IP vs. non-IP devices that might still be
    targeted for data extraction via device gateways.

  * *Firmware and Deployment.* How to allow for separation of device
    manufacturer firmware validation and deployment enabling in selected
    environments (i.e., another way to target the deployment of the
    firmware). For example, environments where deployment of the
    update(s) could be controlled by a third party (e.g., network
    operator). How to address that ?

  * *Public Crypto.* Is there any interest in providing any special
    considerations for devices that have support for public crypto
    (e.g., small crypto accelerators - ECDSA-P256/SHA256)? The
    availability of small crypto chip that allow for secure storage and
    off-chip crypto ops might benefit from special
    treatment/considerations... ?

  * *Trust Anchor Management.* Key management is a hard problem, but
    Trust Anchor management is often ignored or left to the
    application/device manufacturer. Should the group also provide
    guidance about how to handle TAs and their updates? For example, in
    the case where TLS is used for authentication of the source, what is
    the relationship between the certificate used on the server and the
    firmware development?

Last comment, personally I think that the proposed approaches might all=20
provide a piece of the puzzle (authenticated manifest, signed firmware,=20
encryption, per-device encryption, and TLS). From the experience I have=20
with device manufacturers, the lack of experience on their part (in many =

cases) needs to be addressed by keeping the complexity of=20
implementation, deployment, and long-term management/support to a minimum=
=2E

Just my 2 cents...

Looking forward to the Bof discussion :-D

Cheers,
Max

--=20
Best Regards,
Massimiliano Pala, Ph.D.
OpenCA Labs Director
OpenCA Logo

--------------82FC7B3115CCEFFCB11DE686
Content-Type: multipart/related;
 boundary="------------5B096B6492E2DDD467D7C974"


--------------5B096B6492E2DDD467D7C974
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable

<html>
  <head>

    <meta http-equiv=3D"content-type" content=3D"text/html; charset=3Dutf=
-8">
  </head>
  <body text=3D"#000000" bgcolor=3D"#FFFFFF">
    <p>Hi all,</p>
    <p>after reading the material for the meeting, few high-level
      considerations popped into my mind that I think it might be useful
      to raise early. Here's the laundry list:</p>
    <ul>
      <li><b>Device Credentials for Firmware Access.</b> It seems that
        an alternative to per-device encryption is the possibility of
        allowing only authenticated devices to access/download/retrieve
        the firmware itself (This requires a transport protocol that
        would support the use of device-provided credentials)<br>
        <br>
      </li>
      <li><b>IP vs. non-IP Devices.</b> I wonder if some special
        considerations shall be given for IP vs. non-IP devices that
        might still be targeted for data extraction via device gateways.<=
br>
        <br>
      </li>
      <li><b>Firmware and Deployment.</b> How to allow for separation of
        device manufacturer firmware validation and deployment enabling
        in selected environments (i.e., another way to target the
        deployment of the firmware). For example, environments where
        deployment of the update(s) could be controlled by a third party
        (e.g., network operator). How to address that ?<br>
        <br>
      </li>
      <li><b>Public Crypto.</b> Is there any interest in providing any
        special considerations for devices that have support for public
        crypto (e.g., small crypto accelerators - ECDSA-P256/SHA256)?
        The availability of small crypto chip that allow for secure
        storage and off-chip crypto ops might benefit from special
        treatment/considerations... ?<br>
        <br>
      </li>
      <li><b>Trust Anchor Management.</b> Key management is a hard
        problem, but Trust Anchor management is often ignored or left to
        the application/device manufacturer. Should the group also
        provide guidance about how to handle TAs and their updates? For
        example, in the case where TLS is used for authentication of the
        source, what is the relationship between the certificate used on
        the server and the firmware development?</li>
    </ul>
    <p>Last comment, personally I think that the proposed approaches
      might all provide a piece of the puzzle (authenticated manifest,
      signed firmware, encryption, per-device encryption, and TLS). From
      the experience I have with device manufacturers, the lack of
      experience on their part (in many cases) needs to be addressed by
      keeping the complexity of implementation, deployment, and
      long-term management/support to a minimum.</p>
    <p>Just my 2 cents...</p>
    <p>Looking forward to the Bof discussion :-D<br>
    </p>
    <p>Cheers,<br>
      Max<br>
    </p>
    <div class=3D"moz-signature">-- <br>
      <div style=3D"color: black; margin-top: 10px;">
        Best Regards,
        <div style=3D"margin-top: 5px; margin-left: 0px; ">
          Massimiliano Pala, Ph.D.<br>
          OpenCA Labs Director<br>
        </div>
        <img src=3D"cid:part1.2730BB37.7F63F3A7@openca.org"
          style=3D"vertical-align: 0px; margin-top: 10px; margin-left:
          0px;" alt=3D"OpenCA Logo"><br>
      </div>
    </div>
  </body>
</html>

--------------5B096B6492E2DDD467D7C974
Content-Type: image/png;
 name="aljnkjegaopjbleo.png"
Content-Transfer-Encoding: base64
Content-ID: <part1.2730BB37.7F63F3A7@openca.org>
Content-Disposition: inline;
 filename="aljnkjegaopjbleo.png"

iVBORw0KGgoAAAANSUhEUgAAAGQAAAA2CAMAAAAGesyaAAADAFBMVEUsJiEAAQAKAwMABwoX
BwESCQAqDgEkEQItFQESGykaGh0WGyE1FwE9GwJHHwElJiY4JBQmKDE1KCAfLUQ8KygoMEAq
MjpXKgs/MilMMR0pOFEyOUo4OTo1OkRqMgpjOBlpNxUwQV1DPz48QExdOyM4QVV+OQRRQzo1
SGdDR0lDSFJfRDFASVyaPwF+RRpNT1I9UXlwSi8+UnNDUm6hQgCPRhBdUEZTUlBKVGlPVF27
PgCaSANtUT57VBerSQOMUgxHW4KMUiepTwmJVDh6WT6KVjGCWDpRYH21TwFiYF57YgJXYXae
VR+lVRZrYld1ZiB7YEuSYQBgZW+8VAlkZWjBVQCfXiqqXwG1WhPLVgedYDazXiDZVgCWZEDV
WQJ1blapYjbXWgDRXACMaU6WbgCiZjnIXw9mcIixZC6pZjJ/cUeLbFdycmZ4cGnnWwNwc3Wq
aS6BcGeobwndXwzkXwLgYgDaYwyMeCq/bQHJaBi9ajDMagWVegvRZxzVaAvXaQDLainqZAuv
cEPrZQDQaSyockrFbSvmZwnabQLvZwDpaQB0fpPkaxGld1d+f3/3aACfeV6RfG2JfnLebSF7
gYy2fQmugQCigxW8d0K3eEr1bQXaciTicRqKgnzNewHuchbUdzKYiDzrdwKah1erjAvOfEXl
eSq5g1qYjGikiHO2kADigwC2hmSZjIGGj6aHkJzQiwCximixim/EkAORkZGVkYrOh0rPiVL5
giTvhDKkk4LMjF23mR+zmTrhikrviDzsi0TAlHDCnwvKlGqpnJLdlF2boKy+m324nImkoZ+e
o6XKpgrloATwl1WypZPOn3zfqQjYrgLBrVDdo3nGq5mysa/SrI7dq4bqqXTOrpWttL+6s6uw
tbe/t4rhvALetpjQuqnuwwe9v8LAv7vauqD3xA68w9XBw83rvJfRwbXFyMvbxbPNyMP8zgTc
zMDr0mb91xLM1ODQ1NfS1c7p0sD70bPd19PX4qj83cje4+Xr4tv54NLp7/Hy9PHw9fj6/v3Y
ktvJAAAAAXRSTlMAQObYZgAAAAFiS0dEAIgFHUgAAAjrSURBVFjDtVcNWFPXGT6E+l9BZ0EF
sTKEIQaUAIrTZdYqxqG0I3UjIuiDM0ipoyO5l0rFh2PE472EoIJKL9hQV2OxqM+USgFL4r9g
EaIoQxgqKBZBR+nGGhXYdwNro0Kfkcp3ntzce/7e8/2e70PoJVDl3bMlZyurUSsaKnqESrMp
lYrByozCjUOEUZORodMRVsViTjJc8GbLUGCUUstLv1SyLCGch8DGRiDPe/kY5/2HCQQTxZEE
y4fb2gDI8KjjLxsjfyyc3lZgM3KixwgeY4TEzk7+kjHODbeb6u0xAhiw8XgFMOxolpP6J75U
jLZfp6dzHIcBYCQbIBB4sCxDOLK6eMAVT39it57+e09ysCnDUtnrJ0vS5ZMW0PBFWDbd40G/
85sH2KeXvj94u/flX8/2J6kYQkhkHbzWbkdH0N0UDN8sURS8uMd9dMzPL7BxIIjOayuWLBIf
70RPUPjxLouBEgVhMaYuWXQlMjwsN+eFTR4cDZ4werRDYOoAIFkrptm/Ni0gthOt9Q4yWQxc
AwyWTbacW0sTDGoJen4P002/2S7LjgV6BpY1N6OO5g5eeiZTY/P9b1FzRwfKWuk9p/72ct+N
puKpq32qLVaexOCCJB91aezt5y6zt7fXILSdJZjlVr1w0mCR66x6FL3QOXiUQ2a0k/sFlDlq
1LzUMQ4uxxycjl0LWO1bBsY6yXR3wSTJGxqLhdsJHDsS9cwF47XlvcQGQiXhRbih/HkQv4XO
cajZb6GDu7PTFEdPkVu0k4vQyd3Jc/SUwNnB+RJ/XsI9ptZDIxMly3dbLNwGnGBJF+Id3cZM
9ui8Gjq5P/TDiRCegbOFgSKRo5e7yNHV2dnPdVb0bHfHQCevNIV/rxqrX48oFQdYcpKMtYRb
juxtfqRypNACK28+j3FsqcilAD0ADuIWCt0yRa7zRNEOY2YELhW5CV2dXVKixH8BC+s8GDN9
wWKxf94zpsRiJuWmBYjgndsKFmu5Bc+D3HQXCcu7QTFTMl3HF0SLxruLvGa4zUqdMGFWqqfX
3GSxN0y6NT154i+v75zvH2thXiWgY2YVElhwYl9NYxarlr0grlQn92DQt1vBUk+nUFeHGZme
gUIvl1RXr1AnV/fx6zd4v3HptM/YaXbrzmYFePu2WpowYRlJo+2PGLb2d9WE5bw1L4DcnOco
9HIcH3o02HOecMqMJhQqdLPXpArHl2uEo+Na8qZPXxw0+bVx46bFzhw3eZylM2dgwkbWW3Iy
Jp9lMDe9H2/raiqPCy5/fHSCu+M7mkffoQuzQhvRhWVlj1FcWTfq6dwdElJmarxedr/u3P6C
Nn7Fk95ol8wRjIMsOLGJSwLm/OMGjlFHJ7hqelDuxdMlpbU16JvqlJTamivoBjrfUgNB69zf
b6Fr1TWPKmtOw9xCdLayEFWvBlaSfmEBsk6LSdTMNnQaldTe7Qfj20yveddR2toVEevCi9/f
fmntR7ErtvompmyICM9qyYpZsG3FhqwNYRH5KUtyW7eGRRxfH1OHDv0ZXH6ihbSyVYzSY3Fu
BkVR9LaS2wPxUxyTFpu2eGverr+dezvi0ttpOy/tTKlL2ZkWs6p4VV1Kyq60nevS8iLyi1tW
hfNWzMfhYT+ArAQ+5odRBENjlRW5F/vH6O7u7urpXtvR/bQbmX/dPd3w7Ok+2Ij4ry5o0N/d
Y1p7qA21FodhFRc1ctjIsXZ2Y18VcwCixNgcWlgVbUiue3b3J33te7497vv/oT1Bj5/7br1R
grYlfrReSqmwPDyK0GqOUHKWj/RwP0J0ZlmsK3o2HP+7Qt9HBr3BYH5aNL3FG/+ul8sjKcxH
dRJFGJkhfKxgmM2rUoaSg5h4GAwXJsF00dRGq+/21k2EF7o50oNswrNfsYUQKRBIZWIFh3lu
aLNe1F++bjXGyWyzZiGoYFYLx5Ys4v0R3GWRdBHNErBiSiqVRhHMyeaYrMQ4SENWCvEcfhCm
GIzpqKlm27KTSWUcAX1goBw5oATctDb33aLTYV5SWoaXP5+gyqlFdnZ23nB+plcnREv0RWJC
BVkrrBJ1BewMmlVpgRUQF7wpItMJTcsJ34GBRVaFdQZaqoqxFmSb3qDQgu1A2GI4YAnODkQY
IOhklDKzo2C1IV2sijzdhjorqwefNdL6ihxzegU7SynexHgBMXy+xWFG8qvdf91D8WpRi41q
KFl02YaswYNkULTeLC9CFFK4bDHDMmZbhnuXSOdAsnN1LxgfVu7ZvG8LpSJUlO/gnaWQFwYv
JpZeKdUaSC8ApuhIShYQYp5yWQ0oPgVXPtkcHz/fx5rqqzosHSSlBYHIxKSolJcUsIIpnzkh
mt4b7Z/tOzBRQWaA6uNCNdet0nxLkL8CgzeQKIlCXaHjXR9MlqQn9Y1fNd5RE0zF/ryKwVR/
JMnsI3S8Umcw6NRYxRuUKqk3lfnKeGcTySAx5hy+7WfgZOv4uLLl0w8wUah71QLBpJeXq/eM
VVivV8jz6lB2ofWF6i1dEYRZfMJ4piE+ZweNeb7A2VVyKEx6vjt1z/ghMehVKiUpyt1VYBXC
N6j0Q4Mazp7TvvndhIaGhqqvP1bwFk0YRYR5RoLR+PkWmlIpV/oEDQ6jB9Wc3Z6bm6zLTtLl
gLC4LVWXz5Q1ffbV5oZ24wmsV/NeKTlirmg+u/q7w7/38PDdeKF8UBgXs2kV4WUC0YR/KOLv
Pby3L5O30yvG9vY/6vX8JSbb2je96coXX5QPznqfokKKEPWBAwd20ApaTWsP7LnTfsd42at3
+B+H7+zRUfwZZMutN6baHCX5+Ou9Zy4f3nuiKr7KaHxoNDbsSwhp6htvfyg3Zw901G+ttVlT
Ja34/E+fvrXmvY3713xy6tSZfadOJby7X1P/vwn/MeaYr0mF7IMEq690Gu95KwQq5L5K+f59
qGUtaZMSciHMKjdVbY6zFqRC/pv3LgxY5tcW0pjIpGGJ7+89kxBnbXZSmjuz7CeyihyG8fbd
XXYdrWlqQg+sZWTdzPqBB68VEdnkzDY0lHSjSD9/GRpaMt3OWqLpQENOTf/PpP8CK9ZVVe2a
8XoAAAAASUVORK5CYII=
--------------5B096B6492E2DDD467D7C974--

--------------82FC7B3115CCEFFCB11DE686--

--------------ms020503050704080101070709
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCC
CfUwggSvMIIDl6ADAgECAhEA4CPLFRKDU4mtYW56VGdrITANBgkqhkiG9w0BAQsFADBvMQsw
CQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4
dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290
MB4XDTE0MTIyMjAwMDAwMFoXDTIwMDUzMDEwNDgzOFowgZsxCzAJBgNVBAYTAkdCMRswGQYD
VQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNP
TU9ETyBDQSBMaW1pdGVkMUEwPwYDVQQDEzhDT01PRE8gU0hBLTI1NiBDbGllbnQgQXV0aGVu
dGljYXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAImxDdp6UxlOcFIdvFamBia3uEngludRq/HwWhNJFaO0jBtgvHpRQqd5jKQi3xdh
TpHVdiMKFNNKAn+2HQmAbqUEPdm6uxb+oYepLkNSQxZ8rzJQyKZPWukI2M+TJZx7iOgwZOak
+FaA/SokFDMXmaxE5WmLo0YGS8Iz1OlAnwawsayTQLm1CJM6nCpToxDbPSBhPFUDjtlOdiUC
ISn6o3xxdk/u4V+B6ftUgNvDezVSt4TeIj0sMC0xf1m9UjewM2ktQ+v61qXxl3dnUYzZ7ifr
vKUHOHaMpKk4/9+M9QOsSb7K93OZOg8yq5yVOhM9DkY6V3RhUL7GQD/L5OKfoiECAwEAAaOC
ARcwggETMB8GA1UdIwQYMBaAFK29mHo0tCb3+sQmVO8DveAky1QaMB0GA1UdDgQWBBSSYWuC
4aKgqk/sZ/HCo/e0gADB7DAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADAd
BgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwEQYDVR0gBAowCDAGBgRVHSAAMEQGA1Ud
HwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4dGVybmFs
Q0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVz
ZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQELBQADggEBABsqbqxVwTqriMXY7c1V86prYSvACRAj
mQ/FZmpvsfW0tXdeDwJhAN99Bf4Ss6SAgAD8+x1banICCkG8BbrBWNUmwurVTYT7/oKYz1gb
4yJjnFL4uwU2q31Ypd6rO2Pl2tVz7+zg+3vio//wQiOcyraNTT7kSxgDsqgt1Ni7QkuQaYUQ
26Y3NOh74AEQpZzKOsefT4g0bopl0BqKu6ncyso20fT8wmQpNa/WsadxEdIDQ7GPPprsnjJT
9HaSyoY0B7ksyuYcStiZDcGG4pCS+1pCaiMhEOllx/XVu37qjIUgAmLq0ToHLFnFmTPyOInl
tukWeh95FPZKEBom+nyK+5swggU+MIIEJqADAgECAhEA/bu0LJsAKXVhEpPllE0lYzANBgkq
hkiG9w0BAQsFADCBmzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3Rl
cjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxQTA/BgNV
BAMTOENPTU9ETyBTSEEtMjU2IENsaWVudCBBdXRoZW50aWNhdGlvbiBhbmQgU2VjdXJlIEVt
YWlsIENBMB4XDTE2MTEzMDAwMDAwMFoXDTE3MTEzMDIzNTk1OVowJDEiMCAGCSqGSIb3DQEJ
ARYTZGlyZWN0b3JAb3BlbmNhLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AKnGg/GUuTjn0dKCEpRhVd+uiYbCjLQht+dbkvyRLm4aqlL7yHCe+21HQLIcU68ZCHT2ImpF
CFFrxQMQh4KijAwkbLc8+xZZSwXeZt58qnPn5c4vcpYU5LFq1q9oDT8MXH33DhVUT/7/IDSi
wRWM6FcgM6VrIjBmmvl9dW3gQaEd1bOAhO2X489fChRQYTaB6AEhqb8RSvWW7ZYzfNw8sPxV
afMCzWBPpO5RmLqOciZBhAinAM9dXmP5ckg/HjJQYSjvTc7HDcg75mpr5wH8Tk/ChyIYk4CT
zqONQV8HKCzZPTVmd2ZuMrliJwMFs3uEg0aBSzHjJTyAmZ89q5Mz3XsCAwEAAaOCAfEwggHt
MB8GA1UdIwQYMBaAFJJha4LhoqCqT+xn8cKj97SAAMHsMB0GA1UdDgQWBBTGgh9JWBvcrak1
PhAWBLGrECNAjzAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAgBgNVHSUEGTAXBggr
BgEFBQcDBAYLKwYBBAGyMQEDBQIwEQYJYIZIAYb4QgEBBAQDAgUgMEYGA1UdIAQ/MD0wOwYM
KwYBBAGyMQECAQEBMCswKQYIKwYBBQUHAgEWHWh0dHBzOi8vc2VjdXJlLmNvbW9kby5uZXQv
Q1BTMF0GA1UdHwRWMFQwUqBQoE6GTGh0dHA6Ly9jcmwuY29tb2RvY2EuY29tL0NPTU9ET1NI
QTI1NkNsaWVudEF1dGhlbnRpY2F0aW9uYW5kU2VjdXJlRW1haWxDQS5jcmwwgZAGCCsGAQUF
BwEBBIGDMIGAMFgGCCsGAQUFBzAChkxodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9T
SEEyNTZDbGllbnRBdXRoZW50aWNhdGlvbmFuZFNlY3VyZUVtYWlsQ0EuY3J0MCQGCCsGAQUF
BzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wHgYDVR0RBBcwFYETZGlyZWN0b3JAb3Bl
bmNhLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEAdIqtPcvA+g6VTYUpEo0I9Vtnrf9PiZ3OpkRL
O7U78EaeUfvOotThqj74XyrIl6eYlg+EdGIIUVB1CI05wPMRlZN3/R/Tj28vWkwckLRIbpL4
A5ZQyKgA9vK15/EEBVFIpCtAI6xJX0zx6TySlIgjcca05L0JgO7nzLGD2MY/dVWEE+QBuNI+
NBci+c+9q6YDPoXOpo0Wwbe0Bq95jNNWmZwhGzc+N5rhOGZmQT4P7TnpzvMik8ugbkqWyyHa
DQbLKYzM1RKS/mwcvFqjJCQgORnaCilSbfClwdWGI7vwcTR8eAzduvwG61u46Cgb57K5sMck
RicpWRvEYxCCVTwnozGCBEQwggRAAgEBMIGxMIGbMQswCQYDVQQGEwJHQjEbMBkGA1UECBMS
R3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8g
Q0EgTGltaXRlZDFBMD8GA1UEAxM4Q09NT0RPIFNIQS0yNTYgQ2xpZW50IEF1dGhlbnRpY2F0
aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0ECEQD9u7QsmwApdWESk+WUTSVjMA0GCWCGSAFlAwQC
AQUAoIICYzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xNzEx
MTMwNzE1MDJaMC8GCSqGSIb3DQEJBDEiBCCoAPxSepP1iOjS1MUKdzTAuhCygbw41/qioWA6
L6R7WjBsBgkqhkiG9w0BCQ8xXzBdMAsGCWCGSAFlAwQBKjALBglghkgBZQMEAQIwCgYIKoZI
hvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3
DQMCAgEoMIHCBgkrBgEEAYI3EAQxgbQwgbEwgZsxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJH
cmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBD
QSBMaW1pdGVkMUEwPwYDVQQDEzhDT01PRE8gU0hBLTI1NiBDbGllbnQgQXV0aGVudGljYXRp
b24gYW5kIFNlY3VyZSBFbWFpbCBDQQIRAP27tCybACl1YRKT5ZRNJWMwgcQGCyqGSIb3DQEJ
EAILMYG0oIGxMIGbMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVy
MRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDFBMD8GA1UE
AxM4Q09NT0RPIFNIQS0yNTYgQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1h
aWwgQ0ECEQD9u7QsmwApdWESk+WUTSVjMA0GCSqGSIb3DQEBAQUABIIBAEtq8KCaytMMa90N
1XGvhrtigOsHSMR3DnLd+q60gctTkYBBx5Oe8XEvA2VzFBaTJwPGVrqhXtmf+2UY74fqGnLe
4rQdAgvsHm1Ik5IsFnVAAN3U25qLYPB43AICNJN2YHokzwOIpjaOu/vp/U835JfvArcgzvSk
oI6ErQiBO/6gdRhoBD1qvh1y0JggJR4NV+MWtwr65nsFiZyVU/PGlhZ8c0BZ9NB2TFUL4VxH
XC3qR7MGKfWHsI2EVh5uxropJt2p4MtjObO2GZurRCDHZPTDAN4tPPXJaq8lJKM5xtQxw+6c
5M1AzTi4zn0DUWtVa3v3q2WASK6zSDHIcaNv4fYAAAAAAAA=
--------------ms020503050704080101070709--


From nobody Sun Nov 12 23:22:39 2017
Return-Path: <director@openca.org>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CD63E1294B5 for <suit@ietfa.amsl.com>; Sun, 12 Nov 2017 23:22:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.797
X-Spam-Level: 
X-Spam-Status: No, score=-0.797 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_IMAGE_ONLY_16=1.092, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_HK_NAME_DR=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F4jMepAF4hZa for <suit@ietfa.amsl.com>; Sun, 12 Nov 2017 23:22:19 -0800 (PST)
Received: from mail.katezarealty.com (mail.katezarealty.com [104.168.158.213]) by ietfa.amsl.com (Postfix) with ESMTP id BE53D12948F for <suit@ietf.org>; Sun, 12 Nov 2017 23:22:13 -0800 (PST)
Received: from localhost (unknown [127.0.0.1]) by mail.katezarealty.com (Postfix) with ESMTP id 8FFA73741029 for <suit@ietf.org>; Mon, 13 Nov 2017 07:22:13 +0000 (UTC)
X-Virus-Scanned: amavisd-new at katezarealty.com
Received: from mail.katezarealty.com ([127.0.0.1]) by localhost (mail.katezarealty.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id zB6gye3ORyKr for <suit@ietf.org>; Mon, 13 Nov 2017 02:22:12 -0500 (EST)
Received: from dhcp-8b1d.meeting.ietf.org (dhcp-8b1d.meeting.ietf.org [31.133.139.29]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.katezarealty.com (Postfix) with ESMTPSA id D8EF7374083D for <suit@ietf.org>; Mon, 13 Nov 2017 02:22:11 -0500 (EST)
To: suit@ietf.org
From: "Dr. Pala" <director@openca.org>
Organization: OpenCA Labs
Message-ID: <6437dc89-4706-dcdd-3b7a-f073c44ccfdb@openca.org>
Date: Mon, 13 Nov 2017 15:22:10 +0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="------------ms040309030609020306000508"
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/W8dXetqDR0Uo42qGmQ5k3IG26og>
Subject: [Suit] Question about draft-moran-suit-manifest-00.txt
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Nov 2017 07:22:21 -0000

This is a cryptographically signed message in MIME format.

--------------ms040309030609020306000508
Content-Type: multipart/alternative;
 boundary="------------A8586E8FC33A64C7E678C252"
Content-Language: en-US

This is a multi-part message in MIME format.
--------------A8586E8FC33A64C7E678C252
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable

Hi all,

I quickly skimmed the draft and I have a question for the authors. In=20
particular, it seems that the authors mandate for the use of CBOR for=20
authentication/encryption of Payload (COSE_Encrypt) and Manifest=20
(COSE_Mac, COSE_Mac) without, AFAIK, ever mentioning CBOR explicitly.

If that is correct (I got through it VERY quickly), since the Charter=20
explicitly focuses on ASN.1 encoding (and CBOR, if ever, might be=20
considered in the future), I am a little confused about the use of COSE=20
in the I-D.

Can the author(s) provide some clarification on this point ?

Cheers,
Max

--=20
Best Regards,
Massimiliano Pala, Ph.D.
OpenCA Labs Director
OpenCA Logo

--------------A8586E8FC33A64C7E678C252
Content-Type: multipart/related;
 boundary="------------538988E3177156E6E1403ED1"


--------------538988E3177156E6E1403ED1
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable

<html>
  <head>

    <meta http-equiv=3D"content-type" content=3D"text/html; charset=3Dutf=
-8">
  </head>
  <body text=3D"#000000" bgcolor=3D"#FFFFFF">
    <p>Hi all,</p>
    <p>I quickly skimmed the draft and I have a question for the
      authors. In particular, it seems that the authors mandate for the
      use of CBOR for authentication/encryption of Payload
      (COSE_Encrypt) and Manifest (COSE_Mac, COSE_Mac) without, AFAIK,
      ever mentioning CBOR explicitly. <br>
    </p>
    <p>If that is correct (I got through it VERY quickly), since the
      Charter explicitly focuses on ASN.1 encoding (and CBOR, if ever,
      might be considered in the future), I am a little confused about
      the use of COSE in the I-D.</p>
    <p>Can the author(s) provide some clarification on this point ?<br>
    </p>
    <p>Cheers,<br>
      Max<br>
    </p>
    <div class=3D"moz-signature">-- <br>
      <div style=3D"color: black; margin-top: 10px;">
        Best Regards,
        <div style=3D"margin-top: 5px; margin-left: 0px; ">
          Massimiliano Pala, Ph.D.<br>
          OpenCA Labs Director<br>
        </div>
        <img src=3D"cid:part1.3AFED467.1FF835C5@openca.org"
          style=3D"vertical-align: 0px; margin-top: 10px; margin-left:
          0px;" alt=3D"OpenCA Logo"><br>
      </div>
    </div>
  </body>
</html>

--------------538988E3177156E6E1403ED1
Content-Type: image/png;
 name="ahgpooddjabccgjd.png"
Content-Transfer-Encoding: base64
Content-ID: <part1.3AFED467.1FF835C5@openca.org>
Content-Disposition: inline;
 filename="ahgpooddjabccgjd.png"

iVBORw0KGgoAAAANSUhEUgAAAGQAAAA2CAMAAAAGesyaAAADAFBMVEUsJiEAAQAKAwMABwoX
BwESCQAqDgEkEQItFQESGykaGh0WGyE1FwE9GwJHHwElJiY4JBQmKDE1KCAfLUQ8KygoMEAq
MjpXKgs/MilMMR0pOFEyOUo4OTo1OkRqMgpjOBlpNxUwQV1DPz48QExdOyM4QVV+OQRRQzo1
SGdDR0lDSFJfRDFASVyaPwF+RRpNT1I9UXlwSi8+UnNDUm6hQgCPRhBdUEZTUlBKVGlPVF27
PgCaSANtUT57VBerSQOMUgxHW4KMUiepTwmJVDh6WT6KVjGCWDpRYH21TwFiYF57YgJXYXae
VR+lVRZrYld1ZiB7YEuSYQBgZW+8VAlkZWjBVQCfXiqqXwG1WhPLVgedYDazXiDZVgCWZEDV
WQJ1blapYjbXWgDRXACMaU6WbgCiZjnIXw9mcIixZC6pZjJ/cUeLbFdycmZ4cGnnWwNwc3Wq
aS6BcGeobwndXwzkXwLgYgDaYwyMeCq/bQHJaBi9ajDMagWVegvRZxzVaAvXaQDLainqZAuv
cEPrZQDQaSyockrFbSvmZwnabQLvZwDpaQB0fpPkaxGld1d+f3/3aACfeV6RfG2JfnLebSF7
gYy2fQmugQCigxW8d0K3eEr1bQXaciTicRqKgnzNewHuchbUdzKYiDzrdwKah1erjAvOfEXl
eSq5g1qYjGikiHO2kADigwC2hmSZjIGGj6aHkJzQiwCximixim/EkAORkZGVkYrOh0rPiVL5
giTvhDKkk4LMjF23mR+zmTrhikrviDzsi0TAlHDCnwvKlGqpnJLdlF2boKy+m324nImkoZ+e
o6XKpgrloATwl1WypZPOn3zfqQjYrgLBrVDdo3nGq5mysa/SrI7dq4bqqXTOrpWttL+6s6uw
tbe/t4rhvALetpjQuqnuwwe9v8LAv7vauqD3xA68w9XBw83rvJfRwbXFyMvbxbPNyMP8zgTc
zMDr0mb91xLM1ODQ1NfS1c7p0sD70bPd19PX4qj83cje4+Xr4tv54NLp7/Hy9PHw9fj6/v3Y
ktvJAAAAAXRSTlMAQObYZgAAAAFiS0dEAIgFHUgAAAjrSURBVFjDtVcNWFPXGT6E+l9BZ0EF
sTKEIQaUAIrTZdYqxqG0I3UjIuiDM0ipoyO5l0rFh2PE472EoIJKL9hQV2OxqM+USgFL4r9g
EaIoQxgqKBZBR+nGGhXYdwNro0Kfkcp3ntzce/7e8/2e70PoJVDl3bMlZyurUSsaKnqESrMp
lYrByozCjUOEUZORodMRVsViTjJc8GbLUGCUUstLv1SyLCGch8DGRiDPe/kY5/2HCQQTxZEE
y4fb2gDI8KjjLxsjfyyc3lZgM3KixwgeY4TEzk7+kjHODbeb6u0xAhiw8XgFMOxolpP6J75U
jLZfp6dzHIcBYCQbIBB4sCxDOLK6eMAVT39it57+e09ysCnDUtnrJ0vS5ZMW0PBFWDbd40G/
85sH2KeXvj94u/flX8/2J6kYQkhkHbzWbkdH0N0UDN8sURS8uMd9dMzPL7BxIIjOayuWLBIf
70RPUPjxLouBEgVhMaYuWXQlMjwsN+eFTR4cDZ4werRDYOoAIFkrptm/Ni0gthOt9Q4yWQxc
AwyWTbacW0sTDGoJen4P002/2S7LjgV6BpY1N6OO5g5eeiZTY/P9b1FzRwfKWuk9p/72ct+N
puKpq32qLVaexOCCJB91aezt5y6zt7fXILSdJZjlVr1w0mCR66x6FL3QOXiUQ2a0k/sFlDlq
1LzUMQ4uxxycjl0LWO1bBsY6yXR3wSTJGxqLhdsJHDsS9cwF47XlvcQGQiXhRbih/HkQv4XO
cajZb6GDu7PTFEdPkVu0k4vQyd3Jc/SUwNnB+RJ/XsI9ptZDIxMly3dbLNwGnGBJF+Id3cZM
9ui8Gjq5P/TDiRCegbOFgSKRo5e7yNHV2dnPdVb0bHfHQCevNIV/rxqrX48oFQdYcpKMtYRb
juxtfqRypNACK28+j3FsqcilAD0ADuIWCt0yRa7zRNEOY2YELhW5CV2dXVKixH8BC+s8GDN9
wWKxf94zpsRiJuWmBYjgndsKFmu5Bc+D3HQXCcu7QTFTMl3HF0SLxruLvGa4zUqdMGFWqqfX
3GSxN0y6NT154i+v75zvH2thXiWgY2YVElhwYl9NYxarlr0grlQn92DQt1vBUk+nUFeHGZme
gUIvl1RXr1AnV/fx6zd4v3HptM/YaXbrzmYFePu2WpowYRlJo+2PGLb2d9WE5bw1L4DcnOco
9HIcH3o02HOecMqMJhQqdLPXpArHl2uEo+Na8qZPXxw0+bVx46bFzhw3eZylM2dgwkbWW3Iy
Jp9lMDe9H2/raiqPCy5/fHSCu+M7mkffoQuzQhvRhWVlj1FcWTfq6dwdElJmarxedr/u3P6C
Nn7Fk95ol8wRjIMsOLGJSwLm/OMGjlFHJ7hqelDuxdMlpbU16JvqlJTamivoBjrfUgNB69zf
b6Fr1TWPKmtOw9xCdLayEFWvBlaSfmEBsk6LSdTMNnQaldTe7Qfj20yveddR2toVEevCi9/f
fmntR7ErtvompmyICM9qyYpZsG3FhqwNYRH5KUtyW7eGRRxfH1OHDv0ZXH6ihbSyVYzSY3Fu
BkVR9LaS2wPxUxyTFpu2eGverr+dezvi0ttpOy/tTKlL2ZkWs6p4VV1Kyq60nevS8iLyi1tW
hfNWzMfhYT+ArAQ+5odRBENjlRW5F/vH6O7u7urpXtvR/bQbmX/dPd3w7Ok+2Ij4ry5o0N/d
Y1p7qA21FodhFRc1ctjIsXZ2Y18VcwCixNgcWlgVbUiue3b3J33te7497vv/oT1Bj5/7br1R
grYlfrReSqmwPDyK0GqOUHKWj/RwP0J0ZlmsK3o2HP+7Qt9HBr3BYH5aNL3FG/+ul8sjKcxH
dRJFGJkhfKxgmM2rUoaSg5h4GAwXJsF00dRGq+/21k2EF7o50oNswrNfsYUQKRBIZWIFh3lu
aLNe1F++bjXGyWyzZiGoYFYLx5Ys4v0R3GWRdBHNErBiSiqVRhHMyeaYrMQ4SENWCvEcfhCm
GIzpqKlm27KTSWUcAX1goBw5oATctDb33aLTYV5SWoaXP5+gyqlFdnZ23nB+plcnREv0RWJC
BVkrrBJ1BewMmlVpgRUQF7wpItMJTcsJ34GBRVaFdQZaqoqxFmSb3qDQgu1A2GI4YAnODkQY
IOhklDKzo2C1IV2sijzdhjorqwefNdL6ihxzegU7SynexHgBMXy+xWFG8qvdf91D8WpRi41q
KFl02YaswYNkULTeLC9CFFK4bDHDMmZbhnuXSOdAsnN1LxgfVu7ZvG8LpSJUlO/gnaWQFwYv
JpZeKdUaSC8ApuhIShYQYp5yWQ0oPgVXPtkcHz/fx5rqqzosHSSlBYHIxKSolJcUsIIpnzkh
mt4b7Z/tOzBRQWaA6uNCNdet0nxLkL8CgzeQKIlCXaHjXR9MlqQn9Y1fNd5RE0zF/ryKwVR/
JMnsI3S8Umcw6NRYxRuUKqk3lfnKeGcTySAx5hy+7WfgZOv4uLLl0w8wUah71QLBpJeXq/eM
VVivV8jz6lB2ofWF6i1dEYRZfMJ4piE+ZweNeb7A2VVyKEx6vjt1z/ghMehVKiUpyt1VYBXC
N6j0Q4Mazp7TvvndhIaGhqqvP1bwFk0YRYR5RoLR+PkWmlIpV/oEDQ6jB9Wc3Z6bm6zLTtLl
gLC4LVWXz5Q1ffbV5oZ24wmsV/NeKTlirmg+u/q7w7/38PDdeKF8UBgXs2kV4WUC0YR/KOLv
Pby3L5O30yvG9vY/6vX8JSbb2je96coXX5QPznqfokKKEPWBAwd20ApaTWsP7LnTfsd42at3
+B+H7+zRUfwZZMutN6baHCX5+Ou9Zy4f3nuiKr7KaHxoNDbsSwhp6htvfyg3Zw901G+ttVlT
Ja34/E+fvrXmvY3713xy6tSZfadOJby7X1P/vwn/MeaYr0mF7IMEq690Gu95KwQq5L5K+f59
qGUtaZMSciHMKjdVbY6zFqRC/pv3LgxY5tcW0pjIpGGJ7+89kxBnbXZSmjuz7CeyihyG8fbd
XXYdrWlqQg+sZWTdzPqBB68VEdnkzDY0lHSjSD9/GRpaMt3OWqLpQENOTf/PpP8CK9ZVVe2a
8XoAAAAASUVORK5CYII=
--------------538988E3177156E6E1403ED1--

--------------A8586E8FC33A64C7E678C252--

--------------ms040309030609020306000508
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCC
CfUwggSvMIIDl6ADAgECAhEA4CPLFRKDU4mtYW56VGdrITANBgkqhkiG9w0BAQsFADBvMQsw
CQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4
dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290
MB4XDTE0MTIyMjAwMDAwMFoXDTIwMDUzMDEwNDgzOFowgZsxCzAJBgNVBAYTAkdCMRswGQYD
VQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNP
TU9ETyBDQSBMaW1pdGVkMUEwPwYDVQQDEzhDT01PRE8gU0hBLTI1NiBDbGllbnQgQXV0aGVu
dGljYXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAImxDdp6UxlOcFIdvFamBia3uEngludRq/HwWhNJFaO0jBtgvHpRQqd5jKQi3xdh
TpHVdiMKFNNKAn+2HQmAbqUEPdm6uxb+oYepLkNSQxZ8rzJQyKZPWukI2M+TJZx7iOgwZOak
+FaA/SokFDMXmaxE5WmLo0YGS8Iz1OlAnwawsayTQLm1CJM6nCpToxDbPSBhPFUDjtlOdiUC
ISn6o3xxdk/u4V+B6ftUgNvDezVSt4TeIj0sMC0xf1m9UjewM2ktQ+v61qXxl3dnUYzZ7ifr
vKUHOHaMpKk4/9+M9QOsSb7K93OZOg8yq5yVOhM9DkY6V3RhUL7GQD/L5OKfoiECAwEAAaOC
ARcwggETMB8GA1UdIwQYMBaAFK29mHo0tCb3+sQmVO8DveAky1QaMB0GA1UdDgQWBBSSYWuC
4aKgqk/sZ/HCo/e0gADB7DAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADAd
BgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwEQYDVR0gBAowCDAGBgRVHSAAMEQGA1Ud
HwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4dGVybmFs
Q0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVz
ZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQELBQADggEBABsqbqxVwTqriMXY7c1V86prYSvACRAj
mQ/FZmpvsfW0tXdeDwJhAN99Bf4Ss6SAgAD8+x1banICCkG8BbrBWNUmwurVTYT7/oKYz1gb
4yJjnFL4uwU2q31Ypd6rO2Pl2tVz7+zg+3vio//wQiOcyraNTT7kSxgDsqgt1Ni7QkuQaYUQ
26Y3NOh74AEQpZzKOsefT4g0bopl0BqKu6ncyso20fT8wmQpNa/WsadxEdIDQ7GPPprsnjJT
9HaSyoY0B7ksyuYcStiZDcGG4pCS+1pCaiMhEOllx/XVu37qjIUgAmLq0ToHLFnFmTPyOInl
tukWeh95FPZKEBom+nyK+5swggU+MIIEJqADAgECAhEA/bu0LJsAKXVhEpPllE0lYzANBgkq
hkiG9w0BAQsFADCBmzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3Rl
cjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxQTA/BgNV
BAMTOENPTU9ETyBTSEEtMjU2IENsaWVudCBBdXRoZW50aWNhdGlvbiBhbmQgU2VjdXJlIEVt
YWlsIENBMB4XDTE2MTEzMDAwMDAwMFoXDTE3MTEzMDIzNTk1OVowJDEiMCAGCSqGSIb3DQEJ
ARYTZGlyZWN0b3JAb3BlbmNhLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AKnGg/GUuTjn0dKCEpRhVd+uiYbCjLQht+dbkvyRLm4aqlL7yHCe+21HQLIcU68ZCHT2ImpF
CFFrxQMQh4KijAwkbLc8+xZZSwXeZt58qnPn5c4vcpYU5LFq1q9oDT8MXH33DhVUT/7/IDSi
wRWM6FcgM6VrIjBmmvl9dW3gQaEd1bOAhO2X489fChRQYTaB6AEhqb8RSvWW7ZYzfNw8sPxV
afMCzWBPpO5RmLqOciZBhAinAM9dXmP5ckg/HjJQYSjvTc7HDcg75mpr5wH8Tk/ChyIYk4CT
zqONQV8HKCzZPTVmd2ZuMrliJwMFs3uEg0aBSzHjJTyAmZ89q5Mz3XsCAwEAAaOCAfEwggHt
MB8GA1UdIwQYMBaAFJJha4LhoqCqT+xn8cKj97SAAMHsMB0GA1UdDgQWBBTGgh9JWBvcrak1
PhAWBLGrECNAjzAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAgBgNVHSUEGTAXBggr
BgEFBQcDBAYLKwYBBAGyMQEDBQIwEQYJYIZIAYb4QgEBBAQDAgUgMEYGA1UdIAQ/MD0wOwYM
KwYBBAGyMQECAQEBMCswKQYIKwYBBQUHAgEWHWh0dHBzOi8vc2VjdXJlLmNvbW9kby5uZXQv
Q1BTMF0GA1UdHwRWMFQwUqBQoE6GTGh0dHA6Ly9jcmwuY29tb2RvY2EuY29tL0NPTU9ET1NI
QTI1NkNsaWVudEF1dGhlbnRpY2F0aW9uYW5kU2VjdXJlRW1haWxDQS5jcmwwgZAGCCsGAQUF
BwEBBIGDMIGAMFgGCCsGAQUFBzAChkxodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9T
SEEyNTZDbGllbnRBdXRoZW50aWNhdGlvbmFuZFNlY3VyZUVtYWlsQ0EuY3J0MCQGCCsGAQUF
BzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wHgYDVR0RBBcwFYETZGlyZWN0b3JAb3Bl
bmNhLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEAdIqtPcvA+g6VTYUpEo0I9Vtnrf9PiZ3OpkRL
O7U78EaeUfvOotThqj74XyrIl6eYlg+EdGIIUVB1CI05wPMRlZN3/R/Tj28vWkwckLRIbpL4
A5ZQyKgA9vK15/EEBVFIpCtAI6xJX0zx6TySlIgjcca05L0JgO7nzLGD2MY/dVWEE+QBuNI+
NBci+c+9q6YDPoXOpo0Wwbe0Bq95jNNWmZwhGzc+N5rhOGZmQT4P7TnpzvMik8ugbkqWyyHa
DQbLKYzM1RKS/mwcvFqjJCQgORnaCilSbfClwdWGI7vwcTR8eAzduvwG61u46Cgb57K5sMck
RicpWRvEYxCCVTwnozGCBEQwggRAAgEBMIGxMIGbMQswCQYDVQQGEwJHQjEbMBkGA1UECBMS
R3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8g
Q0EgTGltaXRlZDFBMD8GA1UEAxM4Q09NT0RPIFNIQS0yNTYgQ2xpZW50IEF1dGhlbnRpY2F0
aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0ECEQD9u7QsmwApdWESk+WUTSVjMA0GCWCGSAFlAwQC
AQUAoIICYzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xNzEx
MTMwNzIyMTBaMC8GCSqGSIb3DQEJBDEiBCAvxJW0PmmH4r2MboaGGOzyzzMSpdrWzbe4AcCm
k/6eRTBsBgkqhkiG9w0BCQ8xXzBdMAsGCWCGSAFlAwQBKjALBglghkgBZQMEAQIwCgYIKoZI
hvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3
DQMCAgEoMIHCBgkrBgEEAYI3EAQxgbQwgbEwgZsxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJH
cmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBD
QSBMaW1pdGVkMUEwPwYDVQQDEzhDT01PRE8gU0hBLTI1NiBDbGllbnQgQXV0aGVudGljYXRp
b24gYW5kIFNlY3VyZSBFbWFpbCBDQQIRAP27tCybACl1YRKT5ZRNJWMwgcQGCyqGSIb3DQEJ
EAILMYG0oIGxMIGbMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVy
MRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDFBMD8GA1UE
AxM4Q09NT0RPIFNIQS0yNTYgQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1h
aWwgQ0ECEQD9u7QsmwApdWESk+WUTSVjMA0GCSqGSIb3DQEBAQUABIIBABJjzbKWCjAKJmuD
fh9ifTW96pARdg3+l6BYCSCxEPfDlcUw7lwdUkWdo/FLSKSKlVgqV5BucE+I2vdGlVs/TPqa
4DMOnHz3OqHl0rPC/ec2ig5JdYxttoOSF1EquPDVUJ845A9pIYzKydSnAkw8DBLUv+pdyf0l
pCKF5+1jvNF1giFE0dPFX15FytbsehjoeUVNajo8nOFuEGjtqs3CLmD4Qy8xju9HErRkmVEl
ZH8J+n6sW8hC/SZ2cpqjl33qUtqeSxFcb/2nGbuNGpIKFKWE8PSmDvbhpovzOib3SAgGq70S
MAgQ7VU6QkZhBrzxTjXU2MlBsWMLr0J6dqagTSIAAAAAAAA=
--------------ms040309030609020306000508--


From nobody Mon Nov 13 00:04:28 2017
Return-Path: <cabo@tzi.org>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 592E51294E2 for <suit@ietfa.amsl.com>; Mon, 13 Nov 2017 00:04:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level: 
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F_5fATPbcdfR for <suit@ietfa.amsl.com>; Mon, 13 Nov 2017 00:04:23 -0800 (PST)
Received: from mailhost.informatik.uni-bremen.de (mailhost.informatik.uni-bremen.de [IPv6:2001:638:708:30c9::12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BB59A1294E0 for <suit@ietf.org>; Mon, 13 Nov 2017 00:04:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at informatik.uni-bremen.de
Received: from submithost.informatik.uni-bremen.de (submithost.informatik.uni-bremen.de [134.102.201.11]) by mailhost.informatik.uni-bremen.de (8.14.5/8.14.5) with ESMTP id vAD84IJ7013865; Mon, 13 Nov 2017 09:04:18 +0100 (CET)
Received: from dhcp-8241.meeting.ietf.org (dhcp-8241.meeting.ietf.org [31.133.130.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by submithost.informatik.uni-bremen.de (Postfix) with ESMTPSA id 3yb37j1NJczDWyL; Mon, 13 Nov 2017 09:04:16 +0100 (CET)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <6437dc89-4706-dcdd-3b7a-f073c44ccfdb@openca.org>
Date: Mon, 13 Nov 2017 16:04:12 +0800
Cc: suit@ietf.org
X-Mao-Original-Outgoing-Id: 532253052.704302-abc35ddd38da50d460e2a53dffeaf109
Content-Transfer-Encoding: quoted-printable
Message-Id: <DE9392FC-2328-4AE4-A99F-560A85777325@tzi.org>
References: <6437dc89-4706-dcdd-3b7a-f073c44ccfdb@openca.org>
To: "Dr. Pala" <director@openca.org>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/wsx0yc9rknxCXxu7iNey-3SALkg>
Subject: Re: [Suit] Question about draft-moran-suit-manifest-00.txt
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Nov 2017 08:04:27 -0000

On Nov 13, 2017, at 15:22, Dr. Pala <director@openca.org> wrote:
>=20
> Hi all,
>=20
> I quickly skimmed the draft and I have a question for the authors. In =
particular, it seems that the authors mandate for the use of CBOR for =
authentication/encryption of Payload (COSE_Encrypt) and Manifest =
(COSE_Mac, COSE_Mac) without, AFAIK, ever mentioning CBOR explicitly.=20
> If that is correct (I got through it VERY quickly), since the Charter =
explicitly focuses on ASN.1 encoding (and CBOR, if ever, might be =
considered in the future), I am a little confused about the use of COSE =
in the I-D.
>=20
> Can the author(s) provide some clarification on this point ?

I=E2=80=99m not an author, but I think it is abundantly clear that the =
current draft charter text does not reflect the current consensus.

Gr=C3=BC=C3=9Fe, Carsten



From nobody Mon Nov 13 00:16:16 2017
Return-Path: <rgm-sec@htt-consult.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 79575128BA2 for <suit@ietfa.amsl.com>; Mon, 13 Nov 2017 00:16:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.75
X-Spam-Level: 
X-Spam-Status: No, score=-2.75 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_BRBL_LASTEXT=1.449, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1FQzAhJzz2o4 for <suit@ietfa.amsl.com>; Mon, 13 Nov 2017 00:16:12 -0800 (PST)
Received: from z9m9z.htt-consult.com (z9m9z.htt-consult.com [50.253.254.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B05EA124B09 for <suit@ietf.org>; Mon, 13 Nov 2017 00:16:12 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by z9m9z.htt-consult.com (Postfix) with ESMTP id E2DE062152; Mon, 13 Nov 2017 03:16:11 -0500 (EST)
X-Virus-Scanned: amavisd-new at htt-consult.com
Received: from z9m9z.htt-consult.com ([127.0.0.1]) by localhost (z9m9z.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id jaBNn5J5qjcf; Mon, 13 Nov 2017 03:16:04 -0500 (EST)
Received: from lx120e.htt-consult.com (dhcp-80f0.meeting.ietf.org [31.133.128.240]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by z9m9z.htt-consult.com (Postfix) with ESMTPSA id 0220F6212C; Mon, 13 Nov 2017 03:16:02 -0500 (EST)
To: "Dr. Pala" <director@openca.org>, suit@ietf.org
References: <cac69656-c20b-f385-97e7-44e0a3ba1ca2@openca.org>
From: Robert Moskowitz <rgm-sec@htt-consult.com>
Message-ID: <52399064-8b8c-c407-31c7-32134b966855@htt-consult.com>
Date: Mon, 13 Nov 2017 16:15:58 +0800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1
MIME-Version: 1.0
In-Reply-To: <cac69656-c20b-f385-97e7-44e0a3ba1ca2@openca.org>
Content-Type: multipart/alternative; boundary="------------5BCBBF4E863723E4F41D75AB"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/CiLYBBZrY5hzDHLhhZF2bL_g1so>
Subject: Re: [Suit] Possible additional considerations for Suit
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Nov 2017 08:16:15 -0000

This is a multi-part message in MIME format.
--------------5BCBBF4E863723E4F41D75AB
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit



On 11/13/2017 03:15 PM, Dr. Pala wrote:
>
> Hi all,
>
> after reading the material for the meeting, few high-level 
> considerations popped into my mind that I think it might be useful to 
> raise early. Here's the laundry list:
>
>   * *Device Credentials for Firmware Access.* It seems that an
>     alternative to per-device encryption is the possibility of
>     allowing only authenticated devices to access/download/retrieve
>     the firmware itself (This requires a transport protocol that would
>     support the use of device-provided credentials)
>
>   * *IP vs. non-IP Devices.* I wonder if some special considerations
>     shall be given for IP vs. non-IP devices that might still be
>     targeted for data extraction via device gateways.
>

If transport is out of scope, distinction between IP vs non-IP is not 
possible.  Of course it might be possible to profile different 
mechanisms that work over one or both of these.

>
>   * *Firmware and Deployment.* How to allow for separation of device
>     manufacturer firmware validation and deployment enabling in
>     selected environments (i.e., another way to target the deployment
>     of the firmware). For example, environments where deployment of
>     the update(s) could be controlled by a third party (e.g., network
>     operator). How to address that ?
>
>   * *Public Crypto.* Is there any interest in providing any special
>     considerations for devices that have support for public crypto
>     (e.g., small crypto accelerators - ECDSA-P256/SHA256)? The
>     availability of small crypto chip that allow for secure storage
>     and off-chip crypto ops might benefit from special
>     treatment/considerations... ?
>

Why do you stop at ECDSA?  What of ED25519?  We can get smaller with 
that.  Is it the job of SUIT to specify this?  I feel it might be an 
barrier to progress rather than a help.


>
>   * *Trust Anchor Management.* Key management is a hard problem, but
>     Trust Anchor management is often ignored or left to the
>     application/device manufacturer. Should the group also provide
>     guidance about how to handle TAs and their updates? For example,
>     in the case where TLS is used for authentication of the source,
>     what is the relationship between the certificate used on the
>     server and the firmware development?
>
> Last comment, personally I think that the proposed approaches might 
> all provide a piece of the puzzle (authenticated manifest, signed 
> firmware, encryption, per-device encryption, and TLS). From the 
> experience I have with device manufacturers, the lack of experience on 
> their part (in many cases) needs to be addressed by keeping the 
> complexity of implementation, deployment, and long-term 
> management/support to a minimum.
>
> Just my 2 cents...
>
> Looking forward to the Bof discussion :-D
>
> Cheers,
> Max
>
> -- 
> Best Regards,
> Massimiliano Pala, Ph.D.
> OpenCA Labs Director
> OpenCA Logo
>
>
> _______________________________________________
> Suit mailing list
> Suit@ietf.org
> https://www.ietf.org/mailman/listinfo/suit


--------------5BCBBF4E863723E4F41D75AB
Content-Type: multipart/related;
 boundary="------------57E41E1C56B9A138E924DE37"


--------------57E41E1C56B9A138E924DE37
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 8bit

<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <p><br>
    </p>
    <br>
    <div class="moz-cite-prefix">On 11/13/2017 03:15 PM, Dr. Pala wrote:<br>
    </div>
    <blockquote type="cite"
      cite="mid:cac69656-c20b-f385-97e7-44e0a3ba1ca2@openca.org">
      <meta http-equiv="content-type" content="text/html; charset=utf-8">
      <p>Hi all,</p>
      <p>after reading the material for the meeting, few high-level
        considerations popped into my mind that I think it might be
        useful to raise early. Here's the laundry list:</p>
      <ul>
        <li><b>Device Credentials for Firmware Access.</b> It seems that
          an alternative to per-device encryption is the possibility of
          allowing only authenticated devices to
          access/download/retrieve the firmware itself (This requires a
          transport protocol that would support the use of
          device-provided credentials)<br>
          <br>
        </li>
        <li><b>IP vs. non-IP Devices.</b> I wonder if some special
          considerations shall be given for IP vs. non-IP devices that
          might still be targeted for data extraction via device
          gateways.<br>
        </li>
      </ul>
    </blockquote>
    <br>
    If transport is out of scope, distinction between IP vs non-IP is
    not possible.  Of course it might be possible to profile different
    mechanisms that work over one or both of these.<br>
    <br>
    <blockquote type="cite"
      cite="mid:cac69656-c20b-f385-97e7-44e0a3ba1ca2@openca.org"><br>
      <ul>
        <li><b>Firmware and Deployment.</b> How to allow for separation
          of device manufacturer firmware validation and deployment
          enabling in selected environments (i.e., another way to target
          the deployment of the firmware). For example, environments
          where deployment of the update(s) could be controlled by a
          third party (e.g., network operator). How to address that ?<br>
          <br>
        </li>
        <li><b>Public Crypto.</b> Is there any interest in providing any
          special considerations for devices that have support for
          public crypto (e.g., small crypto accelerators -
          ECDSA-P256/SHA256)? The availability of small crypto chip that
          allow for secure storage and off-chip crypto ops might benefit
          from special treatment/considerations... ?<br>
        </li>
      </ul>
    </blockquote>
    <br>
    Why do you stop at ECDSA?  What of ED25519?  We can get smaller with
    that.  Is it the job of SUIT to specify this?  I feel it might be an
    barrier to progress rather than a help.<br>
    <br>
    <br>
    <blockquote type="cite"
      cite="mid:cac69656-c20b-f385-97e7-44e0a3ba1ca2@openca.org"><br>
      <ul>
        <li><b>Trust Anchor Management.</b> Key management is a hard
          problem, but Trust Anchor management is often ignored or left
          to the application/device manufacturer. Should the group also
          provide guidance about how to handle TAs and their updates?
          For example, in the case where TLS is used for authentication
          of the source, what is the relationship between the
          certificate used on the server and the firmware development?</li>
      </ul>
      <p>Last comment, personally I think that the proposed approaches
        might all provide a piece of the puzzle (authenticated manifest,
        signed firmware, encryption, per-device encryption, and TLS).
        From the experience I have with device manufacturers, the lack
        of experience on their part (in many cases) needs to be
        addressed by keeping the complexity of implementation,
        deployment, and long-term management/support to a minimum.</p>
      <p>Just my 2 cents...</p>
      <p>Looking forward to the Bof discussion :-D<br>
      </p>
      <p>Cheers,<br>
        Max<br>
      </p>
      <div class="moz-signature">-- <br>
        <div style="color: black; margin-top: 10px;"> Best Regards,
          <div style="margin-top: 5px; margin-left: 0px; "> Massimiliano
            Pala, Ph.D.<br>
            OpenCA Labs Director<br>
          </div>
          <img src="cid:part1.3E606800.703DF833@htt-consult.com"
            style="vertical-align: 0px; margin-top: 10px; margin-left:
            0px;" alt="OpenCA Logo" class=""><br>
        </div>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
Suit mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Suit@ietf.org">Suit@ietf.org</a>
<a class="moz-txt-link-freetext" href="https://www.ietf.org/mailman/listinfo/suit">https://www.ietf.org/mailman/listinfo/suit</a>
</pre>
    </blockquote>
    <br>
  </body>
</html>

--------------57E41E1C56B9A138E924DE37
Content-Type: image/png;
 name="aljnkjegaopjbleo.png"
Content-Transfer-Encoding: base64
Content-ID: <part1.3E606800.703DF833@htt-consult.com>
Content-Disposition: inline;
 filename="aljnkjegaopjbleo.png"

iVBORw0KGgoAAAANSUhEUgAAAGQAAAA2CAMAAAAGesyaAAADAFBMVEUsJiEAAQAKAwMABwoX
BwESCQAqDgEkEQItFQESGykaGh0WGyE1FwE9GwJHHwElJiY4JBQmKDE1KCAfLUQ8KygoMEAq
MjpXKgs/MilMMR0pOFEyOUo4OTo1OkRqMgpjOBlpNxUwQV1DPz48QExdOyM4QVV+OQRRQzo1
SGdDR0lDSFJfRDFASVyaPwF+RRpNT1I9UXlwSi8+UnNDUm6hQgCPRhBdUEZTUlBKVGlPVF27
PgCaSANtUT57VBerSQOMUgxHW4KMUiepTwmJVDh6WT6KVjGCWDpRYH21TwFiYF57YgJXYXae
VR+lVRZrYld1ZiB7YEuSYQBgZW+8VAlkZWjBVQCfXiqqXwG1WhPLVgedYDazXiDZVgCWZEDV
WQJ1blapYjbXWgDRXACMaU6WbgCiZjnIXw9mcIixZC6pZjJ/cUeLbFdycmZ4cGnnWwNwc3Wq
aS6BcGeobwndXwzkXwLgYgDaYwyMeCq/bQHJaBi9ajDMagWVegvRZxzVaAvXaQDLainqZAuv
cEPrZQDQaSyockrFbSvmZwnabQLvZwDpaQB0fpPkaxGld1d+f3/3aACfeV6RfG2JfnLebSF7
gYy2fQmugQCigxW8d0K3eEr1bQXaciTicRqKgnzNewHuchbUdzKYiDzrdwKah1erjAvOfEXl
eSq5g1qYjGikiHO2kADigwC2hmSZjIGGj6aHkJzQiwCximixim/EkAORkZGVkYrOh0rPiVL5
giTvhDKkk4LMjF23mR+zmTrhikrviDzsi0TAlHDCnwvKlGqpnJLdlF2boKy+m324nImkoZ+e
o6XKpgrloATwl1WypZPOn3zfqQjYrgLBrVDdo3nGq5mysa/SrI7dq4bqqXTOrpWttL+6s6uw
tbe/t4rhvALetpjQuqnuwwe9v8LAv7vauqD3xA68w9XBw83rvJfRwbXFyMvbxbPNyMP8zgTc
zMDr0mb91xLM1ODQ1NfS1c7p0sD70bPd19PX4qj83cje4+Xr4tv54NLp7/Hy9PHw9fj6/v3Y
ktvJAAAAAXRSTlMAQObYZgAAAAFiS0dEAIgFHUgAAAjrSURBVFjDtVcNWFPXGT6E+l9BZ0EF
sTKEIQaUAIrTZdYqxqG0I3UjIuiDM0ipoyO5l0rFh2PE472EoIJKL9hQV2OxqM+USgFL4r9g
EaIoQxgqKBZBR+nGGhXYdwNro0Kfkcp3ntzce/7e8/2e70PoJVDl3bMlZyurUSsaKnqESrMp
lYrByozCjUOEUZORodMRVsViTjJc8GbLUGCUUstLv1SyLCGch8DGRiDPe/kY5/2HCQQTxZEE
y4fb2gDI8KjjLxsjfyyc3lZgM3KixwgeY4TEzk7+kjHODbeb6u0xAhiw8XgFMOxolpP6J75U
jLZfp6dzHIcBYCQbIBB4sCxDOLK6eMAVT39it57+e09ysCnDUtnrJ0vS5ZMW0PBFWDbd40G/
85sH2KeXvj94u/flX8/2J6kYQkhkHbzWbkdH0N0UDN8sURS8uMd9dMzPL7BxIIjOayuWLBIf
70RPUPjxLouBEgVhMaYuWXQlMjwsN+eFTR4cDZ4werRDYOoAIFkrptm/Ni0gthOt9Q4yWQxc
AwyWTbacW0sTDGoJen4P002/2S7LjgV6BpY1N6OO5g5eeiZTY/P9b1FzRwfKWuk9p/72ct+N
puKpq32qLVaexOCCJB91aezt5y6zt7fXILSdJZjlVr1w0mCR66x6FL3QOXiUQ2a0k/sFlDlq
1LzUMQ4uxxycjl0LWO1bBsY6yXR3wSTJGxqLhdsJHDsS9cwF47XlvcQGQiXhRbih/HkQv4XO
cajZb6GDu7PTFEdPkVu0k4vQyd3Jc/SUwNnB+RJ/XsI9ptZDIxMly3dbLNwGnGBJF+Id3cZM
9ui8Gjq5P/TDiRCegbOFgSKRo5e7yNHV2dnPdVb0bHfHQCevNIV/rxqrX48oFQdYcpKMtYRb
juxtfqRypNACK28+j3FsqcilAD0ADuIWCt0yRa7zRNEOY2YELhW5CV2dXVKixH8BC+s8GDN9
wWKxf94zpsRiJuWmBYjgndsKFmu5Bc+D3HQXCcu7QTFTMl3HF0SLxruLvGa4zUqdMGFWqqfX
3GSxN0y6NT154i+v75zvH2thXiWgY2YVElhwYl9NYxarlr0grlQn92DQt1vBUk+nUFeHGZme
gUIvl1RXr1AnV/fx6zd4v3HptM/YaXbrzmYFePu2WpowYRlJo+2PGLb2d9WE5bw1L4DcnOco
9HIcH3o02HOecMqMJhQqdLPXpArHl2uEo+Na8qZPXxw0+bVx46bFzhw3eZylM2dgwkbWW3Iy
Jp9lMDe9H2/raiqPCy5/fHSCu+M7mkffoQuzQhvRhWVlj1FcWTfq6dwdElJmarxedr/u3P6C
Nn7Fk95ol8wRjIMsOLGJSwLm/OMGjlFHJ7hqelDuxdMlpbU16JvqlJTamivoBjrfUgNB69zf
b6Fr1TWPKmtOw9xCdLayEFWvBlaSfmEBsk6LSdTMNnQaldTe7Qfj20yveddR2toVEevCi9/f
fmntR7ErtvompmyICM9qyYpZsG3FhqwNYRH5KUtyW7eGRRxfH1OHDv0ZXH6ihbSyVYzSY3Fu
BkVR9LaS2wPxUxyTFpu2eGverr+dezvi0ttpOy/tTKlL2ZkWs6p4VV1Kyq60nevS8iLyi1tW
hfNWzMfhYT+ArAQ+5odRBENjlRW5F/vH6O7u7urpXtvR/bQbmX/dPd3w7Ok+2Ij4ry5o0N/d
Y1p7qA21FodhFRc1ctjIsXZ2Y18VcwCixNgcWlgVbUiue3b3J33te7497vv/oT1Bj5/7br1R
grYlfrReSqmwPDyK0GqOUHKWj/RwP0J0ZlmsK3o2HP+7Qt9HBr3BYH5aNL3FG/+ul8sjKcxH
dRJFGJkhfKxgmM2rUoaSg5h4GAwXJsF00dRGq+/21k2EF7o50oNswrNfsYUQKRBIZWIFh3lu
aLNe1F++bjXGyWyzZiGoYFYLx5Ys4v0R3GWRdBHNErBiSiqVRhHMyeaYrMQ4SENWCvEcfhCm
GIzpqKlm27KTSWUcAX1goBw5oATctDb33aLTYV5SWoaXP5+gyqlFdnZ23nB+plcnREv0RWJC
BVkrrBJ1BewMmlVpgRUQF7wpItMJTcsJ34GBRVaFdQZaqoqxFmSb3qDQgu1A2GI4YAnODkQY
IOhklDKzo2C1IV2sijzdhjorqwefNdL6ihxzegU7SynexHgBMXy+xWFG8qvdf91D8WpRi41q
KFl02YaswYNkULTeLC9CFFK4bDHDMmZbhnuXSOdAsnN1LxgfVu7ZvG8LpSJUlO/gnaWQFwYv
JpZeKdUaSC8ApuhIShYQYp5yWQ0oPgVXPtkcHz/fx5rqqzosHSSlBYHIxKSolJcUsIIpnzkh
mt4b7Z/tOzBRQWaA6uNCNdet0nxLkL8CgzeQKIlCXaHjXR9MlqQn9Y1fNd5RE0zF/ryKwVR/
JMnsI3S8Umcw6NRYxRuUKqk3lfnKeGcTySAx5hy+7WfgZOv4uLLl0w8wUah71QLBpJeXq/eM
VVivV8jz6lB2ofWF6i1dEYRZfMJ4piE+ZweNeb7A2VVyKEx6vjt1z/ghMehVKiUpyt1VYBXC
N6j0Q4Mazp7TvvndhIaGhqqvP1bwFk0YRYR5RoLR+PkWmlIpV/oEDQ6jB9Wc3Z6bm6zLTtLl
gLC4LVWXz5Q1ffbV5oZ24wmsV/NeKTlirmg+u/q7w7/38PDdeKF8UBgXs2kV4WUC0YR/KOLv
Pby3L5O30yvG9vY/6vX8JSbb2je96coXX5QPznqfokKKEPWBAwd20ApaTWsP7LnTfsd42at3
+B+H7+zRUfwZZMutN6baHCX5+Ou9Zy4f3nuiKr7KaHxoNDbsSwhp6htvfyg3Zw901G+ttVlT
Ja34/E+fvrXmvY3713xy6tSZfadOJby7X1P/vwn/MeaYr0mF7IMEq690Gu95KwQq5L5K+f59
qGUtaZMSciHMKjdVbY6zFqRC/pv3LgxY5tcW0pjIpGGJ7+89kxBnbXZSmjuz7CeyihyG8fbd
XXYdrWlqQg+sZWTdzPqBB68VEdnkzDY0lHSjSD9/GRpaMt3OWqLpQENOTf/PpP8CK9ZVVe2a
8XoAAAAASUVORK5CYII=
--------------57E41E1C56B9A138E924DE37--

--------------5BCBBF4E863723E4F41D75AB--


From nobody Mon Nov 13 00:43:30 2017
Return-Path: <madwolf@openca.org>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6EEE912940F for <suit@ietfa.amsl.com>; Mon, 13 Nov 2017 00:43:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.89
X-Spam-Level: 
X-Spam-Status: No, score=-1.89 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_HK_NAME_DR=0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9q6dQR4XdX0A for <suit@ietfa.amsl.com>; Mon, 13 Nov 2017 00:43:27 -0800 (PST)
Received: from mail.katezarealty.com (mail.katezarealty.com [104.168.158.213]) by ietfa.amsl.com (Postfix) with ESMTP id 8AFBF129400 for <suit@ietf.org>; Mon, 13 Nov 2017 00:43:27 -0800 (PST)
Received: from localhost (unknown [127.0.0.1]) by mail.katezarealty.com (Postfix) with ESMTP id 441AB3740F6E for <suit@ietf.org>; Mon, 13 Nov 2017 08:43:27 +0000 (UTC)
X-Virus-Scanned: amavisd-new at katezarealty.com
Received: from mail.katezarealty.com ([127.0.0.1]) by localhost (mail.katezarealty.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 8NC56YLu6oLB for <suit@ietf.org>; Mon, 13 Nov 2017 03:43:26 -0500 (EST)
Received: from dhcp-8b1d.meeting.ietf.org (dhcp-8b1d.meeting.ietf.org [31.133.139.29]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.katezarealty.com (Postfix) with ESMTPSA id E9DF1374083D for <suit@ietf.org>; Mon, 13 Nov 2017 03:43:25 -0500 (EST)
To: suit@ietf.org
References: <cac69656-c20b-f385-97e7-44e0a3ba1ca2@openca.org> <52399064-8b8c-c407-31c7-32134b966855@htt-consult.com>
From: "Dr. Pala" <madwolf@openca.org>
Message-ID: <219e4717-6f72-c6de-a721-89ac3faff7bc@openca.org>
Date: Mon, 13 Nov 2017 16:43:24 +0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <52399064-8b8c-c407-31c7-32134b966855@htt-consult.com>
Content-Type: multipart/alternative; boundary="------------E01F7674813B1530C486161B"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/3yh4NWSdO4vC-n2T0v-pah_S0WA>
Subject: Re: [Suit] Possible additional considerations for Suit
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Nov 2017 08:43:29 -0000

This is a multi-part message in MIME format.
--------------E01F7674813B1530C486161B
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit

Hi Robert, all,


On 11/13/17 4:15 PM, Robert Moskowitz wrote:
> [...]
>>
>>   * *IP vs. non-IP Devices.* I wonder if some special considerations
>>     shall be given for IP vs. non-IP devices that might still be
>>     targeted for data extraction via device gateways.
>>
> If transport is out of scope, distinction between IP vs non-IP is not 
> possible.  Of course it might be possible to profile different 
> mechanisms that work over one or both of these.
I had a different interpretation of the charter textl. In particular, I 
thought that although the WG would NOT define a new transport protocol, 
it might adopt existing ones (e.g., TLS) since it is listed as one of 
the component of the "firmware update solution."

This bullet point was meant to highlight that if specifying one or more 
transport protocol(s) and how they can be used for firmware updates is 
in scope, then we should be mindful of non-IP devices and how they 
should interact with the proposed protocol (e.g., via gateway devices).
> [...]
>>
>>   * *Public Crypto.* Is there any interest in providing any special
>>     considerations for devices that have support for public crypto
>>     (e.g., small crypto accelerators - ECDSA-P256/SHA256)? The
>>     availability of small crypto chip that allow for secure storage
>>     and off-chip crypto ops might benefit from special
>>     treatment/considerations... ?
>>
>
> Why do you stop at ECDSA?  What of ED25519?  We can get smaller with 
> that.  Is it the job of SUIT to specify this?  I feel it might be an 
> barrier to progress rather than a help.
The algorithms were provided just as an example as this is, currently, 
the industry standard for small IoT cryptography (both on devices and 
cloud providers' services). Personally, I think that the WG should 
provide guidance about what and how to use as algorithms.

IMHO, providing complete and easy-to-follow solutions is paramount to 
increase the chances of a wide-spread adoption of the standard(s).

Cheers,
Max



--------------E01F7674813B1530C486161B
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 8bit

<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <p>Hi Robert, all,<br>
    </p>
    <br>
    <div class="moz-cite-prefix">On 11/13/17 4:15 PM, Robert Moskowitz
      wrote:<br>
    </div>
    <blockquote type="cite"
      cite="mid:52399064-8b8c-c407-31c7-32134b966855@htt-consult.com">
      <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
      [...]
      <blockquote type="cite"
        cite="mid:cac69656-c20b-f385-97e7-44e0a3ba1ca2@openca.org">
        <ul>
          <li><b>IP vs. non-IP Devices.</b> I wonder if some special
            considerations shall be given for IP vs. non-IP devices that
            might still be targeted for data extraction via device
            gateways.<br>
          </li>
        </ul>
      </blockquote>
      If transport is out of scope, distinction between IP vs non-IP is
      not possible.  Of course it might be possible to profile different
      mechanisms that work over one or both of these.<br>
    </blockquote>
    I had a different interpretation of the charter textl. In
    particular, I thought that although the WG would NOT define a new
    transport protocol, it might adopt existing ones (e.g., TLS) since
    it is listed as one of the component of the "firmware update
    solution." <br>
    <br>
    This bullet point was meant to highlight that if specifying one or
    more transport protocol(s) and how they can be used for firmware
    updates is in scope, then we should be mindful of non-IP devices and
    how they should interact with the proposed protocol (e.g., via
    gateway devices).<br>
    <blockquote type="cite"
      cite="mid:52399064-8b8c-c407-31c7-32134b966855@htt-consult.com">[...]
      <blockquote type="cite"
        cite="mid:cac69656-c20b-f385-97e7-44e0a3ba1ca2@openca.org">
        <ul>
          <li><b>Public Crypto.</b> Is there any interest in providing
            any special considerations for devices that have support for
            public crypto (e.g., small crypto accelerators -
            ECDSA-P256/SHA256)? The availability of small crypto chip
            that allow for secure storage and off-chip crypto ops might
            benefit from special treatment/considerations... ?<br>
          </li>
        </ul>
      </blockquote>
      <br>
      Why do you stop at ECDSA?  What of ED25519?  We can get smaller
      with that.  Is it the job of SUIT to specify this?  I feel it
      might be an barrier to progress rather than a help.<br>
    </blockquote>
    The algorithms were provided just as an example as this is,
    currently, the industry standard for small IoT cryptography (both on
    devices and cloud providers' services). Personally, I think that the
    WG should provide guidance about what and how to use as algorithms.
    <br>
    <br>
    IMHO, providing complete and easy-to-follow solutions is paramount
    to increase the chances of a wide-spread adoption of the
    standard(s).<br>
    <br>
    Cheers,<br>
    Max<br>
    <br>
    <br>
  </body>
</html>

--------------E01F7674813B1530C486161B--


From nobody Mon Nov 13 00:52:57 2017
Return-Path: <rgm-sec@htt-consult.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DCED2126B6E for <suit@ietfa.amsl.com>; Mon, 13 Nov 2017 00:52:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.75
X-Spam-Level: 
X-Spam-Status: No, score=-2.75 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_BRBL_LASTEXT=1.449, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rz2EdVwROquT for <suit@ietfa.amsl.com>; Mon, 13 Nov 2017 00:52:54 -0800 (PST)
Received: from z9m9z.htt-consult.com (z9m9z.htt-consult.com [50.253.254.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5F521126DED for <suit@ietf.org>; Mon, 13 Nov 2017 00:52:54 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by z9m9z.htt-consult.com (Postfix) with ESMTP id DC00F621A2; Mon, 13 Nov 2017 03:52:52 -0500 (EST)
X-Virus-Scanned: amavisd-new at htt-consult.com
Received: from z9m9z.htt-consult.com ([127.0.0.1]) by localhost (z9m9z.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id ZJWNwgeW3d37; Mon, 13 Nov 2017 03:52:41 -0500 (EST)
Received: from lx120e.htt-consult.com (dhcp-80f0.meeting.ietf.org [31.133.128.240]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by z9m9z.htt-consult.com (Postfix) with ESMTPSA id B21176081A; Mon, 13 Nov 2017 03:52:37 -0500 (EST)
To: "Dr. Pala" <madwolf@openca.org>, suit@ietf.org
References: <cac69656-c20b-f385-97e7-44e0a3ba1ca2@openca.org> <52399064-8b8c-c407-31c7-32134b966855@htt-consult.com> <219e4717-6f72-c6de-a721-89ac3faff7bc@openca.org>
From: Robert Moskowitz <rgm-sec@htt-consult.com>
Message-ID: <9169e469-9f0b-cdc8-5382-6420f775ff3e@htt-consult.com>
Date: Mon, 13 Nov 2017 16:52:31 +0800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1
MIME-Version: 1.0
In-Reply-To: <219e4717-6f72-c6de-a721-89ac3faff7bc@openca.org>
Content-Type: multipart/alternative; boundary="------------75C27F8FDCC9272429488EB2"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/PiPo3wfiRWG3jF4wG2R3Fss-XXQ>
Subject: Re: [Suit] Possible additional considerations for Suit
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Nov 2017 08:52:56 -0000

This is a multi-part message in MIME format.
--------------75C27F8FDCC9272429488EB2
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit



On 11/13/2017 04:43 PM, Dr. Pala wrote:
>
> Hi Robert, all,
>
>
> On 11/13/17 4:15 PM, Robert Moskowitz wrote:
>> [...]
>>>
>>>   * *IP vs. non-IP Devices.* I wonder if some special considerations
>>>     shall be given for IP vs. non-IP devices that might still be
>>>     targeted for data extraction via device gateways.
>>>
>> If transport is out of scope, distinction between IP vs non-IP is not 
>> possible.  Of course it might be possible to profile different 
>> mechanisms that work over one or both of these.
> I had a different interpretation of the charter textl. In particular, 
> I thought that although the WG would NOT define a new transport 
> protocol, it might adopt existing ones (e.g., TLS) since it is listed 
> as one of the component of the "firmware update solution."
>
> This bullet point was meant to highlight that if specifying one or 
> more transport protocol(s) and how they can be used for firmware 
> updates is in scope, then we should be mindful of non-IP devices and 
> how they should interact with the proposed protocol (e.g., via gateway 
> devices).

Think CAN-FD devices.  Of course automotive has their own firmware 
update standards.

I also think a lot about devices that are on PHYs that do not/can not 
support IP.

But then it is hard for the IETF to talk about non-IP communicating devices!

>> [...]
>>>
>>>   * *Public Crypto.* Is there any interest in providing any special
>>>     considerations for devices that have support for public crypto
>>>     (e.g., small crypto accelerators - ECDSA-P256/SHA256)? The
>>>     availability of small crypto chip that allow for secure storage
>>>     and off-chip crypto ops might benefit from special
>>>     treatment/considerations... ?
>>>
>>
>> Why do you stop at ECDSA?  What of ED25519?  We can get smaller with 
>> that.  Is it the job of SUIT to specify this?  I feel it might be an 
>> barrier to progress rather than a help.
> The algorithms were provided just as an example as this is, currently, 
> the industry standard for small IoT cryptography (both on devices and 
> cloud providers' services). Personally, I think that the WG should 
> provide guidance about what and how to use as algorithms.
>
> IMHO, providing complete and easy-to-follow solutions is paramount to 
> increase the chances of a wide-spread adoption of the standard(s).
>
> Cheers,
> Max
>
>
>
>
> _______________________________________________
> Suit mailing list
> Suit@ietf.org
> https://www.ietf.org/mailman/listinfo/suit


--------------75C27F8FDCC9272429488EB2
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 8bit

<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <p><br>
    </p>
    <br>
    <div class="moz-cite-prefix">On 11/13/2017 04:43 PM, Dr. Pala wrote:<br>
    </div>
    <blockquote type="cite"
      cite="mid:219e4717-6f72-c6de-a721-89ac3faff7bc@openca.org">
      <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
      <p>Hi Robert, all,<br>
      </p>
      <br>
      <div class="moz-cite-prefix">On 11/13/17 4:15 PM, Robert Moskowitz
        wrote:<br>
      </div>
      <blockquote type="cite"
        cite="mid:52399064-8b8c-c407-31c7-32134b966855@htt-consult.com">
        <meta http-equiv="Content-Type" content="text/html;
          charset=utf-8">
        [...]
        <blockquote type="cite"
          cite="mid:cac69656-c20b-f385-97e7-44e0a3ba1ca2@openca.org">
          <ul>
            <li><b>IP vs. non-IP Devices.</b> I wonder if some special
              considerations shall be given for IP vs. non-IP devices
              that might still be targeted for data extraction via
              device gateways.<br>
            </li>
          </ul>
        </blockquote>
        If transport is out of scope, distinction between IP vs non-IP
        is not possible.  Of course it might be possible to profile
        different mechanisms that work over one or both of these.<br>
      </blockquote>
      I had a different interpretation of the charter textl. In
      particular, I thought that although the WG would NOT define a new
      transport protocol, it might adopt existing ones (e.g., TLS) since
      it is listed as one of the component of the "firmware update
      solution." <br>
      <br>
      This bullet point was meant to highlight that if specifying one or
      more transport protocol(s) and how they can be used for firmware
      updates is in scope, then we should be mindful of non-IP devices
      and how they should interact with the proposed protocol (e.g., via
      gateway devices).<br>
    </blockquote>
    <br>
    Think CAN-FD devices.  Of course automotive has their own firmware
    update standards.<br>
    <br>
    I also think a lot about devices that are on PHYs that do not/can
    not support IP.<br>
    <br>
    But then it is hard for the IETF to talk about non-IP communicating
    devices!<br>
    <br>
    <blockquote type="cite"
      cite="mid:219e4717-6f72-c6de-a721-89ac3faff7bc@openca.org">
      <blockquote type="cite"
        cite="mid:52399064-8b8c-c407-31c7-32134b966855@htt-consult.com">[...]
        <blockquote type="cite"
          cite="mid:cac69656-c20b-f385-97e7-44e0a3ba1ca2@openca.org">
          <ul>
            <li><b>Public Crypto.</b> Is there any interest in providing
              any special considerations for devices that have support
              for public crypto (e.g., small crypto accelerators -
              ECDSA-P256/SHA256)? The availability of small crypto chip
              that allow for secure storage and off-chip crypto ops
              might benefit from special treatment/considerations... ?<br>
            </li>
          </ul>
        </blockquote>
        <br>
        Why do you stop at ECDSA?  What of ED25519?  We can get smaller
        with that.  Is it the job of SUIT to specify this?  I feel it
        might be an barrier to progress rather than a help.<br>
      </blockquote>
      The algorithms were provided just as an example as this is,
      currently, the industry standard for small IoT cryptography (both
      on devices and cloud providers' services). Personally, I think
      that the WG should provide guidance about what and how to use as
      algorithms. <br>
      <br>
      IMHO, providing complete and easy-to-follow solutions is paramount
      to increase the chances of a wide-spread adoption of the
      standard(s).<br>
      <br>
      Cheers,<br>
      Max<br>
      <br>
      <br>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
Suit mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Suit@ietf.org">Suit@ietf.org</a>
<a class="moz-txt-link-freetext" href="https://www.ietf.org/mailman/listinfo/suit">https://www.ietf.org/mailman/listinfo/suit</a>
</pre>
    </blockquote>
    <br>
  </body>
</html>

--------------75C27F8FDCC9272429488EB2--


From nobody Mon Nov 13 01:05:30 2017
Return-Path: <eckert@i4.informatik.uni-erlangen.de>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AE1F8126CC4 for <suit@ietfa.amsl.com>; Mon, 13 Nov 2017 01:05:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level: 
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id romVEVHLt5t0 for <suit@ietfa.amsl.com>; Mon, 13 Nov 2017 01:05:27 -0800 (PST)
Received: from faui40.informatik.uni-erlangen.de (faui40.informatik.uni-erlangen.de [131.188.34.40]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6E98312950B for <suit@ietf.org>; Mon, 13 Nov 2017 01:05:27 -0800 (PST)
Received: from faui40p.informatik.uni-erlangen.de (faui40p.informatik.uni-erlangen.de [131.188.34.77]) by faui40.informatik.uni-erlangen.de (Postfix) with ESMTP id 784BD58C502 for <suit@ietf.org>; Mon, 13 Nov 2017 10:05:22 +0100 (CET)
Received: by faui40p.informatik.uni-erlangen.de (Postfix, from userid 10463) id 65F16B0D16A; Mon, 13 Nov 2017 10:05:22 +0100 (CET)
Date: Mon, 13 Nov 2017 10:05:22 +0100
From: Toerless Eckert <tte@cs.fau.de>
To: suit@ietf.org
Message-ID: <20171113090522.GZ19390@faui40p.informatik.uni-erlangen.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/Y5Qp9GzTdgn9UH-5ZlAHuRL3kd8>
Subject: [Suit] suit charter points
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Nov 2017 09:05:28 -0000

To repeat my comments on the mike in the BOF:

1. I would like to make sure that the charter allows for the following two points to
be defined into the architecture mentioned by the charter, even if not
all devices may be able to support them. IMHO these are mandatory for really
reliable firmware upgrade and it would be a wasted opportunity to do all this work
and yet only produce results for devices thart will not provide real reliable
ugprade solutions.

a) Ability for automatic downgrade, eg: automatic unless some external verification of
correct operation of the new firmware has succeeded. Ideally, verification of
the new firmware is trial-run download of yet another firmware image or the
like.. 

b) ability to query the device for capabilities thart will allow to understand
what firmware/signing/etc of a firmware will be accepted by the device.

2. Wrt to "new" components: Instead of saying "charter does not allow new work XXX"
(XXX = transport, serialization etc..). A better rule would be not do something new unless
evaluation shows that new work is required especially because of footprint of existing
solutions being too large for class 1 devices.

Toerless


From nobody Mon Nov 13 01:10:29 2017
Return-Path: <jari.arkko@piuha.net>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E447129483 for <suit@ietfa.amsl.com>; Mon, 13 Nov 2017 01:10:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m5qbgEK6O30V for <suit@ietfa.amsl.com>; Mon, 13 Nov 2017 01:10:26 -0800 (PST)
Received: from p130.piuha.net (p130.piuha.net [IPv6:2001:14b8:1829::130]) by ietfa.amsl.com (Postfix) with ESMTP id C87B51294E6 for <suit@ietf.org>; Mon, 13 Nov 2017 01:10:25 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by p130.piuha.net (Postfix) with ESMTP id B9EA12CE21 for <suit@ietf.org>; Mon, 13 Nov 2017 11:10:24 +0200 (EET) (envelope-from jari.arkko@piuha.net)
X-Virus-Scanned: amavisd-new at piuha.net
Received: from p130.piuha.net ([127.0.0.1]) by localhost (p130.piuha.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BnY2azPIdq5V for <suit@ietf.org>; Mon, 13 Nov 2017 11:10:22 +0200 (EET)
Received: from [127.0.0.1] (p130.piuha.net [IPv6:2001:14b8:1829::130]) by p130.piuha.net (Postfix) with ESMTPS id 2ADAA2CD11 for <suit@ietf.org>; Mon, 13 Nov 2017 11:10:21 +0200 (EET) (envelope-from jari.arkko@piuha.net)
From: Jari Arkko <jari.arkko@piuha.net>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Message-Id: <D8B09F1B-81EB-4780-9039-5194C6FA4621@piuha.net>
Date: Mon, 13 Nov 2017 17:10:19 +0800
To: suit@ietf.org
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/wBSK-xD5hRIHZQlcTVNOR3bkZFw>
Subject: [Suit] Follow-up re: my comment on charter and software sources and permissions
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Nov 2017 09:10:28 -0000

The meeting is running out of time.=20

But I wanted to followup to the discussion relating to my comment on the =
mic.

Hannes had responded by saying that we cannot specify who the potential =
sources are.

That wasn=E2=80=99t what I suggested or said. I would like the charter =
to say that there=E2=80=99s sufficient expressive power in the format to =
handle situations that go beyond the 1 source 1 permission case. The =
architecture draft already talks about this, although from a slightly =
different angle. The actual potential sources and styles of permissions =
are up to individual deployments. What we do in the IETF is =
capabilities, in formats and protocols and so on to enable individual =
deployments to express their situation with our tools. Obviously within =
some reasonable limits, given that we are talking about small, =
constrained devices.

I was thinking of something along the following lines:

"The format is expected to be expressive enough to allow the use of =
different software sources and permission models."

Jari


From nobody Mon Nov 13 01:57:54 2017
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC7CC12762F for <suit@ietfa.amsl.com>; Mon, 13 Nov 2017 01:57:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.899
X-Spam-Level: 
X-Spam-Status: No, score=-2.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=-1, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qSRaSwEehQ5d for <suit@ietfa.amsl.com>; Mon, 13 Nov 2017 01:57:50 -0800 (PST)
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-he1eur01on0070.outbound.protection.outlook.com [104.47.0.70]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A208A128B38 for <suit@ietf.org>; Mon, 13 Nov 2017 01:57:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=IaAuPsNtjaCEPlMY9iXJMtl7C0BB4tW79VbS2jeS0KY=; b=f1ZaTCeZ/56sPi3SY1jsfEbmLoL4teQbiJLOwWADg/o5aoA76d9uAVbC5YDNQr2qdP59/VlBtANjCDfaeVlzpwURJp54OS3vl/jn9QqfLqPp4apNERXCtCs0Yqu4VoGhw8ir4BVoTe051XnKiufQEJmrzqKPc++7F78kNyZM184=
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com (10.167.90.148) by AM4PR0801MB2708.eurprd08.prod.outlook.com (10.167.90.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.218.12; Mon, 13 Nov 2017 09:57:47 +0000
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::403b:850e:c32c:fad6]) by AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::403b:850e:c32c:fad6%13]) with mapi id 15.20.0218.011; Mon, 13 Nov 2017 09:57:46 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: "Dr. Pala" <director@openca.org>, "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] Question about draft-moran-suit-manifest-00.txt
Thread-Index: AQHTXFApItURWUU1KEq7pVapJwrIhKMSEjyA
Date: Mon, 13 Nov 2017 09:57:46 +0000
Message-ID: <AM4PR0801MB2706FE1F98DFBA3E21404C4DFA2B0@AM4PR0801MB2706.eurprd08.prod.outlook.com>
References: <6437dc89-4706-dcdd-3b7a-f073c44ccfdb@openca.org>
In-Reply-To: <6437dc89-4706-dcdd-3b7a-f073c44ccfdb@openca.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator: 
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com; 
x-originating-ip: [2001:67c:370:128:e02c:e7b5:e48f:f7c8]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM4PR0801MB2708; 6:i+EfzILADDraTAlKc01/tWtTBh4A5QMoNo2N76bqzeAgAqstVFZlZCDflH7PFg4Q3GfINImG2yzRiiqlPgivTivA4k1CXk0V9ZPqfSnlO+j8LUpXtsnx84OKibSUtILibpPwDGg8+SyRBUjMKqBHb76r6a4mgpPRkzQx5/qpF2atWKnyn5xpy9aSrabesa0SYJph43KY2nIpjX/O5y79Bxy93DPCp9rY/MvJdZAGftWyT1NjUawHF/hcCf1+1mh7WXzODtXxpXibkDeKBUwfebqGS1682NQ1erBztKz/k12CnPucY/X4j4W07wSLxBxyg6DPUzeUQ8M7pWa+e9O3+yS5IC/c39YgnHJfLRjxsI4=; 5:U8/1VyknPnRbLYzAIl3uc2jVuFHsBHbYT25GeZE/rXZsI2j8SdlhDJCtSe5ymU5ya5zVpmzUuV1tgYgvRr+6i5ay1R5dO9DfrrNT87nAbF/N4B/8SxwsUfthYx/aZttiVTg2XTHIJ4Yj7cH6fIFFXr7WPHXB8Cu7G8MJJQ2fDnc=; 24:+HZv7UjYXpNHJ/vBA2kdoRia8WKj/RxqNOkrOmc7XzvLTkXeuu+RVVlrQGxQXSwfEgBHi20yIlCj8ZIeGeiYLQ55XctXhruouj6SPXTKzWU=; 7:eYBeXrLE3B0tg4aMfkJ7ITauYqCVIa17pizxZWB1OfBmlCCUViED09NB9qVnJ+A5V3qTDzJcEXtFcEXSkNtlN2uBOPOme0qXjcHIp1cn0pNmGcCHyvpP60mGRkwAg9U6seyhhXHuX2iG1bdqSvJkKAYA9BSBMiHnJhTyoI97OM4i6qoZtwjshhFqscA8L2ikwDwq1LFTZ6f2q6k0bzQUxlHExfFYUyw/LXD5THsenEAAfn/JUi/CNyF7G+ZqL4k0
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: e23a8b45-d641-4747-bfd5-08d52a7cfde4
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603258)(49563074); SRVR:AM4PR0801MB2708; 
x-ms-traffictypediagnostic: AM4PR0801MB2708:
x-microsoft-antispam-prvs: <AM4PR0801MB2708679C11184300BB3C2713FA2B0@AM4PR0801MB2708.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(102415395)(6040450)(2401047)(5005006)(8121501046)(100000703101)(100105400095)(93006095)(93001095)(3231022)(10201501046)(3002001)(6055026)(6041248)(20161123560025)(20161123562025)(20161123555025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123558100)(20161123564025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:AM4PR0801MB2708; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:AM4PR0801MB2708; 
x-forefront-prvs: 0490BBA1F0
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(376002)(39860400002)(346002)(199003)(189002)(53754006)(40434004)(106356001)(105586002)(72206003)(25786009)(110136005)(53546010)(230783001)(8936002)(54556002)(9326002)(6246003)(53936002)(2501003)(9686003)(2900100001)(99286004)(14454004)(316002)(97736004)(5250100002)(5890100001)(478600001)(86362001)(3280700002)(68736007)(3660700001)(7736002)(101416001)(54356999)(6436002)(733005)(50986999)(74316002)(8676002)(33656002)(7696004)(6506006)(6116002)(790700001)(2906002)(102836003)(81166006)(81156014)(55016002)(54896002)(229853002)(2950100002)(76176999)(99936001)(5660300001)(6306002)(189998001); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR0801MB2708; H:AM4PR0801MB2706.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/related; boundary="_004_AM4PR0801MB2706FE1F98DFBA3E21404C4DFA2B0AM4PR0801MB2706_"; type="multipart/alternative"
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: e23a8b45-d641-4747-bfd5-08d52a7cfde4
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Nov 2017 09:57:46.5793 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0801MB2708
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/0cHif90_6XDOWrMlhdlZ-BK-P_g>
Subject: Re: [Suit] Question about draft-moran-suit-manifest-00.txt
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Nov 2017 09:57:53 -0000

--_004_AM4PR0801MB2706FE1F98DFBA3E21404C4DFA2B0AM4PR0801MB2706_
Content-Type: multipart/alternative;
	boundary="_000_AM4PR0801MB2706FE1F98DFBA3E21404C4DFA2B0AM4PR0801MB2706_"

--_000_AM4PR0801MB2706FE1F98DFBA3E21404C4DFA2B0AM4PR0801MB2706_
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64

SGkgTWF4LA0KDQpPdXIgaW5pdGlhbCBzdWJtaXNzaW9uIGRlc2NyaWJlZCB0aGUgaW1wbGVtZW50
YXRpb24gd2UgaGF2ZSB3aXRoIHRoZSBtYmVkIHVwZGF0ZSBzZXJ2aWNlLiBJdCB1c2VzIEFTTi4x
IGFuZCB3ZSBkZXNjcmliZWQgd2h5IHdlIHRob3VnaHQgdGhlIGNob2ljZSBvZiBBU04uMS4NCg0K
RnJvbSB0aGUgbWFpbGluZyBsaXN0IHdlIGxlYXJuZWQgdGhhdCB0aGUgY29vbCBraWQgaW4gdG93
biBpcyBub3cgQ09TRS9DQk9SLiBIZW5jZSwgd2UgaGF2ZSB0cmllZCB0byByZWZsZWN0IHRoaXMg
YXNwZWN0IGluIHRoZSBkZXNpZ24uIE9mIGNvdXJzZSwgdGhlIGN1cnJlbnQgdmVyc2lvbiBvZiB0
aGUgZG9jdW1lbnQgaXMgbm90IGlubGluZSB3aXRoIG91ciBpbXBsZW1lbnRhdGlvbiBhbnltb3Jl
Lg0KDQpXaGF0IGZvcm1hdChzKSB0aGUgZ3JvdXAgd2lsbCBzZWxlY3QgaW4gdGhlIGVuZCByZW1h
aW5zIHRvIGJlIHNlZW4uDQoNCkNpYW8NCkhhbm5lcw0KDQpGcm9tOiBTdWl0IFttYWlsdG86c3Vp
dC1ib3VuY2VzQGlldGYub3JnXSBPbiBCZWhhbGYgT2YgRHIuIFBhbGENClNlbnQ6IDEzIE5vdmVt
YmVyIDIwMTcgMTU6MjINClRvOiBzdWl0QGlldGYub3JnDQpTdWJqZWN0OiBbU3VpdF0gUXVlc3Rp
b24gYWJvdXQgZHJhZnQtbW9yYW4tc3VpdC1tYW5pZmVzdC0wMC50eHQNCg0KDQpIaSBhbGwsDQoN
CkkgcXVpY2tseSBza2ltbWVkIHRoZSBkcmFmdCBhbmQgSSBoYXZlIGEgcXVlc3Rpb24gZm9yIHRo
ZSBhdXRob3JzLiBJbiBwYXJ0aWN1bGFyLCBpdCBzZWVtcyB0aGF0IHRoZSBhdXRob3JzIG1hbmRh
dGUgZm9yIHRoZSB1c2Ugb2YgQ0JPUiBmb3IgYXV0aGVudGljYXRpb24vZW5jcnlwdGlvbiBvZiBQ
YXlsb2FkIChDT1NFX0VuY3J5cHQpIGFuZCBNYW5pZmVzdCAoQ09TRV9NYWMsIENPU0VfTWFjKSB3
aXRob3V0LCBBRkFJSywgZXZlciBtZW50aW9uaW5nIENCT1IgZXhwbGljaXRseS4NCg0KSWYgdGhh
dCBpcyBjb3JyZWN0IChJIGdvdCB0aHJvdWdoIGl0IFZFUlkgcXVpY2tseSksIHNpbmNlIHRoZSBD
aGFydGVyIGV4cGxpY2l0bHkgZm9jdXNlcyBvbiBBU04uMSBlbmNvZGluZyAoYW5kIENCT1IsIGlm
IGV2ZXIsIG1pZ2h0IGJlIGNvbnNpZGVyZWQgaW4gdGhlIGZ1dHVyZSksIEkgYW0gYSBsaXR0bGUg
Y29uZnVzZWQgYWJvdXQgdGhlIHVzZSBvZiBDT1NFIGluIHRoZSBJLUQuDQoNCkNhbiB0aGUgYXV0
aG9yKHMpIHByb3ZpZGUgc29tZSBjbGFyaWZpY2F0aW9uIG9uIHRoaXMgcG9pbnQgPw0KDQpDaGVl
cnMsDQpNYXgNCi0tDQpCZXN0IFJlZ2FyZHMsDQpNYXNzaW1pbGlhbm8gUGFsYSwgUGguRC4NCk9w
ZW5DQSBMYWJzIERpcmVjdG9yDQpbT3BlbkNBIExvZ29dDQpJTVBPUlRBTlQgTk9USUNFOiBUaGUg
Y29udGVudHMgb2YgdGhpcyBlbWFpbCBhbmQgYW55IGF0dGFjaG1lbnRzIGFyZSBjb25maWRlbnRp
YWwgYW5kIG1heSBhbHNvIGJlIHByaXZpbGVnZWQuIElmIHlvdSBhcmUgbm90IHRoZSBpbnRlbmRl
ZCByZWNpcGllbnQsIHBsZWFzZSBub3RpZnkgdGhlIHNlbmRlciBpbW1lZGlhdGVseSBhbmQgZG8g
bm90IGRpc2Nsb3NlIHRoZSBjb250ZW50cyB0byBhbnkgb3RoZXIgcGVyc29uLCB1c2UgaXQgZm9y
IGFueSBwdXJwb3NlLCBvciBzdG9yZSBvciBjb3B5IHRoZSBpbmZvcm1hdGlvbiBpbiBhbnkgbWVk
aXVtLiBUaGFuayB5b3UuDQo=

--_000_AM4PR0801MB2706FE1F98DFBA3E21404C4DFA2B0AM4PR0801MB2706_
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: base64

PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy
bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt
YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj
cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv
VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg
Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv
ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTQgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPCEtLVtp
ZiAhbXNvXT48c3R5bGU+dlw6KiB7YmVoYXZpb3I6dXJsKCNkZWZhdWx0I1ZNTCk7fQ0Kb1w6KiB7
YmVoYXZpb3I6dXJsKCNkZWZhdWx0I1ZNTCk7fQ0Kd1w6KiB7YmVoYXZpb3I6dXJsKCNkZWZhdWx0
I1ZNTCk7fQ0KLnNoYXBlIHtiZWhhdmlvcjp1cmwoI2RlZmF1bHQjVk1MKTt9DQo8L3N0eWxlPjwh
W2VuZGlmXS0tPjxzdHlsZT48IS0tDQovKiBGb250IERlZmluaXRpb25zICovDQpAZm9udC1mYWNl
DQoJe2ZvbnQtZmFtaWx5OkNhbGlicmk7DQoJcGFub3NlLTE6MiAxNSA1IDIgMiAyIDQgMyAyIDQ7
fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseTpUYWhvbWE7DQoJcGFub3NlLTE6MiAxMSA2IDQg
MyA1IDQgNCAyIDQ7fQ0KLyogU3R5bGUgRGVmaW5pdGlvbnMgKi8NCnAuTXNvTm9ybWFsLCBsaS5N
c29Ob3JtYWwsIGRpdi5Nc29Ob3JtYWwNCgl7bWFyZ2luOjBjbTsNCgltYXJnaW4tYm90dG9tOi4w
MDAxcHQ7DQoJZm9udC1zaXplOjEyLjBwdDsNCglmb250LWZhbWlseToiVGltZXMgTmV3IFJvbWFu
Iiwic2VyaWYiOw0KCWNvbG9yOmJsYWNrO30NCmE6bGluaywgc3Bhbi5Nc29IeXBlcmxpbmsNCgl7
bXNvLXN0eWxlLXByaW9yaXR5Ojk5Ow0KCWNvbG9yOmJsdWU7DQoJdGV4dC1kZWNvcmF0aW9uOnVu
ZGVybGluZTt9DQphOnZpc2l0ZWQsIHNwYW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQNCgl7bXNvLXN0
eWxlLXByaW9yaXR5Ojk5Ow0KCWNvbG9yOnB1cnBsZTsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJs
aW5lO30NCnANCgl7bXNvLXN0eWxlLXByaW9yaXR5Ojk5Ow0KCW1zby1tYXJnaW4tdG9wLWFsdDph
dXRvOw0KCW1hcmdpbi1yaWdodDowY207DQoJbXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG87DQoJ
bWFyZ2luLWxlZnQ6MGNtOw0KCWZvbnQtc2l6ZToxMi4wcHQ7DQoJZm9udC1mYW1pbHk6IlRpbWVz
IE5ldyBSb21hbiIsInNlcmlmIjsNCgljb2xvcjpibGFjazt9DQpzcGFuLkVtYWlsU3R5bGUxOA0K
CXttc28tc3R5bGUtdHlwZTpwZXJzb25hbC1yZXBseTsNCglmb250LWZhbWlseToiQ2FsaWJyaSIs
InNhbnMtc2VyaWYiOw0KCWNvbG9yOiMxRjQ5N0Q7fQ0KLk1zb0NocERlZmF1bHQNCgl7bXNvLXN0
eWxlLXR5cGU6ZXhwb3J0LW9ubHk7DQoJZm9udC1zaXplOjEwLjBwdDt9DQpAcGFnZSBXb3JkU2Vj
dGlvbjENCgl7c2l6ZTo2MTIuMHB0IDc5Mi4wcHQ7DQoJbWFyZ2luOjcyLjBwdCA3Mi4wcHQgNzIu
MHB0IDcyLjBwdDt9DQpkaXYuV29yZFNlY3Rpb24xDQoJe3BhZ2U6V29yZFNlY3Rpb24xO30NCi0t
Pjwvc3R5bGU+PCEtLVtpZiBndGUgbXNvIDldPjx4bWw+DQo8bzpzaGFwZWRlZmF1bHRzIHY6ZXh0
PSJlZGl0IiBzcGlkbWF4PSIxMDI2IiAvPg0KPC94bWw+PCFbZW5kaWZdLS0+PCEtLVtpZiBndGUg
bXNvIDldPjx4bWw+DQo8bzpzaGFwZWxheW91dCB2OmV4dD0iZWRpdCI+DQo8bzppZG1hcCB2OmV4
dD0iZWRpdCIgZGF0YT0iMSIgLz4NCjwvbzpzaGFwZWxheW91dD48L3htbD48IVtlbmRpZl0tLT4N
CjwvaGVhZD4NCjxib2R5IGJnY29sb3I9IndoaXRlIiBsYW5nPSJFTi1HQiIgbGluaz0iYmx1ZSIg
dmxpbms9InB1cnBsZSI+DQo8ZGl2IGNsYXNzPSJXb3JkU2VjdGlvbjEiPg0KPHAgY2xhc3M9Ik1z
b05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7
Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPkhpIE1h
eCwNCjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0
eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1
b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojMUY0OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bh
bj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBw
dDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7
Y29sb3I6IzFGNDk3RCI+T3VyIGluaXRpYWwgc3VibWlzc2lvbiBkZXNjcmliZWQgdGhlIGltcGxl
bWVudGF0aW9uIHdlIGhhdmUgd2l0aCB0aGUgbWJlZCB1cGRhdGUgc2VydmljZS4gSXQgdXNlcyBB
U04uMSBhbmQgd2UgZGVzY3JpYmVkIHdoeSB3ZSB0aG91Z2h0IHRoZSBjaG9pY2Ugb2YgQVNOLjEu
DQo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHls
ZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90
O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6IzFGNDk3RCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+
PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7
Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2Nv
bG9yOiMxRjQ5N0QiPkZyb20gdGhlIG1haWxpbmcgbGlzdCB3ZSBsZWFybmVkIHRoYXQgdGhlIGNv
b2wga2lkIGluIHRvd24gaXMgbm93IENPU0UvQ0JPUi4gSGVuY2UsIHdlIGhhdmUgdHJpZWQgdG8g
cmVmbGVjdCB0aGlzIGFzcGVjdCBpbiB0aGUgZGVzaWduLiBPZiBjb3Vyc2UsIHRoZSBjdXJyZW50
DQogdmVyc2lvbiBvZiB0aGUgZG9jdW1lbnQgaXMgbm90IGlubGluZSB3aXRoIG91ciBpbXBsZW1l
bnRhdGlvbiBhbnltb3JlLiA8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9y
bWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxp
YnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6IzFGNDk3RCI+PG86cD4mbmJz
cDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZv
bnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5z
LXNlcmlmJnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPldoYXQgZm9ybWF0KHMpIHRoZSBncm91cCB3aWxs
IHNlbGVjdCBpbiB0aGUgZW5kIHJlbWFpbnMgdG8gYmUgc2Vlbi4NCjxvOnA+PC9vOnA+PC9zcGFu
PjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0
O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztj
b2xvcjojMUY0OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNv
Tm9ybWFsIj48YSBuYW1lPSJfTWFpbEVuZENvbXBvc2UiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6
MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZx
dW90Oztjb2xvcjojMUY0OTdEIj5DaWFvPG86cD48L286cD48L3NwYW4+PC9hPjwvcD4NCjxwIGNs
YXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5
OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojMUY0OTdE
Ij5IYW5uZXM8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3Bh
biBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7
LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6IzFGNDk3RCI+PG86cD4mbmJzcDs8L286cD48
L3NwYW4+PC9wPg0KPGRpdj4NCjxkaXYgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci10b3A6c29s
aWQgI0I1QzRERiAxLjBwdDtwYWRkaW5nOjMuMHB0IDBjbSAwY20gMGNtIj4NCjxwIGNsYXNzPSJN
c29Ob3JtYWwiPjxiPjxzcGFuIGxhbmc9IkVOLVVTIiBzdHlsZT0iZm9udC1zaXplOjEwLjBwdDtm
b250LWZhbWlseTomcXVvdDtUYWhvbWEmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xv
cjp3aW5kb3d0ZXh0Ij5Gcm9tOjwvc3Bhbj48L2I+PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJm
b250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O1RhaG9tYSZxdW90OywmcXVvdDtzYW5z
LXNlcmlmJnF1b3Q7O2NvbG9yOndpbmRvd3RleHQiPiBTdWl0IFttYWlsdG86c3VpdC1ib3VuY2Vz
QGlldGYub3JnXQ0KPGI+T24gQmVoYWxmIE9mIDwvYj5Eci4gUGFsYTxicj4NCjxiPlNlbnQ6PC9i
PiAxMyBOb3ZlbWJlciAyMDE3IDE1OjIyPGJyPg0KPGI+VG86PC9iPiBzdWl0QGlldGYub3JnPGJy
Pg0KPGI+U3ViamVjdDo8L2I+IFtTdWl0XSBRdWVzdGlvbiBhYm91dCBkcmFmdC1tb3Jhbi1zdWl0
LW1hbmlmZXN0LTAwLnR4dDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8
cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxwPkhpIGFsbCw8bzpw
PjwvbzpwPjwvcD4NCjxwPkkgcXVpY2tseSBza2ltbWVkIHRoZSBkcmFmdCBhbmQgSSBoYXZlIGEg
cXVlc3Rpb24gZm9yIHRoZSBhdXRob3JzLiBJbiBwYXJ0aWN1bGFyLCBpdCBzZWVtcyB0aGF0IHRo
ZSBhdXRob3JzIG1hbmRhdGUgZm9yIHRoZSB1c2Ugb2YgQ0JPUiBmb3IgYXV0aGVudGljYXRpb24v
ZW5jcnlwdGlvbiBvZiBQYXlsb2FkIChDT1NFX0VuY3J5cHQpIGFuZCBNYW5pZmVzdCAoQ09TRV9N
YWMsIENPU0VfTWFjKSB3aXRob3V0LCBBRkFJSywgZXZlciBtZW50aW9uaW5nDQogQ0JPUiBleHBs
aWNpdGx5LiA8bzpwPjwvbzpwPjwvcD4NCjxwPklmIHRoYXQgaXMgY29ycmVjdCAoSSBnb3QgdGhy
b3VnaCBpdCBWRVJZIHF1aWNrbHkpLCBzaW5jZSB0aGUgQ2hhcnRlciBleHBsaWNpdGx5IGZvY3Vz
ZXMgb24gQVNOLjEgZW5jb2RpbmcgKGFuZCBDQk9SLCBpZiBldmVyLCBtaWdodCBiZSBjb25zaWRl
cmVkIGluIHRoZSBmdXR1cmUpLCBJIGFtIGEgbGl0dGxlIGNvbmZ1c2VkIGFib3V0IHRoZSB1c2Ug
b2YgQ09TRSBpbiB0aGUgSS1ELjxvOnA+PC9vOnA+PC9wPg0KPHA+Q2FuIHRoZSBhdXRob3Iocykg
cHJvdmlkZSBzb21lIGNsYXJpZmljYXRpb24gb24gdGhpcyBwb2ludCA/PG86cD48L286cD48L3A+
DQo8cD5DaGVlcnMsPGJyPg0KTWF4PG86cD48L286cD48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1z
b05vcm1hbCI+LS0gPG86cD48L286cD48L3A+DQo8ZGl2IHN0eWxlPSJtYXJnaW4tdG9wOjcuNXB0
Ij4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPkJlc3QgUmVnYXJkcywgPG86cD48L286cD48L3A+DQo8
ZGl2IHN0eWxlPSJtYXJnaW4tdG9wOjMuNzVwdCI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5NYXNz
aW1pbGlhbm8gUGFsYSwgUGguRC48YnI+DQpPcGVuQ0EgTGFicyBEaXJlY3RvcjxvOnA+PC9vOnA+
PC9wPg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48aW1nIHdpZHRoPSIxMDAiIGhlaWdo
dD0iNTQiIGlkPSJfeDAwMDBfaTEwMjUiIHNyYz0iY2lkOmltYWdlMDAxLnBuZ0AwMUQzNUNBOC5F
M0ZERjk5MCIgYWx0PSJPcGVuQ0EgTG9nbyI+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjwvZGl2
Pg0KPC9kaXY+DQpJTVBPUlRBTlQgTk9USUNFOiBUaGUgY29udGVudHMgb2YgdGhpcyBlbWFpbCBh
bmQgYW55IGF0dGFjaG1lbnRzIGFyZSBjb25maWRlbnRpYWwgYW5kIG1heSBhbHNvIGJlIHByaXZp
bGVnZWQuIElmIHlvdSBhcmUgbm90IHRoZSBpbnRlbmRlZCByZWNpcGllbnQsIHBsZWFzZSBub3Rp
ZnkgdGhlIHNlbmRlciBpbW1lZGlhdGVseSBhbmQgZG8gbm90IGRpc2Nsb3NlIHRoZSBjb250ZW50
cyB0byBhbnkgb3RoZXIgcGVyc29uLCB1c2UgaXQgZm9yIGFueSBwdXJwb3NlLA0KIG9yIHN0b3Jl
IG9yIGNvcHkgdGhlIGluZm9ybWF0aW9uIGluIGFueSBtZWRpdW0uIFRoYW5rIHlvdS4NCjwvYm9k
eT4NCjwvaHRtbD4NCg==

--_000_AM4PR0801MB2706FE1F98DFBA3E21404C4DFA2B0AM4PR0801MB2706_--

--_004_AM4PR0801MB2706FE1F98DFBA3E21404C4DFA2B0AM4PR0801MB2706_
Content-Type: image/png; name="image001.png"
Content-Description: image001.png
Content-Disposition: inline; filename="image001.png"; size=3146;
	creation-date="Mon, 13 Nov 2017 09:57:45 GMT";
	modification-date="Mon, 13 Nov 2017 09:57:45 GMT"
Content-ID: <image001.png@01D35CA8.E3FDF990>
Content-Transfer-Encoding: base64

iVBORw0KGgoAAAANSUhEUgAAAGQAAAA2CAMAAAAGesyaAAADAFBMVEUsJiEAAQAKAwMABwoXBwES
CQAqDgEkEQItFQESGykaGh0WGyE1FwE9GwJHHwElJiY4JBQmKDE1KCAfLUQ8KygoMEAqMjpXKgs/
MilMMR0pOFEyOUo4OTo1OkRqMgpjOBlpNxUwQV1DPz48QExdOyM4QVV+OQRRQzo1SGdDR0lDSFJf
RDFASVyaPwF+RRpNT1I9UXlwSi8+UnNDUm6hQgCPRhBdUEZTUlBKVGlPVF27PgCaSANtUT57VBer
SQOMUgxHW4KMUiepTwmJVDh6WT6KVjGCWDpRYH21TwFiYF57YgJXYXaeVR+lVRZrYld1ZiB7YEuS
YQBgZW+8VAlkZWjBVQCfXiqqXwG1WhPLVgedYDazXiDZVgCWZEDVWQJ1blapYjbXWgDRXACMaU6W
bgCiZjnIXw9mcIixZC6pZjJ/cUeLbFdycmZ4cGnnWwNwc3WqaS6BcGeobwndXwzkXwLgYgDaYwyM
eCq/bQHJaBi9ajDMagWVegvRZxzVaAvXaQDLainqZAuvcEPrZQDQaSyockrFbSvmZwnabQLvZwDp
aQB0fpPkaxGld1d+f3/3aACfeV6RfG2JfnLebSF7gYy2fQmugQCigxW8d0K3eEr1bQXaciTicRqK
gnzNewHuchbUdzKYiDzrdwKah1erjAvOfEXleSq5g1qYjGikiHO2kADigwC2hmSZjIGGj6aHkJzQ
iwCximixim/EkAORkZGVkYrOh0rPiVL5giTvhDKkk4LMjF23mR+zmTrhikrviDzsi0TAlHDCnwvK
lGqpnJLdlF2boKy+m324nImkoZ+eo6XKpgrloATwl1WypZPOn3zfqQjYrgLBrVDdo3nGq5mysa/S
rI7dq4bqqXTOrpWttL+6s6uwtbe/t4rhvALetpjQuqnuwwe9v8LAv7vauqD3xA68w9XBw83rvJfR
wbXFyMvbxbPNyMP8zgTczMDr0mb91xLM1ODQ1NfS1c7p0sD70bPd19PX4qj83cje4+Xr4tv54NLp
7/Hy9PHw9fj6/v3YktvJAAAAAXRSTlMAQObYZgAAAAFiS0dEAIgFHUgAAAjrSURBVFjDtVcNWFPX
GT6E+l9BZ0EFsTKEIQaUAIrTZdYqxqG0I3UjIuiDM0ipoyO5l0rFh2PE472EoIJKL9hQV2OxqM+U
SgFL4r9gEaIoQxgqKBZBR+nGGhXYdwNro0Kfkcp3ntzce/7e8/2e70PoJVDl3bMlZyurUSsaKnqE
SrMplYrByozCjUOEUZORodMRVsViTjJc8GbLUGCUUstLv1SyLCGch8DGRiDPe/kY5/2HCQQTxZEE
y4fb2gDI8KjjLxsjfyyc3lZgM3KixwgeY4TEzk7+kjHODbeb6u0xAhiw8XgFMOxolpP6J75UjLZf
p6dzHIcBYCQbIBB4sCxDOLK6eMAVT39it57+e09ysCnDUtnrJ0vS5ZMW0PBFWDbd40G/85sH2KeX
vj94u/flX8/2J6kYQkhkHbzWbkdH0N0UDN8sURS8uMd9dMzPL7BxIIjOayuWLBIf70RPUPjxLouB
EgVhMaYuWXQlMjwsN+eFTR4cDZ4werRDYOoAIFkrptm/Ni0gthOt9Q4yWQxcAwyWTbacW0sTDGoJ
en4P002/2S7LjgV6BpY1N6OO5g5eeiZTY/P9b1FzRwfKWuk9p/72ct+NpuKpq32qLVaexOCCJB91
aezt5y6zt7fXILSdJZjlVr1w0mCR66x6FL3QOXiUQ2a0k/sFlDlq1LzUMQ4uxxycjl0LWO1bBsY6
yXR3wSTJGxqLhdsJHDsS9cwF47XlvcQGQiXhRbih/HkQv4XOcajZb6GDu7PTFEdPkVu0k4vQyd3J
c/SUwNnB+RJ/XsI9ptZDIxMly3dbLNwGnGBJF+Id3cZM9ui8Gjq5P/TDiRCegbOFgSKRo5e7yNHV
2dnPdVb0bHfHQCevNIV/rxqrX48oFQdYcpKMtYRbjuxtfqRypNACK28+j3FsqcilAD0ADuIWCt0y
Ra7zRNEOY2YELhW5CV2dXVKixH8BC+s8GDN9wWKxf94zpsRiJuWmBYjgndsKFmu5Bc+D3HQXCcu7
QTFTMl3HF0SLxruLvGa4zUqdMGFWqqfX3GSxN0y6NT154i+v75zvH2thXiWgY2YVElhwYl9NYxar
lr0grlQn92DQt1vBUk+nUFeHGZmegUIvl1RXr1AnV/fx6zd4v3HptM/YaXbrzmYFePu2WpowYRlJ
o+2PGLb2d9WE5bw1L4DcnOco9HIcH3o02HOecMqMJhQqdLPXpArHl2uEo+Na8qZPXxw0+bVx46bF
zhw3eZylM2dgwkbWW3IyJp9lMDe9H2/raiqPCy5/fHSCu+M7mkffoQuzQhvRhWVlj1FcWTfq6dwd
ElJmarxedr/u3P6CNn7Fk95ol8wRjIMsOLGJSwLm/OMGjlFHJ7hqelDuxdMlpbU16JvqlJTamivo
BjrfUgNB69zfb6Fr1TWPKmtOw9xCdLayEFWvBlaSfmEBsk6LSdTMNnQaldTe7Qfj20yveddR2toV
EevCi9/ffmntR7ErtvompmyICM9qyYpZsG3FhqwNYRH5KUtyW7eGRRxfH1OHDv0ZXH6ihbSyVYzS
Y3FuBkVR9LaS2wPxUxyTFpu2eGverr+dezvi0ttpOy/tTKlL2ZkWs6p4VV1Kyq60nevS8iLyi1tW
hfNWzMfhYT+ArAQ+5odRBENjlRW5F/vH6O7u7urpXtvR/bQbmX/dPd3w7Ok+2Ij4ry5o0N/dY1p7
qA21FodhFRc1ctjIsXZ2Y18VcwCixNgcWlgVbUiue3b3J33te7497vv/oT1Bj5/7br1RgrYlfrRe
SqmwPDyK0GqOUHKWj/RwP0J0ZlmsK3o2HP+7Qt9HBr3BYH5aNL3FG/+ul8sjKcxHdRJFGJkhfKxg
mM2rUoaSg5h4GAwXJsF00dRGq+/21k2EF7o50oNswrNfsYUQKRBIZWIFh3luaLNe1F++bjXGyWyz
ZiGoYFYLx5Ys4v0R3GWRdBHNErBiSiqVRhHMyeaYrMQ4SENWCvEcfhCmGIzpqKlm27KTSWUcAX1g
oBw5oATctDb33aLTYV5SWoaXP5+gyqlFdnZ23nB+plcnREv0RWJCBVkrrBJ1BewMmlVpgRUQF7wp
ItMJTcsJ34GBRVaFdQZaqoqxFmSb3qDQgu1A2GI4YAnODkQYIOhklDKzo2C1IV2sijzdhjorqwef
NdL6ihxzegU7SynexHgBMXy+xWFG8qvdf91D8WpRi41qKFl02YaswYNkULTeLC9CFFK4bDHDMmZb
hnuXSOdAsnN1LxgfVu7ZvG8LpSJUlO/gnaWQFwYvJpZeKdUaSC8ApuhIShYQYp5yWQ0oPgVXPtkc
Hz/fx5rqqzosHSSlBYHIxKSolJcUsIIpnzkhmt4b7Z/tOzBRQWaA6uNCNdet0nxLkL8CgzeQKIlC
XaHjXR9MlqQn9Y1fNd5RE0zF/ryKwVR/JMnsI3S8Umcw6NRYxRuUKqk3lfnKeGcTySAx5hy+7Wfg
ZOv4uLLl0w8wUah71QLBpJeXq/eMVVivV8jz6lB2ofWF6i1dEYRZfMJ4piE+ZweNeb7A2VVyKEx6
vjt1z/ghMehVKiUpyt1VYBXCN6j0Q4Mazp7TvvndhIaGhqqvP1bwFk0YRYR5RoLR+PkWmlIpV/oE
DQ6jB9Wc3Z6bm6zLTtLlgLC4LVWXz5Q1ffbV5oZ24wmsV/NeKTlirmg+u/q7w7/38PDdeKF8UBgX
s2kV4WUC0YR/KOLvPby3L5O30yvG9vY/6vX8JSbb2je96coXX5QPznqfokKKEPWBAwd20ApaTWsP
7LnTfsd42at3+B+H7+zRUfwZZMutN6baHCX5+Ou9Zy4f3nuiKr7KaHxoNDbsSwhp6htvfyg3Zw90
1G+ttVlTJa34/E+fvrXmvY3713xy6tSZfadOJby7X1P/vwn/MeaYr0mF7IMEq690Gu95KwQq5L5K
+f59qGUtaZMSciHMKjdVbY6zFqRC/pv3LgxY5tcW0pjIpGGJ7+89kxBnbXZSmjuz7CeyihyG8fbd
XXYdrWlqQg+sZWTdzPqBB68VEdnkzDY0lHSjSD9/GRpaMt3OWqLpQENOTf/PpP8CK9ZVVe2a8XoA
AAAASUVORK5CYII=

--_004_AM4PR0801MB2706FE1F98DFBA3E21404C4DFA2B0AM4PR0801MB2706_--


From nobody Mon Nov 13 06:30:13 2017
Return-Path: <madwolf@openca.org>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 67832129AB6 for <suit@ietfa.amsl.com>; Mon, 13 Nov 2017 06:30:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.879
X-Spam-Level: 
X-Spam-Status: No, score=-1.879 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_HK_NAME_DR=0.01, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HJuagd_Xw-kW for <suit@ietfa.amsl.com>; Mon, 13 Nov 2017 06:30:07 -0800 (PST)
Received: from mail.katezarealty.com (mail.katezarealty.com [104.168.158.213]) by ietfa.amsl.com (Postfix) with ESMTP id 3A874129601 for <suit@ietf.org>; Mon, 13 Nov 2017 06:30:07 -0800 (PST)
Received: from localhost (unknown [127.0.0.1]) by mail.katezarealty.com (Postfix) with ESMTP id 1A31A3741029 for <suit@ietf.org>; Mon, 13 Nov 2017 14:30:07 +0000 (UTC)
X-Virus-Scanned: amavisd-new at katezarealty.com
Received: from mail.katezarealty.com ([127.0.0.1]) by localhost (mail.katezarealty.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 5Gh9YyhJTAxg for <suit@ietf.org>; Mon, 13 Nov 2017 09:29:59 -0500 (EST)
Received: from dhcp-98fb.meeting.ietf.org (dhcp-98fb.meeting.ietf.org [31.133.152.251]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.katezarealty.com (Postfix) with ESMTPSA id EE2EF3740F6A for <suit@ietf.org>; Mon, 13 Nov 2017 09:29:58 -0500 (EST)
To: suit@ietf.org
References: <6437dc89-4706-dcdd-3b7a-f073c44ccfdb@openca.org> <AM4PR0801MB2706FE1F98DFBA3E21404C4DFA2B0@AM4PR0801MB2706.eurprd08.prod.outlook.com>
From: "Dr. Pala" <madwolf@openca.org>
Message-ID: <e3f60704-880c-9434-90c9-d77b60dbe356@openca.org>
Date: Mon, 13 Nov 2017 22:29:58 +0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <AM4PR0801MB2706FE1F98DFBA3E21404C4DFA2B0@AM4PR0801MB2706.eurprd08.prod.outlook.com>
Content-Type: multipart/alternative; boundary="------------FBD02134C2C191424B60DB88"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/32Vy50RarzoFIXNxqy4iaND3Qbo>
Subject: Re: [Suit] Question about draft-moran-suit-manifest-00.txt
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Nov 2017 14:30:09 -0000

This is a multi-part message in MIME format.
--------------FBD02134C2C191424B60DB88
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit

Hi Hannes,

thanks for the clarification :D My personal experience is that with 
device vendors is that they will go long way to even "simplify" dealing 
with encoding (or, as it seems in this case, more decoding).

Maybe there could be also some space for considering ad-hoc (instead of 
generic encoding rules) binary formats that can be better understood by 
device manufacturer (that usually complain about having even a 5-10k 
enc/dec library... :D).

Thanks Again,

Ciao,
Max


On 11/13/17 5:57 PM, Hannes Tschofenig wrote:
>
> Hi Max,
>
> Our initial submission described the implementation we have with the 
> mbed update service. It uses ASN.1 and we described why we thought the 
> choice of ASN.1.
>
> From the mailing list we learned that the cool kid in town is now 
> COSE/CBOR. Hence, we have tried to reflect this aspect in the design. 
> Of course, the current version of the document is not inline with our 
> implementation anymore.
>
> What format(s) the group will select in the end remains to be seen.
>
> Ciao
>
> Hannes
>
> *From:*Suit [mailto:suit-bounces@ietf.org] *On Behalf Of *Dr. Pala
> *Sent:* 13 November 2017 15:22
> *To:* suit@ietf.org
> *Subject:* [Suit] Question about draft-moran-suit-manifest-00.txt
>
> Hi all,
>
> I quickly skimmed the draft and I have a question for the authors. In 
> particular, it seems that the authors mandate for the use of CBOR for 
> authentication/encryption of Payload (COSE_Encrypt) and Manifest 
> (COSE_Mac, COSE_Mac) without, AFAIK, ever mentioning CBOR explicitly.
>
> If that is correct (I got through it VERY quickly), since the Charter 
> explicitly focuses on ASN.1 encoding (and CBOR, if ever, might be 
> considered in the future), I am a little confused about the use of 
> COSE in the I-D.
>
> Can the author(s) provide some clarification on this point ?
>
> Cheers,
> Max
>
> -- 
>
> Best Regards,
>
> Massimiliano Pala, Ph.D.
> OpenCA Labs Director
>
> OpenCA Logo
>
> IMPORTANT NOTICE: The contents of this email and any attachments are 
> confidential and may also be privileged. If you are not the intended 
> recipient, please notify the sender immediately and do not disclose 
> the contents to any other person, use it for any purpose, or store or 
> copy the information in any medium. Thank you.
>
>
> _______________________________________________
> Suit mailing list
> Suit@ietf.org
> https://www.ietf.org/mailman/listinfo/suit


--------------FBD02134C2C191424B60DB88
Content-Type: multipart/related;
 boundary="------------57E18968470EAB32FE46FC72"


--------------57E18968470EAB32FE46FC72
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 8bit

<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <p>Hi Hannes,</p>
    <p>thanks for the clarification :D My personal experience is that
      with device vendors is that they will go long way to even
      "simplify" dealing with encoding (or, as it seems in this case,
      more decoding). <br>
    </p>
    <p>Maybe there could be also some space for considering ad-hoc
      (instead of generic encoding rules) binary formats that can be
      better understood by device manufacturer (that usually complain
      about having even a 5-10k enc/dec library... :D).</p>
    <p>Thanks Again,</p>
    <p>Ciao,<br>
      Max<br>
    </p>
    <br>
    <div class="moz-cite-prefix">On 11/13/17 5:57 PM, Hannes Tschofenig
      wrote:<br>
    </div>
    <blockquote type="cite"
cite="mid:AM4PR0801MB2706FE1F98DFBA3E21404C4DFA2B0@AM4PR0801MB2706.eurprd08.prod.outlook.com">
      <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
      <meta name="Generator" content="Microsoft Word 14 (filtered
        medium)">
      <!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]-->
      <style><!--
/* Font Definitions */
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
	{font-family:Tahoma;
	panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0cm;
	margin-bottom:.0001pt;
	font-size:12.0pt;
	font-family:"Times New Roman","serif";
	color:black;}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:purple;
	text-decoration:underline;}
p
	{mso-style-priority:99;
	mso-margin-top-alt:auto;
	margin-right:0cm;
	mso-margin-bottom-alt:auto;
	margin-left:0cm;
	font-size:12.0pt;
	font-family:"Times New Roman","serif";
	color:black;}
span.EmailStyle18
	{mso-style-type:personal-reply;
	font-family:"Calibri","sans-serif";
	color:#1F497D;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-size:10.0pt;}
@page WordSection1
	{size:612.0pt 792.0pt;
	margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
	{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
      <div class="WordSection1">
        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1F497D">Hi
            Max,
            <o:p></o:p></span></p>
        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1F497D"><o:p> </o:p></span></p>
        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1F497D">Our
            initial submission described the implementation we have with
            the mbed update service. It uses ASN.1 and we described why
            we thought the choice of ASN.1.
            <o:p></o:p></span></p>
        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1F497D"><o:p> </o:p></span></p>
        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1F497D">From
            the mailing list we learned that the cool kid in town is now
            COSE/CBOR. Hence, we have tried to reflect this aspect in
            the design. Of course, the current version of the document
            is not inline with our implementation anymore. <o:p></o:p></span></p>
        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1F497D"><o:p> </o:p></span></p>
        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1F497D">What
            format(s) the group will select in the end remains to be
            seen.
            <o:p></o:p></span></p>
        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1F497D"><o:p> </o:p></span></p>
        <p class="MsoNormal"><a name="_MailEndCompose"
            moz-do-not-send="true"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1F497D">Ciao<o:p></o:p></span></a></p>
        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1F497D">Hannes<o:p></o:p></span></p>
        <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1F497D"><o:p> </o:p></span></p>
        <div>
          <div style="border:none;border-top:solid #B5C4DF
            1.0pt;padding:3.0pt 0cm 0cm 0cm">
            <p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;;color:windowtext"
                  lang="EN-US">From:</span></b><span
style="font-size:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;;color:windowtext"
                lang="EN-US"> Suit [<a class="moz-txt-link-freetext" href="mailto:suit-bounces@ietf.org">mailto:suit-bounces@ietf.org</a>]
                <b>On Behalf Of </b>Dr. Pala<br>
                <b>Sent:</b> 13 November 2017 15:22<br>
                <b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:suit@ietf.org">suit@ietf.org</a><br>
                <b>Subject:</b> [Suit] Question about
                draft-moran-suit-manifest-00.txt<o:p></o:p></span></p>
          </div>
        </div>
        <p class="MsoNormal"><o:p> </o:p></p>
        <p>Hi all,<o:p></o:p></p>
        <p>I quickly skimmed the draft and I have a question for the
          authors. In particular, it seems that the authors mandate for
          the use of CBOR for authentication/encryption of Payload
          (COSE_Encrypt) and Manifest (COSE_Mac, COSE_Mac) without,
          AFAIK, ever mentioning CBOR explicitly. <o:p></o:p></p>
        <p>If that is correct (I got through it VERY quickly), since the
          Charter explicitly focuses on ASN.1 encoding (and CBOR, if
          ever, might be considered in the future), I am a little
          confused about the use of COSE in the I-D.<o:p></o:p></p>
        <p>Can the author(s) provide some clarification on this point ?<o:p></o:p></p>
        <p>Cheers,<br>
          Max<o:p></o:p></p>
        <div>
          <p class="MsoNormal">-- <o:p></o:p></p>
          <div style="margin-top:7.5pt">
            <p class="MsoNormal">Best Regards, <o:p></o:p></p>
            <div style="margin-top:3.75pt">
              <p class="MsoNormal">Massimiliano Pala, Ph.D.<br>
                OpenCA Labs Director<o:p></o:p></p>
            </div>
            <p class="MsoNormal"><img id="_x0000_i1025"
                src="cid:part2.E151A547.A0EC2CED@openca.org" alt="OpenCA
                Logo" class="" width="100" height="54"><o:p></o:p></p>
          </div>
        </div>
      </div>
      IMPORTANT NOTICE: The contents of this email and any attachments
      are confidential and may also be privileged. If you are not the
      intended recipient, please notify the sender immediately and do
      not disclose the contents to any other person, use it for any
      purpose, or store or copy the information in any medium. Thank
      you.
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
Suit mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Suit@ietf.org">Suit@ietf.org</a>
<a class="moz-txt-link-freetext" href="https://www.ietf.org/mailman/listinfo/suit">https://www.ietf.org/mailman/listinfo/suit</a>
</pre>
    </blockquote>
    <br>
  </body>
</html>

--------------57E18968470EAB32FE46FC72
Content-Type: image/png;
 name="image001.png"
Content-Transfer-Encoding: base64
Content-ID: <part2.E151A547.A0EC2CED@openca.org>
Content-Disposition: inline;
 filename="image001.png"

iVBORw0KGgoAAAANSUhEUgAAAGQAAAA2CAMAAAAGesyaAAADAFBMVEUsJiEAAQAKAwMABwoX
BwESCQAqDgEkEQItFQESGykaGh0WGyE1FwE9GwJHHwElJiY4JBQmKDE1KCAfLUQ8KygoMEAq
MjpXKgs/MilMMR0pOFEyOUo4OTo1OkRqMgpjOBlpNxUwQV1DPz48QExdOyM4QVV+OQRRQzo1
SGdDR0lDSFJfRDFASVyaPwF+RRpNT1I9UXlwSi8+UnNDUm6hQgCPRhBdUEZTUlBKVGlPVF27
PgCaSANtUT57VBerSQOMUgxHW4KMUiepTwmJVDh6WT6KVjGCWDpRYH21TwFiYF57YgJXYXae
VR+lVRZrYld1ZiB7YEuSYQBgZW+8VAlkZWjBVQCfXiqqXwG1WhPLVgedYDazXiDZVgCWZEDV
WQJ1blapYjbXWgDRXACMaU6WbgCiZjnIXw9mcIixZC6pZjJ/cUeLbFdycmZ4cGnnWwNwc3Wq
aS6BcGeobwndXwzkXwLgYgDaYwyMeCq/bQHJaBi9ajDMagWVegvRZxzVaAvXaQDLainqZAuv
cEPrZQDQaSyockrFbSvmZwnabQLvZwDpaQB0fpPkaxGld1d+f3/3aACfeV6RfG2JfnLebSF7
gYy2fQmugQCigxW8d0K3eEr1bQXaciTicRqKgnzNewHuchbUdzKYiDzrdwKah1erjAvOfEXl
eSq5g1qYjGikiHO2kADigwC2hmSZjIGGj6aHkJzQiwCximixim/EkAORkZGVkYrOh0rPiVL5
giTvhDKkk4LMjF23mR+zmTrhikrviDzsi0TAlHDCnwvKlGqpnJLdlF2boKy+m324nImkoZ+e
o6XKpgrloATwl1WypZPOn3zfqQjYrgLBrVDdo3nGq5mysa/SrI7dq4bqqXTOrpWttL+6s6uw
tbe/t4rhvALetpjQuqnuwwe9v8LAv7vauqD3xA68w9XBw83rvJfRwbXFyMvbxbPNyMP8zgTc
zMDr0mb91xLM1ODQ1NfS1c7p0sD70bPd19PX4qj83cje4+Xr4tv54NLp7/Hy9PHw9fj6/v3Y
ktvJAAAAAXRSTlMAQObYZgAAAAFiS0dEAIgFHUgAAAjrSURBVFjDtVcNWFPXGT6E+l9BZ0EF
sTKEIQaUAIrTZdYqxqG0I3UjIuiDM0ipoyO5l0rFh2PE472EoIJKL9hQV2OxqM+USgFL4r9g
EaIoQxgqKBZBR+nGGhXYdwNro0Kfkcp3ntzce/7e8/2e70PoJVDl3bMlZyurUSsaKnqESrMp
lYrByozCjUOEUZORodMRVsViTjJc8GbLUGCUUstLv1SyLCGch8DGRiDPe/kY5/2HCQQTxZEE
y4fb2gDI8KjjLxsjfyyc3lZgM3KixwgeY4TEzk7+kjHODbeb6u0xAhiw8XgFMOxolpP6J75U
jLZfp6dzHIcBYCQbIBB4sCxDOLK6eMAVT39it57+e09ysCnDUtnrJ0vS5ZMW0PBFWDbd40G/
85sH2KeXvj94u/flX8/2J6kYQkhkHbzWbkdH0N0UDN8sURS8uMd9dMzPL7BxIIjOayuWLBIf
70RPUPjxLouBEgVhMaYuWXQlMjwsN+eFTR4cDZ4werRDYOoAIFkrptm/Ni0gthOt9Q4yWQxc
AwyWTbacW0sTDGoJen4P002/2S7LjgV6BpY1N6OO5g5eeiZTY/P9b1FzRwfKWuk9p/72ct+N
puKpq32qLVaexOCCJB91aezt5y6zt7fXILSdJZjlVr1w0mCR66x6FL3QOXiUQ2a0k/sFlDlq
1LzUMQ4uxxycjl0LWO1bBsY6yXR3wSTJGxqLhdsJHDsS9cwF47XlvcQGQiXhRbih/HkQv4XO
cajZb6GDu7PTFEdPkVu0k4vQyd3Jc/SUwNnB+RJ/XsI9ptZDIxMly3dbLNwGnGBJF+Id3cZM
9ui8Gjq5P/TDiRCegbOFgSKRo5e7yNHV2dnPdVb0bHfHQCevNIV/rxqrX48oFQdYcpKMtYRb
juxtfqRypNACK28+j3FsqcilAD0ADuIWCt0yRa7zRNEOY2YELhW5CV2dXVKixH8BC+s8GDN9
wWKxf94zpsRiJuWmBYjgndsKFmu5Bc+D3HQXCcu7QTFTMl3HF0SLxruLvGa4zUqdMGFWqqfX
3GSxN0y6NT154i+v75zvH2thXiWgY2YVElhwYl9NYxarlr0grlQn92DQt1vBUk+nUFeHGZme
gUIvl1RXr1AnV/fx6zd4v3HptM/YaXbrzmYFePu2WpowYRlJo+2PGLb2d9WE5bw1L4DcnOco
9HIcH3o02HOecMqMJhQqdLPXpArHl2uEo+Na8qZPXxw0+bVx46bFzhw3eZylM2dgwkbWW3Iy
Jp9lMDe9H2/raiqPCy5/fHSCu+M7mkffoQuzQhvRhWVlj1FcWTfq6dwdElJmarxedr/u3P6C
Nn7Fk95ol8wRjIMsOLGJSwLm/OMGjlFHJ7hqelDuxdMlpbU16JvqlJTamivoBjrfUgNB69zf
b6Fr1TWPKmtOw9xCdLayEFWvBlaSfmEBsk6LSdTMNnQaldTe7Qfj20yveddR2toVEevCi9/f
fmntR7ErtvompmyICM9qyYpZsG3FhqwNYRH5KUtyW7eGRRxfH1OHDv0ZXH6ihbSyVYzSY3Fu
BkVR9LaS2wPxUxyTFpu2eGverr+dezvi0ttpOy/tTKlL2ZkWs6p4VV1Kyq60nevS8iLyi1tW
hfNWzMfhYT+ArAQ+5odRBENjlRW5F/vH6O7u7urpXtvR/bQbmX/dPd3w7Ok+2Ij4ry5o0N/d
Y1p7qA21FodhFRc1ctjIsXZ2Y18VcwCixNgcWlgVbUiue3b3J33te7497vv/oT1Bj5/7br1R
grYlfrReSqmwPDyK0GqOUHKWj/RwP0J0ZlmsK3o2HP+7Qt9HBr3BYH5aNL3FG/+ul8sjKcxH
dRJFGJkhfKxgmM2rUoaSg5h4GAwXJsF00dRGq+/21k2EF7o50oNswrNfsYUQKRBIZWIFh3lu
aLNe1F++bjXGyWyzZiGoYFYLx5Ys4v0R3GWRdBHNErBiSiqVRhHMyeaYrMQ4SENWCvEcfhCm
GIzpqKlm27KTSWUcAX1goBw5oATctDb33aLTYV5SWoaXP5+gyqlFdnZ23nB+plcnREv0RWJC
BVkrrBJ1BewMmlVpgRUQF7wpItMJTcsJ34GBRVaFdQZaqoqxFmSb3qDQgu1A2GI4YAnODkQY
IOhklDKzo2C1IV2sijzdhjorqwefNdL6ihxzegU7SynexHgBMXy+xWFG8qvdf91D8WpRi41q
KFl02YaswYNkULTeLC9CFFK4bDHDMmZbhnuXSOdAsnN1LxgfVu7ZvG8LpSJUlO/gnaWQFwYv
JpZeKdUaSC8ApuhIShYQYp5yWQ0oPgVXPtkcHz/fx5rqqzosHSSlBYHIxKSolJcUsIIpnzkh
mt4b7Z/tOzBRQWaA6uNCNdet0nxLkL8CgzeQKIlCXaHjXR9MlqQn9Y1fNd5RE0zF/ryKwVR/
JMnsI3S8Umcw6NRYxRuUKqk3lfnKeGcTySAx5hy+7WfgZOv4uLLl0w8wUah71QLBpJeXq/eM
VVivV8jz6lB2ofWF6i1dEYRZfMJ4piE+ZweNeb7A2VVyKEx6vjt1z/ghMehVKiUpyt1VYBXC
N6j0Q4Mazp7TvvndhIaGhqqvP1bwFk0YRYR5RoLR+PkWmlIpV/oEDQ6jB9Wc3Z6bm6zLTtLl
gLC4LVWXz5Q1ffbV5oZ24wmsV/NeKTlirmg+u/q7w7/38PDdeKF8UBgXs2kV4WUC0YR/KOLv
Pby3L5O30yvG9vY/6vX8JSbb2je96coXX5QPznqfokKKEPWBAwd20ApaTWsP7LnTfsd42at3
+B+H7+zRUfwZZMutN6baHCX5+Ou9Zy4f3nuiKr7KaHxoNDbsSwhp6htvfyg3Zw901G+ttVlT
Ja34/E+fvrXmvY3713xy6tSZfadOJby7X1P/vwn/MeaYr0mF7IMEq690Gu95KwQq5L5K+f59
qGUtaZMSciHMKjdVbY6zFqRC/pv3LgxY5tcW0pjIpGGJ7+89kxBnbXZSmjuz7CeyihyG8fbd
XXYdrWlqQg+sZWTdzPqBB68VEdnkzDY0lHSjSD9/GRpaMt3OWqLpQENOTf/PpP8CK9ZVVe2a
8XoAAAAASUVORK5CYII=
--------------57E18968470EAB32FE46FC72--

--------------FBD02134C2C191424B60DB88--


From nobody Mon Nov 13 07:21:37 2017
Return-Path: <cabo@tzi.org>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4AD9D129449 for <suit@ietfa.amsl.com>; Mon, 13 Nov 2017 07:21:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level: 
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 220dQ3VJxi7G for <suit@ietfa.amsl.com>; Mon, 13 Nov 2017 07:21:35 -0800 (PST)
Received: from mailhost.informatik.uni-bremen.de (mailhost.informatik.uni-bremen.de [IPv6:2001:638:708:30c9::12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 258FD129AF1 for <suit@ietf.org>; Mon, 13 Nov 2017 07:21:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at informatik.uni-bremen.de
Received: from submithost.informatik.uni-bremen.de (submithost.informatik.uni-bremen.de [IPv6:2001:638:708:30c9::b]) by mailhost.informatik.uni-bremen.de (8.14.5/8.14.5) with ESMTP id vADFLVBt024395; Mon, 13 Nov 2017 16:21:31 +0100 (CET)
Received: from dhcp-9924.meeting.ietf.org (dhcp-9924.meeting.ietf.org [31.133.153.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by submithost.informatik.uni-bremen.de (Postfix) with ESMTPSA id 3ybDr86my3zDX8Y; Mon, 13 Nov 2017 16:21:28 +0100 (CET)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <e3f60704-880c-9434-90c9-d77b60dbe356@openca.org>
Date: Mon, 13 Nov 2017 23:21:25 +0800
Cc: suit@ietf.org
X-Mao-Original-Outgoing-Id: 532279285.05632-25cf3e594b684f086ad2faa7737acf83
Content-Transfer-Encoding: quoted-printable
Message-Id: <7507EE90-328A-4D30-BD75-FCED69B906A7@tzi.org>
References: <6437dc89-4706-dcdd-3b7a-f073c44ccfdb@openca.org> <AM4PR0801MB2706FE1F98DFBA3E21404C4DFA2B0@AM4PR0801MB2706.eurprd08.prod.outlook.com> <e3f60704-880c-9434-90c9-d77b60dbe356@openca.org>
To: "Dr. Pala" <madwolf@openca.org>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/QSbR6J6tBy8fvgwkZSYw8SUwwvQ>
Subject: Re: [Suit] Question about draft-moran-suit-manifest-00.txt
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Nov 2017 15:21:36 -0000

On Nov 13, 2017, at 22:29, Dr. Pala <madwolf@openca.org> wrote:
>=20
> Maybe there could be also some space for considering ad-hoc (instead =
of generic encoding rules) binary formats that can be better understood =
by device manufacturer (that usually complain about having even a 5-10k =
enc/dec library... :D).

Prepare to spend 722 bytes of code for the CBOR decoder library (unless =
you need floating point data, then it becomes around 800).

Gr=C3=BC=C3=9Fe, Carsten


From nobody Mon Nov 13 08:16:14 2017
Return-Path: <madwolf@openca.org>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 09059129B10 for <suit@ietfa.amsl.com>; Mon, 13 Nov 2017 08:16:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.89
X-Spam-Level: 
X-Spam-Status: No, score=-1.89 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_HK_NAME_DR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wefsI3gTtgZx for <suit@ietfa.amsl.com>; Mon, 13 Nov 2017 08:16:05 -0800 (PST)
Received: from mail.katezarealty.com (mail.katezarealty.com [104.168.158.213]) by ietfa.amsl.com (Postfix) with ESMTP id E6984129B0A for <suit@ietf.org>; Mon, 13 Nov 2017 08:16:00 -0800 (PST)
Received: from localhost (unknown [127.0.0.1]) by mail.katezarealty.com (Postfix) with ESMTP id BF5B43741029 for <suit@ietf.org>; Mon, 13 Nov 2017 16:16:00 +0000 (UTC)
X-Virus-Scanned: amavisd-new at katezarealty.com
Received: from mail.katezarealty.com ([127.0.0.1]) by localhost (mail.katezarealty.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id LrIGYFIfW3cH for <suit@ietf.org>; Mon, 13 Nov 2017 11:15:55 -0500 (EST)
Received: from dhcp-98fb.meeting.ietf.org (dhcp-98fb.meeting.ietf.org [31.133.152.251]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.katezarealty.com (Postfix) with ESMTPSA id CBB873740F6A for <suit@ietf.org>; Mon, 13 Nov 2017 11:15:54 -0500 (EST)
To: suit@ietf.org
References: <6437dc89-4706-dcdd-3b7a-f073c44ccfdb@openca.org> <AM4PR0801MB2706FE1F98DFBA3E21404C4DFA2B0@AM4PR0801MB2706.eurprd08.prod.outlook.com> <e3f60704-880c-9434-90c9-d77b60dbe356@openca.org> <7507EE90-328A-4D30-BD75-FCED69B906A7@tzi.org>
From: "Dr. Pala" <madwolf@openca.org>
Message-ID: <ad7c113a-9187-d2a7-933e-2f408dfde546@openca.org>
Date: Tue, 14 Nov 2017 00:15:53 +0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <7507EE90-328A-4D30-BD75-FCED69B906A7@tzi.org>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/RFs_mPuRh--CaS8acDD7pNu_niM>
Subject: Re: [Suit] Question about draft-moran-suit-manifest-00.txt
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Nov 2017 16:16:12 -0000

Hi Carsten,

that is really interesting! Can you please provide a reference to such 
implementation?

Thanks,
Max


On 11/13/17 11:21 PM, Carsten Bormann wrote:
> On Nov 13, 2017, at 22:29, Dr. Pala <madwolf@openca.org> wrote:
>> Maybe there could be also some space for considering ad-hoc (instead of generic encoding rules) binary formats that can be better understood by device manufacturer (that usually complain about having even a 5-10k enc/dec library... :D).
> Prepare to spend 722 bytes of code for the CBOR decoder library (unless you need floating point data, then it becomes around 800).
>


From nobody Mon Nov 13 11:25:14 2017
Return-Path: <Brendan.Moran@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 40437129B09 for <suit@ietfa.amsl.com>; Mon, 13 Nov 2017 11:25:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.919
X-Spam-Level: 
X-Spam-Status: No, score=-1.919 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2GcsjvzNNoEd for <suit@ietfa.amsl.com>; Mon, 13 Nov 2017 11:25:10 -0800 (PST)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-db5eur01on0041.outbound.protection.outlook.com [104.47.2.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2CA63129B39 for <suit@ietf.org>; Mon, 13 Nov 2017 11:25:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=RPf113lVHWLFLvt2MVoZsl7jid793292rpEPvxoKg8g=; b=cHPgHtW+IQqRr7EB1AtS1eK3a/M8Qwz9DKN5fuEIlpEoLpDMpYC+KYZHFsnb6+OWmoJP9xTVaucxrvReitcnywbC0Zqx6r8NmhB2lUkp7g4KiotRcoYBsOvurfl5M+4FwoR6GxWqhS/vCwUvXcoJp89i1k7HgEMBwoqdZoGt1Ls=
Received: from DB5PR08MB0615.eurprd08.prod.outlook.com (10.169.32.149) by DB5PR08MB0616.eurprd08.prod.outlook.com (10.169.32.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.218.12; Mon, 13 Nov 2017 19:25:02 +0000
Received: from DB5PR08MB0615.eurprd08.prod.outlook.com ([fe80::b123:af71:1ed2:1057]) by DB5PR08MB0615.eurprd08.prod.outlook.com ([fe80::b123:af71:1ed2:1057%14]) with mapi id 15.20.0218.015; Mon, 13 Nov 2017 19:25:01 +0000
From: Brendan Moran <Brendan.Moran@arm.com>
To: "Dr. Pala" <madwolf@openca.org>
CC: "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] Question about draft-moran-suit-manifest-00.txt
Thread-Index: AQHTXFApDWqRr90y5kihihr5X1wnAaMSXzedgAAOS4CAAA84gIAANNaA
Date: Mon, 13 Nov 2017 19:25:01 +0000
Message-ID: <2D8E2F4B-9D26-4B84-BC4C-4CE2436BEF8D@arm.com>
References: <6437dc89-4706-dcdd-3b7a-f073c44ccfdb@openca.org> <AM4PR0801MB2706FE1F98DFBA3E21404C4DFA2B0@AM4PR0801MB2706.eurprd08.prod.outlook.com> <e3f60704-880c-9434-90c9-d77b60dbe356@openca.org> <7507EE90-328A-4D30-BD75-FCED69B906A7@tzi.org> <ad7c113a-9187-d2a7-933e-2f408dfde546@openca.org>
In-Reply-To: <ad7c113a-9187-d2a7-933e-2f408dfde546@openca.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-mailer: Apple Mail (2.3273)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Brendan.Moran@arm.com; 
x-originating-ip: [81.101.7.188]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DB5PR08MB0616; 6:uq1aWXfvvFE3oLLVFRmqMm7oyiDC71siKUj1vqCTd5Ptz7jrA0nySOaF7cuHA0Ewn/v3aUaOFNr4w1TMzV+cdDdDFC/88wrroaqpfNJzyZlLkYUmHv+IB15IDcm6+7C6MKsYRWeZMHWHVd4mVCttq+dLAoCRyDiWD47EOGTdTvhPUJwQNxcC2aNX2u8CGEejcbgW6FO7hMkjnGlJ9kBYQlHCZVvBRD6Cb5PHplXhFOQFJ/54H/XXXU/cZvbaO5FoujntNDWuv9pHDgjwROxrhiMEVLapEhnmGInOlY4BkMZL/etqdRghVw2Bzto6hD65ENS4aSAR5j90BeB1ZD+r/NVQlIiGDCbQVbrhsXVONFI=; 5:5+zYnVxiMrAaOojeKsdoBPw4y8JnYumNzpL5PEQmfxaCB69G7VsZAYcR5CsbBdsSpFYpskecyTegqFUjtA0qmYfJ+cT2CzzzaZ6NBxASgzj65IJqC2QgGWrYUH3JFgM/eprq+s9kAn9zSH0IQZkChmN3FRVTjRwieR+d/iLiRx4=; 24:tgfA/d57RyemIfpJlUTlliCMbBJuqod/ZrU0l0cG7jX6csHroIoGX+6glYvVIjj69mn1fIKg9Md01mVwj62zccQJnrHQW5noLkSgtc2M8bc=; 7:gkDQ1g0OA78oc7tH1cZWp3r/Q2hTj3WaUUsaVJNi6d4Dq5ifz7Rj5lUSUn7NV5tN6uYyprVAV9oiD1cgNjbpK9MF/JqzBCTLoY5LpN3vXZ6JZnKYcpFUQnt/oSuscfqlM9ubFcBn+tWfNPrzob9UvTeEArTgC1ybGsUiOkW3ePWFYLeB7/R+vh/QXPq1nZAPcYFeNV/KSTvCX/h3APDJ17da14wZ8DfYenF4G0l25zZgIrWZQNgTXl1r0TbKdwdi
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 8ba0a390-9a0b-4c78-7f81-08d52acc3c7c
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603258); SRVR:DB5PR08MB0616; 
x-ms-traffictypediagnostic: DB5PR08MB0616:
x-microsoft-antispam-prvs: <DB5PR08MB06161FD3DF2414884B42BE16EA2B0@DB5PR08MB0616.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(166708455590820);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(93006095)(93001095)(100000703101)(100105400095)(3231022)(3002001)(10201501046)(6055026)(6041248)(20161123555025)(20161123564025)(20161123558100)(20161123562025)(20161123560025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:DB5PR08MB0616; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:DB5PR08MB0616; 
x-forefront-prvs: 0490BBA1F0
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(979002)(376002)(346002)(39860400002)(199003)(24454002)(189002)(40434004)(230783001)(106356001)(8676002)(25786009)(105586002)(7736002)(66066001)(316002)(50226002)(68736007)(81166006)(57306001)(81156014)(2906002)(6436002)(53546010)(8936002)(2900100001)(3280700002)(606006)(6506006)(6486002)(83716003)(3660700001)(82746002)(229853002)(5250100002)(5890100001)(97736004)(4326008)(478600001)(966005)(6116002)(102836003)(14454004)(3846002)(33656002)(36756003)(5660300001)(72206003)(50986999)(101416001)(76176999)(93886005)(189998001)(53936002)(54896002)(6306002)(236005)(53376002)(53366004)(6512007)(6916009)(2950100002)(99286004)(6246003)(86362001)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1101; SCL:1; SRVR:DB5PR08MB0616; H:DB5PR08MB0615.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords;  A:1; MX:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_2D8E2F4B9D264B84BC4C4CE2436BEF8Darmcom_"
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 8ba0a390-9a0b-4c78-7f81-08d52acc3c7c
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Nov 2017 19:25:01.8655 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB5PR08MB0616
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/NCd3tsmk2cLfCGBW9d_UgvypDsw>
Subject: Re: [Suit] Question about draft-moran-suit-manifest-00.txt
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Nov 2017 19:25:13 -0000

--_000_2D8E2F4B9D264B84BC4C4CE2436BEF8Darmcom_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hi Max,

There are many implementations listed here: http://cbor.io/impls.html
I believe the one that Carsten is referring to is this one: https://github.=
com/cabo/cn-cbor

Best Regards,
Brendan

On 13 Nov 2017, at 16:15, Dr. Pala <madwolf@openca.org<mailto:madwolf@openc=
a.org>> wrote:

Hi Carsten,

that is really interesting! Can you please provide a reference to such impl=
ementation?

Thanks,
Max


On 11/13/17 11:21 PM, Carsten Bormann wrote:
On Nov 13, 2017, at 22:29, Dr. Pala <madwolf@openca.org<mailto:madwolf@open=
ca.org>> wrote:
Maybe there could be also some space for considering ad-hoc (instead of gen=
eric encoding rules) binary formats that can be better understood by device=
 manufacturer (that usually complain about having even a 5-10k enc/dec libr=
ary... :D).
Prepare to spend 722 bytes of code for the CBOR decoder library (unless you=
 need floating point data, then it becomes around 800).


_______________________________________________
Suit mailing list
Suit@ietf.org<mailto:Suit@ietf.org>
https://www.ietf.org/mailman/listinfo/suit

IMPORTANT NOTICE: The contents of this email and any attachments are confid=
ential and may also be privileged. If you are not the intended recipient, p=
lease notify the sender immediately and do not disclose the contents to any=
 other person, use it for any purpose, or store or copy the information in =
any medium. Thank you.

--_000_2D8E2F4B9D264B84BC4C4CE2436BEF8Darmcom_
Content-Type: text/html; charset="us-ascii"
Content-ID: <A66D2CC41E1AE341934E3C9B695E3B31@eurprd08.prod.outlook.com>
Content-Transfer-Encoding: quoted-printable

<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
</head>
<body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-lin=
e-break: after-white-space;" class=3D"">
Hi Max,
<div class=3D""><br class=3D"">
</div>
<div class=3D"">There are many implementations listed here:&nbsp;<a href=3D=
"http://cbor.io/impls.html" class=3D"">http://cbor.io/impls.html</a></div>
<div class=3D"">I believe the one that Carsten is referring to is this one:=
&nbsp;<a href=3D"https://github.com/cabo/cn-cbor" class=3D"">https://github=
.com/cabo/cn-cbor</a></div>
<div class=3D""><br class=3D"">
</div>
<div class=3D"">Best Regards,</div>
<div class=3D"">Brendan</div>
<div class=3D""><br class=3D"">
<div>
<blockquote type=3D"cite" class=3D"">
<div class=3D"">On 13 Nov 2017, at 16:15, Dr. Pala &lt;<a href=3D"mailto:ma=
dwolf@openca.org" class=3D"">madwolf@openca.org</a>&gt; wrote:</div>
<br class=3D"Apple-interchange-newline">
<div class=3D"">
<div class=3D"">Hi Carsten,<br class=3D"">
<br class=3D"">
that is really interesting! Can you please provide a reference to such impl=
ementation?<br class=3D"">
<br class=3D"">
Thanks,<br class=3D"">
Max<br class=3D"">
<br class=3D"">
<br class=3D"">
On 11/13/17 11:21 PM, Carsten Bormann wrote:<br class=3D"">
<blockquote type=3D"cite" class=3D"">On Nov 13, 2017, at 22:29, Dr. Pala &l=
t;<a href=3D"mailto:madwolf@openca.org" class=3D"">madwolf@openca.org</a>&g=
t; wrote:<br class=3D"">
<blockquote type=3D"cite" class=3D"">Maybe there could be also some space f=
or considering ad-hoc (instead of generic encoding rules) binary formats th=
at can be better understood by device manufacturer (that usually complain a=
bout having even a 5-10k enc/dec library...
 :D).<br class=3D"">
</blockquote>
Prepare to spend 722 bytes of code for the CBOR decoder library (unless you=
 need floating point data, then it becomes around 800).<br class=3D"">
<br class=3D"">
</blockquote>
<br class=3D"">
_______________________________________________<br class=3D"">
Suit mailing list<br class=3D"">
<a href=3D"mailto:Suit@ietf.org" class=3D"">Suit@ietf.org</a><br class=3D""=
>
https://www.ietf.org/mailman/listinfo/suit<br class=3D"">
</div>
</div>
</blockquote>
</div>
<br class=3D"">
</div>
IMPORTANT NOTICE: The contents of this email and any attachments are confid=
ential and may also be privileged. If you are not the intended recipient, p=
lease notify the sender immediately and do not disclose the contents to any=
 other person, use it for any purpose,
 or store or copy the information in any medium. Thank you.
</body>
</html>

--_000_2D8E2F4B9D264B84BC4C4CE2436BEF8Darmcom_--


From nobody Mon Nov 13 14:09:39 2017
Return-Path: <m.nakhjiri@samsung.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F2C51120725 for <suit@ietfa.amsl.com>; Mon, 13 Nov 2017 14:09:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.79
X-Spam-Level: 
X-Spam-Status: No, score=-6.79 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIM_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral (1024-bit key) reason="invalid (public key: does not support hash algorithm 'sha256')" header.d=samsung.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i5RQj0B2iL-I for <suit@ietfa.amsl.com>; Mon, 13 Nov 2017 14:09:35 -0800 (PST)
Received: from mailout2.w2.samsung.com (mailout2.w2.samsung.com [211.189.100.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A2514120724 for <suit@ietf.org>; Mon, 13 Nov 2017 14:09:35 -0800 (PST)
Received: from uscas1p2.samsung.com (unknown [182.198.245.207]) by mailout2.w2.samsung.com (KnoxPortal) with ESMTP id 20171113220934usoutp02dcda83c2204c334f07fbc2fd841d5d75~2xK2FjMbf1669116691usoutp02e; Mon, 13 Nov 2017 22:09:34 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 mailout2.w2.samsung.com 20171113220934usoutp02dcda83c2204c334f07fbc2fd841d5d75~2xK2FjMbf1669116691usoutp02e
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=samsung.com; s=mail20170921; t=1510610974; bh=S6pcktYMdR9n5wFXRrx6xaEQ5/bmzRrn5GzqJt21qaQ=; h=From:To:Subject:Date:In-reply-to:References:From; b=ejSAw7cPqVLHobRAJPf1+/mlR9Ea7qUErJgb98+M7ky0mHV6vOnehmt5dv8X6HYgz H46Y3kFq6YWA0Xr98dma/JvQFMSJMTfRp4b8R2pTM5g4mGEdAuGe85BqhfWJh1BPyu wjzZaxFHKcfR1wjEcTwX9/0R+c9vgWPQtqxfdGRQ=
Received: from ussmges2.samsung.com (u111.gpu85.samsung.co.kr [203.254.195.111]) by uscas1p2.samsung.com (KnoxPortal) with ESMTP id 20171113220933uscas1p200cfd9aa58175efea7546ad6dba2bc63~2xK1NLlGc2388923889uscas1p2a; Mon, 13 Nov 2017 22:09:33 +0000 (GMT)
Received: from uscas1p2.samsung.com ( [182.198.245.207]) by ussmges2.samsung.com (USCPEMTA) with SMTP id C6.DC.32305.D181A0A5; Mon, 13 Nov 2017 17:09:33 -0500 (EST)
Received: from ussmgxs3.samsung.com (u124.gpu85.samsung.co.kr [203.254.195.124]) by uscas1p2.samsung.com (KnoxPortal) with ESMTP id 20171113220932uscas1p2f1bca0bfbb90a7b567ced3c235ad4a00~2xK0VsQIW2395223952uscas1p2g; Mon, 13 Nov 2017 22:09:32 +0000 (GMT)
X-AuditID: cbfec36f-f79dd6d000007e31-dd-5a0a181d6dab
Received: from usmmp2.samsung.com ( [203.254.195.78]) by ussmgxs3.samsung.com (USCPEXMTA) with SMTP id 4F.03.02102.C181A0A5; Mon, 13 Nov 2017 17:09:32 -0500 (EST)
Received: from SSI-EX4.ssi.samsung.com ([105.128.2.145]) by usmmp2.samsung.com (Oracle Communications Messaging Server 7.0.5.31.0 64bit (built May  5 2014)) with ESMTP id <0OZD00LW0MVW8640@usmmp2.samsung.com>; Mon, 13 Nov 2017 17:09:32 -0500 (EST)
Received: from SSI-EX3.ssi.samsung.com (105.128.2.228) by SSI-EX4.ssi.samsung.com (105.128.2.229) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.1.669.32; Mon, 13 Nov 2017 14:09:31 -0800
Received: from SSI-EX3.ssi.samsung.com ([fe80::8d80:5816:c578:8c36]) by SSI-EX3.ssi.samsung.com ([fe80::8d80:5816:c578:8c36%3]) with mapi id 15.01.0669.032; Mon, 13 Nov 2017 14:09:31 -0800
From: Madjid Nakhjiri <m.nakhjiri@samsung.com>
To: Jari Arkko <jari.arkko@piuha.net>, "suit@ietf.org" <suit@ietf.org>
Thread-topic: [Suit] Follow-up re: my comment on charter and software sources and permissions
Thread-index: AQHTXF9D/THQVkwS+0uMpR6zxknDX6MS32kA
Date: Mon, 13 Nov 2017 22:09:31 +0000
Message-id: <D62F57ED.1125D%m.nakhjiri@ssi.samsung.com>
In-reply-to: <D8B09F1B-81EB-4780-9039-5194C6FA4621@piuha.net>
Accept-Language: en-US
Content-language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-ms-exchange-messagesentrepresentingtype: 1
X-Originating-IP: [105.128.2.176]
Content-type: text/plain; charset="iso-8859-1"
Content-id: <3E63029DFD12244CAB790C47D21DDA6D@ssi.samsung.com>
Content-transfer-encoding: quoted-printable
MIME-version: 1.0
X-CFilter-Loop: Reflected
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFuphleLIzCtJLcpLzFFi42LZduzreV1ZCa4og23TFCxm7FvBZjHz6G1G ByaPJUt+MnlsXTKdLYApissmJTUnsyy1SN8ugSvj6EGFgvk8FVu6hBsYG7m6GDk4JARMJN4t Vuli5AQyxSQu3FvPBmILCSxjlLjxqbiLkQvIbmGS+PpvCzNEkYnE5kM/GSESQEUts6exQDh/ GSXe7noG5XxklJg97T6Uc4BRYt2UDewg/WwCehL7581gBtktIuAmMfVIFUhYWCBOYmbXBLAV IgLxErdu/meFsI0kFp7+wwJiswioSjx+2gRm8wqYS7xs7mMCsTkFbCXmP2sBG88I9MP3U2vA 4swC4hLNrTdZIM4WlFg0ew8zzJ//dj1kg7B1JM5ef8IIYStKPG85yQjRqydxpeEEC4RtJ3G5 +xI7hK0t8eTdBVaIGwQlfky+BzVfUuLgihtg/0oI/GaTOHH7BytEwkXi+prdUEXCEq+Ob2GH sGUkdnx5yjKBUWMWkltnIdk9C8nuWUh2z0KyewEj6ypGkdLi4tz01GIjveLE3OLSvHS95Pzc TYzANHL63+H8HYyPNlgdYhTgYFTi4X1xkTNKiDWxrLgy9xCjBAezkgivBS9XlBBvSmJlVWpR fnxRaU5q8SFGaQ4WJXFehZmrI4UE0hNLUrNTUwtSi2CyTBycUg2MJXxdRT2sO56X3ZX69LhS PU+3SU8kifPGtjRrv3KxTpO/CdYXGjbYZlgu8GU3U9VKjX/OnVJ3mtV6467QlB+5+zWSNacW T+e7PaF/u4azZpnfdgmn5ate/lFvt6usZ5ttzHTLIal0ojG/gUOyr+vMlPjlM59ybxCY4m9z olPs6bzzBc/SHJVYijMSDbWYi4oTAaBJKBYfAwAA
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrMIsWRmVeSWpSXmKPExsVy+t9hP10ZCa4og61fVCxm7FvBZjHz6G1G ByaPJUt+MnlsXTKdLYApissmJTUnsyy1SN8ugSvj6EGFgvk8FVu6hBsYG7m6GDk5JARMJDYf +skIYYtJXLi3nq2LkYtDSGAJo8SZ/XfYIZy/jBJfm3ugnI+MEtPm/oVyDjBKfLnXDdbPJqAn sX/eDOYuRg4OEQE3ialHqkDCwgJxEjO7JjCD2CIC8RJPvy5nh7CNJBae/sMCYrMIqEo8ftoE ZvMKmEu8bO5jArGFBCYxSszbmw9icwrYSsx/1gLWywh06vdTa8BqmAXEJZpbb7JAvCAgsWTP eWYIW1Ti5eN/rBC2jsTZ60+g3lSUeN5ykhGiV0ei9/s3ZgjbTuJy9yV2CFtb4sm7C6wQ9whK /Jh8D2q+pMTBFTdYJjBKzUKyehaSUbOQjJqFZNQsJKMWMLKuYhQpLS7OTa8oNtYrTswtLs1L 10vOz93ECInamh2M977aHGIU4GBU4uF9cZEzSog1say4MvcQowQHs5IIrwUvV5QQb0piZVVq UX58UWlOavEhRmkOFiVx3o17VkcKCaQnlqRmp6YWpBbBZJk4OKUaGCu3aZwrEDvwZn/dVZVn yy2fHKzw5NII351it1i0a2OIakJJ2Z+V0yZc27rXLf/YTbdfqR82/Y2JU3jCP03CVEpiV66B u4nev0lcmi3KhYa/Vj3PCujYKq1U/34F/zqx1U8N5pefvdlyQmADR9s3Xs26GfLTRXL5nne5 pMc6a518/9usTFtkphJLcUaioRZzUXEiAP8/5ePWAgAA
X-CMS-MailID: 20171113220932uscas1p2f1bca0bfbb90a7b567ced3c235ad4a00
X-Msg-Generator: CA
CMS-TYPE: 301P
X-CMS-RootMailID: 20171113091032epcas1p10dd64e6af474ba378552504cf125f3d7
X-RootMTR: 20171113091032epcas1p10dd64e6af474ba378552504cf125f3d7
References: <CGME20171113091032epcas1p10dd64e6af474ba378552504cf125f3d7@epcas1p1.samsung.com> <D8B09F1B-81EB-4780-9039-5194C6FA4621@piuha.net>
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/X4YtM019td5v0f7Yu3nGQez1hoI>
Subject: Re: [Suit] Follow-up re: my comment on charter and software sources and permissions
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Nov 2017 22:09:38 -0000

Hi Jari,=20

Sorry, I am catching up on the context, as I subscribed a few days ago.
Can anybody point me to where examples for permission models are described?


Regards,
Madjid Nakhjiri,=20
Sr. Director, ARTIK Security Architect




On 11/13/17, 1:10 AM, "Suit on behalf of Jari Arkko"
<suit-bounces@ietf.org on behalf of jari.arkko@piuha.net> wrote:

>The meeting is running out of time.
>
>But I wanted to followup to the discussion relating to my comment on the
>mic.
>
>Hannes had responded by saying that we cannot specify who the potential
>sources are.
>
>That wasn=B9t what I suggested or said. I would like the charter to say
>that there=B9s sufficient expressive power in the format to handle
>situations that go beyond the 1 source 1 permission case. The
>architecture draft already talks about this, although from a slightly
>different angle. The actual potential sources and styles of permissions
>are up to individual deployments. What we do in the IETF is capabilities,
>in formats and protocols and so on to enable individual deployments to
>express their situation with our tools. Obviously within some reasonable
>limits, given that we are talking about small, constrained devices.
>
>I was thinking of something along the following lines:
>
>"The format is expected to be expressive enough to allow the use of
>different software sources and permission models."
>
>Jari
>
>_______________________________________________
>Suit mailing list
>Suit@ietf.org
>https://www.ietf.org/mailman/listinfo/suit


From nobody Mon Nov 13 15:21:10 2017
Return-Path: <madwolf@openca.org>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BCDED124E15 for <suit@ietfa.amsl.com>; Mon, 13 Nov 2017 15:21:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.889
X-Spam-Level: 
X-Spam-Status: No, score=-1.889 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_HK_NAME_DR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0DPnCAec4iGr for <suit@ietfa.amsl.com>; Mon, 13 Nov 2017 15:21:05 -0800 (PST)
Received: from mail.katezarealty.com (mail.katezarealty.com [104.168.158.213]) by ietfa.amsl.com (Postfix) with ESMTP id ADDBD120724 for <suit@ietf.org>; Mon, 13 Nov 2017 15:21:05 -0800 (PST)
Received: from localhost (unknown [127.0.0.1]) by mail.katezarealty.com (Postfix) with ESMTP id 3A0263741029 for <suit@ietf.org>; Mon, 13 Nov 2017 23:21:05 +0000 (UTC)
X-Virus-Scanned: amavisd-new at katezarealty.com
Received: from mail.katezarealty.com ([127.0.0.1]) by localhost (mail.katezarealty.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id Cek6CAWVz4NV for <suit@ietf.org>; Mon, 13 Nov 2017 18:20:56 -0500 (EST)
Received: from dhcp-98fb.meeting.ietf.org (dhcp-98fb.meeting.ietf.org [31.133.152.251]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.katezarealty.com (Postfix) with ESMTPSA id 7BF703740F6A for <suit@ietf.org>; Mon, 13 Nov 2017 18:20:55 -0500 (EST)
To: suit@ietf.org
References: <6437dc89-4706-dcdd-3b7a-f073c44ccfdb@openca.org> <AM4PR0801MB2706FE1F98DFBA3E21404C4DFA2B0@AM4PR0801MB2706.eurprd08.prod.outlook.com> <e3f60704-880c-9434-90c9-d77b60dbe356@openca.org> <7507EE90-328A-4D30-BD75-FCED69B906A7@tzi.org> <ad7c113a-9187-d2a7-933e-2f408dfde546@openca.org> <2D8E2F4B-9D26-4B84-BC4C-4CE2436BEF8D@arm.com>
From: "Dr. Pala" <madwolf@openca.org>
Message-ID: <ef3611c9-3713-5ee3-91ec-d1c490d6df80@openca.org>
Date: Tue, 14 Nov 2017 07:20:53 +0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <2D8E2F4B-9D26-4B84-BC4C-4CE2436BEF8D@arm.com>
Content-Type: multipart/alternative; boundary="------------0B082841CC45633718A19462"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/MSZP8WkjZOrhJHWa5_ZaNQ1z83M>
Subject: [Suit] CBOR on MicroControllers (was Re: Question about draft-moran-suit-manifest-00.txt)
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Nov 2017 23:21:08 -0000

This is a multi-part message in MIME format.
--------------0B082841CC45633718A19462
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit

Hi Brendan,

thanks for the reference. From a quick scan of the C implementation it 
seems they all seem implementations that require an OS and/or stdlib (I 
might be wrong, though :D). Does anybody on the list have experience (or 
references) with developing CBOR on a microcontroller ?

Cheers,
Max


On 11/14/17 3:25 AM, Brendan Moran wrote:
> Hi Max,
>
> There are many implementations listed here: http://cbor.io/impls.html
> I believe the one that Carsten is referring to is this one: 
> https://github.com/cabo/cn-cbor
>
> Best Regards,
> Brendan
>
>> On 13 Nov 2017, at 16:15, Dr. Pala <madwolf@openca.org 
>> <mailto:madwolf@openca.org>> wrote:
>>
>> Hi Carsten,
>>
>> that is really interesting! Can you please provide a reference to 
>> such implementation?
>>
>> Thanks,
>> Max
>>
>>
>> On 11/13/17 11:21 PM, Carsten Bormann wrote:
>>> On Nov 13, 2017, at 22:29, Dr. Pala <madwolf@openca.org 
>>> <mailto:madwolf@openca.org>> wrote:
>>>> Maybe there could be also some space for considering ad-hoc 
>>>> (instead of generic encoding rules) binary formats that can be 
>>>> better understood by device manufacturer (that usually complain 
>>>> about having even a 5-10k enc/dec library... :D).
>>> Prepare to spend 722 bytes of code for the CBOR decoder library 
>>> (unless you need floating point data, then it becomes around 800).
>>>
>>
>> _______________________________________________
>> Suit mailing list
>> Suit@ietf.org <mailto:Suit@ietf.org>
>> https://www.ietf.org/mailman/listinfo/suit
>
> IMPORTANT NOTICE: The contents of this email and any attachments are 
> confidential and may also be privileged. If you are not the intended 
> recipient, please notify the sender immediately and do not disclose 
> the contents to any other person, use it for any purpose, or store or 
> copy the information in any medium. Thank you.
>
>
> _______________________________________________
> Suit mailing list
> Suit@ietf.org
> https://www.ietf.org/mailman/listinfo/suit


--------------0B082841CC45633718A19462
Content-Type: text/html; charset=windows-1252
Content-Transfer-Encoding: 8bit

<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html;
      charset=windows-1252">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <p>Hi Brendan,</p>
    <p>thanks for the reference. From a quick scan of the C
      implementation it seems they all seem implementations that require
      an OS and/or stdlib (I might be wrong, though :D). Does anybody on
      the list have experience (or references) with developing CBOR on a
      microcontroller ?</p>
    <p>Cheers,<br>
      Max<br>
    </p>
    <br>
    <div class="moz-cite-prefix">On 11/14/17 3:25 AM, Brendan Moran
      wrote:<br>
    </div>
    <blockquote type="cite"
      cite="mid:2D8E2F4B-9D26-4B84-BC4C-4CE2436BEF8D@arm.com">
      <meta http-equiv="Content-Type" content="text/html;
        charset=windows-1252">
      Hi Max,
      <div class=""><br class="">
      </div>
      <div class="">There are many implementations listed here:�<a
          href="http://cbor.io/impls.html" class=""
          moz-do-not-send="true">http://cbor.io/impls.html</a></div>
      <div class="">I believe the one that Carsten is referring to is
        this one:�<a href="https://github.com/cabo/cn-cbor" class=""
          moz-do-not-send="true">https://github.com/cabo/cn-cbor</a></div>
      <div class=""><br class="">
      </div>
      <div class="">Best Regards,</div>
      <div class="">Brendan</div>
      <div class=""><br class="">
        <div>
          <blockquote type="cite" class="">
            <div class="">On 13 Nov 2017, at 16:15, Dr. Pala &lt;<a
                href="mailto:madwolf@openca.org" class=""
                moz-do-not-send="true">madwolf@openca.org</a>&gt; wrote:</div>
            <br class="Apple-interchange-newline">
            <div class="">
              <div class="">Hi Carsten,<br class="">
                <br class="">
                that is really interesting! Can you please provide a
                reference to such implementation?<br class="">
                <br class="">
                Thanks,<br class="">
                Max<br class="">
                <br class="">
                <br class="">
                On 11/13/17 11:21 PM, Carsten Bormann wrote:<br class="">
                <blockquote type="cite" class="">On Nov 13, 2017, at
                  22:29, Dr. Pala &lt;<a
                    href="mailto:madwolf@openca.org" class=""
                    moz-do-not-send="true">madwolf@openca.org</a>&gt;
                  wrote:<br class="">
                  <blockquote type="cite" class="">Maybe there could be
                    also some space for considering ad-hoc (instead of
                    generic encoding rules) binary formats that can be
                    better understood by device manufacturer (that
                    usually complain about having even a 5-10k enc/dec
                    library... :D).<br class="">
                  </blockquote>
                  Prepare to spend 722 bytes of code for the CBOR
                  decoder library (unless you need floating point data,
                  then it becomes around 800).<br class="">
                  <br class="">
                </blockquote>
                <br class="">
                _______________________________________________<br
                  class="">
                Suit mailing list<br class="">
                <a href="mailto:Suit@ietf.org" class=""
                  moz-do-not-send="true">Suit@ietf.org</a><br class="">
                <a class="moz-txt-link-freetext" href="https://www.ietf.org/mailman/listinfo/suit">https://www.ietf.org/mailman/listinfo/suit</a><br class="">
              </div>
            </div>
          </blockquote>
        </div>
        <br class="">
      </div>
      IMPORTANT NOTICE: The contents of this email and any attachments
      are confidential and may also be privileged. If you are not the
      intended recipient, please notify the sender immediately and do
      not disclose the contents to any other person, use it for any
      purpose, or store or copy the information in any medium. Thank
      you.
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
Suit mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Suit@ietf.org">Suit@ietf.org</a>
<a class="moz-txt-link-freetext" href="https://www.ietf.org/mailman/listinfo/suit">https://www.ietf.org/mailman/listinfo/suit</a>
</pre>
    </blockquote>
    <br>
  </body>
</html>

--------------0B082841CC45633718A19462--


From nobody Mon Nov 13 16:18:44 2017
Return-Path: <cabo@tzi.org>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9246B1288A9 for <suit@ietfa.amsl.com>; Mon, 13 Nov 2017 16:18:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level: 
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CAFeERAC60mr for <suit@ietfa.amsl.com>; Mon, 13 Nov 2017 16:18:41 -0800 (PST)
Received: from mailhost.informatik.uni-bremen.de (mailhost.informatik.uni-bremen.de [IPv6:2001:638:708:30c9::12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 474671200CF for <suit@ietf.org>; Mon, 13 Nov 2017 16:18:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at informatik.uni-bremen.de
Received: from submithost.informatik.uni-bremen.de (submithost.informatik.uni-bremen.de [IPv6:2001:638:708:30c9::b]) by mailhost.informatik.uni-bremen.de (8.14.5/8.14.5) with ESMTP id vAE0IbTQ017240; Tue, 14 Nov 2017 01:18:37 +0100 (CET)
Received: from dhcp-9924.meeting.ietf.org (dhcp-9924.meeting.ietf.org [31.133.153.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by submithost.informatik.uni-bremen.de (Postfix) with ESMTPSA id 3ybSlw3WC7zDXFV; Tue, 14 Nov 2017 01:18:36 +0100 (CET)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <ef3611c9-3713-5ee3-91ec-d1c490d6df80@openca.org>
Date: Tue, 14 Nov 2017 08:18:32 +0800
Cc: suit@ietf.org
X-Mao-Original-Outgoing-Id: 532311512.550452-ef3ec5f083a577eb8a9f893efeb4dfd8
Content-Transfer-Encoding: quoted-printable
Message-Id: <B1A9961C-3E23-4259-B530-0FB34AC25F14@tzi.org>
References: <6437dc89-4706-dcdd-3b7a-f073c44ccfdb@openca.org> <AM4PR0801MB2706FE1F98DFBA3E21404C4DFA2B0@AM4PR0801MB2706.eurprd08.prod.outlook.com> <e3f60704-880c-9434-90c9-d77b60dbe356@openca.org> <7507EE90-328A-4D30-BD75-FCED69B906A7@tzi.org> <ad7c113a-9187-d2a7-933e-2f408dfde546@openca.org> <2D8E2F4B-9D26-4B84-BC4C-4CE2436BEF8D@arm.com> <ef3611c9-3713-5ee3-91ec-d1c490d6df80@openca.org>
To: "Dr. Pala" <madwolf@openca.org>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/YXAKHnnDMpxAlLwtX3pqTYF8lGM>
Subject: Re: [Suit] CBOR on MicroControllers (was Re: Question about draft-moran-suit-manifest-00.txt)
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Nov 2017 00:18:42 -0000

> On Nov 14, 2017, at 07:20, Dr. Pala <madwolf@openca.org> wrote:
>=20
> Hi Brendan,
>=20
> thanks for the reference. =46rom a quick scan of the C implementation =
it seems they all seem implementations that require an OS and/or stdlib =
(I might be wrong, though :D). Does anybody on the list have experience =
(or references) with developing CBOR on a microcontroller ?

cn-cbor was specifically designed to run in an environment without =
malloc (even though it defaults to using it) =E2=80=94 that=E2=80=99s =
where the code size measurements are from.  There are a few other =
implementations of this kind, e.g. the one in RIOT (which does need some =
serious attention, though). Of course, the majority of the 45 =
implementations for 20 programming languages are for general purpose =
environments, if only because the language itself is so.  C, C++, and =
maybe Rust are the languages used in the embedded space.

Gr=C3=BC=C3=9Fe, Carsten


From nobody Mon Nov 13 18:16:25 2017
Return-Path: <lear@cisco.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 26909129B5B for <suit@ietfa.amsl.com>; Mon, 13 Nov 2017 18:16:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.52
X-Spam-Level: 
X-Spam-Status: No, score=-14.52 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hB8HoT4x6Qrz for <suit@ietfa.amsl.com>; Mon, 13 Nov 2017 18:16:22 -0800 (PST)
Received: from bgl-iport-1.cisco.com (bgl-iport-1.cisco.com [72.163.197.25]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E232112954B for <suit@ietf.org>; Mon, 13 Nov 2017 18:16:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4397; q=dns/txt; s=iport; t=1510625782; x=1511835382; h=subject:to:references:from:message-id:date:mime-version: in-reply-to; bh=ca8hxlruj4e/iWrOVSP4S508pKP+ZF7DoYCaGT51UcE=; b=aZ1Ei3Foa7fRvx0KMvRWl+FWbBlfOBeFBLHR1qkUSq/gupGE19Dp+15Q S3tf6N0mv2sIkED3g/h4tkuNFEn/anfuEjaJqrr0yWUvJt5QDbRlx4vUr 8FDPLsGnPghtz2A7x+NlSFGFTmiTQf31P8yRwlEUodQn8Kqf7fSZDlkOU o=;
X-Files: signature.asc : 481
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CtAACRUApa/xjFo0hbGQEBAQEBAQEBA?= =?us-ascii?q?QEBAQcBAQEBAYUHhCWKH3SQEiaRCIVIghEHA4IBgzoChSQYAQEBAQEBAQEBayi?= =?us-ascii?q?FHwEFI2YLBAETKgICVwYBDAgBAYoeq0qCJyaKagEBAQEBAQEBAgEBAQEBAQEBA?= =?us-ascii?q?QEBDg+DNIVuC4J2iCyCYwWKOohAjzCERoIkjhqLfYdFliSBOR84gXI0IQgdFYM?= =?us-ascii?q?ugxCBWzSIfwEBAQ?=
X-IronPort-AV: E=Sophos;i="5.44,392,1505779200";  d="asc'?scan'208,217";a="78746236"
Received: from vla196-nat.cisco.com (HELO bgl-core-3.cisco.com) ([72.163.197.24]) by bgl-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 14 Nov 2017 02:16:19 +0000
Received: from [10.70.234.7] ([10.70.234.7]) by bgl-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id vAE2GHJ2029201; Tue, 14 Nov 2017 02:16:18 GMT
To: Jari Arkko <jari.arkko@piuha.net>, suit@ietf.org
References: <D8B09F1B-81EB-4780-9039-5194C6FA4621@piuha.net>
From: Eliot Lear <lear@cisco.com>
Message-ID: <03b5cdc4-3388-3d11-7126-54e9bfcebe95@cisco.com>
Date: Tue, 14 Nov 2017 10:15:49 +0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <D8B09F1B-81EB-4780-9039-5194C6FA4621@piuha.net>
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="nk6Ms0uL6qsK8CsQI6BvJlIwSmxUEMwhc"
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/wIUCHrO0wrw_tx7aNYNLXKvmMao>
Subject: Re: [Suit] Follow-up re: my comment on charter and software sources and permissions
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Nov 2017 02:16:24 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--nk6Ms0uL6qsK8CsQI6BvJlIwSmxUEMwhc
Content-Type: multipart/mixed; boundary="1ojecGRF7GGTUk2jSiNtd9b3oxHQtvxrf";
 protected-headers="v1"
From: Eliot Lear <lear@cisco.com>
To: Jari Arkko <jari.arkko@piuha.net>, suit@ietf.org
Message-ID: <03b5cdc4-3388-3d11-7126-54e9bfcebe95@cisco.com>
Subject: Re: [Suit] Follow-up re: my comment on charter and software sources
 and permissions
References: <D8B09F1B-81EB-4780-9039-5194C6FA4621@piuha.net>
In-Reply-To: <D8B09F1B-81EB-4780-9039-5194C6FA4621@piuha.net>

--1ojecGRF7GGTUk2jSiNtd9b3oxHQtvxrf
Content-Type: multipart/alternative;
 boundary="------------4DEEA334352C314EECC8EDD4"
Content-Language: en-US

This is a multi-part message in MIME format.
--------------4DEEA334352C314EECC8EDD4
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Hi Jari,

On 11/13/17 5:10 PM, Jari Arkko wrote:
> I was thinking of something along the following lines:
>
> "The format is expected to be expressive enough to allow the use of dif=
ferent software sources and permission models."
>

I wasn't in the room for the whole discussion, but I presume there are
two possible use cases here:

  * the case where a particular deployment wants to authorize and
    inventory specific releases for a given set of devices; and
  * the case where a manufacturer is about to drop dead, and you want
    someone else to be able to continue development in a deployable fashi=
on.

Is this something where what we are really talking about is just
cross-signed signing certificates?=C2=A0 The reason I'm asking is that it=

would be good to scope DOWN the work where possible.=C2=A0 The point is t=
hat
if we are able to scope toe work to at least prefer as much existing
infrastructure where practicable, that would be good.

Eliot



--------------4DEEA334352C314EECC8EDD4
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable

<html>
  <head>
    <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dutf=
-8">
  </head>
  <body text=3D"#000000" bgcolor=3D"#FFFFFF">
    <p>Hi Jari,<br>
    </p>
    <div class=3D"moz-cite-prefix">On 11/13/17 5:10 PM, Jari Arkko wrote:=
<br>
    </div>
    <blockquote type=3D"cite"
      cite=3D"mid:D8B09F1B-81EB-4780-9039-5194C6FA4621@piuha.net">
      <pre wrap=3D"">
I was thinking of something along the following lines:

"The format is expected to be expressive enough to allow the use of diffe=
rent software sources and permission models."

</pre>
    </blockquote>
    <br>
    I wasn't in the room for the whole discussion, but I presume there
    are two possible use cases here:<br>
    <ul>
      <li>the case where a particular deployment wants to authorize and
        inventory specific releases for a given set of devices; and</li>
      <li>the case where a manufacturer is about to drop dead, and you
        want someone else to be able to continue development in a
        deployable fashion.</li>
    </ul>
    <p>Is this something where what we are really talking about is just
      cross-signed signing certificates?=C2=A0 The reason I'm asking is t=
hat
      it would be good to scope DOWN the work where possible.=C2=A0 The p=
oint
      is that if we are able to scope toe work to at least prefer as
      much existing infrastructure where practicable, that would be
      good.<br>
    </p>
    <p>Eliot</p>
    <p><br>
    </p>
  </body>
</html>

--------------4DEEA334352C314EECC8EDD4--

--1ojecGRF7GGTUk2jSiNtd9b3oxHQtvxrf--

--nk6Ms0uL6qsK8CsQI6BvJlIwSmxUEMwhc
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2

iQEcBAEBCAAGBQJaClHVAAoJEIe2a0bZ0nozDhQIAKknSyWj2w0vioSRVnMNNm26
b4riMpCB/r3GjXyRFFiVCT/znv6suqtBNKpg5NIYRL6DcA1UW35G0z8MAWdVV+eJ
0zbhB8Jrvs884YRwRX0kL6SfeFcNoZjX0clagu4b5gOornz6HPDrgBsPGaB/51pC
4F4AE3sa+1svqj11MLve+HDczeybNB74IOghXK3wF3TKgGg8zZU69sEbMoJRUTX8
83ZMx/MzE+qwS0J/PC02SdOLm32UT2pfA9AhfqfnUudH7ZYK2UT1B7A6be5fkMz+
TTMG6XpKcoolbBJj0+KIUO3KZyjHSHHYcA4zA4P+Zm12rMRQzIOJbz5jndDAg8w=
=2k88
-----END PGP SIGNATURE-----

--nk6Ms0uL6qsK8CsQI6BvJlIwSmxUEMwhc--


From nobody Mon Nov 13 19:04:50 2017
Return-Path: <david.waltermire@nist.gov>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7AF40127B31 for <suit@ietfa.amsl.com>; Mon, 13 Nov 2017 19:04:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ADMB_UzhOBUw for <suit@ietfa.amsl.com>; Mon, 13 Nov 2017 19:04:46 -0800 (PST)
Received: from gcc01-dm2-obe.outbound.protection.outlook.com (mail-dm2gcc01on0138.outbound.protection.outlook.com [23.103.201.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5C3311242F7 for <suit@ietf.org>; Mon, 13 Nov 2017 19:04:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=XgPtHTtAJXcoEiDbEHtimV7wAj7904WmAvlS6C16QaU=; b=JJrangyT5lLJlX9eDqKMogb5vEpVl/kQLJxtB4jC+F/tpE1wq8HjcV29kJmFomympyfWbuATgjE+Sn+j+t57ww8S+YYeE4Z86EbP7WLHu6EjLJMs+QEVW94YIgV6ePVyWitN8x2gqfCtHztQXeUGAkiNSHpbBx7nca0FQEpQk+s=
Received: from CY4PR09MB1495.namprd09.prod.outlook.com (10.173.191.141) by CY4PR09MB1495.namprd09.prod.outlook.com (10.173.191.141) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.218.12; Tue, 14 Nov 2017 03:04:44 +0000
Received: from CY4PR09MB1495.namprd09.prod.outlook.com ([10.173.191.141]) by CY4PR09MB1495.namprd09.prod.outlook.com ([10.173.191.141]) with mapi id 15.20.0218.015; Tue, 14 Nov 2017 03:04:44 +0000
From: "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>
To: Toerless Eckert <tte@cs.fau.de>, "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] suit charter points
Thread-Index: AQHTXF6WTFwhWfTKb02s5QM1MHq7VKMTLevI
Date: Tue, 14 Nov 2017 03:04:44 +0000
Message-ID: <CY4PR09MB149578E42036FB4D2155E3C3F0280@CY4PR09MB1495.namprd09.prod.outlook.com>
References: <20171113090522.GZ19390@faui40p.informatik.uni-erlangen.de>
In-Reply-To: <20171113090522.GZ19390@faui40p.informatik.uni-erlangen.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: spf=none (sender IP is ) smtp.mailfrom=david.waltermire@nist.gov; 
x-originating-ip: [129.6.222.10]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; CY4PR09MB1495; 6:SH/I1DSz6Wh5gZ8q2jPrX8TXZWNJPpGJ1G+DbkgiDXvSs9x7+uaCTgIdGQiwrJuPODd4mxlG5fUq/t1d1bbf/oq6Vqy/DP0yqhQODAqvjmbq/PIJvywcr+bPUxooHL2JpFfbjtpIpzWYuTOP0jfJsU58k8EYoS0QZE5N+r7JutNWAX/rCW//5RDBd0RRuMNeFqjwL6VWgvzxHbHgTx7m12opmrBNkQDmmsooszdN+rMZCnE0K1QjVRTq4i5QuJ1MauUCEymvS1JrBaSFzuw02NgeFppKBrNI1SSuXd9hqIVT5RcZ+IBffVnAjJHe6w0Y17rNm1Ta72HemyhZR5HRMNnOHCyOaZhtij5v8NX32q0=; 5:9AKpaTW9zANUt5dsU00NzORg9mcbNvatS8MjBRkJ1ENC3JNFAMx7/peFRE2cjLW3/2cOL8wnz4d983C5335xLEqGiN+qQdumHfNsH/zFoTgjDJ+70N40MhUs5sr1VZOI6qr79lNb71plFbkHCoCfO7olhZdkl/AR0oYzK8Rin7Y=; 24:iPU5gaIh7XdN6geQ+Q7lREYFCqADNVAhNR6ul0W4leOGIM56r0E8GkzZBJKu2yw+mM0HMgcRF5cnt4bc7AraL7iEIxHc8vRcN1zrLwGW2r8=; 7:5Jwn2es9BgyUfb2gypuyNsIg16DiBiO8fS1jgf9zOKFYVszdOiiraPXWldnRTNQVA6pDTAEklXDa75KE8fywh9yY0hhL8tpWCtqYOzeNI/8HwvtWfqfZkrZvBvZDDcgUIO2Mp9XxrurNGdxFd9YNrOxJkv2FW4zMaEZtthY5gNqKBJIi3SSv7PZSoFM2xOErrIxW3RU7ZEJrrgdCSzG5MZk2DMMEmATnGRKkyUfgqMBKWGCq8+cUSkrHaWngeHdk
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: e3ece230-3d98-46d3-2099-08d52b0c750b
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(2017052603199); SRVR:CY4PR09MB1495; 
x-ms-traffictypediagnostic: CY4PR09MB1495:
x-microsoft-antispam-prvs: <CY4PR09MB1495028F2876129C573B4001F0280@CY4PR09MB1495.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(189930954265078)(219752817060721);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(3231022)(100000703101)(100105400095)(10201501046)(93006095)(93001095)(3002001)(6055026)(6041248)(20161123560025)(20161123562025)(20161123564025)(20161123558100)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123555025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:CY4PR09MB1495; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:CY4PR09MB1495; 
x-forefront-prvs: 04916EA04C
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39860400002)(346002)(376002)(189002)(199003)(7696004)(55016002)(6606003)(14454004)(2950100002)(33656002)(50986999)(68736007)(53546010)(606006)(5660300001)(76176999)(54356999)(81166006)(8676002)(105586002)(106356001)(8936002)(101416001)(81156014)(74316002)(3660700001)(7736002)(53936002)(19627405001)(2900100001)(236005)(9686003)(54896002)(6306002)(6246003)(6436002)(3846002)(6116002)(6506006)(77096006)(66066001)(86362001)(3280700002)(2906002)(25786009)(110136005)(575784001)(316002)(99286004)(2501003)(45080400002)(97736004)(478600001)(189998001)(966005)(229853002)(102836003)(21314002); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR09MB1495; H:CY4PR09MB1495.namprd09.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords;  MX:1; A:1; LANG:en; 
received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_CY4PR09MB149578E42036FB4D2155E3C3F0280CY4PR09MB1495namp_"
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-Network-Message-Id: e3ece230-3d98-46d3-2099-08d52b0c750b
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Nov 2017 03:04:44.5746 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR09MB1495
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/K-Lue8BSOSI2qxQvnKTzEJ75Se8>
Subject: Re: [Suit] suit charter points
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Nov 2017 03:04:48 -0000

--_000_CY4PR09MB149578E42036FB4D2155E3C3F0280CY4PR09MB1495namp_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Comments are inline below marked DAW.


Thanks,

Dave

________________________________
From: Suit <suit-bounces@ietf.org> on behalf of Toerless Eckert <tte@cs.fau=
.de>
Sent: Monday, November 13, 2017 5:05 PM
To: suit@ietf.org
Subject: [Suit] suit charter points

To repeat my comments on the mike in the BOF:

1. I would like to make sure that the charter allows for the following two =
points to
be defined into the architecture mentioned by the charter, even if not
all devices may be able to support them. IMHO these are mandatory for reall=
y
reliable firmware upgrade and it would be a wasted opportunity to do all th=
is work
and yet only produce results for devices thart will not provide real reliab=
le
ugprade solutions.

a) Ability for automatic downgrade, eg: automatic unless some external veri=
fication of
correct operation of the new firmware has succeeded. Ideally, verification =
of
the new firmware is trial-run download of yet another firmware image or the
like..

b) ability to query the device for capabilities thart will allow to underst=
and
what firmware/signing/etc of a firmware will be accepted by the device.

[DAW: (As chair) The charter does not prevent a resulting solution from sup=
porting these capabilities. If chartered, the group will need to discuss th=
is as part of our work on the architecture.

(as a participant) I believe there is room for this proposed working group =
to develop guidance on why some of these features are desirable, and to dis=
cuss how the solution may be used to support these features.]

2. Wrt to "new" components: Instead of saying "charter does not allow new w=
ork XXX"
(XXX =3D transport, serialization etc..). A better rule would be not do som=
ething new unless
evaluation shows that new work is required especially because of footprint =
of existing
solutions being too large for class 1 devices.

[DAW: (as chair) I think we need to do more work in this space before we ge=
t to a point where this might even be proven true. If we discover gaps in e=
xisting work, we can always recharter in the future to take on new work, or=
 work with other WGs (or SDOs) to address these gaps, whichever is most app=
ropriate.]

Toerless

_______________________________________________
Suit mailing list
Suit@ietf.org
https://na01.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fwww.ietf=
.org%2Fmailman%2Flistinfo%2Fsuit&data=3D02%7C01%7Cdavid.waltermire%40nist.g=
ov%7C63f0c192ac66414c728508d52a75b1bd%7C2ab5d82fd8fa4797a93e054655c61dec%7C=
1%7C0%7C636461607336306761&sdata=3DvHfdE3BsiYP%2BQxpMgg%2BgU8fpRi2vXPHy7DaN=
VpDs9W8%3D&reserved=3D0

--_000_CY4PR09MB149578E42036FB4D2155E3C3F0280CY4PR09MB1495namp_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Diso-8859-=
1">
<style type=3D"text/css" style=3D"display:none;"><!-- P {margin-top:0;margi=
n-bottom:0;} --></style>
</head>
<body dir=3D"ltr">
<div id=3D"divtagdefaultwrapper" style=3D"font-size:12pt;color:#000000;font=
-family:Calibri,Helvetica,sans-serif;" dir=3D"ltr">
<p style=3D"color: rgb(0, 0, 0); font-family: Calibri,Helvetica,sans-serif,=
'EmojiFont','Apple Color Emoji', 'Segoe UI Emoji', NotoColorEmoji, 'Segoe U=
I Symbol', 'Android Emoji', EmojiSymbols; font-size: 12pt;" dir=3D"ltr">
Comments are inline below marked DAW.<br>
</p>
<p><br>
</p>
<p>Thanks,</p>
<p>Dave</p>
<div style=3D"color: rgb(0, 0, 0); font-family: Calibri,Helvetica,sans-seri=
f,'EmojiFont','Apple Color Emoji', 'Segoe UI Emoji', NotoColorEmoji, 'Segoe=
 UI Symbol', 'Android Emoji', EmojiSymbols; font-size: 12pt;" dir=3D"ltr">
<br>
</div>
<div style=3D"color: rgb(0, 0, 0); font-family: Calibri,Helvetica,sans-seri=
f,'EmojiFont','Apple Color Emoji', 'Segoe UI Emoji', NotoColorEmoji, 'Segoe=
 UI Symbol', 'Android Emoji', EmojiSymbols; font-size: 12pt;" dir=3D"ltr">
<hr tabindex=3D"-1" style=3D"width: 98%; display: inline-block;">
<div id=3D"divRplyFwdMsg" dir=3D"ltr"><font color=3D"#000000" face=3D"Calib=
ri, sans-serif" style=3D"font-size: 11pt;"><b>From:</b> Suit &lt;suit-bounc=
es@ietf.org&gt; on behalf of Toerless Eckert &lt;tte@cs.fau.de&gt;<br>
<b>Sent:</b> Monday, November 13, 2017 5:05 PM<br>
<b>To:</b> suit@ietf.org<br>
<b>Subject:</b> [Suit] suit charter points</font>
<div>&nbsp;</div>
</div>
<div class=3D"BodyFragment"><font size=3D"2"><span style=3D"font-size: 10pt=
;">
<div class=3D"PlainText">To repeat my comments on the mike in the BOF:<br>
<br>
1. I would like to make sure that the charter allows for the following two =
points to<br>
be defined into the architecture mentioned by the charter, even if not<br>
all devices may be able to support them. IMHO these are mandatory for reall=
y<br>
reliable firmware upgrade and it would be a wasted opportunity to do all th=
is work<br>
and yet only produce results for devices thart will not provide real reliab=
le<br>
ugprade solutions.<br>
<br>
a) Ability for automatic downgrade, eg: automatic unless some external veri=
fication of<br>
correct operation of the new firmware has succeeded. Ideally, verification =
of<br>
the new firmware is trial-run download of yet another firmware image or the=
<br>
like.. <br>
<br>
b) ability to query the device for capabilities thart will allow to underst=
and<br>
what firmware/signing/etc of a firmware will be accepted by the device.<br>
</div>
<div class=3D"PlainText"><br>
</div>
<div class=3D"PlainText">[DAW: (As chair)&nbsp;The charter does not prevent=
&nbsp;a resulting solution from supporting these capabilities. If chartered=
,&nbsp;the group&nbsp;will need to&nbsp;discuss this as part of our&nbsp;wo=
rk on the architecture.</div>
<div class=3D"PlainText"><br>
</div>
<div class=3D"PlainText">(as a participant) I believe there is room for thi=
s proposed working group to develop guidance on why some of these features =
are desirable, and to discuss how the solution may be used to support these=
 features.]</div>
<div class=3D"PlainText"><br>
2. Wrt to &quot;new&quot; components: Instead of saying &quot;charter does =
not allow new work XXX&quot;<br>
(XXX =3D transport, serialization etc..). A better rule would be not do som=
ething new unless<br>
evaluation shows that new work is required especially because of footprint =
of existing<br>
solutions being too large for class 1 devices.<br>
</div>
<div class=3D"PlainText"><br>
</div>
<div class=3D"PlainText">[DAW: (as chair) I think we need to do more work i=
n this space before we get to a point where this might even be proven&nbsp;=
true. If we discover gaps in existing work, we can always recharter in the =
future to take on&nbsp;new work, or work with
 other WGs (or SDOs)&nbsp;to address these gaps, whichever is most appropri=
ate.]</div>
<div class=3D"PlainText"><br>
Toerless<br>
<br>
_______________________________________________<br>
Suit mailing list<br>
Suit@ietf.org<br>
<a id=3D"LPlnk636854" href=3D"https://na01.safelinks.protection.outlook.com=
/?url=3Dhttps%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fsuit&amp;data=3D0=
2%7C01%7Cdavid.waltermire%40nist.gov%7C63f0c192ac66414c728508d52a75b1bd%7C2=
ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C636461607336306761&amp;sdata=3DvH=
fdE3BsiYP%2BQxpMgg%2BgU8fpRi2vXPHy7DaNVpDs9W8%3D&amp;reserved=3D0" previewr=
emoved=3D"true">https://na01.safelinks.protection.outlook.com/?url=3Dhttps%=
3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fsuit&amp;data=3D02%7C01%7Cdavid=
.waltermire%40nist.gov%7C63f0c192ac66414c728508d52a75b1bd%7C2ab5d82fd8fa479=
7a93e054655c61dec%7C1%7C0%7C636461607336306761&amp;sdata=3DvHfdE3BsiYP%2BQx=
pMgg%2BgU8fpRi2vXPHy7DaNVpDs9W8%3D&amp;reserved=3D0</a><br>
</div>
</span></font></div>
</div>
</div>
</body>
</html>

--_000_CY4PR09MB149578E42036FB4D2155E3C3F0280CY4PR09MB1495namp_--


From nobody Mon Nov 13 19:19:47 2017
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 81864126FDC for <suit@ietfa.amsl.com>; Mon, 13 Nov 2017 19:19:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level: 
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9DR_7eIflWut for <suit@ietfa.amsl.com>; Mon, 13 Nov 2017 19:19:45 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 58B32126CC7 for <suit@ietf.org>; Mon, 13 Nov 2017 19:19:45 -0800 (PST)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 2452E20008; Mon, 13 Nov 2017 22:21:21 -0500 (EST)
Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 77BFF82B23; Mon, 13 Nov 2017 22:19:44 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Robert Moskowitz <rgm-sec@htt-consult.com>
cc: "Dr. Pala" <director@openca.org>, suit@ietf.org
In-Reply-To: <52399064-8b8c-c407-31c7-32134b966855@htt-consult.com>
References: <cac69656-c20b-f385-97e7-44e0a3ba1ca2@openca.org> <52399064-8b8c-c407-31c7-32134b966855@htt-consult.com>
X-Mailer: MH-E 8.6; nmh 1.7-RC3; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature"
Date: Mon, 13 Nov 2017 22:19:44 -0500
Message-ID: <32029.1510629584@obiwan.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/WqsgxIz9HXCwAqFoJQVzvT8TWR8>
Subject: Re: [Suit] Possible additional considerations for Suit
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Nov 2017 03:19:46 -0000

--=-=-=
Content-Type: text/plain


Robert Moskowitz <rgm-sec@htt-consult.com> wrote:
    drpala> * Public Crypto. Is there any interest in providing any special
    drpala> considerations for devices that have support for public crypto
    drpala> (e.g., small crypto accelerators - ECDSA-P256/SHA256)? The
    drpala> availability of small crypto chip that allow for secure storage
    drpala> and off-chip crypto ops might benefit from special
    drpala> treatment/considerations... ?

    > Why do you stop at ECDSA? What of ED25519? We can get smaller with
    > that. Is it the job of SUIT to specify this? I feel it might be an
    > barrier to progress rather than a help.

I am very enthusiastic about Ed25519, and I'm pretty sure that whatever
container we use will have the algorithm agility to permit it.

There isn't deployed Ed25519 specific [hw] acceleration out there.
(I've been told that some ECDSA hardware acceleration options will accelerate
both, but I don't have details or first hand knowledge)

I don't believe that Ed25519 has any particular Quantum resistance over
ECDSA; rather it has higher assurance against state actors who may have a
backdoor.

So, if one is going to put a new algorithm into a boot loader, and it might
be in software, then I'd like to have a long-term quantum safe algorithm.

(The NIST competition deadline is the end of the month, and maybe we'll have a
miracle in late 2018 to save our bacon...)

--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-




--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAloKYNAACgkQgItw+93Q
3WVrSwgApQj3/gUrhrvZKwIiOlBrKzjUEqaI4MjK26LcYLaarf493ITC9yak1rNx
OsMjcXA0JI6EHLruf6RYcsuvej2674aHrdS4tQ7wXEsvUo3QA2nIRka+BREC0pAJ
G6sW1IToUi8CUI1uVSrOaxlg9mdbP/Agp15DLB0tityT3KP+to5N9OESxd8+ZKZ4
0sFk20skoTX8payeNZSeJK4tjXJqbNGMqtLCgMVo0C5nDy8NSLFmFly/z7ets6ys
3xvWp4Svek0LbtmRz3812LOsA8pzt8bztFGT2+Iu1czxOOxZUnEecnlODKuJQTv+
CeBsm1Bk0MidJF8wgVbNCO8Tk7BDBQ==
=F8Z7
-----END PGP SIGNATURE-----
--=-=-=--


From nobody Mon Nov 13 19:21:59 2017
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 907A612704A for <suit@ietfa.amsl.com>; Mon, 13 Nov 2017 19:21:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level: 
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S4I9KGgA45Pb for <suit@ietfa.amsl.com>; Mon, 13 Nov 2017 19:21:55 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DA886126CC7 for <suit@ietf.org>; Mon, 13 Nov 2017 19:21:54 -0800 (PST)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 4201920008; Mon, 13 Nov 2017 22:23:30 -0500 (EST)
Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 934DC82B23; Mon, 13 Nov 2017 22:21:53 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Robert Moskowitz <rgm-sec@htt-consult.com>
cc: "Dr. Pala" <madwolf@openca.org>, suit@ietf.org
In-Reply-To: <9169e469-9f0b-cdc8-5382-6420f775ff3e@htt-consult.com>
References: <cac69656-c20b-f385-97e7-44e0a3ba1ca2@openca.org> <52399064-8b8c-c407-31c7-32134b966855@htt-consult.com> <219e4717-6f72-c6de-a721-89ac3faff7bc@openca.org> <9169e469-9f0b-cdc8-5382-6420f775ff3e@htt-consult.com>
X-Mailer: MH-E 8.6; nmh 1.7-RC3; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature"
Date: Mon, 13 Nov 2017 22:21:53 -0500
Message-ID: <32560.1510629713@obiwan.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/XtnWXobkgb1vvLR3dFEFdkGSqUk>
Subject: Re: [Suit] Possible additional considerations for Suit
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Nov 2017 03:21:56 -0000

--=-=-=
Content-Type: text/plain


Robert Moskowitz <rgm-sec@htt-consult.com> wrote:
    > I also think a lot about devices that are on PHYs that do not/can not
    > support IP.

sure, but that's why we have a requirement for multi-blob manifests, so that
the device that has IP (the router the PHY is in?) can collect the blob and
pass it on to the PHY. (whether the PHY has a trusted relationship with the
router, or can validate the blob itself is not in scope)

--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-




--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAloKYVEACgkQgItw+93Q
3WXplAf9Fg/ZqojROtie/fF+/nUVQYK5+qSm2j83XEakDkCfHqHytIopRHpEHLyN
YReL+oJ6JgW3cca7spL/q6Qle06qU3GORT/PqX8/MMp7tH5//z6oM7rVEGwSwds6
afBc0wRbf1Xhwe6aDMZRrKs4UpTXK2W4OPIc/MAtVwjWKkZb8+1igHbwx1SxBz1h
UFBmAZ+XXskIskgu8Yky565Y43ZykzjBrWNmZNI4n5avaZztqgC05mrz8ibdjHca
5MmYGRfiZEQ4zcWRd1+dgfFSj6kacvi3hVA66Z+tpJIRbMPblk6EuYqis+lcZ1WI
Ph7gys9oI4CaGjECmE+ASgC+bySZfw==
=euMu
-----END PGP SIGNATURE-----
--=-=-=--


From nobody Mon Nov 13 22:19:31 2017
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4FAA81293E1 for <suit@ietfa.amsl.com>; Mon, 13 Nov 2017 22:19:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.701
X-Spam-Level: 
X-Spam-Status: No, score=-4.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V7jsDKtRqB7k for <suit@ietfa.amsl.com>; Mon, 13 Nov 2017 22:19:27 -0800 (PST)
Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-eopbgr00075.outbound.protection.outlook.com [40.107.0.75]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 38873124D6C for <suit@ietf.org>; Mon, 13 Nov 2017 22:19:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=RsypAXqDSIByHxli0qECgpxMHZaWHxyQN6Go94x7V8U=; b=O9jAAG3zZ8bcOu/47uEqWcbrH3Lr0gOyCDlEr8OxZSTTveJ1GwzD2TShk2mMylFqCl3BbQqCFq8T8bR8sjwYu70FDt4y0rJ/3Lz5v0qPNpxiPdzGrFicgfMEq9TeSkky6NswbWa22MG7RrGyNJOzKRHKAvXUZaioEvnOIHqxt+c=
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com (10.167.90.148) by AM4PR0801MB2705.eurprd08.prod.outlook.com (10.167.90.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.218.12; Tue, 14 Nov 2017 06:19:24 +0000
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::403b:850e:c32c:fad6]) by AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::403b:850e:c32c:fad6%13]) with mapi id 15.20.0218.015; Tue, 14 Nov 2017 06:19:24 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Toerless Eckert <tte@cs.fau.de>, "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] suit charter points
Thread-Index: AQHTXF6QhtLdsyH+/kK8xH6ksqYXRaMTZw4w
Date: Tue, 14 Nov 2017 06:19:24 +0000
Message-ID: <AM4PR0801MB27066AF45D749E5B20C66495FA280@AM4PR0801MB2706.eurprd08.prod.outlook.com>
References: <20171113090522.GZ19390@faui40p.informatik.uni-erlangen.de>
In-Reply-To: <20171113090522.GZ19390@faui40p.informatik.uni-erlangen.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com; 
x-originating-ip: [2001:67c:370:128:259f:4e9f:376b:c01d]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM4PR0801MB2705; 6:aanKH0iLrkufjZr4juAOmCxl2v3we+jDdtwQFIWzf9y0aATS0ToUvsMLtKln0/kbjwZlbqEXDflg70ogd6YEsnISlgdjJk/V5EWqFXw6SFpX9qJsZcQm2lDv166HXzIdSYkciNrCbxFoGsNFMVr0w7j/JDVgfHFQMDCxDPFT5gqQ4Hsdkt/F+/C4rOtaE30rwuffs4dXvE+RUcCH7MPyr0oE6buOOZahZnE5pAkXh+cVTV498pT0yBq3QeEZm9I0GgVNjmKs/Z44P8Vuz+miOc3vMCk1SHjF2nzM5WofGEhgW6izu6EiWMHSO47HhWbqwNO+WBqCl6qE/Gz9ZP/gsGhf2eJ+/GdXc4+KzxPCFsQ=; 5:IusoMGbyDfT0saCdeqDGxlnjzD8t1TOQ9pWyZtCuJyGdhDMqEiCGdPo+npAduSgROI8+l3D2ucyXhTYv6w4/0GCsaYcIXHqCqR0NpxcqUW56GmZkI2KtoaiLfl9uhlU0oC0UUwdOFEBaDWzcK9hRyY6IEwDHsrL0n90Z+QKEHfQ=; 24:3SzonJ+RNKb/0lMVIU8betuNsF0TsEvxoqCJUtJj51GPF7FdS3ZwK1UD63emEyHUXeUcD6m5UAAn3tIr1Pu6DDgJLBIZLFTEMvwC+NXrLSU=; 7:kyk1yZdH+gsotPZyTVqm7U/aHRXpEAN1MbUxWxHj3Ds3h8ZuonejeTRq4kq74AVdtcH2/HjFI6jg2rzbwsdmg9glDcH9sza2oMv0+NCqzNHOlvQVBL3xAKMqvsjuZXn+QV+uqn5XQibnqMEGBvCjfnTgSSJpborqRadMzpIk4ys4Stx1Jco8skDoEFGoIjEOSdlQfpcL/i7/KkeFNQJaHMH9su2/uTwUDHX1nos44gpLLYRPauTt91DWcipXPvY8
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 3ede6b05-8842-465f-2a05-08d52b27a6eb
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(2017052603199); SRVR:AM4PR0801MB2705; 
x-ms-traffictypediagnostic: AM4PR0801MB2705:
x-microsoft-antispam-prvs: <AM4PR0801MB27054FD7A34A954052462E24FA280@AM4PR0801MB2705.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(93006095)(93001095)(100000703101)(100105400095)(10201501046)(3002001)(3231022)(6055026)(6041248)(20161123555025)(20161123558100)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(20161123564025)(20161123562025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:AM4PR0801MB2705; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:AM4PR0801MB2705; 
x-forefront-prvs: 04916EA04C
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(376002)(346002)(40434004)(189002)(199003)(86362001)(2501003)(5250100002)(229853002)(5890100001)(110136005)(316002)(2906002)(6116002)(97736004)(102836003)(81166006)(81156014)(6506006)(478600001)(7736002)(6436002)(305945005)(74316002)(8936002)(8676002)(25786009)(54356999)(3280700002)(72206003)(53936002)(2900100001)(3660700001)(33656002)(76176999)(189998001)(55016002)(105586002)(6246003)(50986999)(101416001)(99286004)(68736007)(5660300001)(14454004)(2950100002)(106356001)(9686003)(7696004); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR0801MB2705; H:AM4PR0801MB2706.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 3ede6b05-8842-465f-2a05-08d52b27a6eb
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Nov 2017 06:19:24.6004 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0801MB2705
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/A0iJe1Lbk4dHaeRO5nuGAkhRXs4>
Subject: Re: [Suit] suit charter points
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Nov 2017 06:19:29 -0000

Hi Toerless,

> a) Ability for automatic downgrade, eg: automatic unless some external ve=
rification of correct operation of the new firmware has succeeded. Ideally,=
 verification of the new firmware is trial-run download of yet another firm=
ware image or the like..

[Hannes] Wouldn't this be an implementation detail?

> b) ability to query the device for capabilities thart will allow to under=
stand what firmware/signing/etc of a firmware will be accepted by the devic=
e.

[Hannes] I am trying to understand what you are trying to design here. Do y=
ou expect the firmware update server to reach out to IoT devices, to ask th=
em for the firmware version being installed, and then send a firmware updat=
e?

Ciao
Hannes

IMPORTANT NOTICE: The contents of this email and any attachments are confid=
ential and may also be privileged. If you are not the intended recipient, p=
lease notify the sender immediately and do not disclose the contents to any=
 other person, use it for any purpose, or store or copy the information in =
any medium. Thank you.


From nobody Mon Nov 13 22:28:14 2017
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 700B3127337 for <suit@ietfa.amsl.com>; Mon, 13 Nov 2017 22:28:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Level: 
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 81v0-jlEeHvX for <suit@ietfa.amsl.com>; Mon, 13 Nov 2017 22:28:11 -0800 (PST)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-db5eur01on0072.outbound.protection.outlook.com [104.47.2.72]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 05409128990 for <suit@ietf.org>; Mon, 13 Nov 2017 22:28:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=XQY/LRrcU3bcQ3fDCZghZEt1yCvnGtZYDWE9MwSxA0w=; b=LrAEtfylYO3i2v8F8EEJIWyRohimDXs5nry7eAHIDQoHsT601+aYQbzONJo0/51cQ4EDbfUAzCIra8dqUfYh7yYG+uC3cE7QfFXQiuXEqN8NlGaTW8o+8b6u2xdIJT2sUMsPY6ejldELr+oJIeOIH0kOnmiq9WSEoyGuHtynZg0=
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com (10.167.90.148) by AM4PR0801MB2708.eurprd08.prod.outlook.com (10.167.90.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.218.12; Tue, 14 Nov 2017 06:28:08 +0000
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::403b:850e:c32c:fad6]) by AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::403b:850e:c32c:fad6%13]) with mapi id 15.20.0218.015; Tue, 14 Nov 2017 06:28:08 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Jari Arkko <jari.arkko@piuha.net>, "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] Follow-up re: my comment on charter and software sources and permissions
Thread-Index: AQHTXF9N/a/J4/ORmEqMdT8uXVlmg6MTaQig
Date: Tue, 14 Nov 2017 06:28:08 +0000
Message-ID: <AM4PR0801MB27061B55D93718F0B9D9DAE7FA280@AM4PR0801MB2706.eurprd08.prod.outlook.com>
References: <D8B09F1B-81EB-4780-9039-5194C6FA4621@piuha.net>
In-Reply-To: <D8B09F1B-81EB-4780-9039-5194C6FA4621@piuha.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com; 
x-originating-ip: [2001:67c:370:128:259f:4e9f:376b:c01d]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM4PR0801MB2708; 6:S9dBl+jB7QUIqBOT/KJ7UVfkczRv+hubj/swzK8V+E8PXVxLuj4R7PeoK6oRGC66YFFS/OpDN4exEZ/0zM7yQQPAYb9dvB9FQA94x8oPKSiDak88y0Th8CmSfM9OyU8+RRKUGA1WKUah5h2k86hqimpl90VgCXSfDqFnT0m7Mt6387zPQ1rcZdb0LCERqw92Xiw3piEs9CjgdicLhjmy7+1d/7QmwzDzpVYF/worMWFDXdv6XFhodDkbwLYcOpIbue0ayBHbAocChn2TNyraz9FVgEvnGab0/LNfdrXyrC7VxI3jb4j2X5mxiNJjvHAZ/P+w5wO01vXDBsbteCoDSR/1BmDXIe2CJ3BEa/NBDCY=; 5:5JrLEgoQdA/vNnCK/niI3nGl9YZ2IXRNThGgzHtgcG23ZwwZdytLkmN6uNggFkG4HfvL/fDeWWRd8UhmF2v+B1SCpkszHf7tq4VddxC8NDQ2kUk0qHQv74bGBB6L7hgvnz9E65HKvxMU/Ul1lOVZzBJDaAmV+f4e8zFSeqUvWmQ=; 24:Yf7hNNI9/1eMxksX/hkmj9JC2P+C94N6b99i8denDEbsg4zbowccyXtPxO09hsCvRytpnmR7x6bAHhlhhU5F2w9bFt7qK4HlwIsKje+bJVY=; 7:O0rno+DXUprRPO3GCa94y3WqM+huJPXxEpIFrXmrP5QqFWS1hSeqtnI2LehEcS5Hf9WHQB6gnEsft6wNeKr3bG1yNexvaArk+KJRK+c9gtNpR65/QZpUNhr/NgW1lPBma2UKsJbYmgpYWXkAW+2+R7/bbSkS2khSGcSKigW6NTGiR8hxC/I8OqMM0i+lOTeAqO4KbBWvdLpTFHGQ38Fols7ZcrvbZPMocvAbSlxk7SZQUF1smPpCX222IGfT0HN/
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 29d401d9-ab20-48a3-26de-08d52b28deeb
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603258); SRVR:AM4PR0801MB2708; 
x-ms-traffictypediagnostic: AM4PR0801MB2708:
x-microsoft-antispam-prvs: <AM4PR0801MB27085C66A4A2C5608FB47294FA280@AM4PR0801MB2708.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(93006095)(93001095)(100000703101)(100105400095)(3002001)(10201501046)(3231022)(6055026)(6041248)(20161123558100)(20161123555025)(20161123560025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123564025)(20161123562025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:AM4PR0801MB2708; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:AM4PR0801MB2708; 
x-forefront-prvs: 04916EA04C
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(346002)(376002)(199003)(40434004)(13464003)(189002)(106356001)(33656002)(105586002)(316002)(8676002)(966005)(54356999)(76176999)(50986999)(81156014)(81166006)(72206003)(2906002)(7696004)(478600001)(99286004)(14454004)(5250100002)(2950100002)(229853002)(8936002)(189998001)(5660300001)(102836003)(3280700002)(6116002)(25786009)(55016002)(53546010)(2501003)(6306002)(110136005)(9686003)(2900100001)(3660700001)(53936002)(6436002)(74316002)(5890100001)(305945005)(86362001)(101416001)(6246003)(7736002)(97736004)(68736007)(6506006); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR0801MB2708; H:AM4PR0801MB2706.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 29d401d9-ab20-48a3-26de-08d52b28deeb
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Nov 2017 06:28:08.0494 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0801MB2708
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/Op4G0PkrWxfoCetEONnyYZOJuyo>
Subject: Re: [Suit] Follow-up re: my comment on charter and software sources and permissions
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Nov 2017 06:28:13 -0000

SGkgSmFyaSwNCg0KSSB1bmRlcnN0b29kIHlvdXIgcXVlc3Rpb24gaW4gdGhlIGZvbGxvd2luZyB3
YXkgYW5kIHBsZWFzZSBjb3JyZWN0IG1lIGlmIEkgZ290IGl0IHdyb25nLg0KDQpZb3Ugd2FudGVk
IGEgZGV2aWNlIHRvIGJlIHVwZGF0ZWQgYnkgcGFydGllcyBvdGhlciB0aGFuIHRoZSBtYW51ZmFj
dHVyZXIuDQoNCkkgY2xhcmlmaWVkIHRoYXQgdGhlIHRlcm0gIm1hbnVmYWN0dXJlciIgaXMgYSBi
aXQgdG9vIGdlbmVyaWMgc2luY2UgdGhlcmUgYXJlIG1hbnkgcGFydGllcyByZXNwb25zaWJsZSBm
b3IgbWFudWZhY3R1cmluZyBhIGRldmljZS4NCldobyBpcywgaG93ZXZlciwgYWxsb3dlZCB0byB1
cGRhdGUgYSBkZXZpY2UgaXMgYSBwb2xpY3kgZGVjaXNpb24gYnV0IEkgYW0gaGFwcHkgdG8gZXhw
bGljaXRseSB3cml0ZSBhYm91dCB0aGlzLg0KDQpDaWFvDQpIYW5uZXMNCg0KDQoNCi0tLS0tT3Jp
Z2luYWwgTWVzc2FnZS0tLS0tDQpGcm9tOiBTdWl0IFttYWlsdG86c3VpdC1ib3VuY2VzQGlldGYu
b3JnXSBPbiBCZWhhbGYgT2YgSmFyaSBBcmtrbw0KU2VudDogMTMgTm92ZW1iZXIgMjAxNyAxNzox
MA0KVG86IHN1aXRAaWV0Zi5vcmcNClN1YmplY3Q6IFtTdWl0XSBGb2xsb3ctdXAgcmU6IG15IGNv
bW1lbnQgb24gY2hhcnRlciBhbmQgc29mdHdhcmUgc291cmNlcyBhbmQgcGVybWlzc2lvbnMNCg0K
VGhlIG1lZXRpbmcgaXMgcnVubmluZyBvdXQgb2YgdGltZS4NCg0KQnV0IEkgd2FudGVkIHRvIGZv
bGxvd3VwIHRvIHRoZSBkaXNjdXNzaW9uIHJlbGF0aW5nIHRvIG15IGNvbW1lbnQgb24gdGhlIG1p
Yy4NCg0KSGFubmVzIGhhZCByZXNwb25kZWQgYnkgc2F5aW5nIHRoYXQgd2UgY2Fubm90IHNwZWNp
Znkgd2hvIHRoZSBwb3RlbnRpYWwgc291cmNlcyBhcmUuDQoNClRoYXQgd2FzbuKAmXQgd2hhdCBJ
IHN1Z2dlc3RlZCBvciBzYWlkLiBJIHdvdWxkIGxpa2UgdGhlIGNoYXJ0ZXIgdG8gc2F5IHRoYXQg
dGhlcmXigJlzIHN1ZmZpY2llbnQgZXhwcmVzc2l2ZSBwb3dlciBpbiB0aGUgZm9ybWF0IHRvIGhh
bmRsZSBzaXR1YXRpb25zIHRoYXQgZ28gYmV5b25kIHRoZSAxIHNvdXJjZSAxIHBlcm1pc3Npb24g
Y2FzZS4gVGhlIGFyY2hpdGVjdHVyZSBkcmFmdCBhbHJlYWR5IHRhbGtzIGFib3V0IHRoaXMsIGFs
dGhvdWdoIGZyb20gYSBzbGlnaHRseSBkaWZmZXJlbnQgYW5nbGUuIFRoZSBhY3R1YWwgcG90ZW50
aWFsIHNvdXJjZXMgYW5kIHN0eWxlcyBvZiBwZXJtaXNzaW9ucyBhcmUgdXAgdG8gaW5kaXZpZHVh
bCBkZXBsb3ltZW50cy4gV2hhdCB3ZSBkbyBpbiB0aGUgSUVURiBpcyBjYXBhYmlsaXRpZXMsIGlu
IGZvcm1hdHMgYW5kIHByb3RvY29scyBhbmQgc28gb24gdG8gZW5hYmxlIGluZGl2aWR1YWwgZGVw
bG95bWVudHMgdG8gZXhwcmVzcyB0aGVpciBzaXR1YXRpb24gd2l0aCBvdXIgdG9vbHMuIE9idmlv
dXNseSB3aXRoaW4gc29tZSByZWFzb25hYmxlIGxpbWl0cywgZ2l2ZW4gdGhhdCB3ZSBhcmUgdGFs
a2luZyBhYm91dCBzbWFsbCwgY29uc3RyYWluZWQgZGV2aWNlcy4NCg0KSSB3YXMgdGhpbmtpbmcg
b2Ygc29tZXRoaW5nIGFsb25nIHRoZSBmb2xsb3dpbmcgbGluZXM6DQoNCiJUaGUgZm9ybWF0IGlz
IGV4cGVjdGVkIHRvIGJlIGV4cHJlc3NpdmUgZW5vdWdoIHRvIGFsbG93IHRoZSB1c2Ugb2YgZGlm
ZmVyZW50IHNvZnR3YXJlIHNvdXJjZXMgYW5kIHBlcm1pc3Npb24gbW9kZWxzLiINCg0KSmFyaQ0K
DQpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXw0KU3VpdCBt
YWlsaW5nIGxpc3QNClN1aXRAaWV0Zi5vcmcNCmh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4v
bGlzdGluZm8vc3VpdA0KSU1QT1JUQU5UIE5PVElDRTogVGhlIGNvbnRlbnRzIG9mIHRoaXMgZW1h
aWwgYW5kIGFueSBhdHRhY2htZW50cyBhcmUgY29uZmlkZW50aWFsIGFuZCBtYXkgYWxzbyBiZSBw
cml2aWxlZ2VkLiBJZiB5b3UgYXJlIG5vdCB0aGUgaW50ZW5kZWQgcmVjaXBpZW50LCBwbGVhc2Ug
bm90aWZ5IHRoZSBzZW5kZXIgaW1tZWRpYXRlbHkgYW5kIGRvIG5vdCBkaXNjbG9zZSB0aGUgY29u
dGVudHMgdG8gYW55IG90aGVyIHBlcnNvbiwgdXNlIGl0IGZvciBhbnkgcHVycG9zZSwgb3Igc3Rv
cmUgb3IgY29weSB0aGUgaW5mb3JtYXRpb24gaW4gYW55IG1lZGl1bS4gVGhhbmsgeW91Lg0K


From nobody Mon Nov 13 22:29:10 2017
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 64FD2129438 for <suit@ietfa.amsl.com>; Mon, 13 Nov 2017 22:29:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Level: 
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YpHs-XGY-VmT for <suit@ietfa.amsl.com>; Mon, 13 Nov 2017 22:29:06 -0800 (PST)
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-he1eur01on0047.outbound.protection.outlook.com [104.47.0.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B1B11127337 for <suit@ietf.org>; Mon, 13 Nov 2017 22:29:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=UR0JCaP1HmKu3T1EgzCTIHhShuPohWUwl3lNqOS0L00=; b=OaxuaegDpPCHXqEy9jBnaH1mFU9rSnfsvFsVps3s61ld7HAZs2IsnAGqSfEVvXR5TE4GCsaiR0Ccttve7IhPsd3btMlvy0UxKIoQ8xVvxE54EWL0U9K3enPF5c2FTJu53Dhjv93aHRbcZ4b7KY6R/AruBKQX9YHXwAg48KXov7U=
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com (10.167.90.148) by AM4PR0801MB2708.eurprd08.prod.outlook.com (10.167.90.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.218.12; Tue, 14 Nov 2017 06:29:03 +0000
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::403b:850e:c32c:fad6]) by AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::403b:850e:c32c:fad6%13]) with mapi id 15.20.0218.015; Tue, 14 Nov 2017 06:29:03 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Carsten Bormann <cabo@tzi.org>, "Dr. Pala" <madwolf@openca.org>
CC: "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] Question about draft-moran-suit-manifest-00.txt
Thread-Index: AQHTXFApItURWUU1KEq7pVapJwrIhKMSEjyAgABM5gCAAA5ggIAA/XHQ
Date: Tue, 14 Nov 2017 06:29:03 +0000
Message-ID: <AM4PR0801MB27060ECF95BA654C4108C6B5FA280@AM4PR0801MB2706.eurprd08.prod.outlook.com>
References: <6437dc89-4706-dcdd-3b7a-f073c44ccfdb@openca.org> <AM4PR0801MB2706FE1F98DFBA3E21404C4DFA2B0@AM4PR0801MB2706.eurprd08.prod.outlook.com> <e3f60704-880c-9434-90c9-d77b60dbe356@openca.org> <7507EE90-328A-4D30-BD75-FCED69B906A7@tzi.org>
In-Reply-To: <7507EE90-328A-4D30-BD75-FCED69B906A7@tzi.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com; 
x-originating-ip: [2001:67c:370:128:259f:4e9f:376b:c01d]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM4PR0801MB2708; 6:qf9aKwYmPgxzWAqWWaMVmrzXqDr/KrVsVKMokWo5PhJsPUWH8q+GZ4DE8XVh87xDL7r7jDq5ur6QZlJ3S0/7n/Ry50yDBpnVwppKU61znCuACqZ1OKYyPb1IcO3UJzglE1w8JvCjm0fW35bFuIhBjgXm1QzWQ3dzrjb2Cu4NO04Nt9xE2NWpkkYYfzZWQWD7HK8Oua2t5KWO8tUCnJenw5HDOxtpuEMC8q5HSyK+orYNPDD6HDb4iVAb5L0pI37yv4jG8BcjFtHzuTHS/myWAvja0L4IaHC/OQI18Be46kZ5s8l/WnFBQIb1+jSwUPRUEgENUcbJA/sVq+eRSmUn+70uhlgBl1nA5QEhDENJNJo=; 5:Da11LwErWhgEAz+XicYRqTZE+k8BajmR7NlnKebGrNSvT8mxJdYlQ+qCySf9N8aVU8VG9iHlPn8sNTPVBo9P3Qk6pcmYB0ZDUwGbUcSGAwaK80EaPNrLRVz/9cS8H65yPxV3I0jRF0rPXXqmjz8RvHI+Qn1T8Ne2xnEvDpV2TH8=; 24:8induojS2OK6wflj2p2kdwO2sldFgYqukuGvPye7uCChxPAQlGG3r4C0sAlnrr12A8d+g9M6oW2fdGL+1s1IJsU459aGIW0R3qIPxinuGDk=; 7:xY2crrK7isJzffMf5C3cdzJ+jgyMdFqlwbCnLxUffU8B3Xygxl8Xi2CzWaX57tUp0mox/aOy5iorcN66YmRLgGrAW+AdkK2DBwxLAXDBacjo5ViZZiMbsKNWoOs8tf3S6y13Cr3h8AU8CKNfsXPK3SfKpZ1nC/ieoz6zXbqQ0oITPevq2F1vQ193DuTyW/B4b1o1rmm9/fCWhveRzgDzgYB2E5OtEeP0xbwnyOckdghDr5qkBSRbyQoJdtNRQJIN
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 290b3726-30b4-48a4-83f8-08d52b28ffdc
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603258); SRVR:AM4PR0801MB2708; 
x-ms-traffictypediagnostic: AM4PR0801MB2708:
x-microsoft-antispam-prvs: <AM4PR0801MB2708BA47FCF971144E9D27ABFA280@AM4PR0801MB2708.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(93006095)(93001095)(100000703101)(100105400095)(3002001)(10201501046)(3231022)(6055026)(6041248)(20161123558100)(20161123555025)(20161123560025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123564025)(20161123562025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:AM4PR0801MB2708; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:AM4PR0801MB2708; 
x-forefront-prvs: 04916EA04C
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(346002)(376002)(199003)(40434004)(13464003)(189002)(24454002)(106356001)(33656002)(105586002)(316002)(8676002)(966005)(54356999)(76176999)(50986999)(81156014)(81166006)(72206003)(2906002)(7696004)(478600001)(99286004)(14454004)(5250100002)(2950100002)(229853002)(8936002)(93886005)(189998001)(5660300001)(102836003)(3280700002)(6116002)(25786009)(55016002)(53546010)(6306002)(110136005)(9686003)(2900100001)(3660700001)(230783001)(53936002)(6436002)(4326008)(74316002)(5890100001)(305945005)(86362001)(101416001)(6246003)(7736002)(97736004)(68736007)(6506006); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR0801MB2708; H:AM4PR0801MB2706.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 290b3726-30b4-48a4-83f8-08d52b28ffdc
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Nov 2017 06:29:03.3183 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0801MB2708
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/yPekRfd95Q-dYLuLGQt5lnJdUKo>
Subject: Re: [Suit] Question about draft-moran-suit-manifest-00.txt
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Nov 2017 06:29:08 -0000

Q2Fyc3RlbiwNCg0KSXQgaXMgbm90IGp1c3QgQ0JPUiBidXQgYWxzbyBDT1NFIHRoYXQgbmVlZHMg
dG8gYmUgaW1wbGVtZW50ZWQuDQoNCkNpYW8NCkhhbm5lcw0KDQoNCi0tLS0tT3JpZ2luYWwgTWVz
c2FnZS0tLS0tDQpGcm9tOiBTdWl0IFttYWlsdG86c3VpdC1ib3VuY2VzQGlldGYub3JnXSBPbiBC
ZWhhbGYgT2YgQ2Fyc3RlbiBCb3JtYW5uDQpTZW50OiAxMyBOb3ZlbWJlciAyMDE3IDIzOjIxDQpU
bzogRHIuIFBhbGENCkNjOiBzdWl0QGlldGYub3JnDQpTdWJqZWN0OiBSZTogW1N1aXRdIFF1ZXN0
aW9uIGFib3V0IGRyYWZ0LW1vcmFuLXN1aXQtbWFuaWZlc3QtMDAudHh0DQoNCk9uIE5vdiAxMywg
MjAxNywgYXQgMjI6MjksIERyLiBQYWxhIDxtYWR3b2xmQG9wZW5jYS5vcmc+IHdyb3RlOg0KPg0K
PiBNYXliZSB0aGVyZSBjb3VsZCBiZSBhbHNvIHNvbWUgc3BhY2UgZm9yIGNvbnNpZGVyaW5nIGFk
LWhvYyAoaW5zdGVhZCBvZiBnZW5lcmljIGVuY29kaW5nIHJ1bGVzKSBiaW5hcnkgZm9ybWF0cyB0
aGF0IGNhbiBiZSBiZXR0ZXIgdW5kZXJzdG9vZCBieSBkZXZpY2UgbWFudWZhY3R1cmVyICh0aGF0
IHVzdWFsbHkgY29tcGxhaW4gYWJvdXQgaGF2aW5nIGV2ZW4gYSA1LTEwayBlbmMvZGVjIGxpYnJh
cnkuLi4gOkQpLg0KDQpQcmVwYXJlIHRvIHNwZW5kIDcyMiBieXRlcyBvZiBjb2RlIGZvciB0aGUg
Q0JPUiBkZWNvZGVyIGxpYnJhcnkgKHVubGVzcyB5b3UgbmVlZCBmbG9hdGluZyBwb2ludCBkYXRh
LCB0aGVuIGl0IGJlY29tZXMgYXJvdW5kIDgwMCkuDQoNCkdyw7zDn2UsIENhcnN0ZW4NCg0KX19f
X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18NClN1aXQgbWFpbGlu
ZyBsaXN0DQpTdWl0QGlldGYub3JnDQpodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3Rp
bmZvL3N1aXQNCklNUE9SVEFOVCBOT1RJQ0U6IFRoZSBjb250ZW50cyBvZiB0aGlzIGVtYWlsIGFu
ZCBhbnkgYXR0YWNobWVudHMgYXJlIGNvbmZpZGVudGlhbCBhbmQgbWF5IGFsc28gYmUgcHJpdmls
ZWdlZC4gSWYgeW91IGFyZSBub3QgdGhlIGludGVuZGVkIHJlY2lwaWVudCwgcGxlYXNlIG5vdGlm
eSB0aGUgc2VuZGVyIGltbWVkaWF0ZWx5IGFuZCBkbyBub3QgZGlzY2xvc2UgdGhlIGNvbnRlbnRz
IHRvIGFueSBvdGhlciBwZXJzb24sIHVzZSBpdCBmb3IgYW55IHB1cnBvc2UsIG9yIHN0b3JlIG9y
IGNvcHkgdGhlIGluZm9ybWF0aW9uIGluIGFueSBtZWRpdW0uIFRoYW5rIHlvdS4NCg==


From nobody Mon Nov 13 22:42:51 2017
Return-Path: <jari.arkko@piuha.net>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 17869127B60 for <suit@ietfa.amsl.com>; Mon, 13 Nov 2017 22:42:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VqH7E3DWIqKE for <suit@ietfa.amsl.com>; Mon, 13 Nov 2017 22:42:49 -0800 (PST)
Received: from p130.piuha.net (p130.piuha.net [IPv6:2001:14b8:1829::130]) by ietfa.amsl.com (Postfix) with ESMTP id C7F2E127B31 for <suit@ietf.org>; Mon, 13 Nov 2017 22:42:48 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by p130.piuha.net (Postfix) with ESMTP id B72E12CE21; Tue, 14 Nov 2017 08:42:47 +0200 (EET) (envelope-from jari.arkko@piuha.net)
X-Virus-Scanned: amavisd-new at piuha.net
Received: from p130.piuha.net ([127.0.0.1]) by localhost (p130.piuha.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UNdDUS3tBnET; Tue, 14 Nov 2017 08:42:46 +0200 (EET)
Received: from [127.0.0.1] (p130.piuha.net [IPv6:2001:14b8:1829::130]) by p130.piuha.net (Postfix) with ESMTPS id A4D162CD11; Tue, 14 Nov 2017 08:42:44 +0200 (EET) (envelope-from jari.arkko@piuha.net)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Jari Arkko <jari.arkko@piuha.net>
In-Reply-To: <AM4PR0801MB27061B55D93718F0B9D9DAE7FA280@AM4PR0801MB2706.eurprd08.prod.outlook.com>
Date: Tue, 14 Nov 2017 14:42:41 +0800
Cc: "suit@ietf.org" <suit@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <937DA8F2-2F12-43F9-AAC8-D5496D0221FF@piuha.net>
References: <D8B09F1B-81EB-4780-9039-5194C6FA4621@piuha.net> <AM4PR0801MB27061B55D93718F0B9D9DAE7FA280@AM4PR0801MB2706.eurprd08.prod.outlook.com>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, Madjid Nakhjiri <m.nakhjiri@samsung.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/W5LW9kY9ryo7BoL88gvHQRKrnsg>
Subject: Re: [Suit] Follow-up re: my comment on charter and software sources and permissions
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Nov 2017 06:42:51 -0000

Hannes =E2=80=94 the manufacturer example was just that, an example. I =
definitely agree that we shouldn=E2=80=99t write anything about =
manufacturers or owners! What I=E2=80=99d like to have, however, is a =
recognition that there=E2=80=99s a need to support a bit more expressive =
power in our mechanisms to support some of the cases that can come up. I =
sent some suggested text earlier in this thread, but other text would =
work as well.

Madjid =E2=80=94 I was thinking of the kinds of permission models that =
e.g., the architecture draft (draft-moran-suit-architecture) talks about =
in Section 3.7. That example is from a slightly different use case than =
I had in mind, but it is another example.

Jari




From nobody Mon Nov 13 22:48:00 2017
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C69F129417 for <suit@ietfa.amsl.com>; Mon, 13 Nov 2017 22:47:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Level: 
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HjU7ZWXTlCUQ for <suit@ietfa.amsl.com>; Mon, 13 Nov 2017 22:47:55 -0800 (PST)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-db5eur01on0083.outbound.protection.outlook.com [104.47.2.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5A02C1292FD for <suit@ietf.org>; Mon, 13 Nov 2017 22:47:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=2athbCqqnmnq6583LwCP8UXEaMFO0i45tIt4Orfj4Ik=; b=AEWSrhcJMzFayziERq+4WLPr1F6ORATdDgF60su88kAgN3O+zPO/tYT7P+4zD/SigxHD8aEq8FoaSz757UnM3QOznQkoGwawazF0bc67N8QXobsGvU3XH2aaRsh7z2wgsvBMoxvj4leVbH9uWdHmb2j94ohOjtMoJhV79kZzuQE=
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com (10.167.90.148) by AM4PR0801MB2708.eurprd08.prod.outlook.com (10.167.90.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.218.12; Tue, 14 Nov 2017 06:47:52 +0000
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::403b:850e:c32c:fad6]) by AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::403b:850e:c32c:fad6%13]) with mapi id 15.20.0218.015; Tue, 14 Nov 2017 06:47:52 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Jari Arkko <jari.arkko@piuha.net>, Madjid Nakhjiri <m.nakhjiri@samsung.com>
CC: "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] Follow-up re: my comment on charter and software sources and permissions
Thread-Index: AQHTXF9N/a/J4/ORmEqMdT8uXVlmg6MTaQiggAAFwoCAAAE3UA==
Date: Tue, 14 Nov 2017 06:47:52 +0000
Message-ID: <AM4PR0801MB2706AE33AF4179F28C565C10FA280@AM4PR0801MB2706.eurprd08.prod.outlook.com>
References: <D8B09F1B-81EB-4780-9039-5194C6FA4621@piuha.net> <AM4PR0801MB27061B55D93718F0B9D9DAE7FA280@AM4PR0801MB2706.eurprd08.prod.outlook.com> <937DA8F2-2F12-43F9-AAC8-D5496D0221FF@piuha.net>
In-Reply-To: <937DA8F2-2F12-43F9-AAC8-D5496D0221FF@piuha.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com; 
x-originating-ip: [2001:67c:370:128:259f:4e9f:376b:c01d]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM4PR0801MB2708; 6:jotk4iDdyDd28Vn2m9KD06hL97ilYkWTWCnphgCgdk/AL9C+01DO6+C/i9H5k74hzSDsdYvLoavF8pOpKwf69byfIRuLF6Z6nHJTPm1i7LYyBSKtO58n1wKYY4aM5ys52yTcmLrOyhqRwHK1HTqe1quQEfAfFGcnrwZXvkmYSMVlEdvx6C30D2eLjibGfnhb4T0Ozns7NgmJilsDvjpo9gVJHCyTsihQ/QlTJ2CNVUUdqIf0lGmvqSgvCKaATMGWglkEKMsBpuDA7j4j/go/YfNu/PShBmAz8/gO79tAriT/XGYOg4XAL9CYM3ZLrRihOIbw7OddY0WkAXSH/IOlX16hi6FaJKkEUi6N4wrXV1I=; 5:4/rHZxDsbprCPlYX6CgMeF4ELFwlOM6L9a47izsuHOSHkQ7chXDqEn33yV0DzAwrog/zIqlKaV1PAOgvMKz6Y2tMPoaj5RVV237BMvsaUWIzc+MkuhnCIfeINruOKnWfqSMrUwyYbwSpEIyIT7/NLyKaBcocEfv3BrClRgVl4oI=; 24:h5vk3qVR2jLDeF50LSdF4z2omwuRYCVhUl1NVNCCCE0JXTqgKUF9AgMHUpFo46iaQ6hzsX0Sl6II8L08AfUMxLWdYKa2/n0ao0TXKrW0VP4=; 7:5+vieyKvmG3XlGxkpdbwHpbjgna9m3w5EOHHFZRVNQr+iHx80io4vhoGgQaGppYNJqeKbly4hR9E3AmWVpbsSqmWpZNkWc8qE7DY9BdDE2i7Z/i2qyhBY6vC/FNxrKJl68rjFImsyDsEn2ykH9UU1rAdJ33EDRK1U+9KWmMwpvShq5+xpNFiwMyK1LtRyHh7yH5QH5FPiqIH1H83t7WTalavj57zcGcdkD83Qf5ohtqnrQQa0xqie50buMrUkExy
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: a4293c16-4ad3-4d66-ead6-08d52b2ba104
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603258); SRVR:AM4PR0801MB2708; 
x-ms-traffictypediagnostic: AM4PR0801MB2708:
x-microsoft-antispam-prvs: <AM4PR0801MB27081F492997986091A64A2AFA280@AM4PR0801MB2708.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(93006095)(93001095)(100000703101)(100105400095)(3002001)(10201501046)(3231022)(6055026)(6041248)(20161123558100)(20161123555025)(20161123560025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123564025)(20161123562025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:AM4PR0801MB2708; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:AM4PR0801MB2708; 
x-forefront-prvs: 04916EA04C
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(376002)(346002)(199003)(13464003)(189002)(40434004)(3660700001)(53936002)(2900100001)(6436002)(25786009)(55016002)(110136005)(9686003)(53546010)(7736002)(68736007)(97736004)(6506006)(4326008)(74316002)(5890100001)(305945005)(101416001)(6246003)(86362001)(7696004)(81166006)(72206003)(2906002)(81156014)(478600001)(105586002)(316002)(106356001)(33656002)(50986999)(8676002)(76176999)(54356999)(8936002)(6116002)(3280700002)(102836003)(189998001)(5660300001)(5250100002)(99286004)(14454004)(2950100002)(229853002); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR0801MB2708; H:AM4PR0801MB2706.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a4293c16-4ad3-4d66-ead6-08d52b2ba104
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Nov 2017 06:47:52.6741 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0801MB2708
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/tmEF_dvhRy_FxcPNbjFQW5UJZWE>
Subject: Re: [Suit] Follow-up re: my comment on charter and software sources and permissions
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Nov 2017 06:47:58 -0000

SGkgSmFyaSwNCg0KSSBiZWxpZXZlIEkgdW5kZXJzdGFuZCB3aGVyZSB5b3UgYXJlIGhlYWRpbmcg
d2l0aCB5b3VyIHJlbWFya3MuDQoNClRoZSBxdWVzdGlvbiB0byBtZSBpcyB3aGV0aGVyIHRoaXMg
aXMgc29tZXRoaW5nIHRoYXQgaGFzIHRvIGdvIGludG8gdGhlIGNoYXJ0ZXIgdGV4dCBvciBpbnRv
IGEgZG9jdW1lbnQgb2YgdGhlIGdyb3VwLg0KDQpDaWFvDQpIYW5uZXMNCg0KDQotLS0tLU9yaWdp
bmFsIE1lc3NhZ2UtLS0tLQ0KRnJvbTogSmFyaSBBcmtrbyBbbWFpbHRvOmphcmkuYXJra29AcGl1
aGEubmV0XQ0KU2VudDogMTQgTm92ZW1iZXIgMjAxNyAxNDo0Mw0KVG86IEhhbm5lcyBUc2Nob2Zl
bmlnOyBNYWRqaWQgTmFraGppcmkNCkNjOiBzdWl0QGlldGYub3JnDQpTdWJqZWN0OiBSZTogW1N1
aXRdIEZvbGxvdy11cCByZTogbXkgY29tbWVudCBvbiBjaGFydGVyIGFuZCBzb2Z0d2FyZSBzb3Vy
Y2VzIGFuZCBwZXJtaXNzaW9ucw0KDQpIYW5uZXMg4oCUIHRoZSBtYW51ZmFjdHVyZXIgZXhhbXBs
ZSB3YXMganVzdCB0aGF0LCBhbiBleGFtcGxlLiBJIGRlZmluaXRlbHkgYWdyZWUgdGhhdCB3ZSBz
aG91bGRu4oCZdCB3cml0ZSBhbnl0aGluZyBhYm91dCBtYW51ZmFjdHVyZXJzIG9yIG93bmVycyEg
V2hhdCBJ4oCZZCBsaWtlIHRvIGhhdmUsIGhvd2V2ZXIsIGlzIGEgcmVjb2duaXRpb24gdGhhdCB0
aGVyZeKAmXMgYSBuZWVkIHRvIHN1cHBvcnQgYSBiaXQgbW9yZSBleHByZXNzaXZlIHBvd2VyIGlu
IG91ciBtZWNoYW5pc21zIHRvIHN1cHBvcnQgc29tZSBvZiB0aGUgY2FzZXMgdGhhdCBjYW4gY29t
ZSB1cC4gSSBzZW50IHNvbWUgc3VnZ2VzdGVkIHRleHQgZWFybGllciBpbiB0aGlzIHRocmVhZCwg
YnV0IG90aGVyIHRleHQgd291bGQgd29yayBhcyB3ZWxsLg0KDQpNYWRqaWQg4oCUIEkgd2FzIHRo
aW5raW5nIG9mIHRoZSBraW5kcyBvZiBwZXJtaXNzaW9uIG1vZGVscyB0aGF0IGUuZy4sIHRoZSBh
cmNoaXRlY3R1cmUgZHJhZnQgKGRyYWZ0LW1vcmFuLXN1aXQtYXJjaGl0ZWN0dXJlKSB0YWxrcyBh
Ym91dCBpbiBTZWN0aW9uIDMuNy4gVGhhdCBleGFtcGxlIGlzIGZyb20gYSBzbGlnaHRseSBkaWZm
ZXJlbnQgdXNlIGNhc2UgdGhhbiBJIGhhZCBpbiBtaW5kLCBidXQgaXQgaXMgYW5vdGhlciBleGFt
cGxlLg0KDQpKYXJpDQoNCg0KDQpJTVBPUlRBTlQgTk9USUNFOiBUaGUgY29udGVudHMgb2YgdGhp
cyBlbWFpbCBhbmQgYW55IGF0dGFjaG1lbnRzIGFyZSBjb25maWRlbnRpYWwgYW5kIG1heSBhbHNv
IGJlIHByaXZpbGVnZWQuIElmIHlvdSBhcmUgbm90IHRoZSBpbnRlbmRlZCByZWNpcGllbnQsIHBs
ZWFzZSBub3RpZnkgdGhlIHNlbmRlciBpbW1lZGlhdGVseSBhbmQgZG8gbm90IGRpc2Nsb3NlIHRo
ZSBjb250ZW50cyB0byBhbnkgb3RoZXIgcGVyc29uLCB1c2UgaXQgZm9yIGFueSBwdXJwb3NlLCBv
ciBzdG9yZSBvciBjb3B5IHRoZSBpbmZvcm1hdGlvbiBpbiBhbnkgbWVkaXVtLiBUaGFuayB5b3Uu
DQo=


From nobody Mon Nov 13 22:48:31 2017
Return-Path: <madwolf@openca.org>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C3B7129453 for <suit@ietfa.amsl.com>; Mon, 13 Nov 2017 22:48:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.891
X-Spam-Level: 
X-Spam-Status: No, score=-1.891 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_HK_NAME_DR=0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pvaJlmc-R0JV for <suit@ietfa.amsl.com>; Mon, 13 Nov 2017 22:48:26 -0800 (PST)
Received: from mail.katezarealty.com (mail.katezarealty.com [104.168.158.213]) by ietfa.amsl.com (Postfix) with ESMTP id 6E30D126C25 for <suit@ietf.org>; Mon, 13 Nov 2017 22:48:26 -0800 (PST)
Received: from localhost (unknown [127.0.0.1]) by mail.katezarealty.com (Postfix) with ESMTP id 4EF593741029 for <suit@ietf.org>; Tue, 14 Nov 2017 06:48:26 +0000 (UTC)
X-Virus-Scanned: amavisd-new at katezarealty.com
Received: from mail.katezarealty.com ([127.0.0.1]) by localhost (mail.katezarealty.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id duZN02HQmhRJ for <suit@ietf.org>; Tue, 14 Nov 2017 01:48:19 -0500 (EST)
Received: from dhcp-8b1d.meeting.ietf.org (dhcp-8b1d.meeting.ietf.org [31.133.139.29]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.katezarealty.com (Postfix) with ESMTPSA id A1BAC3740F6A for <suit@ietf.org>; Tue, 14 Nov 2017 01:48:18 -0500 (EST)
To: suit@ietf.org
References: <6437dc89-4706-dcdd-3b7a-f073c44ccfdb@openca.org> <AM4PR0801MB2706FE1F98DFBA3E21404C4DFA2B0@AM4PR0801MB2706.eurprd08.prod.outlook.com> <e3f60704-880c-9434-90c9-d77b60dbe356@openca.org> <7507EE90-328A-4D30-BD75-FCED69B906A7@tzi.org> <AM4PR0801MB27060ECF95BA654C4108C6B5FA280@AM4PR0801MB2706.eurprd08.prod.outlook.com>
From: "Dr. Pala" <madwolf@openca.org>
Message-ID: <23bdd985-6655-97d6-d7b4-ad16fc3c7fab@openca.org>
Date: Tue, 14 Nov 2017 14:48:15 +0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <AM4PR0801MB27060ECF95BA654C4108C6B5FA280@AM4PR0801MB2706.eurprd08.prod.outlook.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/UXPYvOtuZJAYu_z7SJmc0p25nBY>
Subject: Re: [Suit] Question about draft-moran-suit-manifest-00.txt
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Nov 2017 06:48:30 -0000

Hi Hannes,

Maybe I am wrong, but I it might not necessarily be true. Could, for 
example, the authentication data be a PKIX detached signature over the 
CBOR blob ?

Cheers,
Max


On 11/14/17 2:29 PM, Hannes Tschofenig wrote:
> Carsten,
>
> It is not just CBOR but also COSE that needs to be implemented.
>
> Ciao
> Hannes
>
>
> -----Original Message-----
> From: Suit [mailto:suit-bounces@ietf.org] On Behalf Of Carsten Bormann
> Sent: 13 November 2017 23:21
> To: Dr. Pala
> Cc: suit@ietf.org
> Subject: Re: [Suit] Question about draft-moran-suit-manifest-00.txt
>
> On Nov 13, 2017, at 22:29, Dr. Pala <madwolf@openca.org> wrote:
>> Maybe there could be also some space for considering ad-hoc (instead of generic encoding rules) binary formats that can be better understood by device manufacturer (that usually complain about having even a 5-10k enc/dec library... :D).
> Prepare to spend 722 bytes of code for the CBOR decoder library (unless you need floating point data, then it becomes around 800).
>
> Grüße, Carsten
>
> _______________________________________________
> Suit mailing list
> Suit@ietf.org
> https://www.ietf.org/mailman/listinfo/suit
> IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
> _______________________________________________
> Suit mailing list
> Suit@ietf.org
> https://www.ietf.org/mailman/listinfo/suit


From nobody Mon Nov 13 22:52:07 2017
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 74D9E127977 for <suit@ietfa.amsl.com>; Mon, 13 Nov 2017 22:52:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Level: 
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Sa_uDDxQQP6I for <suit@ietfa.amsl.com>; Mon, 13 Nov 2017 22:52:03 -0800 (PST)
Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-eopbgr20048.outbound.protection.outlook.com [40.107.2.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 09F16128D3E for <suit@ietf.org>; Mon, 13 Nov 2017 22:52:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=c7mue/jyxE4H2TIgpfdYUPE9/SEJt2nL4IgpqMTdgw8=; b=jeE8lHfSvxHgcdKSH8XVMrMZwqCVc0+OtuAmdrPFzO3aewexu4QuiRcwqGxG7C0QbHaNM7FYovliwQBbB1a+kPl8ozundnZTwI6FDe4fN5k1ELyh5uBkF5icw8LbkUuLeJDwpjhhIC6BU2wY/0SUEGoojkusnyB70qDrB7g2KRw=
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com (10.167.90.148) by AM4PR0801MB2706.eurprd08.prod.outlook.com (10.167.90.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.218.12; Tue, 14 Nov 2017 06:51:57 +0000
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::403b:850e:c32c:fad6]) by AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::403b:850e:c32c:fad6%13]) with mapi id 15.20.0218.015; Tue, 14 Nov 2017 06:51:57 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: "Dr. Pala" <madwolf@openca.org>, "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] Question about draft-moran-suit-manifest-00.txt
Thread-Index: AQHTXFApItURWUU1KEq7pVapJwrIhKMSEjyAgABM5gCAAA5ggIAA/XHQgAAFhICAAABr4A==
Date: Tue, 14 Nov 2017 06:51:57 +0000
Message-ID: <AM4PR0801MB27067C3045D9F9BD62ADB912FA280@AM4PR0801MB2706.eurprd08.prod.outlook.com>
References: <6437dc89-4706-dcdd-3b7a-f073c44ccfdb@openca.org> <AM4PR0801MB2706FE1F98DFBA3E21404C4DFA2B0@AM4PR0801MB2706.eurprd08.prod.outlook.com> <e3f60704-880c-9434-90c9-d77b60dbe356@openca.org> <7507EE90-328A-4D30-BD75-FCED69B906A7@tzi.org> <AM4PR0801MB27060ECF95BA654C4108C6B5FA280@AM4PR0801MB2706.eurprd08.prod.outlook.com> <23bdd985-6655-97d6-d7b4-ad16fc3c7fab@openca.org>
In-Reply-To: <23bdd985-6655-97d6-d7b4-ad16fc3c7fab@openca.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com; 
x-originating-ip: [2001:67c:370:128:259f:4e9f:376b:c01d]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM4PR0801MB2706; 6:zY2JwArkd8JHiBKDELYz48Yt9AkrvMQEGCPWSPrA+yf/ccK2j3M5LRZktG2IAl45J+qOW4MwyqQixRgYsWEKzshnNwigaFZmkeqMnJza1dSnEQL0Zarh1YKTyRSyhajl1fXPev0OqfjQoCO9cm9ntKV8OYnCxHer4DUyESzec6K02Vs3lZm0zwIPKnIa5ZKvqsu6JXwuV8dmno0XvdG4HqDAG0+21VTRJLFeDRPQ5Hnm7sUzmefmEbvi6FIBNx5MPAr3OQKIiA+GkzbngAZDyWp/krTxm7fKqZEOxtTJJquLs15BfClmMybieySvR0BwNkh5zSuMT9uslmSf7Mk21lMG2hSg3dZgLs9IXa9ZFqk=; 5:IZeMx/njZSVgXTlLyF3n9UhaKscpu2sxhd4VL/1EJ4o+aTaFDjW0SXxetxCTmlZtR5QJ5u7cD1Xlwutt/pAan+AySxaLbmMIT5k0FkbRdP8ueAwNQJvoxY5SRebifVvNfZ5xRNW72w37WrEotr/PHSF5a5KTkwCL5bzINVJyaHs=; 24:RqDeMFRoHQXl+JuS4l0ZNy+i1KuzWErnziLQ6UB6FFzFF+H37hJ3S779SP7mWjnJgv/SqTLtL8K4vNOsSVXnO6zUZCIb/wBP7KOAXmo04tE=; 7:F5th92Rk8TzgKXP8SQVWD4FHc1yoHe7omPt5yKD1+sR7u6mlK/ulk6eXZu/EwkrznPPBYbUNPMBpDwKfLUoSyhe4b/b9LxxhpoEBl+5Nl9hToNV5lNuj7pHBWkfDNVGuQXZmBCHQeEYVU6TmRgCpHMl6yerJbElo/C+UC1+1qmF7DM4/GQuiAJs3gnPiDsS+GHXfwcbdn0xUFr4fWzMrqD/HQIg66JDOoXb4B+UDM75J2HStEJBvwsfehqioPXyL
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 2eef7afe-1dc1-4921-9702-08d52b2c32e1
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603258); SRVR:AM4PR0801MB2706; 
x-ms-traffictypediagnostic: AM4PR0801MB2706:
x-microsoft-antispam-prvs: <AM4PR0801MB2706F1BA5A9E248BD0C04F55FA280@AM4PR0801MB2706.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(192374486261705);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(3231022)(10201501046)(100000703101)(100105400095)(93006095)(93001095)(3002001)(6055026)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(20161123555025)(20161123562025)(20161123558100)(20161123564025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:AM4PR0801MB2706; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:AM4PR0801MB2706; 
x-forefront-prvs: 04916EA04C
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(39860400002)(346002)(376002)(24454002)(13464003)(40434004)(189002)(199003)(50986999)(9686003)(110136005)(106356001)(53936002)(105586002)(189998001)(97736004)(5660300001)(74316002)(25786009)(316002)(8936002)(76176999)(5250100002)(8676002)(54356999)(6246003)(81166006)(230783001)(81156014)(2900100001)(101416001)(86362001)(102836003)(14454004)(55016002)(2906002)(6116002)(6306002)(53546010)(3280700002)(99286004)(5890100001)(2501003)(68736007)(3660700001)(7696004)(229853002)(33656002)(2950100002)(478600001)(72206003)(93886005)(6506006)(6436002)(7736002)(305945005)(966005); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR0801MB2706; H:AM4PR0801MB2706.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 2eef7afe-1dc1-4921-9702-08d52b2c32e1
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Nov 2017 06:51:57.4056 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0801MB2706
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/IatMwKQMSmCFfTEfc6cCvVqDUvc>
Subject: Re: [Suit] Question about draft-moran-suit-manifest-00.txt
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Nov 2017 06:52:05 -0000

SGkgTWF4LA0KDQpNeSB1bmRlcnN0YW5kaW5nIHdhcyB0aGF0IHRob3NlIGZvbGtzIGFza2luZyBm
b3IgQ0JPUiBlbmNvZGluZyBhY3R1YWxseSBtZWFudCB0aGF0IHRoZXkgd2FudCB0byB1c2UgQ0JP
UiBlbmNvZGluZyBvZiB0aGUgbWFuaWZlc3QsIHdoaWNoIGlzIHRoZW4gcHJvdGVjdGVkIGJ5IHRo
ZSBDT1NFIHNlY3VyaXR5IG1lY2hhbmlzbXMuIFNvLCB5b3Ugd2lsbCBuZWVkIGEgcGFyc2VyIHRo
YXQgc3VwcG9ydHMgQ09TRSwgd2hpY2ggdXNlcyBDQk9SLg0KDQpDaWFvDQpIYW5uZXMNCg0KLS0t
LS1PcmlnaW5hbCBNZXNzYWdlLS0tLS0NCkZyb206IFN1aXQgW21haWx0bzpzdWl0LWJvdW5jZXNA
aWV0Zi5vcmddIE9uIEJlaGFsZiBPZiBEci4gUGFsYQ0KU2VudDogMTQgTm92ZW1iZXIgMjAxNyAx
NDo0OA0KVG86IHN1aXRAaWV0Zi5vcmcNClN1YmplY3Q6IFJlOiBbU3VpdF0gUXVlc3Rpb24gYWJv
dXQgZHJhZnQtbW9yYW4tc3VpdC1tYW5pZmVzdC0wMC50eHQNCg0KSGkgSGFubmVzLA0KDQpNYXli
ZSBJIGFtIHdyb25nLCBidXQgSSBpdCBtaWdodCBub3QgbmVjZXNzYXJpbHkgYmUgdHJ1ZS4gQ291
bGQsIGZvciBleGFtcGxlLCB0aGUgYXV0aGVudGljYXRpb24gZGF0YSBiZSBhIFBLSVggZGV0YWNo
ZWQgc2lnbmF0dXJlIG92ZXIgdGhlIENCT1IgYmxvYiA/DQoNCkNoZWVycywNCk1heA0KDQoNCk9u
IDExLzE0LzE3IDI6MjkgUE0sIEhhbm5lcyBUc2Nob2ZlbmlnIHdyb3RlOg0KPiBDYXJzdGVuLA0K
Pg0KPiBJdCBpcyBub3QganVzdCBDQk9SIGJ1dCBhbHNvIENPU0UgdGhhdCBuZWVkcyB0byBiZSBp
bXBsZW1lbnRlZC4NCj4NCj4gQ2lhbw0KPiBIYW5uZXMNCj4NCj4NCj4gLS0tLS1PcmlnaW5hbCBN
ZXNzYWdlLS0tLS0NCj4gRnJvbTogU3VpdCBbbWFpbHRvOnN1aXQtYm91bmNlc0BpZXRmLm9yZ10g
T24gQmVoYWxmIE9mIENhcnN0ZW4gQm9ybWFubg0KPiBTZW50OiAxMyBOb3ZlbWJlciAyMDE3IDIz
OjIxDQo+IFRvOiBEci4gUGFsYQ0KPiBDYzogc3VpdEBpZXRmLm9yZw0KPiBTdWJqZWN0OiBSZTog
W1N1aXRdIFF1ZXN0aW9uIGFib3V0IGRyYWZ0LW1vcmFuLXN1aXQtbWFuaWZlc3QtMDAudHh0DQo+
DQo+IE9uIE5vdiAxMywgMjAxNywgYXQgMjI6MjksIERyLiBQYWxhIDxtYWR3b2xmQG9wZW5jYS5v
cmc+IHdyb3RlOg0KPj4gTWF5YmUgdGhlcmUgY291bGQgYmUgYWxzbyBzb21lIHNwYWNlIGZvciBj
b25zaWRlcmluZyBhZC1ob2MgKGluc3RlYWQgb2YgZ2VuZXJpYyBlbmNvZGluZyBydWxlcykgYmlu
YXJ5IGZvcm1hdHMgdGhhdCBjYW4gYmUgYmV0dGVyIHVuZGVyc3Rvb2QgYnkgZGV2aWNlIG1hbnVm
YWN0dXJlciAodGhhdCB1c3VhbGx5IGNvbXBsYWluIGFib3V0IGhhdmluZyBldmVuIGEgNS0xMGsg
ZW5jL2RlYyBsaWJyYXJ5Li4uIDpEKS4NCj4gUHJlcGFyZSB0byBzcGVuZCA3MjIgYnl0ZXMgb2Yg
Y29kZSBmb3IgdGhlIENCT1IgZGVjb2RlciBsaWJyYXJ5ICh1bmxlc3MgeW91IG5lZWQgZmxvYXRp
bmcgcG9pbnQgZGF0YSwgdGhlbiBpdCBiZWNvbWVzIGFyb3VuZCA4MDApLg0KPg0KPiBHcsO8w59l
LCBDYXJzdGVuDQo+DQo+IF9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fDQo+IFN1aXQgbWFpbGluZyBsaXN0DQo+IFN1aXRAaWV0Zi5vcmcNCj4gaHR0cHM6Ly93
d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9zdWl0DQo+IElNUE9SVEFOVCBOT1RJQ0U6IFRo
ZSBjb250ZW50cyBvZiB0aGlzIGVtYWlsIGFuZCBhbnkgYXR0YWNobWVudHMgYXJlIGNvbmZpZGVu
dGlhbCBhbmQgbWF5IGFsc28gYmUgcHJpdmlsZWdlZC4gSWYgeW91IGFyZSBub3QgdGhlIGludGVu
ZGVkIHJlY2lwaWVudCwgcGxlYXNlIG5vdGlmeSB0aGUgc2VuZGVyIGltbWVkaWF0ZWx5IGFuZCBk
byBub3QgZGlzY2xvc2UgdGhlIGNvbnRlbnRzIHRvIGFueSBvdGhlciBwZXJzb24sIHVzZSBpdCBm
b3IgYW55IHB1cnBvc2UsIG9yIHN0b3JlIG9yIGNvcHkgdGhlIGluZm9ybWF0aW9uIGluIGFueSBt
ZWRpdW0uIFRoYW5rIHlvdS4NCj4gX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX18NCj4gU3VpdCBtYWlsaW5nIGxpc3QNCj4gU3VpdEBpZXRmLm9yZw0KPiBodHRw
czovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL3N1aXQNCg0KX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18NClN1aXQgbWFpbGluZyBsaXN0DQpTdWl0
QGlldGYub3JnDQpodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL3N1aXQNCklN
UE9SVEFOVCBOT1RJQ0U6IFRoZSBjb250ZW50cyBvZiB0aGlzIGVtYWlsIGFuZCBhbnkgYXR0YWNo
bWVudHMgYXJlIGNvbmZpZGVudGlhbCBhbmQgbWF5IGFsc28gYmUgcHJpdmlsZWdlZC4gSWYgeW91
IGFyZSBub3QgdGhlIGludGVuZGVkIHJlY2lwaWVudCwgcGxlYXNlIG5vdGlmeSB0aGUgc2VuZGVy
IGltbWVkaWF0ZWx5IGFuZCBkbyBub3QgZGlzY2xvc2UgdGhlIGNvbnRlbnRzIHRvIGFueSBvdGhl
ciBwZXJzb24sIHVzZSBpdCBmb3IgYW55IHB1cnBvc2UsIG9yIHN0b3JlIG9yIGNvcHkgdGhlIGlu
Zm9ybWF0aW9uIGluIGFueSBtZWRpdW0uIFRoYW5rIHlvdS4NCg==


From nobody Mon Nov 13 23:03:39 2017
Return-Path: <david.waltermire@nist.gov>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 17135129480 for <suit@ietfa.amsl.com>; Mon, 13 Nov 2017 23:03:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CANeav2zCUO3 for <suit@ietfa.amsl.com>; Mon, 13 Nov 2017 23:03:33 -0800 (PST)
Received: from gcc01-dm2-obe.outbound.protection.outlook.com (mail-dm2gcc01on0111.outbound.protection.outlook.com [23.103.201.111]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 084EA129482 for <suit@ietf.org>; Mon, 13 Nov 2017 23:03:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=x/mIuabKNrnCGcHQB2Up1hVXBKmAJwHAjZgwNip5ydo=; b=gVYK8lMp56IySuwrK5Yi5IkGg2P0g6tTpB6KUDQXKF0Co/rNuoMHnqGv4XaGVJUmysjvBG842Km5atik5PI8uKrCk0xm0qG+cVCKNiYReb67SPy0KP39TTDlSN4QEXp/FsaSvPzEJDdZPq29PwsFzuHofatbB8HCCxRCEugNPk8=
Received: from CY4PR09MB1495.namprd09.prod.outlook.com (10.173.191.141) by CY4PR09MB1495.namprd09.prod.outlook.com (10.173.191.141) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.218.12; Tue, 14 Nov 2017 07:03:25 +0000
Received: from CY4PR09MB1495.namprd09.prod.outlook.com ([10.173.191.141]) by CY4PR09MB1495.namprd09.prod.outlook.com ([10.173.191.141]) with mapi id 15.20.0218.015; Tue, 14 Nov 2017 07:03:25 +0000
From: "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, Jari Arkko <jari.arkko@piuha.net>, Madjid Nakhjiri <m.nakhjiri@samsung.com>
CC: "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] Follow-up re: my comment on charter and software sources and permissions
Thread-Index: AQHTXF9IPqBvUc95ukW1b9Xp7Poj86MTaroAgAAEEICAAAFzAIAAAxHo
Date: Tue, 14 Nov 2017 07:03:25 +0000
Message-ID: <CY4PR09MB14956551250680822D0F8773F0280@CY4PR09MB1495.namprd09.prod.outlook.com>
References: <D8B09F1B-81EB-4780-9039-5194C6FA4621@piuha.net> <AM4PR0801MB27061B55D93718F0B9D9DAE7FA280@AM4PR0801MB2706.eurprd08.prod.outlook.com> <937DA8F2-2F12-43F9-AAC8-D5496D0221FF@piuha.net>, <AM4PR0801MB2706AE33AF4179F28C565C10FA280@AM4PR0801MB2706.eurprd08.prod.outlook.com>
In-Reply-To: <AM4PR0801MB2706AE33AF4179F28C565C10FA280@AM4PR0801MB2706.eurprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: spf=none (sender IP is ) smtp.mailfrom=david.waltermire@nist.gov; 
x-originating-ip: [2001:67c:370:128:8c0c:680d:57b7:3276]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; CY4PR09MB1495; 6:EE4msy5wiOeyIr71I1uM2yNceq/UJP29dB9YSJGABu/I4DxRPxlEm6e5K64SJiTWDXi7qPasCuDEnGO4zofhJ/vE13fuVYSqAFrpx6NTBJoQsLAZdforA3rh/El9EgqE3VOjI31N79Kusy2cMsEO4qf1W3BKRCkH61RkUKCDnDLdCINoeVQoYI/sDTcM3XGoUfs1IJAji8TVT+vr+R38vziON0UKiu6uPb4DDyw4TXWMRLc5BQHtsyMvPTl/20KX7V63temjjucYpAbmRRLzF0MILb94VazvdicopzZYZfTTfjCcmSeedefcVn+fMZMl83RhQ8ubtn/0EPVZw76YZIpgsfusxQiiOzU8rsMmVT8=; 5:LKATA1CJlMYJR1IUUdjVklp5KTHUERaMsTmS4DYXKxx+APaI3nIXgjBMmnQ/stc+x5Slmqh05TjFOM3UwbpsT7IS6LeJt3roqKVsssiosbenQlRQrBGP1veRjHuWlRl1OjMsDqhaIktCBstAMvlGHdWck/YJSVcKzzmbcM6HvfI=; 24:gZAzAxYt+Ajs9z42EAkxKQ1cDVRHK3j9qpBO7bsfDE3iS0dVjpvg4z6unG1Fg2dU2XfDWXyGbvZ5iFgypU2qdQFr+UonBhl2AUbZiXticpY=; 7:ZHOF6dEreHMa0gSmHLv45tlNYJlYs2chsiGWHj3W/sAolurcLcVIeVEMhsCrcqltVTl2wUlOcOJwNN9JbwyGwjm70hGbJlqXKDC29o13naBN7eTJ9N2Y0Ey41bRFr16iRacslZfkhqrv0SnhkP5J4eyWhNzvBlcRiNEzo9EHA1hov28+jBLOVV3eLobJkimZWke75Rv6VHwUk0qMesDe3VVJkR1+shE9mW0VGiY9u/HFZj8cSSteBXYcxtHUswgp
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 8f84d8c1-95bd-4443-1242-08d52b2dccda
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(2017052603199); SRVR:CY4PR09MB1495; 
x-ms-traffictypediagnostic: CY4PR09MB1495:
x-microsoft-antispam-prvs: <CY4PR09MB149590B9C610F8F32FA3B826F0280@CY4PR09MB1495.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(180628864354917)(189930954265078)(219752817060721); 
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(3231022)(100000703101)(100105400095)(10201501046)(93006095)(93001095)(3002001)(6055026)(6041248)(20161123562025)(20161123564025)(20161123558100)(20161123555025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:CY4PR09MB1495; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:CY4PR09MB1495; 
x-forefront-prvs: 04916EA04C
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(39860400002)(346002)(189002)(13464003)(40434004)(199003)(7736002)(4326008)(7696004)(55016002)(6606003)(14454004)(2950100002)(33656002)(50986999)(68736007)(53546010)(5660300001)(76176999)(54356999)(606006)(8676002)(81166006)(105586002)(81156014)(106356001)(8936002)(101416001)(3660700001)(74316002)(53936002)(19627405001)(2900100001)(54896002)(236005)(9686003)(6306002)(6246003)(6436002)(6116002)(77096006)(6506006)(86362001)(3280700002)(2906002)(110136005)(25786009)(575784001)(316002)(5890100001)(45080400002)(97736004)(478600001)(99286004)(189998001)(966005)(229853002)(93886005)(102836003); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR09MB1495; H:CY4PR09MB1495.namprd09.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords;  MX:1; A:1; LANG:en; 
received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_CY4PR09MB14956551250680822D0F8773F0280CY4PR09MB1495namp_"
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-Network-Message-Id: 8f84d8c1-95bd-4443-1242-08d52b2dccda
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Nov 2017 07:03:25.2221 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR09MB1495
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/ffst_i_InH65Um2dI9r2xvYOEVE>
Subject: Re: [Suit] Follow-up re: my comment on charter and software sources and permissions
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Nov 2017 07:03:37 -0000

--_000_CY4PR09MB14956551250680822D0F8773F0280CY4PR09MB1495namp_
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable

Given that we are working to post updated charter text in the next couple d=
ays for review, it would be good to hear about any concerns with or support=
 for adding Jari's text to the charter. Please also indicate if you would l=
ike to see adjusted text instead.


Thanks,

Dave


________________________________
From: Suit <suit-bounces@ietf.org> on behalf of Hannes Tschofenig <Hannes.T=
schofenig@arm.com>
Sent: Tuesday, November 14, 2017 2:47 PM
To: Jari Arkko; Madjid Nakhjiri
Cc: suit@ietf.org
Subject: Re: [Suit] Follow-up re: my comment on charter and software source=
s and permissions

Hi Jari,

I believe I understand where you are heading with your remarks.

The question to me is whether this is something that has to go into the cha=
rter text or into a document of the group.

Ciao
Hannes


-----Original Message-----
From: Jari Arkko [mailto:jari.arkko@piuha.net]
Sent: 14 November 2017 14:43
To: Hannes Tschofenig; Madjid Nakhjiri
Cc: suit@ietf.org
Subject: Re: [Suit] Follow-up re: my comment on charter and software source=
s and permissions

Hannes =97 the manufacturer example was just that, an example. I definitely=
 agree that we shouldn=92t write anything about manufacturers or owners! Wh=
at I=92d like to have, however, is a recognition that there=92s a need to s=
upport a bit more expressive power in our mechanisms to support some of the=
 cases that can come up. I sent some suggested text earlier in this thread,=
 but other text would work as well.

Madjid =97 I was thinking of the kinds of permission models that e.g., the =
architecture draft (draft-moran-suit-architecture) talks about in Section 3=
.7. That example is from a slightly different use case than I had in mind, =
but it is another example.

Jari



IMPORTANT NOTICE: The contents of this email and any attachments are confid=
ential and may also be privileged. If you are not the intended recipient, p=
lease notify the sender immediately and do not disclose the contents to any=
 other person, use it for any purpose, or store or copy the information in =
any medium. Thank you.
_______________________________________________
Suit mailing list
Suit@ietf.org
https://na01.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fwww.ietf=
.org%2Fmailman%2Flistinfo%2Fsuit&data=3D02%7C01%7Cdavid.waltermire%40nist.g=
ov%7C9692f18aca764711c63108d52b2ba5f7%7C2ab5d82fd8fa4797a93e054655c61dec%7C=
1%7C0%7C636462388821450489&sdata=3Dy0f44wdKDfaCxtsplZ1iwjTULuoiHFw%2F7F381m=
jTZIE%3D&reserved=3D0

--_000_CY4PR09MB14956551250680822D0F8773F0280CY4PR09MB1495namp_
Content-Type: text/html; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable

<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3DWindows-1=
252">
<style type=3D"text/css" style=3D"display:none;"><!-- P {margin-top:0;margi=
n-bottom:0;} --></style>
</head>
<body dir=3D"ltr">
<div id=3D"divtagdefaultwrapper" style=3D"color: rgb(0, 0, 0); font-family:=
 Calibri,Helvetica,sans-serif,'EmojiFont','Apple Color Emoji', 'Segoe UI Em=
oji', NotoColorEmoji, 'Segoe UI Symbol', 'Android Emoji', EmojiSymbols; fon=
t-size: 12pt;" dir=3D"ltr">
<p>Given that we are working to post&nbsp;updated charter text in the next =
couple days for&nbsp;review, it would be good to hear about any concerns wi=
th or support for&nbsp;adding Jari's text to the charter. Please also indic=
ate if you would like to see adjusted text instead.</p>
<p><br>
</p>
<p>Thanks,</p>
<p>Dave<br>
</p>
<br>
<br>
<div style=3D"color: rgb(0, 0, 0);">
<hr tabindex=3D"-1" style=3D"width: 98%; display: inline-block;">
<div id=3D"divRplyFwdMsg" dir=3D"ltr"><font color=3D"#000000" face=3D"Calib=
ri, sans-serif" style=3D"font-size: 11pt;"><b>From:</b> Suit &lt;suit-bounc=
es@ietf.org&gt; on behalf of Hannes Tschofenig &lt;Hannes.Tschofenig@arm.co=
m&gt;<br>
<b>Sent:</b> Tuesday, November 14, 2017 2:47 PM<br>
<b>To:</b> Jari Arkko; Madjid Nakhjiri<br>
<b>Cc:</b> suit@ietf.org<br>
<b>Subject:</b> Re: [Suit] Follow-up re: my comment on charter and software=
 sources and permissions</font>
<div>&nbsp;</div>
</div>
<div class=3D"BodyFragment"><font size=3D"2"><span style=3D"font-size: 10pt=
;">
<div class=3D"PlainText">Hi Jari,<br>
<br>
I believe I understand where you are heading with your remarks.<br>
<br>
The question to me is whether this is something that has to go into the cha=
rter text or into a document of the group.<br>
<br>
Ciao<br>
Hannes<br>
<br>
<br>
-----Original Message-----<br>
From: Jari Arkko [<a href=3D"mailto:jari.arkko@piuha.net">mailto:jari.arkko=
@piuha.net</a>]<br>
Sent: 14 November 2017 14:43<br>
To: Hannes Tschofenig; Madjid Nakhjiri<br>
Cc: suit@ietf.org<br>
Subject: Re: [Suit] Follow-up re: my comment on charter and software source=
s and permissions<br>
<br>
Hannes =97 the manufacturer example was just that, an example. I definitely=
 agree that we shouldn=92t write anything about manufacturers or owners! Wh=
at I=92d like to have, however, is a recognition that there=92s a need to s=
upport a bit more expressive power in our
 mechanisms to support some of the cases that can come up. I sent some sugg=
ested text earlier in this thread, but other text would work as well.<br>
<br>
Madjid =97 I was thinking of the kinds of permission models that e.g., the =
architecture draft (draft-moran-suit-architecture) talks about in Section 3=
.7. That example is from a slightly different use case than I had in mind, =
but it is another example.<br>
<br>
Jari<br>
<br>
<br>
<br>
IMPORTANT NOTICE: The contents of this email and any attachments are confid=
ential and may also be privileged. If you are not the intended recipient, p=
lease notify the sender immediately and do not disclose the contents to any=
 other person, use it for any purpose,
 or store or copy the information in any medium. Thank you.<br>
_______________________________________________<br>
Suit mailing list<br>
Suit@ietf.org<br>
<a href=3D"https://na01.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F=
%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fsuit&amp;data=3D02%7C01%7Cdavid.walt=
ermire%40nist.gov%7C9692f18aca764711c63108d52b2ba5f7%7C2ab5d82fd8fa4797a93e=
054655c61dec%7C1%7C0%7C636462388821450489&amp;sdata=3Dy0f44wdKDfaCxtsplZ1iw=
jTULuoiHFw%2F7F381mjTZIE%3D&amp;reserved=3D0">https://na01.safelinks.protec=
tion.outlook.com/?url=3Dhttps%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fs=
uit&amp;data=3D02%7C01%7Cdavid.waltermire%40nist.gov%7C9692f18aca764711c631=
08d52b2ba5f7%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C63646238882145048=
9&amp;sdata=3Dy0f44wdKDfaCxtsplZ1iwjTULuoiHFw%2F7F381mjTZIE%3D&amp;reserved=
=3D0</a><br>
</div>
</span></font></div>
</div>
</div>
</body>
</html>

--_000_CY4PR09MB14956551250680822D0F8773F0280CY4PR09MB1495namp_--


From nobody Tue Nov 14 01:41:43 2017
Return-Path: <Brendan.Moran@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3972E124B09 for <suit@ietfa.amsl.com>; Tue, 14 Nov 2017 01:41:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.701
X-Spam-Level: 
X-Spam-Status: No, score=-4.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id amJVeJfAIQ8K for <suit@ietfa.amsl.com>; Tue, 14 Nov 2017 01:41:35 -0800 (PST)
Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-eopbgr50064.outbound.protection.outlook.com [40.107.5.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AE39F12426E for <suit@ietf.org>; Tue, 14 Nov 2017 01:41:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=pr+0KyJ0LV5MRzqSNia94iKqBfPAunXtbPucST2H7QQ=; b=lSqAoAvML4F05BHXhMDqHMAGq9VsBE/yJJuCBa0V2OHSIxNotv1rIBR1BYTd9/rPQpavj+5Dak0sILDrN1pwvVWe8JJEMg+1GD5e2XKrQ+A9Dbav0RC90JlESTC4oDiRYINvegOqBZMpUVpjPEMzXdsdQZwUYgKRQZeCeTUQIlk=
Received: from DB5PR08MB0615.eurprd08.prod.outlook.com (10.169.32.149) by DB5PR08MB0615.eurprd08.prod.outlook.com (10.169.32.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.218.12; Tue, 14 Nov 2017 09:41:32 +0000
Received: from DB5PR08MB0615.eurprd08.prod.outlook.com ([fe80::b123:af71:1ed2:1057]) by DB5PR08MB0615.eurprd08.prod.outlook.com ([fe80::b123:af71:1ed2:1057%14]) with mapi id 15.20.0218.015; Tue, 14 Nov 2017 09:41:32 +0000
From: Brendan Moran <Brendan.Moran@arm.com>
To: "Dr. Pala" <madwolf@openca.org>
CC: "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] Question about draft-moran-suit-manifest-00.txt
Thread-Index: AQHTXFApDWqRr90y5kihihr5X1wnAaMSXzedgAAOS4CAAQMVRoAAMEmA
Date: Tue, 14 Nov 2017 09:41:32 +0000
Message-ID: <C26B5B38-C1BE-4121-AFE4-65E6019F7D69@arm.com>
References: <6437dc89-4706-dcdd-3b7a-f073c44ccfdb@openca.org> <AM4PR0801MB2706FE1F98DFBA3E21404C4DFA2B0@AM4PR0801MB2706.eurprd08.prod.outlook.com> <e3f60704-880c-9434-90c9-d77b60dbe356@openca.org> <7507EE90-328A-4D30-BD75-FCED69B906A7@tzi.org> <AM4PR0801MB27060ECF95BA654C4108C6B5FA280@AM4PR0801MB2706.eurprd08.prod.outlook.com> <23bdd985-6655-97d6-d7b4-ad16fc3c7fab@openca.org>
In-Reply-To: <23bdd985-6655-97d6-d7b4-ad16fc3c7fab@openca.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-mailer: Apple Mail (2.3273)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Brendan.Moran@arm.com; 
x-originating-ip: [217.140.96.140]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DB5PR08MB0615; 6:sMI06KGPUDUyBEFrkSqMBpVHkaA2Oql8y18vWXvU+xp+XB8g2ch3zpTXrmfslQyLf3hFc60ffHTlnEf3D9rO5IdNdnYrpEdDdvjW6xHB6hrFHc0Lx94pYNUuXCwU2BaFvAjJZjMQHEtnS312WzRCwM0Hv2iZ+s8d29wk0bGKP4OZ9WPArkJcxPs8PCoUNXk804+0TpdMSAbW9zF6MBcKG6B098C1F18j+k5KhZZVI/srUd4VCAqVX1Xz2EtOIRKkNwC8Xp/vlXeaU8z3VQ1I1ypJuW4w/e7zR5ecjcsa1yl/KMQKIYcH/yD44jSsIkbHKRheQgFOq8WhYG1Ge9fWRP+oQ8BK4kigCUMSAqVT3OI=; 5:XOu4uqqTSx+YcYHVLQlb2CFLKU6yCFjimXbYgECH11dNqikd1kfAZgaOXl6O4ZA5s/nLqXLAxflUMer+hucVL7EeYhaWX3F+Qbz10NSQxgi2vXEG5guGnH52bz3KDQjmH9Z39Xy6SvdwOkSOa7Rt2q+FFidgxFJqaudCNSmDLiE=; 24:r7BdZjhRGRf490GSjjTspBe+Nfxik0do1WeXutjDanGEZp2nGN0Sv+sn/w8tBtxdvdFqd+3k0uPYGKjAc8y0DaHs3gpNjXu1/uNGFHeqNHk=; 7:lRLaFlLiwAGa208gq3Fa38LXxRcXVebA7Qz5bsXlNdSlHEI74TLn4Xpd0NZ8In84G7oatH1j3bbN1VZQSqw4QU3j0VXtK5Lq8IbQ2Cmw3+liZ3endsJJuKYu3jNuMD4wn0hVlvHXkIdcuxx1aTI7oHvg0YXk4A6tbI75NLzeH0Tl2+rW+55gyMeuxVB4UeRa2xERJRKtcFRFWZrEsClS/cSun0KnCybTGYai5RguodatOp6N3vSc0SKwpmTT6OC6
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: d23165e7-f1d9-4ac6-5e17-08d52b43e37a
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603199); SRVR:DB5PR08MB0615; 
x-ms-traffictypediagnostic: DB5PR08MB0615:
x-microsoft-antispam-prvs: <DB5PR08MB06155AE45C2E7D49F9DF71DBEA280@DB5PR08MB0615.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(100000703101)(100105400095)(3002001)(93006095)(93001095)(10201501046)(3231022)(6055026)(6041248)(20161123564025)(20161123555025)(20161123558100)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123562025)(20161123560025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:DB5PR08MB0615; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:DB5PR08MB0615; 
x-forefront-prvs: 04916EA04C
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(39860400002)(376002)(346002)(189002)(40434004)(24454002)(13464003)(199003)(82746002)(6916009)(2950100002)(6436002)(57306001)(230783001)(6246003)(229853002)(25786009)(6486002)(6506006)(189998001)(5890100001)(105586002)(97736004)(305945005)(86362001)(93886005)(99286004)(83716003)(66066001)(316002)(106356001)(5250100002)(7736002)(14454004)(5660300001)(53936002)(2906002)(6512007)(6306002)(2900100001)(50986999)(76176999)(53546010)(478600001)(6116002)(33656002)(101416001)(966005)(72206003)(3846002)(102836003)(36756003)(4326008)(81166006)(50226002)(81156014)(3660700001)(8936002)(68736007)(3280700002)(8676002); DIR:OUT; SFP:1101; SCL:1; SRVR:DB5PR08MB0615; H:DB5PR08MB0615.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords;  MX:1; A:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <C8476E80FB72E348BC1D676D7F2D60F3@eurprd08.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d23165e7-f1d9-4ac6-5e17-08d52b43e37a
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Nov 2017 09:41:32.1262 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB5PR08MB0615
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/qJi6-qIveSA2In9f3FAb2x27aTI>
Subject: Re: [Suit] Question about draft-moran-suit-manifest-00.txt
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Nov 2017 09:41:42 -0000

WWVzIENPU0UgcGVybWl0cyB0aGlzIGZvciB2ZXJ5IGxpdHRsZSBvdmVyaGVhZCBhYm92ZSB0aGUg
Q0JPUiBwYXJzZXIgYW5kIHRoZSBzaWduYXR1cmUgdmVyaWZpY2F0aW9uIG1lY2hhbmlzbS4NCg0K
QmVzdCBSZWdhcmRzLA0KQnJlbmRhbg0KDQo+IE9uIDE0IE5vdiAyMDE3LCBhdCAwNjo0OCwgRHIu
IFBhbGEgPG1hZHdvbGZAb3BlbmNhLm9yZz4gd3JvdGU6DQo+DQo+IEhpIEhhbm5lcywNCj4NCj4g
TWF5YmUgSSBhbSB3cm9uZywgYnV0IEkgaXQgbWlnaHQgbm90IG5lY2Vzc2FyaWx5IGJlIHRydWUu
IENvdWxkLCBmb3IgZXhhbXBsZSwgdGhlIGF1dGhlbnRpY2F0aW9uIGRhdGEgYmUgYSBQS0lYIGRl
dGFjaGVkIHNpZ25hdHVyZSBvdmVyIHRoZSBDQk9SIGJsb2IgPw0KPg0KPiBDaGVlcnMsDQo+IE1h
eA0KPg0KPg0KPiBPbiAxMS8xNC8xNyAyOjI5IFBNLCBIYW5uZXMgVHNjaG9mZW5pZyB3cm90ZToN
Cj4+IENhcnN0ZW4sDQo+Pg0KPj4gSXQgaXMgbm90IGp1c3QgQ0JPUiBidXQgYWxzbyBDT1NFIHRo
YXQgbmVlZHMgdG8gYmUgaW1wbGVtZW50ZWQuDQo+Pg0KPj4gQ2lhbw0KPj4gSGFubmVzDQo+Pg0K
Pj4NCj4+IC0tLS0tT3JpZ2luYWwgTWVzc2FnZS0tLS0tDQo+PiBGcm9tOiBTdWl0IFttYWlsdG86
c3VpdC1ib3VuY2VzQGlldGYub3JnXSBPbiBCZWhhbGYgT2YgQ2Fyc3RlbiBCb3JtYW5uDQo+PiBT
ZW50OiAxMyBOb3ZlbWJlciAyMDE3IDIzOjIxDQo+PiBUbzogRHIuIFBhbGENCj4+IENjOiBzdWl0
QGlldGYub3JnDQo+PiBTdWJqZWN0OiBSZTogW1N1aXRdIFF1ZXN0aW9uIGFib3V0IGRyYWZ0LW1v
cmFuLXN1aXQtbWFuaWZlc3QtMDAudHh0DQo+Pg0KPj4gT24gTm92IDEzLCAyMDE3LCBhdCAyMjoy
OSwgRHIuIFBhbGEgPG1hZHdvbGZAb3BlbmNhLm9yZz4gd3JvdGU6DQo+Pj4gTWF5YmUgdGhlcmUg
Y291bGQgYmUgYWxzbyBzb21lIHNwYWNlIGZvciBjb25zaWRlcmluZyBhZC1ob2MgKGluc3RlYWQg
b2YgZ2VuZXJpYyBlbmNvZGluZyBydWxlcykgYmluYXJ5IGZvcm1hdHMgdGhhdCBjYW4gYmUgYmV0
dGVyIHVuZGVyc3Rvb2QgYnkgZGV2aWNlIG1hbnVmYWN0dXJlciAodGhhdCB1c3VhbGx5IGNvbXBs
YWluIGFib3V0IGhhdmluZyBldmVuIGEgNS0xMGsgZW5jL2RlYyBsaWJyYXJ5Li4uIDpEKS4NCj4+
IFByZXBhcmUgdG8gc3BlbmQgNzIyIGJ5dGVzIG9mIGNvZGUgZm9yIHRoZSBDQk9SIGRlY29kZXIg
bGlicmFyeSAodW5sZXNzIHlvdSBuZWVkIGZsb2F0aW5nIHBvaW50IGRhdGEsIHRoZW4gaXQgYmVj
b21lcyBhcm91bmQgODAwKS4NCj4+DQo+PiBHcsO8w59lLCBDYXJzdGVuDQo+Pg0KPj4gX19fX19f
X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18NCj4+IFN1aXQgbWFpbGlu
ZyBsaXN0DQo+PiBTdWl0QGlldGYub3JnDQo+PiBodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFu
L2xpc3RpbmZvL3N1aXQNCj4+IElNUE9SVEFOVCBOT1RJQ0U6IFRoZSBjb250ZW50cyBvZiB0aGlz
IGVtYWlsIGFuZCBhbnkgYXR0YWNobWVudHMgYXJlIGNvbmZpZGVudGlhbCBhbmQgbWF5IGFsc28g
YmUgcHJpdmlsZWdlZC4gSWYgeW91IGFyZSBub3QgdGhlIGludGVuZGVkIHJlY2lwaWVudCwgcGxl
YXNlIG5vdGlmeSB0aGUgc2VuZGVyIGltbWVkaWF0ZWx5IGFuZCBkbyBub3QgZGlzY2xvc2UgdGhl
IGNvbnRlbnRzIHRvIGFueSBvdGhlciBwZXJzb24sIHVzZSBpdCBmb3IgYW55IHB1cnBvc2UsIG9y
IHN0b3JlIG9yIGNvcHkgdGhlIGluZm9ybWF0aW9uIGluIGFueSBtZWRpdW0uIFRoYW5rIHlvdS4N
Cj4+IF9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fDQo+PiBT
dWl0IG1haWxpbmcgbGlzdA0KPj4gU3VpdEBpZXRmLm9yZw0KPj4gaHR0cHM6Ly93d3cuaWV0Zi5v
cmcvbWFpbG1hbi9saXN0aW5mby9zdWl0DQo+DQo+IF9fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fX19fX19fDQo+IFN1aXQgbWFpbGluZyBsaXN0DQo+IFN1aXRAaWV0Zi5v
cmcNCj4gaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9zdWl0DQoNCklNUE9S
VEFOVCBOT1RJQ0U6IFRoZSBjb250ZW50cyBvZiB0aGlzIGVtYWlsIGFuZCBhbnkgYXR0YWNobWVu
dHMgYXJlIGNvbmZpZGVudGlhbCBhbmQgbWF5IGFsc28gYmUgcHJpdmlsZWdlZC4gSWYgeW91IGFy
ZSBub3QgdGhlIGludGVuZGVkIHJlY2lwaWVudCwgcGxlYXNlIG5vdGlmeSB0aGUgc2VuZGVyIGlt
bWVkaWF0ZWx5IGFuZCBkbyBub3QgZGlzY2xvc2UgdGhlIGNvbnRlbnRzIHRvIGFueSBvdGhlciBw
ZXJzb24sIHVzZSBpdCBmb3IgYW55IHB1cnBvc2UsIG9yIHN0b3JlIG9yIGNvcHkgdGhlIGluZm9y
bWF0aW9uIGluIGFueSBtZWRpdW0uIFRoYW5rIHlvdS4NCg==


From nobody Tue Nov 14 01:43:11 2017
Return-Path: <Brendan.Moran@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A8604124B09 for <suit@ietfa.amsl.com>; Tue, 14 Nov 2017 01:43:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.069
X-Spam-Level: 
X-Spam-Status: No, score=0.069 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lnSVtC8vvvJD for <suit@ietfa.amsl.com>; Tue, 14 Nov 2017 01:43:08 -0800 (PST)
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-ve1eur01on0077.outbound.protection.outlook.com [104.47.1.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3003612426E for <suit@ietf.org>; Tue, 14 Nov 2017 01:43:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=kWg81QtuZ+v62/Ql5denazqJg3xx7epxR0J9uf5w4W4=; b=ULcPur/i4tr9/37l9xqDdtTkGSdW9ksd853PQCsOqhY83j3NODD9dFMdNk0YxLk9TRC6tsHS1oOENKGIHipgMIz9Jk27VkD9tkEpbKm6mZ/SJmuQW9LkG1IKrgZo7Ol9WrNEELh8chRZxt4tlPwsRIjPNsaTa8veZkx7qQtkcHM=
Received: from DB5PR08MB0615.eurprd08.prod.outlook.com (10.169.32.149) by VI1PR0801MB2720.eurprd08.prod.outlook.com (10.166.198.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.218.12; Tue, 14 Nov 2017 09:43:05 +0000
Received: from DB5PR08MB0615.eurprd08.prod.outlook.com ([fe80::b123:af71:1ed2:1057]) by DB5PR08MB0615.eurprd08.prod.outlook.com ([fe80::b123:af71:1ed2:1057%14]) with mapi id 15.20.0218.015; Tue, 14 Nov 2017 09:43:04 +0000
From: Brendan Moran <Brendan.Moran@arm.com>
To: "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>
CC: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, Jari Arkko <jari.arkko@piuha.net>, Madjid Nakhjiri <m.nakhjiri@samsung.com>, "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] Follow-up re: my comment on charter and software sources and permissions
Thread-Index: AQHTXF9DDw5k04gFSUCrBKpMFL8awqMTaroAgAAEEICAAAFzAIAAAxHogAAt4YA=
Date: Tue, 14 Nov 2017 09:43:04 +0000
Message-ID: <8CBFE539-BC1A-438A-9F9C-3F39B2648571@arm.com>
References: <D8B09F1B-81EB-4780-9039-5194C6FA4621@piuha.net> <AM4PR0801MB27061B55D93718F0B9D9DAE7FA280@AM4PR0801MB2706.eurprd08.prod.outlook.com> <937DA8F2-2F12-43F9-AAC8-D5496D0221FF@piuha.net> <AM4PR0801MB2706AE33AF4179F28C565C10FA280@AM4PR0801MB2706.eurprd08.prod.outlook.com> <CY4PR09MB14956551250680822D0F8773F0280@CY4PR09MB1495.namprd09.prod.outlook.com>
In-Reply-To: <CY4PR09MB14956551250680822D0F8773F0280@CY4PR09MB1495.namprd09.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-mailer: Apple Mail (2.3273)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Brendan.Moran@arm.com; 
x-originating-ip: [217.140.96.140]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; VI1PR0801MB2720; 6:Fqa2VRcpCtgpBLmgMwXyGB27XYvZe1+I5OZpwrbeqpV2JZum+MNObrXLhKNFtIKP34xFtBN1ua4mW2xZA/0pDQZ/gx9Lg3LcnEeffn6NbCEI5fAveyDGioAVIWXy5Onmx2Hu4IbErZX6bkl+loAXPp02lH+TJ2GtmPC/zS0IGG1IJ6TDm1S9T4/ezKy9eCmyrONN59g0TdUOkYYiFgoqUujw2NeOVIcHPjJsyzialfHn3LQc5CpVd8HfcvTaW1ihmOYJLBqZBuJ5IzjXN+ckG8sUX+CFmGfYB0sZMtU617W3oL+bqvwjzBAe3drcZDwJ7bmh3pywgK59p0ZJUEnjhRWwIWkPCsoRTItQmadqNf4=; 5:olr46fYmZfgCxsc3xbWrMgi+LPSkWNlZtD46GiBkiU878n722jscfvVUjw0Kx7+CvqWyzz77kxAoXN/at+cQ7nl+jfQkWfKud2hcT+2HRmph6oBNVeYBDIGsz91teSqYg4RKcZ1Rv8Rt3RTqOTGqJd2XVz8rIbMpCK28ODoGduY=; 24:QpxqV/oExKfP0gcf3DFaK6W53QLHXs5gQY2SIQNVYsLvZ4qSNC+pKFcQrxxvc3Nn0v3xoo95rgkuQGhETo/NrLmw8xd1AaM2UWqEVy7eoRs=; 7:nlOsRO+30xJiXX9JqcbZpbL+ELIxEowmvqPPp9r1x43V2BlaSNQge2nZSWQ2ORpBfXMuyCx/YKJYlJ0GSRopdZBBhRZX0Y/m5k74lPCaJjshb9EBWrUxGn13LG04oQtU+aBQ66C0A5CKB7WjvfZxVPH9P2y9jbcFjx6azgU7xetCVuWJQqaoncrMCEWImww67xwxpx53hfk/ogXLm0D3bgn7JTxGebr7IkzL/7SIQ3ZOd6I8jJM4otHjHPSuuEaU
x-ms-exchange-antispam-srfa-diagnostics: SSOS;SSOR;
x-ms-office365-filtering-correlation-id: 72b70951-d7cf-4353-0ea6-08d52b441a96
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(2017052603199); SRVR:VI1PR0801MB2720; 
x-ms-traffictypediagnostic: VI1PR0801MB2720:
x-microsoft-antispam-prvs: <VI1PR0801MB27202FA140CB775D0549BBD1EA280@VI1PR0801MB2720.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(180628864354917)(65766998875637)(189930954265078)(219752817060721); 
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(100000703101)(100105400095)(93006095)(93001095)(3231022)(10201501046)(3002001)(6055026)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123562025)(20161123558100)(20161123555025)(20161123560025)(20161123564025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:VI1PR0801MB2720; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:VI1PR0801MB2720; 
x-forefront-prvs: 04916EA04C
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39860400002)(346002)(376002)(40434004)(24454002)(13464003)(199003)(189002)(6436002)(82746002)(2906002)(8676002)(66066001)(83716003)(229853002)(105586002)(50226002)(316002)(54896002)(6512007)(3280700002)(189998001)(8936002)(3660700001)(6306002)(81166006)(6486002)(81156014)(5660300001)(54906003)(36756003)(57306001)(6506006)(97736004)(25786009)(14454004)(93886005)(5250100002)(101416001)(99286004)(8656006)(2950100002)(5890100001)(76176999)(50986999)(6916009)(45080400002)(478600001)(236005)(966005)(102836003)(575784001)(53546010)(86362001)(68736007)(3846002)(606006)(4326008)(6116002)(106356001)(2900100001)(7736002)(6246003)(72206003)(33656002)(53936002); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR0801MB2720; H:DB5PR08MB0615.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords;  A:1; MX:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_8CBFE539BC1A438A9F9C3F39B2648571armcom_"
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 72b70951-d7cf-4353-0ea6-08d52b441a96
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Nov 2017 09:43:04.5824 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0801MB2720
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/SB-b_n8gVDfZY0pBehMV6hkWNCI>
Subject: Re: [Suit] Follow-up re: my comment on charter and software sources and permissions
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Nov 2017 09:43:11 -0000

--_000_8CBFE539BC1A438A9F9C3F39B2648571armcom_
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64

V2hpbGUgSSBhbSBoYXBweSB3aXRoIEphcmnigJlzIHRleHQgaW4gcHJpbmNpcGxlLCBJ4oCZZCBs
aWtlIHRvIGtub3cgd2hhdCBoZSBpbnRlbmRlZCBieSDigJxzb2Z0d2FyZSBzb3VyY2Vz4oCdIHBy
aW9yIHRvIGluY2x1c2lvbiBpbiB0aGUgY2hhcnRlciB0ZXh0Lg0KDQpCZXN0IFJlZ2FyZHMsDQpC
cmVuZGFuDQoNCk9uIDE0IE5vdiAyMDE3LCBhdCAwNzowMywgV2FsdGVybWlyZSwgRGF2aWQgQS4g
KEZlZCkgPGRhdmlkLndhbHRlcm1pcmVAbmlzdC5nb3Y8bWFpbHRvOmRhdmlkLndhbHRlcm1pcmVA
bmlzdC5nb3Y+PiB3cm90ZToNCg0KR2l2ZW4gdGhhdCB3ZSBhcmUgd29ya2luZyB0byBwb3N0IHVw
ZGF0ZWQgY2hhcnRlciB0ZXh0IGluIHRoZSBuZXh0IGNvdXBsZSBkYXlzIGZvciByZXZpZXcsIGl0
IHdvdWxkIGJlIGdvb2QgdG8gaGVhciBhYm91dCBhbnkgY29uY2VybnMgd2l0aCBvciBzdXBwb3J0
IGZvciBhZGRpbmcgSmFyaSdzIHRleHQgdG8gdGhlIGNoYXJ0ZXIuIFBsZWFzZSBhbHNvIGluZGlj
YXRlIGlmIHlvdSB3b3VsZCBsaWtlIHRvIHNlZSBhZGp1c3RlZCB0ZXh0IGluc3RlYWQuDQoNClRo
YW5rcywNCkRhdmUNCg0KDQpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXw0KRnJvbTog
U3VpdCA8c3VpdC1ib3VuY2VzQGlldGYub3JnPG1haWx0bzpzdWl0LWJvdW5jZXNAaWV0Zi5vcmc+
PiBvbiBiZWhhbGYgb2YgSGFubmVzIFRzY2hvZmVuaWcgPEhhbm5lcy5Uc2Nob2ZlbmlnQGFybS5j
b208bWFpbHRvOkhhbm5lcy5Uc2Nob2ZlbmlnQGFybS5jb20+Pg0KU2VudDogVHVlc2RheSwgTm92
ZW1iZXIgMTQsIDIwMTcgMjo0NyBQTQ0KVG86IEphcmkgQXJra287IE1hZGppZCBOYWtoamlyaQ0K
Q2M6IHN1aXRAaWV0Zi5vcmc8bWFpbHRvOnN1aXRAaWV0Zi5vcmc+DQpTdWJqZWN0OiBSZTogW1N1
aXRdIEZvbGxvdy11cCByZTogbXkgY29tbWVudCBvbiBjaGFydGVyIGFuZCBzb2Z0d2FyZSBzb3Vy
Y2VzIGFuZCBwZXJtaXNzaW9ucw0KDQpIaSBKYXJpLA0KDQpJIGJlbGlldmUgSSB1bmRlcnN0YW5k
IHdoZXJlIHlvdSBhcmUgaGVhZGluZyB3aXRoIHlvdXIgcmVtYXJrcy4NCg0KVGhlIHF1ZXN0aW9u
IHRvIG1lIGlzIHdoZXRoZXIgdGhpcyBpcyBzb21ldGhpbmcgdGhhdCBoYXMgdG8gZ28gaW50byB0
aGUgY2hhcnRlciB0ZXh0IG9yIGludG8gYSBkb2N1bWVudCBvZiB0aGUgZ3JvdXAuDQoNCkNpYW8N
Ckhhbm5lcw0KDQoNCi0tLS0tT3JpZ2luYWwgTWVzc2FnZS0tLS0tDQpGcm9tOiBKYXJpIEFya2tv
IFttYWlsdG86amFyaS5hcmtrb0BwaXVoYS5uZXRdDQpTZW50OiAxNCBOb3ZlbWJlciAyMDE3IDE0
OjQzDQpUbzogSGFubmVzIFRzY2hvZmVuaWc7IE1hZGppZCBOYWtoamlyaQ0KQ2M6IHN1aXRAaWV0
Zi5vcmc8bWFpbHRvOnN1aXRAaWV0Zi5vcmc+DQpTdWJqZWN0OiBSZTogW1N1aXRdIEZvbGxvdy11
cCByZTogbXkgY29tbWVudCBvbiBjaGFydGVyIGFuZCBzb2Z0d2FyZSBzb3VyY2VzIGFuZCBwZXJt
aXNzaW9ucw0KDQpIYW5uZXMg4oCUIHRoZSBtYW51ZmFjdHVyZXIgZXhhbXBsZSB3YXMganVzdCB0
aGF0LCBhbiBleGFtcGxlLiBJIGRlZmluaXRlbHkgYWdyZWUgdGhhdCB3ZSBzaG91bGRu4oCZdCB3
cml0ZSBhbnl0aGluZyBhYm91dCBtYW51ZmFjdHVyZXJzIG9yIG93bmVycyEgV2hhdCBJ4oCZZCBs
aWtlIHRvIGhhdmUsIGhvd2V2ZXIsIGlzIGEgcmVjb2duaXRpb24gdGhhdCB0aGVyZeKAmXMgYSBu
ZWVkIHRvIHN1cHBvcnQgYSBiaXQgbW9yZSBleHByZXNzaXZlIHBvd2VyIGluIG91ciBtZWNoYW5p
c21zIHRvIHN1cHBvcnQgc29tZSBvZiB0aGUgY2FzZXMgdGhhdCBjYW4gY29tZSB1cC4gSSBzZW50
IHNvbWUgc3VnZ2VzdGVkIHRleHQgZWFybGllciBpbiB0aGlzIHRocmVhZCwgYnV0IG90aGVyIHRl
eHQgd291bGQgd29yayBhcyB3ZWxsLg0KDQpNYWRqaWQg4oCUIEkgd2FzIHRoaW5raW5nIG9mIHRo
ZSBraW5kcyBvZiBwZXJtaXNzaW9uIG1vZGVscyB0aGF0IGUuZy4sIHRoZSBhcmNoaXRlY3R1cmUg
ZHJhZnQgKGRyYWZ0LW1vcmFuLXN1aXQtYXJjaGl0ZWN0dXJlKSB0YWxrcyBhYm91dCBpbiBTZWN0
aW9uIDMuNy4gVGhhdCBleGFtcGxlIGlzIGZyb20gYSBzbGlnaHRseSBkaWZmZXJlbnQgdXNlIGNh
c2UgdGhhbiBJIGhhZCBpbiBtaW5kLCBidXQgaXQgaXMgYW5vdGhlciBleGFtcGxlLg0KDQpKYXJp
DQoNCg0KDQpJTVBPUlRBTlQgTk9USUNFOiBUaGUgY29udGVudHMgb2YgdGhpcyBlbWFpbCBhbmQg
YW55IGF0dGFjaG1lbnRzIGFyZSBjb25maWRlbnRpYWwgYW5kIG1heSBhbHNvIGJlIHByaXZpbGVn
ZWQuIElmIHlvdSBhcmUgbm90IHRoZSBpbnRlbmRlZCByZWNpcGllbnQsIHBsZWFzZSBub3RpZnkg
dGhlIHNlbmRlciBpbW1lZGlhdGVseSBhbmQgZG8gbm90IGRpc2Nsb3NlIHRoZSBjb250ZW50cyB0
byBhbnkgb3RoZXIgcGVyc29uLCB1c2UgaXQgZm9yIGFueSBwdXJwb3NlLCBvciBzdG9yZSBvciBj
b3B5IHRoZSBpbmZvcm1hdGlvbiBpbiBhbnkgbWVkaXVtLiBUaGFuayB5b3UuDQpfX19fX19fX19f
X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXw0KU3VpdCBtYWlsaW5nIGxpc3QN
ClN1aXRAaWV0Zi5vcmc8bWFpbHRvOlN1aXRAaWV0Zi5vcmc+DQpodHRwczovL25hMDEuc2FmZWxp
bmtzLnByb3RlY3Rpb24ub3V0bG9vay5jb20vP3VybD1odHRwcyUzQSUyRiUyRnd3dy5pZXRmLm9y
ZyUyRm1haWxtYW4lMkZsaXN0aW5mbyUyRnN1aXQmZGF0YT0wMiU3QzAxJTdDZGF2aWQud2FsdGVy
bWlyZSU0MG5pc3QuZ292JTdDOTY5MmYxOGFjYTc2NDcxMWM2MzEwOGQ1MmIyYmE1ZjclN0MyYWI1
ZDgyZmQ4ZmE0Nzk3YTkzZTA1NDY1NWM2MWRlYyU3QzElN0MwJTdDNjM2NDYyMzg4ODIxNDUwNDg5
JnNkYXRhPXkwZjQ0d2RLRGZhQ3h0c3BsWjFpd2pUVUx1b2lIRnclMkY3RjM4MW1qVFpJRSUzRCZy
ZXNlcnZlZD0wDQpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
Xw0KU3VpdCBtYWlsaW5nIGxpc3QNClN1aXRAaWV0Zi5vcmc8bWFpbHRvOlN1aXRAaWV0Zi5vcmc+
DQpodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL3N1aXQNCg0KSU1QT1JUQU5U
IE5PVElDRTogVGhlIGNvbnRlbnRzIG9mIHRoaXMgZW1haWwgYW5kIGFueSBhdHRhY2htZW50cyBh
cmUgY29uZmlkZW50aWFsIGFuZCBtYXkgYWxzbyBiZSBwcml2aWxlZ2VkLiBJZiB5b3UgYXJlIG5v
dCB0aGUgaW50ZW5kZWQgcmVjaXBpZW50LCBwbGVhc2Ugbm90aWZ5IHRoZSBzZW5kZXIgaW1tZWRp
YXRlbHkgYW5kIGRvIG5vdCBkaXNjbG9zZSB0aGUgY29udGVudHMgdG8gYW55IG90aGVyIHBlcnNv
biwgdXNlIGl0IGZvciBhbnkgcHVycG9zZSwgb3Igc3RvcmUgb3IgY29weSB0aGUgaW5mb3JtYXRp
b24gaW4gYW55IG1lZGl1bS4gVGhhbmsgeW91Lg0K

--_000_8CBFE539BC1A438A9F9C3F39B2648571armcom_
Content-Type: text/html; charset="utf-8"
Content-ID: <392D8770E368744BBB121432EBB23853@eurprd08.prod.outlook.com>
Content-Transfer-Encoding: base64

PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i
dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjwvaGVhZD4NCjxib2R5IHN0eWxlPSJ3b3JkLXdy
YXA6IGJyZWFrLXdvcmQ7IC13ZWJraXQtbmJzcC1tb2RlOiBzcGFjZTsgLXdlYmtpdC1saW5lLWJy
ZWFrOiBhZnRlci13aGl0ZS1zcGFjZTsiIGNsYXNzPSIiPg0KV2hpbGUgSSBhbSBoYXBweSB3aXRo
IEphcmnigJlzIHRleHQgaW4gcHJpbmNpcGxlLCBJ4oCZZCBsaWtlIHRvIGtub3cgd2hhdCBoZSBp
bnRlbmRlZCBieSDigJxzb2Z0d2FyZSBzb3VyY2Vz4oCdIHByaW9yIHRvIGluY2x1c2lvbiBpbiB0
aGUgY2hhcnRlciB0ZXh0Lg0KPGRpdiBjbGFzcz0iIj48YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCjxk
aXYgY2xhc3M9IiI+QmVzdCBSZWdhcmRzLDwvZGl2Pg0KPGRpdiBjbGFzcz0iIj5CcmVuZGFuPC9k
aXY+DQo8ZGl2IGNsYXNzPSIiPjxiciBjbGFzcz0iIj4NCjxkaXY+DQo8YmxvY2txdW90ZSB0eXBl
PSJjaXRlIiBjbGFzcz0iIj4NCjxkaXYgY2xhc3M9IiI+T24gMTQgTm92IDIwMTcsIGF0IDA3OjAz
LCBXYWx0ZXJtaXJlLCBEYXZpZCBBLiAoRmVkKSAmbHQ7PGEgaHJlZj0ibWFpbHRvOmRhdmlkLndh
bHRlcm1pcmVAbmlzdC5nb3YiIGNsYXNzPSIiPmRhdmlkLndhbHRlcm1pcmVAbmlzdC5nb3Y8L2E+
Jmd0OyB3cm90ZTo8L2Rpdj4NCjxiciBjbGFzcz0iQXBwbGUtaW50ZXJjaGFuZ2UtbmV3bGluZSI+
DQo8ZGl2IGNsYXNzPSIiPg0KPGRpdiBpZD0iZGl2dGFnZGVmYXVsdHdyYXBwZXIiIGRpcj0ibHRy
IiBzdHlsZT0iZm9udC1zdHlsZTogbm9ybWFsOyBmb250LXZhcmlhbnQtY2Fwczogbm9ybWFsOyBm
b250LXdlaWdodDogbm9ybWFsOyBsZXR0ZXItc3BhY2luZzogbm9ybWFsOyB0ZXh0LWFsaWduOiBz
dGFydDsgdGV4dC1pbmRlbnQ6IDBweDsgdGV4dC10cmFuc2Zvcm06IG5vbmU7IHdoaXRlLXNwYWNl
OiBub3JtYWw7IHdvcmQtc3BhY2luZzogMHB4OyAtd2Via2l0LXRleHQtc3Ryb2tlLXdpZHRoOiAw
cHg7IGZvbnQtZmFtaWx5OiBDYWxpYnJpLCBIZWx2ZXRpY2EsIHNhbnMtc2VyaWYsIEVtb2ppRm9u
dCwgJ0FwcGxlIENvbG9yIEVtb2ppJywgJ1NlZ29lIFVJIEVtb2ppJywgTm90b0NvbG9yRW1vamks
ICdTZWdvZSBVSSBTeW1ib2wnLCAnQW5kcm9pZCBFbW9qaScsIEVtb2ppU3ltYm9sczsgZm9udC1z
aXplOiAxMnB0OyIgY2xhc3M9IiI+DQo8ZGl2IHN0eWxlPSJtYXJnaW4tdG9wOiAwcHg7IG1hcmdp
bi1ib3R0b206IDBweDsiIGNsYXNzPSIiPkdpdmVuIHRoYXQgd2UgYXJlIHdvcmtpbmcgdG8gcG9z
dCZuYnNwO3VwZGF0ZWQgY2hhcnRlciB0ZXh0IGluIHRoZSBuZXh0IGNvdXBsZSBkYXlzIGZvciZu
YnNwO3JldmlldywgaXQgd291bGQgYmUgZ29vZCB0byBoZWFyIGFib3V0IGFueSBjb25jZXJucyB3
aXRoIG9yIHN1cHBvcnQgZm9yJm5ic3A7YWRkaW5nIEphcmkncyB0ZXh0IHRvIHRoZSBjaGFydGVy
LiBQbGVhc2UgYWxzbw0KIGluZGljYXRlIGlmIHlvdSB3b3VsZCBsaWtlIHRvIHNlZSBhZGp1c3Rl
ZCB0ZXh0IGluc3RlYWQuPC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW4tdG9wOiAwcHg7IG1hcmdp
bi1ib3R0b206IDBweDsiIGNsYXNzPSIiPjxiciBjbGFzcz0iIj4NCjwvZGl2Pg0KPGRpdiBzdHls
ZT0ibWFyZ2luLXRvcDogMHB4OyBtYXJnaW4tYm90dG9tOiAwcHg7IiBjbGFzcz0iIj5UaGFua3Ms
PC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW4tdG9wOiAwcHg7IG1hcmdpbi1ib3R0b206IDBweDsi
IGNsYXNzPSIiPkRhdmU8YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCjxiciBjbGFzcz0iIj4NCjxiciBj
bGFzcz0iIj4NCjxkaXYgc3R5bGU9IiIgY2xhc3M9IiI+DQo8aHIgdGFiaW5kZXg9Ii0xIiBzdHls
ZT0id2lkdGg6IDczNC4wMTU2MjVweDsgZGlzcGxheTogaW5saW5lLWJsb2NrOyIgY2xhc3M9IiI+
DQo8ZGl2IGlkPSJkaXZScGx5RndkTXNnIiBkaXI9Imx0ciIgY2xhc3M9IiI+PGZvbnQgZmFjZT0i
Q2FsaWJyaSwgc2Fucy1zZXJpZiIgc3R5bGU9ImZvbnQtc2l6ZTogMTFwdDsiIGNsYXNzPSIiPjxi
IGNsYXNzPSIiPkZyb206PC9iPjxzcGFuIGNsYXNzPSJBcHBsZS1jb252ZXJ0ZWQtc3BhY2UiPiZu
YnNwOzwvc3Bhbj5TdWl0ICZsdDs8YSBocmVmPSJtYWlsdG86c3VpdC1ib3VuY2VzQGlldGYub3Jn
IiBjbGFzcz0iIj5zdWl0LWJvdW5jZXNAaWV0Zi5vcmc8L2E+Jmd0OyBvbg0KIGJlaGFsZiBvZiBI
YW5uZXMgVHNjaG9mZW5pZyAmbHQ7PGEgaHJlZj0ibWFpbHRvOkhhbm5lcy5Uc2Nob2ZlbmlnQGFy
bS5jb20iIGNsYXNzPSIiPkhhbm5lcy5Uc2Nob2ZlbmlnQGFybS5jb208L2E+Jmd0OzxiciBjbGFz
cz0iIj4NCjxiIGNsYXNzPSIiPlNlbnQ6PC9iPjxzcGFuIGNsYXNzPSJBcHBsZS1jb252ZXJ0ZWQt
c3BhY2UiPiZuYnNwOzwvc3Bhbj5UdWVzZGF5LCBOb3ZlbWJlciAxNCwgMjAxNyAyOjQ3IFBNPGJy
IGNsYXNzPSIiPg0KPGIgY2xhc3M9IiI+VG86PC9iPjxzcGFuIGNsYXNzPSJBcHBsZS1jb252ZXJ0
ZWQtc3BhY2UiPiZuYnNwOzwvc3Bhbj5KYXJpIEFya2tvOyBNYWRqaWQgTmFraGppcmk8YnIgY2xh
c3M9IiI+DQo8YiBjbGFzcz0iIj5DYzo8L2I+PHNwYW4gY2xhc3M9IkFwcGxlLWNvbnZlcnRlZC1z
cGFjZSI+Jm5ic3A7PC9zcGFuPjxhIGhyZWY9Im1haWx0bzpzdWl0QGlldGYub3JnIiBjbGFzcz0i
Ij5zdWl0QGlldGYub3JnPC9hPjxiciBjbGFzcz0iIj4NCjxiIGNsYXNzPSIiPlN1YmplY3Q6PC9i
PjxzcGFuIGNsYXNzPSJBcHBsZS1jb252ZXJ0ZWQtc3BhY2UiPiZuYnNwOzwvc3Bhbj5SZTogW1N1
aXRdIEZvbGxvdy11cCByZTogbXkgY29tbWVudCBvbiBjaGFydGVyIGFuZCBzb2Z0d2FyZSBzb3Vy
Y2VzIGFuZCBwZXJtaXNzaW9uczwvZm9udD4NCjxkaXYgY2xhc3M9IiI+Jm5ic3A7PC9kaXY+DQo8
L2Rpdj4NCjxkaXYgY2xhc3M9IkJvZHlGcmFnbWVudCI+PGZvbnQgc2l6ZT0iMiIgY2xhc3M9IiI+
PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTogMTBwdDsiIGNsYXNzPSIiPg0KPGRpdiBjbGFzcz0iUGxh
aW5UZXh0Ij5IaSBKYXJpLDxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCkkgYmVsaWV2ZSBJ
IHVuZGVyc3RhbmQgd2hlcmUgeW91IGFyZSBoZWFkaW5nIHdpdGggeW91ciByZW1hcmtzLjxiciBj
bGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NClRoZSBxdWVzdGlvbiB0byBtZSBpcyB3aGV0aGVyIHRo
aXMgaXMgc29tZXRoaW5nIHRoYXQgaGFzIHRvIGdvIGludG8gdGhlIGNoYXJ0ZXIgdGV4dCBvciBp
bnRvIGEgZG9jdW1lbnQgb2YgdGhlIGdyb3VwLjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4N
CkNpYW88YnIgY2xhc3M9IiI+DQpIYW5uZXM8YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQo8
YnIgY2xhc3M9IiI+DQotLS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLTxiciBjbGFzcz0iIj4NCkZy
b206IEphcmkgQXJra28gWzxhIGhyZWY9Im1haWx0bzpqYXJpLmFya2tvQHBpdWhhLm5ldCIgY2xh
c3M9IiI+bWFpbHRvOmphcmkuYXJra29AcGl1aGEubmV0PC9hPl08YnIgY2xhc3M9IiI+DQpTZW50
OiAxNCBOb3ZlbWJlciAyMDE3IDE0OjQzPGJyIGNsYXNzPSIiPg0KVG86IEhhbm5lcyBUc2Nob2Zl
bmlnOyBNYWRqaWQgTmFraGppcmk8YnIgY2xhc3M9IiI+DQpDYzo8c3BhbiBjbGFzcz0iQXBwbGUt
Y29udmVydGVkLXNwYWNlIj4mbmJzcDs8L3NwYW4+PGEgaHJlZj0ibWFpbHRvOnN1aXRAaWV0Zi5v
cmciIGNsYXNzPSIiPnN1aXRAaWV0Zi5vcmc8L2E+PGJyIGNsYXNzPSIiPg0KU3ViamVjdDogUmU6
IFtTdWl0XSBGb2xsb3ctdXAgcmU6IG15IGNvbW1lbnQgb24gY2hhcnRlciBhbmQgc29mdHdhcmUg
c291cmNlcyBhbmQgcGVybWlzc2lvbnM8YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQpIYW5u
ZXMg4oCUIHRoZSBtYW51ZmFjdHVyZXIgZXhhbXBsZSB3YXMganVzdCB0aGF0LCBhbiBleGFtcGxl
LiBJIGRlZmluaXRlbHkgYWdyZWUgdGhhdCB3ZSBzaG91bGRu4oCZdCB3cml0ZSBhbnl0aGluZyBh
Ym91dCBtYW51ZmFjdHVyZXJzIG9yIG93bmVycyEgV2hhdCBJ4oCZZCBsaWtlIHRvIGhhdmUsIGhv
d2V2ZXIsIGlzIGEgcmVjb2duaXRpb24gdGhhdCB0aGVyZeKAmXMgYSBuZWVkIHRvIHN1cHBvcnQg
YSBiaXQgbW9yZSBleHByZXNzaXZlIHBvd2VyIGluIG91cg0KIG1lY2hhbmlzbXMgdG8gc3VwcG9y
dCBzb21lIG9mIHRoZSBjYXNlcyB0aGF0IGNhbiBjb21lIHVwLiBJIHNlbnQgc29tZSBzdWdnZXN0
ZWQgdGV4dCBlYXJsaWVyIGluIHRoaXMgdGhyZWFkLCBidXQgb3RoZXIgdGV4dCB3b3VsZCB3b3Jr
IGFzIHdlbGwuPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KTWFkamlkIOKAlCBJIHdhcyB0
aGlua2luZyBvZiB0aGUga2luZHMgb2YgcGVybWlzc2lvbiBtb2RlbHMgdGhhdCBlLmcuLCB0aGUg
YXJjaGl0ZWN0dXJlIGRyYWZ0IChkcmFmdC1tb3Jhbi1zdWl0LWFyY2hpdGVjdHVyZSkgdGFsa3Mg
YWJvdXQgaW4gU2VjdGlvbiAzLjcuIFRoYXQgZXhhbXBsZSBpcyBmcm9tIGEgc2xpZ2h0bHkgZGlm
ZmVyZW50IHVzZSBjYXNlIHRoYW4gSSBoYWQgaW4gbWluZCwgYnV0IGl0IGlzIGFub3RoZXIgZXhh
bXBsZS48YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQpKYXJpPGJyIGNsYXNzPSIiPg0KPGJy
IGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KSU1QT1JUQU5UIE5PVElD
RTogVGhlIGNvbnRlbnRzIG9mIHRoaXMgZW1haWwgYW5kIGFueSBhdHRhY2htZW50cyBhcmUgY29u
ZmlkZW50aWFsIGFuZCBtYXkgYWxzbyBiZSBwcml2aWxlZ2VkLiBJZiB5b3UgYXJlIG5vdCB0aGUg
aW50ZW5kZWQgcmVjaXBpZW50LCBwbGVhc2Ugbm90aWZ5IHRoZSBzZW5kZXIgaW1tZWRpYXRlbHkg
YW5kIGRvIG5vdCBkaXNjbG9zZSB0aGUgY29udGVudHMgdG8gYW55IG90aGVyIHBlcnNvbiwgdXNl
IGl0IGZvciBhbnkgcHVycG9zZSwNCiBvciBzdG9yZSBvciBjb3B5IHRoZSBpbmZvcm1hdGlvbiBp
biBhbnkgbWVkaXVtLiBUaGFuayB5b3UuPGJyIGNsYXNzPSIiPg0KX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fX19fX19fX19fX19fX188YnIgY2xhc3M9IiI+DQpTdWl0IG1haWxpbmcg
bGlzdDxiciBjbGFzcz0iIj4NCjxhIGhyZWY9Im1haWx0bzpTdWl0QGlldGYub3JnIiBjbGFzcz0i
Ij5TdWl0QGlldGYub3JnPC9hPjxiciBjbGFzcz0iIj4NCjxhIGhyZWY9Imh0dHBzOi8vbmEwMS5z
YWZlbGlua3MucHJvdGVjdGlvbi5vdXRsb29rLmNvbS8/dXJsPWh0dHBzJTNBJTJGJTJGd3d3Lmll
dGYub3JnJTJGbWFpbG1hbiUyRmxpc3RpbmZvJTJGc3VpdCZhbXA7ZGF0YT0wMiU3QzAxJTdDZGF2
aWQud2FsdGVybWlyZSU0MG5pc3QuZ292JTdDOTY5MmYxOGFjYTc2NDcxMWM2MzEwOGQ1MmIyYmE1
ZjclN0MyYWI1ZDgyZmQ4ZmE0Nzk3YTkzZTA1NDY1NWM2MWRlYyU3QzElN0MwJTdDNjM2NDYyMzg4
ODIxNDUwNDg5JmFtcDtzZGF0YT15MGY0NHdkS0RmYUN4dHNwbFoxaXdqVFVMdW9pSEZ3JTJGN0Yz
ODFtalRaSUUlM0QmYW1wO3Jlc2VydmVkPTAiIGNsYXNzPSIiPmh0dHBzOi8vbmEwMS5zYWZlbGlu
a3MucHJvdGVjdGlvbi5vdXRsb29rLmNvbS8/dXJsPWh0dHBzJTNBJTJGJTJGd3d3LmlldGYub3Jn
JTJGbWFpbG1hbiUyRmxpc3RpbmZvJTJGc3VpdCZhbXA7ZGF0YT0wMiU3QzAxJTdDZGF2aWQud2Fs
dGVybWlyZSU0MG5pc3QuZ292JTdDOTY5MmYxOGFjYTc2NDcxMWM2MzEwOGQ1MmIyYmE1ZjclN0My
YWI1ZDgyZmQ4ZmE0Nzk3YTkzZTA1NDY1NWM2MWRlYyU3QzElN0MwJTdDNjM2NDYyMzg4ODIxNDUw
NDg5JmFtcDtzZGF0YT15MGY0NHdkS0RmYUN4dHNwbFoxaXdqVFVMdW9pSEZ3JTJGN0YzODFtalRa
SUUlM0QmYW1wO3Jlc2VydmVkPTA8L2E+PGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8L3NwYW4+PC9m
b250PjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTogSGVs
dmV0aWNhOyBmb250LXNpemU6IDEycHg7IGZvbnQtc3R5bGU6IG5vcm1hbDsgZm9udC12YXJpYW50
LWNhcHM6IG5vcm1hbDsgZm9udC13ZWlnaHQ6IG5vcm1hbDsgbGV0dGVyLXNwYWNpbmc6IG5vcm1h
bDsgdGV4dC1hbGlnbjogc3RhcnQ7IHRleHQtaW5kZW50OiAwcHg7IHRleHQtdHJhbnNmb3JtOiBu
b25lOyB3aGl0ZS1zcGFjZTogbm9ybWFsOyB3b3JkLXNwYWNpbmc6IDBweDsgLXdlYmtpdC10ZXh0
LXN0cm9rZS13aWR0aDogMHB4OyBmbG9hdDogbm9uZTsgZGlzcGxheTogaW5saW5lICFpbXBvcnRh
bnQ7IiBjbGFzcz0iIj5fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fXzwvc3Bhbj48YnIgc3R5bGU9ImZvbnQtZmFtaWx5OiBIZWx2ZXRpY2E7IGZvbnQtc2l6ZTog
MTJweDsgZm9udC1zdHlsZTogbm9ybWFsOyBmb250LXZhcmlhbnQtY2Fwczogbm9ybWFsOyBmb250
LXdlaWdodDogbm9ybWFsOyBsZXR0ZXItc3BhY2luZzogbm9ybWFsOyB0ZXh0LWFsaWduOiBzdGFy
dDsgdGV4dC1pbmRlbnQ6IDBweDsgdGV4dC10cmFuc2Zvcm06IG5vbmU7IHdoaXRlLXNwYWNlOiBu
b3JtYWw7IHdvcmQtc3BhY2luZzogMHB4OyAtd2Via2l0LXRleHQtc3Ryb2tlLXdpZHRoOiAwcHg7
IiBjbGFzcz0iIj4NCjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTogSGVsdmV0aWNhOyBmb250LXNp
emU6IDEycHg7IGZvbnQtc3R5bGU6IG5vcm1hbDsgZm9udC12YXJpYW50LWNhcHM6IG5vcm1hbDsg
Zm9udC13ZWlnaHQ6IG5vcm1hbDsgbGV0dGVyLXNwYWNpbmc6IG5vcm1hbDsgdGV4dC1hbGlnbjog
c3RhcnQ7IHRleHQtaW5kZW50OiAwcHg7IHRleHQtdHJhbnNmb3JtOiBub25lOyB3aGl0ZS1zcGFj
ZTogbm9ybWFsOyB3b3JkLXNwYWNpbmc6IDBweDsgLXdlYmtpdC10ZXh0LXN0cm9rZS13aWR0aDog
MHB4OyBmbG9hdDogbm9uZTsgZGlzcGxheTogaW5saW5lICFpbXBvcnRhbnQ7IiBjbGFzcz0iIj5T
dWl0DQogbWFpbGluZyBsaXN0PC9zcGFuPjxiciBzdHlsZT0iZm9udC1mYW1pbHk6IEhlbHZldGlj
YTsgZm9udC1zaXplOiAxMnB4OyBmb250LXN0eWxlOiBub3JtYWw7IGZvbnQtdmFyaWFudC1jYXBz
OiBub3JtYWw7IGZvbnQtd2VpZ2h0OiBub3JtYWw7IGxldHRlci1zcGFjaW5nOiBub3JtYWw7IHRl
eHQtYWxpZ246IHN0YXJ0OyB0ZXh0LWluZGVudDogMHB4OyB0ZXh0LXRyYW5zZm9ybTogbm9uZTsg
d2hpdGUtc3BhY2U6IG5vcm1hbDsgd29yZC1zcGFjaW5nOiAwcHg7IC13ZWJraXQtdGV4dC1zdHJv
a2Utd2lkdGg6IDBweDsiIGNsYXNzPSIiPg0KPGEgaHJlZj0ibWFpbHRvOlN1aXRAaWV0Zi5vcmci
IHN0eWxlPSJmb250LWZhbWlseTogSGVsdmV0aWNhOyBmb250LXNpemU6IDEycHg7IGZvbnQtc3R5
bGU6IG5vcm1hbDsgZm9udC12YXJpYW50LWNhcHM6IG5vcm1hbDsgZm9udC13ZWlnaHQ6IG5vcm1h
bDsgbGV0dGVyLXNwYWNpbmc6IG5vcm1hbDsgb3JwaGFuczogYXV0bzsgdGV4dC1hbGlnbjogc3Rh
cnQ7IHRleHQtaW5kZW50OiAwcHg7IHRleHQtdHJhbnNmb3JtOiBub25lOyB3aGl0ZS1zcGFjZTog
bm9ybWFsOyB3aWRvd3M6IGF1dG87IHdvcmQtc3BhY2luZzogMHB4OyAtd2Via2l0LXRleHQtc2l6
ZS1hZGp1c3Q6IGF1dG87IC13ZWJraXQtdGV4dC1zdHJva2Utd2lkdGg6IDBweDsiIGNsYXNzPSIi
PlN1aXRAaWV0Zi5vcmc8L2E+PGJyIHN0eWxlPSJmb250LWZhbWlseTogSGVsdmV0aWNhOyBmb250
LXNpemU6IDEycHg7IGZvbnQtc3R5bGU6IG5vcm1hbDsgZm9udC12YXJpYW50LWNhcHM6IG5vcm1h
bDsgZm9udC13ZWlnaHQ6IG5vcm1hbDsgbGV0dGVyLXNwYWNpbmc6IG5vcm1hbDsgdGV4dC1hbGln
bjogc3RhcnQ7IHRleHQtaW5kZW50OiAwcHg7IHRleHQtdHJhbnNmb3JtOiBub25lOyB3aGl0ZS1z
cGFjZTogbm9ybWFsOyB3b3JkLXNwYWNpbmc6IDBweDsgLXdlYmtpdC10ZXh0LXN0cm9rZS13aWR0
aDogMHB4OyIgY2xhc3M9IiI+DQo8YSBocmVmPSJodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFu
L2xpc3RpbmZvL3N1aXQiIHN0eWxlPSJmb250LWZhbWlseTogSGVsdmV0aWNhOyBmb250LXNpemU6
IDEycHg7IGZvbnQtc3R5bGU6IG5vcm1hbDsgZm9udC12YXJpYW50LWNhcHM6IG5vcm1hbDsgZm9u
dC13ZWlnaHQ6IG5vcm1hbDsgbGV0dGVyLXNwYWNpbmc6IG5vcm1hbDsgb3JwaGFuczogYXV0bzsg
dGV4dC1hbGlnbjogc3RhcnQ7IHRleHQtaW5kZW50OiAwcHg7IHRleHQtdHJhbnNmb3JtOiBub25l
OyB3aGl0ZS1zcGFjZTogbm9ybWFsOyB3aWRvd3M6IGF1dG87IHdvcmQtc3BhY2luZzogMHB4OyAt
d2Via2l0LXRleHQtc2l6ZS1hZGp1c3Q6IGF1dG87IC13ZWJraXQtdGV4dC1zdHJva2Utd2lkdGg6
IDBweDsiIGNsYXNzPSIiPmh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8vc3Vp
dDwvYT48YnIgc3R5bGU9ImZvbnQtZmFtaWx5OiBIZWx2ZXRpY2E7IGZvbnQtc2l6ZTogMTJweDsg
Zm9udC1zdHlsZTogbm9ybWFsOyBmb250LXZhcmlhbnQtY2Fwczogbm9ybWFsOyBmb250LXdlaWdo
dDogbm9ybWFsOyBsZXR0ZXItc3BhY2luZzogbm9ybWFsOyB0ZXh0LWFsaWduOiBzdGFydDsgdGV4
dC1pbmRlbnQ6IDBweDsgdGV4dC10cmFuc2Zvcm06IG5vbmU7IHdoaXRlLXNwYWNlOiBub3JtYWw7
IHdvcmQtc3BhY2luZzogMHB4OyAtd2Via2l0LXRleHQtc3Ryb2tlLXdpZHRoOiAwcHg7IiBjbGFz
cz0iIj4NCjwvZGl2Pg0KPC9ibG9ja3F1b3RlPg0KPC9kaXY+DQo8YnIgY2xhc3M9IiI+DQo8L2Rp
dj4NCklNUE9SVEFOVCBOT1RJQ0U6IFRoZSBjb250ZW50cyBvZiB0aGlzIGVtYWlsIGFuZCBhbnkg
YXR0YWNobWVudHMgYXJlIGNvbmZpZGVudGlhbCBhbmQgbWF5IGFsc28gYmUgcHJpdmlsZWdlZC4g
SWYgeW91IGFyZSBub3QgdGhlIGludGVuZGVkIHJlY2lwaWVudCwgcGxlYXNlIG5vdGlmeSB0aGUg
c2VuZGVyIGltbWVkaWF0ZWx5IGFuZCBkbyBub3QgZGlzY2xvc2UgdGhlIGNvbnRlbnRzIHRvIGFu
eSBvdGhlciBwZXJzb24sIHVzZSBpdCBmb3IgYW55IHB1cnBvc2UsDQogb3Igc3RvcmUgb3IgY29w
eSB0aGUgaW5mb3JtYXRpb24gaW4gYW55IG1lZGl1bS4gVGhhbmsgeW91Lg0KPC9ib2R5Pg0KPC9o
dG1sPg0K

--_000_8CBFE539BC1A438A9F9C3F39B2648571armcom_--


From nobody Tue Nov 14 02:16:50 2017
Return-Path: <jari.arkko@piuha.net>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 053EB127B5A for <suit@ietfa.amsl.com>; Tue, 14 Nov 2017 02:16:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 90ckTYunW3VY for <suit@ietfa.amsl.com>; Tue, 14 Nov 2017 02:16:47 -0800 (PST)
Received: from p130.piuha.net (p130.piuha.net [193.234.218.130]) by ietfa.amsl.com (Postfix) with ESMTP id A2AB8126B6E for <suit@ietf.org>; Tue, 14 Nov 2017 02:16:46 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by p130.piuha.net (Postfix) with ESMTP id 2490E2CFBA; Tue, 14 Nov 2017 12:16:45 +0200 (EET) (envelope-from jari.arkko@piuha.net)
X-Virus-Scanned: amavisd-new at piuha.net
Received: from p130.piuha.net ([127.0.0.1]) by localhost (p130.piuha.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wTCKTuv4yhPG; Tue, 14 Nov 2017 12:16:44 +0200 (EET)
Received: from [127.0.0.1] (p130.piuha.net [IPv6:2001:14b8:1829::130]) by p130.piuha.net (Postfix) with ESMTPS id 2283E2CD11; Tue, 14 Nov 2017 12:16:43 +0200 (EET) (envelope-from jari.arkko@piuha.net)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Jari Arkko <jari.arkko@piuha.net>
In-Reply-To: <8CBFE539-BC1A-438A-9F9C-3F39B2648571@arm.com>
Date: Tue, 14 Nov 2017 18:16:42 +0800
Cc: "suit@ietf.org" <suit@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <600738C0-9EA4-49CA-82A6-7301F5B52FBF@piuha.net>
References: <D8B09F1B-81EB-4780-9039-5194C6FA4621@piuha.net> <AM4PR0801MB27061B55D93718F0B9D9DAE7FA280@AM4PR0801MB2706.eurprd08.prod.outlook.com> <937DA8F2-2F12-43F9-AAC8-D5496D0221FF@piuha.net> <AM4PR0801MB2706AE33AF4179F28C565C10FA280@AM4PR0801MB2706.eurprd08.prod.outlook.com> <CY4PR09MB14956551250680822D0F8773F0280@CY4PR09MB1495.namprd09.prod.outlook.com> <8CBFE539-BC1A-438A-9F9C-3F39B2648571@arm.com>
To: Brendan Moran <Brendan.Moran@arm.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/AAF-dkhdDr84eVxFEs-hTH_yhsg>
Subject: Re: [Suit] Follow-up re: my comment on charter and software sources and permissions
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Nov 2017 10:16:49 -0000

> While I am happy with Jari=E2=80=99s text in principle, I=E2=80=99d =
like to know what he intended by =E2=80=9Csoftware sources=E2=80=9D =
prior to inclusion in the charter text.

I meant the abstract notion of being able to process images that came =
possibly from different entities (e.g., a device is capable of accepting =
a firmware signed by either your IT department or the vendor). I did =
*not* mean software sources in any server, TFTP-server IP address or =
similar sense :-)

Jari


From nobody Tue Nov 14 03:11:59 2017
Return-Path: <Brendan.Moran@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8164612751F for <suit@ietfa.amsl.com>; Tue, 14 Nov 2017 03:11:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.701
X-Spam-Level: 
X-Spam-Status: No, score=-4.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1wOQvaHxuX5j for <suit@ietfa.amsl.com>; Tue, 14 Nov 2017 03:11:56 -0800 (PST)
Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-eopbgr40069.outbound.protection.outlook.com [40.107.4.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 626F4126C3D for <suit@ietf.org>; Tue, 14 Nov 2017 03:11:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=ZTYBL4sDtNB6Z9IQQ35X5wCHodOjSV+B0UpZn2CF3Fs=; b=intynhYiiejYFcNsiY1/BW7j8RFFOBi+h7gfO7pVbvmJhzzLDdJJGbso1G2eizrb5MZLk4EC4oQG2B5lp89KjNUv6DV5PatPkeMcSStp7pfbKO0KAihTRlL/KTUyKGixQ07kDbM++QY7df4V6myrdpGoF4C5mH+PCdiM4jgKwLQ=
Received: from DB5PR08MB0615.eurprd08.prod.outlook.com (10.169.32.149) by DB5PR08MB0615.eurprd08.prod.outlook.com (10.169.32.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.218.12; Tue, 14 Nov 2017 11:11:53 +0000
Received: from DB5PR08MB0615.eurprd08.prod.outlook.com ([fe80::b123:af71:1ed2:1057]) by DB5PR08MB0615.eurprd08.prod.outlook.com ([fe80::b123:af71:1ed2:1057%14]) with mapi id 15.20.0218.015; Tue, 14 Nov 2017 11:11:53 +0000
From: Brendan Moran <Brendan.Moran@arm.com>
To: Jari Arkko <jari.arkko@piuha.net>
CC: "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] Follow-up re: my comment on charter and software sources and permissions
Thread-Index: AQHTXF9DDw5k04gFSUCrBKpMFL8awqMTaroAgAAEEICAAAFzAIAAAxHogAAt4YCAAAlnAIAAD2uA
Date: Tue, 14 Nov 2017 11:11:53 +0000
Message-ID: <5C4D0511-FF52-44E9-AC6B-09A7F3280C46@arm.com>
References: <D8B09F1B-81EB-4780-9039-5194C6FA4621@piuha.net> <AM4PR0801MB27061B55D93718F0B9D9DAE7FA280@AM4PR0801MB2706.eurprd08.prod.outlook.com> <937DA8F2-2F12-43F9-AAC8-D5496D0221FF@piuha.net> <AM4PR0801MB2706AE33AF4179F28C565C10FA280@AM4PR0801MB2706.eurprd08.prod.outlook.com> <CY4PR09MB14956551250680822D0F8773F0280@CY4PR09MB1495.namprd09.prod.outlook.com> <8CBFE539-BC1A-438A-9F9C-3F39B2648571@arm.com> <600738C0-9EA4-49CA-82A6-7301F5B52FBF@piuha.net>
In-Reply-To: <600738C0-9EA4-49CA-82A6-7301F5B52FBF@piuha.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-mailer: Apple Mail (2.3273)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Brendan.Moran@arm.com; 
x-originating-ip: [217.140.96.140]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DB5PR08MB0615; 6:bRow93Ejx2GWLyYSMuct3BKgrqDtMcr2h8wB+ehv04VQM4sTWAdCACJSRAH4YOblITgl2cxLpInnAhm32tsq9aOlgLWl7HfSaua0cFBf5iX4/OYPLA1hcbxsaWUAQZGk7npzyfL6LkWlZAPLv7N8koipWCALfA3XYyD51EWjBygi6ReEbyQWXk8/5d7sMUznekl/WnBuOwexxK1ROJIMqt0Bt7vFbHs7us5bAZU8ad4KIStQuk/ZLZQLu5JbHwWvKkXhWUInjIkA5r0gywf5rc3wzXpUVHgpgEd/DeajtK0H2N6nhe7bW1gTrNNb8He4E1YiOXAn84eZ1VswZU+zyY3INi+j6ryC5//snWOpTjY=; 5:FPJrIebL7GgPU/0qAt5xKExPmBOfedrN7FyazH6QItmgLRYP/rbk8Qb5n+r9SpvGO5+GjCmzPnUrZ6XkwU9JhkDADSz8kfbvSpXAvbDcZEG7gO6KzTfvlIMQQJ00sfa5O2q0v/gWgr54SQsRr+MbtV0XKuZuETUd9tl6HqJgzFU=; 24:8yAS2yEGe5uzjeCtOBt/RPwzA7p0TNZ4uJPpyWbivM7Yf2xxne/2qIG9ez3oZuXteqvgvLRdmhuiq59+Q+A6KObz9JOFKKTZZtjYt3aHuko=; 7:FOLBYCx24kUQGUBMiXiyc/FsRrP49Jcpfm890agIZ3mZG0edAzq0IwB7We/fB6ICOB2C9yESbzT/Et7y0hdPYQdbmF/dFcKXqJIOVVYUXHS7Fy/7nqOzFQuVtvcpzV39pWwoEoahXVJsOHnwJTRGbPxA0a/O0sw5ffNnDHXI8auwAlpZWfvKUEBklB4iCNNHAaaulBJTN107XExyjMc69iFbTB4HHSOyuBQMAnNH24xeCko5UmOP6oGgoP7m75A2
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: afa17954-0429-4984-424d-08d52b50831a
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603199); SRVR:DB5PR08MB0615; 
x-ms-traffictypediagnostic: DB5PR08MB0615:
x-microsoft-antispam-prvs: <DB5PR08MB0615901F6D257A77D6431B5CEA280@DB5PR08MB0615.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(100000703101)(100105400095)(3002001)(93006095)(93001095)(10201501046)(3231022)(6055026)(6041248)(20161123564025)(20161123555025)(20161123558100)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123562025)(20161123560025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:DB5PR08MB0615; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:DB5PR08MB0615; 
x-forefront-prvs: 04916EA04C
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(39860400002)(346002)(376002)(40434004)(189002)(24454002)(199003)(82746002)(99286004)(6916009)(2950100002)(6436002)(57306001)(6246003)(229853002)(6506006)(25786009)(6486002)(189998001)(5890100001)(105586002)(97736004)(305945005)(86362001)(93886005)(83716003)(316002)(66066001)(106356001)(5250100002)(7736002)(14454004)(5660300001)(53936002)(2906002)(6512007)(76176999)(53546010)(2900100001)(50986999)(478600001)(33656002)(101416001)(72206003)(3846002)(102836003)(36756003)(4326008)(6116002)(50226002)(81156014)(3660700001)(8936002)(68736007)(81166006)(3280700002)(8676002); DIR:OUT; SFP:1101; SCL:1; SRVR:DB5PR08MB0615; H:DB5PR08MB0615.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords;  MX:1; A:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <B9E5E217F84D78488432E3C5FF756D9D@eurprd08.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: afa17954-0429-4984-424d-08d52b50831a
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Nov 2017 11:11:53.9082 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB5PR08MB0615
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/mXVL57DzTdjGaQT1UVtUV0mbqWU>
Subject: Re: [Suit] Follow-up re: my comment on charter and software sources and permissions
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Nov 2017 11:11:58 -0000

PiBPbiAxNCBOb3YgMjAxNywgYXQgMTA6MTYsIEphcmkgQXJra28gPGphcmkuYXJra29AcGl1aGEu
bmV0PiB3cm90ZToNCj4NCj4NCj4+IFdoaWxlIEkgYW0gaGFwcHkgd2l0aCBKYXJp4oCZcyB0ZXh0
IGluIHByaW5jaXBsZSwgSeKAmWQgbGlrZSB0byBrbm93IHdoYXQgaGUgaW50ZW5kZWQgYnkg4oCc
c29mdHdhcmUgc291cmNlc+KAnSBwcmlvciB0byBpbmNsdXNpb24gaW4gdGhlIGNoYXJ0ZXIgdGV4
dC4NCj4NCj4gSSBtZWFudCB0aGUgYWJzdHJhY3Qgbm90aW9uIG9mIGJlaW5nIGFibGUgdG8gcHJv
Y2VzcyBpbWFnZXMgdGhhdCBjYW1lIHBvc3NpYmx5IGZyb20gZGlmZmVyZW50IGVudGl0aWVzIChl
LmcuLCBhIGRldmljZSBpcyBjYXBhYmxlIG9mIGFjY2VwdGluZyBhIGZpcm13YXJlIHNpZ25lZCBi
eSBlaXRoZXIgeW91ciBJVCBkZXBhcnRtZW50IG9yIHRoZSB2ZW5kb3IpLiBJIGRpZCAqbm90KiBt
ZWFuIHNvZnR3YXJlIHNvdXJjZXMgaW4gYW55IHNlcnZlciwgVEZUUC1zZXJ2ZXIgSVAgYWRkcmVz
cyBvciBzaW1pbGFyIHNlbnNlIDotKQ0KPg0KPiBKYXJpDQoNCkhpIEphcmksDQpUaGF0IGlzIHdo
YXQgSSBzdXNwZWN0ZWQuIFdvdWxkIGl0IGJlIGFscmlnaHQgdG8gY2hhbmdlIHRoZSBwaHJhc2lu
ZyB0byBlaXRoZXIgb2YgdGhlc2Ugc28gaXTigJlzIGEgYml0IG1vcmUgY2xlYXI/DQoNCj4gIlRo
ZSBmb3JtYXQgaXMgZXhwZWN0ZWQgdG8gYmUgZXhwcmVzc2l2ZSBlbm91Z2ggdG8gYWxsb3cgdGhl
IHVzZSBvZiBkaXZlcnNlIHVwZGF0ZSBhdXRob3JpdGllcyBhbmQgcGVybWlzc2lvbiBtb2RlbHMu
Ig0KT1INCj4gIlRoZSBmb3JtYXQgaXMgZXhwZWN0ZWQgdG8gYmUgZXhwcmVzc2l2ZSBlbm91Z2gg
dG8gYWxsb3cgdGhlIHVzZSBvZiBkaXZlcnNlIHVwZGF0ZSBhdXRob3JzIGFuZCBwZXJtaXNzaW9u
IG1vZGVscy4iDQoNCkJlc3QgUmVnYXJkcywNCkJyZW5kYW4NCklNUE9SVEFOVCBOT1RJQ0U6IFRo
ZSBjb250ZW50cyBvZiB0aGlzIGVtYWlsIGFuZCBhbnkgYXR0YWNobWVudHMgYXJlIGNvbmZpZGVu
dGlhbCBhbmQgbWF5IGFsc28gYmUgcHJpdmlsZWdlZC4gSWYgeW91IGFyZSBub3QgdGhlIGludGVu
ZGVkIHJlY2lwaWVudCwgcGxlYXNlIG5vdGlmeSB0aGUgc2VuZGVyIGltbWVkaWF0ZWx5IGFuZCBk
byBub3QgZGlzY2xvc2UgdGhlIGNvbnRlbnRzIHRvIGFueSBvdGhlciBwZXJzb24sIHVzZSBpdCBm
b3IgYW55IHB1cnBvc2UsIG9yIHN0b3JlIG9yIGNvcHkgdGhlIGluZm9ybWF0aW9uIGluIGFueSBt
ZWRpdW0uIFRoYW5rIHlvdS4NCg==


From nobody Tue Nov 14 11:00:36 2017
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C6D57127B5A for <suit@ietfa.amsl.com>; Tue, 14 Nov 2017 11:00:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level: 
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J29PjTq4WT_I for <suit@ietfa.amsl.com>; Tue, 14 Nov 2017 11:00:34 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 96F04127868 for <suit@ietf.org>; Tue, 14 Nov 2017 11:00:34 -0800 (PST)
Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id A87F920008; Tue, 14 Nov 2017 14:02:12 -0500 (EST)
Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id BA40A829D1; Tue, 14 Nov 2017 14:00:33 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Jari Arkko <jari.arkko@piuha.net>
cc: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, Madjid Nakhjiri <m.nakhjiri@samsung.com>, "suit\@ietf.org" <suit@ietf.org>
In-Reply-To: <937DA8F2-2F12-43F9-AAC8-D5496D0221FF@piuha.net>
References: <D8B09F1B-81EB-4780-9039-5194C6FA4621@piuha.net> <AM4PR0801MB27061B55D93718F0B9D9DAE7FA280@AM4PR0801MB2706.eurprd08.prod.outlook.com> <937DA8F2-2F12-43F9-AAC8-D5496D0221FF@piuha.net>
X-Mailer: MH-E 8.6; nmh 1.7-RC3; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature"
Date: Tue, 14 Nov 2017 14:00:33 -0500
Message-ID: <19423.1510686033@obiwan.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/5BlNAFJSKlddghUpo5sbEy6lx1Y>
Subject: Re: [Suit] Follow-up re: my comment on charter and software sources and permissions
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Nov 2017 19:00:36 -0000

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable


Jari Arkko <jari.arkko@piuha.net> wrote:
    > Hannes =E2=80=94 the manufacturer example was just that, an example. I
    > definitely agree that we shouldn=E2=80=99t write anything about manuf=
acturers
    > or owners! What I=E2=80=99d like to have, however, is a recognition t=
hat
    > there=E2=80=99s a need to support a bit more expressive power in our =
mechanisms
    > to support some of the cases that can come up. I sent some suggested
    > text earlier in this thread, but other text would work as well.

For instance, a manufacturer might provide ten different images that are
signed.  (Different versions and/or feature sets, or even because the same
valve controller is used in both sewage and building control...)

The operator of the building/sewage system might get to select among them.

Then iterate (recursive really) for the fact that the we might have a
compound device which contains many such valves in different configurations,
requiring different feature sets within the same manifest.

=2D-
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -=3D IPv6 IoT consulting =3D-




--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAloLPVEACgkQgItw+93Q
3WUBXAgAg2/vWSGi6JxCd/ifnwrvZrCLldXb79fWMgPZP2B9DWj+pYH3AAE4UaKG
8P0zjopd5s00qoMTbpdSWs8DNnwpOG6rJPyXwSM+hdU1Xo6H6dz7I28AKIAO+gx+
sLLSB6BNO67+0CiFNJ/wasSlmYefMLgInfZFqroTgFe8xbMIEFVViG+/PWEmhUqn
XFzu2OGDBU5/2Mv1xlnKl/iDXcebXsk393rbjMcUiCHcS89b+R7NnpMIGPO9V+8I
1SbuQdORdleD0/ZUlC0NLCwUXyGJLGOaqSxvZRNx5bGJ0hmAgMEuqScIgZFjDol2
dws3FpBkXCmNqTC6nGW7C9CdigEglA==
=6fg/
-----END PGP SIGNATURE-----
--=-=-=--


From nobody Tue Nov 14 13:37:41 2017
Return-Path: <m.nakhjiri@samsung.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 51B611289C3 for <suit@ietfa.amsl.com>; Tue, 14 Nov 2017 13:37:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.791
X-Spam-Level: 
X-Spam-Status: No, score=-6.791 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral (1024-bit key) reason="invalid (public key: does not support hash algorithm 'sha256')" header.d=samsung.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tTcl-3-7kEoS for <suit@ietfa.amsl.com>; Tue, 14 Nov 2017 13:37:37 -0800 (PST)
Received: from mailout1.w2.samsung.com (mailout1.w2.samsung.com [211.189.100.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ACA08127419 for <suit@ietf.org>; Tue, 14 Nov 2017 13:37:37 -0800 (PST)
Received: from uscas1p2.samsung.com (unknown [182.198.245.207]) by mailout1.w2.samsung.com (KnoxPortal) with ESMTP id 20171114213736usoutp01ae804d1898e0d83e8aa732de55cfb8f2~3EYNzzFSC3027730277usoutp01F; Tue, 14 Nov 2017 21:37:36 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 mailout1.w2.samsung.com 20171114213736usoutp01ae804d1898e0d83e8aa732de55cfb8f2~3EYNzzFSC3027730277usoutp01F
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=samsung.com; s=mail20170921; t=1510695456; bh=/1GbdRLnmDrCYgYb37a59lMU/W7W0VOPXsSotMLU0Pk=; h=From:To:Cc:Subject:Date:In-reply-to:References:From; b=POlTT4hyeCluCZKpoDPYezxkPa9VxbZ7Y3GWw9Dc5cXf3aprM0As48DBNWjpmaYeO mHXgwmGvopzr+MaAkdOXDUqUefEOQUf8jsNstj1uVf2T3jTIPkKYyCPLxsOTJYv6xn qqvGLVRNEwTZAcclQpziOfcMhBAHe6osFziWUiL4=
Received: from ussmges1.samsung.com (u109.gpu85.samsung.co.kr [203.254.195.109]) by uscas1p1.samsung.com (KnoxPortal) with ESMTP id 20171114213736uscas1p1ead898c267d68ab7c26e93d5c30e59cb~3EYNrJlmG0905709057uscas1p1S; Tue, 14 Nov 2017 21:37:36 +0000 (GMT)
Received: from uscas1p2.samsung.com ( [182.198.245.207]) by ussmges1.samsung.com (USCPEMTA) with SMTP id F9.99.32262.F126B0A5; Tue, 14 Nov 2017 16:37:36 -0500 (EST)
Received: from ussmgxs3.samsung.com (u124.gpu85.samsung.co.kr [203.254.195.124]) by uscas1p1.samsung.com (KnoxPortal) with ESMTP id 20171114213735uscas1p176e3931073ee6bc8131b84eead4ef287~3EYNaOnPf2590925909uscas1p1X; Tue, 14 Nov 2017 21:37:35 +0000 (GMT)
X-AuditID: cbfec36d-f79696d000007e06-82-5a0b621fbd07
Received: from usmmp1.samsung.com ( [203.254.195.77]) by ussmgxs3.samsung.com (USCPEXMTA) with SMTP id 50.86.02102.F126B0A5; Tue, 14 Nov 2017 16:37:35 -0500 (EST)
Received: from SSI-EX4.ssi.samsung.com ([105.128.2.145]) by usmmp1.samsung.com (Oracle Communications Messaging Server 7.0.5.31.0 64bit (built May  5 2014)) with ESMTP id <0OZF006MDG2NZX70@usmmp1.samsung.com>; Tue, 14 Nov 2017 16:37:35 -0500 (EST)
Received: from SSI-EX3.ssi.samsung.com (105.128.2.228) by SSI-EX4.ssi.samsung.com (105.128.2.229) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.1.669.32; Tue, 14 Nov 2017 13:37:34 -0800
Received: from SSI-EX3.ssi.samsung.com ([fe80::8d80:5816:c578:8c36]) by SSI-EX3.ssi.samsung.com ([fe80::8d80:5816:c578:8c36%3]) with mapi id 15.01.0669.032; Tue, 14 Nov 2017 13:37:34 -0800
From: Madjid Nakhjiri <m.nakhjiri@samsung.com>
To: Jari Arkko <jari.arkko@piuha.net>, Hannes Tschofenig <Hannes.Tschofenig@arm.com>, Madjid Nakhjiri <m.nakhjiri@samsung.com>
Cc: "suit@ietf.org" <suit@ietf.org>
Thread-topic: [Suit] Follow-up re: my comment on charter and software sources and permissions
Thread-index: AQHTXF9D/THQVkwS+0uMpR6zxknDX6MT8NYAgAAEEYCAAHPpgA==
Date: Tue, 14 Nov 2017 21:37:34 +0000
Message-id: <D6309F82.1134F%m.nakhjiri@ssi.samsung.com>
In-reply-to: <937DA8F2-2F12-43F9-AAC8-D5496D0221FF@piuha.net>
Accept-Language: en-US
Content-language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-ms-exchange-messagesentrepresentingtype: 1
X-Originating-IP: [105.128.2.176]
Content-type: text/plain; charset="Windows-1252"
Content-id: <23B1C298C2C5D64BBDE9C188680BB2C9@ssi.samsung.com>
Content-transfer-encoding: quoted-printable
MIME-version: 1.0
X-CFilter-Loop: Reflected
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprBKsWRmVeSWpSXmKPExsWy7djX87oKSdxRBvueMFrcnHGKyWLGvhVs FjOP3mZ0YPZYM28No8eSJT+ZPLYumc4WwBzFZZOSmpNZllqkb5fAlfHnbVxBM1/Fll27GRsY l3J3MXJySAiYSKyYvZQNwhaTuHBvPZDNxSEksIxR4tucacwQTguTxITPG9m7GDnAOi7s4QFp ACv6dMYCwv7LKNHWbwBR/5FRYtGrY1CTDjBKHNwygQmkik1AT2L/vBlgU0UEGhglXjz6xgiS YBZQlnj3tRnMFhaIk5jZNYEZxBYRiJe4dfM/K4TtJDFrzgQwm0VAVWLdkzdgNbwC5hIXDs4H i3MK2Eo0bewC+4cR6J/vp9YwQcwXl2huvckC8aegxKLZe5hhfv636yHU/zoSZ68/YYSwFSWe t5yEus1A4vWvJewQtp3ErB99UDO1JZ68u8AKcYOgxI/J96DmS0ocXHGDBeRJCYHp7BKLZ56F SrhIdJ7dD7VMWOLV8S3sExg1ZyG5bxaSfbOQ7JuFZN8sJPsWMLKuYhQpLS7OTU8tNtQrTswt Ls1L10vOz93ECEwvp/8dzt3BOHt3wCFGAQ5GJR5eAUXuKCHWxLLiytxDjBIczEoivDtncUUJ 8aYkVlalFuXHF5XmpBYfYpTmYFES51WYuTpSSCA9sSQ1OzW1ILUIJsvEwSnVwMjzJ9fuy67U Ktd8h7ybdUuduBoD81fc5dTcpbNKf0/+HPmm6VUBrlGtutYGF4Pn1uybd7G5aNZhG9atqX83 xhY8lZ4kXfD9cfpmVvO71tMetJzLrPzr21So2lMl/zWDZcMCvf29b2Ulo7t8Jzy42VY26f45 vkXnf9yeEpwrWp1qnXuVsUMySomlOCPRUIu5qDgRADJ5RfUrAwAA
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrDIsWRmVeSWpSXmKPExsVy+t9hX135JO4og9WtehY3Z5xispixbwWb xcyjtxkdmD3WzFvD6LFkyU8mj61LprMFMEdx2aSk5mSWpRbp2yVwZfx5G1fQzFexZdduxgbG pdxdjBwcEgImEhf28HQxcgKZYhIX7q1n62Lk4hASWMIo8epuBzOE85dR4vrn/1CZj4wSx468 Y4RwDjBKHD3fwgLSzyagJ7F/3gywFhGBJqDE9k9gCWYBZYl3X5sZQWxhgTiJmV0TmEFsEYF4 iadfl7ND2E4Ss+ZMYAWxWQRUJdY9eQNWwytgLnHh4HxWiG2zmCRu32wCa+AUsJVo2tjFBmIz Al3+/dQaJohl4hLNrTdZID4SkFiy5zwzhC0q8fLxP1YIW0fi7PUnjBC2osTzlpOMEL16Eh// 3Iay7SRm/eiDmqkt8eTdBVaIgwQlfky+BzVfUuLgihssExilZyFZPQvJqFlIRs1CMmoWklEL GFlXMYqUFhfnplcUG+sVJ+YWl+al6yXn525ihMR5zQ7Ge19tDjEKcDAq8fAKKHJHCbEmlhVX 5h5ilOBgVhLh3TmLK0qINyWxsiq1KD++qDQntfgQozQHi5I478Y9qyOFBNITS1KzU1MLUotg skwcnFINjG469yvvVJyd8P2EcbPVJEPxaUUfxOJcNnq1bTZQ73DSEJBSvmz6kY3LQa+kgTvl 0wono5VStwWZcx89U90v8nXCxlMPy27+rH+wc/F0Z48bH079sDo1Y0Fa8MUv29yaXtVybtt+ zZQtuqfx/C2j9frFwU1/OGXc7jDNFD60/qHKuuNl5c9N6pVYijMSDbWYi4oTAbzti7bvAgAA
X-CMS-MailID: 20171114213735uscas1p176e3931073ee6bc8131b84eead4ef287
X-Msg-Generator: CA
CMS-TYPE: 301P
X-CMS-RootMailID: 20171114064251epcas1p27f42235eff707242b6ad5c0d0a6903f0
X-RootMTR: 20171114064251epcas1p27f42235eff707242b6ad5c0d0a6903f0
References: <D8B09F1B-81EB-4780-9039-5194C6FA4621@piuha.net> <AM4PR0801MB27061B55D93718F0B9D9DAE7FA280@AM4PR0801MB2706.eurprd08.prod.outlook.com> <CGME20171114064251epcas1p27f42235eff707242b6ad5c0d0a6903f0@epcas1p2.samsung.com> <937DA8F2-2F12-43F9-AAC8-D5496D0221FF@piuha.net>
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/FaRF2cDzqwWrab1PXS_2IxEcg18>
Subject: Re: [Suit] Follow-up re: my comment on charter and software sources and permissions
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Nov 2017 21:37:40 -0000

Hi Jari,=20

Ok. Thanks for pointing me to the permissions in the architecture draft.
Some the permissions are fuzzy to me, e.g. Approve or qualify. Are we
expecting that level of complexity? Approve but not apply? I could think
of say store but not apply (install) yet, which could be solved with some
timing information in the metadata.

These permissions are making the job of a update manager module (sorry for
the invented term) much more complex. I personally would think of a
permission system as policies that allows device HW/SW to perform or
reject some actions requested by a requestor. Examples: install, execute,
etc. Implementing multiple signatures (e.g. from both code author and
device operator) would be straight forward, as a signature would
implicitly mean approval.

What use case did you have in  mind?

Hannes, I guess more description on the permissions would clarify this
better.



Regards,
Madjid Nakhjiri,=20
Sr. Director, ARTIK Security Architect




On 11/13/17, 10:42 PM, "Jari Arkko" <jari.arkko@piuha.net> wrote:

>Hannes =8B the manufacturer example was just that, an example. I definitel=
y
>agree that we shouldn=B9t write anything about manufacturers or owners!
>What I=B9d like to have, however, is a recognition that there=B9s a need t=
o
>support a bit more expressive power in our mechanisms to support some of
>the cases that can come up. I sent some suggested text earlier in this
>thread, but other text would work as well.
>
>Madjid =8B I was thinking of the kinds of permission models that e.g., the
>architecture draft (draft-moran-suit-architecture) talks about in Section
>3.7. That example is from a slightly different use case than I had in
>mind, but it is another example.
>
>Jari
>
>
>
>


From nobody Tue Nov 14 15:27:57 2017
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D0C8126CB6 for <suit@ietfa.amsl.com>; Tue, 14 Nov 2017 15:27:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Level: 
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UqXyW3PZQYMt for <suit@ietfa.amsl.com>; Tue, 14 Nov 2017 15:27:54 -0800 (PST)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-db5eur01on0086.outbound.protection.outlook.com [104.47.2.86]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 85765120721 for <suit@ietf.org>; Tue, 14 Nov 2017 15:27:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=GLauMk2zIVNIVom/apJs5pcGInu0aNk3GgRB+5IlDCk=; b=LYqdg4tM4T0nFxzkQVCuR9xDmOJ7sPTR4Lgf1Tdf/MGwKoq3/+e59KF/KZbAQsT3yLCWEGYk6V/e9GjDw7UfAyu1B41Eywdwpe5eJKvcxo+b3ImOaxgNoHd+EKRCdjCTF1CgyphCeZGwSif8p9JWyAngF6KqgqunyNooSx3zYhE=
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com (10.167.90.148) by AM3PR08MB0611.eurprd08.prod.outlook.com (10.163.188.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.239.5; Tue, 14 Nov 2017 23:27:50 +0000
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::403b:850e:c32c:fad6]) by AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::403b:850e:c32c:fad6%13]) with mapi id 15.20.0218.015; Tue, 14 Nov 2017 23:27:50 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Jari Arkko <jari.arkko@piuha.net>, Brendan Moran <Brendan.Moran@arm.com>
CC: "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] Follow-up re: my comment on charter and software sources and permissions
Thread-Index: AQHTXF9N/a/J4/ORmEqMdT8uXVlmg6MTaQiggAAFwoCAAAE3UIAABJSAgAAsmwCAAAlmAIAA3A6g
Date: Tue, 14 Nov 2017 23:27:50 +0000
Message-ID: <AM4PR0801MB27068A0ED23FC3BD85060D7BFA280@AM4PR0801MB2706.eurprd08.prod.outlook.com>
References: <D8B09F1B-81EB-4780-9039-5194C6FA4621@piuha.net> <AM4PR0801MB27061B55D93718F0B9D9DAE7FA280@AM4PR0801MB2706.eurprd08.prod.outlook.com> <937DA8F2-2F12-43F9-AAC8-D5496D0221FF@piuha.net> <AM4PR0801MB2706AE33AF4179F28C565C10FA280@AM4PR0801MB2706.eurprd08.prod.outlook.com> <CY4PR09MB14956551250680822D0F8773F0280@CY4PR09MB1495.namprd09.prod.outlook.com> <8CBFE539-BC1A-438A-9F9C-3F39B2648571@arm.com> <600738C0-9EA4-49CA-82A6-7301F5B52FBF@piuha.net>
In-Reply-To: <600738C0-9EA4-49CA-82A6-7301F5B52FBF@piuha.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com; 
x-originating-ip: [118.200.143.81]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM3PR08MB0611; 6:HX+Ywrd4HTqdNEUQ6C1Z+L20vk4rJeFm7cK9JwVEY+rAJSURd41B7STXQ5IN4mloMGMfLIGRn2JHh4GKK5Q66yGzU01RyYV6GR1NS1RuOVXritfCM2Qodq5WL+FZAlIZgsy3JZQslb3X5Ohp7437nrLEZe4bkAGtGo4NHppSJh/vr8lpKBRCSSEvBxV767IGhHLsvyteHJDTB01JWKqt05W2udXzKosZxGzlC+aQDvkBm0X8Hh1TEv/ElQoDACPSwsaQB5lHF60wAQD3n8uE1gG/7BSwu+j7u0oC/+0Jme70pDe5D4gsl0Hrr40kg6uiGx4K6BZMgdO/c1TIM2BhWiUVNvwzjhHylVkKt6cJGiY=; 5:1wGNj/1bjRWpOO6OVjPRvEeruAvdsUXr6XVXyY1euLIeg6GXaxuHrG/tqFsBkBmAI8hMwDCf+um+ubFGiXHFu1guwrDA9vMOjwWIbE+CeD5O50HdKU0QiioJbCvtmGvC5fLlXF291G3Dg6bKeCHpiKcBxKGfHPH6vfVpzlt9Kp0=; 24:sF9/SaxvdwtLLaSq0Vac+ILjkb8p1tTK90tQ2OzIBLjX+uWP+jo9pmyGIyerwrHph7vlHfdnHVFu1n014hgKr1SuTZhsmF7/ZenHx0edhZc=; 7:Hq/Fj9zN0JgPefaUGNu83SGuIiXqDGUZeflkTgkP8QQ3Rkrr86LCuqNTJzqJ90AxzimlugjYIEBc7fZDebcC7COuArM8TStxQWz5eydnsXZQDZhr6FUQ042Z81zcOY5KIwXXPQVnMfALU2dkSxznIv7amaBkjSPp3mvjRBM2iw8XZlItGUOjFFyfedH+h0dFeyxQ8M0JaUwXl+56l2iWF9RTwIOZZWYQafTtZzPZrjpVXhUb/iYjVRrAqf0oLknY
x-ms-exchange-antispam-srfa-diagnostics: SSOS;SSOR;
x-ms-office365-filtering-correlation-id: 36ddda19-f32d-42cc-c89b-08d52bb75278
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(2017052603199); SRVR:AM3PR08MB0611; 
x-ms-traffictypediagnostic: AM3PR08MB0611:
x-microsoft-antispam-prvs: <AM3PR08MB06114DEE739DBEDDED6B99E7FA280@AM3PR08MB0611.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(3231022)(3002001)(10201501046)(93006095)(93001095)(100000703101)(100105400095)(6055026)(6041248)(20161123558100)(20161123560025)(20161123562025)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123555025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:AM3PR08MB0611; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:AM3PR08MB0611; 
x-forefront-prvs: 04916EA04C
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(376002)(346002)(39860400002)(51914003)(40434004)(189002)(199003)(3280700002)(25786009)(189998001)(5250100002)(6506006)(8936002)(3660700001)(2950100002)(6636002)(6436002)(86362001)(106356001)(110136005)(68736007)(2900100001)(229853002)(105586002)(74316002)(5890100001)(99286004)(55016002)(316002)(93886005)(7736002)(97736004)(4326008)(9686003)(6246003)(53936002)(54356999)(478600001)(2906002)(72206003)(5660300001)(66066001)(7696004)(3846002)(33656002)(50986999)(102836003)(101416001)(6116002)(76176999)(14454004)(8676002)(81156014)(305945005)(81166006); DIR:OUT; SFP:1101; SCL:1; SRVR:AM3PR08MB0611; H:AM4PR0801MB2706.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 36ddda19-f32d-42cc-c89b-08d52bb75278
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Nov 2017 23:27:50.4981 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM3PR08MB0611
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/niYGlfjd1erfQI4UeEXspuYODSE>
Subject: Re: [Suit] Follow-up re: my comment on charter and software sources and permissions
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Nov 2017 23:27:56 -0000

SGkgSmFyaSwNCg0KfnNuaXB+DQoNCj4gYSBkZXZpY2UgaXMgY2FwYWJsZSBvZiBhY2NlcHRpbmcg
YSBmaXJtd2FyZSBzaWduZWQgYnkgZWl0aGVyIHlvdXIgSVQgZGVwYXJ0bWVudCBvciB0aGUgdmVu
ZG9yDQoNClRoYW5rcyBmb3IgdGhlIGNsYXJpZmljYXRpb24uIFllcywgaXQgbWFrZXMgc2Vuc2Ug
dG8gbWUgdGhhdCBhZGRpdGlvbmFsIHBhcnRpZXMgbmVlZCB0byBhcHByb3ZlIHRoZSBmaXJtd2Fy
ZSB1cGRhdGUgYXQgYSBkZXZpY2UuIFdoZXRoZXIgdGhpcyBhbHdheXMgcmVxdWlyZXMgYSBtdWx0
aS1zaWduYXR1cmUgYXBwcm9hY2ggaXMgYSBzZWNvbmRhcnkgcXVlc3Rpb24uDQoNCkNpYW8NCkhh
bm5lcw0KDQpJTVBPUlRBTlQgTk9USUNFOiBUaGUgY29udGVudHMgb2YgdGhpcyBlbWFpbCBhbmQg
YW55IGF0dGFjaG1lbnRzIGFyZSBjb25maWRlbnRpYWwgYW5kIG1heSBhbHNvIGJlIHByaXZpbGVn
ZWQuIElmIHlvdSBhcmUgbm90IHRoZSBpbnRlbmRlZCByZWNpcGllbnQsIHBsZWFzZSBub3RpZnkg
dGhlIHNlbmRlciBpbW1lZGlhdGVseSBhbmQgZG8gbm90IGRpc2Nsb3NlIHRoZSBjb250ZW50cyB0
byBhbnkgb3RoZXIgcGVyc29uLCB1c2UgaXQgZm9yIGFueSBwdXJwb3NlLCBvciBzdG9yZSBvciBj
b3B5IHRoZSBpbmZvcm1hdGlvbiBpbiBhbnkgbWVkaXVtLiBUaGFuayB5b3UuDQo=


From nobody Tue Nov 14 15:57:28 2017
Return-Path: <eckert@i4.informatik.uni-erlangen.de>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 426B71293EB for <suit@ietfa.amsl.com>; Tue, 14 Nov 2017 15:57:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level: 
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id necbXblaHVUN for <suit@ietfa.amsl.com>; Tue, 14 Nov 2017 15:57:24 -0800 (PST)
Received: from faui40.informatik.uni-erlangen.de (faui40.informatik.uni-erlangen.de [IPv6:2001:638:a000:4134::ffff:40]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5DB45126BFD for <suit@ietf.org>; Tue, 14 Nov 2017 15:57:24 -0800 (PST)
Received: from faui40p.informatik.uni-erlangen.de (faui40p.informatik.uni-erlangen.de [131.188.34.77]) by faui40.informatik.uni-erlangen.de (Postfix) with ESMTP id CBA1B58C4BD; Wed, 15 Nov 2017 00:57:19 +0100 (CET)
Received: by faui40p.informatik.uni-erlangen.de (Postfix, from userid 10463) id B64CCB0D191; Wed, 15 Nov 2017 00:57:19 +0100 (CET)
Date: Wed, 15 Nov 2017 00:57:19 +0100
From: Toerless Eckert <tte@cs.fau.de>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: Jari Arkko <jari.arkko@piuha.net>, Madjid Nakhjiri <m.nakhjiri@samsung.com>, Hannes Tschofenig <Hannes.Tschofenig@arm.com>, "suit@ietf.org" <suit@ietf.org>
Message-ID: <20171114235719.GG19390@faui40p.informatik.uni-erlangen.de>
References: <D8B09F1B-81EB-4780-9039-5194C6FA4621@piuha.net> <AM4PR0801MB27061B55D93718F0B9D9DAE7FA280@AM4PR0801MB2706.eurprd08.prod.outlook.com> <937DA8F2-2F12-43F9-AAC8-D5496D0221FF@piuha.net> <19423.1510686033@obiwan.sandelman.ca>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <19423.1510686033@obiwan.sandelman.ca>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/F68gJJZpZHQyifUqqyAn4g1MCMY>
Subject: Re: [Suit] Follow-up re: my comment on charter and software sources and permissions
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Nov 2017 23:57:26 -0000

Client<->controller connection. Allow initiation from either side,
individual client device (classes) may support only one direction.

Controller retrieves necessary information from device to make decision
what firmware to use on device. Tells device what firmware to use. URL
or direct download.

As soon as you start trying to embed firmware selection decision mechanisms
into the device itself, you've just created IMHO another dead end solution.

If you do not automate retrieval of all decision parameters that can be
automated, you are wasting money and reliability into manual processes.

Not all automated information retrieval needs to be from device itself,
a lot could be in manufacturing databases, but if you can not guarantee
that the decision maker can reliably automatically retrieve it, a protocol
with the device itself should provide this information.

yada yada yada. This is the type of architectural outline stuff i would love
to see in a firmware download RFC.


On Tue, Nov 14, 2017 at 02:00:33PM -0500, Michael Richardson wrote:
> 
> Jari Arkko <jari.arkko@piuha.net> wrote:
>     > Hannes ??? the manufacturer example was just that, an example. I
>     > definitely agree that we shouldn???t write anything about manufacturers
>     > or owners! What I???d like to have, however, is a recognition that
>     > there???s a need to support a bit more expressive power in our mechanisms
>     > to support some of the cases that can come up. I sent some suggested
>     > text earlier in this thread, but other text would work as well.
> 
> For instance, a manufacturer might provide ten different images that are
> signed.  (Different versions and/or feature sets, or even because the same
> valve controller is used in both sewage and building control...)
> 
> The operator of the building/sewage system might get to select among them.
> 
> Then iterate (recursive really) for the fact that the we might have a
> compound device which contains many such valves in different configurations,
> requiring different feature sets within the same manifest.
> 
> --
> Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
>  -= IPv6 IoT consulting =-
> 
> 
> 



> _______________________________________________
> Suit mailing list
> Suit@ietf.org
> https://www.ietf.org/mailman/listinfo/suit


-- 
---
tte@cs.fau.de


From nobody Tue Nov 14 16:22:34 2017
Return-Path: <m.nakhjiri@samsung.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 186DA129417 for <suit@ietfa.amsl.com>; Tue, 14 Nov 2017 16:22:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.791
X-Spam-Level: 
X-Spam-Status: No, score=-6.791 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral (1024-bit key) reason="invalid (public key: does not support hash algorithm 'sha256')" header.d=samsung.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id de3v_LVWEPDI for <suit@ietfa.amsl.com>; Tue, 14 Nov 2017 16:22:30 -0800 (PST)
Received: from mailout2.w2.samsung.com (mailout2.w2.samsung.com [211.189.100.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 706E51270AC for <suit@ietf.org>; Tue, 14 Nov 2017 16:22:30 -0800 (PST)
Received: from uscas1p2.samsung.com (unknown [182.198.245.207]) by mailout2.w2.samsung.com (KnoxPortal) with ESMTP id 20171115002229usoutp02ba3b7c50ddab1a57685c51ab74ad48d3~3GoLbq0dL0108401084usoutp02I; Wed, 15 Nov 2017 00:22:29 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 mailout2.w2.samsung.com 20171115002229usoutp02ba3b7c50ddab1a57685c51ab74ad48d3~3GoLbq0dL0108401084usoutp02I
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=samsung.com; s=mail20170921; t=1510705349; bh=b6by0yHLkexhWMkKzKkgfr754+vYCQooLegZbWNHD8c=; h=From:To:Cc:Subject:Date:In-reply-to:References:From; b=kQbXnLXrU2c5uOceCRjDiPmvBAxKqOfyQ93pBiNlhVliOcIeaUueZMZny21CXL9tv dCM+rY1pv7/EgeKn/VkvfnFAktOZj3dYX9ZoUjssw7cFlpAairhtb2xytHFnv5D58A 2GNHKKQN0N8TUovAdUybWvaUUSJKWQRnPefaiOAk=
Received: from ussmges4.samsung.com (u114.gpu85.samsung.co.kr [203.254.195.114]) by uscas1p2.samsung.com (KnoxPortal) with ESMTP id 20171115002228uscas1p26aaf657b4677117a7493cbd7e5470ccd~3GoK8368F0708607086uscas1p2Q; Wed, 15 Nov 2017 00:22:28 +0000 (GMT)
Received: from uscas1p1.samsung.com ( [182.198.245.206]) by ussmges4.samsung.com (USCPEMTA) with SMTP id 91.1F.00495.4C88B0A5; Tue, 14 Nov 2017 19:22:28 -0500 (EST)
Received: from ussmgxs1.samsung.com (u122.gpu85.samsung.co.kr [203.254.195.122]) by uscas1p2.samsung.com (KnoxPortal) with ESMTP id 20171115002228uscas1p2084cc6e57479ba9e3fd779369cf2ac40~3GoKhkM8Z0531505315uscas1p2i; Wed, 15 Nov 2017 00:22:28 +0000 (GMT)
X-AuditID: cbfec372-f79b46d0000001ef-56-5a0b88c453d8
Received: from usmmp1.samsung.com ( [203.254.195.77]) by ussmgxs1.samsung.com (USCPEXMTA) with SMTP id 15.68.03147.4C88B0A5; Tue, 14 Nov 2017 19:22:28 -0500 (EST)
Received: from SSI-EX3.ssi.samsung.com ([105.128.2.145]) by usmmp1.samsung.com (Oracle Communications Messaging Server 7.0.5.31.0 64bit (built May  5 2014)) with ESMTP id <0OZF007J2NPFEV10@usmmp1.samsung.com>; Tue, 14 Nov 2017 19:22:28 -0500 (EST)
Received: from SSI-EX3.ssi.samsung.com (105.128.2.228) by SSI-EX3.ssi.samsung.com (105.128.2.228) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.1.669.32; Tue, 14 Nov 2017 16:22:27 -0800
Received: from SSI-EX3.ssi.samsung.com ([fe80::8d80:5816:c578:8c36]) by SSI-EX3.ssi.samsung.com ([fe80::8d80:5816:c578:8c36%3]) with mapi id 15.01.0669.032; Tue, 14 Nov 2017 16:22:27 -0800
From: Madjid Nakhjiri <m.nakhjiri@samsung.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>, Jari Arkko <jari.arkko@piuha.net>
Cc: Madjid Nakhjiri <m.nakhjiri@samsung.com>, Hannes Tschofenig <Hannes.Tschofenig@arm.com>, "suit@ietf.org" <suit@ietf.org>
Thread-topic: [Suit] Follow-up re: my comment on charter and software sources and permissions
Thread-index: AQHTXF9D/THQVkwS+0uMpR6zxknDX6MT8NYAgAAEEYCAAM4ogP//09GA
Date: Wed, 15 Nov 2017 00:22:27 +0000
Message-id: <D630C77E.11432%m.nakhjiri@ssi.samsung.com>
In-reply-to: <19423.1510686033@obiwan.sandelman.ca>
Accept-Language: en-US
Content-language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-ms-exchange-messagesentrepresentingtype: 1
X-Originating-IP: [105.128.2.176]
Content-type: text/plain; charset="Windows-1252"
Content-id: <ECB63AE5F59C224A8938BA91C8C5A2C1@ssi.samsung.com>
Content-transfer-encoding: quoted-printable
MIME-version: 1.0
X-CFilter-Loop: Reflected
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrIKsWRmVeSWpSXmKPExsWy7djXc7pHOrijDHZf0La4OeMUk8WMfSvY LHoO9bNbzDx6m9GBxWPNvDWMHkuW/GTy2LpkOptHy5w9zAEsUVw2Kak5mWWpRfp2CVwZs9e9 YSzYLFCx9A9fA+NE3i5GTg4JAROJO3u6GSFsMYkL99azdTFycQgJLGOUmP3jHyOE08Ik8WDt d2aYjrmfWljhqnbOfQnWLiTwl1Gi5YgJROIjo0Rr4z1mCOcAo8SCT+dYQarYBPQk9s+bATZK RCBYouvQeiCbg4NZoE7izQkmkLCwQJzEzK4JUCXxErdu/mcFKRERcJP4vVwCJMwioCrR9+cf G4jNK2Aucbh3AjuIzSlgLNH6czoLiM0I9M73U2vARjILiEs0t95kgXhAUGLR7D3MMC//2/WQ DcLWkTh7/Qk0KBQlnrecZIToNZB4/WsJO4RtJ7F5UjPUTG2JJ+8usELcICjxY/I9qPmSEgdX 3GABeV1CYBG7xNzPHVALXCRefXnMDmELS7w6voV9AqPmLCT3zUKybxaSfbOQ7JuFZN8CRtZV jCKlxcW56anFJnrFibnFpXnpesn5uZsYgQnn9L/DRTsYn22wOsQowMGoxMMroMgdJcSaWFZc mXuIUYKDWUmElyEVKMSbklhZlVqUH19UmpNafIhRmoNFSZxXYebqSCGB9MSS1OzU1ILUIpgs EwenVAOjnMf+5Ml7Cg2Ote9euOFmRnoUz6JZDIqhV91XTtb48LF6j/0tifyImQa19Vafe3un b+De6nPFjHdpy37lJRGWDHvKfwvcmXS+Rn+S4bsMLbcNTz6s/CW9uGlb6KT9UR/XBHz5c33d JBWpH5ydj71Z9km/2/b+vdyHFb82hX8MzmjlvbDoZKPFaSWW4oxEQy3mouJEAIhRvq00AwAA
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrMIsWRmVeSWpSXmKPExsVy+t9hX90jHdxRBn3P+S1uzjjFZDFj3wo2 i55D/ewWM4/eZnRg8Vgzbw2jx5IlP5k8ti6ZzubRMmcPcwBLFJdNSmpOZllqkb5dAlfG7HVv GAs2C1Qs/cPXwDiRt4uRk0NCwERi7qcWVghbTOLCvfVsXYxcHEICSxglvsx8wQKSEBL4yyjx 6b8ehP2RUeLDbmuIogOMEu/mXgbrZhPQk9g/bwYziC0iECxx8kgDE4jNLFAnsfTPLbC4sECc xMyuCVA18RJPvy5n72LkALLdJH4vlwAJswioSvT9+ccGYvMKmEsc7p3ADrHrMJPE4cNLwHo5 BYwlWn9OBzuOEejq76fWQO0Sl2huvckC8Y2AxJI955khbFGJl4//QX2pI3H2+hNGCFtR4nnL SUaIXj2Jj39uQ9l2EpsnNUPN1JZ48u4CK8RBghI/Jt+Dmi8pcXDFDZYJjNKzkKyehWTULCSj ZiEZNQvJqAWMrKsYRUqLi3PTK4oN9YoTc4tL89L1kvNzNzFCor5qB+OdrzaHGAU4GJV4eAUU uaOEWBPLiitzDzFKcDArifAypAKFeFMSK6tSi/Lji0pzUosPMUpzsCiJ827cszpSSCA9sSQ1 OzW1ILUIJsvEwSnVwBjKdd3Q8lOlgJ7+JdP/sS8a2ITZ1139rVlXLub7dYH69/1MWidnlGte ylW1in/zN+aFTeym+aqTJkhOmRFcffnXxIR31vdCpVZd7uT3+zepVnSBbYl3yW3npxeVN2n1 mE//telP7WcJF1XRdq+HblV+xyd0dWit5BZ7vp1FmeW2+HTjYJ15M5RYijMSDbWYi4oTAYOK FvD2AgAA
X-CMS-MailID: 20171115002228uscas1p2084cc6e57479ba9e3fd779369cf2ac40
X-Msg-Generator: CA
CMS-TYPE: 301P
X-CMS-RootMailID: 20171114190041epcas3p3052f106b35c046f6c125a94ae34c3714
X-RootMTR: 20171114190041epcas3p3052f106b35c046f6c125a94ae34c3714
References: <D8B09F1B-81EB-4780-9039-5194C6FA4621@piuha.net> <AM4PR0801MB27061B55D93718F0B9D9DAE7FA280@AM4PR0801MB2706.eurprd08.prod.outlook.com> <937DA8F2-2F12-43F9-AAC8-D5496D0221FF@piuha.net> <CGME20171114190041epcas3p3052f106b35c046f6c125a94ae34c3714@epcas3p3.samsung.com> <19423.1510686033@obiwan.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/8_GvtVTQMlORFl189ST6XnsvvoM>
Subject: Re: [Suit] Follow-up re: my comment on charter and software sources and permissions
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Nov 2017 00:22:33 -0000

Is this an example for permissions? Or a use case for multiple signatures?

 why can=B9t sewage versus building control information be included in
metadata (manifest) of the image? The devices come with model numbers and
the device configuration would know based on the metadata whether it
should install a package or not. Plus, I would think the device would be
notified that an update is available and then it goes and pulls the
update. Rather than a distribution server just blasts data to all devices
(sewage or building  and it is up to each device to figure out whether it
is the target for an image or not. I am not sure if that is the most
efficient way to handle network bandwidth or device battery/ bandwidth.



Regards,
Madjid Nakhjiri,=20
Sr. Director, ARTIK Security Architect




On 11/14/17, 11:00 AM, "Suit on behalf of Michael Richardson"
<suit-bounces@ietf.org on behalf of mcr+ietf@sandelman.ca> wrote:

>
>Jari Arkko <jari.arkko@piuha.net> wrote:
>    > Hannes =8B the manufacturer example was just that, an example. I
>    > definitely agree that we shouldn=B9t write anything about
>manufacturers
>    > or owners! What I=B9d like to have, however, is a recognition that
>    > there=B9s a need to support a bit more expressive power in our
>mechanisms
>    > to support some of the cases that can come up. I sent some suggested
>    > text earlier in this thread, but other text would work as well.
>
>For instance, a manufacturer might provide ten different images that are
>signed.  (Different versions and/or feature sets, or even because the same
>valve controller is used in both sewage and building control...)
>
>The operator of the building/sewage system might get to select among them.
>
>Then iterate (recursive really) for the fact that the we might have a
>compound device which contains many such valves in different
>configurations,
>requiring different feature sets within the same manifest.
>
>--
>Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
> -=3D IPv6 IoT consulting =3D-
>
>
>


From nobody Wed Nov 15 09:16:17 2017
Return-Path: <dwheeler@dwheeler.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 445C51272E1 for <suit@ietfa.amsl.com>; Wed, 15 Nov 2017 09:16:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.721
X-Spam-Level: 
X-Spam-Status: No, score=-0.721 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hstsIEhmr5G8 for <suit@ietfa.amsl.com>; Wed, 15 Nov 2017 09:16:14 -0800 (PST)
Received: from aibo.runbox.com (aibo.runbox.com [91.220.196.211]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 919E61200F1 for <suit@ietf.org>; Wed, 15 Nov 2017 09:16:14 -0800 (PST)
Received: from [10.9.9.129] (helo=rmmprod07.runbox) by mailtransmit03.runbox with esmtp (Exim 4.86_2) (envelope-from <dwheeler@dwheeler.com>) id 1eF1IJ-0001vR-Jo for suit@ietf.org; Wed, 15 Nov 2017 18:16:11 +0100
Received: from mail by rmmprod07.runbox with local (Exim 4.86_2) (envelope-from <dwheeler@dwheeler.com>) id 1eF1IJ-0004Rb-Ic for suit@ietf.org; Wed, 15 Nov 2017 18:16:11 +0100
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Received: from [Authenticated user (258406)] by runbox.com with http (RMM6); for <suit@ietf.org>; Wed, 15 Nov 2017 17:16:11 GMT
From: "David A. Wheeler" <dwheeler@dwheeler.com>
To: "suit" <suit@ietf.org>
Date: Wed, 15 Nov 2017 12:16:11 -0500 (EST)
X-Mailer: RMM6
Message-Id: <E1eF1IJ-0004Rb-Ic@rmmprod07.runbox>
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/tr1WeIJD63uZp6wIZTcJjKENi-o>
Subject: [Suit] Make it clear that end-users MUST be able to NOT update
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Nov 2017 17:16:16 -0000

I think a vitally-important requirement is that end-users MUST be able to N=
OT update software.

In many cases, it's valuable to automatically update software, and
internet-connected devices make that relatively easy.

But there are many situations where updates must NOT occur.
There's a disturbing trend where people who own the devices are
increasingly not allowed to control them.  In the end, the end-user/owner
should be able to decide if updates are acceptable, and when.

Thanks.

--- David A. Wheeler


From nobody Wed Nov 15 09:29:56 2017
Return-Path: <m.nakhjiri@samsung.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC1D01275F4 for <suit@ietfa.amsl.com>; Wed, 15 Nov 2017 09:29:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.79
X-Spam-Level: 
X-Spam-Status: No, score=-6.79 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIM_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral (1024-bit key) reason="invalid (public key: does not support hash algorithm 'sha256')" header.d=samsung.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 26M97l_HTRtM for <suit@ietfa.amsl.com>; Wed, 15 Nov 2017 09:29:52 -0800 (PST)
Received: from mailout2.w2.samsung.com (mailout2.w2.samsung.com [211.189.100.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D4DB8126CD8 for <suit@ietf.org>; Wed, 15 Nov 2017 09:29:52 -0800 (PST)
Received: from uscas1p1.samsung.com (unknown [182.198.245.206]) by mailout2.w2.samsung.com (KnoxPortal) with ESMTP id 20171115172951usoutp02d32958aa57c98c36763fc1d1785bdfba~3UpMSWgW01218912189usoutp02A; Wed, 15 Nov 2017 17:29:51 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 mailout2.w2.samsung.com 20171115172951usoutp02d32958aa57c98c36763fc1d1785bdfba~3UpMSWgW01218912189usoutp02A
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=samsung.com; s=mail20170921; t=1510766991; bh=F9mbESQVMQePuyGCTv4XeM//qTsXv+uNtnJ8DCycdh4=; h=From:To:Cc:Subject:Date:In-reply-to:References:From; b=EaTeP6C2ZVPguUyXXP4nICKIIlPpio5ykPbv47pxjQbdnT6+8LKvb+ckx0nziyjn0 Ba1oBYaoyX+92JruRoSqlnGYbDsYurVKMG5EynRtgBfm7QcV95gffmESjzNIT2NStg cjps8cfyMGvka/fVz2afL8/tUqXa2ssK59mupoGM=
Received: from ussmges1.samsung.com (u109.gpu85.samsung.co.kr [203.254.195.109]) by uscas1p2.samsung.com (KnoxPortal) with ESMTP id 20171115172951uscas1p26b22c73f7213bdd7b651b3a8000805e5~3UpLtc_OJ1327113271uscas1p2v; Wed, 15 Nov 2017 17:29:51 +0000 (GMT)
Received: from uscas1p2.samsung.com ( [182.198.245.207]) by ussmges1.samsung.com (USCPEMTA) with SMTP id 47.EA.32262.E897C0A5; Wed, 15 Nov 2017 12:29:50 -0500 (EST)
Received: from ussmgxs2.samsung.com (u123.gpu85.samsung.co.kr [203.254.195.123]) by uscas1p2.samsung.com (KnoxPortal) with ESMTP id 20171115172950uscas1p201dabdac460b71a92d1265cb9cc6cc6c~3UpLY_4TU1771517715uscas1p2M; Wed, 15 Nov 2017 17:29:50 +0000 (GMT)
X-AuditID: cbfec36d-f79696d000007e06-ce-5a0c798e1ee6
Received: from usmmp1.samsung.com ( [203.254.195.77]) by ussmgxs2.samsung.com (USCPEXMTA) with SMTP id 12.2A.02551.E897C0A5; Wed, 15 Nov 2017 12:29:50 -0500 (EST)
Received: from SSI-EX3.ssi.samsung.com ([105.128.2.146]) by usmmp1.samsung.com (Oracle Communications Messaging Server 7.0.5.31.0 64bit (built May  5 2014)) with ESMTP id <0OZG00888Z9PX870@usmmp1.samsung.com>; Wed, 15 Nov 2017 12:29:50 -0500 (EST)
Received: from SSI-EX3.ssi.samsung.com (105.128.2.228) by SSI-EX3.ssi.samsung.com (105.128.2.228) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.1.669.32; Wed, 15 Nov 2017 09:29:49 -0800
Received: from SSI-EX3.ssi.samsung.com ([fe80::8d80:5816:c578:8c36]) by SSI-EX3.ssi.samsung.com ([fe80::8d80:5816:c578:8c36%3]) with mapi id 15.01.0669.032; Wed, 15 Nov 2017 09:29:49 -0800
From: Madjid Nakhjiri <m.nakhjiri@samsung.com>
To: Brendan Moran <Brendan.Moran@arm.com>, Jari Arkko <jari.arkko@piuha.net>
Cc: "suit@ietf.org" <suit@ietf.org>
Thread-topic: [Suit] Follow-up re: my comment on charter and software sources and permissions
Thread-index: AQHTXF9D/THQVkwS+0uMpR6zxknDX6MT8NYAgAAEEYCAAAFyAIAABFmAgAAsmwCAAAllAIAAD2uAgAF10AA=
Date: Wed, 15 Nov 2017 17:29:49 +0000
Message-id: <D631B8E8.1146D%m.nakhjiri@ssi.samsung.com>
In-reply-to: <5C4D0511-FF52-44E9-AC6B-09A7F3280C46@arm.com>
Accept-Language: en-US
Content-language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-ms-exchange-messagesentrepresentingtype: 1
X-Originating-IP: [105.128.2.176]
Content-type: text/plain; charset="iso-8859-1"
Content-id: <FF9C6A419E8F1A4EAC771C30FCD2A38E@ssi.samsung.com>
Content-transfer-encoding: quoted-printable
MIME-version: 1.0
X-CFilter-Loop: Reflected
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprBKsWRmVeSWpSXmKPExsWy7djX87p9lTxRBitnGFocmraY2WLGvhVs FjOP3mZ0YPZYM28No8eSJT+ZPLYumc4WwBzFZZOSmpNZllqkb5fAlXFx12amglkCFW2HnzA2 ME7h7WLk5JAQMJGY/HUPE4QtJnHh3no2EFtIYBmjROfVpC5GLiC7hUmi98sWZpiG1aunMUEk gIr+t59ihnD+MkqseL2EGaL9I6PEjMNOEIkDjBJ3Xm8Hm8smoCexf94MsCIRAR+JzdvegsWZ BZQl3n1tZgSxhQXiJGZ2TYCqiZe4dfM/K4SdIvFs5yswm0VAVaJh2jkwm1fAXGL/4jlgvZwC 1hIH59xlAbEZgf75fmoNE8R8cYnm1pssEC8ISiyavYcZ5ud/ux6yQdg6EmevP2GEsBUlnrec ZITo1ZO40nCCBcK2k1jweSFUXFviybsLUDcISvyYfA9qvqTEwRU3WECelxCYzC6xYv1FoCIO IMdFoudUDUSNsMSr41vYJzBqzkJy3iwk62YhWTcLybpZSNYtYGRdxShSWlycm55abKhXnJhb XJqXrpecn7uJEZheTv87nLuDcfbugEOMAhyMSjy8F+J5ooRYE8uKK3MPMUpwMCuJ8LqUAYV4 UxIrq1KL8uOLSnNSiw8xSnOwKInzKsxcHSkkkJ5YkpqdmlqQWgSTZeLglGpglMx8ur9b8Bvn 4avrTgcoiYuJHlFs7NYxt//0kGGjQXvoulf9v6yYbigwZCaKLRd79LjgY63PX8eWPb8F2y0P 20xYN2GHzhJ/V66pJVf3vtgRonVTbu4UtZ2xLrrpDYzqSz9WLnW2UxGzNOybVHEle+GL6FJN Bc6W9dOi/PYvD8qxeV/2vP2hEktxRqKhFnNRcSIAYId6DisDAAA=
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrLIsWRmVeSWpSXmKPExsVy+t9hX92+Sp4og7MLlCwOTVvMbDFj3wo2 i5lHbzM6MHusmbeG0WPJkp9MHluXTGcLYI7isklJzcksSy3St0vgyri4azNTwSyBirbDTxgb GKfwdjFyckgImEisXj2NCcIWk7hwbz1bFyMXh5DAEkaJGc1LGCGcv4wSm5evgHI+MkrM23GR BcI5wCjRf+UhK0g/m4CexP55M5hBbBEBH4nN296ygdjMAsoS7742M4LYwgJxEjO7JkDVxEs8 /bqcHcJOkXh25DvYHBYBVYmGaefAbF4Bc4n9i+dAbb7JIvHr1hOwQZwC1hIH59xlAbEZgQ7/ fmoNE8QycYnm1pssEA8JSCzZc54ZwhaVePn4HyuErSNx9jrEHAkBRYnnLScZIXp1JHq/f2OG sO0kFnxeCBXXlnjy7gLUQYISPybfg5ovKXFwxQ2WCYzSs5CsnoVk1Cwko2YhGTULyagFjKyr GEVKi4tz0yuKjfSKE3OLS/PS9ZLzczcxQiK9egfj3a82hxgFOBiVeHgvxPNECbEmlhVX5h5i lOBgVhLhdSkDCvGmJFZWpRblxxeV5qQWH2KU5mBREufduGd1pJBAemJJanZqakFqEUyWiYNT qoFR/OttvS4eI/cbVUXObkFH52uulotXbVp5sTTzYtvX4l0/V1TVCv2R15v8T8/95z/Dgk/e G0+trK/7/lfnjMXqbK3dxVsazz2LECj6e8qu0nZ2dWT339eVnOvj+Fi+aDy1ZD+odX8hn+rR ku3R0p//C/PHcC/3O5P0d4a01b+6lIk/LvjW3hRUYinOSDTUYi4qTgQA+gGuw/ACAAA=
X-CMS-MailID: 20171115172950uscas1p201dabdac460b71a92d1265cb9cc6cc6c
X-Msg-Generator: CA
CMS-TYPE: 301P
X-CMS-RootMailID: 20171114111212epcas3p4102e1ba40c89dd5095b2b5f1096e309b
X-RootMTR: 20171114111212epcas3p4102e1ba40c89dd5095b2b5f1096e309b
References: <D8B09F1B-81EB-4780-9039-5194C6FA4621@piuha.net> <AM4PR0801MB27061B55D93718F0B9D9DAE7FA280@AM4PR0801MB2706.eurprd08.prod.outlook.com> <937DA8F2-2F12-43F9-AAC8-D5496D0221FF@piuha.net> <AM4PR0801MB2706AE33AF4179F28C565C10FA280@AM4PR0801MB2706.eurprd08.prod.outlook.com> <CY4PR09MB14956551250680822D0F8773F0280@CY4PR09MB1495.namprd09.prod.outlook.com> <8CBFE539-BC1A-438A-9F9C-3F39B2648571@arm.com> <600738C0-9EA4-49CA-82A6-7301F5B52FBF@piuha.net> <CGME20171114111212epcas3p4102e1ba40c89dd5095b2b5f1096e309b@epcas3p4.samsung.com> <5C4D0511-FF52-44E9-AC6B-09A7F3280C46@arm.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/PDE-kqAFP_MNMebgazYZsaTOJEw>
Subject: Re: [Suit] Follow-up re: my comment on charter and software sources and permissions
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Nov 2017 17:29:56 -0000

Hi Brendan,=20

Sorry for jumping in. to me =B3Author=B2 has more to do with the source
(signing), whereas =B3 authority=B2 has more to do with the operations:
distribution server the image came from, or polled the device to go fetch
the update (e.g. Device management operator). So depends on what you want
to mean!!
Still, I have a hard time to see how some of the permissions are enforced.


Regards,
Madjid Nakhjiri,=20
Sr. Director, ARTIK Security Architect




On 11/14/17, 3:11 AM, "Suit on behalf of Brendan Moran"
<suit-bounces@ietf.org on behalf of Brendan.Moran@arm.com> wrote:

>> On 14 Nov 2017, at 10:16, Jari Arkko <jari.arkko@piuha.net> wrote:
>>
>>
>>> While I am happy with Jari=B9s text in principle, I=B9d like to know wh=
at
>>>he intended by =B3software sources=B2 prior to inclusion in the charter
>>>text.
>>
>> I meant the abstract notion of being able to process images that came
>>possibly from different entities (e.g., a device is capable of accepting
>>a firmware signed by either your IT department or the vendor). I did
>>*not* mean software sources in any server, TFTP-server IP address or
>>similar sense :-)
>>
>> Jari
>
>Hi Jari,
>That is what I suspected. Would it be alright to change the phrasing to
>either of these so it=B9s a bit more clear?
>
>> "The format is expected to be expressive enough to allow the use of
>>diverse update authorities and permission models."
>OR
>> "The format is expected to be expressive enough to allow the use of
>>diverse update authors and permission models."
>
>Best Regards,
>Brendan
>IMPORTANT NOTICE: The contents of this email and any attachments are
>confidential and may also be privileged. If you are not the intended
>recipient, please notify the sender immediately and do not disclose the
>contents to any other person, use it for any purpose, or store or copy
>the information in any medium. Thank you.
>_______________________________________________
>Suit mailing list
>Suit@ietf.org
>https://www.ietf.org/mailman/listinfo/suit


From nobody Wed Nov 15 09:39:26 2017
Return-Path: <m.nakhjiri@samsung.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 98C6D1273E2 for <suit@ietfa.amsl.com>; Wed, 15 Nov 2017 09:39:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.79
X-Spam-Level: 
X-Spam-Status: No, score=-6.79 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIM_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral (1024-bit key) reason="invalid (public key: does not support hash algorithm 'sha256')" header.d=samsung.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pUFD1TXtNKqs for <suit@ietfa.amsl.com>; Wed, 15 Nov 2017 09:39:23 -0800 (PST)
Received: from mailout2.w2.samsung.com (mailout2.w2.samsung.com [211.189.100.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 11CEC1200F1 for <suit@ietf.org>; Wed, 15 Nov 2017 09:39:22 -0800 (PST)
Received: from uscas1p1.samsung.com (unknown [182.198.245.206]) by mailout2.w2.samsung.com (KnoxPortal) with ESMTP id 20171115173922usoutp02288ab74be2c77bc66c4c5796af39d8df~3Uxfwsdsi1749517495usoutp02F; Wed, 15 Nov 2017 17:39:22 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 mailout2.w2.samsung.com 20171115173922usoutp02288ab74be2c77bc66c4c5796af39d8df~3Uxfwsdsi1749517495usoutp02F
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=samsung.com; s=mail20170921; t=1510767562; bh=0W9pEH7bJlVBIEnDwJLKBQEx41mxdN86jZnlB3aTXDo=; h=From:To:Cc:Subject:Date:In-reply-to:References:From; b=dU7Dt/1qRx5O3HhfHX1HSh6wu3/MbKFvIb5iXOPdoeBcavDfU9CgDMK+2VYD3B/7i e1eAAKvFEKl4OEYBemL1dXRgAyTJwrrd3opATt373OVCIofPvntfZ8BC0BGjJZfnXQ KtiST+H8GOsREd9VFFwAW3labkNSlrClWvfZpT2I=
Received: from ussmges4.samsung.com (u114.gpu85.samsung.co.kr [203.254.195.114]) by uscas1p2.samsung.com (KnoxPortal) with ESMTP id 20171115173922uscas1p2bbfad97b3943f4d7b91a26ae5355c3d2~3UxfpEbd62219522195uscas1p2j; Wed, 15 Nov 2017 17:39:22 +0000 (GMT)
Received: from uscas1p2.samsung.com ( [182.198.245.207]) by ussmges4.samsung.com (USCPEMTA) with SMTP id 34.F7.00495.ACB7C0A5; Wed, 15 Nov 2017 12:39:22 -0500 (EST)
Received: from ussmgxs3.samsung.com (u124.gpu85.samsung.co.kr [203.254.195.124]) by uscas1p1.samsung.com (KnoxPortal) with ESMTP id 20171115173921uscas1p128c691d9f8c0d66b65e37fdc074977a2~3UxfTAN401192211922uscas1p1e; Wed, 15 Nov 2017 17:39:21 +0000 (GMT)
X-AuditID: cbfec372-f79b46d0000001ef-4d-5a0c7bca7978
Received: from usmmp2.samsung.com ( [203.254.195.78]) by ussmgxs3.samsung.com (USCPEXMTA) with SMTP id BE.B8.02102.9CB7C0A5; Wed, 15 Nov 2017 12:39:21 -0500 (EST)
Received: from SSI-EX4.ssi.samsung.com ([105.128.2.145]) by usmmp2.samsung.com (Oracle Communications Messaging Server 7.0.5.31.0 64bit (built May  5 2014)) with ESMTP id <0OZG004IEZPLUI70@usmmp2.samsung.com>; Wed, 15 Nov 2017 12:39:21 -0500 (EST)
Received: from SSI-EX3.ssi.samsung.com (105.128.2.228) by SSI-EX4.ssi.samsung.com (105.128.2.229) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.1.669.32; Wed, 15 Nov 2017 09:39:20 -0800
Received: from SSI-EX3.ssi.samsung.com ([fe80::8d80:5816:c578:8c36]) by SSI-EX3.ssi.samsung.com ([fe80::8d80:5816:c578:8c36%3]) with mapi id 15.01.0669.032; Wed, 15 Nov 2017 09:39:20 -0800
From: Madjid Nakhjiri <m.nakhjiri@samsung.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>, Madjid Nakhjiri <m.nakhjiri@samsung.com>
Cc: Russ Housley <housley@vigilsec.com>, "suit@ietf.org" <suit@ietf.org>
Thread-topic: [Suit] Quantum resistance in firmware formats
Thread-index: AQHTWjMeLRxOFmcmCkK5kHIWXf5Q5qMOVhoAgAAbNYCAAExiAP//e+aAgAHCXoCABcD5gA==
Date: Wed, 15 Nov 2017 17:39:20 +0000
Message-id: <D631BA68.11474%m.nakhjiri@ssi.samsung.com>
In-reply-to: <6384.1510422441@obiwan.sandelman.ca>
Accept-Language: en-US
Content-language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-ms-exchange-messagesentrepresentingtype: 1
X-Originating-IP: [105.128.2.176]
Content-type: text/plain; charset="us-ascii"
Content-id: <180793C05B89024BA3B1B6BC74B3204C@ssi.samsung.com>
Content-transfer-encoding: quoted-printable
MIME-version: 1.0
X-CFilter-Loop: Reflected
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprGKsWRmVeSWpSXmKPExsWy7djX87qnqnmiDB6fZLZ49eImu0XPoX52 i5lHbzM6MHssWfKTyaNlzh5mj1V3vrAGMEdx2aSk5mSWpRbp2yVwZbx9/J+9YDV/RVffC/YG xj6eLkZODgkBE4nNn6cxQ9hiEhfurWfrYuTiEBJYxiix9/UaRginhUni+r0NbDAdveuWM4LY YFU3umMgiv4ySixd/JwJIvGRUeLXtmoI+wCjxKQVASA2m4CexP55M8DWiQhESWxYsRFsELOA h8Tmt7/AFggLWEncurSXHaLGWqKrZTmQzQFkR0hc/SQNEmYRUJW4smE6WCuvgLnEjoW9rCAl nAJGEtNPRIGEGYGe+X5qDRPEdHGJ5tabLBDnC0osmr0H7uF/ux5CvaUjcfb6E0YIW1HiectJ qMuA4sfWQdl2EgsnL2OFsLUlnry7wApxgqDEj8n3oOZLShxccYMFFCQSApPZJV693Ai1wEXi 3Y2rTBC2sMSr41vYJzBqzkJy3ywk+2Yh2TcLyb5ZSPYtYGRdxShSWlycm55abKJXnJhbXJqX rpecn7uJEZhaTv87XLSD8dkGq0OMAhyMSjy8F+J5ooRYE8uKK3MPMUpwMCuJ8LqUAYV4UxIr q1KL8uOLSnNSiw8xSnOwKInzKsxcHSkkkJ5YkpqdmlqQWgSTZeLglGpgjPe/q/oiIkF0fcZS u1kxekntEqYpnx+dWaUwNfK3cG3+mrTU2UvnTVt0Y2ODhs+ZgmrD3KkKrCH69U7dt2yuFP+8 OO+mxOXj+20my6ZvY/KqfCDDw1Gl8C3lxeF5CgZrzx1b/myZQeBBW9ZuhlObK99lBc+bkrqY qXaV2V5R5ezrkTfVO40UlViKMxINtZiLihMBm+dMECkDAAA=
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrNIsWRmVeSWpSXmKPExsVy+t9hP92T1TxRBn2TtCxevbjJbtFzqJ/d YubR24wOzB5Llvxk8miZs4fZY9WdL6wBzFFcNimpOZllqUX6dglcGW8f/2cvWM1f0dX3gr2B sY+ni5GTQ0LARKJ33XJGCFtM4sK99WxdjFwcQgJLGCU+9h1ghHD+MkqcXHuIBcL5yCix6tpq qLIDjBJndt4C62cT0JPYP28GM4gtIhAlsXXXDSYQm1nAQ2Lz219sILawgJXErUt72SFqrCW6 WpYD2RxAdoTErbumIGEWAVWJKxumg43kFTCX2LGwlxVi1wcmicUH2thA6jkFjCSmn4gCqWEE Ovv7qTVQq8QlmltvskC8IyCxZM95ZghbVOLl43+sELaOxNnrT6BeVpR43nKSEaJXS2L9zuNQ c+wkFk5exgpha0s8eXeBFeIeQYkfk+9BzZeUOLjiBssERulZSFbPQjJqFpJRs5CMmoVk1AJG 1lWMIqXFxbnpFcXGesWJucWleel6yfm5mxghUV6zg/HeV5tDjAIcjEo8vBfieaKEWBPLiitz DzFKcDArifC6lAGFeFMSK6tSi/Lji0pzUosPMUpzsCiJ827cszpSSCA9sSQ1OzW1ILUIJsvE wSnVwLh23/Ut3fYbdI6ZzbC8tfz5Mt4DS6P3vHjjsEfzWFaWRtfybbfM7n2WVnkWbHNimdMV n5LkqaGvexvvGia6J+yIMElg3NT1vr1IwOwr31bfhSx1j2W9W40qrC7alikL96TWchyui2Lk UM/5s06W073fYFnDFt1zW5Lv5L6+EqrxXbdgW+XmWiWW4oxEQy3mouJEALo46bbuAgAA
X-CMS-MailID: 20171115173921uscas1p128c691d9f8c0d66b65e37fdc074977a2
X-Msg-Generator: CA
CMS-TYPE: 301P
X-CMS-RootMailID: 20171110224828epcas2p4b29c2e1e0a6e9eaecc89e4c6c178256c
X-RootMTR: 20171110224828epcas2p4b29c2e1e0a6e9eaecc89e4c6c178256c
References: <21176.1510325360@obiwan.sandelman.ca> <74B896C8-2C93-4AEB-9508-69E8CE5CB7CE@vigilsec.com> <8387.1510337691@obiwan.sandelman.ca> <CGME20171110224828epcas2p4b29c2e1e0a6e9eaecc89e4c6c178256c@epcas2p4.samsung.com> <6FFC42C7-5049-432B-B608-598D2596B3A2@vigilsec.com> <D62B6E19.11193%m.nakhjiri@ssi.samsung.com> <6384.1510422441@obiwan.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/mLuQ9yfIDXI8IZl9WsNvzUL-1Xs>
Subject: Re: [Suit] Quantum resistance in firmware formats
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Nov 2017 17:39:26 -0000

Hi Michael,

So SHA-256 is just the hash, but I was referring to the signature
algorithm (Lamport, Diffie,
Winternitz, and Merkle (LDWM)) that requires its own public/private key
pair. So I need to use LDWM private key to sign and public key to verify?
The questions are: 1) is LDWM quantum resistant? And more importantly 2)
and 3) here
2) Is there an HSM out there today that hosts a LDWM private key signing
storage and operation?
3) Do I have accelerate the LDWM public key verification or just run it in
SW? And in the latter case, which crypto libraries support LDWM?

If I am going to go to my implementer and ask to implement this, there is
little implementation guidance..

Regards,
Madjid Nakhjiri,=20
Sr. Director, ARTIK Security Architect




On 11/11/17, 9:47 AM, "Michael Richardson" <mcr+ietf@sandelman.ca> wrote:

>
>Madjid Nakhjiri <m.nakhjiri@samsung.com> wrote:
>    > Has been a long time. Are there SOCs out there with quantum
>resistant
>    > signature algorithm support?
>
>As Carsten said, we can run SHA256-based merkle-tree algorithms today.
>
>There are some quantum resistant asymmetric methods which are being
>development (NIST is having a competition I think), but my understanding
>that
>none have the confidence we need, and there are IPR on some of them.
>
>So, I think that I agree strongly with Russ.
>
>Russ said:
>    >> If we do not deploy a quantum-resistant signature algorithm now,
>then
>    >> we will not be able to trust the signature on the firmware that
>    >> deploys the next generation of cryptographic algorithm after a
>    >> large-scale quantum computer gets invented.  We need to deploy this
>    >> protection now.  We will not get enough notice to roll it out
>later.
>    >> Look how long it too to transition away from SHA-1.
>
>
>--
>Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
> -=3D IPv6 IoT consulting =3D-
>
>
>


From nobody Wed Nov 15 09:43:30 2017
Return-Path: <m.nakhjiri@samsung.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A78F1274A5 for <suit@ietfa.amsl.com>; Wed, 15 Nov 2017 09:43:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.79
X-Spam-Level: 
X-Spam-Status: No, score=-6.79 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIM_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral (1024-bit key) reason="invalid (public key: does not support hash algorithm 'sha256')" header.d=samsung.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V8yV1aDnU1hp for <suit@ietfa.amsl.com>; Wed, 15 Nov 2017 09:43:26 -0800 (PST)
Received: from mailout1.w2.samsung.com (mailout1.w2.samsung.com [211.189.100.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ADD8C1200F1 for <suit@ietf.org>; Wed, 15 Nov 2017 09:43:26 -0800 (PST)
Received: from uscas1p1.samsung.com (unknown [182.198.245.206]) by mailout1.w2.samsung.com (KnoxPortal) with ESMTP id 20171115174325usoutp01df8d922c5c38bc9acc2ab3ee4b37b1cf~3U1CXL_Tt2275722757usoutp01f; Wed, 15 Nov 2017 17:43:25 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 mailout1.w2.samsung.com 20171115174325usoutp01df8d922c5c38bc9acc2ab3ee4b37b1cf~3U1CXL_Tt2275722757usoutp01f
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=samsung.com; s=mail20170921; t=1510767805; bh=FMaYmiQ8zdU1mxmxruJ58VUP4um9bcon0UuZ4HdwSL4=; h=From:To:Cc:Subject:Date:In-reply-to:References:From; b=Q2Xf3IYGZUD/Ilmm4eP0I1aWFfnj9yrvMY+xvHTSI2x17OmdkHdrNC/9DzGSVFsOY C4PEdiP13YgXCS5kVBkZ58nQ/nol1Z9G1OJHIA5ZiQQcEwP+vn62sPiwHoWIr8Ziqn BVOpgTmxhtgx1W+9dvW6KWoSeEHL3gANCieJcyqE=
Received: from ussmges4.samsung.com (u114.gpu85.samsung.co.kr [203.254.195.114]) by uscas1p1.samsung.com (KnoxPortal) with ESMTP id 20171115174325uscas1p1c52a9c548fd29f5c2acaa75ee96a1ca1~3U1CPaGUD0850208502uscas1p1Y; Wed, 15 Nov 2017 17:43:25 +0000 (GMT)
Received: from uscas1p2.samsung.com ( [182.198.245.207]) by ussmges4.samsung.com (USCPEMTA) with SMTP id D3.28.00495.DBC7C0A5; Wed, 15 Nov 2017 12:43:25 -0500 (EST)
Received: from ussmgxs2.samsung.com (u123.gpu85.samsung.co.kr [203.254.195.123]) by uscas1p1.samsung.com (KnoxPortal) with ESMTP id 20171115174324uscas1p176251c23a74f982f8f99f0c992ce0ee1~3U1BXubE91274112741uscas1p1D; Wed, 15 Nov 2017 17:43:24 +0000 (GMT)
X-AuditID: cbfec372-f79b46d0000001ef-f8-5a0c7cbd5985
Received: from usmmp2.samsung.com ( [203.254.195.78]) by ussmgxs2.samsung.com (USCPEXMTA) with SMTP id 70.3A.02551.CBC7C0A5; Wed, 15 Nov 2017 12:43:24 -0500 (EST)
Received: from SSI-EX4.ssi.samsung.com ([105.128.2.145]) by usmmp2.samsung.com (Oracle Communications Messaging Server 7.0.5.31.0 64bit (built May  5 2014)) with ESMTP id <0OZG005CXZWBBU70@usmmp2.samsung.com>; Wed, 15 Nov 2017 12:43:24 -0500 (EST)
Received: from SSI-EX3.ssi.samsung.com (105.128.2.228) by SSI-EX4.ssi.samsung.com (105.128.2.229) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.1.669.32; Wed, 15 Nov 2017 09:43:23 -0800
Received: from SSI-EX3.ssi.samsung.com ([fe80::8d80:5816:c578:8c36]) by SSI-EX3.ssi.samsung.com ([fe80::8d80:5816:c578:8c36%3]) with mapi id 15.01.0669.032; Wed, 15 Nov 2017 09:43:23 -0800
From: Madjid Nakhjiri <m.nakhjiri@samsung.com>
To: Carsten Bormann <cabo@tzi.org>, Madjid Nakhjiri <m.nakhjiri@samsung.com>
Cc: Russ Housley <housley@vigilsec.com>, Michael Richardson <mcr+ietf@sandelman.ca>, "suit@ietf.org" <suit@ietf.org>
Thread-topic: [Suit] Quantum resistance in firmware formats
Thread-index: AQHTWjMeLRxOFmcmCkK5kHIWXf5Q5qMOVhoAgAAbNYCAAExiAP//e+aAgAF3egCABgz9gA==
Date: Wed, 15 Nov 2017 17:43:23 +0000
Message-id: <D631BC41.11484%m.nakhjiri@ssi.samsung.com>
In-reply-to: <F91D5062-E690-47CC-AD3C-9FA15017B485@tzi.org>
Accept-Language: en-US
Content-language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-ms-exchange-messagesentrepresentingtype: 1
X-Originating-IP: [105.128.2.176]
Content-type: text/plain; charset="iso-8859-1"
Content-id: <785068434847844BAEA82DF62A9A21D5@ssi.samsung.com>
Content-transfer-encoding: quoted-printable
MIME-version: 1.0
X-CFilter-Loop: Reflected
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrAKsWRmVeSWpSXmKPExsWy7djX87p7a3iiDK4eEbM4MuUuq8WrFzfZ LXoO9bNbzDx6m9GBxWPJkp9MHi1z9jB7TFuU6bHqzhfWAJYoLpuU1JzMstQifbsEroxda9wL XnJUbF6yirWBsYe9i5GTQ0LAROLb5yXMELaYxIV769m6GLk4hASWMUpcbp3DDuG0MEmsvNfC 2MXIAdbxeGMBXNG9H80sEM5fRolvK08xQjgfGSXWbf7ADOEcYJSYc2czG8gSNgE9if3zZoAt FBHwkXh/4wojiM0sUCZxq68L7ChhASuJW5f2skPUWEt0tSyHsiMklv7+ywpyBouAqsSs7QEg Jq+AucTD5/EgFZxA1affL2MBsRmB3vl+ag0TxHRxiebWmywQbwpKLJq9B+7lf7seskHYOhJn rz9hhLAVJZ63nIS6TE/iSsMJFgjbTuJm+yF2CFtb4sm7C6wgNi/QzB+T70HNl5Q4uOIGOFAk BJaxS2xf3Qk11EVi0q4jULawxKvjW9gnMGrOQnLfLCT7ZiHZNwvJvllI9i1gZF3FKFJaXJyb nlpsolecmFtcmpeul5yfu4kRmG5O/ztctIPx2QarQ4wCHIxKPLwX4nmihFgTy4orcw8xSnAw K4nwupQBhXhTEiurUovy44tKc1KLDzFKc7AoifMqzFwdKSSQnliSmp2aWpBaBJNl4uCUamBk vHR06ZnknPIulqRr6zQkBaw/zXpun9oxUb1clK+6bfWWe3uSd1uc3aa2f2aP7IOei2ELFBbx +NVu/c0gLxQm/lLOt3Jfk4mY7ba9X9Ucv77doHLr2sRvViwnoyS8rslHigYv/vBmbnr218w7 En/1dly0+HPojfyG+Pc6j7SYHk+JtN8848V1JZbijERDLeai4kQAys1XnjMDAAA=
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrIIsWRmVeSWpSXmKPExsVy+t9hP909NTxRBmu3SFkcmXKX1eLVi5vs Fj2H+tktZh69zejA4rFkyU8mj5Y5e5g9pi3K9Fh15wtrAEsUl01Kak5mWWqRvl0CV8auNe4F LzkqNi9ZxdrA2MPexcjBISFgIvF4Y0EXIyeQKSZx4d56ti5GLg4hgSWMEqe3PWeCcP4ySjz5 eJUFwvnIKPH49S1WkBYhgQOMEn03uEFsNgE9if3zZjCD2CICPhLvb1xhBLGZBcokdq0/xwJi CwtYSdy6tJcdosZaoqtlOZQdIXH00BpWkItYBFQlZm0PADF5BcwlHj6Ph1j7k0mi/ftcsDGc QK2n3y8DsxmBrv5+ag0TxCpxiebWmywQ3whILNlznhnCFpV4+fgfK4StI3H2+hNGCFtR4nnL SagzdSR6v39jhrDtJG62H2KHsLUlnry7ANbLKyAo8WPyPaj5khIHV9xgmcAoPQvJ6llIRs1C MmoWklGzkIxawMi6ilGktLg4N72i2EivODG3uDQvXS85P3cTIyTiq3cw3v1qc4hRgINRiYf3 QjxPlBBrYllxZe4hRgkOZiURXpcyoBBvSmJlVWpRfnxRaU5q8SFGaQ4WJXHejXtWRwoJpCeW pGanphakFsFkmTg4pRoYu9cs1F0a8XPmrJVu+lJ6E86++5Uzpd8zim/6Up2euK50+UMbnI+7 qF19yLT70i2WVze3FtW4nGT9fT+Q4X3xWQ/leA6/q0Jbm67y8Dw/P1VJ8kXD+tfCmrt+FwVY H1vY8eB39S8dK84KlpxLh4qfrfLXcNlzwnDd32VW/+wMD1eY/7JM8XlzVImlOCPRUIu5qDgR AGBXE630AgAA
X-CMS-MailID: 20171115174324uscas1p176251c23a74f982f8f99f0c992ce0ee1
X-Msg-Generator: CA
CMS-TYPE: 301P
X-CMS-RootMailID: 20171110224828epcas2p4b29c2e1e0a6e9eaecc89e4c6c178256c
X-RootMTR: 20171110224828epcas2p4b29c2e1e0a6e9eaecc89e4c6c178256c
References: <21176.1510325360@obiwan.sandelman.ca> <74B896C8-2C93-4AEB-9508-69E8CE5CB7CE@vigilsec.com> <8387.1510337691@obiwan.sandelman.ca> <CGME20171110224828epcas2p4b29c2e1e0a6e9eaecc89e4c6c178256c@epcas2p4.samsung.com> <6FFC42C7-5049-432B-B608-598D2596B3A2@vigilsec.com> <D62B6E19.11193%m.nakhjiri@ssi.samsung.com> <F91D5062-E690-47CC-AD3C-9FA15017B485@tzi.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/hqgwJJeNRTf_H3zXZtUJ0QfgGAY>
Subject: Re: [Suit] Quantum resistance in firmware formats
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Nov 2017 17:43:28 -0000

Hi Carsten=20

As I mentioned in my other email. Regarding, it is not just the
verification, it is also secure signing and HSM support.
Regarding verification, it won=B9t just happen on the occasional firmware
update. If you need to build the entire stack based on this update, then
it will need to happen every time you boot up.


Regards,
Madjid Nakhjiri,=20
Sr. Director, ARTIK Security Architect




On 11/11/17, 5:19 AM, "Carsten Bormann" <cabo@tzi.org> wrote:

>On Nov 11, 2017, at 06:55, Madjid Nakhjiri <m.nakhjiri@samsung.com> wrote:
>>=20
>> Hi Russ,=20
>>=20
>> Has been a long time. Are there SOCs out there with quantum resistant
>> signature algorithm support?
>
>All of them do support verifying Merkle-tree signatures (as long as they
>can run programs).
>
>draft-mcgrew-hash-sigs-07 is based on SHA-256, which you can either run
>in CPU code or may have hardware support for.  Since firmware upgrades
>don=B9t happen every second, the overhead for that should be negligible
>(and is dominated by computing the hash of the firmware itself, anyway).
>
>Gr=FC=DFe, Carsten
>
>


From nobody Wed Nov 15 13:57:08 2017
Return-Path: <director@openca.org>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4DCD4127B52 for <suit@ietfa.amsl.com>; Wed, 15 Nov 2017 13:57:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.889
X-Spam-Level: 
X-Spam-Status: No, score=-1.889 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_HK_NAME_DR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6xD65DwtvcuC for <suit@ietfa.amsl.com>; Wed, 15 Nov 2017 13:57:05 -0800 (PST)
Received: from mail.katezarealty.com (mail.katezarealty.com [104.168.158.213]) by ietfa.amsl.com (Postfix) with ESMTP id CB48D1250B8 for <suit@ietf.org>; Wed, 15 Nov 2017 13:57:04 -0800 (PST)
Received: from localhost (unknown [127.0.0.1]) by mail.katezarealty.com (Postfix) with ESMTP id 9EE6E3740FDE for <suit@ietf.org>; Wed, 15 Nov 2017 21:57:04 +0000 (UTC)
X-Virus-Scanned: amavisd-new at katezarealty.com
Received: from mail.katezarealty.com ([127.0.0.1]) by localhost (mail.katezarealty.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id QH4xH8FAu0ke for <suit@ietf.org>; Wed, 15 Nov 2017 16:57:03 -0500 (EST)
Received: from Maxs-MacBook-Pro.local (unknown [101.100.166.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.katezarealty.com (Postfix) with ESMTPSA id B4C353740C38 for <suit@ietf.org>; Wed, 15 Nov 2017 16:57:02 -0500 (EST)
To: suit@ietf.org
References: <E1eF1IJ-0004Rb-Ic@rmmprod07.runbox>
From: "Dr. Pala" <director@openca.org>
Organization: OpenCA Labs
Message-ID: <7de914f2-b82a-9ca3-5f3f-f158a10e4dc9@openca.org>
Date: Thu, 16 Nov 2017 05:57:00 +0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <E1eF1IJ-0004Rb-Ic@rmmprod07.runbox>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="------------ms090506090908090201020006"
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/9njIWgA3QdRsS49E5to6f-j1YHQ>
Subject: Re: [Suit] Make it clear that end-users MUST be able to NOT update
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Nov 2017 21:57:07 -0000

This is a cryptographically signed message in MIME format.

--------------ms090506090908090201020006
Content-Type: multipart/alternative;
 boundary="------------3C27B2A5740E25F033A96E0F"
Content-Language: en-US

This is a multi-part message in MIME format.
--------------3C27B2A5740E25F033A96E0F
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable

Hi David, all,

this is a really good point... but I think there might be some=20
considerations that could complicate this view. For example, what are=20
the considerations about the fact that if you decide not to upgrade=20
(BTW, the majority of people who owns IoT would probably not even know=20
what a firmware upgrade is...) and your device gets hacked and used to=20
participate in botnets or to attack other devices in your own home=20
network ? Even if the light bulb that was compromised does not have=20
access/collect sensitive information per se, other devices connected to=20
your network might. To make it all more scary, think about when you have =

some medical devices that are connected to your network (e.g., patient=20
monitoring, etc.) that might be targeted via smaller / not updated=20
devices...

IMHO, one of the biggest fears in IoTs is that this large number of=20
devices with (most of the time) IP capabilities can be really dangerous=20
because they can be used as botnet and gateways to deploy more=20
sophisticated attacks. If we do not mandate for automatic upgrades that=20
would (besides functional upgrades) fix security issues, the situation=20
might be quite eerie.

This said, I am a big fan of the user to be (rightfully so!) in control=20
of her own devices... so, what do we do ?

I do not really have an answer for this, but there might be the=20
possibility do distinguish between devices that have User Interfaces=20
(UIs) that the user can use to accept or deny updates and devices that=20
do not.

Another aspect to consider is usability. In particular, how annoyed=20
would you be if you had to accept/reject updates for all your=20
home-installed IoTs (20 light bulbs) or, even worst, for all your=20
work-installed IoTs (50k smart light bulbs) ?

If we take, for example, the situation today with OS updates/upgrades,=20
we see that the vast vast vast majority of installations do leverage the =

deployment of automatic updates nevertheless the possibility for the=20
user to opt-out.

Maybe a possible solution to this dichotomy would be to suggest using an =

update-by-default policies and for devices that might have a UI (or a=20
controller that can more easily interact with the user) to provide the=20
possibility to (a) follow the same policy by accepting automatic=20
updates, or (b) allow the user to confirm/reject every update, or (c)=20
allow the user to automatically reject (dangerous) any updates.

What do you think ?

Cheers,
Max


On 11/16/17 1:16 AM, David A. Wheeler wrote:
> I think a vitally-important requirement is that end-users MUST be able =
to NOT update software.
>
> In many cases, it's valuable to automatically update software, and
> internet-connected devices make that relatively easy.
>
> But there are many situations where updates must NOT occur.
> There's a disturbing trend where people who own the devices are
> increasingly not allowed to control them.  In the end, the end-user/own=
er
> should be able to decide if updates are acceptable, and when.
>
> Thanks.
>
> --- David A. Wheeler

--=20
Best Regards,
Massimiliano Pala, Ph.D.
OpenCA Labs Director
OpenCA Logo

--------------3C27B2A5740E25F033A96E0F
Content-Type: multipart/related;
 boundary="------------00E240C332A220B6B2EE736E"


--------------00E240C332A220B6B2EE736E
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable

<html>
  <head>
    <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dutf=
-8">
  </head>
  <body text=3D"#000000" bgcolor=3D"#FFFFFF">
    <p>Hi David, all,</p>
    <p>this is a really good point... but I think there might be some
      considerations that could complicate this view. For example, what
      are the considerations about the fact that if you decide not to
      upgrade (BTW, the majority of people who owns IoT would probably
      not even know what a firmware upgrade is...) and your device gets
      hacked and used to participate in botnets or to attack other
      devices in your own home network ? Even if the light bulb that was
      compromised does not have access/collect sensitive information per
      se, other devices connected to your network might. To make it all
      more scary, think about when you have some medical devices that
      are connected to your network (e.g., patient monitoring, etc.)
      that might be targeted via smaller / not updated devices...<br>
    </p>
    <p>IMHO, one of the biggest fears in IoTs is that this large number
      of devices with (most of the time) IP capabilities can be really
      dangerous because they can be used as botnet and gateways to
      deploy more sophisticated attacks. If we do not mandate for
      automatic upgrades that would (besides functional upgrades) fix
      security issues, the situation might be quite eerie.<br>
    </p>
    <p>This said, I am a big fan of the user to be (rightfully so!) in
      control of her own devices... so, what do we do ?</p>
    <p>I do not really have an answer for this, but there might be the
      possibility do distinguish between devices that have User
      Interfaces (UIs) that the user can use to accept or deny updates
      and devices that do not.</p>
    <p>Another aspect to consider is usability. In particular, how
      annoyed would you be if you had to accept/reject updates for all
      your home-installed IoTs (20 light bulbs) or, even worst, for all
      your work-installed IoTs (50k smart light bulbs) ?<br>
    </p>
    <p>If we take, for example, the situation today with OS
      updates/upgrades, we see that the vast vast vast majority of
      installations do leverage the deployment of automatic updates
      nevertheless the possibility for the user to opt-out.</p>
    <p>Maybe a possible solution to this dichotomy would be to suggest
      using an update-by-default policies and for devices that might
      have a UI (or a controller that can more easily interact with the
      user) to provide the possibility to (a) follow the same policy by
      accepting automatic updates, or (b) allow the user to
      confirm/reject every update, or (c) allow the user to
      automatically reject (dangerous) any updates.</p>
    <p>What do you think ?</p>
    <p>Cheers,<br>
      Max<br>
    </p>
    <br>
    <div class=3D"moz-cite-prefix">On 11/16/17 1:16 AM, David A. Wheeler
      wrote:<br>
    </div>
    <blockquote type=3D"cite"
      cite=3D"mid:E1eF1IJ-0004Rb-Ic@rmmprod07.runbox">
      <pre wrap=3D"">I think a vitally-important requirement is that end-=
users MUST be able to NOT update software.

In many cases, it's valuable to automatically update software, and
internet-connected devices make that relatively easy.

But there are many situations where updates must NOT occur.
There's a disturbing trend where people who own the devices are
increasingly not allowed to control them.  In the end, the end-user/owner=

should be able to decide if updates are acceptable, and when.

Thanks.

--- David A. Wheeler
</pre>
    </blockquote>
    <br>
    <div class=3D"moz-signature">-- <br>
      <div style=3D"color: black; margin-top: 10px;">
        Best Regards,
        <div style=3D"margin-top: 5px; margin-left: 0px; ">
          Massimiliano Pala, Ph.D.<br>
          OpenCA Labs Director<br>
        </div>
        <img src=3D"cid:part1.369FEB11.F3B64D2D@openca.org"
          style=3D"vertical-align: 0px; margin-top: 10px; margin-left:
          0px;" alt=3D"OpenCA Logo"><br>
      </div>
    </div>
  </body>
</html>

--------------00E240C332A220B6B2EE736E
Content-Type: image/png;
 name="njjfjnmliggaogck.png"
Content-Transfer-Encoding: base64
Content-ID: <part1.369FEB11.F3B64D2D@openca.org>
Content-Disposition: inline;
 filename="njjfjnmliggaogck.png"

iVBORw0KGgoAAAANSUhEUgAAAGQAAAA2CAMAAAAGesyaAAADAFBMVEUsJiEAAQAKAwMABwoX
BwESCQAqDgEkEQItFQESGykaGh0WGyE1FwE9GwJHHwElJiY4JBQmKDE1KCAfLUQ8KygoMEAq
MjpXKgs/MilMMR0pOFEyOUo4OTo1OkRqMgpjOBlpNxUwQV1DPz48QExdOyM4QVV+OQRRQzo1
SGdDR0lDSFJfRDFASVyaPwF+RRpNT1I9UXlwSi8+UnNDUm6hQgCPRhBdUEZTUlBKVGlPVF27
PgCaSANtUT57VBerSQOMUgxHW4KMUiepTwmJVDh6WT6KVjGCWDpRYH21TwFiYF57YgJXYXae
VR+lVRZrYld1ZiB7YEuSYQBgZW+8VAlkZWjBVQCfXiqqXwG1WhPLVgedYDazXiDZVgCWZEDV
WQJ1blapYjbXWgDRXACMaU6WbgCiZjnIXw9mcIixZC6pZjJ/cUeLbFdycmZ4cGnnWwNwc3Wq
aS6BcGeobwndXwzkXwLgYgDaYwyMeCq/bQHJaBi9ajDMagWVegvRZxzVaAvXaQDLainqZAuv
cEPrZQDQaSyockrFbSvmZwnabQLvZwDpaQB0fpPkaxGld1d+f3/3aACfeV6RfG2JfnLebSF7
gYy2fQmugQCigxW8d0K3eEr1bQXaciTicRqKgnzNewHuchbUdzKYiDzrdwKah1erjAvOfEXl
eSq5g1qYjGikiHO2kADigwC2hmSZjIGGj6aHkJzQiwCximixim/EkAORkZGVkYrOh0rPiVL5
giTvhDKkk4LMjF23mR+zmTrhikrviDzsi0TAlHDCnwvKlGqpnJLdlF2boKy+m324nImkoZ+e
o6XKpgrloATwl1WypZPOn3zfqQjYrgLBrVDdo3nGq5mysa/SrI7dq4bqqXTOrpWttL+6s6uw
tbe/t4rhvALetpjQuqnuwwe9v8LAv7vauqD3xA68w9XBw83rvJfRwbXFyMvbxbPNyMP8zgTc
zMDr0mb91xLM1ODQ1NfS1c7p0sD70bPd19PX4qj83cje4+Xr4tv54NLp7/Hy9PHw9fj6/v3Y
ktvJAAAAAXRSTlMAQObYZgAAAAFiS0dEAIgFHUgAAAjrSURBVFjDtVcNWFPXGT6E+l9BZ0EF
sTKEIQaUAIrTZdYqxqG0I3UjIuiDM0ipoyO5l0rFh2PE472EoIJKL9hQV2OxqM+USgFL4r9g
EaIoQxgqKBZBR+nGGhXYdwNro0Kfkcp3ntzce/7e8/2e70PoJVDl3bMlZyurUSsaKnqESrMp
lYrByozCjUOEUZORodMRVsViTjJc8GbLUGCUUstLv1SyLCGch8DGRiDPe/kY5/2HCQQTxZEE
y4fb2gDI8KjjLxsjfyyc3lZgM3KixwgeY4TEzk7+kjHODbeb6u0xAhiw8XgFMOxolpP6J75U
jLZfp6dzHIcBYCQbIBB4sCxDOLK6eMAVT39it57+e09ysCnDUtnrJ0vS5ZMW0PBFWDbd40G/
85sH2KeXvj94u/flX8/2J6kYQkhkHbzWbkdH0N0UDN8sURS8uMd9dMzPL7BxIIjOayuWLBIf
70RPUPjxLouBEgVhMaYuWXQlMjwsN+eFTR4cDZ4werRDYOoAIFkrptm/Ni0gthOt9Q4yWQxc
AwyWTbacW0sTDGoJen4P002/2S7LjgV6BpY1N6OO5g5eeiZTY/P9b1FzRwfKWuk9p/72ct+N
puKpq32qLVaexOCCJB91aezt5y6zt7fXILSdJZjlVr1w0mCR66x6FL3QOXiUQ2a0k/sFlDlq
1LzUMQ4uxxycjl0LWO1bBsY6yXR3wSTJGxqLhdsJHDsS9cwF47XlvcQGQiXhRbih/HkQv4XO
cajZb6GDu7PTFEdPkVu0k4vQyd3Jc/SUwNnB+RJ/XsI9ptZDIxMly3dbLNwGnGBJF+Id3cZM
9ui8Gjq5P/TDiRCegbOFgSKRo5e7yNHV2dnPdVb0bHfHQCevNIV/rxqrX48oFQdYcpKMtYRb
juxtfqRypNACK28+j3FsqcilAD0ADuIWCt0yRa7zRNEOY2YELhW5CV2dXVKixH8BC+s8GDN9
wWKxf94zpsRiJuWmBYjgndsKFmu5Bc+D3HQXCcu7QTFTMl3HF0SLxruLvGa4zUqdMGFWqqfX
3GSxN0y6NT154i+v75zvH2thXiWgY2YVElhwYl9NYxarlr0grlQn92DQt1vBUk+nUFeHGZme
gUIvl1RXr1AnV/fx6zd4v3HptM/YaXbrzmYFePu2WpowYRlJo+2PGLb2d9WE5bw1L4DcnOco
9HIcH3o02HOecMqMJhQqdLPXpArHl2uEo+Na8qZPXxw0+bVx46bFzhw3eZylM2dgwkbWW3Iy
Jp9lMDe9H2/raiqPCy5/fHSCu+M7mkffoQuzQhvRhWVlj1FcWTfq6dwdElJmarxedr/u3P6C
Nn7Fk95ol8wRjIMsOLGJSwLm/OMGjlFHJ7hqelDuxdMlpbU16JvqlJTamivoBjrfUgNB69zf
b6Fr1TWPKmtOw9xCdLayEFWvBlaSfmEBsk6LSdTMNnQaldTe7Qfj20yveddR2toVEevCi9/f
fmntR7ErtvompmyICM9qyYpZsG3FhqwNYRH5KUtyW7eGRRxfH1OHDv0ZXH6ihbSyVYzSY3Fu
BkVR9LaS2wPxUxyTFpu2eGverr+dezvi0ttpOy/tTKlL2ZkWs6p4VV1Kyq60nevS8iLyi1tW
hfNWzMfhYT+ArAQ+5odRBENjlRW5F/vH6O7u7urpXtvR/bQbmX/dPd3w7Ok+2Ij4ry5o0N/d
Y1p7qA21FodhFRc1ctjIsXZ2Y18VcwCixNgcWlgVbUiue3b3J33te7497vv/oT1Bj5/7br1R
grYlfrReSqmwPDyK0GqOUHKWj/RwP0J0ZlmsK3o2HP+7Qt9HBr3BYH5aNL3FG/+ul8sjKcxH
dRJFGJkhfKxgmM2rUoaSg5h4GAwXJsF00dRGq+/21k2EF7o50oNswrNfsYUQKRBIZWIFh3lu
aLNe1F++bjXGyWyzZiGoYFYLx5Ys4v0R3GWRdBHNErBiSiqVRhHMyeaYrMQ4SENWCvEcfhCm
GIzpqKlm27KTSWUcAX1goBw5oATctDb33aLTYV5SWoaXP5+gyqlFdnZ23nB+plcnREv0RWJC
BVkrrBJ1BewMmlVpgRUQF7wpItMJTcsJ34GBRVaFdQZaqoqxFmSb3qDQgu1A2GI4YAnODkQY
IOhklDKzo2C1IV2sijzdhjorqwefNdL6ihxzegU7SynexHgBMXy+xWFG8qvdf91D8WpRi41q
KFl02YaswYNkULTeLC9CFFK4bDHDMmZbhnuXSOdAsnN1LxgfVu7ZvG8LpSJUlO/gnaWQFwYv
JpZeKdUaSC8ApuhIShYQYp5yWQ0oPgVXPtkcHz/fx5rqqzosHSSlBYHIxKSolJcUsIIpnzkh
mt4b7Z/tOzBRQWaA6uNCNdet0nxLkL8CgzeQKIlCXaHjXR9MlqQn9Y1fNd5RE0zF/ryKwVR/
JMnsI3S8Umcw6NRYxRuUKqk3lfnKeGcTySAx5hy+7WfgZOv4uLLl0w8wUah71QLBpJeXq/eM
VVivV8jz6lB2ofWF6i1dEYRZfMJ4piE+ZweNeb7A2VVyKEx6vjt1z/ghMehVKiUpyt1VYBXC
N6j0Q4Mazp7TvvndhIaGhqqvP1bwFk0YRYR5RoLR+PkWmlIpV/oEDQ6jB9Wc3Z6bm6zLTtLl
gLC4LVWXz5Q1ffbV5oZ24wmsV/NeKTlirmg+u/q7w7/38PDdeKF8UBgXs2kV4WUC0YR/KOLv
Pby3L5O30yvG9vY/6vX8JSbb2je96coXX5QPznqfokKKEPWBAwd20ApaTWsP7LnTfsd42at3
+B+H7+zRUfwZZMutN6baHCX5+Ou9Zy4f3nuiKr7KaHxoNDbsSwhp6htvfyg3Zw901G+ttVlT
Ja34/E+fvrXmvY3713xy6tSZfadOJby7X1P/vwn/MeaYr0mF7IMEq690Gu95KwQq5L5K+f59
qGUtaZMSciHMKjdVbY6zFqRC/pv3LgxY5tcW0pjIpGGJ7+89kxBnbXZSmjuz7CeyihyG8fbd
XXYdrWlqQg+sZWTdzPqBB68VEdnkzDY0lHSjSD9/GRpaMt3OWqLpQENOTf/PpP8CK9ZVVe2a
8XoAAAAASUVORK5CYII=
--------------00E240C332A220B6B2EE736E--

--------------3C27B2A5740E25F033A96E0F--

--------------ms090506090908090201020006
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCC
CfUwggSvMIIDl6ADAgECAhEA4CPLFRKDU4mtYW56VGdrITANBgkqhkiG9w0BAQsFADBvMQsw
CQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4
dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290
MB4XDTE0MTIyMjAwMDAwMFoXDTIwMDUzMDEwNDgzOFowgZsxCzAJBgNVBAYTAkdCMRswGQYD
VQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNP
TU9ETyBDQSBMaW1pdGVkMUEwPwYDVQQDEzhDT01PRE8gU0hBLTI1NiBDbGllbnQgQXV0aGVu
dGljYXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAImxDdp6UxlOcFIdvFamBia3uEngludRq/HwWhNJFaO0jBtgvHpRQqd5jKQi3xdh
TpHVdiMKFNNKAn+2HQmAbqUEPdm6uxb+oYepLkNSQxZ8rzJQyKZPWukI2M+TJZx7iOgwZOak
+FaA/SokFDMXmaxE5WmLo0YGS8Iz1OlAnwawsayTQLm1CJM6nCpToxDbPSBhPFUDjtlOdiUC
ISn6o3xxdk/u4V+B6ftUgNvDezVSt4TeIj0sMC0xf1m9UjewM2ktQ+v61qXxl3dnUYzZ7ifr
vKUHOHaMpKk4/9+M9QOsSb7K93OZOg8yq5yVOhM9DkY6V3RhUL7GQD/L5OKfoiECAwEAAaOC
ARcwggETMB8GA1UdIwQYMBaAFK29mHo0tCb3+sQmVO8DveAky1QaMB0GA1UdDgQWBBSSYWuC
4aKgqk/sZ/HCo/e0gADB7DAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADAd
BgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwEQYDVR0gBAowCDAGBgRVHSAAMEQGA1Ud
HwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4dGVybmFs
Q0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVz
ZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQELBQADggEBABsqbqxVwTqriMXY7c1V86prYSvACRAj
mQ/FZmpvsfW0tXdeDwJhAN99Bf4Ss6SAgAD8+x1banICCkG8BbrBWNUmwurVTYT7/oKYz1gb
4yJjnFL4uwU2q31Ypd6rO2Pl2tVz7+zg+3vio//wQiOcyraNTT7kSxgDsqgt1Ni7QkuQaYUQ
26Y3NOh74AEQpZzKOsefT4g0bopl0BqKu6ncyso20fT8wmQpNa/WsadxEdIDQ7GPPprsnjJT
9HaSyoY0B7ksyuYcStiZDcGG4pCS+1pCaiMhEOllx/XVu37qjIUgAmLq0ToHLFnFmTPyOInl
tukWeh95FPZKEBom+nyK+5swggU+MIIEJqADAgECAhEA/bu0LJsAKXVhEpPllE0lYzANBgkq
hkiG9w0BAQsFADCBmzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3Rl
cjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxQTA/BgNV
BAMTOENPTU9ETyBTSEEtMjU2IENsaWVudCBBdXRoZW50aWNhdGlvbiBhbmQgU2VjdXJlIEVt
YWlsIENBMB4XDTE2MTEzMDAwMDAwMFoXDTE3MTEzMDIzNTk1OVowJDEiMCAGCSqGSIb3DQEJ
ARYTZGlyZWN0b3JAb3BlbmNhLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AKnGg/GUuTjn0dKCEpRhVd+uiYbCjLQht+dbkvyRLm4aqlL7yHCe+21HQLIcU68ZCHT2ImpF
CFFrxQMQh4KijAwkbLc8+xZZSwXeZt58qnPn5c4vcpYU5LFq1q9oDT8MXH33DhVUT/7/IDSi
wRWM6FcgM6VrIjBmmvl9dW3gQaEd1bOAhO2X489fChRQYTaB6AEhqb8RSvWW7ZYzfNw8sPxV
afMCzWBPpO5RmLqOciZBhAinAM9dXmP5ckg/HjJQYSjvTc7HDcg75mpr5wH8Tk/ChyIYk4CT
zqONQV8HKCzZPTVmd2ZuMrliJwMFs3uEg0aBSzHjJTyAmZ89q5Mz3XsCAwEAAaOCAfEwggHt
MB8GA1UdIwQYMBaAFJJha4LhoqCqT+xn8cKj97SAAMHsMB0GA1UdDgQWBBTGgh9JWBvcrak1
PhAWBLGrECNAjzAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAgBgNVHSUEGTAXBggr
BgEFBQcDBAYLKwYBBAGyMQEDBQIwEQYJYIZIAYb4QgEBBAQDAgUgMEYGA1UdIAQ/MD0wOwYM
KwYBBAGyMQECAQEBMCswKQYIKwYBBQUHAgEWHWh0dHBzOi8vc2VjdXJlLmNvbW9kby5uZXQv
Q1BTMF0GA1UdHwRWMFQwUqBQoE6GTGh0dHA6Ly9jcmwuY29tb2RvY2EuY29tL0NPTU9ET1NI
QTI1NkNsaWVudEF1dGhlbnRpY2F0aW9uYW5kU2VjdXJlRW1haWxDQS5jcmwwgZAGCCsGAQUF
BwEBBIGDMIGAMFgGCCsGAQUFBzAChkxodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9T
SEEyNTZDbGllbnRBdXRoZW50aWNhdGlvbmFuZFNlY3VyZUVtYWlsQ0EuY3J0MCQGCCsGAQUF
BzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wHgYDVR0RBBcwFYETZGlyZWN0b3JAb3Bl
bmNhLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEAdIqtPcvA+g6VTYUpEo0I9Vtnrf9PiZ3OpkRL
O7U78EaeUfvOotThqj74XyrIl6eYlg+EdGIIUVB1CI05wPMRlZN3/R/Tj28vWkwckLRIbpL4
A5ZQyKgA9vK15/EEBVFIpCtAI6xJX0zx6TySlIgjcca05L0JgO7nzLGD2MY/dVWEE+QBuNI+
NBci+c+9q6YDPoXOpo0Wwbe0Bq95jNNWmZwhGzc+N5rhOGZmQT4P7TnpzvMik8ugbkqWyyHa
DQbLKYzM1RKS/mwcvFqjJCQgORnaCilSbfClwdWGI7vwcTR8eAzduvwG61u46Cgb57K5sMck
RicpWRvEYxCCVTwnozGCBEQwggRAAgEBMIGxMIGbMQswCQYDVQQGEwJHQjEbMBkGA1UECBMS
R3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8g
Q0EgTGltaXRlZDFBMD8GA1UEAxM4Q09NT0RPIFNIQS0yNTYgQ2xpZW50IEF1dGhlbnRpY2F0
aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0ECEQD9u7QsmwApdWESk+WUTSVjMA0GCWCGSAFlAwQC
AQUAoIICYzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xNzEx
MTUyMTU3MDBaMC8GCSqGSIb3DQEJBDEiBCDU9Y0MfYvRit+67hGAxhHzb3TioVO83yVxziie
ex3jzDBsBgkqhkiG9w0BCQ8xXzBdMAsGCWCGSAFlAwQBKjALBglghkgBZQMEAQIwCgYIKoZI
hvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3
DQMCAgEoMIHCBgkrBgEEAYI3EAQxgbQwgbEwgZsxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJH
cmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBD
QSBMaW1pdGVkMUEwPwYDVQQDEzhDT01PRE8gU0hBLTI1NiBDbGllbnQgQXV0aGVudGljYXRp
b24gYW5kIFNlY3VyZSBFbWFpbCBDQQIRAP27tCybACl1YRKT5ZRNJWMwgcQGCyqGSIb3DQEJ
EAILMYG0oIGxMIGbMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVy
MRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDFBMD8GA1UE
AxM4Q09NT0RPIFNIQS0yNTYgQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1h
aWwgQ0ECEQD9u7QsmwApdWESk+WUTSVjMA0GCSqGSIb3DQEBAQUABIIBAAPPG4S28oYhwTSR
VIYsLqD2qxVSVz0yKAAuforEyu8jkhTmTO5o7fktlkUvQ6ddBhTqx+eG2eydSvF4+eEQIpLK
rEFw1ua+hnWpsbPEOD00NTaZs+Yd9ZF/jZOr1zJSBh7oHlfttwxNMfRUaRq2faUhxhxgPYcW
NIhL1W4dU1KIkzFrCZRl88C1w5gvP3onoETwhZqHHWf4J+Dqja1+W95KANvhW1HW4gDIr+zj
TdrqkQvwhozLPxq53lEchZP/pGZpQnAEC/A83If3gqTqvLqHlCjHRomvCecV3V+r6eFmnK4A
xNdbwqvRdjCIvDP9Nij5BcPVbVjq53Fg5ZxFpx8AAAAAAAA=
--------------ms090506090908090201020006--


From nobody Wed Nov 15 14:02:24 2017
Return-Path: <director@openca.org>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B8382126C0F for <suit@ietfa.amsl.com>; Wed, 15 Nov 2017 14:02:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.797
X-Spam-Level: 
X-Spam-Status: No, score=-0.797 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_IMAGE_ONLY_16=1.092, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_HK_NAME_DR=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UPt7G-5ZEKCh for <suit@ietfa.amsl.com>; Wed, 15 Nov 2017 14:02:21 -0800 (PST)
Received: from mail.katezarealty.com (mail.katezarealty.com [104.168.158.213]) by ietfa.amsl.com (Postfix) with ESMTP id 95DDC1201F8 for <suit@ietf.org>; Wed, 15 Nov 2017 14:02:21 -0800 (PST)
Received: from localhost (unknown [127.0.0.1]) by mail.katezarealty.com (Postfix) with ESMTP id 7460D3741029 for <suit@ietf.org>; Wed, 15 Nov 2017 22:02:21 +0000 (UTC)
X-Virus-Scanned: amavisd-new at katezarealty.com
Received: from mail.katezarealty.com ([127.0.0.1]) by localhost (mail.katezarealty.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id gQcTD6K1weqj for <suit@ietf.org>; Wed, 15 Nov 2017 17:02:20 -0500 (EST)
Received: from Maxs-MacBook-Pro.local (unknown [101.100.166.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.katezarealty.com (Postfix) with ESMTPSA id E2EBD3740C38 for <suit@ietf.org>; Wed, 15 Nov 2017 17:02:19 -0500 (EST)
To: suit@ietf.org
References: <21176.1510325360@obiwan.sandelman.ca> <74B896C8-2C93-4AEB-9508-69E8CE5CB7CE@vigilsec.com> <8387.1510337691@obiwan.sandelman.ca> <CGME20171110224828epcas2p4b29c2e1e0a6e9eaecc89e4c6c178256c@epcas2p4.samsung.com> <6FFC42C7-5049-432B-B608-598D2596B3A2@vigilsec.com> <D62B6E19.11193%m.nakhjiri@ssi.samsung.com> <F91D5062-E690-47CC-AD3C-9FA15017B485@tzi.org> <D631BC41.11484%m.nakhjiri@ssi.samsung.com>
From: "Dr. Pala" <director@openca.org>
Organization: OpenCA Labs
Message-ID: <3b157673-23d9-d804-86c4-c6b51a56b040@openca.org>
Date: Thu, 16 Nov 2017 06:02:17 +0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <D631BC41.11484%m.nakhjiri@ssi.samsung.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="------------ms060007060205000904090508"
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/iP-fM1-TYI2THSCwwZtE6optjIM>
Subject: Re: [Suit] Quantum resistance in firmware formats
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Nov 2017 22:02:23 -0000

This is a cryptographically signed message in MIME format.

--------------ms060007060205000904090508
Content-Type: multipart/alternative;
 boundary="------------EB2190E37B5DED9FFEFC4342"
Content-Language: en-US

This is a multi-part message in MIME format.
--------------EB2190E37B5DED9FFEFC4342
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable

Hi Madjid,


On 11/16/17 1:43 AM, Madjid Nakhjiri wrote:
> [...]
> Regarding verification, it won=C2=B9t just happen on the occasional fir=
mware
> update. If you need to build the entire stack based on this update, the=
n
> it will need to happen every time you boot up.
Not necessarily. In particular, after the firmware is verified for=20
installation, the device could use simpler mechanisms (e.g., HMAC w/ a=20
device-specific secret - hopefully HW protected like we have in many=20
chips today) to quickly validate that the image has not changed across=20
boots (that is actually all is needed after the initial validation has=20
occurred during "installation").

Cheers,
Max


--=20
Best Regards,
Massimiliano Pala, Ph.D.
OpenCA Labs Director
OpenCA Logo

--------------EB2190E37B5DED9FFEFC4342
Content-Type: multipart/related;
 boundary="------------C62566F140B7A167F62CEE93"


--------------C62566F140B7A167F62CEE93
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable

<html>
  <head>
    <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dutf=
-8">
  </head>
  <body text=3D"#000000" bgcolor=3D"#FFFFFF">
    <p>Hi Madjid,</p>
    <br>
    <div class=3D"moz-cite-prefix">On 11/16/17 1:43 AM, Madjid Nakhjiri
      wrote:<br>
    </div>
    <blockquote type=3D"cite"
      cite=3D"mid:D631BC41.11484%25m.nakhjiri@ssi.samsung.com">
      <pre wrap=3D"">[...]
Regarding verification, it won=C2=B9t just happen on the occasional firmw=
are
update. If you need to build the entire stack based on this update, then
it will need to happen every time you boot up.
</pre>
    </blockquote>
    Not necessarily. In particular, after the firmware is verified for
    installation, the device could use simpler mechanisms (e.g., HMAC w/
    a device-specific secret - hopefully HW protected like we have in
    many chips today) to quickly validate that the image has not changed
    across boots (that is actually all is needed after the initial
    validation has occurred during "installation").<br>
    <br>
    Cheers,<br>
    Max<br>
    <br>
    <br>
    <div class=3D"moz-signature">-- <br>
      <div style=3D"color: black; margin-top: 10px;">
        Best Regards,
        <div style=3D"margin-top: 5px; margin-left: 0px; ">
          Massimiliano Pala, Ph.D.<br>
          OpenCA Labs Director<br>
        </div>
        <img src=3D"cid:part1.476BE839.70F8A9F4@openca.org"
          style=3D"vertical-align: 0px; margin-top: 10px; margin-left:
          0px;" alt=3D"OpenCA Logo"><br>
      </div>
    </div>
  </body>
</html>

--------------C62566F140B7A167F62CEE93
Content-Type: image/png;
 name="jjjcejldnhimfche.png"
Content-Transfer-Encoding: base64
Content-ID: <part1.476BE839.70F8A9F4@openca.org>
Content-Disposition: inline;
 filename="jjjcejldnhimfche.png"

iVBORw0KGgoAAAANSUhEUgAAAGQAAAA2CAMAAAAGesyaAAADAFBMVEUsJiEAAQAKAwMABwoX
BwESCQAqDgEkEQItFQESGykaGh0WGyE1FwE9GwJHHwElJiY4JBQmKDE1KCAfLUQ8KygoMEAq
MjpXKgs/MilMMR0pOFEyOUo4OTo1OkRqMgpjOBlpNxUwQV1DPz48QExdOyM4QVV+OQRRQzo1
SGdDR0lDSFJfRDFASVyaPwF+RRpNT1I9UXlwSi8+UnNDUm6hQgCPRhBdUEZTUlBKVGlPVF27
PgCaSANtUT57VBerSQOMUgxHW4KMUiepTwmJVDh6WT6KVjGCWDpRYH21TwFiYF57YgJXYXae
VR+lVRZrYld1ZiB7YEuSYQBgZW+8VAlkZWjBVQCfXiqqXwG1WhPLVgedYDazXiDZVgCWZEDV
WQJ1blapYjbXWgDRXACMaU6WbgCiZjnIXw9mcIixZC6pZjJ/cUeLbFdycmZ4cGnnWwNwc3Wq
aS6BcGeobwndXwzkXwLgYgDaYwyMeCq/bQHJaBi9ajDMagWVegvRZxzVaAvXaQDLainqZAuv
cEPrZQDQaSyockrFbSvmZwnabQLvZwDpaQB0fpPkaxGld1d+f3/3aACfeV6RfG2JfnLebSF7
gYy2fQmugQCigxW8d0K3eEr1bQXaciTicRqKgnzNewHuchbUdzKYiDzrdwKah1erjAvOfEXl
eSq5g1qYjGikiHO2kADigwC2hmSZjIGGj6aHkJzQiwCximixim/EkAORkZGVkYrOh0rPiVL5
giTvhDKkk4LMjF23mR+zmTrhikrviDzsi0TAlHDCnwvKlGqpnJLdlF2boKy+m324nImkoZ+e
o6XKpgrloATwl1WypZPOn3zfqQjYrgLBrVDdo3nGq5mysa/SrI7dq4bqqXTOrpWttL+6s6uw
tbe/t4rhvALetpjQuqnuwwe9v8LAv7vauqD3xA68w9XBw83rvJfRwbXFyMvbxbPNyMP8zgTc
zMDr0mb91xLM1ODQ1NfS1c7p0sD70bPd19PX4qj83cje4+Xr4tv54NLp7/Hy9PHw9fj6/v3Y
ktvJAAAAAXRSTlMAQObYZgAAAAFiS0dEAIgFHUgAAAjrSURBVFjDtVcNWFPXGT6E+l9BZ0EF
sTKEIQaUAIrTZdYqxqG0I3UjIuiDM0ipoyO5l0rFh2PE472EoIJKL9hQV2OxqM+USgFL4r9g
EaIoQxgqKBZBR+nGGhXYdwNro0Kfkcp3ntzce/7e8/2e70PoJVDl3bMlZyurUSsaKnqESrMp
lYrByozCjUOEUZORodMRVsViTjJc8GbLUGCUUstLv1SyLCGch8DGRiDPe/kY5/2HCQQTxZEE
y4fb2gDI8KjjLxsjfyyc3lZgM3KixwgeY4TEzk7+kjHODbeb6u0xAhiw8XgFMOxolpP6J75U
jLZfp6dzHIcBYCQbIBB4sCxDOLK6eMAVT39it57+e09ysCnDUtnrJ0vS5ZMW0PBFWDbd40G/
85sH2KeXvj94u/flX8/2J6kYQkhkHbzWbkdH0N0UDN8sURS8uMd9dMzPL7BxIIjOayuWLBIf
70RPUPjxLouBEgVhMaYuWXQlMjwsN+eFTR4cDZ4werRDYOoAIFkrptm/Ni0gthOt9Q4yWQxc
AwyWTbacW0sTDGoJen4P002/2S7LjgV6BpY1N6OO5g5eeiZTY/P9b1FzRwfKWuk9p/72ct+N
puKpq32qLVaexOCCJB91aezt5y6zt7fXILSdJZjlVr1w0mCR66x6FL3QOXiUQ2a0k/sFlDlq
1LzUMQ4uxxycjl0LWO1bBsY6yXR3wSTJGxqLhdsJHDsS9cwF47XlvcQGQiXhRbih/HkQv4XO
cajZb6GDu7PTFEdPkVu0k4vQyd3Jc/SUwNnB+RJ/XsI9ptZDIxMly3dbLNwGnGBJF+Id3cZM
9ui8Gjq5P/TDiRCegbOFgSKRo5e7yNHV2dnPdVb0bHfHQCevNIV/rxqrX48oFQdYcpKMtYRb
juxtfqRypNACK28+j3FsqcilAD0ADuIWCt0yRa7zRNEOY2YELhW5CV2dXVKixH8BC+s8GDN9
wWKxf94zpsRiJuWmBYjgndsKFmu5Bc+D3HQXCcu7QTFTMl3HF0SLxruLvGa4zUqdMGFWqqfX
3GSxN0y6NT154i+v75zvH2thXiWgY2YVElhwYl9NYxarlr0grlQn92DQt1vBUk+nUFeHGZme
gUIvl1RXr1AnV/fx6zd4v3HptM/YaXbrzmYFePu2WpowYRlJo+2PGLb2d9WE5bw1L4DcnOco
9HIcH3o02HOecMqMJhQqdLPXpArHl2uEo+Na8qZPXxw0+bVx46bFzhw3eZylM2dgwkbWW3Iy
Jp9lMDe9H2/raiqPCy5/fHSCu+M7mkffoQuzQhvRhWVlj1FcWTfq6dwdElJmarxedr/u3P6C
Nn7Fk95ol8wRjIMsOLGJSwLm/OMGjlFHJ7hqelDuxdMlpbU16JvqlJTamivoBjrfUgNB69zf
b6Fr1TWPKmtOw9xCdLayEFWvBlaSfmEBsk6LSdTMNnQaldTe7Qfj20yveddR2toVEevCi9/f
fmntR7ErtvompmyICM9qyYpZsG3FhqwNYRH5KUtyW7eGRRxfH1OHDv0ZXH6ihbSyVYzSY3Fu
BkVR9LaS2wPxUxyTFpu2eGverr+dezvi0ttpOy/tTKlL2ZkWs6p4VV1Kyq60nevS8iLyi1tW
hfNWzMfhYT+ArAQ+5odRBENjlRW5F/vH6O7u7urpXtvR/bQbmX/dPd3w7Ok+2Ij4ry5o0N/d
Y1p7qA21FodhFRc1ctjIsXZ2Y18VcwCixNgcWlgVbUiue3b3J33te7497vv/oT1Bj5/7br1R
grYlfrReSqmwPDyK0GqOUHKWj/RwP0J0ZlmsK3o2HP+7Qt9HBr3BYH5aNL3FG/+ul8sjKcxH
dRJFGJkhfKxgmM2rUoaSg5h4GAwXJsF00dRGq+/21k2EF7o50oNswrNfsYUQKRBIZWIFh3lu
aLNe1F++bjXGyWyzZiGoYFYLx5Ys4v0R3GWRdBHNErBiSiqVRhHMyeaYrMQ4SENWCvEcfhCm
GIzpqKlm27KTSWUcAX1goBw5oATctDb33aLTYV5SWoaXP5+gyqlFdnZ23nB+plcnREv0RWJC
BVkrrBJ1BewMmlVpgRUQF7wpItMJTcsJ34GBRVaFdQZaqoqxFmSb3qDQgu1A2GI4YAnODkQY
IOhklDKzo2C1IV2sijzdhjorqwefNdL6ihxzegU7SynexHgBMXy+xWFG8qvdf91D8WpRi41q
KFl02YaswYNkULTeLC9CFFK4bDHDMmZbhnuXSOdAsnN1LxgfVu7ZvG8LpSJUlO/gnaWQFwYv
JpZeKdUaSC8ApuhIShYQYp5yWQ0oPgVXPtkcHz/fx5rqqzosHSSlBYHIxKSolJcUsIIpnzkh
mt4b7Z/tOzBRQWaA6uNCNdet0nxLkL8CgzeQKIlCXaHjXR9MlqQn9Y1fNd5RE0zF/ryKwVR/
JMnsI3S8Umcw6NRYxRuUKqk3lfnKeGcTySAx5hy+7WfgZOv4uLLl0w8wUah71QLBpJeXq/eM
VVivV8jz6lB2ofWF6i1dEYRZfMJ4piE+ZweNeb7A2VVyKEx6vjt1z/ghMehVKiUpyt1VYBXC
N6j0Q4Mazp7TvvndhIaGhqqvP1bwFk0YRYR5RoLR+PkWmlIpV/oEDQ6jB9Wc3Z6bm6zLTtLl
gLC4LVWXz5Q1ffbV5oZ24wmsV/NeKTlirmg+u/q7w7/38PDdeKF8UBgXs2kV4WUC0YR/KOLv
Pby3L5O30yvG9vY/6vX8JSbb2je96coXX5QPznqfokKKEPWBAwd20ApaTWsP7LnTfsd42at3
+B+H7+zRUfwZZMutN6baHCX5+Ou9Zy4f3nuiKr7KaHxoNDbsSwhp6htvfyg3Zw901G+ttVlT
Ja34/E+fvrXmvY3713xy6tSZfadOJby7X1P/vwn/MeaYr0mF7IMEq690Gu95KwQq5L5K+f59
qGUtaZMSciHMKjdVbY6zFqRC/pv3LgxY5tcW0pjIpGGJ7+89kxBnbXZSmjuz7CeyihyG8fbd
XXYdrWlqQg+sZWTdzPqBB68VEdnkzDY0lHSjSD9/GRpaMt3OWqLpQENOTf/PpP8CK9ZVVe2a
8XoAAAAASUVORK5CYII=
--------------C62566F140B7A167F62CEE93--

--------------EB2190E37B5DED9FFEFC4342--

--------------ms060007060205000904090508
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCC
CfUwggSvMIIDl6ADAgECAhEA4CPLFRKDU4mtYW56VGdrITANBgkqhkiG9w0BAQsFADBvMQsw
CQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4
dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290
MB4XDTE0MTIyMjAwMDAwMFoXDTIwMDUzMDEwNDgzOFowgZsxCzAJBgNVBAYTAkdCMRswGQYD
VQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNP
TU9ETyBDQSBMaW1pdGVkMUEwPwYDVQQDEzhDT01PRE8gU0hBLTI1NiBDbGllbnQgQXV0aGVu
dGljYXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAImxDdp6UxlOcFIdvFamBia3uEngludRq/HwWhNJFaO0jBtgvHpRQqd5jKQi3xdh
TpHVdiMKFNNKAn+2HQmAbqUEPdm6uxb+oYepLkNSQxZ8rzJQyKZPWukI2M+TJZx7iOgwZOak
+FaA/SokFDMXmaxE5WmLo0YGS8Iz1OlAnwawsayTQLm1CJM6nCpToxDbPSBhPFUDjtlOdiUC
ISn6o3xxdk/u4V+B6ftUgNvDezVSt4TeIj0sMC0xf1m9UjewM2ktQ+v61qXxl3dnUYzZ7ifr
vKUHOHaMpKk4/9+M9QOsSb7K93OZOg8yq5yVOhM9DkY6V3RhUL7GQD/L5OKfoiECAwEAAaOC
ARcwggETMB8GA1UdIwQYMBaAFK29mHo0tCb3+sQmVO8DveAky1QaMB0GA1UdDgQWBBSSYWuC
4aKgqk/sZ/HCo/e0gADB7DAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADAd
BgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwEQYDVR0gBAowCDAGBgRVHSAAMEQGA1Ud
HwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4dGVybmFs
Q0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVz
ZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQELBQADggEBABsqbqxVwTqriMXY7c1V86prYSvACRAj
mQ/FZmpvsfW0tXdeDwJhAN99Bf4Ss6SAgAD8+x1banICCkG8BbrBWNUmwurVTYT7/oKYz1gb
4yJjnFL4uwU2q31Ypd6rO2Pl2tVz7+zg+3vio//wQiOcyraNTT7kSxgDsqgt1Ni7QkuQaYUQ
26Y3NOh74AEQpZzKOsefT4g0bopl0BqKu6ncyso20fT8wmQpNa/WsadxEdIDQ7GPPprsnjJT
9HaSyoY0B7ksyuYcStiZDcGG4pCS+1pCaiMhEOllx/XVu37qjIUgAmLq0ToHLFnFmTPyOInl
tukWeh95FPZKEBom+nyK+5swggU+MIIEJqADAgECAhEA/bu0LJsAKXVhEpPllE0lYzANBgkq
hkiG9w0BAQsFADCBmzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3Rl
cjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxQTA/BgNV
BAMTOENPTU9ETyBTSEEtMjU2IENsaWVudCBBdXRoZW50aWNhdGlvbiBhbmQgU2VjdXJlIEVt
YWlsIENBMB4XDTE2MTEzMDAwMDAwMFoXDTE3MTEzMDIzNTk1OVowJDEiMCAGCSqGSIb3DQEJ
ARYTZGlyZWN0b3JAb3BlbmNhLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AKnGg/GUuTjn0dKCEpRhVd+uiYbCjLQht+dbkvyRLm4aqlL7yHCe+21HQLIcU68ZCHT2ImpF
CFFrxQMQh4KijAwkbLc8+xZZSwXeZt58qnPn5c4vcpYU5LFq1q9oDT8MXH33DhVUT/7/IDSi
wRWM6FcgM6VrIjBmmvl9dW3gQaEd1bOAhO2X489fChRQYTaB6AEhqb8RSvWW7ZYzfNw8sPxV
afMCzWBPpO5RmLqOciZBhAinAM9dXmP5ckg/HjJQYSjvTc7HDcg75mpr5wH8Tk/ChyIYk4CT
zqONQV8HKCzZPTVmd2ZuMrliJwMFs3uEg0aBSzHjJTyAmZ89q5Mz3XsCAwEAAaOCAfEwggHt
MB8GA1UdIwQYMBaAFJJha4LhoqCqT+xn8cKj97SAAMHsMB0GA1UdDgQWBBTGgh9JWBvcrak1
PhAWBLGrECNAjzAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAgBgNVHSUEGTAXBggr
BgEFBQcDBAYLKwYBBAGyMQEDBQIwEQYJYIZIAYb4QgEBBAQDAgUgMEYGA1UdIAQ/MD0wOwYM
KwYBBAGyMQECAQEBMCswKQYIKwYBBQUHAgEWHWh0dHBzOi8vc2VjdXJlLmNvbW9kby5uZXQv
Q1BTMF0GA1UdHwRWMFQwUqBQoE6GTGh0dHA6Ly9jcmwuY29tb2RvY2EuY29tL0NPTU9ET1NI
QTI1NkNsaWVudEF1dGhlbnRpY2F0aW9uYW5kU2VjdXJlRW1haWxDQS5jcmwwgZAGCCsGAQUF
BwEBBIGDMIGAMFgGCCsGAQUFBzAChkxodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9T
SEEyNTZDbGllbnRBdXRoZW50aWNhdGlvbmFuZFNlY3VyZUVtYWlsQ0EuY3J0MCQGCCsGAQUF
BzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wHgYDVR0RBBcwFYETZGlyZWN0b3JAb3Bl
bmNhLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEAdIqtPcvA+g6VTYUpEo0I9Vtnrf9PiZ3OpkRL
O7U78EaeUfvOotThqj74XyrIl6eYlg+EdGIIUVB1CI05wPMRlZN3/R/Tj28vWkwckLRIbpL4
A5ZQyKgA9vK15/EEBVFIpCtAI6xJX0zx6TySlIgjcca05L0JgO7nzLGD2MY/dVWEE+QBuNI+
NBci+c+9q6YDPoXOpo0Wwbe0Bq95jNNWmZwhGzc+N5rhOGZmQT4P7TnpzvMik8ugbkqWyyHa
DQbLKYzM1RKS/mwcvFqjJCQgORnaCilSbfClwdWGI7vwcTR8eAzduvwG61u46Cgb57K5sMck
RicpWRvEYxCCVTwnozGCBEQwggRAAgEBMIGxMIGbMQswCQYDVQQGEwJHQjEbMBkGA1UECBMS
R3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8g
Q0EgTGltaXRlZDFBMD8GA1UEAxM4Q09NT0RPIFNIQS0yNTYgQ2xpZW50IEF1dGhlbnRpY2F0
aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0ECEQD9u7QsmwApdWESk+WUTSVjMA0GCWCGSAFlAwQC
AQUAoIICYzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xNzEx
MTUyMjAyMTdaMC8GCSqGSIb3DQEJBDEiBCBkuTboe8Da92xvjaPEIjWjrBLtz8F1peNvwArg
gLwGhzBsBgkqhkiG9w0BCQ8xXzBdMAsGCWCGSAFlAwQBKjALBglghkgBZQMEAQIwCgYIKoZI
hvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3
DQMCAgEoMIHCBgkrBgEEAYI3EAQxgbQwgbEwgZsxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJH
cmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBD
QSBMaW1pdGVkMUEwPwYDVQQDEzhDT01PRE8gU0hBLTI1NiBDbGllbnQgQXV0aGVudGljYXRp
b24gYW5kIFNlY3VyZSBFbWFpbCBDQQIRAP27tCybACl1YRKT5ZRNJWMwgcQGCyqGSIb3DQEJ
EAILMYG0oIGxMIGbMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVy
MRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDFBMD8GA1UE
AxM4Q09NT0RPIFNIQS0yNTYgQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1h
aWwgQ0ECEQD9u7QsmwApdWESk+WUTSVjMA0GCSqGSIb3DQEBAQUABIIBAENDaaIIywuHz+M1
mxvvzt9gKuYjS8FvhvCtdew/cFe1ldomjbTcnZkD0wzsS76HCUlXVJqXbAHJwn/mcOpKLLlm
vsiOAHqHzMDftHW3capUIysyEE0ewIMwIsW7+bxPEgO+cFNEKTM5RNI5rlrboQOL1+6eNHcT
m6MOu4eYnwpO2pLQr1XuUoS/734r/GQpUWrdwO+A0akjy5ijPGzzgLMG2JbAlw9uc8rha2LQ
XisUbyfeDRhlgeEjskPSQuJlfCeVKH4Z33NtqDrFzX7ZKfvrBYcePQ2AAmfTGPCZ23b6VEmI
ImM+WQT80E+jQQxoNCsxsQuB0z3GIWBxDSwsTFgAAAAAAAA=
--------------ms060007060205000904090508--


From nobody Wed Nov 15 14:11:38 2017
Return-Path: <thomas@riot-os.org>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6379512871F for <suit@ietfa.amsl.com>; Wed, 15 Nov 2017 14:11:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level: 
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8Cxkp64cxmDw for <suit@ietfa.amsl.com>; Wed, 15 Nov 2017 14:11:35 -0800 (PST)
Received: from mail.stillroot.org (mail.stillroot.org [176.9.132.253]) by ietfa.amsl.com (Postfix) with ESMTP id E957C127B52 for <suit@ietf.org>; Wed, 15 Nov 2017 14:11:34 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mail.stillroot.org (Postfix) with ESMTP id 0E86B443CC for <suit@ietf.org>; Wed, 15 Nov 2017 23:11:34 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at ba.stillroot.org
Received: from mail.stillroot.org ([127.0.0.1]) by localhost (mail.stillroot.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OxS4UklHGNPl for <suit@ietf.org>; Wed, 15 Nov 2017 23:11:27 +0100 (CET)
Received: from [192.168.6.13] (unknown [12.246.45.158]) by mail.stillroot.org (Postfix) with ESMTPSA id 14964443BB for <suit@ietf.org>; Wed, 15 Nov 2017 23:11:27 +0100 (CET)
From: Thomas Eichinger <thomas@riot-os.org>
Content-Type: multipart/alternative; boundary=Apple-Mail-CCD2631B-4232-484E-90AE-02D24C8991F1
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (1.0)
Date: Wed, 15 Nov 2017 14:11:24 -0800
Message-Id: <F78B7C9A-A257-41B5-85B2-8C54DA64C9F5@riot-os.org>
References: <E1eF1IJ-0004Rb-Ic@rmmprod07.runbox> <7de914f2-b82a-9ca3-5f3f-f158a10e4dc9@openca.org>
In-Reply-To: <7de914f2-b82a-9ca3-5f3f-f158a10e4dc9@openca.org>
To: suit@ietf.org
X-Mailer: iPhone Mail (15B150)
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/wMQF7pYu9sraOkQRTdtpEIXpuHA>
Subject: Re: [Suit] Make it clear that end-users MUST be able to NOT update
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Nov 2017 22:11:37 -0000

--Apple-Mail-CCD2631B-4232-484E-90AE-02D24C8991F1
Content-Type: text/plain;
	charset=us-ascii
Content-Transfer-Encoding: quoted-printable

Hi Max,

An earlier comment of mine was that updates should clearly be marked as secu=
rity or feature updates (more fine grained differentiation would be possible=
) and ideally both should be mutually exclusive.=20

This way, with the proper management tools at hand, a user can decide to sti=
ll allow security updates being deployed automatically while being able to r=
eview others before consenting to install the updates.=20

Best,=20
Thomas=20

> On Nov 15, 2017, at 1:57 PM, Dr. Pala <director@openca.org> wrote:
>=20
> Hi David, all,
>=20
> this is a really good point... but I think there might be some considerati=
ons that could complicate this view. For example, what are the consideration=
s about the fact that if you decide not to upgrade (BTW, the majority of peo=
ple who owns IoT would probably not even know what a firmware upgrade is...)=
 and your device gets hacked and used to participate in botnets or to attack=
 other devices in your own home network ? Even if the light bulb that was co=
mpromised does not have access/collect sensitive information per se, other d=
evices connected to your network might. To make it all more scary, think abo=
ut when you have some medical devices that are connected to your network (e.=
g., patient monitoring, etc.) that might be targeted via smaller / not updat=
ed devices...
> IMHO, one of the biggest fears in IoTs is that this large number of device=
s with (most of the time) IP capabilities can be really dangerous because th=
ey can be used as botnet and gateways to deploy more sophisticated attacks. I=
f we do not mandate for automatic upgrades that would (besides functional up=
grades) fix security issues, the situation might be quite eerie.
> This said, I am a big fan of the user to be (rightfully so!) in control of=
 her own devices... so, what do we do ?
>=20
> I do not really have an answer for this, but there might be the possibilit=
y do distinguish between devices that have User Interfaces (UIs) that the us=
er can use to accept or deny updates and devices that do not.
>=20
> Another aspect to consider is usability. In particular, how annoyed would y=
ou be if you had to accept/reject updates for all your home-installed IoTs (=
20 light bulbs) or, even worst, for all your work-installed IoTs (50k smart l=
ight bulbs) ?
> If we take, for example, the situation today with OS updates/upgrades, we s=
ee that the vast vast vast majority of installations do leverage the deploym=
ent of automatic updates nevertheless the possibility for the user to opt-ou=
t.
>=20
> Maybe a possible solution to this dichotomy would be to suggest using an u=
pdate-by-default policies and for devices that might have a UI (or a control=
ler that can more easily interact with the user) to provide the possibility t=
o (a) follow the same policy by accepting automatic updates, or (b) allow th=
e user to confirm/reject every update, or (c) allow the user to automaticall=
y reject (dangerous) any updates.
>=20
> What do you think ?
>=20
> Cheers,
> Max
>=20
>> On 11/16/17 1:16 AM, David A. Wheeler wrote:
>> I think a vitally-important requirement is that end-users MUST be able to=
 NOT update software.
>>=20
>> In many cases, it's valuable to automatically update software, and
>> internet-connected devices make that relatively easy.
>>=20
>> But there are many situations where updates must NOT occur.
>> There's a disturbing trend where people who own the devices are
>> increasingly not allowed to control them.  In the end, the end-user/owner=

>> should be able to decide if updates are acceptable, and when.
>>=20
>> Thanks.
>>=20
>> --- David A. Wheeler
>=20
> --=20
> Best Regards,
> Massimiliano Pala, Ph.D.
> OpenCA Labs Director
> <njjfjnmliggaogck.png>
> _______________________________________________
> Suit mailing list
> Suit@ietf.org
> https://www.ietf.org/mailman/listinfo/suit

--Apple-Mail-CCD2631B-4232-484E-90AE-02D24C8991F1
Content-Type: text/html;
	charset=utf-8
Content-Transfer-Encoding: 7bit

<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div></div><div>Hi Max,</div><div><br></div><div>An earlier comment of mine was that updates should clearly be marked as security or feature updates (more fine grained differentiation would be possible) and ideally both should be mutually exclusive.&nbsp;</div><div><br></div><div>This way, with the proper management tools at hand, a user can decide to still allow security updates being deployed automatically while being able to review others before consenting to install the updates.&nbsp;</div><div><br></div><div>Best,&nbsp;</div><div>Thomas&nbsp;</div><div><br>On Nov 15, 2017, at 1:57 PM, Dr. Pala &lt;<a href="mailto:director@openca.org">director@openca.org</a>&gt; wrote:<br><br></div><blockquote type="cite"><div>
  
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
  
  
    <p>Hi David, all,</p>
    <p>this is a really good point... but I think there might be some
      considerations that could complicate this view. For example, what
      are the considerations about the fact that if you decide not to
      upgrade (BTW, the majority of people who owns IoT would probably
      not even know what a firmware upgrade is...) and your device gets
      hacked and used to participate in botnets or to attack other
      devices in your own home network ? Even if the light bulb that was
      compromised does not have access/collect sensitive information per
      se, other devices connected to your network might. To make it all
      more scary, think about when you have some medical devices that
      are connected to your network (e.g., patient monitoring, etc.)
      that might be targeted via smaller / not updated devices...<br>
    </p>
    <p>IMHO, one of the biggest fears in IoTs is that this large number
      of devices with (most of the time) IP capabilities can be really
      dangerous because they can be used as botnet and gateways to
      deploy more sophisticated attacks. If we do not mandate for
      automatic upgrades that would (besides functional upgrades) fix
      security issues, the situation might be quite eerie.<br>
    </p>
    <p>This said, I am a big fan of the user to be (rightfully so!) in
      control of her own devices... so, what do we do ?</p>
    <p>I do not really have an answer for this, but there might be the
      possibility do distinguish between devices that have User
      Interfaces (UIs) that the user can use to accept or deny updates
      and devices that do not.</p>
    <p>Another aspect to consider is usability. In particular, how
      annoyed would you be if you had to accept/reject updates for all
      your home-installed IoTs (20 light bulbs) or, even worst, for all
      your work-installed IoTs (50k smart light bulbs) ?<br>
    </p>
    <p>If we take, for example, the situation today with OS
      updates/upgrades, we see that the vast vast vast majority of
      installations do leverage the deployment of automatic updates
      nevertheless the possibility for the user to opt-out.</p>
    <p>Maybe a possible solution to this dichotomy would be to suggest
      using an update-by-default policies and for devices that might
      have a UI (or a controller that can more easily interact with the
      user) to provide the possibility to (a) follow the same policy by
      accepting automatic updates, or (b) allow the user to
      confirm/reject every update, or (c) allow the user to
      automatically reject (dangerous) any updates.</p>
    <p>What do you think ?</p>
    <p>Cheers,<br>
      Max<br>
    </p>
    <br>
    <div class="moz-cite-prefix">On 11/16/17 1:16 AM, David A. Wheeler
      wrote:<br>
    </div>
    <blockquote type="cite" cite="mid:E1eF1IJ-0004Rb-Ic@rmmprod07.runbox">
      <pre wrap="">I think a vitally-important requirement is that end-users MUST be able to NOT update software.

In many cases, it's valuable to automatically update software, and
internet-connected devices make that relatively easy.

But there are many situations where updates must NOT occur.
There's a disturbing trend where people who own the devices are
increasingly not allowed to control them.  In the end, the end-user/owner
should be able to decide if updates are acceptable, and when.

Thanks.

--- David A. Wheeler
</pre>
    </blockquote>
    <br>
    <div class="moz-signature">-- <br>
      <div style="color: black; margin-top: 10px;">
        Best Regards,
        <div style="margin-top: 5px; margin-left: 0px; ">
          Massimiliano Pala, Ph.D.<br>
          OpenCA Labs Director<br>
        </div>
        &lt;njjfjnmliggaogck.png&gt;<br>
      </div>
    </div>
  

</div></blockquote><blockquote type="cite"><div><span>_______________________________________________</span><br><span>Suit mailing list</span><br><span><a href="mailto:Suit@ietf.org">Suit@ietf.org</a></span><br><span><a href="https://www.ietf.org/mailman/listinfo/suit">https://www.ietf.org/mailman/listinfo/suit</a></span><br></div></blockquote></body></html>
--Apple-Mail-CCD2631B-4232-484E-90AE-02D24C8991F1--


From nobody Wed Nov 15 14:25:01 2017
Return-Path: <justincappos@gmail.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0EAB9128959 for <suit@ietfa.amsl.com>; Wed, 15 Nov 2017 14:25:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.398
X-Spam-Level: 
X-Spam-Status: No, score=-2.398 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.199, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cjiaUOk9Yeyv for <suit@ietfa.amsl.com>; Wed, 15 Nov 2017 14:24:57 -0800 (PST)
Received: from mail-lf0-x232.google.com (mail-lf0-x232.google.com [IPv6:2a00:1450:4010:c07::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C262A1288B8 for <suit@ietf.org>; Wed, 15 Nov 2017 14:24:56 -0800 (PST)
Received: by mail-lf0-x232.google.com with SMTP id f125so27950809lff.4 for <suit@ietf.org>; Wed, 15 Nov 2017 14:24:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;  h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=4ZFY5rCy+Rxv5icKySbUyrB8T9HU1RoCZ0n69TMxHSQ=; b=nw8ZFzWDUMj6P2L4zUPOeB7NEEigBlaapMvVAgl4/R9PZ3e+by5qvZ7c+Uxy7ZMmbh PAKB+TY126ScfjTnL0lL7eis9cWB7AIPQKvEI3JwDqG65e6WhxR2T2vmdVQw9xJy1PRS 12SHmWo9DffYd+u0m3dXVQDPgUdvMZZs1ksyA8Im/6lWnXeALAVqK3qqvNe7TfVAJjFI BVODIGzFnotgc2Jt/Z1QLp9AkwRk1HHPplshITxKfBz/lPhi8FSG+HYKIpaN8NTX54L+ o/8DOMvE4Q/s45oitgRkwf9tNTwpT3ng96rzX/kWoH1hRmc4xObDSWeX1OB7XQePTzI+ G8JA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=4ZFY5rCy+Rxv5icKySbUyrB8T9HU1RoCZ0n69TMxHSQ=; b=SPSbAoRReMUx6KyfgOvXbtFH5nbxNmTNXK7186kpI7m0Bxm3uitAc4TnD0LiNObiJZ R2teldKiVy2FJ3ezAttlpqFLarvNxkzAps3flQNWDP6/0kQi+ZVMOPpwtcOezm3wkD0y R+GB7OEq09AUaEHoFcLfcG80mk/e7bz5ob0k9LrPL6u1ghvb1yheX6r4XU5i3PePUvUq zeOBMEyURl9TCop0PgLUHWgW5aqg4hac2mi3rKdeQ87WG7p2nZK89OPui8I6ex3WME8p 2385/h6TuABOzTIqZa4ZEw0nWMO5KWLzsTtzKivFWovgKT7KbM3OUU0gg0BVl+WMMBTX BYNQ==
X-Gm-Message-State: AJaThX7ad9u7h8VxAaH6kWd/1lx4fEPhu30PboOkopya5SPpJ3V+ut/7 aiAsDZ9uiNpzARRiiAZ19dyEb9y8TXNvnaObBdg=
X-Google-Smtp-Source: AGs4zMbn76A9szy2TBPZHea4Mpf0Efy3kZGkykTkyOuaAO0uScmiz9Pkk7IXKYS4CvgxAcGWSgtTbI9Xjekf84skndw=
X-Received: by 10.46.23.156 with SMTP id 28mr5406475ljx.3.1510784694869; Wed, 15 Nov 2017 14:24:54 -0800 (PST)
MIME-Version: 1.0
Sender: justincappos@gmail.com
Received: by 10.46.20.88 with HTTP; Wed, 15 Nov 2017 14:24:34 -0800 (PST)
In-Reply-To: <F78B7C9A-A257-41B5-85B2-8C54DA64C9F5@riot-os.org>
References: <E1eF1IJ-0004Rb-Ic@rmmprod07.runbox> <7de914f2-b82a-9ca3-5f3f-f158a10e4dc9@openca.org> <F78B7C9A-A257-41B5-85B2-8C54DA64C9F5@riot-os.org>
From: Justin Cappos <jcappos@nyu.edu>
Date: Wed, 15 Nov 2017 17:24:34 -0500
X-Google-Sender-Auth: XGQ_B2_9wfkDKSv2qMHgWIF3Tag
Message-ID: <CAMVss_oA0_fUvyUK4ER8tH-UbXkuqehA4u71HKVi+f7h-Wie+Q@mail.gmail.com>
To: Thomas Eichinger <thomas@riot-os.org>
Cc: suit@ietf.org
Content-Type: multipart/alternative; boundary="94eb2c08025411e2ec055e0cf965"
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/7vlaypWQ1HUO-oRFVNfus3SMfXI>
Subject: Re: [Suit] Make it clear that end-users MUST be able to NOT update
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Nov 2017 22:25:00 -0000

--94eb2c08025411e2ec055e0cf965
Content-Type: text/plain; charset="UTF-8"

What about a model where you can elect to either choose to manage the
application of updates yourself or let it be managed by the manufacturer?

It seems the consumer is in the best position to choose and understand what
works best for them.

Justin

On Wed, Nov 15, 2017 at 5:11 PM, Thomas Eichinger <thomas@riot-os.org>
wrote:

> Hi Max,
>
> An earlier comment of mine was that updates should clearly be marked as
> security or feature updates (more fine grained differentiation would be
> possible) and ideally both should be mutually exclusive.
>
> This way, with the proper management tools at hand, a user can decide to
> still allow security updates being deployed automatically while being able
> to review others before consenting to install the updates.
>
> Best,
> Thomas
>
> On Nov 15, 2017, at 1:57 PM, Dr. Pala <director@openca.org> wrote:
>
> Hi David, all,
>
> this is a really good point... but I think there might be some
> considerations that could complicate this view. For example, what are the
> considerations about the fact that if you decide not to upgrade (BTW, the
> majority of people who owns IoT would probably not even know what a
> firmware upgrade is...) and your device gets hacked and used to participate
> in botnets or to attack other devices in your own home network ? Even if
> the light bulb that was compromised does not have access/collect sensitive
> information per se, other devices connected to your network might. To make
> it all more scary, think about when you have some medical devices that are
> connected to your network (e.g., patient monitoring, etc.) that might be
> targeted via smaller / not updated devices...
>
> IMHO, one of the biggest fears in IoTs is that this large number of
> devices with (most of the time) IP capabilities can be really dangerous
> because they can be used as botnet and gateways to deploy more
> sophisticated attacks. If we do not mandate for automatic upgrades that
> would (besides functional upgrades) fix security issues, the situation
> might be quite eerie.
>
> This said, I am a big fan of the user to be (rightfully so!) in control of
> her own devices... so, what do we do ?
>
> I do not really have an answer for this, but there might be the
> possibility do distinguish between devices that have User Interfaces (UIs)
> that the user can use to accept or deny updates and devices that do not.
>
> Another aspect to consider is usability. In particular, how annoyed would
> you be if you had to accept/reject updates for all your home-installed IoTs
> (20 light bulbs) or, even worst, for all your work-installed IoTs (50k
> smart light bulbs) ?
>
> If we take, for example, the situation today with OS updates/upgrades, we
> see that the vast vast vast majority of installations do leverage the
> deployment of automatic updates nevertheless the possibility for the user
> to opt-out.
>
> Maybe a possible solution to this dichotomy would be to suggest using an
> update-by-default policies and for devices that might have a UI (or a
> controller that can more easily interact with the user) to provide the
> possibility to (a) follow the same policy by accepting automatic updates,
> or (b) allow the user to confirm/reject every update, or (c) allow the user
> to automatically reject (dangerous) any updates.
>
> What do you think ?
>
> Cheers,
> Max
>
> On 11/16/17 1:16 AM, David A. Wheeler wrote:
>
> I think a vitally-important requirement is that end-users MUST be able to NOT update software.
>
> In many cases, it's valuable to automatically update software, and
> internet-connected devices make that relatively easy.
>
> But there are many situations where updates must NOT occur.
> There's a disturbing trend where people who own the devices are
> increasingly not allowed to control them.  In the end, the end-user/owner
> should be able to decide if updates are acceptable, and when.
>
> Thanks.
>
> --- David A. Wheeler
>
>
> --
> Best Regards,
> Massimiliano Pala, Ph.D.
> OpenCA Labs Director
> <njjfjnmliggaogck.png>
>
> _______________________________________________
> Suit mailing list
> Suit@ietf.org
> https://www.ietf.org/mailman/listinfo/suit
>
>
> _______________________________________________
> Suit mailing list
> Suit@ietf.org
> https://www.ietf.org/mailman/listinfo/suit
>
>

--94eb2c08025411e2ec055e0cf965
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">What about a model where you can elect to either choose to=
 manage the application of updates yourself or let it be managed by the man=
ufacturer?=C2=A0=C2=A0<div><br></div><div>It seems the consumer is in the b=
est position to choose and understand what works best for them.</div><div><=
br></div><div>Justin</div></div><div class=3D"gmail_extra"><br><div class=
=3D"gmail_quote">On Wed, Nov 15, 2017 at 5:11 PM, Thomas Eichinger <span di=
r=3D"ltr">&lt;<a href=3D"mailto:thomas@riot-os.org" target=3D"_blank">thoma=
s@riot-os.org</a>&gt;</span> wrote:<br><blockquote class=3D"gmail_quote" st=
yle=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div =
dir=3D"auto"><div></div><div>Hi Max,</div><div><br></div><div>An earlier co=
mment of mine was that updates should clearly be marked as security or feat=
ure updates (more fine grained differentiation would be possible) and ideal=
ly both should be mutually exclusive.=C2=A0</div><div><br></div><div>This w=
ay, with the proper management tools at hand, a user can decide to still al=
low security updates being deployed automatically while being able to revie=
w others before consenting to install the updates.=C2=A0</div><div><br></di=
v><div>Best,=C2=A0</div><div>Thomas=C2=A0</div><div><div class=3D"h5"><div>=
<br>On Nov 15, 2017, at 1:57 PM, Dr. Pala &lt;<a href=3D"mailto:director@op=
enca.org" target=3D"_blank">director@openca.org</a>&gt; wrote:<br><br></div=
></div></div><blockquote type=3D"cite"><div><div><div class=3D"h5">
 =20
   =20
 =20
 =20
    <p>Hi David, all,</p>
    <p>this is a really good point... but I think there might be some
      considerations that could complicate this view. For example, what
      are the considerations about the fact that if you decide not to
      upgrade (BTW, the majority of people who owns IoT would probably
      not even know what a firmware upgrade is...) and your device gets
      hacked and used to participate in botnets or to attack other
      devices in your own home network ? Even if the light bulb that was
      compromised does not have access/collect sensitive information per
      se, other devices connected to your network might. To make it all
      more scary, think about when you have some medical devices that
      are connected to your network (e.g., patient monitoring, etc.)
      that might be targeted via smaller / not updated devices...<br>
    </p>
    <p>IMHO, one of the biggest fears in IoTs is that this large number
      of devices with (most of the time) IP capabilities can be really
      dangerous because they can be used as botnet and gateways to
      deploy more sophisticated attacks. If we do not mandate for
      automatic upgrades that would (besides functional upgrades) fix
      security issues, the situation might be quite eerie.<br>
    </p>
    <p>This said, I am a big fan of the user to be (rightfully so!) in
      control of her own devices... so, what do we do ?</p>
    <p>I do not really have an answer for this, but there might be the
      possibility do distinguish between devices that have User
      Interfaces (UIs) that the user can use to accept or deny updates
      and devices that do not.</p>
    <p>Another aspect to consider is usability. In particular, how
      annoyed would you be if you had to accept/reject updates for all
      your home-installed IoTs (20 light bulbs) or, even worst, for all
      your work-installed IoTs (50k smart light bulbs) ?<br>
    </p>
    <p>If we take, for example, the situation today with OS
      updates/upgrades, we see that the vast vast vast majority of
      installations do leverage the deployment of automatic updates
      nevertheless the possibility for the user to opt-out.</p>
    <p>Maybe a possible solution to this dichotomy would be to suggest
      using an update-by-default policies and for devices that might
      have a UI (or a controller that can more easily interact with the
      user) to provide the possibility to (a) follow the same policy by
      accepting automatic updates, or (b) allow the user to
      confirm/reject every update, or (c) allow the user to
      automatically reject (dangerous) any updates.</p>
    <p>What do you think ?</p>
    <p>Cheers,<br>
      Max<br>
    </p>
    <br>
    <div class=3D"m_-2577874386729003987moz-cite-prefix">On 11/16/17 1:16 A=
M, David A. Wheeler
      wrote:<br>
    </div>
    <blockquote type=3D"cite">
      <pre>I think a vitally-important requirement is that end-users MUST b=
e able to NOT update software.

In many cases, it&#39;s valuable to automatically update software, and
internet-connected devices make that relatively easy.

But there are many situations where updates must NOT occur.
There&#39;s a disturbing trend where people who own the devices are
increasingly not allowed to control them.  In the end, the end-user/owner
should be able to decide if updates are acceptable, and when.

Thanks.

--- David A. Wheeler
</pre>
    </blockquote>
    <br>
    </div></div><div class=3D"m_-2577874386729003987moz-signature">-- <br>
      <div style=3D"color:black;margin-top:10px"><div><div class=3D"h5">
        Best Regards,
        <div style=3D"margin-top:5px;margin-left:0px">
          Massimiliano Pala, Ph.D.<br>
          OpenCA Labs Director<br>
        </div></div></div>
        &lt;njjfjnmliggaogck.png&gt;<br>
      </div>
    </div>
 =20

</div></blockquote><span class=3D""><blockquote type=3D"cite"><div><span>__=
____________________________<wbr>_________________</span><br><span>Suit mai=
ling list</span><br><span><a href=3D"mailto:Suit@ietf.org" target=3D"_blank=
">Suit@ietf.org</a></span><br><span><a href=3D"https://www.ietf.org/mailman=
/listinfo/suit" target=3D"_blank">https://www.ietf.org/mailman/<wbr>listinf=
o/suit</a></span><br></div></blockquote></span></div><br>__________________=
____________<wbr>_________________<br>
Suit mailing list<br>
<a href=3D"mailto:Suit@ietf.org">Suit@ietf.org</a><br>
<a href=3D"https://www.ietf.org/mailman/listinfo/suit" rel=3D"noreferrer" t=
arget=3D"_blank">https://www.ietf.org/mailman/<wbr>listinfo/suit</a><br>
<br></blockquote></div><br></div>

--94eb2c08025411e2ec055e0cf965--


From nobody Wed Nov 15 14:30:36 2017
Return-Path: <madwolf@openca.org>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 41213128BB7 for <suit@ietfa.amsl.com>; Wed, 15 Nov 2017 14:30:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.889
X-Spam-Level: 
X-Spam-Status: No, score=-1.889 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_HK_NAME_DR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pwnuco2an27u for <suit@ietfa.amsl.com>; Wed, 15 Nov 2017 14:30:22 -0800 (PST)
Received: from mail.katezarealty.com (mail.katezarealty.com [104.168.158.213]) by ietfa.amsl.com (Postfix) with ESMTP id 5A5AE128B93 for <suit@ietf.org>; Wed, 15 Nov 2017 14:30:22 -0800 (PST)
Received: from localhost (unknown [127.0.0.1]) by mail.katezarealty.com (Postfix) with ESMTP id 2E29C3741029 for <suit@ietf.org>; Wed, 15 Nov 2017 22:30:22 +0000 (UTC)
X-Virus-Scanned: amavisd-new at katezarealty.com
Received: from mail.katezarealty.com ([127.0.0.1]) by localhost (mail.katezarealty.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id XS0mVy9NfcyV for <suit@ietf.org>; Wed, 15 Nov 2017 17:30:21 -0500 (EST)
Received: from Maxs-MacBook-Pro.local (unknown [101.100.166.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.katezarealty.com (Postfix) with ESMTPSA id 801833740C38 for <suit@ietf.org>; Wed, 15 Nov 2017 17:30:20 -0500 (EST)
To: suit@ietf.org
References: <E1eF1IJ-0004Rb-Ic@rmmprod07.runbox> <7de914f2-b82a-9ca3-5f3f-f158a10e4dc9@openca.org> <F78B7C9A-A257-41B5-85B2-8C54DA64C9F5@riot-os.org>
From: "Dr. Pala" <madwolf@openca.org>
Message-ID: <f4595d89-ea58-d8a9-0bcd-4ae1b763225f@openca.org>
Date: Thu, 16 Nov 2017 06:30:19 +0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <F78B7C9A-A257-41B5-85B2-8C54DA64C9F5@riot-os.org>
Content-Type: multipart/alternative; boundary="------------2E431705C804608613080DB5"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/h54KZReR1uzyyxFSC8prPpK-GV0>
Subject: Re: [Suit] Make it clear that end-users MUST be able to NOT update
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Nov 2017 22:30:28 -0000

This is a multi-part message in MIME format.
--------------2E431705C804608613080DB5
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit

Hi Thomas,

initially I was thinking something along those same lines, but my 
personal experience with manufacturer/vendors (M/F) is that even that 
level of sophistication might be a bit too much if we go all the way 
down to security vs. feature (or more fine grained) differentiation.

Maybe a possible solution would be to have some flags that mark the 
update as containing (but not in a mutually exclusively fashion) a 
security-related fix indicator (i.e., maybe a simple flag in the 
manifest ?). I would be supportive of that idea, but I think that 
something more complicated could hinder the adoption by M/F.

AFTER we manage to have a solution out there that is adopted and that 
IoTs M/F can build their experience on (and for this, I would stress the 
need to keep any initial proposal/solution as simple as possible... but 
not simpler :D), we might extend the model and propose optional features 
(that inevitably will complicate the whole lifetime and management of 
firmware updates) that build on top of the initial work.

Would do you think ? Would this be a good path ?

Cheers,
Max


On 11/16/17 6:11 AM, Thomas Eichinger wrote:
> Hi Max,
>
> An earlier comment of mine was that updates should clearly be marked 
> as security or feature updates (more fine grained differentiation 
> would be possible) and ideally both should be mutually exclusive.
>
> This way, with the proper management tools at hand, a user can decide 
> to still allow security updates being deployed automatically while 
> being able to review others before consenting to install the updates.
>
> Best,
> Thomas
>
> On Nov 15, 2017, at 1:57 PM, Dr. Pala <director@openca.org 
> <mailto:director@openca.org>> wrote:
>
>> Hi David, all,
>>
>> this is a really good point... but I think there might be some 
>> considerations that could complicate this view. For example, what are 
>> the considerations about the fact that if you decide not to upgrade 
>> (BTW, the majority of people who owns IoT would probably not even 
>> know what a firmware upgrade is...) and your device gets hacked and 
>> used to participate in botnets or to attack other devices in your own 
>> home network ? Even if the light bulb that was compromised does not 
>> have access/collect sensitive information per se, other devices 
>> connected to your network might. To make it all more scary, think 
>> about when you have some medical devices that are connected to your 
>> network (e.g., patient monitoring, etc.) that might be targeted via 
>> smaller / not updated devices...
>>
>> IMHO, one of the biggest fears in IoTs is that this large number of 
>> devices with (most of the time) IP capabilities can be really 
>> dangerous because they can be used as botnet and gateways to deploy 
>> more sophisticated attacks. If we do not mandate for automatic 
>> upgrades that would (besides functional upgrades) fix security 
>> issues, the situation might be quite eerie.
>>
>> This said, I am a big fan of the user to be (rightfully so!) in 
>> control of her own devices... so, what do we do ?
>>
>> I do not really have an answer for this, but there might be the 
>> possibility do distinguish between devices that have User Interfaces 
>> (UIs) that the user can use to accept or deny updates and devices 
>> that do not.
>>
>> Another aspect to consider is usability. In particular, how annoyed 
>> would you be if you had to accept/reject updates for all your 
>> home-installed IoTs (20 light bulbs) or, even worst, for all your 
>> work-installed IoTs (50k smart light bulbs) ?
>>
>> If we take, for example, the situation today with OS 
>> updates/upgrades, we see that the vast vast vast majority of 
>> installations do leverage the deployment of automatic updates 
>> nevertheless the possibility for the user to opt-out.
>>
>> Maybe a possible solution to this dichotomy would be to suggest using 
>> an update-by-default policies and for devices that might have a UI 
>> (or a controller that can more easily interact with the user) to 
>> provide the possibility to (a) follow the same policy by accepting 
>> automatic updates, or (b) allow the user to confirm/reject every 
>> update, or (c) allow the user to automatically reject (dangerous) any 
>> updates.
>>
>> What do you think ?
>>
>> Cheers,
>> Max
>>
>>
>> On 11/16/17 1:16 AM, David A. Wheeler wrote:
>>> I think a vitally-important requirement is that end-users MUST be able to NOT update software.
>>>
>>> In many cases, it's valuable to automatically update software, and
>>> internet-connected devices make that relatively easy.
>>>
>>> But there are many situations where updates must NOT occur.
>>> There's a disturbing trend where people who own the devices are
>>> increasingly not allowed to control them.  In the end, the end-user/owner
>>> should be able to decide if updates are acceptable, and when.
>>>
>>> Thanks.
>>>
>>> --- David A. Wheeler
>>


--------------2E431705C804608613080DB5
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 8bit

<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <p>Hi Thomas,</p>
    <p>initially I was thinking something along those same lines, but my
      personal experience with manufacturer/vendors (M/F) is that even
      that level of sophistication might be a bit too much if we go all
      the way down to security vs. feature (or more fine grained)
      differentiation.</p>
    <p>Maybe a possible solution would be to have some flags that mark
      the update as containing (but not in a mutually exclusively
      fashion) a security-related fix indicator (i.e., maybe a simple
      flag in the manifest ?). I would be supportive of that idea, but I
      think that something more complicated could hinder the adoption by
      M/F.</p>
    <p>AFTER we manage to have a solution out there that is adopted and
      that IoTs M/F can build their experience on (and for this, I would
      stress the need to keep any initial proposal/solution as simple as
      possible... but not simpler :D), we might extend the model and
      propose optional features (that inevitably will complicate the
      whole lifetime and management of firmware updates) that build on
      top of the initial work.<br>
    </p>
    <p>Would do you think ? Would this be a good path ?<br>
    </p>
    <p>Cheers,<br>
      Max<br>
    </p>
    <br>
    <div class="moz-cite-prefix">On 11/16/17 6:11 AM, Thomas Eichinger
      wrote:<br>
    </div>
    <blockquote type="cite"
      cite="mid:F78B7C9A-A257-41B5-85B2-8C54DA64C9F5@riot-os.org">
      <meta http-equiv="content-type" content="text/html; charset=utf-8">
      <div>Hi Max,</div>
      <div><br>
      </div>
      <div>An earlier comment of mine was that updates should clearly be
        marked as security or feature updates (more fine grained
        differentiation would be possible) and ideally both should be
        mutually exclusive. </div>
      <div><br>
      </div>
      <div>This way, with the proper management tools at hand, a user
        can decide to still allow security updates being deployed
        automatically while being able to review others before
        consenting to install the updates. </div>
      <div><br>
      </div>
      <div>Best, </div>
      <div>Thomas </div>
      <div><br>
        On Nov 15, 2017, at 1:57 PM, Dr. Pala &lt;<a
          href="mailto:director@openca.org" moz-do-not-send="true">director@openca.org</a>&gt;
        wrote:<br>
        <br>
      </div>
      <blockquote type="cite">
        <div>
          <meta http-equiv="Content-Type" content="text/html;
            charset=utf-8">
          <p>Hi David, all,</p>
          <p>this is a really good point... but I think there might be
            some considerations that could complicate this view. For
            example, what are the considerations about the fact that if
            you decide not to upgrade (BTW, the majority of people who
            owns IoT would probably not even know what a firmware
            upgrade is...) and your device gets hacked and used to
            participate in botnets or to attack other devices in your
            own home network ? Even if the light bulb that was
            compromised does not have access/collect sensitive
            information per se, other devices connected to your network
            might. To make it all more scary, think about when you have
            some medical devices that are connected to your network
            (e.g., patient monitoring, etc.) that might be targeted via
            smaller / not updated devices...<br>
          </p>
          <p>IMHO, one of the biggest fears in IoTs is that this large
            number of devices with (most of the time) IP capabilities
            can be really dangerous because they can be used as botnet
            and gateways to deploy more sophisticated attacks. If we do
            not mandate for automatic upgrades that would (besides
            functional upgrades) fix security issues, the situation
            might be quite eerie.<br>
          </p>
          <p>This said, I am a big fan of the user to be (rightfully
            so!) in control of her own devices... so, what do we do ?</p>
          <p>I do not really have an answer for this, but there might be
            the possibility do distinguish between devices that have
            User Interfaces (UIs) that the user can use to accept or
            deny updates and devices that do not.</p>
          <p>Another aspect to consider is usability. In particular, how
            annoyed would you be if you had to accept/reject updates for
            all your home-installed IoTs (20 light bulbs) or, even
            worst, for all your work-installed IoTs (50k smart light
            bulbs) ?<br>
          </p>
          <p>If we take, for example, the situation today with OS
            updates/upgrades, we see that the vast vast vast majority of
            installations do leverage the deployment of automatic
            updates nevertheless the possibility for the user to
            opt-out.</p>
          <p>Maybe a possible solution to this dichotomy would be to
            suggest using an update-by-default policies and for devices
            that might have a UI (or a controller that can more easily
            interact with the user) to provide the possibility to (a)
            follow the same policy by accepting automatic updates, or
            (b) allow the user to confirm/reject every update, or (c)
            allow the user to automatically reject (dangerous) any
            updates.</p>
          <p>What do you think ?</p>
          <p>Cheers,<br>
            Max<br>
          </p>
          <br>
          <div class="moz-cite-prefix">On 11/16/17 1:16 AM, David A.
            Wheeler wrote:<br>
          </div>
          <blockquote type="cite"
            cite="mid:E1eF1IJ-0004Rb-Ic@rmmprod07.runbox">
            <pre wrap="">I think a vitally-important requirement is that end-users MUST be able to NOT update software.

In many cases, it's valuable to automatically update software, and
internet-connected devices make that relatively easy.

But there are many situations where updates must NOT occur.
There's a disturbing trend where people who own the devices are
increasingly not allowed to control them.  In the end, the end-user/owner
should be able to decide if updates are acceptable, and when.

Thanks.

--- David A. Wheeler
</pre>
          </blockquote>
          <br>
        </div>
      </blockquote>
    </blockquote>
    <br>
  </body>
</html>

--------------2E431705C804608613080DB5--


From nobody Wed Nov 15 15:47:51 2017
Return-Path: <eckert@i4.informatik.uni-erlangen.de>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 73693128D69 for <suit@ietfa.amsl.com>; Wed, 15 Nov 2017 15:47:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.198
X-Spam-Level: 
X-Spam-Status: No, score=-4.198 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_MED=-2.3, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bqVgBde9mIX3 for <suit@ietfa.amsl.com>; Wed, 15 Nov 2017 15:47:46 -0800 (PST)
Received: from faui40.informatik.uni-erlangen.de (faui40.informatik.uni-erlangen.de [131.188.34.40]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 30428127078 for <suit@ietf.org>; Wed, 15 Nov 2017 15:47:46 -0800 (PST)
Received: from faui40p.informatik.uni-erlangen.de (faui40p.informatik.uni-erlangen.de [IPv6:2001:638:a000:4134::ffff:77]) by faui40.informatik.uni-erlangen.de (Postfix) with ESMTP id EAF3A58C525; Thu, 16 Nov 2017 00:47:41 +0100 (CET)
Received: by faui40p.informatik.uni-erlangen.de (Postfix, from userid 10463) id D3892B0D1A9; Thu, 16 Nov 2017 00:47:41 +0100 (CET)
Date: Thu, 16 Nov 2017 00:47:41 +0100
From: Toerless Eckert <tte@cs.fau.de>
To: "Dr. Pala" <madwolf@openca.org>
Cc: suit@ietf.org
Message-ID: <20171115234741.GV19390@faui40p.informatik.uni-erlangen.de>
References: <E1eF1IJ-0004Rb-Ic@rmmprod07.runbox> <7de914f2-b82a-9ca3-5f3f-f158a10e4dc9@openca.org> <F78B7C9A-A257-41B5-85B2-8C54DA64C9F5@riot-os.org> <f4595d89-ea58-d8a9-0bcd-4ae1b763225f@openca.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <f4595d89-ea58-d8a9-0bcd-4ae1b763225f@openca.org>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/iH3n8PUDsXWtNWwIQ6mJsWSx5YM>
Subject: Re: [Suit] Make it clear that end-users MUST be able to NOT update
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Nov 2017 23:47:49 -0000

It would be nice to have a solution layer that is independent of
the interfaces supported by the device. button... display/more-buttons,
audio, GUI, holo-projector,... there is just way too much diverstiy
to be fair in any solution if we assume a specific one. And most
devices will only have some four-digit number printed on the product
label as the only interface anyhow (in support of initial authentication
happening via some other interface and the cloud).

One way we could think about defining the update experience in an
IETF compatible and IMHO even (gasp!) useful way is to think
that every device has a "cloud-based" device management service.
The management service would include the aspects of interest to us,
eg: establish device ownership, review, observe, control upgrade/downgrade,
etc. pp.

We could then define this cloud device management service as a yang
model and say it must be supported via restconf. Then we would have a standard
interfac on which even third parties could build all type software
supporting te variety of possible HW interfaces mentined above. The
most simple example of course is that this would enable the
"one-fits-all" app for the usrs smartphone that allows it now to control
all the IoT devices in the home, because they are all controlled via
the same yang model based cloud interface.

On Thu, Nov 16, 2017 at 06:30:19AM +0800, Dr. Pala wrote:
> Hi Thomas,
> 
> initially I was thinking something along those same lines, but my
> personal experience with manufacturer/vendors (M/F) is that even
> that level of sophistication might be a bit too much if we go all
> the way down to security vs. feature (or more fine grained)
> differentiation.
> 
> Maybe a possible solution would be to have some flags that mark the
> update as containing (but not in a mutually exclusively fashion) a
> security-related fix indicator (i.e., maybe a simple flag in the
> manifest ?). I would be supportive of that idea, but I think that
> something more complicated could hinder the adoption by M/F.
> 
> AFTER we manage to have a solution out there that is adopted and
> that IoTs M/F can build their experience on (and for this, I would
> stress the need to keep any initial proposal/solution as simple as
> possible... but not simpler :D), we might extend the model and
> propose optional features (that inevitably will complicate the whole
> lifetime and management of firmware updates) that build on top of
> the initial work.
> 
> Would do you think ? Would this be a good path ?
> 
> Cheers,
> Max
> 
> 
> On 11/16/17 6:11 AM, Thomas Eichinger wrote:
> >Hi Max,
> >
> >An earlier comment of mine was that updates should clearly be
> >marked as security or feature updates (more fine grained
> >differentiation would be possible) and ideally both should be
> >mutually exclusive.
> >
> >This way, with the proper management tools at hand, a user can
> >decide to still allow security updates being deployed
> >automatically while being able to review others before consenting
> >to install the updates.
> >
> >Best,
> >Thomas
> >
> >On Nov 15, 2017, at 1:57 PM, Dr. Pala <director@openca.org
> ><mailto:director@openca.org>> wrote:
> >
> >>Hi David, all,
> >>
> >>this is a really good point... but I think there might be some
> >>considerations that could complicate this view. For example,
> >>what are the considerations about the fact that if you decide
> >>not to upgrade (BTW, the majority of people who owns IoT would
> >>probably not even know what a firmware upgrade is...) and your
> >>device gets hacked and used to participate in botnets or to
> >>attack other devices in your own home network ? Even if the
> >>light bulb that was compromised does not have access/collect
> >>sensitive information per se, other devices connected to your
> >>network might. To make it all more scary, think about when you
> >>have some medical devices that are connected to your network
> >>(e.g., patient monitoring, etc.) that might be targeted via
> >>smaller / not updated devices...
> >>
> >>IMHO, one of the biggest fears in IoTs is that this large number
> >>of devices with (most of the time) IP capabilities can be really
> >>dangerous because they can be used as botnet and gateways to
> >>deploy more sophisticated attacks. If we do not mandate for
> >>automatic upgrades that would (besides functional upgrades) fix
> >>security issues, the situation might be quite eerie.
> >>
> >>This said, I am a big fan of the user to be (rightfully so!) in
> >>control of her own devices... so, what do we do ?
> >>
> >>I do not really have an answer for this, but there might be the
> >>possibility do distinguish between devices that have User
> >>Interfaces (UIs) that the user can use to accept or deny updates
> >>and devices that do not.
> >>
> >>Another aspect to consider is usability. In particular, how
> >>annoyed would you be if you had to accept/reject updates for all
> >>your home-installed IoTs (20 light bulbs) or, even worst, for
> >>all your work-installed IoTs (50k smart light bulbs) ?
> >>
> >>If we take, for example, the situation today with OS
> >>updates/upgrades, we see that the vast vast vast majority of
> >>installations do leverage the deployment of automatic updates
> >>nevertheless the possibility for the user to opt-out.
> >>
> >>Maybe a possible solution to this dichotomy would be to suggest
> >>using an update-by-default policies and for devices that might
> >>have a UI (or a controller that can more easily interact with
> >>the user) to provide the possibility to (a) follow the same
> >>policy by accepting automatic updates, or (b) allow the user to
> >>confirm/reject every update, or (c) allow the user to
> >>automatically reject (dangerous) any updates.
> >>
> >>What do you think ?
> >>
> >>Cheers,
> >>Max
> >>
> >>
> >>On 11/16/17 1:16 AM, David A. Wheeler wrote:
> >>>I think a vitally-important requirement is that end-users MUST be able to NOT update software.
> >>>
> >>>In many cases, it's valuable to automatically update software, and
> >>>internet-connected devices make that relatively easy.
> >>>
> >>>But there are many situations where updates must NOT occur.
> >>>There's a disturbing trend where people who own the devices are
> >>>increasingly not allowed to control them.  In the end, the end-user/owner
> >>>should be able to decide if updates are acceptable, and when.
> >>>
> >>>Thanks.
> >>>
> >>>--- David A. Wheeler
> >>
> 

> _______________________________________________
> Suit mailing list
> Suit@ietf.org
> https://www.ietf.org/mailman/listinfo/suit


-- 
---
tte@cs.fau.de


From nobody Wed Nov 15 16:34:31 2017
Return-Path: <dthaler@microsoft.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F65F124319 for <suit@ietfa.amsl.com>; Wed, 15 Nov 2017 16:34:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.021
X-Spam-Level: 
X-Spam-Status: No, score=-2.021 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9dmXxwUshCgL for <suit@ietfa.amsl.com>; Wed, 15 Nov 2017 16:34:28 -0800 (PST)
Received: from NAM02-BL2-obe.outbound.protection.outlook.com (mail-bl2nam02on0090.outbound.protection.outlook.com [104.47.38.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B5B8D120227 for <suit@ietf.org>; Wed, 15 Nov 2017 16:34:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=+sfl+jjSfPXiRf0Ur9M6XZa8r5jc4ZmA6gvG9+xyuUc=; b=UdjNT2UGdk+Pa1GPnD/26wLw+tj2f52P6wT7W1WG90S/nh2YqF0BLGjUMIt00xb9MyWQ9XJ5b4pu0DxEFcHzDk2RLfP2k2s99aTI67SgJXEaS8PxDz18LLi1lPLg0fnt67witBwdCT3M4kwpwxJ3cvKpd8gU6x0QrSzvtxT3YU0=
Received: from DM5PR21MB0859.namprd21.prod.outlook.com (10.173.172.145) by DM5PR21MB0634.namprd21.prod.outlook.com (10.175.111.141) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.260.0; Thu, 16 Nov 2017 00:34:25 +0000
Received: from DM5PR21MB0859.namprd21.prod.outlook.com ([10.173.172.145]) by DM5PR21MB0859.namprd21.prod.outlook.com ([10.173.172.145]) with mapi id 15.20.0260.001; Thu, 16 Nov 2017 00:34:25 +0000
From: Dave Thaler <dthaler@microsoft.com>
To: "David A. Wheeler" <dwheeler@dwheeler.com>, suit <suit@ietf.org>
Thread-Topic: [Suit] Make it clear that end-users MUST be able to NOT update
Thread-Index: AQHTXjV0q3hV1RNciUmdjLOLGoz/tqMWKGQw
Date: Thu, 16 Nov 2017 00:34:25 +0000
Message-ID: <DM5PR21MB0859354B70F4D49C6969FF2EA32E0@DM5PR21MB0859.namprd21.prod.outlook.com>
References: <E1eF1IJ-0004Rb-Ic@rmmprod07.runbox>
In-Reply-To: <E1eF1IJ-0004Rb-Ic@rmmprod07.runbox>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [2001:67c:1232:144:5457:e30a:d2e:a035]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM5PR21MB0634; 6:AMZn2aNi8FnKtJvVd68tYzT3nzK3fsjevcEBVE6u1A0Xa+Ijy6wqK1J5OGvWI/7Ae93hiMuVvantHaheCc0mbqIHdbuCHeCyAyt5o/uahJqmj39adYsNvnBrBU2QLbGSdNkxFh9W2XRswioD29mb5Ynmpr4xRkGIaL+tR/j+NKHN5fKls4rbJjcfPwDQyV8S398TTSpRc7UUhqrhC3BFpDYcRrQlqzUzEhKqA4iyY7DwYMPyFiTwJXo0Hn9rWXhJC4Bd07JopvP08WOUf01NqdE+IqL/fceAE7RLAJmAjk0Bkvizo6GyhI7x4zRWOx45KGZ5iMHkmQ4Jq//4nZBRvw51asjtN/N1CFONm6xhO3U=; 5:6QUUrRtrtgQUGYDpp4MHKoW1D2HgnrN+ICXxjqlfvVipQxO88AtSKuO0lBzOj75BDl8HMPcz9OPiL4IyTHwNThO4d5H84FfBUZFtkXvh3bCXEoUee+r6uqIDU3rdBGXP44kVgxXVABnNntfPGRlh5hWSNmKaX+4whvAiOe43/Ng=; 24:Bv0DnLNBDgFrvb/OQnA0MK5leq/Ia9T+LSxHg4fUU+tETIW4D+N82j+jseSWvKHmg/kHLU8qHrvrgWldHiVDrErJE8l8uAeR3I4u2zcReU0=; 7:mqOGxdWny7VGLjAjimIuGIKBzWI7aK25DbLQCe6BnF45z0WQz2+g/ZTG4jLeZN9FeiQFdTb0VbuMhq4q0EygmM+A6KQdU7kZLTK+fDyayLKm9HXPy8seQMOJTk91R+5cLHiczODvIUwP3hI08/MdBiQGfDoBdWsNkqW6mAIwFmeWabGXmV5/vZ4Wzs6UdHpSeTM23UOUg2JBU8uV0+BDpynh6/6fwb2eKk7omtoKcYGpgVvLRcIuRQ1g3QhInAn9
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 7385154a-b6dd-4eb5-4fc1-08d52c89ca47
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603258); SRVR:DM5PR21MB0634; 
x-ms-traffictypediagnostic: DM5PR21MB0634:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=dthaler@microsoft.com; 
x-microsoft-antispam-prvs: <DM5PR21MB063481CEDB5850585C4A972BA32E0@DM5PR21MB0634.namprd21.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(189930954265078)(219752817060721);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(61425038)(6040450)(2401047)(8121501046)(5005006)(3231022)(10201501046)(100000703101)(100105400095)(3002001)(93006095)(93001095)(6055026)(61426038)(61427038)(6041248)(20161123562025)(20161123564025)(20161123555025)(20161123560025)(20161123558100)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:DM5PR21MB0634; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:DM5PR21MB0634; 
x-forefront-prvs: 0493852DA9
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(346002)(39860400002)(376002)(47760400005)(199003)(13464003)(189002)(6306002)(305945005)(189998001)(2900100001)(6506006)(6436002)(53546010)(7736002)(2950100002)(10290500003)(77096006)(55016002)(76176999)(99286004)(54356999)(25786009)(53936002)(6246003)(10090500001)(50986999)(101416001)(478600001)(74316002)(105586002)(9686003)(8990500004)(106356001)(15650500001)(68736007)(7696004)(22452003)(110136005)(316002)(966005)(8936002)(86362001)(2906002)(229853002)(3660700001)(81156014)(102836003)(5660300001)(81166006)(33656002)(6116002)(97736004)(8676002)(14454004)(3280700002)(86612001); DIR:OUT; SFP:1102; SCL:1; SRVR:DM5PR21MB0634; H:DM5PR21MB0859.namprd21.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords;  A:1; MX:1; LANG:en; 
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 7385154a-b6dd-4eb5-4fc1-08d52c89ca47
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Nov 2017 00:34:25.7043 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR21MB0634
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/dDM066N-Fny2x14tHc0dLdUWK-M>
Subject: Re: [Suit] Make it clear that end-users MUST be able to NOT update
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Nov 2017 00:34:30 -0000

Requiring counter-signing is one example of a solution that has been discus=
sed which meets that requirement.
In any case, I agree with the requirement, and it should be is a policy dec=
ision.

Dave

-----Original Message-----
From: Suit [mailto:suit-bounces@ietf.org] On Behalf Of David A. Wheeler
Sent: Thursday, November 16, 2017 1:16 AM
To: suit <suit@ietf.org>
Subject: [Suit] Make it clear that end-users MUST be able to NOT update

I think a vitally-important requirement is that end-users MUST be able to N=
OT update software.

In many cases, it's valuable to automatically update software, and internet=
-connected devices make that relatively easy.

But there are many situations where updates must NOT occur.
There's a disturbing trend where people who own the devices are increasingl=
y not allowed to control them.  In the end, the end-user/owner should be ab=
le to decide if updates are acceptable, and when.

Thanks.

--- David A. Wheeler

_______________________________________________
Suit mailing list
Suit@ietf.org
https://na01.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fwww.ietf=
.org%2Fmailman%2Flistinfo%2Fsuit&data=3D02%7C01%7Cdthaler%40microsoft.com%7=
C7153ee99229344e61f7308d52c4c962a%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C=
0%7C636463629807425511&sdata=3DOdzMgch34ZkkEpzVuXTdNGuDuUCcTXgylLoPo9MX7N4%=
3D&reserved=3D0


From nobody Wed Nov 15 18:06:20 2017
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ED83D126CC4 for <suit@ietfa.amsl.com>; Wed, 15 Nov 2017 18:06:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Level: 
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hSXjoQFOSEJ5 for <suit@ietfa.amsl.com>; Wed, 15 Nov 2017 18:05:56 -0800 (PST)
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-ve1eur01on0055.outbound.protection.outlook.com [104.47.1.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 385E812940D for <suit@ietf.org>; Wed, 15 Nov 2017 18:05:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=ssoNk3zRDsIUQvzZvPam1SHLp7ES8COzNaWcc/NOi70=; b=FtdhH76l8lPeoobN7nmo4TrtmrInPxjmHsp5OBKYeBdGmsj6OggMwHi/aD7saJ9sryQreB7/CT7MElnvcA7miV1Lyjk/PAYGzBiH68x/5ur22qTqj358zVCqLwx1oJ/lWb183lqeaRip20qScjqW0RKMd3ZIlU+dfH9pEKfm/Sk=
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com (10.167.90.148) by AM4PR0801MB2707.eurprd08.prod.outlook.com (10.167.90.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.218.12; Thu, 16 Nov 2017 02:05:53 +0000
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::403b:850e:c32c:fad6]) by AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::403b:850e:c32c:fad6%13]) with mapi id 15.20.0218.015; Thu, 16 Nov 2017 02:05:53 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: "David A. Wheeler" <dwheeler@dwheeler.com>, suit <suit@ietf.org>
Thread-Topic: [Suit] Make it clear that end-users MUST be able to NOT update
Thread-Index: AQHTXjV1+Y4d/iv+5kSBTdFGJofMoaMWQdww
Date: Thu, 16 Nov 2017 02:05:53 +0000
Message-ID: <AM4PR0801MB2706753509EC589A3F8B4B88FA2E0@AM4PR0801MB2706.eurprd08.prod.outlook.com>
References: <E1eF1IJ-0004Rb-Ic@rmmprod07.runbox>
In-Reply-To: <E1eF1IJ-0004Rb-Ic@rmmprod07.runbox>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [2001:67c:370:128:856d:ae2e:64bf:9204]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM4PR0801MB2707; 6:coGxoSQJ8+bI4s2tr75kLxyN/DgtZPR7fqn6cEPd1E37fFnV2CBxux0nM6n2cBlRGroc/aPGnp1/OTJrwdWf7zDXGSLySdML2Hu4LBxHZ+jdSoTrs10Nhm6nCoGKx5J7mSJoYFR5Hb3eAkdo8bNeIPc/wWMP1ZRF+nISaliyBLBbAmb/AsaWHjL7NyNfWMDHw8X0zYLuV6nmAvjHIzBNZUtyQxjw8m/9XVq+2p9iyiYT5JkyP+bV6CO6wm1QtN7aysug/ANFHinvPQd6s/8TYx2lTnTv2LKnpHufmdOD6fe8687TCpIG6wCMZtwNN8YBTxnQhDjPavXXdUBsG0Lr6uVfJnC2nEkpj/zxBAr9eZU=; 5:K2fFTTU1nIgnufU8VU7NVBfQFhKfPTQ2ZKlecOT3Sbu31+ozYpvo1aux1omCUv9hT5XK4GoPo4jcvBvrMD81Pgi8AuCPgE7piuXhZTxAbGgoueF0ij3nCMgS9geE4sTEcQfkRNGmDLnBLQz2/cjuVGnRzQX8azmEyKLZ+SWVxWw=; 24:LaczBCP0NnQBoWyUqP70XM4LnGIUK/F3KUwlt9k+ud/VxoS1fpn9047y/ffZd7kL6K2kVXT4mHZdKPkkC2VyXARaY0+Digr8qWUG+EsEGXU=; 7:RJrmr09smhCptLgUoMWJW7xeFGVNn8bIFAZXwOfNCMTnXe5zhrig7iGYey91AUoX2NgK0920/jXKFM3bbPTo82k0+JTU/BLc0MdX9GB4Wnoj0khHa14jIXR4VxTpiQ+HKgmdVwZGfqWMZNh8wRh2kCousbNt0IwJQiwOi86DeEdtuSAQ85ZVWx6ouEx/1pW8bbI8mGIsK4riM47y4kkcoIg6WeyiRaXq0Cmt65qvgY6wvZ8xRR8Rj4n53t1Zhepu
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 80eb9286-292f-49ca-bb6e-08d52c969127
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603258); SRVR:AM4PR0801MB2707; 
x-ms-traffictypediagnostic: AM4PR0801MB2707:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com; 
x-microsoft-antispam-prvs: <AM4PR0801MB27071ECE093BAE00F45BF4B3FA2E0@AM4PR0801MB2707.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(10201501046)(3231022)(3002001)(93006095)(93001095)(100000703101)(100105400095)(6055026)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123562025)(20161123558100)(20161123555025)(20161123564025)(20161123560025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:AM4PR0801MB2707; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:AM4PR0801MB2707; 
x-forefront-prvs: 0493852DA9
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(346002)(376002)(39860400002)(189002)(13464003)(199003)(40434004)(2900100001)(5660300001)(97736004)(316002)(101416001)(68736007)(110136005)(2906002)(74316002)(3660700001)(5250100002)(25786009)(86362001)(99286004)(5890100001)(189998001)(3280700002)(2950100002)(54356999)(8936002)(6436002)(305945005)(229853002)(81156014)(8676002)(15650500001)(7736002)(7696004)(50986999)(6246003)(76176999)(81166006)(6306002)(55016002)(53546010)(102836003)(106356001)(6116002)(478600001)(14454004)(9686003)(53936002)(72206003)(33656002)(105586002)(6506006)(966005); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR0801MB2707; H:AM4PR0801MB2706.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 80eb9286-292f-49ca-bb6e-08d52c969127
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Nov 2017 02:05:53.3716 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0801MB2707
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/3_m8ZQpL0B_j8MeIj0BSAFWjvDc>
Subject: Re: [Suit] Make it clear that end-users MUST be able to NOT update
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Nov 2017 02:06:08 -0000

That's a fair requirement, David.

I do believe, however, that this is something that has no impact on a manif=
est format. Particularly in the IoT context it often happens that the end u=
ser is not sitting in the front of the device nor may the device even have =
a UI. So, the consent needs to happen to "outside" .

What is your view on how the consent could influence the manifest?

Ciao
Hannes

-----Original Message-----
From: Suit [mailto:suit-bounces@ietf.org] On Behalf Of David A. Wheeler
Sent: 16 November 2017 01:16
To: suit
Subject: [Suit] Make it clear that end-users MUST be able to NOT update

I think a vitally-important requirement is that end-users MUST be able to N=
OT update software.

In many cases, it's valuable to automatically update software, and internet=
-connected devices make that relatively easy.

But there are many situations where updates must NOT occur.
There's a disturbing trend where people who own the devices are increasingl=
y not allowed to control them.  In the end, the end-user/owner should be ab=
le to decide if updates are acceptable, and when.

Thanks.

--- David A. Wheeler

_______________________________________________
Suit mailing list
Suit@ietf.org
https://www.ietf.org/mailman/listinfo/suit
IMPORTANT NOTICE: The contents of this email and any attachments are confid=
ential and may also be privileged. If you are not the intended recipient, p=
lease notify the sender immediately and do not disclose the contents to any=
 other person, use it for any purpose, or store or copy the information in =
any medium. Thank you.


From nobody Wed Nov 15 18:21:45 2017
Return-Path: <dthaler@microsoft.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E7F06126C26 for <suit@ietfa.amsl.com>; Wed, 15 Nov 2017 18:21:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.021
X-Spam-Level: 
X-Spam-Status: No, score=-2.021 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3ozscj76EN6H for <suit@ietfa.amsl.com>; Wed, 15 Nov 2017 18:21:41 -0800 (PST)
Received: from NAM01-BN3-obe.outbound.protection.outlook.com (mail-bn3nam01on0125.outbound.protection.outlook.com [104.47.33.125]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 24BCD120227 for <suit@ietf.org>; Wed, 15 Nov 2017 18:21:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=SaNrtvLtzG3lsCGXuveY6joad6L+UrgVjMOrjJwxATw=; b=kw6bQm/09Cf5dvi4V/r6cWAjqzjedJ2x4LSLTp+xKvkYi1AaV/FanYn/6jf5/lSNuRocpJHSBHOrKgvRwosE+F7Wb789vWaKFqhyimR4DlJzfoXB4ADBYIeYYhX/g2Sist03kU/7Co2Z7Ymmb4W+H/87AZ58D1iFSA1Fc8m7hD8=
Received: from DM5PR21MB0859.namprd21.prod.outlook.com (10.173.172.145) by DM5PR21MB0843.namprd21.prod.outlook.com (10.173.172.141) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.260.0; Thu, 16 Nov 2017 02:21:37 +0000
Received: from DM5PR21MB0859.namprd21.prod.outlook.com ([10.173.172.145]) by DM5PR21MB0859.namprd21.prod.outlook.com ([10.173.172.145]) with mapi id 15.20.0260.001; Thu, 16 Nov 2017 02:21:37 +0000
From: Dave Thaler <dthaler@microsoft.com>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, "David A. Wheeler" <dwheeler@dwheeler.com>, suit <suit@ietf.org>
Thread-Topic: [Suit] Make it clear that end-users MUST be able to NOT update
Thread-Index: AQHTXjV0q3hV1RNciUmdjLOLGoz/tqMWQnGAgAAEIpA=
Date: Thu, 16 Nov 2017 02:21:36 +0000
Message-ID: <DM5PR21MB085902F3A3D6051C4600A3C3A32E0@DM5PR21MB0859.namprd21.prod.outlook.com>
References: <E1eF1IJ-0004Rb-Ic@rmmprod07.runbox> <AM4PR0801MB2706753509EC589A3F8B4B88FA2E0@AM4PR0801MB2706.eurprd08.prod.outlook.com>
In-Reply-To: <AM4PR0801MB2706753509EC589A3F8B4B88FA2E0@AM4PR0801MB2706.eurprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [2001:67c:370:128:254d:5118:ae31:b3b4]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM5PR21MB0843; 6:Tv+Xz5iQCxthxXAeVNtLmokCKsisdHe3NfzsryewvbYKiOcpOD0DETp/DW45AgY73qwRqALuLuuyuPEtrEoHTAIzR6S2rXkmS6P05KkybE9QZctHmjrnNa0K9+KRBjQ/DqsMLAGICVuDSIkABFL0XpQG7PMRo9x2K2iuX6WQvrznd9cyfo/ET9oI1gCQZi/sWIZgAYQxyTKZ0DJ69xRJwCSEM846nHZRm2Tya5NZgPgL03oi5lPIHD6BOc97OwwoVVpbEaT8y6ZK27Mln1/ulgXD/Sn+pvkYOAKljsYay6iECKPCPWwvJEOr3iYlq4LVghtCY+aMMQ5lXJgZ2tb1GvaPTFKFw7jcvCN7luVrP4o=; 5:gh3j+C7LUZQvB8zSS2h+JqOPlutGesAisR+YhqT1iyVdZGyk59+L69t+hB9sHU0NXLTQa14TP4fSdh/9Hk0AHH3A+LGBY1ysdFoqzizzCzaj5RLkf8bEqEhOZe6Qh7FpPKDw98jTB1D742VllBMrGxfYgwhmMgSDTz3DIkLpml0=; 24:I0XyRgvRLecB69FTiPfd6G/V+ztnkFRv5pgyJyzfetyGSp0p0hqpHE86Hj/h0EVAYI9Uu5LIKkbEsJXCLIfNq4BswOepNxMsQ+gLCfELTos=; 7:At/AAvc3oWaKZg7I1v210uj8WRW9phrDp0UFfY5nb3JF8ECq0Jqiw2y0GoiKiXu7ytj10tiXAAZARHJbrf0HJUdmQtYxMQhEwu0bSLleVUwHL4TrQYq0fXb8NXwjw4XmNZ7IxPoLThY8nSARx5wPCPjyf5aEwBq4we2v7H2iQL0eAPeCPZLWFZK5NcGpDoWzVJLou6eYMbi2WNlefTOgUzJtnHbD8vynZWac9BfWnnwrSpQESWyzaPfEWFP1XlbJ
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: c8a7bedc-0efe-45c8-6e5f-08d52c98c397
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603258); SRVR:DM5PR21MB0843; 
x-ms-traffictypediagnostic: DM5PR21MB0843:
x-ld-processed: 72f988bf-86f1-41af-91ab-2d7cd011db47,ExtAddr
x-microsoft-antispam-prvs: <DM5PR21MB084316104F43BE35E1DAC0A0A32E0@DM5PR21MB0843.namprd21.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(189930954265078)(219752817060721);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(61425038)(6040450)(2401047)(5005006)(8121501046)(10201501046)(93006095)(93001095)(3002001)(3231022)(100000703101)(100105400095)(6055026)(61426038)(61427038)(6041248)(20161123560025)(20161123558100)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123562025)(20161123564025)(20161123555025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:DM5PR21MB0843; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:DM5PR21MB0843; 
x-forefront-prvs: 0493852DA9
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(376002)(39860400002)(346002)(47760400005)(199003)(40434004)(189002)(13464003)(81156014)(53936002)(305945005)(189998001)(966005)(81166006)(8676002)(8936002)(2900100001)(3280700002)(86362001)(3660700001)(68736007)(105586002)(9686003)(6306002)(7736002)(53546010)(478600001)(10090500001)(6246003)(25786009)(7696004)(74316002)(106356001)(5660300001)(22452003)(50986999)(8990500004)(76176999)(10290500003)(54356999)(77096006)(316002)(15650500001)(6436002)(110136005)(6506006)(55016002)(86612001)(2906002)(14454004)(33656002)(2950100002)(97736004)(101416001)(99286004)(5890100001)(6116002)(102836003)(229853002); DIR:OUT; SFP:1102; SCL:1; SRVR:DM5PR21MB0843; H:DM5PR21MB0859.namprd21.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords;  A:1; MX:1; LANG:en; 
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=dthaler@microsoft.com; 
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: c8a7bedc-0efe-45c8-6e5f-08d52c98c397
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Nov 2017 02:21:36.9519 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR21MB0843
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/CLQNxPF4ENw1b69nSwpGC13q1VM>
Subject: Re: [Suit] Make it clear that end-users MUST be able to NOT update
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Nov 2017 02:21:44 -0000

My opinion: the only requirement I can think of is that the manifest format=
 has to support multiple signatures (countersigning)
so that one could have a policy based on them.

-----Original Message-----
From: Suit [mailto:suit-bounces@ietf.org] On Behalf Of Hannes Tschofenig
Sent: Thursday, November 16, 2017 10:06 AM
To: David A. Wheeler <dwheeler@dwheeler.com>; suit <suit@ietf.org>
Subject: Re: [Suit] Make it clear that end-users MUST be able to NOT update

That's a fair requirement, David.

I do believe, however, that this is something that has no impact on a manif=
est format. Particularly in the IoT context it often happens that the end u=
ser is not sitting in the front of the device nor may the device even have =
a UI. So, the consent needs to happen to "outside" .

What is your view on how the consent could influence the manifest?

Ciao
Hannes

-----Original Message-----
From: Suit [mailto:suit-bounces@ietf.org] On Behalf Of David A. Wheeler
Sent: 16 November 2017 01:16
To: suit
Subject: [Suit] Make it clear that end-users MUST be able to NOT update

I think a vitally-important requirement is that end-users MUST be able to N=
OT update software.

In many cases, it's valuable to automatically update software, and internet=
-connected devices make that relatively easy.

But there are many situations where updates must NOT occur.
There's a disturbing trend where people who own the devices are increasingl=
y not allowed to control them.  In the end, the end-user/owner should be ab=
le to decide if updates are acceptable, and when.

Thanks.

--- David A. Wheeler

_______________________________________________
Suit mailing list
Suit@ietf.org
https://na01.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fwww.ietf=
.org%2Fmailman%2Flistinfo%2Fsuit&data=3D02%7C01%7Cdthaler%40microsoft.com%7=
C7215b35bed3043c20b6508d52c96a230%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C=
0%7C636463947840714659&sdata=3DXjz9tS4yuuiB%2Bp39yKYM%2B%2B00y4oKNqyBB8ddeS=
p%2Fr3U%3D&reserved=3D0
IMPORTANT NOTICE: The contents of this email and any attachments are confid=
ential and may also be privileged. If you are not the intended recipient, p=
lease notify the sender immediately and do not disclose the contents to any=
 other person, use it for any purpose, or store or copy the information in =
any medium. Thank you.

_______________________________________________
Suit mailing list
Suit@ietf.org
https://na01.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fwww.ietf=
.org%2Fmailman%2Flistinfo%2Fsuit&data=3D02%7C01%7Cdthaler%40microsoft.com%7=
C7215b35bed3043c20b6508d52c96a230%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C=
0%7C636463947840714659&sdata=3DXjz9tS4yuuiB%2Bp39yKYM%2B%2B00y4oKNqyBB8ddeS=
p%2Fr3U%3D&reserved=3D0


From nobody Wed Nov 15 19:09:01 2017
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C8FEF12940E for <suit@ietfa.amsl.com>; Wed, 15 Nov 2017 19:09:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Level: 
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RQArzKB7Samn for <suit@ietfa.amsl.com>; Wed, 15 Nov 2017 19:08:58 -0800 (PST)
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-ve1eur01on0042.outbound.protection.outlook.com [104.47.1.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F17D6124BE8 for <suit@ietf.org>; Wed, 15 Nov 2017 19:08:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=CfCPdHtiE2OuJnrjTlMTRSsH4WPqLRoDidR++Z0e2ro=; b=PKNU+7XeUQuISfgpstKAkwWjYKd38xW0d/h+M8dARMFIAQCrSp7DiaoiGGtZ2lXlhLXLnULNapbcTMrs+sR0y5NG9tTRem99XdHpr0/7gBZWPixKriREfZ+SW6wJpYT4bjAG+7qV2BybcAyMejJBaxj5f1GtOUpATAsnoTY9mdM=
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com (10.167.90.148) by AM4PR0801MB2705.eurprd08.prod.outlook.com (10.167.90.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.218.12; Thu, 16 Nov 2017 03:08:55 +0000
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::403b:850e:c32c:fad6]) by AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::403b:850e:c32c:fad6%13]) with mapi id 15.20.0218.015; Thu, 16 Nov 2017 03:08:55 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Dave Thaler <dthaler@microsoft.com>, "David A. Wheeler" <dwheeler@dwheeler.com>, suit <suit@ietf.org>
Thread-Topic: [Suit] Make it clear that end-users MUST be able to NOT update
Thread-Index: AQHTXjV1+Y4d/iv+5kSBTdFGJofMoaMWQdwwgAAE+gCAAAxq8A==
Date: Thu, 16 Nov 2017 03:08:55 +0000
Message-ID: <AM4PR0801MB27068C5493CE265F32289D3FFA2E0@AM4PR0801MB2706.eurprd08.prod.outlook.com>
References: <E1eF1IJ-0004Rb-Ic@rmmprod07.runbox> <AM4PR0801MB2706753509EC589A3F8B4B88FA2E0@AM4PR0801MB2706.eurprd08.prod.outlook.com> <DM5PR21MB085902F3A3D6051C4600A3C3A32E0@DM5PR21MB0859.namprd21.prod.outlook.com>
In-Reply-To: <DM5PR21MB085902F3A3D6051C4600A3C3A32E0@DM5PR21MB0859.namprd21.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com; 
x-originating-ip: [31.133.136.210]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM4PR0801MB2705; 6:V8NjXNX6I7yuOntxC3ljF3r6EaoT1fLQSRhXL+pIFAKcr4YQU5Qb8Bv4/pykkwcEN/FRtgZoTE4oaHHk/lrbGqBaH1WUAZMzCMap6dkEwZqau6CAoqJmO+oM3dLLvIIdHLT2hZlBbbkNzqsEJmzH6wSOM/dJk+Q6IzUFbWoJQtkhHDXA2xIVdSEWj1rhUmrhu4UrX7OxQNEDaMP+lhgIX/38BRgMLH/gnd9WXYMbVP8EHN0DbhFzBc4tQc8GfVdQx/pPcukq2L+TE4iSLdGC4HRFKTgZSnTPKmYh879snP/D/YDM430cgV2iGXWtGqx7h+cp762zfIO6DcOvwI42yN6wFh3gwKB9Dr8Uhcy8ngA=; 5:+x8yAlDpw68mS7nirc0NDps02IgwFW+VE98vo2rYzxk+lIGd4PkPSKVtICtoNk6SReaz7/77b2zFtneVp+YbREYcvW1TkFaxXlma7V/lxSYqQXk292QS3xPU3FMQG2abf23DqNKFOsrB7M7wF8LaREGr7jmANaeDJWYNsV4AcdA=; 24:KG0eUdcryJog0tokh9SjjkDW227F/gH5rgjeqI018hVtUKu80uIMHwCCmc9lfYIMKSGyWu2HIwaiPacOF14QOZldxYWONx7lTMkZ1BCJQt0=; 7:GQACLN4OeBz0TAVdnfZEZZTA+/qQLjs7MIgIA7kbLg3Qh6EX86P3FHm93HW6lZiP2rOUbqzQ7caqqkgExuLHGcppe+HLyD6GkKD/ZVFqCMPpWl6UWkmIVuxabPlUtE1XWQOcoi27C1DKKLdDzBZQoMpJVg/aNNxoMSiU7n7FtzUq07L9CQN78ZYYgJ3BujDGvv6KyMO1TFt7e2vwpHYJ4LL8xdo2T4ipfAWEke9Lxkgv17/amy0DrkwWqkcS9w6x
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 4f02a484-6212-4b1d-e6ce-08d52c9f5f31
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(2017052603199); SRVR:AM4PR0801MB2705; 
x-ms-traffictypediagnostic: AM4PR0801MB2705:
x-microsoft-antispam-prvs: <AM4PR0801MB2705E4949407BA54EFA19F2AFA2E0@AM4PR0801MB2705.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(189930954265078)(219752817060721);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(100000703101)(100105400095)(93006095)(93001095)(3002001)(3231022)(10201501046)(6055026)(6041248)(20161123564025)(20161123560025)(20161123555025)(20161123558100)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:AM4PR0801MB2705; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:AM4PR0801MB2705; 
x-forefront-prvs: 0493852DA9
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(346002)(39860400002)(376002)(189002)(40434004)(199003)(13464003)(99286004)(33656002)(66066001)(14454004)(54356999)(966005)(3280700002)(101416001)(76176999)(72206003)(1511001)(15650500001)(53936002)(6306002)(9686003)(2950100002)(7696004)(106356001)(2900100001)(3660700001)(68736007)(50986999)(55016002)(189998001)(6246003)(5660300001)(105586002)(110136005)(74316002)(45080400002)(316002)(53546010)(97736004)(8666007)(86362001)(3846002)(229853002)(2906002)(5250100002)(2561002)(2421001)(8676002)(8936002)(25786009)(81166006)(6506006)(102836003)(6116002)(305945005)(5890100001)(478600001)(6436002)(7736002)(81156014); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR0801MB2705; H:AM4PR0801MB2706.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 4f02a484-6212-4b1d-e6ce-08d52c9f5f31
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Nov 2017 03:08:55.0540 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0801MB2705
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/MNg_R4StGoJgmqtqZVRUw6RLPVI>
Subject: Re: [Suit] Make it clear that end-users MUST be able to NOT update
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Nov 2017 03:09:01 -0000

That's perfectly fine for me, Dave. We need this also for other purposes.

However, I don't think it is realistic for end users to assume that they ha=
ve a firmware signing certificate (+ private key) to sign firmware updates =
as a way to demonstrate consent for an update.

-----Original Message-----
From: Dave Thaler [mailto:dthaler@microsoft.com]
Sent: 16 November 2017 10:22
To: Hannes Tschofenig; David A. Wheeler; suit
Subject: RE: [Suit] Make it clear that end-users MUST be able to NOT update

My opinion: the only requirement I can think of is that the manifest format=
 has to support multiple signatures (countersigning) so that one could have=
 a policy based on them.

-----Original Message-----
From: Suit [mailto:suit-bounces@ietf.org] On Behalf Of Hannes Tschofenig
Sent: Thursday, November 16, 2017 10:06 AM
To: David A. Wheeler <dwheeler@dwheeler.com>; suit <suit@ietf.org>
Subject: Re: [Suit] Make it clear that end-users MUST be able to NOT update

That's a fair requirement, David.

I do believe, however, that this is something that has no impact on a manif=
est format. Particularly in the IoT context it often happens that the end u=
ser is not sitting in the front of the device nor may the device even have =
a UI. So, the consent needs to happen to "outside" .

What is your view on how the consent could influence the manifest?

Ciao
Hannes

-----Original Message-----
From: Suit [mailto:suit-bounces@ietf.org] On Behalf Of David A. Wheeler
Sent: 16 November 2017 01:16
To: suit
Subject: [Suit] Make it clear that end-users MUST be able to NOT update

I think a vitally-important requirement is that end-users MUST be able to N=
OT update software.

In many cases, it's valuable to automatically update software, and internet=
-connected devices make that relatively easy.

But there are many situations where updates must NOT occur.
There's a disturbing trend where people who own the devices are increasingl=
y not allowed to control them.  In the end, the end-user/owner should be ab=
le to decide if updates are acceptable, and when.

Thanks.

--- David A. Wheeler

_______________________________________________
Suit mailing list
Suit@ietf.org
https://na01.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fwww.ietf=
.org%2Fmailman%2Flistinfo%2Fsuit&data=3D02%7C01%7Cdthaler%40microsoft.com%7=
C7215b35bed3043c20b6508d52c96a230%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C=
0%7C636463947840714659&sdata=3DXjz9tS4yuuiB%2Bp39yKYM%2B%2B00y4oKNqyBB8ddeS=
p%2Fr3U%3D&reserved=3D0
IMPORTANT NOTICE: The contents of this email and any attachments are confid=
ential and may also be privileged. If you are not the intended recipient, p=
lease notify the sender immediately and do not disclose the contents to any=
 other person, use it for any purpose, or store or copy the information in =
any medium. Thank you.

_______________________________________________
Suit mailing list
Suit@ietf.org
https://na01.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fwww.ietf=
.org%2Fmailman%2Flistinfo%2Fsuit&data=3D02%7C01%7Cdthaler%40microsoft.com%7=
C7215b35bed3043c20b6508d52c96a230%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C=
0%7C636463947840714659&sdata=3DXjz9tS4yuuiB%2Bp39yKYM%2B%2B00y4oKNqyBB8ddeS=
p%2Fr3U%3D&reserved=3D0
IMPORTANT NOTICE: The contents of this email and any attachments are confid=
ential and may also be privileged. If you are not the intended recipient, p=
lease notify the sender immediately and do not disclose the contents to any=
 other person, use it for any purpose, or store or copy the information in =
any medium. Thank you.


From nobody Wed Nov 15 19:27:03 2017
Return-Path: <madwolf@openca.org>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 68A1C1252BA for <suit@ietfa.amsl.com>; Wed, 15 Nov 2017 19:27:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.891
X-Spam-Level: 
X-Spam-Status: No, score=-1.891 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_HK_NAME_DR=0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FBNvtvsgkYKN for <suit@ietfa.amsl.com>; Wed, 15 Nov 2017 19:26:59 -0800 (PST)
Received: from mail.katezarealty.com (mail.katezarealty.com [104.168.158.213]) by ietfa.amsl.com (Postfix) with ESMTP id 18F6A12420B for <suit@ietf.org>; Wed, 15 Nov 2017 19:26:58 -0800 (PST)
Received: from localhost (unknown [127.0.0.1]) by mail.katezarealty.com (Postfix) with ESMTP id C2E983740FDE for <suit@ietf.org>; Thu, 16 Nov 2017 03:26:58 +0000 (UTC)
X-Virus-Scanned: amavisd-new at katezarealty.com
Received: from mail.katezarealty.com ([127.0.0.1]) by localhost (mail.katezarealty.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id Ax6jKWX2MTlj for <suit@ietf.org>; Wed, 15 Nov 2017 22:26:52 -0500 (EST)
Received: from dhcp-8b1d.meeting.ietf.org (dhcp-8b1d.meeting.ietf.org [31.133.139.29]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.katezarealty.com (Postfix) with ESMTPSA id CBD293740C38 for <suit@ietf.org>; Wed, 15 Nov 2017 22:26:51 -0500 (EST)
To: suit@ietf.org
References: <E1eF1IJ-0004Rb-Ic@rmmprod07.runbox> <AM4PR0801MB2706753509EC589A3F8B4B88FA2E0@AM4PR0801MB2706.eurprd08.prod.outlook.com> <DM5PR21MB085902F3A3D6051C4600A3C3A32E0@DM5PR21MB0859.namprd21.prod.outlook.com> <AM4PR0801MB27068C5493CE265F32289D3FFA2E0@AM4PR0801MB2706.eurprd08.prod.outlook.com>
From: "Dr. Pala" <madwolf@openca.org>
Message-ID: <d366fd49-e7a5-a198-febf-1efada27bada@openca.org>
Date: Thu, 16 Nov 2017 11:26:49 +0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <AM4PR0801MB27068C5493CE265F32289D3FFA2E0@AM4PR0801MB2706.eurprd08.prod.outlook.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/9IcSyZcmmDye9Wn18xqd2TKh7q8>
Subject: Re: [Suit] Make it clear that end-users MUST be able to NOT update
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Nov 2017 03:27:01 -0000

Hi Hannes, David,

+1 to multiple signatures.

The use case I have in mind, however, is not for the user to 
counter-sign the firmware but for one or more additional "deployment" 
authority to "bless" the update for deployment in its environment. We 
already have this in the cable industry and I think it would be a good 
feature to have.

Cheers,
Max


On 11/16/17 11:08 AM, Hannes Tschofenig wrote:
> That's perfectly fine for me, Dave. We need this also for other purposes.
>
> However, I don't think it is realistic for end users to assume that they have a firmware signing certificate (+ private key) to sign firmware updates as a way to demonstrate consent for an update.
>
> -----Original Message-----
> From: Dave Thaler [mailto:dthaler@microsoft.com]
> Sent: 16 November 2017 10:22
> To: Hannes Tschofenig; David A. Wheeler; suit
> Subject: RE: [Suit] Make it clear that end-users MUST be able to NOT update
>
> My opinion: the only requirement I can think of is that the manifest format has to support multiple signatures (countersigning) so that one could have a policy based on them.
>
> -----Original Message-----
> From: Suit [mailto:suit-bounces@ietf.org] On Behalf Of Hannes Tschofenig
> Sent: Thursday, November 16, 2017 10:06 AM
> To: David A. Wheeler <dwheeler@dwheeler.com>; suit <suit@ietf.org>
> Subject: Re: [Suit] Make it clear that end-users MUST be able to NOT update
>
> That's a fair requirement, David.
>
> I do believe, however, that this is something that has no impact on a manifest format. Particularly in the IoT context it often happens that the end user is not sitting in the front of the device nor may the device even have a UI. So, the consent needs to happen to "outside" .
>
> What is your view on how the consent could influence the manifest?
>
> Ciao
> Hannes
>
> -----Original Message-----
> From: Suit [mailto:suit-bounces@ietf.org] On Behalf Of David A. Wheeler
> Sent: 16 November 2017 01:16
> To: suit
> Subject: [Suit] Make it clear that end-users MUST be able to NOT update
>
> I think a vitally-important requirement is that end-users MUST be able to NOT update software.
>
> In many cases, it's valuable to automatically update software, and internet-connected devices make that relatively easy.
>
> But there are many situations where updates must NOT occur.
> There's a disturbing trend where people who own the devices are increasingly not allowed to control them.  In the end, the end-user/owner should be able to decide if updates are acceptable, and when.
>
> Thanks.
>
> --- David A. Wheeler
>
> _______________________________________________
> Suit mailing list
> Suit@ietf.org
> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fsuit&data=02%7C01%7Cdthaler%40microsoft.com%7C7215b35bed3043c20b6508d52c96a230%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636463947840714659&sdata=Xjz9tS4yuuiB%2Bp39yKYM%2B%2B00y4oKNqyBB8ddeSp%2Fr3U%3D&reserved=0
> IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
>
> _______________________________________________
> Suit mailing list
> Suit@ietf.org
> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fsuit&data=02%7C01%7Cdthaler%40microsoft.com%7C7215b35bed3043c20b6508d52c96a230%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636463947840714659&sdata=Xjz9tS4yuuiB%2Bp39yKYM%2B%2B00y4oKNqyBB8ddeSp%2Fr3U%3D&reserved=0
> IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
>
> _______________________________________________
> Suit mailing list
> Suit@ietf.org
> https://www.ietf.org/mailman/listinfo/suit


From nobody Wed Nov 15 23:09:52 2017
Return-Path: <rod@proteancode.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5030D12702E for <suit@ietfa.amsl.com>; Wed, 15 Nov 2017 23:09:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level: 
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9,  DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=proteancode.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Dru0uJQFx9Qs for <suit@ietfa.amsl.com>; Wed, 15 Nov 2017 23:09:49 -0800 (PST)
Received: from cloud01.winterhost.co.uk (cloud01.winterhost.co.uk [46.17.91.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BC8CC126557 for <suit@ietf.org>; Wed, 15 Nov 2017 23:09:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=proteancode.com; s=default; h=Content-Type:In-Reply-To:MIME-Version:Date: Message-ID:From:References:To:Subject:Sender:Reply-To:Cc: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=WJuJK+IJ9r65OTYVIWK8ZlkFubVdBSUkRH0w0L9cQig=; b=sQxGPc5t8pKBf4zVZ/3GgBxdf JmY4LU4E0fmoaCM/KxElwwypvtT0TVoLFsCgZhYGU7kXmL+IbBI1sEPu29ZCIEgtlTslBLEsp8JOU mjwfJrP61OSCKaAdCzQQURV5UazuHogi//Cxm2TjkE046DfnqNs6vEsriDPEqaktTWiLo=;
Received: from host86-166-151-87.range86-166.btcentralplus.com ([86.166.151.87]:62085 helo=[192.168.1.69]) by cloud01.winterhost.co.uk with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.89) (envelope-from <rod@proteancode.com>) id 1eFEJ0-0004eC-Qk for suit@ietf.org; Thu, 16 Nov 2017 07:09:46 +0000
To: suit@ietf.org
References: <E1eF1IJ-0004Rb-Ic@rmmprod07.runbox> <7de914f2-b82a-9ca3-5f3f-f158a10e4dc9@openca.org> <F78B7C9A-A257-41B5-85B2-8C54DA64C9F5@riot-os.org>
From: Roderick Chapman <rod@proteancode.com>
Message-ID: <3ef2053d-73de-176a-f0c9-b4a0f9361987@proteancode.com>
Date: Thu, 16 Nov 2017 07:09:45 +0000
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <F78B7C9A-A257-41B5-85B2-8C54DA64C9F5@riot-os.org>
Content-Type: multipart/alternative; boundary="------------929E668B2A4EC27BC0D6BAF8"
Content-Language: en-US
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - cloud01.winterhost.co.uk
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - proteancode.com
X-Get-Message-Sender-Via: cloud01.winterhost.co.uk: authenticated_id: rod@proteancode.com
X-Authenticated-Sender: cloud01.winterhost.co.uk: rod@proteancode.com
X-Source: 
X-Source-Args: 
X-Source-Dir: 
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/jM1yTRAjAKU5YbYc_sqGPqKadDQ>
Subject: Re: [Suit] Make it clear that end-users MUST be able to NOT update
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Nov 2017 07:09:51 -0000

This is a multi-part message in MIME format.
--------------929E668B2A4EC27BC0D6BAF8
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit

On 15/11/2017 22:11, Thomas Eichinger wrote:
> An earlier comment of mine was that updates should clearly be marked 
> as security or feature updates 

This doesn't really sound plausible to me.  If only it were that simple.

In deploying a new "feature", a developer might introduce a bunch of new,

previously unknown security-related defects, making the system

worse, not better.


If a developer tells me "this update fixes bugs but doesn't add any new 
bugs"

why on earth should I believe them?

  - Rod



--------------929E668B2A4EC27BC0D6BAF8
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 8bit

<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <div class="moz-cite-prefix">On 15/11/2017 22:11, Thomas Eichinger
      wrote:<br>
    </div>
    <blockquote type="cite"
      cite="mid:F78B7C9A-A257-41B5-85B2-8C54DA64C9F5@riot-os.org">An
      earlier comment of mine was that updates should clearly be marked
      as security or feature updates </blockquote>
    <p><font size="+1">This doesn't really sound plausible to me.  If
        only it were that simple.</font></p>
    <p><font size="+1">In deploying a new "feature", a developer might
        introduce a bunch of new,</font></p>
    <p><font size="+1">previously unknown security-related defects,
        making the system</font></p>
    <p><font size="+1">worse, not better.</font></p>
    <p><font size="+1"><br>
      </font></p>
    <p><font size="+1">If a developer tells me "this update fixes bugs
        but doesn't add any new bugs"</font></p>
    <p><font size="+1">why on earth should I believe them?</font></p>
    <p><font size="+1"> - Rod</font></p>
    <p><font size="+1"><br>
      </font></p>
  </body>
</html>

--------------929E668B2A4EC27BC0D6BAF8--


From nobody Thu Nov 16 06:41:46 2017
Return-Path: <justincappos@gmail.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 675C41294CC for <suit@ietfa.amsl.com>; Thu, 16 Nov 2017 06:41:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.139
X-Spam-Level: 
X-Spam-Status: No, score=-2.139 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.199, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, HTML_OBFUSCATE_05_10=0.26, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dze_Tgy8rljd for <suit@ietfa.amsl.com>; Thu, 16 Nov 2017 06:41:42 -0800 (PST)
Received: from mail-lf0-x235.google.com (mail-lf0-x235.google.com [IPv6:2a00:1450:4010:c07::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 77EB412711B for <suit@ietf.org>; Thu, 16 Nov 2017 06:41:41 -0800 (PST)
Received: by mail-lf0-x235.google.com with SMTP id k66so18393756lfg.3 for <suit@ietf.org>; Thu, 16 Nov 2017 06:41:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;  h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=iCUNgN020B7fxZEyPOETLmi8BXirqExjlowLWhx7UyY=; b=ZbZqvabSyeMwkh/phsF1vOpOg2r7ia9+8sx+l9iwsyqXw9ZCtDR+SCDHL5r0/NzIKS q5aT6uV0kC+WsPoQjC94EXim67PWgBtTtvY+vn6THW66nUYjrnrxKUy6/DGZC5E1sKSX I6t7SBp4S/62+bu7kYaZZi4xyy9LImVHN80EhYsSSf38PkbRatJZZWJdmBwdqJVoL5Fu xuyiPQL3oQl9hZDtu1ytGgswpng8y7zWoaXGCSfD7CgTFS5QZooIkJDtQLsgcyEDrbfy Zcv2ddW3FYZMD3bn+HSpX9+fR9+ab1yJFV+FK+nbiFs2cd8M68O1CTJfGk2kIq/OukYY uHxw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=iCUNgN020B7fxZEyPOETLmi8BXirqExjlowLWhx7UyY=; b=Vry/Sgth2d7kaIgAmwOa+93Ic9/WV5um+3pe+OipWY/fEvitxnb0BqECi/AhIlRC4Z vZOg1HGYaO/RM0cDGslZpT1Axn81MHIOg2qKBehgtmm+EJjTb34j1GUnHJM2Jyn27tp1 iKlgfSyWDQqpEwVtjiHIlpIiLHPjX5tZEBWspYUyZhuNKT0dZVzj/AKzUzBflvPxvQUH W7FbJgvR2FxMIWVXwpUrt5nenaygbIRvm0I1/Hd/M7K5G8yb2a4zpMrFtnaruVLlYzip +EHC5j+PaLU+gAMLRrCSYNpfiOlYSaM6uBvVRyYsO/qGROI00iFI+fJMaYc4bZaHDsYu 7BHg==
X-Gm-Message-State: AJaThX7QVYj5jdXB+RbNFcWpkVX072mr2xotIqUg8HgEh0hxKyCIoGTo I6YVwWjDblYPdF3rAbJTcRZxJAhiNBqg4wSlhZc=
X-Google-Smtp-Source: AGs4zMYLGiaTZCFJg84WcKNTkx5OfWLyuNSX4yfpXHzaLtFwkW/HZXIyZlTrLriHM3t/KuRc0ELqkbFsd9zH/AWtx+A=
X-Received: by 10.25.216.88 with SMTP id p85mr795830lfg.21.1510843299544; Thu, 16 Nov 2017 06:41:39 -0800 (PST)
MIME-Version: 1.0
Sender: justincappos@gmail.com
Received: by 10.46.16.86 with HTTP; Thu, 16 Nov 2017 06:41:18 -0800 (PST)
In-Reply-To: <d366fd49-e7a5-a198-febf-1efada27bada@openca.org>
References: <E1eF1IJ-0004Rb-Ic@rmmprod07.runbox> <AM4PR0801MB2706753509EC589A3F8B4B88FA2E0@AM4PR0801MB2706.eurprd08.prod.outlook.com> <DM5PR21MB085902F3A3D6051C4600A3C3A32E0@DM5PR21MB0859.namprd21.prod.outlook.com> <AM4PR0801MB27068C5493CE265F32289D3FFA2E0@AM4PR0801MB2706.eurprd08.prod.outlook.com> <d366fd49-e7a5-a198-febf-1efada27bada@openca.org>
From: Justin Cappos <jcappos@nyu.edu>
Date: Thu, 16 Nov 2017 09:41:18 -0500
X-Google-Sender-Auth: t-BG36npKbBf9rLckhg8Cem_CN4
Message-ID: <CAMVss_rkq0337vgTRqWsf3HRF7MJA_PVRc+v0BWQunUdLK1SzQ@mail.gmail.com>
To: "Dr. Pala" <madwolf@openca.org>
Cc: suit@ietf.org
Content-Type: multipart/alternative; boundary="001a1140ead02e450b055e1a9e8a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/qhlkffK1Ye634pG0frTwSJD3M6Q>
Subject: Re: [Suit] Make it clear that end-users MUST be able to NOT update
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Nov 2017 14:41:45 -0000

--001a1140ead02e450b055e1a9e8a
Content-Type: text/plain; charset="UTF-8"

Max: If you use delegations, you can have the flexibility to cover this
case, multiple signatures, and many other features.  It seems likely to
cover more cases than trying to pre-define different roles which all
perform the same task.

Thanks,
Justin

On Wed, Nov 15, 2017 at 10:26 PM, Dr. Pala <madwolf@openca.org> wrote:

> Hi Hannes, David,
>
> +1 to multiple signatures.
>
> The use case I have in mind, however, is not for the user to counter-sign
> the firmware but for one or more additional "deployment" authority to
> "bless" the update for deployment in its environment. We already have this
> in the cable industry and I think it would be a good feature to have.
>
> Cheers,
> Max
>
>
>
> On 11/16/17 11:08 AM, Hannes Tschofenig wrote:
>
>> That's perfectly fine for me, Dave. We need this also for other purposes.
>>
>> However, I don't think it is realistic for end users to assume that they
>> have a firmware signing certificate (+ private key) to sign firmware
>> updates as a way to demonstrate consent for an update.
>>
>> -----Original Message-----
>> From: Dave Thaler [mailto:dthaler@microsoft.com]
>> Sent: 16 November 2017 10:22
>> To: Hannes Tschofenig; David A. Wheeler; suit
>> Subject: RE: [Suit] Make it clear that end-users MUST be able to NOT
>> update
>>
>> My opinion: the only requirement I can think of is that the manifest
>> format has to support multiple signatures (countersigning) so that one
>> could have a policy based on them.
>>
>> -----Original Message-----
>> From: Suit [mailto:suit-bounces@ietf.org] On Behalf Of Hannes Tschofenig
>> Sent: Thursday, November 16, 2017 10:06 AM
>> To: David A. Wheeler <dwheeler@dwheeler.com>; suit <suit@ietf.org>
>> Subject: Re: [Suit] Make it clear that end-users MUST be able to NOT
>> update
>>
>> That's a fair requirement, David.
>>
>> I do believe, however, that this is something that has no impact on a
>> manifest format. Particularly in the IoT context it often happens that the
>> end user is not sitting in the front of the device nor may the device even
>> have a UI. So, the consent needs to happen to "outside" .
>>
>> What is your view on how the consent could influence the manifest?
>>
>> Ciao
>> Hannes
>>
>> -----Original Message-----
>> From: Suit [mailto:suit-bounces@ietf.org] On Behalf Of David A. Wheeler
>> Sent: 16 November 2017 01:16
>> To: suit
>> Subject: [Suit] Make it clear that end-users MUST be able to NOT update
>>
>> I think a vitally-important requirement is that end-users MUST be able to
>> NOT update software.
>>
>> In many cases, it's valuable to automatically update software, and
>> internet-connected devices make that relatively easy.
>>
>> But there are many situations where updates must NOT occur.
>> There's a disturbing trend where people who own the devices are
>> increasingly not allowed to control them.  In the end, the end-user/owner
>> should be able to decide if updates are acceptable, and when.
>>
>> Thanks.
>>
>> --- David A. Wheeler
>>
>> _______________________________________________
>> Suit mailing list
>> Suit@ietf.org
>> https://na01.safelinks.protection.outlook.com/?url=https%3A%
>> 2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fsuit&data=02%
>> 7C01%7Cdthaler%40microsoft.com%7C7215b35bed3043c20b6508d5
>> 2c96a230%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636463
>> 947840714659&sdata=Xjz9tS4yuuiB%2Bp39yKYM%2B%2B00y4oKNqyBB8d
>> deSp%2Fr3U%3D&reserved=0
>> IMPORTANT NOTICE: The contents of this email and any attachments are
>> confidential and may also be privileged. If you are not the intended
>> recipient, please notify the sender immediately and do not disclose the
>> contents to any other person, use it for any purpose, or store or copy the
>> information in any medium. Thank you.
>>
>> _______________________________________________
>> Suit mailing list
>> Suit@ietf.org
>> https://na01.safelinks.protection.outlook.com/?url=https%3A%
>> 2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fsuit&data=02%
>> 7C01%7Cdthaler%40microsoft.com%7C7215b35bed3043c20b6508d5
>> 2c96a230%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636463
>> 947840714659&sdata=Xjz9tS4yuuiB%2Bp39yKYM%2B%2B00y4oKNqyBB8d
>> deSp%2Fr3U%3D&reserved=0
>> IMPORTANT NOTICE: The contents of this email and any attachments are
>> confidential and may also be privileged. If you are not the intended
>> recipient, please notify the sender immediately and do not disclose the
>> contents to any other person, use it for any purpose, or store or copy the
>> information in any medium. Thank you.
>>
>> _______________________________________________
>> Suit mailing list
>> Suit@ietf.org
>> https://www.ietf.org/mailman/listinfo/suit
>>
>
> _______________________________________________
> Suit mailing list
> Suit@ietf.org
> https://www.ietf.org/mailman/listinfo/suit
>

--001a1140ead02e450b055e1a9e8a
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Max: If you use delegations, you can have the flexibility =
to cover this case, multiple signatures, and many other features.=C2=A0 It =
seems likely to cover more cases than trying to pre-define different roles =
which all perform the same task.=C2=A0=C2=A0<div><br></div><div>Thanks,</di=
v><div>Justin</div></div><div class=3D"gmail_extra"><br><div class=3D"gmail=
_quote">On Wed, Nov 15, 2017 at 10:26 PM, Dr. Pala <span dir=3D"ltr">&lt;<a=
 href=3D"mailto:madwolf@openca.org" target=3D"_blank">madwolf@openca.org</a=
>&gt;</span> wrote:<br><blockquote class=3D"gmail_quote" style=3D"margin:0 =
0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Hannes, David,<br>
<br>
+1 to multiple signatures.<br>
<br>
The use case I have in mind, however, is not for the user to counter-sign t=
he firmware but for one or more additional &quot;deployment&quot; authority=
 to &quot;bless&quot; the update for deployment in its environment. We alre=
ady have this in the cable industry and I think it would be a good feature =
to have.<br>
<br>
Cheers,<br>
Max<div class=3D"HOEnZb"><div class=3D"h5"><br>
<br>
<br>
On 11/16/17 11:08 AM, Hannes Tschofenig wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">
That&#39;s perfectly fine for me, Dave. We need this also for other purpose=
s.<br>
<br>
However, I don&#39;t think it is realistic for end users to assume that the=
y have a firmware signing certificate (+ private key) to sign firmware upda=
tes as a way to demonstrate consent for an update.<br>
<br>
-----Original Message-----<br>
From: Dave Thaler [mailto:<a href=3D"mailto:dthaler@microsoft.com" target=
=3D"_blank">dthaler@microsoft.com</a>]<br>
Sent: 16 November 2017 10:22<br>
To: Hannes Tschofenig; David A. Wheeler; suit<br>
Subject: RE: [Suit] Make it clear that end-users MUST be able to NOT update=
<br>
<br>
My opinion: the only requirement I can think of is that the manifest format=
 has to support multiple signatures (countersigning) so that one could have=
 a policy based on them.<br>
<br>
-----Original Message-----<br>
From: Suit [mailto:<a href=3D"mailto:suit-bounces@ietf.org" target=3D"_blan=
k">suit-bounces@ietf.org</a>] On Behalf Of Hannes Tschofenig<br>
Sent: Thursday, November 16, 2017 10:06 AM<br>
To: David A. Wheeler &lt;<a href=3D"mailto:dwheeler@dwheeler.com" target=3D=
"_blank">dwheeler@dwheeler.com</a>&gt;; suit &lt;<a href=3D"mailto:suit@iet=
f.org" target=3D"_blank">suit@ietf.org</a>&gt;<br>
Subject: Re: [Suit] Make it clear that end-users MUST be able to NOT update=
<br>
<br>
That&#39;s a fair requirement, David.<br>
<br>
I do believe, however, that this is something that has no impact on a manif=
est format. Particularly in the IoT context it often happens that the end u=
ser is not sitting in the front of the device nor may the device even have =
a UI. So, the consent needs to happen to &quot;outside&quot; .<br>
<br>
What is your view on how the consent could influence the manifest?<br>
<br>
Ciao<br>
Hannes<br>
<br>
-----Original Message-----<br>
From: Suit [mailto:<a href=3D"mailto:suit-bounces@ietf.org" target=3D"_blan=
k">suit-bounces@ietf.org</a>] On Behalf Of David A. Wheeler<br>
Sent: 16 November 2017 01:16<br>
To: suit<br>
Subject: [Suit] Make it clear that end-users MUST be able to NOT update<br>
<br>
I think a vitally-important requirement is that end-users MUST be able to N=
OT update software.<br>
<br>
In many cases, it&#39;s valuable to automatically update software, and inte=
rnet-connected devices make that relatively easy.<br>
<br>
But there are many situations where updates must NOT occur.<br>
There&#39;s a disturbing trend where people who own the devices are increas=
ingly not allowed to control them.=C2=A0 In the end, the end-user/owner sho=
uld be able to decide if updates are acceptable, and when.<br>
<br>
Thanks.<br>
<br>
--- David A. Wheeler<br>
<br>
______________________________<wbr>_________________<br>
Suit mailing list<br>
<a href=3D"mailto:Suit@ietf.org" target=3D"_blank">Suit@ietf.org</a><br>
<a href=3D"https://na01.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F=
%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fsuit&amp;data=3D02%7C01%7Cdthaler%40=
microsoft.com%7C7215b35bed3043c20b6508d52c96a230%7C72f988bf86f141af91ab2d7c=
d011db47%7C1%7C0%7C636463947840714659&amp;sdata=3DXjz9tS4yuuiB%2Bp39yKYM%2B=
%2B00y4oKNqyBB8ddeSp%2Fr3U%3D&amp;reserved=3D0" rel=3D"noreferrer" target=
=3D"_blank">https://na01.safelinks.protect<wbr>ion.outlook.com/?url=3Dhttps=
%3A%<wbr>2F%2Fwww.ietf.org%2Fmailman%<wbr>2Flistinfo%2Fsuit&amp;data=3D02%<=
wbr>7C01%7Cdthaler%40microsoft.<wbr>com%7C7215b35bed3043c20b6508d5<wbr>2c96=
a230%7C72f988bf86f141af91a<wbr>b2d7cd011db47%7C1%7C0%7C636463<wbr>947840714=
659&amp;sdata=3DXjz9tS4yuui<wbr>B%2Bp39yKYM%2B%2B00y4oKNqyBB8d<wbr>deSp%2Fr=
3U%3D&amp;reserved=3D0</a><br>
IMPORTANT NOTICE: The contents of this email and any attachments are confid=
ential and may also be privileged. If you are not the intended recipient, p=
lease notify the sender immediately and do not disclose the contents to any=
 other person, use it for any purpose, or store or copy the information in =
any medium. Thank you.<br>
<br>
______________________________<wbr>_________________<br>
Suit mailing list<br>
<a href=3D"mailto:Suit@ietf.org" target=3D"_blank">Suit@ietf.org</a><br>
<a href=3D"https://na01.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F=
%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fsuit&amp;data=3D02%7C01%7Cdthaler%40=
microsoft.com%7C7215b35bed3043c20b6508d52c96a230%7C72f988bf86f141af91ab2d7c=
d011db47%7C1%7C0%7C636463947840714659&amp;sdata=3DXjz9tS4yuuiB%2Bp39yKYM%2B=
%2B00y4oKNqyBB8ddeSp%2Fr3U%3D&amp;reserved=3D0" rel=3D"noreferrer" target=
=3D"_blank">https://na01.safelinks.protect<wbr>ion.outlook.com/?url=3Dhttps=
%3A%<wbr>2F%2Fwww.ietf.org%2Fmailman%<wbr>2Flistinfo%2Fsuit&amp;data=3D02%<=
wbr>7C01%7Cdthaler%40microsoft.<wbr>com%7C7215b35bed3043c20b6508d5<wbr>2c96=
a230%7C72f988bf86f141af91a<wbr>b2d7cd011db47%7C1%7C0%7C636463<wbr>947840714=
659&amp;sdata=3DXjz9tS4yuui<wbr>B%2Bp39yKYM%2B%2B00y4oKNqyBB8d<wbr>deSp%2Fr=
3U%3D&amp;reserved=3D0</a><br>
IMPORTANT NOTICE: The contents of this email and any attachments are confid=
ential and may also be privileged. If you are not the intended recipient, p=
lease notify the sender immediately and do not disclose the contents to any=
 other person, use it for any purpose, or store or copy the information in =
any medium. Thank you.<br>
<br>
______________________________<wbr>_________________<br>
Suit mailing list<br>
<a href=3D"mailto:Suit@ietf.org" target=3D"_blank">Suit@ietf.org</a><br>
<a href=3D"https://www.ietf.org/mailman/listinfo/suit" rel=3D"noreferrer" t=
arget=3D"_blank">https://www.ietf.org/mailman/l<wbr>istinfo/suit</a><br>
</blockquote>
<br>
______________________________<wbr>_________________<br>
Suit mailing list<br>
<a href=3D"mailto:Suit@ietf.org" target=3D"_blank">Suit@ietf.org</a><br>
<a href=3D"https://www.ietf.org/mailman/listinfo/suit" rel=3D"noreferrer" t=
arget=3D"_blank">https://www.ietf.org/mailman/l<wbr>istinfo/suit</a><br>
</div></div></blockquote></div><br></div>

--001a1140ead02e450b055e1a9e8a--


From nobody Thu Nov 16 06:44:59 2017
Return-Path: <Brendan.Moran@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 136A512711B for <suit@ietfa.amsl.com>; Thu, 16 Nov 2017 06:44:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.66
X-Spam-Level: 
X-Spam-Status: No, score=-1.66 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, HTML_OBFUSCATE_05_10=0.26, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GApEWLVKIC8z for <suit@ietfa.amsl.com>; Thu, 16 Nov 2017 06:44:55 -0800 (PST)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-db5eur01on0050.outbound.protection.outlook.com [104.47.2.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1D8C212957C for <suit@ietf.org>; Thu, 16 Nov 2017 06:44:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=fTOX2smiBpLcI+gY9BpBhqLfYiZiWOlKlB0BO/3dbfM=; b=lgseXWvSxeRD7zaEWvJ/yN9wsZUpASJ6I2dnDIC+ZZGcIFtuIih9ifgwJlzPVFHl4QuLYgeVEaceqV91DWmBRZ5kgP+czXPaJQyGts/7u1uiTkLOONPCs4p6iHFdVNgo2Fdruz/XYKkeNZUXyf2BGZGbuNOlCvoFWDC7PpwZyqM=
Received: from DB5PR08MB0615.eurprd08.prod.outlook.com (10.169.32.149) by DB5PR08MB0613.eurprd08.prod.outlook.com (10.169.32.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.218.12; Thu, 16 Nov 2017 14:44:51 +0000
Received: from DB5PR08MB0615.eurprd08.prod.outlook.com ([fe80::b123:af71:1ed2:1057]) by DB5PR08MB0615.eurprd08.prod.outlook.com ([fe80::b123:af71:1ed2:1057%14]) with mapi id 15.20.0218.015; Thu, 16 Nov 2017 14:44:51 +0000
From: Brendan Moran <Brendan.Moran@arm.com>
To: Justin Cappos <jcappos@nyu.edu>
CC: "Dr. Pala" <madwolf@openca.org>, "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] Make it clear that end-users MUST be able to NOT update
Thread-Index: AQHTXjV1g2zO4W2E4ka/yG0hyQwgWKMWQnGAgAAEIpCAABKSk4AAvFwAgAAA/QA=
Date: Thu, 16 Nov 2017 14:44:51 +0000
Message-ID: <943BB5D4-79C4-437E-9E2E-70A822647489@arm.com>
References: <E1eF1IJ-0004Rb-Ic@rmmprod07.runbox> <AM4PR0801MB2706753509EC589A3F8B4B88FA2E0@AM4PR0801MB2706.eurprd08.prod.outlook.com> <DM5PR21MB085902F3A3D6051C4600A3C3A32E0@DM5PR21MB0859.namprd21.prod.outlook.com> <AM4PR0801MB27068C5493CE265F32289D3FFA2E0@AM4PR0801MB2706.eurprd08.prod.outlook.com> <d366fd49-e7a5-a198-febf-1efada27bada@openca.org> <CAMVss_rkq0337vgTRqWsf3HRF7MJA_PVRc+v0BWQunUdLK1SzQ@mail.gmail.com>
In-Reply-To: <CAMVss_rkq0337vgTRqWsf3HRF7MJA_PVRc+v0BWQunUdLK1SzQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-mailer: Apple Mail (2.3273)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Brendan.Moran@arm.com; 
x-originating-ip: [217.140.96.140]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DB5PR08MB0613; 6:NGNIcIU2fKnuj7S0WsMcxN7dSCWd7rZy1oUoRmxpzDzZtb+zK5yRRUJkXjX1uoJtK9oCzwvLN+3ksCI1H7f5DbVoiyzm85Fu3m0JtxfJR7z/BcMsTRDd947T2ylikIcF48H911WazugZ5fO3ys2RncNFGgvm/K7kiWX8Mn4jX9/WgxlspFF1UMfFLFjEBqwkxU8TldsWMuRGJsw5MoCLISeKeFNvF95lCJsqvpXnV5Bj/XBLPDiswiESqSpObwtqY0a6/S6wcTp35EchgFBT06gK3F8PKsPPbKeEHYu9fSf1RlMNOhkRF33Pf+ni4NWPkmVc3j6JaB5hbjIrcgu+mzZyBEaJZcV9Qm0kpM7Bk68=; 5:CFg7Q/lN+esTDtgKUPpRxPWAZ0qoJke37X8oUc250mgTTfdn4wJW5+KTF3oa4wRfc2ctgO8epUDIUI78ibYaumGHc+nFN3fvFue8YL0Jg/PI4eCqxfSp7S1Iw+d+fNtTgBLAY1DkJR54IDZEwkrgAM2S6/jNe/Y+gg5IDuBg/V4=; 24:qsVbjksGu+ZzYqfEQWsWp5zxEQiVbsZa5H/gPn1MxIKwkN+nojKk2aE1Fkxv0T3/PsZCmnrt139PBoAocYdce1idXpbkVHgU6y9TFYbMs0g=; 7:oMeCcWm5RnsGCBvdETy9tcv8GUobHgpJd81H2LVKYahT+vGb+3hIgtxOAIKSaUv5hM5lbQyXX+MCeNs3lsH0j9TotdRwHIuC5pOkX3bE5qfq52av8JQTFSowNphNOjJ18K0nGHHUxynI7RrPYcPKKJzd+UgbLYXdvfPHcyvm2xQTwOcwYwtSl874s6sfNWRzcUjgDcwjwsFI4BilyonDRKtxnqRYFd+8q/5Qd6Us+lqShms536Ufebqy+mrdRshh
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 7a634bb7-a63d-4e87-61ac-08d52d0097c4
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(2017052603199); SRVR:DB5PR08MB0613; 
x-ms-traffictypediagnostic: DB5PR08MB0613:
x-microsoft-antispam-prvs: <DB5PR08MB061390B4E256C7594984A565EA2E0@DB5PR08MB0613.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(192374486261705)(189930954265078)(219752817060721)(46194664272605); 
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(3231022)(10201501046)(93006095)(93001095)(3002001)(100000703101)(100105400095)(6055026)(6041248)(20161123555025)(20161123558100)(20161123562025)(20161123564025)(20161123560025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:DB5PR08MB0613; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:DB5PR08MB0613; 
x-forefront-prvs: 0493852DA9
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(39860400002)(346002)(199003)(40434004)(189002)(24454002)(13464003)(82746002)(93886005)(57306001)(101416001)(81156014)(50986999)(76176999)(478600001)(54906003)(33656002)(189998001)(45080400002)(50226002)(2950100002)(6916009)(6246003)(229853002)(102836003)(15650500001)(966005)(316002)(2171002)(72206003)(8936002)(3846002)(8676002)(81166006)(4326008)(53936002)(6116002)(3280700002)(99286004)(54896002)(236005)(25786009)(106356001)(3660700001)(105586002)(2900100001)(7736002)(5660300001)(6486002)(556974002)(2906002)(5250100002)(14454004)(36756003)(53546010)(6306002)(97736004)(6506006)(6436002)(606006)(8656006)(86362001)(5890100001)(66066001)(6512007)(68736007)(83716003); DIR:OUT; SFP:1101; SCL:1; SRVR:DB5PR08MB0613; H:DB5PR08MB0615.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords;  A:1; MX:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_943BB5D479C4437E9E2E70A822647489armcom_"
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 7a634bb7-a63d-4e87-61ac-08d52d0097c4
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Nov 2017 14:44:51.1647 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB5PR08MB0613
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/EKkZvkQ-umWQswdbOYTLDNbMRYo>
Subject: Re: [Suit] Make it clear that end-users MUST be able to NOT update
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Nov 2017 14:44:58 -0000

--_000_943BB5D479C4437E9E2E70A822647489armcom_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

I agree. Delegations and multiple signatures are the appropriate way to han=
dle user consent. Signed policies-as-data might be an interesting way to ha=
ndle switching between automatic updates, automatic security updates, and u=
ser consent required.

Thanks,
Brendan


On 16 Nov 2017, at 14:41, Justin Cappos <jcappos@nyu.edu<mailto:jcappos@nyu=
.edu>> wrote:

Max: If you use delegations, you can have the flexibility to cover this cas=
e, multiple signatures, and many other features.  It seems likely to cover =
more cases than trying to pre-define different roles which all perform the =
same task.

Thanks,
Justin

On Wed, Nov 15, 2017 at 10:26 PM, Dr. Pala <madwolf@openca.org<mailto:madwo=
lf@openca.org>> wrote:
Hi Hannes, David,

+1 to multiple signatures.

The use case I have in mind, however, is not for the user to counter-sign t=
he firmware but for one or more additional "deployment" authority to "bless=
" the update for deployment in its environment. We already have this in the=
 cable industry and I think it would be a good feature to have.

Cheers,
Max



On 11/16/17 11:08 AM, Hannes Tschofenig wrote:
That's perfectly fine for me, Dave. We need this also for other purposes.

However, I don't think it is realistic for end users to assume that they ha=
ve a firmware signing certificate (+ private key) to sign firmware updates =
as a way to demonstrate consent for an update.

-----Original Message-----
From: Dave Thaler [mailto:dthaler@microsoft.com<mailto:dthaler@microsoft.co=
m>]
Sent: 16 November 2017 10:22
To: Hannes Tschofenig; David A. Wheeler; suit
Subject: RE: [Suit] Make it clear that end-users MUST be able to NOT update

My opinion: the only requirement I can think of is that the manifest format=
 has to support multiple signatures (countersigning) so that one could have=
 a policy based on them.

-----Original Message-----
From: Suit [mailto:suit-bounces@ietf.org<mailto:suit-bounces@ietf.org>] On =
Behalf Of Hannes Tschofenig
Sent: Thursday, November 16, 2017 10:06 AM
To: David A. Wheeler <dwheeler@dwheeler.com<mailto:dwheeler@dwheeler.com>>;=
 suit <suit@ietf.org<mailto:suit@ietf.org>>
Subject: Re: [Suit] Make it clear that end-users MUST be able to NOT update

That's a fair requirement, David.

I do believe, however, that this is something that has no impact on a manif=
est format. Particularly in the IoT context it often happens that the end u=
ser is not sitting in the front of the device nor may the device even have =
a UI. So, the consent needs to happen to "outside" .

What is your view on how the consent could influence the manifest?

Ciao
Hannes

-----Original Message-----
From: Suit [mailto:suit-bounces@ietf.org<mailto:suit-bounces@ietf.org>] On =
Behalf Of David A. Wheeler
Sent: 16 November 2017 01:16
To: suit
Subject: [Suit] Make it clear that end-users MUST be able to NOT update

I think a vitally-important requirement is that end-users MUST be able to N=
OT update software.

In many cases, it's valuable to automatically update software, and internet=
-connected devices make that relatively easy.

But there are many situations where updates must NOT occur.
There's a disturbing trend where people who own the devices are increasingl=
y not allowed to control them.  In the end, the end-user/owner should be ab=
le to decide if updates are acceptable, and when.

Thanks.

--- David A. Wheeler

_______________________________________________
Suit mailing list
Suit@ietf.org<mailto:Suit@ietf.org>
https://na01.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fwww.ietf=
.org%2Fmailman%2Flistinfo%2Fsuit&data=3D02%7C01%7Cdthaler%40microsoft.com%7=
C7215b35bed3043c20b6508d52c96a230%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C=
0%7C636463947840714659&sdata=3DXjz9tS4yuuiB%2Bp39yKYM%2B%2B00y4oKNqyBB8ddeS=
p%2Fr3U%3D&reserved=3D0
IMPORTANT NOTICE: The contents of this email and any attachments are confid=
ential and may also be privileged. If you are not the intended recipient, p=
lease notify the sender immediately and do not disclose the contents to any=
 other person, use it for any purpose, or store or copy the information in =
any medium. Thank you.

_______________________________________________
Suit mailing list
Suit@ietf.org<mailto:Suit@ietf.org>
https://na01.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fwww.ietf=
.org%2Fmailman%2Flistinfo%2Fsuit&data=3D02%7C01%7Cdthaler%40microsoft.com%7=
C7215b35bed3043c20b6508d52c96a230%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C=
0%7C636463947840714659&sdata=3DXjz9tS4yuuiB%2Bp39yKYM%2B%2B00y4oKNqyBB8ddeS=
p%2Fr3U%3D&reserved=3D0
IMPORTANT NOTICE: The contents of this email and any attachments are confid=
ential and may also be privileged. If you are not the intended recipient, p=
lease notify the sender immediately and do not disclose the contents to any=
 other person, use it for any purpose, or store or copy the information in =
any medium. Thank you.

_______________________________________________
Suit mailing list
Suit@ietf.org<mailto:Suit@ietf.org>
https://www.ietf.org/mailman/listinfo/suit

_______________________________________________
Suit mailing list
Suit@ietf.org<mailto:Suit@ietf.org>
https://www.ietf.org/mailman/listinfo/suit

_______________________________________________
Suit mailing list
Suit@ietf.org<mailto:Suit@ietf.org>
https://www.ietf.org/mailman/listinfo/suit

IMPORTANT NOTICE: The contents of this email and any attachments are confid=
ential and may also be privileged. If you are not the intended recipient, p=
lease notify the sender immediately and do not disclose the contents to any=
 other person, use it for any purpose, or store or copy the information in =
any medium. Thank you.

--_000_943BB5D479C4437E9E2E70A822647489armcom_
Content-Type: text/html; charset="us-ascii"
Content-ID: <1F471C038E84C748867843B844524084@eurprd08.prod.outlook.com>
Content-Transfer-Encoding: quoted-printable

<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
</head>
<body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-lin=
e-break: after-white-space;" class=3D"">
I agree. Delegations and multiple signatures are the appropriate way to han=
dle user consent. Signed policies-as-data might be an interesting way to ha=
ndle switching between automatic updates, automatic security updates, and u=
ser consent required.
<div class=3D"">
<div class=3D"">
<div class=3D""><br class=3D"">
</div>
<div class=3D"">Thanks,</div>
<div class=3D"">Brendan</div>
<div class=3D""><br class=3D"">
<div class=3D""><br class=3D"">
<div>
<blockquote type=3D"cite" class=3D"">
<div class=3D"">On 16 Nov 2017, at 14:41, Justin Cappos &lt;<a href=3D"mail=
to:jcappos@nyu.edu" class=3D"">jcappos@nyu.edu</a>&gt; wrote:</div>
<br class=3D"Apple-interchange-newline">
<div class=3D"">
<div dir=3D"ltr" class=3D"">Max: If you use delegations, you can have the f=
lexibility to cover this case, multiple signatures, and many other features=
.&nbsp; It seems likely to cover more cases than trying to pre-define diffe=
rent roles which all perform the same task.&nbsp;&nbsp;
<div class=3D""><br class=3D"">
</div>
<div class=3D"">Thanks,</div>
<div class=3D"">Justin</div>
</div>
<div class=3D"gmail_extra"><br class=3D"">
<div class=3D"gmail_quote">On Wed, Nov 15, 2017 at 10:26 PM, Dr. Pala <span=
 dir=3D"ltr" class=3D"">
&lt;<a href=3D"mailto:madwolf@openca.org" target=3D"_blank" class=3D"">madw=
olf@openca.org</a>&gt;</span> wrote:<br class=3D"">
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">
Hi Hannes, David,<br class=3D"">
<br class=3D"">
&#43;1 to multiple signatures.<br class=3D"">
<br class=3D"">
The use case I have in mind, however, is not for the user to counter-sign t=
he firmware but for one or more additional &quot;deployment&quot; authority=
 to &quot;bless&quot; the update for deployment in its environment. We alre=
ady have this in the cable industry and I think it would
 be a good feature to have.<br class=3D"">
<br class=3D"">
Cheers,<br class=3D"">
Max
<div class=3D"HOEnZb">
<div class=3D"h5"><br class=3D"">
<br class=3D"">
<br class=3D"">
On 11/16/17 11:08 AM, Hannes Tschofenig wrote:<br class=3D"">
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">
That's perfectly fine for me, Dave. We need this also for other purposes.<b=
r class=3D"">
<br class=3D"">
However, I don't think it is realistic for end users to assume that they ha=
ve a firmware signing certificate (&#43; private key) to sign firmware upda=
tes as a way to demonstrate consent for an update.<br class=3D"">
<br class=3D"">
-----Original Message-----<br class=3D"">
From: Dave Thaler [mailto:<a href=3D"mailto:dthaler@microsoft.com" target=
=3D"_blank" class=3D"">dthaler@microsoft.com</a>]<br class=3D"">
Sent: 16 November 2017 10:22<br class=3D"">
To: Hannes Tschofenig; David A. Wheeler; suit<br class=3D"">
Subject: RE: [Suit] Make it clear that end-users MUST be able to NOT update=
<br class=3D"">
<br class=3D"">
My opinion: the only requirement I can think of is that the manifest format=
 has to support multiple signatures (countersigning) so that one could have=
 a policy based on them.<br class=3D"">
<br class=3D"">
-----Original Message-----<br class=3D"">
From: Suit [mailto:<a href=3D"mailto:suit-bounces@ietf.org" target=3D"_blan=
k" class=3D"">suit-bounces@ietf.org</a>] On Behalf Of Hannes Tschofenig<br =
class=3D"">
Sent: Thursday, November 16, 2017 10:06 AM<br class=3D"">
To: David A. Wheeler &lt;<a href=3D"mailto:dwheeler@dwheeler.com" target=3D=
"_blank" class=3D"">dwheeler@dwheeler.com</a>&gt;; suit &lt;<a href=3D"mail=
to:suit@ietf.org" target=3D"_blank" class=3D"">suit@ietf.org</a>&gt;<br cla=
ss=3D"">
Subject: Re: [Suit] Make it clear that end-users MUST be able to NOT update=
<br class=3D"">
<br class=3D"">
That's a fair requirement, David.<br class=3D"">
<br class=3D"">
I do believe, however, that this is something that has no impact on a manif=
est format. Particularly in the IoT context it often happens that the end u=
ser is not sitting in the front of the device nor may the device even have =
a UI. So, the consent needs to happen
 to &quot;outside&quot; .<br class=3D"">
<br class=3D"">
What is your view on how the consent could influence the manifest?<br class=
=3D"">
<br class=3D"">
Ciao<br class=3D"">
Hannes<br class=3D"">
<br class=3D"">
-----Original Message-----<br class=3D"">
From: Suit [mailto:<a href=3D"mailto:suit-bounces@ietf.org" target=3D"_blan=
k" class=3D"">suit-bounces@ietf.org</a>] On Behalf Of David A. Wheeler<br c=
lass=3D"">
Sent: 16 November 2017 01:16<br class=3D"">
To: suit<br class=3D"">
Subject: [Suit] Make it clear that end-users MUST be able to NOT update<br =
class=3D"">
<br class=3D"">
I think a vitally-important requirement is that end-users MUST be able to N=
OT update software.<br class=3D"">
<br class=3D"">
In many cases, it's valuable to automatically update software, and internet=
-connected devices make that relatively easy.<br class=3D"">
<br class=3D"">
But there are many situations where updates must NOT occur.<br class=3D"">
There's a disturbing trend where people who own the devices are increasingl=
y not allowed to control them.&nbsp; In the end, the end-user/owner should =
be able to decide if updates are acceptable, and when.<br class=3D"">
<br class=3D"">
Thanks.<br class=3D"">
<br class=3D"">
--- David A. Wheeler<br class=3D"">
<br class=3D"">
______________________________<wbr class=3D"">_________________<br class=3D=
"">
Suit mailing list<br class=3D"">
<a href=3D"mailto:Suit@ietf.org" target=3D"_blank" class=3D"">Suit@ietf.org=
</a><br class=3D"">
<a href=3D"https://na01.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F=
%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fsuit&amp;data=3D02%7C01%7Cdthaler%40=
microsoft.com%7C7215b35bed3043c20b6508d52c96a230%7C72f988bf86f141af91ab2d7c=
d011db47%7C1%7C0%7C636463947840714659&amp;sdata=3DXjz9tS4yuuiB%2Bp39yKYM%2B=
%2B00y4oKNqyBB8ddeSp%2Fr3U%3D&amp;reserved=3D0" rel=3D"noreferrer" target=
=3D"_blank" class=3D"">https://na01.safelinks.protect<wbr class=3D"">ion.ou=
tlook.com/?url=3Dhttps%3A%<wbr class=3D"">2F%2Fwww.ietf.org%2Fmailman%<wbr =
class=3D"">2Flistinfo%2Fsuit&amp;data=3D02%<wbr class=3D"">7C01%7Cdthaler%4=
0microsoft.<wbr class=3D"">com%7C7215b35bed3043c20b6508d5<wbr class=3D"">2c=
96a230%7C72f988bf86f141af91a<wbr class=3D"">b2d7cd011db47%7C1%7C0%7C636463<=
wbr class=3D"">947840714659&amp;sdata=3DXjz9tS4yuui<wbr class=3D"">B%2Bp39y=
KYM%2B%2B00y4oKNqyBB8d<wbr class=3D"">deSp%2Fr3U%3D&amp;reserved=3D0</a><br=
 class=3D"">
IMPORTANT NOTICE: The contents of this email and any attachments are confid=
ential and may also be privileged. If you are not the intended recipient, p=
lease notify the sender immediately and do not disclose the contents to any=
 other person, use it for any purpose,
 or store or copy the information in any medium. Thank you.<br class=3D"">
<br class=3D"">
______________________________<wbr class=3D"">_________________<br class=3D=
"">
Suit mailing list<br class=3D"">
<a href=3D"mailto:Suit@ietf.org" target=3D"_blank" class=3D"">Suit@ietf.org=
</a><br class=3D"">
<a href=3D"https://na01.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F=
%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fsuit&amp;data=3D02%7C01%7Cdthaler%40=
microsoft.com%7C7215b35bed3043c20b6508d52c96a230%7C72f988bf86f141af91ab2d7c=
d011db47%7C1%7C0%7C636463947840714659&amp;sdata=3DXjz9tS4yuuiB%2Bp39yKYM%2B=
%2B00y4oKNqyBB8ddeSp%2Fr3U%3D&amp;reserved=3D0" rel=3D"noreferrer" target=
=3D"_blank" class=3D"">https://na01.safelinks.protect<wbr class=3D"">ion.ou=
tlook.com/?url=3Dhttps%3A%<wbr class=3D"">2F%2Fwww.ietf.org%2Fmailman%<wbr =
class=3D"">2Flistinfo%2Fsuit&amp;data=3D02%<wbr class=3D"">7C01%7Cdthaler%4=
0microsoft.<wbr class=3D"">com%7C7215b35bed3043c20b6508d5<wbr class=3D"">2c=
96a230%7C72f988bf86f141af91a<wbr class=3D"">b2d7cd011db47%7C1%7C0%7C636463<=
wbr class=3D"">947840714659&amp;sdata=3DXjz9tS4yuui<wbr class=3D"">B%2Bp39y=
KYM%2B%2B00y4oKNqyBB8d<wbr class=3D"">deSp%2Fr3U%3D&amp;reserved=3D0</a><br=
 class=3D"">
IMPORTANT NOTICE: The contents of this email and any attachments are confid=
ential and may also be privileged. If you are not the intended recipient, p=
lease notify the sender immediately and do not disclose the contents to any=
 other person, use it for any purpose,
 or store or copy the information in any medium. Thank you.<br class=3D"">
<br class=3D"">
______________________________<wbr class=3D"">_________________<br class=3D=
"">
Suit mailing list<br class=3D"">
<a href=3D"mailto:Suit@ietf.org" target=3D"_blank" class=3D"">Suit@ietf.org=
</a><br class=3D"">
<a href=3D"https://www.ietf.org/mailman/listinfo/suit" rel=3D"noreferrer" t=
arget=3D"_blank" class=3D"">https://www.ietf.org/mailman/l<wbr class=3D"">i=
stinfo/suit</a><br class=3D"">
</blockquote>
<br class=3D"">
______________________________<wbr class=3D"">_________________<br class=3D=
"">
Suit mailing list<br class=3D"">
<a href=3D"mailto:Suit@ietf.org" target=3D"_blank" class=3D"">Suit@ietf.org=
</a><br class=3D"">
<a href=3D"https://www.ietf.org/mailman/listinfo/suit" rel=3D"noreferrer" t=
arget=3D"_blank" class=3D"">https://www.ietf.org/mailman/l<wbr class=3D"">i=
stinfo/suit</a><br class=3D"">
</div>
</div>
</blockquote>
</div>
<br class=3D"">
</div>
_______________________________________________<br class=3D"">
Suit mailing list<br class=3D"">
<a href=3D"mailto:Suit@ietf.org" class=3D"">Suit@ietf.org</a><br class=3D""=
>
https://www.ietf.org/mailman/listinfo/suit<br class=3D"">
</div>
</blockquote>
</div>
<br class=3D"">
</div>
</div>
</div>
</div>
IMPORTANT NOTICE: The contents of this email and any attachments are confid=
ential and may also be privileged. If you are not the intended recipient, p=
lease notify the sender immediately and do not disclose the contents to any=
 other person, use it for any purpose,
 or store or copy the information in any medium. Thank you.
</body>
</html>

--_000_943BB5D479C4437E9E2E70A822647489armcom_--


From nobody Thu Nov 16 06:51:27 2017
Return-Path: <Brendan.Moran@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1610312711B for <suit@ietfa.amsl.com>; Thu, 16 Nov 2017 06:51:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.92
X-Spam-Level: 
X-Spam-Status: No, score=-1.92 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ic9fIcU93CiI for <suit@ietfa.amsl.com>; Thu, 16 Nov 2017 06:51:25 -0800 (PST)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-db5eur01on0073.outbound.protection.outlook.com [104.47.2.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8BCA6124BFA for <suit@ietf.org>; Thu, 16 Nov 2017 06:51:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=tRPbfjvnmmPRxR+fUAqLEwy1KfFMFte4S5Q8LR7KiTc=; b=PGpS/NlkMdoPpN0KWnTbDUT46x29GS/lY4rB9YetiiPCBq6JqNv7NIC1GbesHhJuCn7QK7sF/zDQAluv2UGm6UvIDDZhOvyX00lhUhrQf54WRMHvA5H1aVm/vDKAoWaSnhmReS305idudmZKGIxL9MXirLqAMdcokBHF4g0x3/s=
Received: from DB5PR08MB0615.eurprd08.prod.outlook.com (10.169.32.149) by DB5PR08MB0614.eurprd08.prod.outlook.com (10.169.32.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.218.12; Thu, 16 Nov 2017 14:51:22 +0000
Received: from DB5PR08MB0615.eurprd08.prod.outlook.com ([fe80::b123:af71:1ed2:1057]) by DB5PR08MB0615.eurprd08.prod.outlook.com ([fe80::b123:af71:1ed2:1057%14]) with mapi id 15.20.0218.015; Thu, 16 Nov 2017 14:51:22 +0000
From: Brendan Moran <Brendan.Moran@arm.com>
To: "David A. Wheeler" <dwheeler@dwheeler.com>
CC: suit <suit@ietf.org>
Thread-Topic: [Suit] Make it clear that end-users MUST be able to NOT update
Thread-Index: AQHTXjV1g2zO4W2E4ka/yG0hyQwgWKMXGFCA
Date: Thu, 16 Nov 2017 14:51:21 +0000
Message-ID: <1997AC68-337E-4ED4-BC3B-651F4EC6EB8C@arm.com>
References: <E1eF1IJ-0004Rb-Ic@rmmprod07.runbox>
In-Reply-To: <E1eF1IJ-0004Rb-Ic@rmmprod07.runbox>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-mailer: Apple Mail (2.3273)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Brendan.Moran@arm.com; 
x-originating-ip: [217.140.96.140]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DB5PR08MB0614; 6:YZdNflAliXXxq6j+fw8bGF88qzENmIA1r8faJLzb20vONApSF9Q7f5Z2fqEXwCDmV8Rlm3r56emaBOQ1eKIt2SvjEyr8Ss5ULbKzdKrYFC7f7YQ1z/7D3aTJWTWZagByIxeJGIb8j9I5DJs27Bg1B/ffO5oKsMI3Oe1LZX8EUqY2eV9CDar5c2wbPHzDKf+kH+F9JsLC6rXEB0u5VaSx8VY3YujUge0cgyyinP/OwR1qrSowy0gv4Qsr53z7Zyy4Pq1Ycf2eId/gU7b7AT/mxNh5QD3gPCIzUTzGUAOltZ7EqwnOxNfLdabNQrbV5QhHlYb0mB/5s8Kv2bz4tryFQhuPT0SUuXUfajtzxWpuPVU=; 5:dDBuvhn3zz5s8A1sVAqBSNBVb8OtMUpB8LNDlaFCIRt2uUo/Oa8ASB6YkT5DMcmpVxz42Lm7+FjUMMaeW3IzDjS0Stw+8a0WovRPYneOfbJKsuw4Iy8CDf82N1xUvpi3h7Yd9/cNc0Grb8tjZ/XPiexPTQ1EYlu4t3FS5x11FGw=; 24:tfMAnwW0B6AizCJjkLAtr5b/vIOEVI8SvgRJxv+d931U+zMX0Yg8l3ONxVuZmYsLvsv+yywle6KT2IaI7pGfrQORjzomxq2wEWpV5QBcwlo=; 7:7+Ol9If0llqz8P8hcAvj3q4YluL5vcp8WYQIl+biQ9DdKXMkj7tBw/anbXmiWLcQh+t7BucIVyodocPgBxWJxY7pTnEF9Rdua9VkA9SPSvaWv4hq6x7yoWCOFXqA+jtHcspF4drxcehimL8siZ7cP1nVUBT7WnqxYfkzWX5rQDR8n5NC1OoUUoiZGInImTdcBv5yL3lBwJctyuDy0DD54Vgu4ZhOO44C1OGposK3y17XamXWlSrUVhYRsS/VYjoT
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: b777fcd5-bd8a-4bdc-d26c-08d52d0180b2
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(2017052603199); SRVR:DB5PR08MB0614; 
x-ms-traffictypediagnostic: DB5PR08MB0614:
x-microsoft-antispam-prvs: <DB5PR08MB06141AE95978E597A1923F65EA2E0@DB5PR08MB0614.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(192374486261705)(47359897960660);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(93006095)(93001095)(100000703101)(100105400095)(3231022)(10201501046)(3002001)(6055026)(6041248)(20161123560025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123562025)(20161123555025)(20161123558100)(20161123564025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:DB5PR08MB0614; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:DB5PR08MB0614; 
x-forefront-prvs: 0493852DA9
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39860400002)(376002)(346002)(24454002)(189002)(199003)(40434004)(51444003)(6506006)(54896002)(236005)(101416001)(50226002)(53936002)(3660700001)(53546010)(83716003)(2906002)(5660300001)(6116002)(72206003)(3280700002)(36756003)(68736007)(102836003)(3846002)(606006)(99286004)(966005)(33656002)(25786009)(6436002)(6486002)(15650500001)(6306002)(6512007)(478600001)(14454004)(106356001)(97736004)(57306001)(50986999)(556974002)(316002)(76176999)(4326008)(105586002)(229853002)(8936002)(81166006)(81156014)(6246003)(5890100001)(6916009)(2950100002)(2900100001)(5250100002)(8676002)(7736002)(189998001)(66066001)(86362001)(82746002); DIR:OUT; SFP:1101; SCL:1; SRVR:DB5PR08MB0614; H:DB5PR08MB0615.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords;  MX:1; A:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_1997AC68337E4ED4BC3B651F4EC6EB8Carmcom_"
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b777fcd5-bd8a-4bdc-d26c-08d52d0180b2
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Nov 2017 14:51:21.9744 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB5PR08MB0614
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/gcf2iqB7eJotrNd2O85sFCCf39Q>
Subject: Re: [Suit] Make it clear that end-users MUST be able to NOT update
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Nov 2017 14:51:27 -0000

--_000_1997AC68337E4ED4BC3B651F4EC6EB8Carmcom_
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64

DQpPbiAxNSBOb3YgMjAxNywgYXQgMTc6MTYsIERhdmlkIEEuIFdoZWVsZXIgPGR3aGVlbGVyQGR3
aGVlbGVyLmNvbTxtYWlsdG86ZHdoZWVsZXJAZHdoZWVsZXIuY29tPj4gd3JvdGU6DQoNCkkgdGhp
bmsgYSB2aXRhbGx5LWltcG9ydGFudCByZXF1aXJlbWVudCBpcyB0aGF0IGVuZC11c2VycyBNVVNU
IGJlIGFibGUgdG8gTk9UIHVwZGF0ZSBzb2Z0d2FyZS4NCg0KSW4gbWFueSBjYXNlcywgaXQncyB2
YWx1YWJsZSB0byBhdXRvbWF0aWNhbGx5IHVwZGF0ZSBzb2Z0d2FyZSwgYW5kDQppbnRlcm5ldC1j
b25uZWN0ZWQgZGV2aWNlcyBtYWtlIHRoYXQgcmVsYXRpdmVseSBlYXN5Lg0KDQpCdXQgdGhlcmUg
YXJlIG1hbnkgc2l0dWF0aW9ucyB3aGVyZSB1cGRhdGVzIG11c3QgTk9UIG9jY3VyLg0KVGhlcmUn
cyBhIGRpc3R1cmJpbmcgdHJlbmQgd2hlcmUgcGVvcGxlIHdobyBvd24gdGhlIGRldmljZXMgYXJl
DQppbmNyZWFzaW5nbHkgbm90IGFsbG93ZWQgdG8gY29udHJvbCB0aGVtLiAgSW4gdGhlIGVuZCwg
dGhlIGVuZC11c2VyL293bmVyDQpzaG91bGQgYmUgYWJsZSB0byBkZWNpZGUgaWYgdXBkYXRlcyBh
cmUgYWNjZXB0YWJsZSwgYW5kIHdoZW4uDQoNClRoYW5rcy4NCg0KLS0tIERhdmlkIEEuIFdoZWVs
ZXINCg0KQXMgbXVjaCBhcyBJIGFncmVlIHdpdGggdGhpcyBpbiBwcmluY2lwbGUsIEkgdGhpbmsg
dGhhdCBpdOKAmXMgZGFuZ2Vyb3VzIHRvIHJlcXVpcmUgdXNlciBjb25zZW50IGJ5IGRlZmF1bHQ6
DQoNCmh0dHBzOi8vaW5zaWdodHMudWJ1bnR1LmNvbS8yMDE2LzEyLzE1L3Jlc2VhcmNoLWNvbnN1
bWVycy1hcmUtdGVycmlibGUtYXQtdXBkYXRpbmctdGhlaXItY29ubmVjdGVkLWRldmljZXMvDQoN
CkF1dG9tYXRpYyB1cGRhdGVzIG11c3QgYmUgdGhlIGRlZmF1bHQgYmVoYXZpb3VyLiBJdOKAmXMg
ZmluZSBmb3IgdXNlcnMgdG8gcmVxdWVzdCBhbmQgYmUgZ3JhbnRlZCB1cGRhdGUgYXV0aG9yaXNh
dGlvbiBhdXRob3JpdHkgb3ZlciB0aGVpciBvd24gZGV2aWNlcywgYnV0IGJ5IGRlZmF1bHQgbWFu
dWZhY3R1cmVycyBzaG91bGQgYXNzdW1lIHRoYXQgNjklIG9mIHRoZWlyIHVzZXJzIHdpbGwgYXBw
bHkgc2VjdXJpdHkgdXBkYXRlcyBsYXRlIG9yIG5ldmVyLg0KDQpPZiB0aG9zZSBwb2xsZWQsIG5l
YXJseSB0d28gdGhpcmRzIGZlbHQgdGhhdCBpdCB3YXMgbm90IHRoZWlyIHJlc3BvbnNpYmlsaXR5
IHRvIGtlZXAgZmlybXdhcmUgdXBkYXRlZC4gMjIlIGJlbGlldmVkIGl0IHdhcyB0aGUgam9iIG9m
IHNvZnR3YXJlIGRldmVsb3BlcnMsIHdoaWxlIDE4JSBjb25zaWRlciBpdCB0byBiZSB0aGUgcmVz
cG9uc2liaWxpdHkgb2YgZGV2aWNlIG1hbnVmYWN0dXJlcnMuDQoNCkkgZG9u4oCZdCB0aGluayB0
aGV5IGFyZSB3cm9uZy4NCg0KQmVzdCBSZWdhcmRzLA0KQnJlbmRhbg0KDQpJTVBPUlRBTlQgTk9U
SUNFOiBUaGUgY29udGVudHMgb2YgdGhpcyBlbWFpbCBhbmQgYW55IGF0dGFjaG1lbnRzIGFyZSBj
b25maWRlbnRpYWwgYW5kIG1heSBhbHNvIGJlIHByaXZpbGVnZWQuIElmIHlvdSBhcmUgbm90IHRo
ZSBpbnRlbmRlZCByZWNpcGllbnQsIHBsZWFzZSBub3RpZnkgdGhlIHNlbmRlciBpbW1lZGlhdGVs
eSBhbmQgZG8gbm90IGRpc2Nsb3NlIHRoZSBjb250ZW50cyB0byBhbnkgb3RoZXIgcGVyc29uLCB1
c2UgaXQgZm9yIGFueSBwdXJwb3NlLCBvciBzdG9yZSBvciBjb3B5IHRoZSBpbmZvcm1hdGlvbiBp
biBhbnkgbWVkaXVtLiBUaGFuayB5b3UuDQo=

--_000_1997AC68337E4ED4BC3B651F4EC6EB8Carmcom_
Content-Type: text/html; charset="utf-8"
Content-ID: <7B120054E90FF74692890D5A09516E38@eurprd08.prod.outlook.com>
Content-Transfer-Encoding: base64

PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i
dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjwvaGVhZD4NCjxib2R5IHN0eWxlPSJ3b3JkLXdy
YXA6IGJyZWFrLXdvcmQ7IC13ZWJraXQtbmJzcC1tb2RlOiBzcGFjZTsgLXdlYmtpdC1saW5lLWJy
ZWFrOiBhZnRlci13aGl0ZS1zcGFjZTsiIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KPGRpdj4N
CjxibG9ja3F1b3RlIHR5cGU9ImNpdGUiIGNsYXNzPSIiPg0KPGRpdiBjbGFzcz0iIj5PbiAxNSBO
b3YgMjAxNywgYXQgMTc6MTYsIERhdmlkIEEuIFdoZWVsZXIgJmx0OzxhIGhyZWY9Im1haWx0bzpk
d2hlZWxlckBkd2hlZWxlci5jb20iIGNsYXNzPSIiPmR3aGVlbGVyQGR3aGVlbGVyLmNvbTwvYT4m
Z3Q7IHdyb3RlOjwvZGl2Pg0KPGJyIGNsYXNzPSJBcHBsZS1pbnRlcmNoYW5nZS1uZXdsaW5lIj4N
CjxkaXYgY2xhc3M9IiI+DQo8ZGl2IGNsYXNzPSIiPkkgdGhpbmsgYSB2aXRhbGx5LWltcG9ydGFu
dCByZXF1aXJlbWVudCBpcyB0aGF0IGVuZC11c2VycyBNVVNUIGJlIGFibGUgdG8gTk9UIHVwZGF0
ZSBzb2Z0d2FyZS48YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQpJbiBtYW55IGNhc2VzLCBp
dCdzIHZhbHVhYmxlIHRvIGF1dG9tYXRpY2FsbHkgdXBkYXRlIHNvZnR3YXJlLCBhbmQ8YnIgY2xh
c3M9IiI+DQppbnRlcm5ldC1jb25uZWN0ZWQgZGV2aWNlcyBtYWtlIHRoYXQgcmVsYXRpdmVseSBl
YXN5LjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCkJ1dCB0aGVyZSBhcmUgbWFueSBzaXR1
YXRpb25zIHdoZXJlIHVwZGF0ZXMgbXVzdCBOT1Qgb2NjdXIuPGJyIGNsYXNzPSIiPg0KVGhlcmUn
cyBhIGRpc3R1cmJpbmcgdHJlbmQgd2hlcmUgcGVvcGxlIHdobyBvd24gdGhlIGRldmljZXMgYXJl
PGJyIGNsYXNzPSIiPg0KaW5jcmVhc2luZ2x5IG5vdCBhbGxvd2VkIHRvIGNvbnRyb2wgdGhlbS4g
Jm5ic3A7SW4gdGhlIGVuZCwgdGhlIGVuZC11c2VyL293bmVyPGJyIGNsYXNzPSIiPg0Kc2hvdWxk
IGJlIGFibGUgdG8gZGVjaWRlIGlmIHVwZGF0ZXMgYXJlIGFjY2VwdGFibGUsIGFuZCB3aGVuLjxi
ciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NClRoYW5rcy48YnIgY2xhc3M9IiI+DQo8YnIgY2xh
c3M9IiI+DQotLS0gRGF2aWQgQS4gV2hlZWxlcjxiciBjbGFzcz0iIj4NCjwvZGl2Pg0KPC9kaXY+
DQo8L2Jsb2NrcXVvdGU+DQo8L2Rpdj4NCjxiciBjbGFzcz0iIj4NCjxkaXYgY2xhc3M9IiI+QXMg
bXVjaCBhcyBJIGFncmVlIHdpdGggdGhpcyBpbiBwcmluY2lwbGUsIEkgdGhpbmsgdGhhdCBpdOKA
mXMgZGFuZ2Vyb3VzIHRvIHJlcXVpcmUgdXNlciBjb25zZW50IGJ5IGRlZmF1bHQ6PC9kaXY+DQo8
ZGl2IGNsYXNzPSIiPjxiciBjbGFzcz0iIj4NCjwvZGl2Pg0KPGRpdiBjbGFzcz0iIj48YSBocmVm
PSJodHRwczovL2luc2lnaHRzLnVidW50dS5jb20vMjAxNi8xMi8xNS9yZXNlYXJjaC1jb25zdW1l
cnMtYXJlLXRlcnJpYmxlLWF0LXVwZGF0aW5nLXRoZWlyLWNvbm5lY3RlZC1kZXZpY2VzLyIgY2xh
c3M9IiI+aHR0cHM6Ly9pbnNpZ2h0cy51YnVudHUuY29tLzIwMTYvMTIvMTUvcmVzZWFyY2gtY29u
c3VtZXJzLWFyZS10ZXJyaWJsZS1hdC11cGRhdGluZy10aGVpci1jb25uZWN0ZWQtZGV2aWNlcy88
L2E+PC9kaXY+DQo8ZGl2IGNsYXNzPSIiPjxiciBjbGFzcz0iIj4NCjwvZGl2Pg0KPGRpdiBjbGFz
cz0iIj5BdXRvbWF0aWMgdXBkYXRlcyBtdXN0IGJlIHRoZSBkZWZhdWx0IGJlaGF2aW91ci4gSXTi
gJlzIGZpbmUgZm9yIHVzZXJzIHRvIHJlcXVlc3QgYW5kIGJlIGdyYW50ZWQgdXBkYXRlIGF1dGhv
cmlzYXRpb24gYXV0aG9yaXR5IG92ZXIgdGhlaXIgb3duIGRldmljZXMsIGJ1dCBieSBkZWZhdWx0
IG1hbnVmYWN0dXJlcnMgc2hvdWxkIGFzc3VtZSB0aGF0IDY5JSBvZiB0aGVpciB1c2VycyB3aWxs
IGFwcGx5IHNlY3VyaXR5IHVwZGF0ZXMNCiBsYXRlIG9yIG5ldmVyLjwvZGl2Pg0KPGRpdiBjbGFz
cz0iIj48YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+DQo8YmxvY2txdW90ZSB0
eXBlPSJjaXRlIiBjbGFzcz0iIj5PZiB0aG9zZSBwb2xsZWQsIG5lYXJseSB0d28gdGhpcmRzIGZl
bHQgdGhhdCBpdCB3YXMgbm90IHRoZWlyIHJlc3BvbnNpYmlsaXR5IHRvIGtlZXAgZmlybXdhcmUg
dXBkYXRlZC4gMjIlIGJlbGlldmVkIGl0IHdhcyB0aGUgam9iIG9mIHNvZnR3YXJlIGRldmVsb3Bl
cnMsIHdoaWxlIDE4JSZuYnNwO2NvbnNpZGVyIGl0IHRvIGJlIHRoZSByZXNwb25zaWJpbGl0eSBv
ZiBkZXZpY2UgbWFudWZhY3R1cmVycy48L2Jsb2NrcXVvdGU+DQo8YnIgY2xhc3M9IiI+DQo8L2Rp
dj4NCjxkaXYgY2xhc3M9IiI+SSBkb27igJl0IHRoaW5rIHRoZXkgYXJlIHdyb25nLjwvZGl2Pg0K
PGRpdiBjbGFzcz0iIj48YnIgY2xhc3M9IiI+DQo8L2Rpdj4NCjxkaXYgY2xhc3M9IiI+QmVzdCBS
ZWdhcmRzLDwvZGl2Pg0KPGRpdiBjbGFzcz0iIj5CcmVuZGFuPC9kaXY+DQo8ZGl2IGNsYXNzPSIi
PjxiciBjbGFzcz0iIj4NCjwvZGl2Pg0KSU1QT1JUQU5UIE5PVElDRTogVGhlIGNvbnRlbnRzIG9m
IHRoaXMgZW1haWwgYW5kIGFueSBhdHRhY2htZW50cyBhcmUgY29uZmlkZW50aWFsIGFuZCBtYXkg
YWxzbyBiZSBwcml2aWxlZ2VkLiBJZiB5b3UgYXJlIG5vdCB0aGUgaW50ZW5kZWQgcmVjaXBpZW50
LCBwbGVhc2Ugbm90aWZ5IHRoZSBzZW5kZXIgaW1tZWRpYXRlbHkgYW5kIGRvIG5vdCBkaXNjbG9z
ZSB0aGUgY29udGVudHMgdG8gYW55IG90aGVyIHBlcnNvbiwgdXNlIGl0IGZvciBhbnkgcHVycG9z
ZSwNCiBvciBzdG9yZSBvciBjb3B5IHRoZSBpbmZvcm1hdGlvbiBpbiBhbnkgbWVkaXVtLiBUaGFu
ayB5b3UuDQo8L2JvZHk+DQo8L2h0bWw+DQo=

--_000_1997AC68337E4ED4BC3B651F4EC6EB8Carmcom_--


From nobody Thu Nov 16 07:26:46 2017
Return-Path: <Brendan.Moran@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 43AF41296B3 for <suit@ietfa.amsl.com>; Thu, 16 Nov 2017 07:26:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Level: 
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OW4GAJEVhgAc for <suit@ietfa.amsl.com>; Thu, 16 Nov 2017 07:26:34 -0800 (PST)
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-he1eur01on0044.outbound.protection.outlook.com [104.47.0.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9CB98129584 for <suit@ietf.org>; Thu, 16 Nov 2017 07:26:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=CtAH3jtbEfgK8eruYqvgITrBDyfzXE4MSNUdZi5ewe4=; b=fVtSXGyA7wTWLm3Y3N7J8NjsFPEY8JMmXDibJnoxoFKKDo3M9pQTgz0toMVtkITYwapjizq6HMsx2abs5+/tTBsX7w8Tj0MDE5lF6X4ooWE/MVai5cK4ziGVXAULGBRGmbSFk7gZcwde4/InVYGgBmRJjmOIQHguOfjPn71pSJ0=
Received: from DB5PR08MB0615.eurprd08.prod.outlook.com (10.169.32.149) by DB5PR08MB0615.eurprd08.prod.outlook.com (10.169.32.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.218.12; Thu, 16 Nov 2017 15:26:30 +0000
Received: from DB5PR08MB0615.eurprd08.prod.outlook.com ([fe80::b123:af71:1ed2:1057]) by DB5PR08MB0615.eurprd08.prod.outlook.com ([fe80::b123:af71:1ed2:1057%14]) with mapi id 15.20.0218.015; Thu, 16 Nov 2017 15:26:30 +0000
From: Brendan Moran <Brendan.Moran@arm.com>
To: "Dr. Pala" <director@openca.org>
CC: "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] Quantum resistance in firmware formats
Thread-Index: AQHTWjMbF/n5gxF7AUeqWeCW2Qgfi6MNz/4AgAAbNYCAAExiAIAAAgKAgADxXQCABpMcgIAASFaAgAEjwQA=
Date: Thu, 16 Nov 2017 15:26:30 +0000
Message-ID: <10A09BC4-0726-4E7A-B70C-8122F61308D7@arm.com>
References: <21176.1510325360@obiwan.sandelman.ca> <74B896C8-2C93-4AEB-9508-69E8CE5CB7CE@vigilsec.com> <8387.1510337691@obiwan.sandelman.ca> <CGME20171110224828epcas2p4b29c2e1e0a6e9eaecc89e4c6c178256c@epcas2p4.samsung.com> <6FFC42C7-5049-432B-B608-598D2596B3A2@vigilsec.com> <D62B6E19.11193%m.nakhjiri@ssi.samsung.com> <F91D5062-E690-47CC-AD3C-9FA15017B485@tzi.org> <D631BC41.11484%m.nakhjiri@ssi.samsung.com> <3b157673-23d9-d804-86c4-c6b51a56b040@openca.org>
In-Reply-To: <3b157673-23d9-d804-86c4-c6b51a56b040@openca.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-mailer: Apple Mail (2.3273)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Brendan.Moran@arm.com; 
x-originating-ip: [217.140.96.140]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DB5PR08MB0615; 6:8Poe7olQSVKAhtAVz/r+gH2frJS6+foyYMw6rdJjLk4dhrlZmFvDDV/Zg/TX1izHAxfIx3lPkGJyYhZrZieeyEHfYcl66eu/KCqS7yUhldNnxsETzDEd3+M+qluzxlCuEOAIBr1tYbg9rwpJQmNmavsFToZdO9qh2wDI35efLnRYSbJNlVZzySPwmvK91tgXAZLhnfGUlHPhyVyBk0DvnClDd77BFLmSVb2Fgs7ZhFglbkjA7Yi5PjkjyB119xCZp1kbSL3WMu5VFbm/hIs8iRwKUlWmB7r768buT2WYIBIWQtywEqMzMrKLGnySz0xMo2g0X+h9jZoQtyWCtP1spnfy2KwrAnB0YNK98LRkthU=; 5:EpFQxsbuJ9ViqTNpYO24wLNRKuFsEZawRqIqmFHdtYlf3roPmV5e6ln2rBNlRoCOzwHoghi2Yt9/UI5JbVuq69lBLBc1HdkLHm5wAYyAGqsVbAtbIPY+tU+Bx5rlPpwbBL3yrx/m3K9AmmcfUBBOYGGNOXwlouBofVpckwBbOzc=; 24:7ZFtmtqN/McobJGX5PMJEA1wjJ5g5TvMPNcLpsg+8iq6BlQGaFfGPC6Vd+wZeaL91EQ67/cb6g+aVF6OUQ9nrD/bfMGOInjxVPlaIISZPE0=; 7:N2yOYymfFnh8xq4utRkKgS2OO+2sGql4Q83tU5Wel0FxQfkLMH/HGLQHtiYHUS68wls2bn5lMBD1yo5f3c9Q+8BgiFASl+eRSeTPitZimoy4nVA1CqmMH5JEyvEE+O64nbXE2SiMRFtcYMrzU7hN5u4qLbTvOyQlr8RZuoY0StGCI44YyJy9lS1MT9RG7/xxLNotOC+yGYmQraDHRfEPy3X/erZBGqnh+juNYJYk2m13fmMhmH+hJUyFzm9ij5WI
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 75aebf92-6264-4216-1edb-08d52d0669b3
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(2017052603199); SRVR:DB5PR08MB0615; 
x-ms-traffictypediagnostic: DB5PR08MB0615:
x-microsoft-antispam-prvs: <DB5PR08MB0615C40021906DDC730F2997EA2E0@DB5PR08MB0615.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(100000703101)(100105400095)(3002001)(93006095)(93001095)(10201501046)(3231022)(6055026)(6041248)(20161123564025)(20161123555025)(20161123558100)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123562025)(20161123560025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:DB5PR08MB0615; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:DB5PR08MB0615; 
x-forefront-prvs: 0493852DA9
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(376002)(346002)(39860400002)(189002)(40434004)(24454002)(199003)(83716003)(101416001)(72206003)(53546010)(2906002)(6512007)(68736007)(14454004)(50986999)(2900100001)(76176999)(5660300001)(53936002)(8936002)(81166006)(8676002)(3280700002)(81156014)(3660700001)(478600001)(50226002)(102836003)(3846002)(33656002)(4326008)(316002)(99286004)(6246003)(25786009)(6486002)(229853002)(6116002)(36756003)(6916009)(6506006)(189998001)(5890100001)(105586002)(57306001)(106356001)(93886005)(66066001)(82746002)(7736002)(6436002)(2950100002)(5250100002)(86362001)(305945005)(97736004); DIR:OUT; SFP:1101; SCL:1; SRVR:DB5PR08MB0615; H:DB5PR08MB0615.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords;  MX:1; A:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <2B6BD39E14419C4F91802AF1E52C7DED@eurprd08.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 75aebf92-6264-4216-1edb-08d52d0669b3
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Nov 2017 15:26:30.8568 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB5PR08MB0615
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/abBMsWlCQsXvzVyB7sPmQbB41Io>
Subject: Re: [Suit] Quantum resistance in firmware formats
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Nov 2017 15:26:36 -0000

SGkgTWF4LA0KDQo+IE9uIDE1IE5vdiAyMDE3LCBhdCAyMjowMiwgRHIuIFBhbGEgPGRpcmVjdG9y
QG9wZW5jYS5vcmc+IHdyb3RlOg0KPj4gWy4uLl0NCj4+IFJlZ2FyZGluZyB2ZXJpZmljYXRpb24s
IGl0IHdvbsK5dCBqdXN0IGhhcHBlbiBvbiB0aGUgb2NjYXNpb25hbCBmaXJtd2FyZQ0KPj4gdXBk
YXRlLiBJZiB5b3UgbmVlZCB0byBidWlsZCB0aGUgZW50aXJlIHN0YWNrIGJhc2VkIG9uIHRoaXMg
dXBkYXRlLCB0aGVuDQo+PiBpdCB3aWxsIG5lZWQgdG8gaGFwcGVuIGV2ZXJ5IHRpbWUgeW91IGJv
b3QgdXAuDQo+IE5vdCBuZWNlc3NhcmlseS4gSW4gcGFydGljdWxhciwgYWZ0ZXIgdGhlIGZpcm13
YXJlIGlzIHZlcmlmaWVkIGZvciBpbnN0YWxsYXRpb24sIHRoZSBkZXZpY2UgY291bGQgdXNlIHNp
bXBsZXIgbWVjaGFuaXNtcyAoZS5nLiwgSE1BQyB3LyBhIGRldmljZS1zcGVjaWZpYyBzZWNyZXQg
LSBob3BlZnVsbHkgSFcgcHJvdGVjdGVkIGxpa2Ugd2UgaGF2ZSBpbiBtYW55IGNoaXBzIHRvZGF5
KSB0byBxdWlja2x5IHZhbGlkYXRlIHRoYXQgdGhlIGltYWdlIGhhcyBub3QgY2hhbmdlZCBhY3Jv
c3MgYm9vdHMgKHRoYXQgaXMgYWN0dWFsbHkgYWxsIGlzIG5lZWRlZCBhZnRlciB0aGUgaW5pdGlh
bCB2YWxpZGF0aW9uIGhhcyBvY2N1cnJlZCBkdXJpbmcgImluc3RhbGxhdGlvbuKAnSkuDQoNCkni
gJl2ZSBkaXNjdXNzZWQgdGhpcyBvcHRpb24gYSBiaXQgaW4gdGhlIHBhc3QuIFRoZSBjaGFsbGVu
Z2UgaGVyZSBpcyB0aGF0IHRoZXJlIGFyZSB0d28gc3RlcHMgaW4gdGhlIGNoYWluIG9mIHRydXN0
LiBUaGUgYm9vdCBsb2FkZXIgdHJ1c3RzIHRoZSB2ZXJpZmllci4gVGhlIHZlcmlmaWVyIHRydXN0
cyB0aGUgdXBkYXRlIGF1dGhvcml0eShzKS4gTm93LCBpZiB0aGUgdmVyaWZpZXIgaXMgaW4gdGhl
IGJvb3QgbG9hZGVyLCB0aGlzIGlzIGEgc2luZ2xlIHRydXN0IHJlbGF0aW9uc2hpcC4gSG93ZXZl
ciwgaWYgdGhlIHZlcmlmaWVyIGxpdmVzIG91dHNpZGUgdGhlIGJvb3QgbG9hZGVyLCB0aGVuIHRo
aW5ncyBhcmUgbW9yZSBjb21wbGV4LiBUaGUgYm9vdCBsb2FkZXIgbXVzdCB0cnVzdCB0aGUgYXBw
bGljYXRpb24uIFRoaXMgc3VnZ2VzdHMgdGhhdCB0aGUgYXBwbGljYXRpb24gd2lsbCByZXF1aXJl
IHNvbWUgc29ydCBvZiBzZWN1cmUgcHJvY2Vzc2luZyBlbnZpcm9ubWVudCBhbmQgc29tZSBmb3Jt
IG9mIGF0dGVzdGF0aW9uLg0KDQpCZXN0IFJlZ2FyZHMsDQpCcmVuZGFuDQoNCklNUE9SVEFOVCBO
T1RJQ0U6IFRoZSBjb250ZW50cyBvZiB0aGlzIGVtYWlsIGFuZCBhbnkgYXR0YWNobWVudHMgYXJl
IGNvbmZpZGVudGlhbCBhbmQgbWF5IGFsc28gYmUgcHJpdmlsZWdlZC4gSWYgeW91IGFyZSBub3Qg
dGhlIGludGVuZGVkIHJlY2lwaWVudCwgcGxlYXNlIG5vdGlmeSB0aGUgc2VuZGVyIGltbWVkaWF0
ZWx5IGFuZCBkbyBub3QgZGlzY2xvc2UgdGhlIGNvbnRlbnRzIHRvIGFueSBvdGhlciBwZXJzb24s
IHVzZSBpdCBmb3IgYW55IHB1cnBvc2UsIG9yIHN0b3JlIG9yIGNvcHkgdGhlIGluZm9ybWF0aW9u
IGluIGFueSBtZWRpdW0uIFRoYW5rIHlvdS4NCg==


From nobody Thu Nov 16 09:31:50 2017
Return-Path: <david.brown@linaro.org>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B56F126BF6 for <suit@ietfa.amsl.com>; Thu, 16 Nov 2017 09:31:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level: 
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=linaro.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id upvkExI3_FQA for <suit@ietfa.amsl.com>; Thu, 16 Nov 2017 09:31:47 -0800 (PST)
Received: from mail-it0-x241.google.com (mail-it0-x241.google.com [IPv6:2607:f8b0:4001:c0b::241]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A0A71124C27 for <suit@ietf.org>; Thu, 16 Nov 2017 09:31:47 -0800 (PST)
Received: by mail-it0-x241.google.com with SMTP id b5so895080itc.3 for <suit@ietf.org>; Thu, 16 Nov 2017 09:31:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;  h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:content-transfer-encoding:in-reply-to :user-agent; bh=771BWh7jQ/8XsamPz4nrqHj4HlBQ2LDFVTA1F2AgojU=; b=IOEuiz5yCwEHHVuzPUkO8Zf4p2xdJkfwkNJGp6fPPLu9K7Hw+R/hB8UhMFVys0Y8rM biqOl4HuR+prqsum4gd9o3iCEkL6bVT0X6dSU4Q66L80NGoYkR9wSTco8txusjCTbus2 O7EEdhQtko1PtyhjHKYyC9O2IF5y284myUsQE=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:content-transfer-encoding :in-reply-to:user-agent; bh=771BWh7jQ/8XsamPz4nrqHj4HlBQ2LDFVTA1F2AgojU=; b=Ov2ud5CcEWRqodlJ5PIdqSdKrf5P43EFa/spPcyvmBnYNE5INEud7UTzwPg1GWASl+ Az5eq9bxWBj7tOFF9xXX3DhZOVlB8t9+VMjzbragjKtEGOGcX9rtKP0uB1HIIH/+j5dQ TbfkJNv3Ckh37MIk2vRCWuAKjx78PLYaqI62ubvPGgtHvdvSC1Y53VUGSO9Jals2Sb+H yMirCQjZaiz8eVjhDT+pegTgGY9z8/7jgL9qr3yDMkU6pOOwJDOJmlOlEfRVrtn4g1HJ epmEO2u3Joac35NgXdSwEVDqniswLj5Q5SasUdD4NDr+HvfV88sR4SEhYPpS7Mjsqhv3 U3hA==
X-Gm-Message-State: AJaThX4b1NZK7YehFULPfvbEeuoUFJqeABX/EvGJL8YgULaEfswcoXEe DQs5WjSCH0lGqaprOPVDKtNKiQ==
X-Google-Smtp-Source: AGs4zMbmquHvmjWJvt8l8bZYJ8y1NVxH8hZJapqcppaHmk69c7gN7GUUPFbmz3Mfslb1lQvx6k2uNg==
X-Received: by 10.36.178.78 with SMTP id h14mr2939463iti.107.1510853506809; Thu, 16 Nov 2017 09:31:46 -0800 (PST)
Received: from davidb.org ([2601:283:4300:afc2::9]) by smtp.gmail.com with ESMTPSA id s81sm980509ita.19.2017.11.16.09.31.45 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 16 Nov 2017 09:31:45 -0800 (PST)
Date: Thu, 16 Nov 2017 10:31:43 -0700
From: David Brown <david.brown@linaro.org>
To: Brendan Moran <Brendan.Moran@arm.com>
Cc: "Dr. Pala" <director@openca.org>, "suit@ietf.org" <suit@ietf.org>
Message-ID: <20171116173143.GA13094@davidb.org>
References: <21176.1510325360@obiwan.sandelman.ca> <74B896C8-2C93-4AEB-9508-69E8CE5CB7CE@vigilsec.com> <8387.1510337691@obiwan.sandelman.ca> <CGME20171110224828epcas2p4b29c2e1e0a6e9eaecc89e4c6c178256c@epcas2p4.samsung.com> <6FFC42C7-5049-432B-B608-598D2596B3A2@vigilsec.com> <D62B6E19.11193%m.nakhjiri@ssi.samsung.com> <F91D5062-E690-47CC-AD3C-9FA15017B485@tzi.org> <D631BC41.11484%m.nakhjiri@ssi.samsung.com> <3b157673-23d9-d804-86c4-c6b51a56b040@openca.org> <10A09BC4-0726-4E7A-B70C-8122F61308D7@arm.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <10A09BC4-0726-4E7A-B70C-8122F61308D7@arm.com>
User-Agent: Mutt/1.7.2 (2016-11-26)
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/0EHW22tNP9myX459wQ9SVfEaIvg>
Subject: Re: [Suit] Quantum resistance in firmware formats
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Nov 2017 17:31:49 -0000

On Thu, Nov 16, 2017 at 03:26:30PM +0000, Brendan Moran wrote:
>Hi Max,
>
>> On 15 Nov 2017, at 22:02, Dr. Pala <director@openca.org> wrote:
>>> [...]
>>> Regarding verification, it won¹t just happen on the occasional firmware
>>> update. If you need to build the entire stack based on this update, then
>>> it will need to happen every time you boot up.
>> Not necessarily. In particular, after the firmware is verified for installation, the device could use simpler mechanisms (e.g., HMAC w/ a device-specific secret - hopefully HW protected like we have in many chips today) to quickly validate that the image has not changed across boots (that is actually all is needed after the initial validation has occurred during "installation”).
>
>I’ve discussed this option a bit in the past. The challenge here is
>that there are two steps in the chain of trust. The boot loader
>trusts the verifier. The verifier trusts the update authority(s).
>Now, if the verifier is in the boot loader, this is a single trust
>relationship. However, if the verifier lives outside the boot loader,
>then things are more complex. The boot loader must trust the
>application. This suggests that the application will require some
>sort of secure processing environment and some form of attestation.

If we have the situation where it is the trusted bootloader that is
doing the HMAC, it also has to have the capability to verify the
signature, which reduces the benefit of using the HMAC for
verification.

It can still be useful, though, if considered a performance
improvement.  For example, a small implementation of Ed25519 might
take several seconds to verify a signature.  If the bootloader could
verify the signature once, and then write an HMAC with a device key
only it has access to, subsequent boots could be much faster.

David


From nobody Thu Nov 16 09:45:08 2017
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 936B8127869 for <suit@ietfa.amsl.com>; Thu, 16 Nov 2017 09:45:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level: 
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h2lhWm8nQRuu for <suit@ietfa.amsl.com>; Thu, 16 Nov 2017 09:45:02 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6D056126C89 for <suit@ietf.org>; Thu, 16 Nov 2017 09:45:02 -0800 (PST)
Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id 98F8720091; Thu, 16 Nov 2017 12:46:46 -0500 (EST)
Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id EBBCD82639; Thu, 16 Nov 2017 12:45:00 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Madjid Nakhjiri <m.nakhjiri@samsung.com>
cc: Russ Housley <housley@vigilsec.com>, "suit\@ietf.org" <suit@ietf.org>
In-Reply-To: <D631BA68.11474%m.nakhjiri@ssi.samsung.com>
References: <21176.1510325360@obiwan.sandelman.ca> <74B896C8-2C93-4AEB-9508-69E8CE5CB7CE@vigilsec.com> <8387.1510337691@obiwan.sandelman.ca> <CGME20171110224828epcas2p4b29c2e1e0a6e9eaecc89e4c6c178256c@epcas2p4.samsung.com> <6FFC42C7-5049-432B-B608-598D2596B3A2@vigilsec.com> <D62B6E19.11193%m.nakhjiri@ssi.samsung.com> <6384.1510422441@obiwan.sandelman.ca> <D631BA68.11474%m.nakhjiri@ssi.samsung.com>
X-Mailer: MH-E 8.6; nmh 1.7-RC3; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature"
Date: Thu, 16 Nov 2017 12:45:00 -0500
Message-ID: <5809.1510854300@obiwan.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/raNycF78XgW7mh8hw2dlo8ZHyJ8>
Subject: Re: [Suit] Quantum resistance in firmware formats
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Nov 2017 17:45:07 -0000

--=-=-=
Content-Type: text/plain


Madjid Nakhjiri <m.nakhjiri@samsung.com> wrote:
    > So SHA-256 is just the hash, but I was referring to the signature
    > algorithm (Lamport, Diffie, Winternitz, and Merkle (LDWM)) that
    > requires its own public/private key pair.

yes, but LDWM is repeated hashing in a particular way.
Yes, you are right, it still has a private key, which the generator of the
firmware needs to know.

    > key to sign and public key to verify?  The questions are: 1) is LDWM
    > quantum resistant?

That's my understanding.

    > And more importantly 2) and 3) here 2) Is there an
    > HSM out there today that hosts a LDWM private key signing storage and
    > operation?

I'm sure that one could be built.
I'll bet that https://cryptech.is/ could be adapted to keep the private key.

--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-




--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAloNzpwACgkQgItw+93Q
3WUx8wgAo67UydpDFdB6c7SrCVSMkhNER3jLeq08xzfid0NN/5+cB4wUTzrCiosQ
bntCtNCVWZCzOFQRCHZCRMlk1g71qiw6U0P3vGAnQGsE19FKV93bTyOq3gEU8wvg
HdqY9IP20V/py6fS1/1OZX83ZjtwRJ+hRzZa+3bv08zfnP8npuHDtIrkF9sMMmbi
N2amEjEgHaKT7BKSc0DSI0rN+uAuC0qOsIxQx+XqlBNhfspHLkuy5ppqnMRCuI+U
Zzd3/N/wU0dQG3LyJPhaPlrfHJq80LHn8uX1J858jZ0Wujoyn5Va+XwVY4taC9kA
6nwlvuN0rKvlGKO3ge2+D0+iD88ObQ==
=PGl5
-----END PGP SIGNATURE-----
--=-=-=--


From nobody Thu Nov 16 14:12:30 2017
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD6F0126DD9 for <suit@ietfa.amsl.com>; Thu, 16 Nov 2017 14:12:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level: 
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A0rEqUlKZrZm for <suit@ietfa.amsl.com>; Thu, 16 Nov 2017 14:12:28 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A4D15126BF3 for <suit@ietf.org>; Thu, 16 Nov 2017 14:12:28 -0800 (PST)
Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id 96C4E20072; Thu, 16 Nov 2017 17:14:13 -0500 (EST)
Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 4DA4782B25; Thu, 16 Nov 2017 17:12:27 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Brendan Moran <Brendan.Moran@arm.com>
cc: "Dr. Pala" <director@openca.org>, "suit\@ietf.org" <suit@ietf.org>
In-Reply-To: <10A09BC4-0726-4E7A-B70C-8122F61308D7@arm.com>
References: <21176.1510325360@obiwan.sandelman.ca> <74B896C8-2C93-4AEB-9508-69E8CE5CB7CE@vigilsec.com> <8387.1510337691@obiwan.sandelman.ca> <CGME20171110224828epcas2p4b29c2e1e0a6e9eaecc89e4c6c178256c@epcas2p4.samsung.com> <6FFC42C7-5049-432B-B608-598D2596B3A2@vigilsec.com> <D62B6E19.11193%m.nakhjiri@ssi.samsung.com> <F91D5062-E690-47CC-AD3C-9FA15017B485@tzi.org> <D631BC41.11484%m.nakhjiri@ssi.samsung.com> <3b157673-23d9-d804-86c4-c6b51a56b040@openca.org> <10A09BC4-0726-4E7A-B70C-8122F61308D7@arm.com>
X-Mailer: MH-E 8.6; nmh 1.7-RC3; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature"
Date: Thu, 16 Nov 2017 17:12:27 -0500
Message-ID: <7657.1510870347@obiwan.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/ufJlGmWbhZTjpKIbOz_DMnEvdD4>
Subject: Re: [Suit] Quantum resistance in firmware formats
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Nov 2017 22:12:30 -0000

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable


Brendan Moran <Brendan.Moran@arm.com> wrote:
    > I=E2=80=99ve discussed this option a bit in the past. The challenge h=
ere is
    > that there are two steps in the chain of trust. The boot loader trusts
    > the verifier. The verifier trusts the update authority(s). Now, if the
    > verifier is in the boot loader, this is a single trust
    > relationship. However, if the verifier lives outside the boot loader,
    > then things are more complex. The boot loader must trust the
    > application. This suggests that the application will require some sort
    > of secure processing environment and some form of attestation.

You describe the situation well.

As far as I can see, this has no affect on the shape of the bits on wire.
Do you agree that this is an implementation issue.  Not a trivial one, but
never-the-less, not "our" problem.

(And yes, it's possible to do it wrong and wind up having very long boot
times as a result)

It might matter as to how many firmware packages are sent, as perhaps one of
them needs to be signed in a teep-happy way either in-addition-to, or
instead-of, the other signature.

So in the end, the requirement for multiple signatures seems to capture this
situation?

=2D-
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -=3D IPv6 IoT consulting =3D-




--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAloODUoACgkQgItw+93Q
3WVJcggAn+KzpsCQEqQTKpq37uGJvWU2a57B0sRWgXEtHSBsd1LuF+bYW6Z89cgH
45lf7wLjaRQccMlmznx2BNFqNT4UcXJUI1NLBgGkt50rDdzEsH0n5fxC0lmikrQE
NKMbpTwT6kXMZ21c4fAXISyIjlwktAKIK5ydsuzPDFaY9Fq6/AnYd3cQkRlIg4Sv
EweVqMtJqJkSju+tNhEZXel374tAkK5C5PXI3/xrKKH3NyBa9WtbKArQR8kj7ccg
u1l/+q10OisWiGEbdYcgSUmBFvPoZ2w7C1o1KoxzEsH3BQJ75gKiz3fPHm+k56Bp
hvRGaYZc5ngmrE0G0tnXEDGr2OiF/A==
=pBrf
-----END PGP SIGNATURE-----
--=-=-=--


From nobody Thu Nov 16 15:22:08 2017
Return-Path: <madwolf@openca.org>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C55201270A0 for <suit@ietfa.amsl.com>; Thu, 16 Nov 2017 15:22:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.891
X-Spam-Level: 
X-Spam-Status: No, score=-1.891 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_HK_NAME_DR=0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ge0jLTrNPewW for <suit@ietfa.amsl.com>; Thu, 16 Nov 2017 15:22:04 -0800 (PST)
Received: from mail.katezarealty.com (mail.katezarealty.com [104.168.158.213]) by ietfa.amsl.com (Postfix) with ESMTP id 80EF6126E64 for <suit@ietf.org>; Thu, 16 Nov 2017 15:22:04 -0800 (PST)
Received: from localhost (unknown [127.0.0.1]) by mail.katezarealty.com (Postfix) with ESMTP id 54B3C37412BD for <suit@ietf.org>; Thu, 16 Nov 2017 23:22:04 +0000 (UTC)
X-Virus-Scanned: amavisd-new at katezarealty.com
Received: from mail.katezarealty.com ([127.0.0.1]) by localhost (mail.katezarealty.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id pb3Qh_yFWD-8 for <suit@ietf.org>; Thu, 16 Nov 2017 18:22:03 -0500 (EST)
Received: from dhcp-98fb.meeting.ietf.org (dhcp-98fb.meeting.ietf.org [31.133.152.251]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.katezarealty.com (Postfix) with ESMTPSA id 255EC3740FDE for <suit@ietf.org>; Thu, 16 Nov 2017 18:22:02 -0500 (EST)
To: suit@ietf.org
References: <E1eF1IJ-0004Rb-Ic@rmmprod07.runbox> <AM4PR0801MB2706753509EC589A3F8B4B88FA2E0@AM4PR0801MB2706.eurprd08.prod.outlook.com> <DM5PR21MB085902F3A3D6051C4600A3C3A32E0@DM5PR21MB0859.namprd21.prod.outlook.com> <AM4PR0801MB27068C5493CE265F32289D3FFA2E0@AM4PR0801MB2706.eurprd08.prod.outlook.com> <d366fd49-e7a5-a198-febf-1efada27bada@openca.org> <CAMVss_rkq0337vgTRqWsf3HRF7MJA_PVRc+v0BWQunUdLK1SzQ@mail.gmail.com>
From: "Dr. Pala" <madwolf@openca.org>
Message-ID: <f67e30ce-aa6e-494a-62a5-9028278c1301@openca.org>
Date: Fri, 17 Nov 2017 07:22:01 +0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <CAMVss_rkq0337vgTRqWsf3HRF7MJA_PVRc+v0BWQunUdLK1SzQ@mail.gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/T1UpuQ4b5syUPvcC07rjQt_trBE>
Subject: Re: [Suit] Make it clear that end-users MUST be able to NOT update
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Nov 2017 23:22:06 -0000

Hi Justin,

nice to read you again :D I hope everything is great with you :D

On 11/16/17 10:41 PM, Justin Cappos wrote:
> Max: If you use delegations, you can have the flexibility to cover 
> this case, multiple signatures, and many other features.  It seems 
> likely to cover more cases than trying to pre-define different roles 
> which all perform the same task.
Can you elaborate more about what you mean by "delegation" ? Keep in 
mind the constraints that these devices have (class1) - a 
delegation/role based model might be difficult to support or scare 
device vendors in case it is complex. Can you provide some more details 
about what you mean by using delegations ?

Cheers,
Max


From nobody Fri Nov 17 02:02:08 2017
Return-Path: <rod@proteancode.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DCD42120724 for <suit@ietfa.amsl.com>; Fri, 17 Nov 2017 02:02:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.1
X-Spam-Level: 
X-Spam-Status: No, score=-0.1 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=proteancode.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dno6-ZLxkT-p for <suit@ietfa.amsl.com>; Fri, 17 Nov 2017 02:02:02 -0800 (PST)
Received: from cloud01.winterhost.co.uk (cloud01.winterhost.co.uk [46.17.91.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3897A124217 for <suit@ietf.org>; Fri, 17 Nov 2017 02:02:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=proteancode.com; s=default; h=Content-Type:MIME-Version:Date:Message-ID: Subject:From:To:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=P436oVDX1tSXappPNo6W5M8e/6iRq1Dh2iZX7FyJya0=; b=eRPQg6ILImVPtUw+oeYkjhtMWd vrhkK2K8bDcAG4KbsGw5FqDVZSNXJ+ysvDBx1iIX4NUM0/Q/GD9I00Z+31P3uRs10szCVJ3uWwDCh MIEUs/eYUUTSqOoOd1SEfAVGB8pqFDY/DdV/eFKDxObEKO7pauB44Yue2dkRoiUakMPY=;
Received: from [80.194.246.99] (port=65386 helo=RodPro.local) by cloud01.winterhost.co.uk with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.89) (envelope-from <rod@proteancode.com>) id 1eFdTD-0003BU-OY for suit@ietf.org; Fri, 17 Nov 2017 10:01:59 +0000
To: suit@ietf.org
From: Roderick Chapman <rod@proteancode.com>
Message-ID: <d2685465-d944-8913-c655-b327db357e2a@proteancode.com>
Date: Fri, 17 Nov 2017 10:01:57 +0000
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="------------F465911E9B0831A566972C2F"
Content-Language: en-US
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - cloud01.winterhost.co.uk
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - proteancode.com
X-Get-Message-Sender-Via: cloud01.winterhost.co.uk: authenticated_id: rod@proteancode.com
X-Authenticated-Sender: cloud01.winterhost.co.uk: rod@proteancode.com
X-Source: 
X-Source-Args: 
X-Source-Dir: 
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/f4IETH3OsnG3cg3GfTfn37CH27k>
Subject: [Suit] US National Academies workshop report
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Nov 2017 10:02:07 -0000

This is a multi-part message in MIME format.
--------------F465911E9B0831A566972C2F
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit

Some of you might find this of interest:

http://nap.edu/24833

  - Rod

  


--------------F465911E9B0831A566972C2F
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 8bit

<html>
  <head>

    <meta http-equiv="content-type" content="text/html; charset=utf-8">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <p><font size="+1">Some of you might find this of interest:</font></p>
    <pre wrap=""><a class="moz-txt-link-freetext" href="http://nap.edu/24833">http://nap.edu/24833</a>

 - Rod

</pre>
    <p><font size="+1"> </font><br>
    </p>
  </body>
</html>

--------------F465911E9B0831A566972C2F--


From nobody Fri Nov 17 12:36:46 2017
Return-Path: <justincappos@gmail.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 29ED41200B9 for <suit@ietfa.amsl.com>; Fri, 17 Nov 2017 12:36:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.698
X-Spam-Level: 
X-Spam-Status: No, score=-1.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.199, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QZuBza6XElMT for <suit@ietfa.amsl.com>; Fri, 17 Nov 2017 12:36:42 -0800 (PST)
Received: from mail-ot0-x22c.google.com (mail-ot0-x22c.google.com [IPv6:2607:f8b0:4003:c0f::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 29048120454 for <suit@ietf.org>; Fri, 17 Nov 2017 12:36:42 -0800 (PST)
Received: by mail-ot0-x22c.google.com with SMTP id t79so3074237ota.3 for <suit@ietf.org>; Fri, 17 Nov 2017 12:36:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;  h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=EgKFf4y3RDP7SeudD0JqyCr8bgEpbvrWJ61TGWXh0HA=; b=unSWtrHeMQpQ33lev0ItU14iqXEJWLdigrYYBs82pTjFlyiEjYelzJwfhjXvnSmxqh ahHZ+mHX1RAjjpywbZOErHW0O4kQwr7EXxkXotCpErRd26sA+/eIMKUbL1eOLCxt+u7x jkOFjpWY3x5AmMZ15MAcljJ9w9gJEL2fIm0FZ9GHMO56l+G1xnUP/kB+YZ8UqEsIhuwa rXMm0BZzjXzb6FEll13Cx9f56W80F+tch6TEKuci9FgBO0zjVaaOS7G3JTYQQbItYxpj ArMXKH4Y474NRUt84Cf1zKR+WQsCXaE4UicE3C9utd0BChNyRszBK12zxjAN+sDlnM7D J07g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=EgKFf4y3RDP7SeudD0JqyCr8bgEpbvrWJ61TGWXh0HA=; b=GsXVeZq1mcJGsEBNXUUFUbYZFjDNBag+4Itct8T3mqrVTFXCuODaiZ7AGd9wA+1jMe oQ3xYEFq4q8iAybLwkC1cm0H0Ftiq2fQoWJMqw0cq5oixXGLn6ymRLTvopBNbTMNlQJv Ddz3Y/brsCk4XSy6PkoktWJmbEo0NKcHvlqHltSlXQjGBpuB0K6IFoKuEMo4vEIeM2AG hBMZeQbZi/lr5fOLTvo8YFTLauBuUpfnd1hIALWE3R/S+0T+lzDqyyV8q/pVwuvqJ+bS 6INshP9IUqzXkTecmm0Pu+jszuPabW7SNzuNGttJr7gUU3i9m7IRY/Nl0PGidTVK9pHW VzfQ==
X-Gm-Message-State: AJaThX5E7PnmGqp0vTwlUdTbMiwWeLSQUxYxQ6bc2XS3jFrCmCOWKnkF Fshs796q+sXKlsfeXLn4JDbAD9G1gwfV8obykF8Exw==
X-Google-Smtp-Source: AGs4zMbgqvbW3z8HaZyesYKXGm/z6IYf1xQs79c8S6mgCP/j6cCwZwdbIfALfQHUW7Q8zlliDReOxik2+ssgvvh5HCw=
X-Received: by 10.157.27.101 with SMTP id l92mr2211455otl.315.1510951001399; Fri, 17 Nov 2017 12:36:41 -0800 (PST)
MIME-Version: 1.0
Sender: justincappos@gmail.com
Received: by 10.157.89.208 with HTTP; Fri, 17 Nov 2017 12:36:20 -0800 (PST)
In-Reply-To: <f67e30ce-aa6e-494a-62a5-9028278c1301@openca.org>
References: <E1eF1IJ-0004Rb-Ic@rmmprod07.runbox> <AM4PR0801MB2706753509EC589A3F8B4B88FA2E0@AM4PR0801MB2706.eurprd08.prod.outlook.com> <DM5PR21MB085902F3A3D6051C4600A3C3A32E0@DM5PR21MB0859.namprd21.prod.outlook.com> <AM4PR0801MB27068C5493CE265F32289D3FFA2E0@AM4PR0801MB2706.eurprd08.prod.outlook.com> <d366fd49-e7a5-a198-febf-1efada27bada@openca.org> <CAMVss_rkq0337vgTRqWsf3HRF7MJA_PVRc+v0BWQunUdLK1SzQ@mail.gmail.com> <f67e30ce-aa6e-494a-62a5-9028278c1301@openca.org>
From: Justin Cappos <jcappos@nyu.edu>
Date: Fri, 17 Nov 2017 15:36:20 -0500
X-Google-Sender-Auth: hmprubnqabBneKB7HvxZsYNIh3E
Message-ID: <CAMVss_rwRr1ogHjxYbusTBP2aV7Ma0Y0tQ8Rhef5Y8T7VRdOUQ@mail.gmail.com>
To: "Dr. Pala" <madwolf@openca.org>
Cc: suit@ietf.org
Content-Type: multipart/alternative; boundary="94eb2c09d308b6293d055e33b157"
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/KwQcvPoFZewuuLVbHanXZ53pmZ8>
Subject: Re: [Suit] Make it clear that end-users MUST be able to NOT update
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Nov 2017 20:36:44 -0000

--94eb2c09d308b6293d055e33b157
Content-Type: text/plain; charset="UTF-8"

When you say class1, do you mean the Class 1 individual certificates
intended for individuals / email?

The delegation support I'm talking about is pretty straightforward (
https://isis.poly.edu/~jcappos/papers/samuel_tuf_ccs_2010.pdf
https://isis.poly.edu/~jcappos/papers/kuppusamy_nsdi_16.pdf ).  It's
basically just letting one say what other keys to trust in addition to what
hashes to trust.

So, normally you might sign a piece of metadata with image / hash names
like this:

"""
foo-1.0.tgz ab1234...
bar-1.0.tgz fedcba...
bar-1.1.tgz 987654...
zap-2.0.tgz 938271...

SIGNATURE (ACME co):
XXX
"""

The problem is that ACME co may have a lot of different developers or
suppliers and now you need to sign everything with ACME co's key.  With
delegations, you can selectively enable different parties to sign for some
files like this:

"""
foo-1.0.tgz ab1234...
bar* Alice(Alice pub...)
zap* Zapco(Zapco pub...)

SIGNATURE (ACME co):
XXX
"""

Now you can have separate pieces of metadata for Alice and Zapco that sign
for the files they are trusted to provide.

This really simple and lightweight mechanism provides the ability to handle
a whole lot of very complex situations, including things like letting users
choose whether they should manage when updates are applied vs letting
vendors do so, situations where Alice gets an intern and wants them to
build test versions of software, prevents key sharing, makes key
compromises less impactful, etc.

Delegations are the fundamental basis for TUF (used in desktop systems /
cloud) and Uptane (used in embedded systems like automobiles).

Thanks,
Justin



On Thu, Nov 16, 2017 at 6:22 PM, Dr. Pala <madwolf@openca.org> wrote:

> Hi Justin,
>
> nice to read you again :D I hope everything is great with you :D
>
> On 11/16/17 10:41 PM, Justin Cappos wrote:
>
>> Max: If you use delegations, you can have the flexibility to cover this
>> case, multiple signatures, and many other features.  It seems likely to
>> cover more cases than trying to pre-define different roles which all
>> perform the same task.
>>
> Can you elaborate more about what you mean by "delegation" ? Keep in mind
> the constraints that these devices have (class1) - a delegation/role based
> model might be difficult to support or scare device vendors in case it is
> complex. Can you provide some more details about what you mean by using
> delegations ?
>
> Cheers,
> Max
>
>
> _______________________________________________
> Suit mailing list
> Suit@ietf.org
> https://www.ietf.org/mailman/listinfo/suit
>

--94eb2c09d308b6293d055e33b157
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">When you say class1, do you mean the Class 1 individual ce=
rtificates intended for individuals / email?<div><br></div><div>The delegat=
ion support I&#39;m talking about is pretty straightforward ( <a href=3D"ht=
tps://isis.poly.edu/~jcappos/papers/samuel_tuf_ccs_2010.pdf">https://isis.p=
oly.edu/~jcappos/papers/samuel_tuf_ccs_2010.pdf</a> <a href=3D"https://isis=
.poly.edu/~jcappos/papers/kuppusamy_nsdi_16.pdf">https://isis.poly.edu/~jca=
ppos/papers/kuppusamy_nsdi_16.pdf</a>=C2=A0).=C2=A0 It&#39;s basically just=
 letting one say what other keys to trust in addition to what hashes to tru=
st.</div><div><br></div><div>So, normally you might sign a piece of metadat=
a with image / hash names like this:</div><div><br></div><div>&quot;&quot;&=
quot;</div><div>foo-1.0.tgz ab1234...</div><div>bar-1.0.tgz fedcba...</div>=
<div>bar-1.1.tgz 987654...</div><div>zap-2.0.tgz 938271...</div><div><br></=
div><div>SIGNATURE (ACME co):</div><div>XXX</div><div>&quot;&quot;&quot;</d=
iv><div><br></div><div>The problem is that ACME co may have a lot of differ=
ent developers or suppliers and now you need to sign everything with ACME c=
o&#39;s key.=C2=A0 With delegations, you can selectively enable different p=
arties to sign for some files like this:</div><div><br></div><div>&quot;&qu=
ot;&quot;</div><div>foo-1.0.tgz ab1234...</div><div><div>bar* Alice(Alice p=
ub...)</div><div>zap* Zapco(Zapco pub...)</div></div><div><div><br></div><d=
iv>SIGNATURE (ACME co):</div><div>XXX</div><div>&quot;&quot;&quot;</div></d=
iv><div><br></div><div>Now you can have separate pieces of metadata for Ali=
ce and Zapco that sign for the files they are trusted to provide.=C2=A0=C2=
=A0</div><div><br></div><div>This really simple and lightweight mechanism p=
rovides the ability to handle a whole lot of very complex situations, inclu=
ding things like letting users choose whether they should manage when updat=
es are applied vs letting vendors do so, situations where Alice gets an int=
ern and wants them to build test versions of software, prevents key sharing=
, makes key compromises less impactful, etc.</div><div><br></div><div>Deleg=
ations are the fundamental basis for TUF (used in desktop systems / cloud) =
and Uptane (used in embedded systems like automobiles).</div><div><br></div=
><div>Thanks,</div><div>Justin</div><div><br></div><div><br></div></div><di=
v class=3D"gmail_extra"><br><div class=3D"gmail_quote">On Thu, Nov 16, 2017=
 at 6:22 PM, Dr. Pala <span dir=3D"ltr">&lt;<a href=3D"mailto:madwolf@openc=
a.org" target=3D"_blank">madwolf@openca.org</a>&gt;</span> wrote:<br><block=
quote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc=
 solid;padding-left:1ex">Hi Justin,<br>
<br>
nice to read you again :D I hope everything is great with you :D<span class=
=3D""><br>
<br>
On 11/16/17 10:41 PM, Justin Cappos wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">
Max: If you use delegations, you can have the flexibility to cover this cas=
e, multiple signatures, and many other features.=C2=A0 It seems likely to c=
over more cases than trying to pre-define different roles which all perform=
 the same task.<br>
</blockquote></span>
Can you elaborate more about what you mean by &quot;delegation&quot; ? Keep=
 in mind the constraints that these devices have (class1) - a delegation/ro=
le based model might be difficult to support or scare device vendors in cas=
e it is complex. Can you provide some more details about what you mean by u=
sing delegations ?<br>
<br>
Cheers,<br>
Max<div class=3D"HOEnZb"><div class=3D"h5"><br>
<br>
______________________________<wbr>_________________<br>
Suit mailing list<br>
<a href=3D"mailto:Suit@ietf.org" target=3D"_blank">Suit@ietf.org</a><br>
<a href=3D"https://www.ietf.org/mailman/listinfo/suit" rel=3D"noreferrer" t=
arget=3D"_blank">https://www.ietf.org/mailman/l<wbr>istinfo/suit</a><br>
</div></div></blockquote></div><br></div>

--94eb2c09d308b6293d055e33b157--


From nobody Fri Nov 17 14:58:15 2017
Return-Path: <justincappos@gmail.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B9E95120724 for <suit@ietfa.amsl.com>; Fri, 17 Nov 2017 14:58:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.398
X-Spam-Level: 
X-Spam-Status: No, score=-2.398 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.199, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sQi2ZnCNnH1U for <suit@ietfa.amsl.com>; Fri, 17 Nov 2017 14:58:11 -0800 (PST)
Received: from mail-lf0-x22c.google.com (mail-lf0-x22c.google.com [IPv6:2a00:1450:4010:c07::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5C1681205F0 for <suit@ietf.org>; Fri, 17 Nov 2017 14:58:11 -0800 (PST)
Received: by mail-lf0-x22c.google.com with SMTP id y2so3397275lfj.4 for <suit@ietf.org>; Fri, 17 Nov 2017 14:58:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;  h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=5A/OJr9jm19kHsl9WYtyiaL2lv2JnQ+I9iCyilNgEzA=; b=s3kM7CsCqP3Pb1al3qvYnfTpYoUHLKcIX5oO9/LFmVDCyjIQLWn3T/arFE6i/VE9xV 0eLCMSYEdeu6xvLbZZk4DQhk3oSyOUEgCGCPJO7CXVrjfhrvmoDh7mfHPh+Cgmdy+E3E D+sSMAK9v6E2QezQtN19CeO2rkGibDC1IUopaUKeEXBPsQ7857laYfuxVBy5GQ1TlE7G a9rhbJAePf3iCQOtjdP8EVEtUEQwTCUYI+fd9Wc+kizR9yPa8nFvWUk5eybCYfpPGfS5 2sV4baXWjzH/i7kkfNrCfxLlF0LrITxMUpCEs1HeqIfaQoUHpeyYPVHccduv76ufW9iL u3pw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=5A/OJr9jm19kHsl9WYtyiaL2lv2JnQ+I9iCyilNgEzA=; b=bO4y5BRkRIfUqFycF5dGXCNMy856bsGA1ggVYM3eDvEZXhHQTTCqzQdyE92LxAoQ3/ BeM6Qc0rUoecZNhqahfL4tvl60r72l55Etk7wVNFuRwr43Gv2NWuKDZ4jyrIV38GSEkM 4lsHVR8VCRra9MBqHtOpnaWlBhVkNTCvju87pQl7Yq2WTEkjQVOGOkicvWPiDR1gzZCA JL6+AJdENmEuwCM78TYOcguB/NFHB6SdOnKmZEUZKcxYkf9vtF1TQb4b+BAMTmPZoU2X 7p4pcdZKCB5BCpv5m+fBGScv6BFGS9QpPv9Tf8Bkjhg+NZE7BZA1xjVUUHsYwglFMp2Y PoMw==
X-Gm-Message-State: AJaThX6atKysxGF01CZsatuxzdpq90b3pCjZjaPG9q5P1Iuk60m3hPWu AUpp2NG+59sNWBSSlY02xeWvm2pD9P2ZredW9P8=
X-Google-Smtp-Source: AGs4zMbVyuYsAmgBHRyf6dw1QOThFTiLMEppzGZuBK6PqV14Nk0kJ9Y5cPNM58LhesNY7zMQ2WcJ144m63CwnOHUC4Y=
X-Received: by 10.46.82.132 with SMTP id n4mr1534177lje.31.1510959489389; Fri, 17 Nov 2017 14:58:09 -0800 (PST)
MIME-Version: 1.0
Sender: justincappos@gmail.com
Received: by 10.46.16.86 with HTTP; Fri, 17 Nov 2017 14:57:48 -0800 (PST)
In-Reply-To: <16230.1510957152@obiwan.sandelman.ca>
References: <E1eF1IJ-0004Rb-Ic@rmmprod07.runbox> <AM4PR0801MB2706753509EC589A3F8B4B88FA2E0@AM4PR0801MB2706.eurprd08.prod.outlook.com> <DM5PR21MB085902F3A3D6051C4600A3C3A32E0@DM5PR21MB0859.namprd21.prod.outlook.com> <AM4PR0801MB27068C5493CE265F32289D3FFA2E0@AM4PR0801MB2706.eurprd08.prod.outlook.com> <d366fd49-e7a5-a198-febf-1efada27bada@openca.org> <CAMVss_rkq0337vgTRqWsf3HRF7MJA_PVRc+v0BWQunUdLK1SzQ@mail.gmail.com> <f67e30ce-aa6e-494a-62a5-9028278c1301@openca.org> <CAMVss_rwRr1ogHjxYbusTBP2aV7Ma0Y0tQ8Rhef5Y8T7VRdOUQ@mail.gmail.com> <16230.1510957152@obiwan.sandelman.ca>
From: Justin Cappos <jcappos@nyu.edu>
Date: Fri, 17 Nov 2017 17:57:48 -0500
X-Google-Sender-Auth: hriH8Oe9P_M6fbg42SWKJ-x8seQ
Message-ID: <CAMVss_oerN=WQ1R4ZiYsFnJ6SOWn4a--6aygZWXtgdVXWfni-Q@mail.gmail.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: suit@ietf.org
Content-Type: multipart/alternative; boundary="001a113be202a29931055e35ab5d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/v4wVJ-u4WhbBWU7BW_bOkOjb6w8>
Subject: Re: [Suit] Make it clear that end-users MUST be able to NOT update
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Nov 2017 22:58:14 -0000

--001a113be202a29931055e35ab5d
Content-Type: text/plain; charset="UTF-8"

Okay thanks for clarifying!  Class 1 devices look similar to what people
use for partial verification secondaries
<https://docs.google.com/document/d/1pBK--40BCg_ofww4GES0weYFB6tZRedAjUy6PJ4Rgzk/edit#heading=h.2xnymqq2dc48>
in Uptane...

Thanks,
Justin



On Fri, Nov 17, 2017 at 5:19 PM, Michael Richardson <mcr+ietf@sandelman.ca>
wrote:

>
> Justin Cappos <jcappos@nyu.edu> wrote:
>     > When you say class1, do you mean the Class 1 individual certificates
>     > intended for individuals / email?
>
> Unlikely.
> Probably class 1 device, according to RFC7228.
>
> https://tools.ietf.org/html/rfc7228#section-3
>
>
> --
> Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
>  -= IPv6 IoT consulting =-
>
>
>
>

--001a113be202a29931055e35ab5d
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Okay thanks for clarifying!=C2=A0 Class 1 devices look sim=
ilar to what people use for <a href=3D"https://docs.google.com/document/d/1=
pBK--40BCg_ofww4GES0weYFB6tZRedAjUy6PJ4Rgzk/edit#heading=3Dh.2xnymqq2dc48">=
partial verification secondaries</a> in Uptane...<div><br></div><div>Thanks=
,</div><div>Justin<br><div><br></div><div><br></div></div></div><div class=
=3D"gmail_extra"><br><div class=3D"gmail_quote">On Fri, Nov 17, 2017 at 5:1=
9 PM, Michael Richardson <span dir=3D"ltr">&lt;<a href=3D"mailto:mcr+ietf@s=
andelman.ca" target=3D"_blank">mcr+ietf@sandelman.ca</a>&gt;</span> wrote:<=
br><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left=
:1px #ccc solid;padding-left:1ex"><span class=3D""><br>
Justin Cappos &lt;<a href=3D"mailto:jcappos@nyu.edu">jcappos@nyu.edu</a>&gt=
; wrote:<br>
=C2=A0 =C2=A0 &gt; When you say class1, do you mean the Class 1 individual =
certificates<br>
=C2=A0 =C2=A0 &gt; intended for individuals / email?<br>
<br>
</span>Unlikely.<br>
Probably class 1 device, according to RFC7228.<br>
<br>
<a href=3D"https://tools.ietf.org/html/rfc7228#section-3" rel=3D"noreferrer=
" target=3D"_blank">https://tools.ietf.org/html/<wbr>rfc7228#section-3</a><=
br>
<br>
<br>
--<br>
Michael Richardson &lt;<a href=3D"mailto:mcr%2BIETF@sandelman.ca">mcr+IETF@=
sandelman.ca</a>&gt;, Sandelman Software Works<br>
=C2=A0-=3D IPv6 IoT consulting =3D-<br>
<br>
<br>
<br>
</blockquote></div><br></div>

--001a113be202a29931055e35ab5d--


From nobody Sun Nov 19 21:47:39 2017
Return-Path: <tk47@nyu.edu>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9278712711E for <suit@ietfa.amsl.com>; Sun, 19 Nov 2017 21:47:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nyu-edu.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9WTu8_ry2ws6 for <suit@ietfa.amsl.com>; Sun, 19 Nov 2017 21:47:36 -0800 (PST)
Received: from mail-it0-x230.google.com (mail-it0-x230.google.com [IPv6:2607:f8b0:4001:c0b::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DB7BE127078 for <suit@ietf.org>; Sun, 19 Nov 2017 21:47:36 -0800 (PST)
Received: by mail-it0-x230.google.com with SMTP id r127so10581059itb.5 for <suit@ietf.org>; Sun, 19 Nov 2017 21:47:36 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nyu-edu.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=c1aIEadg+ttzZAGjWI2mSAklX87dgvK5JzFOd5wUwrE=; b=uf6x0IRr5OBlEgnfna1f+mzPxKAH9p99aP/0PfXZm6h+M5LcvPLPQ8cmDLYgrRgbPm TQP6W17r4TsXfw7UWwhHy+7r9XhIBJKpju9qgA1vHFtvFwqwR/eYQ9Um2kaRZn/IMVwQ hCgcKIp/uKDi3przRCkHy2k1yVK1wr+lMgzfLivBkrWmt6UQGquYRtrC1opfbNLtrJUW aOsQDU0Ykt/HdbFM8a3xHEAW7ysYTcWb0lP7Hp6mw3105ERhXcuPtH1EF0vYt3FldhMV umR2izXVM66qdB7m67PHUr7DyYf33V9NNRye1iY06PdZbi4Tof3RcSI+El4GjlIUAu/L 1Lxw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=c1aIEadg+ttzZAGjWI2mSAklX87dgvK5JzFOd5wUwrE=; b=rnHzx31E81A6YP6CCfYeLEKUHZThrS/zxm+u3Pj32R7khDvppQk8eB80Uq07qZ4rJw kVJZkV1sFAt2TpsWL9WUjafv65VXST5ZhQ7isgZa3EPOwnVMT8QrcMQgRH6kmrxzkZ6k jAexnSDDxwyT8VWFyRPrBKriQQ2WQVO70bt1kSBChomKx+fbgd4J5rcwqIQYN4b8oE5l gx4vWMJaJhqdqOIg2TE6kqDpsO1z0vfnhK5eN0Lv3OBuRITDW4SPFJZ6cfBrfkolOksi lECiJTuPT18gsbMYRgQHtVX3BrdlxU4TkgicgvVpeKxc3Wh+LudTk+SIbIWUfp+Jeo12 pJUQ==
X-Gm-Message-State: AJaThX7ZKcNDUBFf+dYzLqDDTNSa8v3jahywtZNQVKmlAAEIGdoLnSRm /ll+Rn6z0sMdEFXbhZ06ZsjLqfzyehAPiXnncZtdWw==
X-Google-Smtp-Source: AGs4zMZiysusrESJkHNxTCWnONlu4Tf2oQAti6EGd8Ih+VsmvpetTwCHeL7RCvZQc0JIJJASkReQSlLoUsKW3O1PdPI=
X-Received: by 10.36.248.6 with SMTP id a6mr17172754ith.11.1511156855959; Sun, 19 Nov 2017 21:47:35 -0800 (PST)
MIME-Version: 1.0
Received: by 10.79.144.78 with HTTP; Sun, 19 Nov 2017 21:46:55 -0800 (PST)
In-Reply-To: <16295.1510154792@obiwan.sandelman.ca>
References: <CAJa2m-pjbm_C9x-pM1sVyuFr1_Bk5hE-TZgVQk0WCAcuvcngAw@mail.gmail.com> <16295.1510154792@obiwan.sandelman.ca>
From: Trishank Karthik Kuppusamy <trishank@nyu.edu>
Date: Mon, 20 Nov 2017 00:46:55 -0500
Message-ID: <CAJa2m-phD5a_qVPLXSpmXHG-mA+2V=17gp5D2V2nPn8uCdENCA@mail.gmail.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: suit <suit@ietf.org>, Shikhar Sakhuja <ss9131@nyu.edu>, Justin Cappos <jcappos@nyu.edu>,  Sebastien Awwad <sebastienawwad@gmail.com>, Vladimir Diaz <vladimir.v.diaz@gmail.com>,  Ariella C Feuchtwanger <acf469@nyu.edu>, trishank.kuppusamy@datadoghq.com
Content-Type: multipart/alternative; boundary="94eb2c0b10fe99880c055e639f27"
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/cnQQMOhSGfSXNFB7qS8G3l7UXY8>
Subject: Re: [Suit] Towards building a secure software update standard for IoT
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Nov 2017 05:47:38 -0000

--94eb2c0b10fe99880c055e639f27
Content-Type: text/plain; charset="UTF-8"

Hello Michael,

On Wed, Nov 8, 2017 at 10:26 AM, Michael Richardson <mcr+ietf@sandelman.ca>
wrote:

>
> Awesome, so happy to have you join the discussion!
>

Thanks! Sorry for the late reply, I have been OOO...


> Can you tell us a bit about how uptane indicates which vehicles should
> apply
> the update?  Can it get down to a single vehicle?  If so, are there any
> privacy protections involved?


In Uptane, a server called the *director repository* is used to indicate
which ECUs on a vehicle installs which updates. You can think of the
director repository as a robot running on the cloud, performing dependency
resolution on behalf of vehicles.

Yes, customization can get down to a single vehicle: two different vehicles
of the same make and model can be instructed to install different updates
(e.g., because one has paid for premium packages, whereas the other has
not).

Could you elaborate on what sort of privacy protections you would need? It
is possible, for example, to use TLS to protect sensitive information from
MitM attacks.


> Very interesting.
>
> I'm reading your github source code.
>

Please let us know if you have questions. Thanks!

--94eb2c0b10fe99880c055e639f27
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Hello Michael,<br><div><div class=3D"gmail_extra"><br><div=
 class=3D"gmail_quote">On Wed, Nov 8, 2017 at 10:26 AM, Michael Richardson =
<span dir=3D"ltr">&lt;<a href=3D"mailto:mcr+ietf@sandelman.ca" target=3D"_b=
lank">mcr+ietf@sandelman.ca</a>&gt;</span> wrote:<br><blockquote class=3D"g=
mail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-l=
eft:1ex"><span class=3D""><br>
</span>Awesome, so happy to have you join the discussion!<span class=3D""><=
br></span></blockquote><div><br></div><div>Thanks! Sorry for the late reply=
, I have been OOO... <br></div><div>=C2=A0</div><blockquote class=3D"gmail_=
quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1=
ex"><span class=3D"">
</span>Can you tell us a bit about how uptane indicates which vehicles shou=
ld apply<br>
the update?=C2=A0 Can it get down to a single vehicle?=C2=A0 If so, are the=
re any<br>
privacy protections involved?</blockquote><div><br></div><div>In Uptane, a =
server called the <i>director repository</i> is used to indicate which ECUs=
 on a vehicle installs which updates. You can think of the director reposit=
ory as a robot running on the cloud, performing dependency resolution on be=
half of vehicles.</div><div><br></div><div>Yes, customization can get down =
to a single vehicle: two different vehicles of the same make and model can =
be instructed to install different updates (e.g., because one has paid for =
premium packages, whereas the other has not).</div><div><br></div><div>Coul=
d you elaborate on what sort of privacy protections you would need? It is p=
ossible, for example, to use TLS to protect sensitive information from MitM=
 attacks.<br></div><div>=C2=A0</div><blockquote class=3D"gmail_quote" style=
=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span cl=
ass=3D"">
</span>Very interesting.<br>
<br>
I&#39;m reading your github source code.<br></blockquote><div><br></div><di=
v>Please let us know if you have questions. Thanks! <br></div></div></div><=
/div></div>

--94eb2c0b10fe99880c055e639f27--


From nobody Sun Nov 19 22:23:45 2017
Return-Path: <tk47@nyu.edu>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 99C75128B37 for <suit@ietfa.amsl.com>; Sun, 19 Nov 2017 22:23:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level: 
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nyu-edu.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RnIF7jEgKZG1 for <suit@ietfa.amsl.com>; Sun, 19 Nov 2017 22:23:40 -0800 (PST)
Received: from mail-io0-x229.google.com (mail-io0-x229.google.com [IPv6:2607:f8b0:4001:c06::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AA3F2128B27 for <suit@ietf.org>; Sun, 19 Nov 2017 22:23:40 -0800 (PST)
Received: by mail-io0-x229.google.com with SMTP id q101so14599903ioi.1 for <suit@ietf.org>; Sun, 19 Nov 2017 22:23:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nyu-edu.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=GV9Xd0HOue4Q1+aJF0x10qvsSABAPHe89QkxIkDRtm4=; b=Q5di6N3zQ16l2gkXEPaqGVCBx/owDv2uTJbBWQT7Fu1eoPqdqwDeQqnVc0UafFbqRO 4b9vc+1GBN00kiibY8AONaardxh8Y0E7IUStkOw1HgEKys7R5xml/Code012n66u+jAs RXRSbHsKOhj3Vxt7whYcI8lFuBkl3oD6w8GjHc/vylOeQNj6weXqr007IbJdPzCZx7rf oqsgJyZXvP3Oxa7hEZ/otDWnV8V3liEzhA2WUycLUp6lv3QayPPda2MBI/act7x0CQYV sahXdk6tbuKevhY31R6eVgq8VNM+9nBZq/iQFSYZZ/WbzGZh1J46MpSq+SEEOCfXHeNV RoLQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=GV9Xd0HOue4Q1+aJF0x10qvsSABAPHe89QkxIkDRtm4=; b=orZ/siEEDVov9GXgNkExJHiPmhdvdURJInWJ45ijM6R6AtfwYUOFx7Hkc8MCqmfKbi qtpVks6OI/hpK3O3m3vI2fT/KOacbPk5uhArW3AGpZsOXGs1L6hF0vbmUOCTJdqOMIXB TenPOJBthLBB0fp7eM9bcs8S2FRayQMMEGUOs4WCz7tidsOndbuqcQYEM5CGaipXoOyR oQwrjIh4GGT4/C7yOlWL6SKc1hP+0JhQDH7/pTjko82ob2No8oHZbFt/YpauZVvcJfxP WcbMcEkdGRsL5UwyKs8jufuxVXbLS0AgMcGy1e0Bg7C3OgzhGNcgPkeqYoxZ+BTFc/UB 3wTg==
X-Gm-Message-State: AJaThX5BtNs7vjCXK9HxnBNeqdMWw9ZKrlUNs8IIng2tA7GzeaZcYZK3 jE888UgW5kV6mS+9N/HUf+Cc0Anq2MZMT1rR5m7O4A==
X-Google-Smtp-Source: AGs4zMZ6LZoHONr88KlV4ki3SyxREOewkO12Qffq+URyBtsvVHwax3zjEYDts0Qx1KvMlgWg8rD1i4egI6XE0WvvOR8=
X-Received: by 10.107.32.70 with SMTP id g67mr6066688iog.69.1511159019758; Sun, 19 Nov 2017 22:23:39 -0800 (PST)
MIME-Version: 1.0
Received: by 10.79.144.78 with HTTP; Sun, 19 Nov 2017 22:22:59 -0800 (PST)
In-Reply-To: <59D85B3E-F838-4FBC-9012-82ABC997024B@arm.com>
References: <CAJa2m-pjbm_C9x-pM1sVyuFr1_Bk5hE-TZgVQk0WCAcuvcngAw@mail.gmail.com> <59D85B3E-F838-4FBC-9012-82ABC997024B@arm.com>
From: Trishank Karthik Kuppusamy <trishank@nyu.edu>
Date: Mon, 20 Nov 2017 01:22:59 -0500
Message-ID: <CAJa2m-o8gS9eWX3B9O9qUZT2vOw7u_0uhvXK_Yoy1ztjyQpPOQ@mail.gmail.com>
To: Brendan Moran <Brendan.Moran@arm.com>
Cc: "suit@ietf.org" <suit@ietf.org>, Shikhar Sakhuja <ss9131@nyu.edu>, Justin Cappos <jcappos@nyu.edu>,  Sebastien Awwad <sebastienawwad@gmail.com>, Vladimir Diaz <vladimir.v.diaz@gmail.com>,  Ariella C Feuchtwanger <acf469@nyu.edu>, trishank.kuppusamy@datadoghq.com
Content-Type: multipart/alternative; boundary="001a1140ae2c92a46c055e6420b9"
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/cn2IknLo3zN0YtmHzl6LY3x-5OY>
Subject: Re: [Suit] Towards building a secure software update standard for IoT
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Nov 2017 06:23:43 -0000

--001a1140ae2c92a46c055e6420b9
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Hello Brendan,

On Fri, Nov 10, 2017 at 4:25 PM, Brendan Moran <Brendan.Moran@arm.com>
wrote:

>
> We are glad to have your input!
>

Thanks for your feedback! Please accept my apologies for the late reply. I
have been OOO...


> Most of these concepts are already covered in
> draft-moran-suit-manifest-00. We have not explicitly laid out Threshold
> signatures, nor diversity of signing and hashing algorithms, though there
> is nothing in draft-moran-suit-manifest-00 that should prevent either of
> these concepts from working. On constrained devices, diversity of
> cryptographic primitives is a difficult tradeoff since cryptographic
> algorithms, particularly asymmetric ones, consume a lot of code space.
>

Understood. For constrained devices, is there a notion of using a
per-device symmetric key
<https://docs.google.com/document/d/17wOs-T7mugwte5_Dt-KLGMsp-3_yAARejpFmrA=
MefSE/edit#heading=3Dh.u7thrpsnvihd>
?

We explicitly leave key revocation out of scope. Because we don=E2=80=99t d=
efine
> key provisioning mechanisms, this is a problem that is not solved in
> draft-moran-suit-manifest-00. Since IoT platforms are so disparate in
> nature, it is difficult to prescribe the handling of keys, since any
> specified mechanism may not be practical for a given application.
>

Interesting. Do you think we could make a few optional recommendations, for
those who are interested in guidance?


> I think that TUF and Suit cover many of the same goals. I think that our
> threat models are largely compatible; I=E2=80=99ve just finished sending =
out the
> threat model that we used for the suit manifest draft. I fully anticipate
> that you could construct a TUF endpoint using the Suit manifest.
>

Very good to know!

By the way it is written, I think it is fair to say that TUF is largely
> aimed at high-bandwidth networks and homogenous thick clients, particular=
ly
> with human interface. Uptane deals with many of these issues. The problem
> is different in the IoT space. For example, TUF says:
>

I am not yet fully aware of all of the differences in the IoT space, which
is why I reached out to this group, and I am confident that we can resolve
them.

An IoT device may not know the time or, if it does, the time may be
> considered suspect unless a secure time source is available (and indeed
> this is the solution that Uptane seems to recommend). That creates a new
> trust relationship that must also be managed. This is far more problemati=
c
> on an IoT device, since a user would typically not have time set wrong by
> more than a few hours, which are mostly irrelevant in key rotation
> schedules. In IoT devices without realtime clocks, they must obtain a
> trusted time at each power-on for any implicit key revocation, or freeze
> attack detection to work.
>

Yes, and we need not make a rigid prescription for this time server.
Implementors may be free to use an external time server (e.g., NTP;
something like the one in Uptane; Google Roughtime), or they may obtain a
trusted time some other way (e.g., on system).


> TUF doesn=E2=80=99t specify any way to perform matching of target hardwar=
e, but
> Uptane handles this in the Custom block of Targets.
>

Correct. In fact, Uptane inherits this Custom block of Targets from TUF,
and use it to match images to hardware.

TUF=E2=80=99s specification requires the existence of a filesystem, however=
 I=E2=80=99m
> sure you could construct a reasonable TUF endpoint while ignoring this. T=
UF
> also specifies a signature verification overhead that is problematic for
> IoT. Based on the TUF update process outlined here: https://github.com/
> theupdateframework/specification/blob/master/tuf-
> spec.md#5-detailed-workflows, I count a minimum of 3 signature
> verifications for a first-time update:
>

Yes, the TUF and Uptane specifications are written from the point of view
of filesystems, although, as you noted, this assumption is not required
<https://docs.google.com/document/d/17wOs-T7mugwte5_Dt-KLGMsp-3_yAARejpFmrA=
MefSE/edit#heading=3Dh.7dcdmry3p23d>.
The important point is that different metadata "files" are located in
different locations / addresses (which may be strings or even numbers, as
long as they are unique).

As for the number of signatures, my comment follows.


> T * (N + 3) signature verifications
>
> Where:
> * there are N intermediate root metadata files,
> * there is 1 timestamp file
> * there is 1 snapshot file
> * there is 1 targets file
> * a threshold of T signatures are needed (I=E2=80=99m assuming it=E2=80=
=99s the same for
> all files, but this may not be the case)
>
> Even with a relatively modest number of root metadata files, and a small
> number for T, this could consume a significant quantity of a
> battery-powered device=E2=80=99s lifetime power budget.
>

You are right that for a first-time update, this could be the case.
However, there are a few important observations.

First, T is not the same for all files. For most cases, it could be set to
1.

Second, N may not necessarily be large. Since the root metadata file is not
expected to be frequently updated, it can be safely refreshed every year or
so (unless there has been a compromise).

Thus, a typical update is likely to refresh at most 3 files: timestamp,
snapshot, and targets. However, we should certainly discuss common
configurations of roles to see how large metadata may be.


> One other consideration for IoT devices is that writing to flash is an
> expensive operation. This means that it should be limited, particularly
> when a device may be under attack. This is why we specify metadata that c=
an
> easily fit in RAM, with no attached payload. This allows signature
> verification prior to storage on constrained devices.
>

Indeed. We discuss in Uptane how to reduce writing unnecessary metadata to
flash
<https://docs.google.com/document/d/17wOs-T7mugwte5_Dt-KLGMsp-3_yAARejpFmrA=
MefSE/edit#heading=3Dh.r1qemrp7yi77>.
It is necessary to cache some metadata, such as version numbers and keys.


> The tiered metadata approach in TUF is interesting. Previously, I had
> considered the device-side =E2=80=9Cpolicies=E2=80=9D of how to apply upd=
ates (such as how
> many signatures to require) to be a firmware problem, but it could be don=
e
> with signed metadata as well. I think that for the most constrained
> clients, leaving policies in firmware is likely the best choice, still.
>

Certainly we should be able to accommodate both approaches.

I look forward to our continued collaboration. Please let us know if you
have more questions!

Best regards,
Trishank

--001a1140ae2c92a46c055e6420b9
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Hello Brendan,<br><div><div class=3D"gmail_extra"><br><div=
 class=3D"gmail_quote">On Fri, Nov 10, 2017 at 4:25 PM, Brendan Moran <span=
 dir=3D"ltr">&lt;<a href=3D"mailto:Brendan.Moran@arm.com" target=3D"_blank"=
>Brendan.Moran@arm.com</a>&gt;</span> wrote:<br><blockquote class=3D"gmail_=
quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1=
ex">



<div style=3D"word-wrap:break-word"><br>
<div><div><span class=3D""></span><div>We are glad to have your input!</div=
></div></div></div></blockquote><div><br></div><div>Thanks for your feedbac=
k! Please accept my apologies for the late reply. I have been OOO...<br></d=
iv><div>=C2=A0</div><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0=
 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style=3D"word-wrap:=
break-word"><div><div><span class=3D"">
</span>Most of these concepts are already covered in draft-moran-suit-manif=
est-00. We have not explicitly laid out Threshold signatures, nor diversity=
 of signing and hashing algorithms, though there is nothing in draft-moran-=
suit-manifest-00 that should prevent
 either of these concepts from working. On constrained devices, diversity o=
f cryptographic primitives is a difficult tradeoff since cryptographic algo=
rithms, particularly asymmetric ones, consume a lot of code space.
</div></div></div></blockquote><div><br></div><div>Understood. For constrai=
ned devices, is there a notion of using <a href=3D"https://docs.google.com/=
document/d/17wOs-T7mugwte5_Dt-KLGMsp-3_yAARejpFmrAMefSE/edit#heading=3Dh.u7=
thrpsnvihd">a per-device symmetric key</a>?</div><div><br></div><blockquote=
 class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc soli=
d;padding-left:1ex"><div style=3D"word-wrap:break-word"><div><div>
<div>We explicitly leave key revocation out of scope. Because we don=E2=80=
=99t define key provisioning mechanisms, this is a problem that is not solv=
ed in draft-moran-suit-manifest-00. Since IoT platforms are so disparate in=
 nature, it is difficult to prescribe the
 handling of keys, since any specified mechanism may not be practical for a=
 given application.</div><span class=3D"">
</span></div></div></div></blockquote><div>=C2=A0</div><div>Interesting. Do=
 you think we could make a few optional recommendations, for those who are =
interested in guidance?<br></div><div>=C2=A0</div><blockquote class=3D"gmai=
l_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left=
:1ex"><div style=3D"word-wrap:break-word"><div>
<div>I think that TUF and Suit cover many of the same goals. I think that o=
ur threat models are largely compatible; I=E2=80=99ve just finished sending=
 out the threat model that we used for the suit manifest draft. I fully ant=
icipate that you could construct a TUF endpoint
 using the Suit manifest.</div></div></div></blockquote><div><br></div><div=
>Very good to know!</div><div> <br></div><blockquote class=3D"gmail_quote" =
style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><di=
v style=3D"word-wrap:break-word"><div>

<div>By the way it is written, I think it is fair to say that TUF is largel=
y aimed at high-bandwidth networks and homogenous thick clients, particular=
ly with human interface. Uptane deals with many of these issues. The proble=
m is different in the IoT
 space. For example, TUF says:<br></div></div></div></blockquote><div><br><=
/div><div>I am not yet fully aware of all of the differences in the IoT spa=
ce, which is why I reached out to this group, and I am confident that we ca=
n resolve them.</div><div><br></div><blockquote class=3D"gmail_quote" style=
=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div sty=
le=3D"word-wrap:break-word"><div>An IoT device may not know the time or, if=
 it does, the time may be considered suspect unless a secure time source is=
 available (and indeed this is the solution that Uptane seems to recommend)=
. That creates a new trust relationship that must also
 be managed. This is far more problematic on an IoT device, since a user wo=
uld typically not have time set wrong by more than a few hours, which are m=
ostly irrelevant in key rotation schedules. In IoT devices without realtime=
 clocks, they must obtain a trusted
 time at each power-on for any implicit key revocation, or freeze attack de=
tection to work.</div></div></blockquote><div><br></div><div>Yes, and we ne=
ed not make a rigid prescription for this time server. Implementors may be =
free to use an external time server (e.g., NTP; something like the one in U=
ptane; Google Roughtime), or they may obtain a trusted time some other way =
(e.g., on system).<br></div><div>=C2=A0</div><blockquote class=3D"gmail_quo=
te" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"=
><div style=3D"word-wrap:break-word"><div>

<div>TUF doesn=E2=80=99t specify any way to perform matching of target hard=
ware, but Uptane handles this in the Custom block of Targets.</div></div></=
div></blockquote><div><br></div><div>Correct. In fact, Uptane inherits this=
 Custom block of Targets from TUF, and use it to match images to hardware.<=
br></div><div> <br></div><blockquote class=3D"gmail_quote" style=3D"margin:=
0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style=3D"word-=
wrap:break-word"><div>

<div>TUF=E2=80=99s specification requires the existence of a filesystem, ho=
wever I=E2=80=99m sure you could construct a reasonable TUF endpoint while =
ignoring this. TUF also specifies a signature verification overhead that is=
 problematic for IoT. Based on the TUF
 update process outlined here:=C2=A0<a href=3D"https://github.com/theupdate=
framework/specification/blob/master/tuf-spec.md#5-detailed-workflows" targe=
t=3D"_blank">https://github.com/<wbr>theupdateframework/<wbr>specification/=
blob/master/tuf-<wbr>spec.md#5-detailed-workflows</a>, I count
 a minimum of 3 signature verifications for a first-time update:</div></div=
></div></blockquote><div><br></div><div>Yes, the TUF and Uptane specificati=
ons are written from the point of view of filesystems, although, as you not=
ed, <a href=3D"https://docs.google.com/document/d/17wOs-T7mugwte5_Dt-KLGMsp=
-3_yAARejpFmrAMefSE/edit#heading=3Dh.7dcdmry3p23d">this assumption is not r=
equired</a>. The important point is that different metadata &quot;files&quo=
t; are located in different locations / addresses (which may be strings or =
even numbers, as long as they are unique).</div><div><br></div><div>As for =
the number of signatures, my comment follows.<br></div><div>=C2=A0<br></div=
><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1=
px #ccc solid;padding-left:1ex"><div style=3D"word-wrap:break-word"><div>

<div>T * (N + 3) signature verifications</div>
<div><br>
</div>
<div>Where:</div>
<div>* there are N intermediate root metadata files,</div>
<div>* there is 1 timestamp file</div>
<div>* there is 1 snapshot file</div>
<div>* there is 1 targets file</div>
<div>* a threshold of T signatures are needed (I=E2=80=99m assuming it=E2=
=80=99s the same for all files, but this may not be the case)</div>
<div><br>
</div>
<div>Even with a relatively modest number of root metadata files, and a sma=
ll number for T, this could consume a significant quantity of a battery-pow=
ered device=E2=80=99s lifetime power budget.</div></div></div></blockquote>=
<div><br></div><div>You are right that for a first-time update, this could =
be the case. However, there are a few important observations.</div><div><br=
></div><div>First, T is not the same for all files. For most cases, it coul=
d be set to 1.</div><div><br></div><div>Second, N may not necessarily be la=
rge. Since the root metadata file is not expected to be frequently updated,=
 it can be safely refreshed every year or so (unless there has been a compr=
omise).</div><div><br></div><div>Thus, a typical update is likely to refres=
h at most 3 files: timestamp, snapshot, and targets. However, we should cer=
tainly discuss common configurations of roles to see how large metadata may=
 be.<br></div><div>=C2=A0</div><blockquote class=3D"gmail_quote" style=3D"m=
argin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style=3D=
"word-wrap:break-word"><div>
</div>

<div>One other consideration for IoT devices is that writing to flash is an=
 expensive operation. This means that it should be limited, particularly wh=
en a device may be under attack. This is why we specify metadata that can e=
asily fit in RAM, with
 no attached payload. This allows signature verification prior to storage o=
n constrained devices.</div></div></blockquote><div><br></div><div>Indeed. =
We discuss in Uptane <a href=3D"https://docs.google.com/document/d/17wOs-T7=
mugwte5_Dt-KLGMsp-3_yAARejpFmrAMefSE/edit#heading=3Dh.r1qemrp7yi77">how to =
reduce writing unnecessary metadata to flash</a>. It is necessary to cache =
some metadata, such as version numbers and keys.<br></div><div>=C2=A0</div>=
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div style=3D"word-wrap:break-word">

<div>The tiered metadata approach in TUF is interesting. Previously, I had =
considered the device-side =E2=80=9Cpolicies=E2=80=9D of how to apply updat=
es (such as how many signatures to require) to be a firmware problem, but i=
t could be done with signed metadata as
 well. I think that for the most constrained clients, leaving policies in f=
irmware is likely the best choice, still.</div></div></blockquote><div><br>=
</div><div>Certainly we should be able to accommodate both approaches.</div=
><div><br></div><div>I look forward to our continued collaboration. Please =
let us know if you have more questions!</div><div><br></div><div>Best regar=
ds,</div><div>Trishank<br></div></div></div></div></div>

--001a1140ae2c92a46c055e6420b9--


From nobody Sun Nov 19 22:25:04 2017
Return-Path: <tk47@nyu.edu>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C737128AA1 for <suit@ietfa.amsl.com>; Sun, 19 Nov 2017 22:25:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nyu-edu.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z5A55lD3R4hF for <suit@ietfa.amsl.com>; Sun, 19 Nov 2017 22:25:02 -0800 (PST)
Received: from mail-io0-x232.google.com (mail-io0-x232.google.com [IPv6:2607:f8b0:4001:c06::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 47854128B8D for <suit@ietf.org>; Sun, 19 Nov 2017 22:25:00 -0800 (PST)
Received: by mail-io0-x232.google.com with SMTP id s37so3709506ioe.10 for <suit@ietf.org>; Sun, 19 Nov 2017 22:25:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nyu-edu.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=GP0YAYnn3XC1IByiFC6Sx4qP2Ztu/ReeHHjiLJpuvDs=; b=1lFkOi6DWK6Sd2WJejRzQzwc8V4ecTgmHsjKMsLwxFDRVKP1bJtzuYMiEAxlZrVEpW 6t++130tFAz4nctoUtB3kWLdSg0pwJmzqC2GK8kDK0wk1kmm0D+imZJIBSssuA7P7T8B DfXl6UYLyvR1Jo9gIjqPQPutw47UhWQ9pGZtmIX3VkyjwHxyjq2EiCYkgT/gpQWB306v aDnGhx6Pt5horQGo0f5e/p5Z0eRqSrvRObqEaL7Gkg0+eNQBnSDaQzTs4+OjHsHjEZON s/nThQqKEuRTshzRA8IbdgWp9UYPdRNyWY7FubLF/AeeEteT1I/2kzr3vGJbYRjT3LJf Gv4w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=GP0YAYnn3XC1IByiFC6Sx4qP2Ztu/ReeHHjiLJpuvDs=; b=pgz1nleXgtvp3RKh2dM77tJj/R6e8+SMViSc1KOh+KcHYJRRctQHqx0nqEpKd8C7eJ AktXctgfJyhCOSaIef8chYceaWxhM5vIhSnH/fbSubx2b9NjodP3CmqF2KIEG2AcdAbk vR9GPX4+FShEf6a9xUmBSkLi/YxpayY3ibJqAFTD2+igxTn1RmflEo59ITw+mSUkuJMG IXaYF3HXCo4+CdfxDuxJO9OMkLHPM5w60RzpkVcUGcyD4hYe9Z6rP3f/3vPLESytTUhj ls2s2NV8rdT3tFQFWkmXW29ERIdnprWred24aZAkAi87N3x3WB4hftLuzGkCDrcqyAS1 SDBA==
X-Gm-Message-State: AJaThX6FsD2lMlDKsywHNYF9dfjteUNKB/3DL79TQDgKhacpsnzWzyIA toEGp3mmFTadQEJnz2d+4ajos3j+DiYkbJ0fiXY+uQ==
X-Google-Smtp-Source: AGs4zMYHNo5dBur3ImEIMJ3KjM4tbhmr4HAppsl3ujPaq4HX6Sstxg94FWTWht8NLBInlfNvdQbHqTXB5fPGCRBK9Qs=
X-Received: by 10.107.182.6 with SMTP id g6mr3494604iof.101.1511159099512; Sun, 19 Nov 2017 22:24:59 -0800 (PST)
MIME-Version: 1.0
Received: by 10.79.144.78 with HTTP; Sun, 19 Nov 2017 22:24:18 -0800 (PST)
In-Reply-To: <484D7E7D-EA9B-42A6-BEE4-84A71368BCC5@dwheeler.com>
References: <CAJa2m-pjbm_C9x-pM1sVyuFr1_Bk5hE-TZgVQk0WCAcuvcngAw@mail.gmail.com> <59D85B3E-F838-4FBC-9012-82ABC997024B@arm.com> <484D7E7D-EA9B-42A6-BEE4-84A71368BCC5@dwheeler.com>
From: Trishank Karthik Kuppusamy <trishank@nyu.edu>
Date: Mon, 20 Nov 2017 01:24:18 -0500
Message-ID: <CAJa2m-p_uMz2hpC-A38ugnA+mZmL+AHvjuFpjStBdNnQQXW8-g@mail.gmail.com>
To: "David A. Wheeler" <dwheeler@dwheeler.com>
Cc: suit <suit@ietf.org>, Brendan Moran <Brendan.Moran@arm.com>,  Justin Cappos <jcappos@nyu.edu>, Shikhar Sakhuja <ss9131@nyu.edu>,  Ariella C Feuchtwanger <acf469@nyu.edu>, Sebastien Awwad <sebastienawwad@gmail.com>,  Vladimir Diaz <vladimir.v.diaz@gmail.com>, trishank.kuppusamy@datadoghq.com
Content-Type: multipart/alternative; boundary="001a114abe345370e8055e6425f0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/B-SrE5MAaq67vxm7EcSh_9KIncY>
Subject: Re: [Suit] Towards building a secure software update standard for IoT
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Nov 2017 06:25:03 -0000

--001a114abe345370e8055e6425f0
Content-Type: text/plain; charset="UTF-8"

Hello David,

On Sat, Nov 11, 2017 at 10:13 AM, David A. Wheeler <dwheeler@dwheeler.com>
wrote:

>
> I think the suit spec should specifically note TUF and uptane, and do a
> quick comparison of the differences and rationales for them. Many people
> will want to know the difference is, and why. Making the relationship clear
> would really help.
>

I would be happy to help with this effort. Please let me know how I may
contribute.

Best,
Trishank

--001a114abe345370e8055e6425f0
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Hello David,<br><div class=3D"gmail_extra"><br><div class=
=3D"gmail_quote">On Sat, Nov 11, 2017 at 10:13 AM, David A. Wheeler <span d=
ir=3D"ltr">&lt;<a href=3D"mailto:dwheeler@dwheeler.com" target=3D"_blank">d=
wheeler@dwheeler.com</a>&gt;</span> wrote:<br><blockquote class=3D"gmail_qu=
ote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex=
"><span class=3D""><br></span>I think the suit spec should specifically not=
e TUF and uptane, and do a quick comparison of the differences and rational=
es for them. Many people will want to know the difference is, and why. Maki=
ng the relationship clear would really help.<br></blockquote><div><br></div=
><div>I would be happy to help with this effort. Please let me know how I m=
ay contribute.</div><div><br></div><div>Best,</div><div>Trishank<br></div><=
/div></div></div>

--001a114abe345370e8055e6425f0--


From nobody Mon Nov 20 03:41:18 2017
Return-Path: <cabo@tzi.org>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 74DFD12951C for <suit@ietfa.amsl.com>; Mon, 20 Nov 2017 03:41:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level: 
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sIrf-gFFW2M8 for <suit@ietfa.amsl.com>; Mon, 20 Nov 2017 03:41:15 -0800 (PST)
Received: from mailhost.informatik.uni-bremen.de (mailhost.informatik.uni-bremen.de [IPv6:2001:638:708:30c9::12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0074D1200FC for <suit@ietf.org>; Mon, 20 Nov 2017 03:41:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at informatik.uni-bremen.de
Received: from submithost.informatik.uni-bremen.de (submithost.informatik.uni-bremen.de [134.102.201.11]) by mailhost.informatik.uni-bremen.de (8.14.5/8.14.5) with ESMTP id vAKBfBni007407; Mon, 20 Nov 2017 12:41:11 +0100 (CET)
Received: from [192.168.217.119] (p5DC7FC78.dip0.t-ipconnect.de [93.199.252.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by submithost.informatik.uni-bremen.de (Postfix) with ESMTPSA id 3ygRck638CzDXR4; Mon, 20 Nov 2017 12:41:10 +0100 (CET)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <CAJa2m-o8gS9eWX3B9O9qUZT2vOw7u_0uhvXK_Yoy1ztjyQpPOQ@mail.gmail.com>
Date: Mon, 20 Nov 2017 12:41:10 +0100
Cc: "suit@ietf.org" <suit@ietf.org>
X-Mao-Original-Outgoing-Id: 532870869.952989-2969602bedd85447fc54b393b6840b67
Content-Transfer-Encoding: quoted-printable
Message-Id: <D951FA21-4F5A-4EED-9A4D-7C7ECB1811C5@tzi.org>
References: <CAJa2m-pjbm_C9x-pM1sVyuFr1_Bk5hE-TZgVQk0WCAcuvcngAw@mail.gmail.com> <59D85B3E-F838-4FBC-9012-82ABC997024B@arm.com> <CAJa2m-o8gS9eWX3B9O9qUZT2vOw7u_0uhvXK_Yoy1ztjyQpPOQ@mail.gmail.com>
To: Trishank Karthik Kuppusamy <trishank@nyu.edu>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/cIsoScXdZDa1wBy70XMCQzAYNmg>
Subject: Re: [Suit] Towards building a secure software update standard for IoT
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Nov 2017 11:41:16 -0000

(Cleaning up the CCs a bit.)

> On Nov 20, 2017, at 07:22, Trishank Karthik Kuppusamy =
<trishank@nyu.edu> wrote:
>=20
> Understood. For constrained devices, is there a notion of using a =
per-device symmetric key?

Certainly, and for many devices this is a good way to obtain good =
security while using limited resources.

However, this is not the right way to secure all deployments.

The most important question is: Who holds the other copy of the =
symmetric key?

* The manufacturer?

Some manufacturers don=E2=80=99t want to have liability for being able =
to control the devices.
Some very much do want full control, but rather prefer to secure a chain =
of asymmetric keys instead of a large number of symmetric keys.
(In any case, the asymmetric key will then be used to agree a symmetric =
key, and unless the device has lots of energy, one may not want to do =
this very often.  So the manufacturer will often still have to store =
symmetric keys, but these can then be limited in lifetime and dumped in =
an emergency.)

* The owner?

Many users are not set up for securely storing keys of this kind.
If the key is stored in a smartphone or general purpose computer, that =
may get lost or damaged.
Unless special software such as a password manager is used, there is =
also a good likelihood of key compromise.

In case of loss (or compromise), there needs to be a key replacement =
mechanism.

If physical access to the device is reasonably easy, and also can be =
limited to the owner (in multi-tenant situations it usually can=E2=80=99t)=
, key replacement can be achieved by a physical connection or by =
printing a key recovery password on a part of the device that is not =
visible to an attacker.

(E.g., IKEA prints a representation of the key itself on each Tr=C3=A5dfri=
 gateway.  A better way might be to print a password that can be used =
for setting a new key.)

* What about others?

None of this discusses the need for delegation =E2=80=94 the owner may =
be a company that needs to delegate authorization to employees and =
contractors.  This can be done by giving them symmetric keys with =
specific authorizations attached (tickets), or tokens that can be =
checked by the device with its authorization manager (for which the =
device may use a symmetric key with the authorization manager, possibly =
using this key in an offline validation of the token).

Gr=C3=BC=C3=9Fe, Carsten


From nobody Mon Nov 20 05:59:31 2017
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 74498129A90 for <suit@ietfa.amsl.com>; Mon, 20 Nov 2017 05:59:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ekvdftARwmAx for <suit@ietfa.amsl.com>; Mon, 20 Nov 2017 05:59:28 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AE1AE129A9C for <suit@ietf.org>; Mon, 20 Nov 2017 05:59:28 -0800 (PST)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 756B920072; Mon, 20 Nov 2017 09:01:26 -0500 (EST)
Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 7F7F0829D1; Mon, 20 Nov 2017 08:59:27 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: suit <suit@ietf.org>
cc: Trishank Karthik Kuppusamy <trishank@nyu.edu>
In-Reply-To: <CAJa2m-phD5a_qVPLXSpmXHG-mA+2V=17gp5D2V2nPn8uCdENCA@mail.gmail.com>
References: <CAJa2m-pjbm_C9x-pM1sVyuFr1_Bk5hE-TZgVQk0WCAcuvcngAw@mail.gmail.com> <16295.1510154792@obiwan.sandelman.ca> <CAJa2m-phD5a_qVPLXSpmXHG-mA+2V=17gp5D2V2nPn8uCdENCA@mail.gmail.com>
X-Mailer: MH-E 8.6; nmh 1.7-RC3; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature"
Date: Mon, 20 Nov 2017 08:59:27 -0500
Message-ID: <28125.1511186367@obiwan.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/4T-X3W5OBa7fPcT6GJuj3gCkwTw>
Subject: Re: [Suit] Towards building a secure software update standard for IoT
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Nov 2017 13:59:30 -0000

--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable


Trishank Karthik Kuppusamy <trishank@nyu.edu> wrote:
    > Could you elaborate on what sort of privacy protections you would
    > need? It is possible, for example, to use TLS to protect sensitive
    > information from MitM attacks.

While TLS gives us privacy in transit, it does not necessarily provide
privacy at rest.  For instance, imagine the need to carry the firmware upda=
te
From=20vehicle to vehicle on a USB key:  a firmware update that causes reca=
ll
requiring an update at the garage.  (Maybe due to a vulnerability in the
online update mechanism!).

Such a key could easily get misplaced or the contents could become table.

Such a firmware update might contain a list of vehicles to which the update
applies.   It would be bad if the list of VINs or EUI-48/64s that that will
accept the update was easily visible from the firmware contents.
At the same time, there is the hassle of finding out what's really on the
(usb) key! ("Do we still need this one? Is the software on it up to date?")


=2D-
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -=3D IPv6 IoT consulting =3D-




--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAloS378ACgkQgItw+93Q
3WXZoQf/eEoNrXP9sVMYzqGnvNegwR9+qcgKYfiNVo7RxGlUnZO8vGQJRTRO/r6s
kKzMk0IgZ+0utrHbqOFc0Bfi5L+RaNHGNa1DumeFkSPNhhGfXkzF8LfQdqocQR9x
RZPL1Wl6Xsb1tsfNNluvvXUr2eC7Wu6RjyIHyXfm0Eqv1Ixdc8uDdvuXYo21F6G4
F7JkIzWhoFFFNN1P3u76mOq3nqzNhg6q8u12fQd5W85NxBbovXBbcGNCghPLObcj
WJ2Sf9x5BXjltm6JMuLwuAWwt1090hWwwlrhr4zoQYcXVOdwx9gG9xptvAkl0mSt
GXyn2ZyTVGQ1Y5UY4sa4FgKn5rH8GQ==
=7VzB
-----END PGP SIGNATURE-----
--=-=-=--


From nobody Mon Nov 20 06:21:05 2017
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 427A1129A90 for <suit@ietfa.amsl.com>; Mon, 20 Nov 2017 06:21:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MuChok6z5qGL for <suit@ietfa.amsl.com>; Mon, 20 Nov 2017 06:21:03 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 11A4D126C0F for <suit@ietf.org>; Mon, 20 Nov 2017 06:21:03 -0800 (PST)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 4632220072; Mon, 20 Nov 2017 09:23:01 -0500 (EST)
Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 49C2A829D1; Mon, 20 Nov 2017 09:21:02 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
to: suit <suit@ietf.org>, Trishank Karthik Kuppusamy <trishank@nyu.edu>
In-Reply-To: <28125.1511186367@obiwan.sandelman.ca>
References: <CAJa2m-pjbm_C9x-pM1sVyuFr1_Bk5hE-TZgVQk0WCAcuvcngAw@mail.gmail.com> <16295.1510154792@obiwan.sandelman.ca> <CAJa2m-phD5a_qVPLXSpmXHG-mA+2V=17gp5D2V2nPn8uCdENCA@mail.gmail.com> <28125.1511186367@obiwan.sandelman.ca>
X-Mailer: MH-E 8.6; nmh 1.7-RC3; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature"
Date: Mon, 20 Nov 2017 09:21:02 -0500
Message-ID: <850.1511187662@obiwan.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/F3eG4BSfTm6dhZwASUYUL2dcdIc>
Subject: Re: [Suit] Towards building a secure software update standard for IoT
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Nov 2017 14:21:04 -0000

--=-=-=
Content-Type: text/plain


Michael Richardson <mcr+ietf@sandelman.ca> wrote:

    > Trishank Karthik Kuppusamy <trishank@nyu.edu> wrote:
    >> Could you elaborate on what sort of privacy protections you would
    >> need? It is possible, for example, to use TLS to protect sensitive
    >> information from MitM attacks.

    > While TLS gives us privacy in transit, it does not necessarily provide
    > privacy at rest.  For instance, imagine the need to carry the firmware update
    > From vehicle to vehicle on a USB key:  a firmware update that causes recall
    > requiring an update at the garage.  (Maybe due to a vulnerability in the
    > online update mechanism!).

    > Such a key could easily get misplaced or the contents could become
    > table.

ENOTENOUGHCOFFEE.  Should read "become public"
(Not a typo or an autocorrect)

    > Such a firmware update might contain a list of vehicles to which the update
    > applies.   It would be bad if the list of VINs or EUI-48/64s that that will
    > accept the update was easily visible from the firmware contents.
    > At the same time, there is the hassle of finding out what's really on the
    > (usb) key! ("Do we still need this one? Is the software on it up to
    > date?")

There are ways in which I can see making the list unreadable and yet each
vehicle can be named, but it probably doesn't simultaenously work for the
"legitimate" query of what's on this key.


--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-




--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAloS5M0ACgkQgItw+93Q
3WXHyAgAhwfSxc9f5BuXXhaLWIWyqRAvBkg/mTVZ3JXw/Xl661aqapxHAAhqHVSj
SAPb08Ys+BkRuNNXCKAIKLJPQk8NmP6Tgsm9awtsAKb0E2q+dxkkKO+DWF06dpj2
CWxSp+I6R0be64arOFhMSwC80cAKXvasPjLDnCoXVK5A8G0x4tpidDIm/V6pIGUQ
/A9i2ASTKaYBn/hSopqZPQk+nWuXVuy24gBehPqn/jYlzhCSPpByN+MiIxr9k75M
EGDt5wVli6/BbMOBGfVFgVRHiqm8BNQv65MvjvRuNQAdTYSmo8VwuOIk0aStUO/4
nIJnMCQJHFmxpghee2Iwo3kW+CBm/g==
=oevL
-----END PGP SIGNATURE-----
--=-=-=--


From nobody Tue Nov 21 02:54:23 2017
Return-Path: <Apostolos.Malatras@enisa.europa.eu>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D9FA61252BA for <suit@ietfa.amsl.com>; Tue, 21 Nov 2017 02:54:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.891
X-Spam-Level: 
X-Spam-Status: No, score=-1.891 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W_PkEw93e1wT for <suit@ietfa.amsl.com>; Tue, 21 Nov 2017 02:54:19 -0800 (PST)
Received: from Merope.net1.enisa.europa.eu (merope.net1.enisa.europa.eu [139.91.222.27]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6D6AA12426E for <suit@ietf.org>; Tue, 21 Nov 2017 02:54:18 -0800 (PST)
Received: from Xanthus.net1.enisa.europa.eu (172.16.0.133) by Merope.net1.enisa.europa.eu (139.91.222.27) with Microsoft SMTP Server (TLS) id 15.0.847.32; Tue, 21 Nov 2017 12:54:08 +0200
Received: from Xanthus.net1.enisa.europa.eu (172.16.0.162) by Xanthus.net1.enisa.europa.eu (172.16.0.162) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Tue, 21 Nov 2017 12:54:09 +0200
Received: from Xanthus.net1.enisa.europa.eu ([fe80::f56f:f8ce:5205:7669]) by Xanthus.net1.enisa.europa.eu ([fe80::f56f:f8ce:5205:7669%15]) with mapi id 15.00.1347.000; Tue, 21 Nov 2017 12:54:09 +0200
From: Apostolos Malatras <Apostolos.Malatras@enisa.europa.eu>
To: "suit@ietf.org" <suit@ietf.org>
Thread-Topic: ENISA study "Baseline Security Recommendations for IoT in the context of CII" is out
Thread-Index: AdNiD2axmbr182t7QbS8nH2zzwjlNwAAAe3gACnTXTAAABEaUA==
Date: Tue, 21 Nov 2017 10:54:08 +0000
Message-ID: <92e39eb567b44a61a003fed1d3edd643@Xanthus.net1.enisa.europa.eu>
Accept-Language: en-US, en-GB
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.16.106.61]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/8KjxRzjkAENRvGI7kX_c-NB5R6A>
Subject: [Suit] ENISA study "Baseline Security Recommendations for IoT in the context of CII" is out
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Nov 2017 10:54:22 -0000

Dear all,

We are very happy to announce that the ENISA Study "Baseline Security Recom=
mendations for IoT in the context of CII" study is out:
https://www.enisa.europa.eu/news/enisa-news/defining-and-securing-the-inter=
net-of-things       =20

Please feel free to share the study with your networks.

Sincerely,
-Apostolos

---------------------------------------------------------------------------=
---------------------------
Dr Apostolos Malatras

Network and Information Security Expert
European Union Agency for Network & Information Security
Address:              1 Vass Sofias Str, Marousi 151 24, Attica, Greece
E- mail:                 Apostolos.Malatras@enisa.europa.eu
Office:                   +30 2814 409 630
Mobile:                 +30 6985 051 401

=20


From nobody Tue Nov 21 02:57:34 2017
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 33E9E12762F for <suit@ietfa.amsl.com>; Tue, 21 Nov 2017 02:57:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.911
X-Spam-Level: 
X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xYpewYXD22e4 for <suit@ietfa.amsl.com>; Tue, 21 Nov 2017 02:57:30 -0800 (PST)
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-ve1eur01on0087.outbound.protection.outlook.com [104.47.1.87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AD1CA126BF0 for <suit@ietf.org>; Tue, 21 Nov 2017 02:57:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=CgqzhFBMQFa7VsKhfMwjqLvFkoY8zewOod2MkgryvoA=; b=TV/qITWUqTl+fFod7WExMmLZzZbqlFCQ5MZWdM06WqNg2Khm+ADQXyrEfiSTwcwRSfPd1ZKKDMoI9+RKWFLun3tuYmxt0BivM6P452uaTgo88EE4IuW1YanFxVGljKzJkFCGlmIPce/pi7GXnOlXuZLAjcTaQP5vvQ/JSJzZqGU=
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com (10.167.90.148) by AM4PR0801MB2705.eurprd08.prod.outlook.com (10.167.90.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.239.5; Tue, 21 Nov 2017 10:57:26 +0000
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::edae:da33:a0c9:fe3f]) by AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::edae:da33:a0c9:fe3f%13]) with mapi id 15.20.0239.009; Tue, 21 Nov 2017 10:57:26 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Apostolos Malatras <Apostolos.Malatras@enisa.europa.eu>, "suit@ietf.org" <suit@ietf.org>
Thread-Topic: ENISA study "Baseline Security Recommendations for IoT in the context of CII" is out
Thread-Index: AdNiD2axwfUJ9VhMTLKIrg0ZGlBRGwAAAe3gACnTXTAAABEaUAAAElTw
Date: Tue, 21 Nov 2017 10:57:25 +0000
Message-ID: <AM4PR0801MB27065754700DEE7710A63B9CFA230@AM4PR0801MB2706.eurprd08.prod.outlook.com>
References: <92e39eb567b44a61a003fed1d3edd643@Xanthus.net1.enisa.europa.eu>
In-Reply-To: <92e39eb567b44a61a003fed1d3edd643@Xanthus.net1.enisa.europa.eu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com; 
x-originating-ip: [80.92.119.33]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM4PR0801MB2705; 6:UZZTYpHAole2EqNP7uh4AKb0vybXQXPFtdtrJNTts9UahLgI2fgkb43NtwFEIV/j3IiTDhub5Kaopl1dwjoX43F1yIRcKcvcHt/i9T1yik+1d6hTPnHS8Je4OAc7RMdbRH8K6eVThHgktua06zRcM0gKqHwLM7zLLbG63rXwD1YHuEhgZQ+VmCPSxmH5gP9EgT0ykxiN3ekWWrmdJaTTKZ/KDInuGTH00fVpShKmuTsU8qtJO8tiUV9NCN4/3b4Zn+QS77QosBSJjchnISZpIg7sx8EHtSK+1ALJUIoAqaCKNjZMjgpp8wbTaWva/Z921zUAff+YVTzQNe9ts4X8jVkxxVloW2wwqly/l+J1lKw=; 5:je32Wkd8LlWHfC0E3yZ2N4OV3UbgEsENxj1135WKt2I0XVOA5td0DeRLuTdLs/ugHuDZOi7mOeZeaP+SrGDqeaIBTramslEts0/E9DNvTh25vyZdHtRP1bOKJwBVxhVmt2mnjr183qtUdpVGm0G5oKq/9YuXZb81C1IYy90ng7I=; 24:mSxfJpMr1wiKUleU8hL8WLwryVtDs84n+uJLUplduH6/8jg02yVFHN9x/rVaKl0OKNUE1vMcqMFwkql2CXiFQzbli1Q2f2tLwnex2HXwxwU=; 7:hwITodfmuXaK/LGUu/PBfcmDKm8a3JekxX1jtn8PBA80Iu1qzFgQl6xDeCmA55owZFAu0LmQHReQXTZf5Mzjt5r6DlfFGqEOAU0HovW8FW0ZqFBkeC/k8Pk2fLIvoS+9gYqewmVxQbBgmly6W9sceRvkkU25hK6l2z+k+dz7jIoxgkiyfZBnhLCPCiPZTlhgzd9lByKdpATqc4pDvasyb51Svu0n+++f8dw1oIrXtqmIsaGV5fxIjV5dO7IiyMuw
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 52d345ad-c07d-43b4-7033-08d530cea6aa
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603199); SRVR:AM4PR0801MB2705; 
x-ms-traffictypediagnostic: AM4PR0801MB2705:
x-microsoft-antispam-prvs: <AM4PR0801MB2705053A9D81015DF1510E34FA230@AM4PR0801MB2705.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(278428928389397)(192374486261705)(66739203006769); 
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(100000703101)(100105400095)(10201501046)(3231022)(3002001)(93006095)(93001095)(6055026)(6041248)(20161123560025)(20161123558100)(20161123562025)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123555025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:AM4PR0801MB2705; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:AM4PR0801MB2705; 
x-forefront-prvs: 049897979A
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(376002)(346002)(39860400002)(199003)(189002)(40434004)(13464003)(111735001)(50986999)(86362001)(15650500001)(53546010)(72206003)(81166006)(81156014)(8676002)(102836003)(3846002)(6116002)(6306002)(966005)(68736007)(53936002)(105586002)(9686003)(99286004)(6246003)(5660300001)(14454004)(110136005)(316002)(2950100002)(66066001)(478600001)(2900100001)(5890100001)(3660700001)(5250100002)(305945005)(33656002)(97736004)(7696004)(74316002)(101416001)(106356001)(3280700002)(54356999)(189998001)(2501003)(7736002)(76176999)(229853002)(2906002)(25786009)(6506006)(8936002)(55016002)(6436002)(45673001); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR0801MB2705; H:AM4PR0801MB2706.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 52d345ad-c07d-43b4-7033-08d530cea6aa
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Nov 2017 10:57:25.9439 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0801MB2705
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/svLkh-Ds74BHHr4W6nh0yNI46hY>
Subject: Re: [Suit] ENISA study "Baseline Security Recommendations for IoT in the context of CII" is out
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Nov 2017 10:57:33 -0000

Thanks for sharing, Apostolos.

The recommendations also include firmware updates:

Secure Software / Firmware updates
- GP-TM-18: Ensure that the device software/firmware, its configuration and=
 its applications have the
ability to update Over-The-Air (OTA), that the update server is secure, tha=
t the update file is transmitted
via a secure connection, that it does not contain sensitive data (e.g. hard=
coded credentials), that it is
signed by an authorised trust entity and encrypted using accepted encryptio=
n methods, and that the
update package has its digital signature, signing certificate and signing c=
ertificate chain, verified by the
device before the update process begins.
-  GP-TM-19: Offer an automatic firmware update mechanism.
-  GP-TM-20: Backward compatibility of firmware updates. Automatic firmware=
 updates should not modify
user-configured preferences, security, and/or privacy settings without user=
 notification.

Ciao
Hannes

-----Original Message-----
From: Suit [mailto:suit-bounces@ietf.org] On Behalf Of Apostolos Malatras
Sent: 21 November 2017 11:54
To: suit@ietf.org
Subject: [Suit] ENISA study "Baseline Security Recommendations for IoT in t=
he context of CII" is out

Dear all,

We are very happy to announce that the ENISA Study "Baseline Security Recom=
mendations for IoT in the context of CII" study is out:
https://www.enisa.europa.eu/news/enisa-news/defining-and-securing-the-inter=
net-of-things

Please feel free to share the study with your networks.

Sincerely,
-Apostolos

---------------------------------------------------------------------------=
---------------------------
Dr Apostolos Malatras

Network and Information Security Expert
European Union Agency for Network & Information Security
Address:              1 Vass Sofias Str, Marousi 151 24, Attica, Greece
E- mail:                 Apostolos.Malatras@enisa.europa.eu
Office:                   +30 2814 409 630
Mobile:                 +30 6985 051 401



_______________________________________________
Suit mailing list
Suit@ietf.org
https://www.ietf.org/mailman/listinfo/suit
IMPORTANT NOTICE: The contents of this email and any attachments are confid=
ential and may also be privileged. If you are not the intended recipient, p=
lease notify the sender immediately and do not disclose the contents to any=
 other person, use it for any purpose, or store or copy the information in =
any medium. Thank you.


From nobody Tue Nov 21 18:13:51 2017
Return-Path: <tk47@nyu.edu>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2516E129BB5 for <suit@ietfa.amsl.com>; Tue, 21 Nov 2017 18:13:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nyu-edu.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tLOPKAC7h7Dr for <suit@ietfa.amsl.com>; Tue, 21 Nov 2017 18:13:47 -0800 (PST)
Received: from mail-it0-x230.google.com (mail-it0-x230.google.com [IPv6:2607:f8b0:4001:c0b::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CFFC6129C13 for <suit@ietf.org>; Tue, 21 Nov 2017 18:13:47 -0800 (PST)
Received: by mail-it0-x230.google.com with SMTP id 187so2670114iti.5 for <suit@ietf.org>; Tue, 21 Nov 2017 18:13:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nyu-edu.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Npxt7dxiRwr3x4AWxx+xQzYfPUOzXXpED+WjVz1G4PI=; b=NH1T2S9soOMIBaHLqHnf3KYFFhRx4Vn/GHEEWb8AVJqp5ttOsfz6MetmZdqSi2lXfu yC/hjWZ0pPAUFZwfxWzYV1z4UcBhluxCjQN38tam72r68TSETA9cyv7YUafP9Uf6GmnI f3zQim6G4j3uZWrOj1RVh7qFWO/xtcZiHunJoDw4mdxqndNWOoXQ8MvEfz3D47Iv9r/F 1YPiJNXHI3KUdZRSQZZfxgeJ5xdz/kKVbrr4l05toIaMmP8ktxyylDAfVprJRqugd27p J8AuYNLpEb3WnKtloAHl6X/VCc+Bdz2x903+wjeR+xo8q6Anm4sG7oNv6DqJ34WqDGmw YDUg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Npxt7dxiRwr3x4AWxx+xQzYfPUOzXXpED+WjVz1G4PI=; b=OpJPdIDxa3CDpOsuBBG63LI0A9JinMIeH3rLI6lhgPpU/uFTo3jih2cg+cwlHRxRz1 zpiJdmOxgXWsqdNTODlkd6PbRviT0SD6c4lcYRs2Skry7YHGb/Lmg4tDNGCdSmr0g/d+ aYnFxD73h+9VkWePBNU01prNXSH+QlIj4Gkd5vkjjUq7KZeWYgvR+/S8zDeypZcZ5Eav bXZm2eSw2oT9Vx9dKzlKHaKKS9UKdhjZ9zoxIKj9mkefXKZBM9Jv0Lxt/NebW4VB4vkl idQN7bt7fSwt34bvZuePhLRrJwqnMXeMZdWvvzEQ0vB1ggmscQXjsHf0ww+kTsFT2ec7 QySA==
X-Gm-Message-State: AJaThX5BgrnXTW1ph2pC9oGZQjuyNb0dO1Za+obOu4tJnRb0RyDJljYh 9yCdraR6hBcgwuYozT0ReJNTEYVFfmHkIf9d9z68uibv
X-Google-Smtp-Source: AGs4zMZ4xNW1BlzMPH2GkO4+XFt/wPYOymnmwDrC3lOpEys3oMfpPn9HqmB9YTvfLFkIoSEEMgkX2aO7jh+t1CdniUA=
X-Received: by 10.36.64.19 with SMTP id n19mr4465518ita.119.1511316826870; Tue, 21 Nov 2017 18:13:46 -0800 (PST)
MIME-Version: 1.0
Received: by 10.79.144.78 with HTTP; Tue, 21 Nov 2017 18:13:06 -0800 (PST)
In-Reply-To: <D951FA21-4F5A-4EED-9A4D-7C7ECB1811C5@tzi.org>
References: <CAJa2m-pjbm_C9x-pM1sVyuFr1_Bk5hE-TZgVQk0WCAcuvcngAw@mail.gmail.com> <59D85B3E-F838-4FBC-9012-82ABC997024B@arm.com> <CAJa2m-o8gS9eWX3B9O9qUZT2vOw7u_0uhvXK_Yoy1ztjyQpPOQ@mail.gmail.com> <D951FA21-4F5A-4EED-9A4D-7C7ECB1811C5@tzi.org>
From: Trishank Karthik Kuppusamy <trishank@nyu.edu>
Date: Tue, 21 Nov 2017 21:13:06 -0500
Message-ID: <CAJa2m-pL7wNJn3cdOyTGmFcxJ7twdMJOEjV-wZmkS4eXsZts5w@mail.gmail.com>
To: Carsten Bormann <cabo@tzi.org>
Cc: "suit@ietf.org" <suit@ietf.org>
Content-Type: multipart/alternative; boundary="001a1135337c9beae0055e88de78"
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/WFVALIsh2jkKNfnN8fLqMTz7Vvk>
Subject: Re: [Suit] Towards building a secure software update standard for IoT
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Nov 2017 02:13:50 -0000

--001a1135337c9beae0055e88de78
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Hello Carsten,

On Mon, Nov 20, 2017 at 6:41 AM, Carsten Bormann <cabo@tzi.org> wrote:

>
> Certainly, and for many devices this is a good way to obtain good securit=
y
> while using limited resources.
>
> However, this is not the right way to secure all deployments.
>
> The most important question is: Who holds the other copy of the symmetric
> key?
>
> * The manufacturer?
>
> Some manufacturers don=E2=80=99t want to have liability for being able to=
 control
> the devices.
> Some very much do want full control, but rather prefer to secure a chain
> of asymmetric keys instead of a large number of symmetric keys.
> (In any case, the asymmetric key will then be used to agree a symmetric
> key, and unless the device has lots of energy, one may not want to do thi=
s
> very often.  So the manufacturer will often still have to store symmetric
> keys, but these can then be limited in lifetime and dumped in an emergenc=
y.)
>
> * The owner?
>
> Many users are not set up for securely storing keys of this kind.
> If the key is stored in a smartphone or general purpose computer, that ma=
y
> get lost or damaged.
> Unless special software such as a password manager is used, there is also
> a good likelihood of key compromise.
>
> In case of loss (or compromise), there needs to be a key replacement
> mechanism.
>
> If physical access to the device is reasonably easy, and also can be
> limited to the owner (in multi-tenant situations it usually can=E2=80=99t=
), key
> replacement can be achieved by a physical connection or by printing a key
> recovery password on a part of the device that is not visible to an
> attacker.
>
> (E.g., IKEA prints a representation of the key itself on each Tr=C3=A5dfr=
i
> gateway.  A better way might be to print a password that can be used for
> setting a new key.)
>
> * What about others?
>
> None of this discusses the need for delegation =E2=80=94 the owner may be=
 a
> company that needs to delegate authorization to employees and contractors=
.
> This can be done by giving them symmetric keys with specific authorizatio=
ns
> attached (tickets), or tokens that can be checked by the device with its
> authorization manager (for which the device may use a symmetric key with
> the authorization manager, possibly using this key in an offline validati=
on
> of the token).
>
>
Thanks for your detailed reply!

I don't have much to say here, except to note that my only concern is what
happens when this symmetric key is compromised. Can it be used to
impersonate an OEM and / or an end-device? This is something to think about
when designing any compromise-resilient update mechanism, and recovering
from a key compromise.

Best regards,
Trishank

--001a1135337c9beae0055e88de78
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Hello Carsten,<br><div class=3D"gmail_extra"><br><div clas=
s=3D"gmail_quote">On Mon, Nov 20, 2017 at 6:41 AM, Carsten Bormann <span di=
r=3D"ltr">&lt;<a href=3D"mailto:cabo@tzi.org" target=3D"_blank">cabo@tzi.or=
g</a>&gt;</span> wrote:<br><blockquote class=3D"gmail_quote" style=3D"margi=
n:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class=3D"">=
<br>
</span>Certainly, and for many devices this is a good way to obtain good se=
curity while using limited resources.<br>
<br>
However, this is not the right way to secure all deployments.<br>
<br>
The most important question is: Who holds the other copy of the symmetric k=
ey?<br>
<br>
* The manufacturer?<br>
<br>
Some manufacturers don=E2=80=99t want to have liability for being able to c=
ontrol the devices.<br>
Some very much do want full control, but rather prefer to secure a chain of=
 asymmetric keys instead of a large number of symmetric keys.<br>
(In any case, the asymmetric key will then be used to agree a symmetric key=
, and unless the device has lots of energy, one may not want to do this ver=
y often.=C2=A0 So the manufacturer will often still have to store symmetric=
 keys, but these can then be limited in lifetime and dumped in an emergency=
.)<br>
<br>
* The owner?<br>
<br>
Many users are not set up for securely storing keys of this kind.<br>
If the key is stored in a smartphone or general purpose computer, that may =
get lost or damaged.<br>
Unless special software such as a password manager is used, there is also a=
 good likelihood of key compromise.<br>
<br>
In case of loss (or compromise), there needs to be a key replacement mechan=
ism.<br>
<br>
If physical access to the device is reasonably easy, and also can be limite=
d to the owner (in multi-tenant situations it usually can=E2=80=99t), key r=
eplacement can be achieved by a physical connection or by printing a key re=
covery password on a part of the device that is not visible to an attacker.=
<br>
<br>
(E.g., IKEA prints a representation of the key itself on each Tr=C3=A5dfri =
gateway.=C2=A0 A better way might be to print a password that can be used f=
or setting a new key.)<br>
<br>
* What about others?<br>
<br>
None of this discusses the need for delegation =E2=80=94 the owner may be a=
 company that needs to delegate authorization to employees and contractors.=
=C2=A0 This can be done by giving them symmetric keys with specific authori=
zations attached (tickets), or tokens that can be checked by the device wit=
h its authorization manager (for which the device may use a symmetric key w=
ith the authorization manager, possibly using this key in an offline valida=
tion of the token).<br>
<br>
</blockquote></div></div><div class=3D"gmail_extra"><br></div><div class=3D=
"gmail_extra">Thanks for your detailed reply!</div><div class=3D"gmail_extr=
a"><br></div><div class=3D"gmail_extra">I don&#39;t have much to say here, =
except to note that my only concern is what happens when this symmetric key=
 is compromised. Can it be used to impersonate an OEM and / or an end-devic=
e? This is something to think about when designing any compromise-resilient=
 update mechanism, and recovering from a key compromise.</div><div class=3D=
"gmail_extra"><br></div><div class=3D"gmail_extra">Best regards,</div><div =
class=3D"gmail_extra">Trishank<br></div></div>

--001a1135337c9beae0055e88de78--


From nobody Tue Nov 21 18:47:17 2017
Return-Path: <tk47@nyu.edu>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 25B46129477 for <suit@ietfa.amsl.com>; Tue, 21 Nov 2017 18:47:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level: 
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nyu-edu.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kYN6CCcbJFpV for <suit@ietfa.amsl.com>; Tue, 21 Nov 2017 18:47:13 -0800 (PST)
Received: from mail-io0-x229.google.com (mail-io0-x229.google.com [IPv6:2607:f8b0:4001:c06::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C886120713 for <suit@ietf.org>; Tue, 21 Nov 2017 18:47:13 -0800 (PST)
Received: by mail-io0-x229.google.com with SMTP id 79so14085697ioi.3 for <suit@ietf.org>; Tue, 21 Nov 2017 18:47:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nyu-edu.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=AHVM7BRS4rRaPODu0pOuAtkQN8hvnqpYzUsfTUCp1W4=; b=us2+Kpe+medZFMbF8G6Oq6xG5VNPiNP9j0c6P5HXkro3/FQm90rXMLWUKh2SOh6YfI PmNLkvhkPvv2HoOFv1oWhp7WLXCEdojMtDj8ogeuAN8ocVlvLOucFjH9smQ5R+45TqRh lLZp1Q8MqzNMgJsOdU1bs2hYemXrVe4WyXBqDPanK3ndAzh7GzKunINCrsXXAbB/FlX8 lwmHWKd9XkeOf3aDWAjQ57cnvHk7a+JRK/f3kYlGC26ak73wex13uzOA9ERRBBRPg0tm EyLhegufC4KKHzDyHowryf7AJT+zmKoFTgxc4FYPWz9dL/KbQOp6Urtko/4mUUnAt8f6 Tvrw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=AHVM7BRS4rRaPODu0pOuAtkQN8hvnqpYzUsfTUCp1W4=; b=KZVUJ/crbNRr9vTO5STQ8KQOqZyXoP6rMgPMukGNPHxyldQL/L4IBOIpLThptkvBem UWLuUWZIne/vLgmYkSqykkytAkSfN0TY2m/3JYRfi7LzR4+8tpZn7+QTJ8BdKPGjDcYz Bb84CwRT6oK0cMrlx6NOj5L7whOrl5pINdQdGXSJVtm3GnSu8fijGDR5vSTXF+pkyMFJ U19Dbe9lnxGacg0LNGUjaR6y6khKpaYVlrk8Gh6HAONu+XDLSnEfTxekg4u44knwtbnj qKNkYdUKMSFhfKb8kNlTcmLNoVMMLiIJT+4kKFQPw96p1yWu7h/538OQFGnnO6TPdWh8 Y7pA==
X-Gm-Message-State: AJaThX6e2L4P6bCHhI3XpiXojpzP6w3PoMhcf6ERCEjsKshwAPtGxdUJ /KV78OrsMTukykVNrbS6OVEQVwiWOwffc4zIYNkR8w==
X-Google-Smtp-Source: AGs4zMZlEm3kYUPrpRHKrMQnHqmYN/lioVROl/kN2rbHyhEAbRVrp/YA+T2dmT8OjEgRRCRNKjnjIotg0O+eu8smHs4=
X-Received: by 10.107.32.70 with SMTP id g67mr14883222iog.69.1511318832698; Tue, 21 Nov 2017 18:47:12 -0800 (PST)
MIME-Version: 1.0
Received: by 10.79.144.78 with HTTP; Tue, 21 Nov 2017 18:46:32 -0800 (PST)
In-Reply-To: <28125.1511186367@obiwan.sandelman.ca>
References: <CAJa2m-pjbm_C9x-pM1sVyuFr1_Bk5hE-TZgVQk0WCAcuvcngAw@mail.gmail.com> <16295.1510154792@obiwan.sandelman.ca> <CAJa2m-phD5a_qVPLXSpmXHG-mA+2V=17gp5D2V2nPn8uCdENCA@mail.gmail.com> <28125.1511186367@obiwan.sandelman.ca>
From: Trishank Karthik Kuppusamy <trishank@nyu.edu>
Date: Tue, 21 Nov 2017 21:46:32 -0500
Message-ID: <CAJa2m-oreTF=SA8DVQYj6yifuZDMWhbOuZzVkdnNeYqi_7Zoyw@mail.gmail.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: suit <suit@ietf.org>
Content-Type: multipart/alternative; boundary="001a1140ae2c2a6d39055e895615"
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/OHkbQDj5vqqb5UroWjDrqiIQwjI>
Subject: Re: [Suit] Towards building a secure software update standard for IoT
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Nov 2017 02:47:15 -0000

--001a1140ae2c2a6d39055e895615
Content-Type: text/plain; charset="UTF-8"

On Mon, Nov 20, 2017 at 8:59 AM, Michael Richardson <mcr+ietf@sandelman.ca>
wrote:

>
> While TLS gives us privacy in transit, it does not necessarily provide
> privacy at rest.  For instance, imagine the need to carry the firmware
> update
> From vehicle to vehicle on a USB key:  a firmware update that causes recall
> requiring an update at the garage.  (Maybe due to a vulnerability in the
> online update mechanism!).
>
> Such a key could easily get misplaced or the contents could become table.
>
> Such a firmware update might contain a list of vehicles to which the update
> applies.   It would be bad if the list of VINs or EUI-48/64s that that will
> accept the update was easily visible from the firmware contents.
> At the same time, there is the hassle of finding out what's really on the
> (usb) key! ("Do we still need this one? Is the software on it up to date?")
>

Yes, I think you're right, there are ways to solve this problem (e.g.,
end-to-end encryption) without hampering with software update security.

Regards,
Trishank

--001a1140ae2c2a6d39055e895615
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">On Mon, Nov 20, 2017 at 8:59 AM, Michael Richardson <span =
dir=3D"ltr">&lt;<a href=3D"mailto:mcr+ietf@sandelman.ca" target=3D"_blank">=
mcr+ietf@sandelman.ca</a>&gt;</span> wrote:<br><div class=3D"gmail_extra"><=
div class=3D"gmail_quote"><blockquote class=3D"gmail_quote" style=3D"margin=
:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class=3D""><=
/span><span class=3D""><br>
</span>While TLS gives us privacy in transit, it does not necessarily provi=
de<br>
privacy at rest.=C2=A0 For instance, imagine the need to carry the firmware=
 update<br>
>From vehicle to vehicle on a USB key:=C2=A0 a firmware update that causes r=
ecall<br>
requiring an update at the garage.=C2=A0 (Maybe due to a vulnerability in t=
he<br>
online update mechanism!).<br>
<br>
Such a key could easily get misplaced or the contents could become table.<b=
r>
<br>
Such a firmware update might contain a list of vehicles to which the update=
<br>
applies.=C2=A0 =C2=A0It would be bad if the list of VINs or EUI-48/64s that=
 that will<br>
accept the update was easily visible from the firmware contents.<br>
At the same time, there is the hassle of finding out what&#39;s really on t=
he<br>
(usb) key! (&quot;Do we still need this one? Is the software on it up to da=
te?&quot;)<br></blockquote><div><br></div><div>Yes, I think you&#39;re righ=
t, there are ways to solve this problem (e.g., end-to-end encryption) witho=
ut hampering with software update security.</div><div><br></div><div>Regard=
s,</div><div>Trishank<br></div></div></div></div>

--001a1140ae2c2a6d39055e895615--


From nobody Wed Nov 22 15:29:31 2017
Return-Path: <suhasietf@gmail.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 62858129410 for <suit@ietfa.amsl.com>; Wed, 22 Nov 2017 15:29:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.09
X-Spam-Level: 
X-Spam-Status: No, score=-0.09 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GzcZBVhLLCpq for <suit@ietfa.amsl.com>; Wed, 22 Nov 2017 15:29:28 -0800 (PST)
Received: from mail-ua0-x235.google.com (mail-ua0-x235.google.com [IPv6:2607:f8b0:400c:c08::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 73715126DFB for <suit@ietf.org>; Wed, 22 Nov 2017 15:29:28 -0800 (PST)
Received: by mail-ua0-x235.google.com with SMTP id j14so11691898uag.11 for <suit@ietf.org>; Wed, 22 Nov 2017 15:29:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;  h=mime-version:from:date:message-id:subject:to; bh=SXPN3FfnLE4a+70cxJXHGsDUlQiqMdQ/s3Wt0moShoc=; b=heS4UbRkrnAxWuVtudW+SEi0X1C/0sKAS6PBauWv/wckQw3XoKiKH+jZ8vZyg6NTCR srORKf6nKiL2pmFQDhuBI1E0qPt9b2a+xVg51S4oAtCzVIEDHz68FsbYq8aWjqFDQdYI Gek8ARf2cghxGX8b0i3+FrwlxZJLdn9VLOH9LO0XgpORW7EclPX2Mdk24GZVhrLZm8iK G3bp8NjfD6U08ctyiyOqD0jI6qHn0L+en0Lgk3SA7ljfuRBTllCp1Tw5HO8Vm2Demasg NFl42qpiimQRZ/ovvVoQ3sxckSrnRcj+p2jYZ8YPL2Yc6jyWKzaoNmOVIw18I5xPsUV4 DwyQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=SXPN3FfnLE4a+70cxJXHGsDUlQiqMdQ/s3Wt0moShoc=; b=jDCQVGmyHmY/RCJGMs6IcqBlrWnQLZYuPF1vrivD/GU4pkWa6lwH2jqfi4NV3tPFZx /1xEyL53cy3xOZvamQGp0JwiGcmr0/qOAUO/uSVi0c2ady3MSxBZL0TrbJB3Zbd+KALb xv8WfKcbIjjEpnA9kOu9p3BVrNRaG41lt0bFrtjtgno1bEccwU7SCH3Z8o2AFWOpWtyc 2X7JDyppFmuoun8FzN+91Kl7eFGlaXGw8fcCsDW98yvI8AmxfVG/BeiguETGQnVTOFCh QJ/xRlGK74O2VdYadhgasEDcTX2z3rGTII3j3/Ahl/lOlnDl9sO5zhIMGNHtAy8PZThu 0wCw==
X-Gm-Message-State: AJaThX6mLdqv84OX/CZRueuhqRBJbdgW9tmoiUPr9aex/kOJaGOWP1/o gXnCPnVOONyw3Txj9aEnlILgW1+KMLkYhBbJC8riSw==
X-Google-Smtp-Source: AGs4zMYPEAjUTR5EbDOMDp2DQsxKex6kyKBM/faIHAHaeQT/q3EGTwhafupTVqFfLgM9Jynp/cRP2pVPFkinAPnKqZw=
X-Received: by 10.159.38.225 with SMTP id 88mr11973571uay.4.1511393367096; Wed, 22 Nov 2017 15:29:27 -0800 (PST)
MIME-Version: 1.0
Received: by 10.159.33.194 with HTTP; Wed, 22 Nov 2017 15:29:26 -0800 (PST)
From: Suhas Nandakumar <suhasietf@gmail.com>
Date: Wed, 22 Nov 2017 15:29:26 -0800
Message-ID: <CAMRcRGQbXX5Cog=Jccgrkuz48oGnw0v3AAx-N20UaZhXbW=H5g@mail.gmail.com>
To: suit@ietf.org
Content-Type: multipart/alternative; boundary="94eb2c047deac3018c055e9ab02c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/QVvgY_mWuKeBPneCL32billNRtc>
Subject: [Suit] SUIT Charter: Firmware Server Discovery and Download Mechanism
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Nov 2017 23:29:30 -0000

--94eb2c047deac3018c055e9ab02c
Content-Type: text/plain; charset="UTF-8"

Hi,

I would like to propose additions to charter on scoping the work for
firmware server discovery and mechanism to download the same. This is very
important for interoperability and needed to make this work under several
controlled IOT deployments. IIRC, this was one of the updates that was
agreed upon during BOF discussions.

In this regard, the current charter says

"""

A firmware update solution consists of several components, including:

- A mechanism to transport firmware images to compatible devices.

- A manifest that provides meta-data about the firmware image (such as a
firmware package identifier, the hardware the package needs to run, and
dependencies on other firmware packages), as well as cryptographic
information for protecting the firmware image in an end-to-end fashion.

- The firmware image itself.

"""



I would like to propose following addition to the above list

   -

   Mechanisms to discover new firmware is available and the location to
   download it from


Cheers
Suhas Nandakumar

--94eb2c047deac3018c055e9ab02c
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><span id=3D"gmail-docs-internal-guid-7cd131fa-e60c-a113-91=
28-1ee856abbf76"><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;ma=
rgin-bottom:8pt"><span style=3D"font-size:11pt;font-family:Arial;background=
-color:transparent;vertical-align:baseline;white-space:pre-wrap">Hi,</span>=
</p><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:8=
pt"><span style=3D"font-size:11pt;font-family:Arial;background-color:transp=
arent;vertical-align:baseline;white-space:pre-wrap"> I would like to propos=
e additions to charter on scoping the work for firmware server discovery an=
d mechanism to download the same. This is very important for interoperabili=
ty and needed to make this work under several controlled IOT deployments. I=
IRC, this was one of the updates that was agreed upon during BOF discussion=
s.</span></p><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin=
-bottom:8pt"><span style=3D"font-size:11pt;font-family:Arial;background-col=
or:transparent;vertical-align:baseline;white-space:pre-wrap">In this regard=
, the current charter says </span></p><p dir=3D"ltr" style=3D"line-height:1=
.38;margin-top:0pt;margin-bottom:8pt"><span style=3D"font-size:11.5pt;font-=
family:Arial;vertical-align:baseline;white-space:pre-wrap">&quot;&quot;&quo=
t;</span></p><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin=
-bottom:8pt"><span style=3D"font-size:11.5pt;font-family:Arial;vertical-ali=
gn:baseline;white-space:pre-wrap">A firmware update solution consists of se=
veral components, including:</span></p><p dir=3D"ltr" style=3D"line-height:=
1.38;margin-top:0pt;margin-bottom:8pt"><span style=3D"font-size:11.5pt;font=
-family:Arial;vertical-align:baseline;white-space:pre-wrap">- A mechanism t=
o transport firmware images to compatible devices.</span></p><p dir=3D"ltr"=
 style=3D"line-height:1.38;margin-top:0pt;margin-bottom:8pt"><span style=3D=
"font-size:11.5pt;font-family:Arial;vertical-align:baseline;white-space:pre=
-wrap">- A manifest that provides meta-data about the firmware image (such =
as a firmware package identifier, the hardware the package needs to run, an=
d dependencies on other firmware packages), as well as cryptographic inform=
ation for protecting the firmware image in an end-to-end fashion.</span></p=
><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:8pt"=
><span style=3D"font-size:11.5pt;font-family:Arial;vertical-align:baseline;=
white-space:pre-wrap">- The firmware image itself.</span></p><p dir=3D"ltr"=
 style=3D"line-height:1.38;margin-top:0pt;margin-bottom:8pt">&quot;&quot;&q=
uot;</p><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bott=
om:8pt">=C2=A0</p><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;m=
argin-bottom:8pt"><span style=3D"font-size:11.5pt;font-family:Arial;vertica=
l-align:baseline;white-space:pre-wrap">I would like to propose following ad=
dition to the above list</span></p><ul style=3D"margin-top:0pt;margin-botto=
m:0pt"><li dir=3D"ltr" style=3D"list-style-type:disc;font-size:11.5pt;font-=
family:Arial;vertical-align:baseline"><p dir=3D"ltr" style=3D"line-height:1=
.38;margin-top:0pt;margin-bottom:8pt"><span style=3D"font-size:11.5pt;verti=
cal-align:baseline;white-space:pre-wrap">Mechanisms to discover new firmwar=
e is available and the location to download it from</span></p></li></ul><di=
v><font face=3D"Arial"><span style=3D"font-size:15.3333px;white-space:pre-w=
rap"><br></span></font></div><div><font face=3D"Arial"><span style=3D"font-=
size:15.3333px;white-space:pre-wrap">Cheers</span></font></div><div><font f=
ace=3D"Arial"><span style=3D"font-size:15.3333px;white-space:pre-wrap">Suha=
s Nandakumar</span></font></div></span></div>

--94eb2c047deac3018c055e9ab02c--


From nobody Wed Nov 22 15:31:20 2017
Return-Path: <suhasietf@gmail.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 96A5212944B for <suit@ietfa.amsl.com>; Wed, 22 Nov 2017 15:31:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.689
X-Spam-Level: 
X-Spam-Status: No, score=-2.689 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8c4jn6NOtQYs for <suit@ietfa.amsl.com>; Wed, 22 Nov 2017 15:31:15 -0800 (PST)
Received: from mail-vk0-x22f.google.com (mail-vk0-x22f.google.com [IPv6:2607:f8b0:400c:c05::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B085A129B46 for <suit@ietf.org>; Wed, 22 Nov 2017 15:31:15 -0800 (PST)
Received: by mail-vk0-x22f.google.com with SMTP id p144so10851510vkp.3 for <suit@ietf.org>; Wed, 22 Nov 2017 15:31:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;  h=mime-version:from:date:message-id:subject:to; bh=tuh4NK3R+Ij5HP3dPG+e/DA4d+valM1zi5tLNLgSKpo=; b=P6Y7+NI1ZcrkIOJdF7lUY7vG7SBVnKm44uhIpoYGIwy1Z/VPessxm1unK4ntu/te+8 jjfvOlhLStnVplvbBDDkCZRFp2/b/WbSU9WmzPjDV18ocWBQoOn9ETS5VBGbNClphrQy apBJCx7vmT3F1AJjfIyZikvrMiMsJ7Hyzn1GBJ9/McdUjUtf92lRs5PlaZf2EFekHG0h afSH0/BfH8uA7L2ocpFgfaQz3BAYlF4mWiEAaoz0jbnyPdfBKuEm6Ni4EVPZ+k8bkpY2 D7KKi2wLSvHr9G9AWeR82tT3gq1IUznd/e7nfQ3vmdWqwAl7h+t3f5GMZKZMwqCA3zr+ RjOA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=tuh4NK3R+Ij5HP3dPG+e/DA4d+valM1zi5tLNLgSKpo=; b=OuWQPakhx++uibiYwYf2UdSw7+auIdQnkjjGNQzDOaYf8JQnqT3HIQZ5EPNeRlq7xv uCvOujRy8NxjUETkLY/Pk9/LFW6455QjwlpIgx/3mia3TXv+NB1Egl1tiy0N9pvrEh98 ocIMtkmsRPh/3dIB5j2UUqPgxDIEJKann1kGecwIEiWWi+c1ACy299zUjIuoQCREYFL4 Cb8B4fLuZPvcPFF4M2oQD387NZc/4gYSkKfbV9S2TTvJoAsRh/EzR//TT0cuI2qIZNSq fB1TQQb8nnpcljWRxxze7L5gY9iZuDAZbRCtzLNos7xWlz+7UGpRlkSELsfki0ubNKdE oVSA==
X-Gm-Message-State: AJaThX5j5KcV3Z59QdO2TVd6ne2hsaRqSk4GEgSPUqxooJMM+HYQYis7 bJbWOMYgsleu5NT0PWlLAvaJkiV11ItTFNxYJvtozg==
X-Google-Smtp-Source: AGs4zMbqs6XLuPgWGbkkv7zS4FOxVgxzns/KP2WpqkT3eDP7rSCwr4opeZjpuHVneNHqtBYDgJ//OdkEdbhzpuPxbWY=
X-Received: by 10.31.237.71 with SMTP id l68mr17068163vkh.17.1511393474537; Wed, 22 Nov 2017 15:31:14 -0800 (PST)
MIME-Version: 1.0
Received: by 10.159.33.194 with HTTP; Wed, 22 Nov 2017 15:31:14 -0800 (PST)
From: Suhas Nandakumar <suhasietf@gmail.com>
Date: Wed, 22 Nov 2017 15:31:14 -0800
Message-ID: <CAMRcRGTGnEc6M1ywrW2TVo7Ueoi4TKhEhBvwriiS9vXE6imZbg@mail.gmail.com>
To: suit@ietf.org
Content-Type: multipart/alternative; boundary="94eb2c096da22a6f62055e9ab736"
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/0hGea9kQjWDBQ4YKnc4E_hKyTvo>
Subject: [Suit] SUIT Charter: RFC4108 Reference in the charter
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Nov 2017 23:31:18 -0000

--94eb2c096da22a6f62055e9ab736
Content-Type: text/plain; charset="UTF-8"

Hello All

The charter current says the following on the CMS or RFC 4108

"""

RFC 4108 provides a manifest format that uses the Cryptographic Message
Syntax (CMS) to protect firmware packages. More than ten years have passed
since the publication of RFC 4108, and greater experience with IoT
deployments has led to additional functionality, requiring a contemporary
standardized solution to be defined.

"""

I feel this para is not adding value to the WG objectives and should be
removed from the charter. IIRC the BOF discussions also indicated something
on the similar lines and RFC4108 is not in widespread use as of today.


Cheers

Suhas Nandakumar

--94eb2c096da22a6f62055e9ab736
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><span id=3D"gmail-docs-internal-guid-7cd131fa-e611-5465-62=
ed-80b15394bf3d"><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;ma=
rgin-bottom:8pt"><span style=3D"font-size:11pt;font-family:Arial;background=
-color:transparent;vertical-align:baseline;white-space:pre-wrap">Hello All<=
/span></p><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bo=
ttom:8pt"><span style=3D"font-size:11pt;font-family:Arial;background-color:=
transparent;vertical-align:baseline;white-space:pre-wrap">The charter curre=
nt says the following on the CMS or RFC 4108 </span></p><p dir=3D"ltr" styl=
e=3D"line-height:1.38;margin-top:0pt;margin-bottom:8pt"><span style=3D"font=
-size:11.5pt;font-family:Arial;vertical-align:baseline;white-space:pre-wrap=
">&quot;&quot;&quot;</span></p><p dir=3D"ltr" style=3D"line-height:1.38;mar=
gin-top:0pt;margin-bottom:8pt"><span style=3D"font-size:11.5pt;font-family:=
Arial;vertical-align:baseline;white-space:pre-wrap">RFC 4108 provides a man=
ifest format that uses the Cryptographic Message Syntax (CMS) to protect fi=
rmware packages. More than ten years have passed since the publication of R=
FC 4108, and greater experience with IoT deployments has led to additional =
functionality, requiring a contemporary standardized solution to be defined=
.</span></p><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-=
bottom:8pt"><span style=3D"font-size:11.5pt;font-family:Arial;vertical-alig=
n:baseline;white-space:pre-wrap">&quot;&quot;&quot;</span></p><p dir=3D"ltr=
" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:8pt"><span style=
=3D"font-size:11pt;font-family:Arial;background-color:transparent;vertical-=
align:baseline;white-space:pre-wrap">I feel this para is not adding value t=
o the WG objectives and should be removed from the charter. IIRC the BOF di=
scussions also indicated something on the similar lines and RFC4108 is not =
in widespread use as of today.</span></p><p dir=3D"ltr" style=3D"line-heigh=
t:1.38;margin-top:0pt;margin-bottom:8pt"><span style=3D"font-size:11pt;font=
-family:Arial;background-color:transparent;vertical-align:baseline;white-sp=
ace:pre-wrap"><br></span></p><p style=3D"line-height:1.38;margin-top:0pt;ma=
rgin-bottom:8pt"><span style=3D"font-size:11pt;font-family:Arial;background=
-color:transparent;vertical-align:baseline;white-space:pre-wrap">Cheers</sp=
an></p><p style=3D"line-height:1.38;margin-top:0pt;margin-bottom:8pt"><span=
 style=3D"font-size:11pt;font-family:Arial;background-color:transparent;ver=
tical-align:baseline;white-space:pre-wrap">Suhas Nandakumar</span></p><div>=
<span style=3D"font-size:11pt;font-family:Arial;background-color:transparen=
t;vertical-align:baseline;white-space:pre-wrap"><br></span></div></span></d=
iv>

--94eb2c096da22a6f62055e9ab736--


From nobody Wed Nov 22 15:34:11 2017
Return-Path: <suhasietf@gmail.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3DBCA129B46; Wed, 22 Nov 2017 15:34:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.711
X-Spam-Level: 
X-Spam-Status: No, score=0.711 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KneV4Co-woVk; Wed, 22 Nov 2017 15:34:08 -0800 (PST)
Received: from mail-ua0-x232.google.com (mail-ua0-x232.google.com [IPv6:2607:f8b0:400c:c08::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C190212944B; Wed, 22 Nov 2017 15:34:07 -0800 (PST)
Received: by mail-ua0-x232.google.com with SMTP id l25so11718184uag.8; Wed, 22 Nov 2017 15:34:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;  h=mime-version:from:date:message-id:subject:to; bh=9JeE44UuMvItWTo3l5DdqQm2jV+tqKYTEEqSZhV7v8g=; b=lfFANXdUughqBX9HY0do61zbga5JECp6oSNbbZaHLoy+zKvmTnLw9KhjHqTFW6bU6e WqH43l56JY8wZJRNE5xuCXXm3hwPfKUJEUs33xi82d1JyXwUtkZKO6o+c5Wvm6hjhESN 7CuR/MUM1a6MfMRhkZpn/HcQEm3FSSD+S2sIoOXWuErruK7c9pYv+lW2AYLtpnSzDR/o un0AoKm/PjnPS/lnLsujvEGVDmgb+CdFpg1xumJXOx1t7XAoAPRX/EYvbdw+oRtbCr0l qWc7BnZk/ntShgS++YpwVkL6UB4/qxUUiSohnfSHLT+Q49h9JsfsQwR2aRebv3bLjqXY tGDQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=9JeE44UuMvItWTo3l5DdqQm2jV+tqKYTEEqSZhV7v8g=; b=Aw7h8/i8Ai6pg9aK6IkdIwAKcGzo+5GAf2mjctT5Cz0iR+nrqXKVX2e2sJyBimQUTD 7EPrb13ul2cLRvVgLePIVbfZIOk2l7Tqj82ML6CS+RFz+lH9eXlAxQnftPRVz49+P13l 6Ywsf+pDPO5al7NFw4zUfnBNanankMhOYvIEFUJvuBvmvMUJwqoNn4QQOrsdjDPoZqay RRiSyHPAe3TrUu6n/wUPpidlFm0+z10J3OC1V2/X3iKAHZ/hQXFWVDrskLLzHMjncC9/ LhUx4ccT1fuc0ZlJMTfvJxgpQbS5IwYgBXgqihz71VSqMnrIZIeM5tVxIMAZ/JPgzH/A GUbg==
X-Gm-Message-State: AJaThX5JZ1dsIE/o4VIoj5eSj0pYxlpZqhjqJff6QZifjbeHxdsqWtBI QezVJvFZzFoMNDolL2BiEAd7P+JS3u1pFiC9h0U7ig==
X-Google-Smtp-Source: AGs4zMY5cvPkQ/34fg1C1Ir4JZzoe915cadegFrUsibo4qWwv2DxvYZHLS3yTPS2L9invJVyANVoDAEWcFHbDed93CU=
X-Received: by 10.176.89.79 with SMTP id o15mr16351920uad.163.1511393646780; Wed, 22 Nov 2017 15:34:06 -0800 (PST)
MIME-Version: 1.0
Received: by 10.159.33.194 with HTTP; Wed, 22 Nov 2017 15:34:06 -0800 (PST)
From: Suhas Nandakumar <suhasietf@gmail.com>
Date: Wed, 22 Nov 2017 15:34:06 -0800
Message-ID: <CAMRcRGSgvrhD9Z86vZ9V8hP-xui=gFRuRW6oyO_7y4Jz=MgH1Q@mail.gmail.com>
To: suit@ietf.org, suit-chairs@ietf.org
Content-Type: multipart/alternative; boundary="001a1149815c6ea59b055e9ac143"
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/ZleVaSmp1ATTHeyuJ-YivlIk5CU>
Subject: [Suit] Suit Charter Updates Process Question
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Nov 2017 23:34:09 -0000

--001a1149815c6ea59b055e9ac143
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Hi Kathleen and Chairs

I am bit confused on the actual process followed in updating the Suit
Charter. It looks like the current charter doesn=E2=80=99t seem to reflect =
fully
the consensus or discussion points from the BOF.

Also it would have been of great help if the updated charter was sent to
the SUIT mailing list for questions/consensus before getting uploaded to
the datatracker. I had to accidentally find it embedded in the BOF report
sent to saag mailing list.

Should questions/comments about the current charter sent to Suit mailing
list be the right way to follow up ? Also, Who is actually updating the
charter?

Please advice


Thanks

Suhas Nandakumar

--001a1149815c6ea59b055e9ac143
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><span id=3D"gmail-docs-internal-guid-7cd131fa-e613-58ba-35=
00-669400394fd0"><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;ma=
rgin-bottom:8pt"><span style=3D"font-size:11pt;font-family:Arial;background=
-color:transparent;vertical-align:baseline;white-space:pre-wrap">Hi Kathlee=
n and Chairs</span></p><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:=
0pt;margin-bottom:8pt"><span style=3D"font-size:11pt;font-family:Arial;back=
ground-color:transparent;vertical-align:baseline;white-space:pre-wrap"><spa=
n class=3D"gmail-Apple-tab-span" style=3D"white-space:pre">	</span></span><=
span style=3D"font-size:11pt;font-family:Arial;background-color:transparent=
;vertical-align:baseline;white-space:pre-wrap">I am bit confused on the act=
ual process followed in updating the Suit Charter. It looks like the curren=
t charter doesn=E2=80=99t seem to reflect fully the consensus or discussion=
 points from the BOF. </span></p><p dir=3D"ltr" style=3D"line-height:1.38;m=
argin-top:0pt;margin-bottom:8pt"><span style=3D"font-size:11pt;font-family:=
Arial;background-color:transparent;vertical-align:baseline;white-space:pre-=
wrap">Also it would have been of great help if the updated charter was sent=
 to the SUIT mailing list for questions/consensus before getting uploaded t=
o the datatracker. I had to accidentally find it embedded in the BOF report=
 sent to saag mailing list. </span></p><p dir=3D"ltr" style=3D"line-height:=
1.38;margin-top:0pt;margin-bottom:8pt"><span style=3D"font-size:11pt;font-f=
amily:Arial;background-color:transparent;vertical-align:baseline;white-spac=
e:pre-wrap">Should questions/comments about the current charter sent to Sui=
t mailing list be the right way to follow up ? Also, Who is actually </span=
><span style=3D"font-size:11pt;font-family:Arial;background-color:transpare=
nt;vertical-align:baseline;white-space:pre-wrap">updating</span><span style=
=3D"font-size:11pt;font-family:Arial;background-color:transparent;vertical-=
align:baseline;white-space:pre-wrap"> the charter?</span></p><p dir=3D"ltr"=
 style=3D"line-height:1.38;margin-top:0pt;margin-bottom:8pt"><span style=3D=
"font-size:11pt;font-family:Arial;background-color:transparent;vertical-ali=
gn:baseline;white-space:pre-wrap">Please advice</span></p><p dir=3D"ltr" st=
yle=3D"line-height:1.38;margin-top:0pt;margin-bottom:8pt"><span style=3D"fo=
nt-size:11pt;font-family:Arial;background-color:transparent;vertical-align:=
baseline;white-space:pre-wrap"><br></span></p><p style=3D"line-height:1.38;=
margin-top:0pt;margin-bottom:8pt"><span style=3D"font-size:11pt;font-family=
:Arial;background-color:transparent;vertical-align:baseline;white-space:pre=
-wrap">Thanks</span></p><p style=3D"line-height:1.38;margin-top:0pt;margin-=
bottom:8pt"><span style=3D"font-size:11pt;font-family:Arial;background-colo=
r:transparent;vertical-align:baseline;white-space:pre-wrap">Suhas Nandakuma=
r</span></p><div><span style=3D"font-size:11pt;font-family:Arial;background=
-color:transparent;vertical-align:baseline;white-space:pre-wrap"><br></span=
></div></span></div>

--001a1149815c6ea59b055e9ac143--


From nobody Wed Nov 22 15:39:55 2017
Return-Path: <suhasietf@gmail.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2BF2C12EB74 for <suit@ietfa.amsl.com>; Wed, 22 Nov 2017 15:39:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.689
X-Spam-Level: 
X-Spam-Status: No, score=-2.689 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g7WDCL20x230 for <suit@ietfa.amsl.com>; Wed, 22 Nov 2017 15:39:48 -0800 (PST)
Received: from mail-vk0-x231.google.com (mail-vk0-x231.google.com [IPv6:2607:f8b0:400c:c05::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 28089129BE0 for <suit@ietf.org>; Wed, 22 Nov 2017 15:39:47 -0800 (PST)
Received: by mail-vk0-x231.google.com with SMTP id o70so10850471vkc.9 for <suit@ietf.org>; Wed, 22 Nov 2017 15:39:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;  h=mime-version:from:date:message-id:subject:to; bh=SDbPnKOuD8fsIb1w0MiBr4YtW5NK9ZvkFNaxFq+8OwI=; b=BtbE9AiS69Ij2vC9+b6K6FbDwq003sKw29ldzNZCVxVuSqG3BuHqVvfOYbTT+pbJrj 3/wbU1TkMYrKGmRZ+CYyI++rMda7EGa9ewlQrE597IgARyGaf4pNtoWfbBsFDQEYq9Cs EhrqQAN0ghBxCfA5lRQtU4VZ9Q5VkELnith1gTToNcrmMFfOhGHELC6h9XNMLjUodQ6n 3f/I/jxhI8OmDvSTQOHWc5l5i9k4aHN/Afma2IBkxyT4FbK8Je+VN41qeWNgybGU2vi1 /xdVxoRepaSa9furTZMmw4NLrh8FDbWrkEa32f1LVZazEmR69l3b6qNSeY+h996SySYX U4pQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=SDbPnKOuD8fsIb1w0MiBr4YtW5NK9ZvkFNaxFq+8OwI=; b=hqfgrkAHVEvINs1/jDotVAjEgmyYT6zXtm7Q/yCVIlxsIx8FWuGoG/WSuVCV5c10nk HuGiYqEJKHqIJcaVphYXqteqPQKfPw6U6ukfY2nr6e0XQxYj4/NCJj6chRnzdj5/PBfk /yo1JyE89OAxPMn/Fg7UphSAshyryHb52XY+gD+Kk2ntrX7MpLmT4o9pKx4AdlO66XOe OcVku6aqKXWemKBoi76m2+ZdrGl/BQ4s2Vc5J18jQb+c4ys1IIbIM4ZJdmqn1yS0QDN8 I3ETAdFFJTj/BtC329qTXeqnSms5jcnFmWbpxJKoWaIgFxbZGODD6v4DNgn/TMTotEvF JO7g==
X-Gm-Message-State: AJaThX4Ra8g/i3oQhKkSOpzg/hmyl2DzZ9yxrqy9ScZatqRi3hegn6ut XS/VS/XUdvK3YSy9Bz/6hLkFIw/HkSDchQpKJwmjXA==
X-Google-Smtp-Source: AGs4zMb2QTCqYqC86irsoj5BxlN1MbjTNHrEV3Cfi4m94KyXQwRbwDaEIH/Xsk6YpQB/WxA1k51NNF39WIK6A36GCqA=
X-Received: by 10.31.41.138 with SMTP id p132mr18206554vkp.21.1511393986083; Wed, 22 Nov 2017 15:39:46 -0800 (PST)
MIME-Version: 1.0
Received: by 10.159.33.194 with HTTP; Wed, 22 Nov 2017 15:39:45 -0800 (PST)
From: Suhas Nandakumar <suhasietf@gmail.com>
Date: Wed, 22 Nov 2017 15:39:45 -0800
Message-ID: <CAMRcRGQDRiz8f4bib6mveDQ0R2Jzn4bQytDrxTxypkU9vTC5Qg@mail.gmail.com>
To: suit@ietf.org
Content-Type: multipart/alternative; boundary="001a113ef980a8021a055e9ad501"
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/PgpZo2x6dTYjOBYSjiDrrptDd3k>
Subject: [Suit] Suit Charter: Working Group Objectives - Another Try
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Nov 2017 23:39:52 -0000

--001a113ef980a8021a055e9ad501
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Hello All

The current charter has following text on the deliverables for this working
group. Having explicitly listing out of the objectives might be really
helpful here.

Also the current text misses elements on firmware server discovery that
gathered support during the BOF discussions as seen in the current charter
text

"""

In particular this group aims to publish several documents, namely:

- An IoT firmware update architecture that includes a description of the
involved entities, security threats, and assumptions.

- One or more manifest format specifications.=E2=80=9D

 """

Below (in italicized) is an an attempt to help clarify the WG objectives.
Please let me know your thoughts.



This WG will work on developing an interoperable secure firmware upgrade
solution for IoT devices that are constrained in their resources (such as
RAM, Flash). The solution must enable firmware upgrades for the IoT devices
under various deployment options (such as, deployments under constrained
network access typically controlled by an Enterprise IT department or
factory OT group as well as with open Internet access deployments).

An extensible manifest format to describe metadata about the firmware and
its security properties will be developed by this WG. The working group
will also develop and architect solution that enable the IoT devices to
locate the firmware update server (and manifest) via existing transport
protocol mechanisms.

In particular, this WG will perform the following work:

   -

   Document that defines the requirements for secure firmware upgrade
   solution.
   -

   Define a general architecture that enables secure IoT firmware upgrade
   describing involved elements, security threats, update server discovery =
and
   assumptions.
   -

   Document that describes the data model  that captures metadata and
   security properties about the firmware in the form of a manifest.
   -

   Define one or more encoding formats for the manifest.
   -

   Document describing use of existing transport and protocol mechanisms to
   locate and download the firmware.
   -

   A best current practices document that defines firmware installation
   process on the IoT device.


I believe something on the similar lines clearly identifies the working
objectives and deliverables for this effort.

Cheers
Suhas Nandakumar

--001a113ef980a8021a055e9ad501
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><span id=3D"gmail-docs-internal-guid-7cd131fa-e615-3440-1e=
8d-e850c831939f"><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;ma=
rgin-bottom:8pt"><span style=3D"font-size:11pt;font-family:Arial;background=
-color:transparent;vertical-align:baseline;white-space:pre-wrap">Hello All<=
/span></p><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bo=
ttom:8pt"><span style=3D"font-size:11pt;font-family:Arial;background-color:=
transparent;vertical-align:baseline;white-space:pre-wrap">The current chart=
er has following text on the deliverables for this working group. Having ex=
plicitly listing out of the objectives might be really helpful here. </span=
></p><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:=
8pt"><span style=3D"font-size:11pt;font-family:Arial;background-color:trans=
parent;vertical-align:baseline;white-space:pre-wrap">Also the current text =
misses elements on firmware server discovery that gathered support during t=
he BOF discussions as seen in the current charter text</span></p><p dir=3D"=
ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:8pt"><span styl=
e=3D"font-size:11.5pt;font-family:Arial;vertical-align:baseline;white-space=
:pre-wrap">&quot;&quot;&quot;</span></p><p dir=3D"ltr" style=3D"line-height=
:1.38;margin-top:0pt;margin-bottom:8pt"><span style=3D"font-size:11.5pt;fon=
t-family:Arial;vertical-align:baseline;white-space:pre-wrap">In particular =
this group aims to publish several documents, namely:</span></p><p dir=3D"l=
tr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:8pt"><span style=
=3D"font-size:11.5pt;font-family:Arial;vertical-align:baseline;white-space:=
pre-wrap">- An IoT firmware update architecture that includes a description=
 of the involved entities, security threats, and assumptions.</span></p><p =
dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:8pt"><sp=
an style=3D"font-size:11.5pt;font-family:Arial;vertical-align:baseline;whit=
e-space:pre-wrap">- One or more manifest format specifications.=E2=80=9D</s=
pan></p><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bott=
om:8pt">=C2=A0&quot;&quot;&quot;</p><p dir=3D"ltr" style=3D"line-height:1.3=
8;margin-top:0pt;margin-bottom:8pt"><span style=3D"font-size:11.5pt;font-fa=
mily:Arial;vertical-align:baseline;white-space:pre-wrap">Below (in italiciz=
ed) is an  an attempt to help clarify the WG objectives. Please let me know=
 your thoughts.</span></p><p dir=3D"ltr" style=3D"line-height:1.38;margin-t=
op:0pt;margin-bottom:8pt">=C2=A0</p><p dir=3D"ltr" style=3D"line-height:1.3=
8;margin-top:0pt;margin-bottom:8pt"><span style=3D"font-size:11pt;font-fami=
ly:Arial;background-color:transparent;vertical-align:baseline;white-space:p=
re-wrap"> </span><span style=3D"font-size:12pt;font-family:Arial;color:rgb(=
36,41,46);font-style:italic;vertical-align:baseline;white-space:pre-wrap">T=
his WG will work on developing an interoperable secure firmware upgrade sol=
ution for IoT devices that are constrained in their resources (such as RAM,=
 Flash). The solution must enable firmware upgrades for the IoT devices und=
er various deployment options (such as, deployments under constrained netwo=
rk access typically controlled by an Enterprise IT department or factory OT=
 group as well as with open Internet access deployments).</span></p><p dir=
=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:8pt"><span =
style=3D"font-size:12pt;font-family:Arial;color:rgb(36,41,46);font-style:it=
alic;vertical-align:baseline;white-space:pre-wrap">An extensible manifest f=
ormat to describe metadata about the firmware and its security properties w=
ill be developed by this WG. The working group will also develop and archit=
ect solution that enable the IoT devices to locate the firmware update serv=
er (and manifest) via existing transport protocol mechanisms.</span></p><p =
dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:12pt"><s=
pan style=3D"font-size:12pt;font-family:Arial;color:rgb(36,41,46);font-styl=
e:italic;vertical-align:baseline;white-space:pre-wrap">In particular, this =
WG will perform the following work:</span></p><ul style=3D"margin-top:0pt;m=
argin-bottom:0pt"><li dir=3D"ltr" style=3D"list-style-type:disc;font-size:1=
2pt;font-family:Arial;color:rgb(36,41,46);font-style:italic;vertical-align:=
baseline"><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bo=
ttom:0pt"><span style=3D"font-size:12pt;vertical-align:baseline;white-space=
:pre-wrap">Document that defines the requirements for secure firmware upgra=
de solution.</span></p></li><li dir=3D"ltr" style=3D"list-style-type:disc;f=
ont-size:12pt;font-family:Arial;color:rgb(36,41,46);font-style:italic;verti=
cal-align:baseline"><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt=
;margin-bottom:0pt"><span style=3D"font-size:12pt;vertical-align:baseline;w=
hite-space:pre-wrap">Define a general architecture that enables secure IoT =
firmware upgrade describing involved elements, security threats, update ser=
ver discovery and assumptions.</span></p></li><li dir=3D"ltr" style=3D"list=
-style-type:disc;font-size:12pt;font-family:Arial;color:rgb(36,41,46);font-=
style:italic;vertical-align:baseline"><p dir=3D"ltr" style=3D"line-height:1=
.38;margin-top:0pt;margin-bottom:0pt"><span style=3D"font-size:12pt;vertica=
l-align:baseline;white-space:pre-wrap">Document that describes the data mod=
el =C2=A0that captures metadata and security properties about the firmware =
in the form of a manifest.</span></p></li><li dir=3D"ltr" style=3D"list-sty=
le-type:disc;font-size:12pt;font-family:Arial;color:rgb(36,41,46);font-styl=
e:italic;vertical-align:baseline"><p dir=3D"ltr" style=3D"line-height:1.38;=
margin-top:0pt;margin-bottom:0pt"><span style=3D"font-size:12pt;vertical-al=
ign:baseline;white-space:pre-wrap">Define one or more encoding formats for =
the manifest.</span></p></li><li dir=3D"ltr" style=3D"list-style-type:disc;=
font-size:12pt;font-family:Arial;color:rgb(36,41,46);font-style:italic;vert=
ical-align:baseline"><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0p=
t;margin-bottom:12pt"><span style=3D"font-size:12pt;vertical-align:baseline=
;white-space:pre-wrap">Document describing use of existing transport and pr=
otocol mechanisms to locate and download the firmware.</span></p></li><li d=
ir=3D"ltr" style=3D"list-style-type:disc;font-size:12pt;font-family:Arial;c=
olor:rgb(36,41,46);font-style:italic;vertical-align:baseline"><p dir=3D"ltr=
" style=3D"line-height:1.38;margin-top:3pt;margin-bottom:12pt"><span style=
=3D"font-size:12pt;vertical-align:baseline;white-space:pre-wrap">A best cur=
rent practices document that defines firmware installation process on the I=
oT device.</span></p></li></ul><div><font color=3D"#24292e" face=3D"Arial">=
<span style=3D"font-size:16px;white-space:pre-wrap"><br></span></font></div=
><div><font color=3D"#24292e" face=3D"Arial"><span style=3D"font-size:16px;=
white-space:pre-wrap">I believe something on the similar lines clearly iden=
tifies the working objectives and deliverables for this effort.</span></fon=
t></div><div><font color=3D"#24292e" face=3D"Arial"><span style=3D"font-siz=
e:16px;white-space:pre-wrap"><br></span></font></div><div><font color=3D"#2=
4292e" face=3D"Arial"><span style=3D"font-size:16px;white-space:pre-wrap">C=
heers</span></font></div><div><font color=3D"#24292e" face=3D"Arial"><span =
style=3D"font-size:16px;white-space:pre-wrap">Suhas Nandakumar</span></font=
></div><div><font color=3D"#24292e" face=3D"Arial"><span style=3D"font-size=
:16px;white-space:pre-wrap"><i><br></i></span></font></div></span></div>

--001a113ef980a8021a055e9ad501--


From nobody Wed Nov 22 15:41:01 2017
Return-Path: <suhasietf@gmail.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B6FC126DFB for <suit@ietfa.amsl.com>; Wed, 22 Nov 2017 15:40:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.989
X-Spam-Level: 
X-Spam-Status: No, score=-1.989 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KMPPLKyeEcyK for <suit@ietfa.amsl.com>; Wed, 22 Nov 2017 15:40:57 -0800 (PST)
Received: from mail-ua0-x236.google.com (mail-ua0-x236.google.com [IPv6:2607:f8b0:400c:c08::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C7C91200F1 for <suit@ietf.org>; Wed, 22 Nov 2017 15:40:57 -0800 (PST)
Received: by mail-ua0-x236.google.com with SMTP id e10so11723402uah.10 for <suit@ietf.org>; Wed, 22 Nov 2017 15:40:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;  h=mime-version:from:date:message-id:subject:to; bh=m4ucCKi2GpEVKGThY+zgURoP2gM7C7BMUR/NUjj2bV0=; b=M/ismSJnMTsBbKlo4RybZ/o8gGQSyuca/mEg+pheZLztFGOLYdKNAAlMHM1qL9KzQO lHDU8Gl98U4Pb09Lz3kp/OwN0MoeqSBR2FxPjA+aY8zmwMx0rF70wT4gz40+rccKsjwz oo/sRrUKpdBqUTfpCxRDln9JQFx6qrgTHUN+lQdhVISgldAD36YyYoQJlSNwG30vO+D9 xrAjSFBE3CEI3Orv+E8BrxCA4v+Ftx+i+Pz/J95VY/0SmTnZyF95A35CF9smR9XZVP3p kugdFDOPtZ1KuDEuo4s3kxIOWE2RXL3pDJN1dVNXNAEl+qutiNe89D7GLbUH/jHNC5za NLog==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=m4ucCKi2GpEVKGThY+zgURoP2gM7C7BMUR/NUjj2bV0=; b=dBCOcLZp9yVqB2MyLwB1jODAIypQO/SFuOFSfFrY1hAAihGJ5zoZtU79/lvIYciA/6 u39+5MV9iY1HILoOXG2ykPgXXgpYq3fmDFgHlFwwCAjyxetMTRIn91muUJ+T6qZB0lud YTfTTK/QytkwWLfsWojTwwkdBxSBK17pC5FXtFbjLCr6XP1jIGcNxmAp+L+ay12q80Sk HthJ/3AyJ/elGZF71xvTUCkOJUh4jDtgkOQBn+K+SCn+vuF4iZV2QvpyZNbt8JcXCcWY 3RVbHXe7h0H46opG/Q1BKEDSCgiHtNd3c0+qzZhMC9+H1Dw9/w7i1ONxrVpMOz+i70NY jbgw==
X-Gm-Message-State: AJaThX4p//lZOf85DfAXtG4Y1grsZgatDpwso4Clb0AwWy9ew+QKvX/Z TwdPOI6xmgI8g4OB5cZOD8aB0Te5fzUkbggSA62b9Q==
X-Google-Smtp-Source: AGs4zMaLKEGunhi28wjDHsjUhlZhC9PI858rCIw9qfhpE8EU6cITg6iSdC1vr7+F/X4KXhDSGqFkf+BltbDxefnw5BQ=
X-Received: by 10.176.23.219 with SMTP id p27mr11830911uaf.19.1511394056661; Wed, 22 Nov 2017 15:40:56 -0800 (PST)
MIME-Version: 1.0
Received: by 10.159.33.194 with HTTP; Wed, 22 Nov 2017 15:40:56 -0800 (PST)
From: Suhas Nandakumar <suhasietf@gmail.com>
Date: Wed, 22 Nov 2017 15:40:56 -0800
Message-ID: <CAMRcRGQo_3ygGXeOEc0KR=E97Oax85p1L0UV62mMtv2E0zggaw@mail.gmail.com>
To: suit@ietf.org
Content-Type: multipart/alternative; boundary="f403043eca8cdcef4d055e9ad95e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/G8FpFbCfVbxViy4zPgAKCCYTZIc>
Subject: [Suit] Manifest Formats
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Nov 2017 23:40:59 -0000

--f403043eca8cdcef4d055e9ad95e
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Hi,

Current charter says

""" A lower number of formats is preferred to reduce code size for
supporting decoders on devices receiving a manifest and to maximize
interoperability of solutions

"""

I don=E2=80=99t think this is applicable since a device will support just o=
ne
format, The multiplicity of the formats is needed on the Firmware server to
support devices with different capabilities on the manifest encoding
format. This comment in the charter seems incorrect.


Cheers

Suhas Nandakumar

--f403043eca8cdcef4d055e9ad95e
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><span id=3D"gmail-docs-internal-guid-7cd131fa-e61a-0c0e-c5=
1f-3e958581860d"><p style=3D"line-height:1.38;margin-top:0pt;margin-bottom:=
8pt"><span style=3D"font-size:11pt;font-family:Arial;background-color:trans=
parent;vertical-align:baseline;white-space:pre-wrap">Hi, </span></p><p dir=
=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:8pt"><span =
style=3D"font-size:11pt;font-family:Arial;background-color:transparent;vert=
ical-align:baseline;white-space:pre-wrap">Current charter says</span></p><p=
 dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:8pt"><s=
pan style=3D"font-family:Arial;vertical-align:baseline;white-space:pre-wrap=
;font-size:14.6667px">&quot;&quot;&quot;
</span><span style=3D"font-size:11.5pt;font-family:Arial;vertical-align:bas=
eline;white-space:pre-wrap">A lower number of formats is preferred to reduc=
e code size for supporting decoders on devices receiving a manifest and to =
maximize interoperability of solutions</span></p><p dir=3D"ltr" style=3D"li=
ne-height:1.38;margin-top:0pt;margin-bottom:8pt"><font face=3D"Arial"><span=
 style=3D"font-size:15.3333px;white-space:pre-wrap">&quot;&quot;&quot;</spa=
n></font>=C2=A0</p><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;=
margin-bottom:8pt"><span style=3D"font-size:11.5pt;font-family:Arial;vertic=
al-align:baseline;white-space:pre-wrap">I don=E2=80=99t think this is appli=
cable since a device will support just one format, The multiplicity of the =
formats is needed on the Firmware server to support devices with different =
capabilities on the manifest encoding format. This comment in the charter s=
eems incorrect.</span></p><p dir=3D"ltr" style=3D"line-height:1.38;margin-t=
op:0pt;margin-bottom:8pt"><span style=3D"font-size:11.5pt;font-family:Arial=
;vertical-align:baseline;white-space:pre-wrap"><br></span></p><p style=3D"l=
ine-height:1.38;margin-top:0pt;margin-bottom:8pt"><span style=3D"font-size:=
11.5pt;font-family:Arial;vertical-align:baseline;white-space:pre-wrap">Chee=
rs</span></p><p style=3D"line-height:1.38;margin-top:0pt;margin-bottom:8pt"=
><span style=3D"font-size:11.5pt;font-family:Arial;vertical-align:baseline;=
white-space:pre-wrap">Suhas Nandakumar</span></p><div><span style=3D"font-s=
ize:11.5pt;font-family:Arial;vertical-align:baseline;white-space:pre-wrap">=
<br></span></div></span></div>

--f403043eca8cdcef4d055e9ad95e--


From nobody Wed Nov 22 15:43:50 2017
Return-Path: <suhasietf@gmail.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6EC6C12944B for <suit@ietfa.amsl.com>; Wed, 22 Nov 2017 15:43:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level: 
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id flMBiGtYJ1VJ for <suit@ietfa.amsl.com>; Wed, 22 Nov 2017 15:43:47 -0800 (PST)
Received: from mail-ua0-x235.google.com (mail-ua0-x235.google.com [IPv6:2607:f8b0:400c:c08::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A0288126DFB for <suit@ietf.org>; Wed, 22 Nov 2017 15:43:47 -0800 (PST)
Received: by mail-ua0-x235.google.com with SMTP id j14so11708215uag.11 for <suit@ietf.org>; Wed, 22 Nov 2017 15:43:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;  h=mime-version:from:date:message-id:subject:to; bh=vaacZfLC+ccav821BsFOL1YZdfW6zEGzv0wu/FjUBcI=; b=CL3Ts3tkaB17ILF/XWNSOtyHkxMkwU+aVMZAPmO1EhSZ5NsXFgj7wayt01Ry+DsnmT 1osERsz2tEruTA+eTZjgygFUgu8j0UpcbkzlpbsWipekk7/q7ih1iV+OXj+IW1vtijwC 3B8RZGtXcjcd6/8fpmMIm0A2UOClYZgyFw5LedoH5rGKIrdlgPzRJt8B3LziJnDC4Y1M Zfi+fiIGquGg0n9m7x7NMSm0HugcWT7oztcI2kSVS/HjzvxCBY2uA31y71O8U+VP4Gzt pWtVr7kmqlWi7X1DEsoTGjVrWd8ixTePJ8Ovl/pq9HVR9qCeZNd5Dbr26MN7mA6F+Cal gqZw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=vaacZfLC+ccav821BsFOL1YZdfW6zEGzv0wu/FjUBcI=; b=pkIWfatlCpYIq+qmd0Q3DEANoIuoFPZQIIzil40GkHRK4zDLepnYnADYSS7TVMMDhs 8vlDmVejKmx1hVpu+2J/3fyY8g3JHGLKC4WL36w81XrlYKdXV4SHoLfrwcuRJEJVQDsf ymScgamFA+7kCYa7OQip3I3YDofe1hgh+v6cfBQSB47mkYu/PqcPs/3pKbK9C5jIAWSh OhPigrh4rb97eWv9WbAZosPQ4B3IMcNnKYXENEvDaXoITAHKp8uEXdd10G0ttmpQT6k2 WGOSpOtgYgI48Zk9DOhwQDzendda7Ljnzv72czoLLpZ2Bjz9jnjNGNN+xdlZrOqNDMvQ gvkA==
X-Gm-Message-State: AJaThX4Bagcn6H6Hpt57o3VDlsjnakpdcshSnIro9zLi/O96zJRBKuL6 TIi4quK0S0hrGcMoNgzq4rbUSVyDBTtsFA4dVzDaIw==
X-Google-Smtp-Source: AGs4zMY4WA3t2sGmPObyXYTovMMjmHCFBMFunoXXo7lX4oOxxgMRKLGYhZQJo9MxGK3MRY/3f6NNVUcIWm3ieBMmTd8=
X-Received: by 10.159.38.225 with SMTP id 88mr11997446uay.4.1511394226495; Wed, 22 Nov 2017 15:43:46 -0800 (PST)
MIME-Version: 1.0
Received: by 10.159.33.194 with HTTP; Wed, 22 Nov 2017 15:43:46 -0800 (PST)
From: Suhas Nandakumar <suhasietf@gmail.com>
Date: Wed, 22 Nov 2017 15:43:46 -0800
Message-ID: <CAMRcRGSWgO_y+_zC_p=aD-aBsuKCth9fE8fniUgVg6nPWKa20g@mail.gmail.com>
To: suit@ietf.org
Content-Type: multipart/alternative; boundary="94eb2c047deafc65b6055e9ae3e8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/r8jnnhgDiLn3KlUzOA11LNty8wk>
Subject: [Suit] SUIT Charter: Multisource signed manifest and permission model
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Nov 2017 23:43:49 -0000

--94eb2c047deafc65b6055e9ae3e8
Content-Type: text/plain; charset="UTF-8"

Hi All,

The current charter says the following about allowing manifest and firmware
signed by different sources and having an expressive permissions model.

"""

To support a wide range of deployment scenarios, the formats are expected
to be expressive enough to allow the use of different software sources and
permission models.

"""


I think the whole idea of multiple people signing is very unclear on the
requirements and its applicability or its widespread use. Most common
deployments today follow the model of single vendor signing the firmware. A
certification lab might certify that a given version meets some
requirements and and an operator might use that information to decide what
version they deploy but neither the certification lab or the operator sign
anything.

I propose that the WG should reconsider this requirement for scoping
purposes and should consider multi-vendor signing/permissions model  as a
future extension instead. This should be removed unless we can specify what
the need is and be clear on the trust models supported.


Cheers
Suhas Nandakumar

--94eb2c047deafc65b6055e9ae3e8
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><span id=3D"gmail-docs-internal-guid-7cd131fa-e61b-3587-07=
b7-f66a4b37b0c5"><p style=3D"line-height:1.38;margin-top:0pt;margin-bottom:=
8pt"><span style=3D"font-size:11.5pt;font-family:Arial;vertical-align:basel=
ine;white-space:pre-wrap">Hi All,</span></p><p dir=3D"ltr" style=3D"line-he=
ight:1.38;margin-top:0pt;margin-bottom:8pt"><span style=3D"font-size:11.5pt=
;font-family:Arial;vertical-align:baseline;white-space:pre-wrap">The curren=
t charter says the following about allowing manifest and firmware signed by=
 different sources and having an expressive permissions model.</span></p><p=
 dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:8pt"><s=
pan style=3D"font-size:11.5pt;font-family:Arial;vertical-align:baseline;whi=
te-space:pre-wrap">&quot;&quot;&quot;</span></p><p dir=3D"ltr" style=3D"lin=
e-height:1.38;margin-top:0pt;margin-bottom:8pt"><span style=3D"font-size:11=
.5pt;font-family:Arial;vertical-align:baseline;white-space:pre-wrap">To sup=
port a wide range of deployment scenarios, the formats are expected to be e=
xpressive enough to allow the use of different software sources and permiss=
ion models. </span></p><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:=
0pt;margin-bottom:8pt"><span style=3D"font-size:11.5pt;font-family:Arial;ve=
rtical-align:baseline;white-space:pre-wrap">&quot;&quot;&quot;</span></p><p=
 dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:8pt">=
=C2=A0</p><span style=3D"font-size:11.5pt;font-family:Arial;vertical-align:=
baseline;white-space:pre-wrap">I think the whole idea of multiple people si=
gning is very unclear on the requirements and its applicability or its wide=
spread use. Most common deployments today follow the model of single vendor=
 signing the firmware. A certification lab might </span><span style=3D"font=
-size:11.5pt;font-family:Arial;vertical-align:baseline;white-space:pre-wrap=
">certify</span><span style=3D"font-size:11.5pt;font-family:Arial;vertical-=
align:baseline;white-space:pre-wrap"> that a given version meets some requi=
rements and and an operator might use that information to decide what versi=
on they deploy but  neither the certification lab or the </span><span style=
=3D"font-size:11.5pt;font-family:Arial;vertical-align:baseline;white-space:=
pre-wrap">operator</span><span style=3D"font-size:11.5pt;font-family:Arial;=
vertical-align:baseline;white-space:pre-wrap"> sign anything. </span></span=
><div><span><span style=3D"font-size:11.5pt;font-family:Arial;vertical-alig=
n:baseline;white-space:pre-wrap"><br></span></span></div><div><span><span s=
tyle=3D"font-size:11.5pt;font-family:Arial;vertical-align:baseline;white-sp=
ace:pre-wrap">I propose that the WG should reconsider this requirement for =
scoping purposes and should consider multi-vendor signing/permissions model=
 =C2=A0as a future extension instead. This should be removed </span><span s=
tyle=3D"font-size:11.5pt;font-family:Arial;vertical-align:baseline;white-sp=
ace:pre-wrap">unless</span><span style=3D"font-size:11.5pt;font-family:Aria=
l;vertical-align:baseline;white-space:pre-wrap"> we can specify what the ne=
ed is and be clear on the trust models supported. </span></span><br><div><s=
pan><span style=3D"font-size:11.5pt;font-family:Arial;vertical-align:baseli=
ne;white-space:pre-wrap"><br></span></span></div><div><span><span style=3D"=
font-size:11.5pt;font-family:Arial;vertical-align:baseline;white-space:pre-=
wrap"><br></span></span></div></div><div><span><span style=3D"font-size:11.=
5pt;font-family:Arial;vertical-align:baseline;white-space:pre-wrap">Cheers<=
/span></span></div><div><span><span style=3D"font-size:11.5pt;font-family:A=
rial;vertical-align:baseline;white-space:pre-wrap">Suhas Nandakumar</span><=
/span></div></div>

--94eb2c047deafc65b6055e9ae3e8--


From nobody Wed Nov 22 15:45:11 2017
Return-Path: <suhasietf@gmail.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D419C126DFB for <suit@ietfa.amsl.com>; Wed, 22 Nov 2017 15:45:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.989
X-Spam-Level: 
X-Spam-Status: No, score=-1.989 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lueEvuv_xWQ2 for <suit@ietfa.amsl.com>; Wed, 22 Nov 2017 15:45:08 -0800 (PST)
Received: from mail-ua0-x22e.google.com (mail-ua0-x22e.google.com [IPv6:2607:f8b0:400c:c08::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2A1961200F1 for <suit@ietf.org>; Wed, 22 Nov 2017 15:45:08 -0800 (PST)
Received: by mail-ua0-x22e.google.com with SMTP id e10so11728086uah.10 for <suit@ietf.org>; Wed, 22 Nov 2017 15:45:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;  h=mime-version:from:date:message-id:subject:to; bh=7g0mSltiuT0ZC6CG7o8R+dJDzTLnUpjI+UgOd2U817I=; b=J4BC9p7RoBpokQ26Smqs+dCQEmVlKK9euPHL1IHgkNuX5Xg0gW0ptc5MJRQRK9O++Y oQ3Bks0v2pCxgeTV5gYUlb06/ViXI8AKL04kT7f7Fk1OHNIG6R0Qk+GByZviFLOVJF6f Ya24Qnz4xEN+9XCJ25X6DDE1YUwMXxKo+nUObysJOtECW6PcNGSzletCJCSKAEUgN6/3 KRUYVPmDUoj9NNJgvsbh/neZlIUbMAuX45wVry8wquJNoYp//4CTzbgOmVBlrk6ZMatP 5Oiq5RKYBhkVyslb4Wf2Y8IerJYL6bY0zpgM0ooBzoNxW2n5Cwvuua/uP4UbW8HE8/Mv 3Qrw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=7g0mSltiuT0ZC6CG7o8R+dJDzTLnUpjI+UgOd2U817I=; b=SUsvxFNSR5e5/Zp7wBEef8P8mc0DiUnyykVnY1jjY7KGLDCr41JPQdbz3CWy6jZ2nh 7MQSAqhbhw+SPe19eBNNou/6k3w8Q0clciTZI+DKGeYhq/kaPI62dhEsMBo255pOcSEK +PCdwEakkQq3na118RJNVV5tADUMVD5up4llRwbHV1tqDta98xk9/89whe/EHnxW9VW8 RXfLiUJdFWitBTTFG8FAcWIfctmALWjZcG6z7Qpr6BoQJK3Ma1hahHU4STO2+4ew4sxN oIbsEvaMwI7zF5KUb1/vzdkoit0X3Jwa5SBpJ1OhT3sUxXQd5latYp184ADmvfXjiLOl OeBA==
X-Gm-Message-State: AJaThX57VCrXpwXij2CvL1CvWfsj91A+x+Ah6y1Cqm474u0fk7sxNptl 7GbPtn5xCQSpgh+KMCbR1EF+EMMmPHazPJvcz2MyJQ==
X-Google-Smtp-Source: AGs4zMbTaloFIMqSF2UldNcm9lUX3ot3CPyHeCQAJgeRGwhJbaaZtcNi4xfIRMW37s9mzM9AqXu+re/XndoIMODiTSw=
X-Received: by 10.176.17.199 with SMTP id q7mr20281501uac.49.1511394307098; Wed, 22 Nov 2017 15:45:07 -0800 (PST)
MIME-Version: 1.0
Received: by 10.159.33.194 with HTTP; Wed, 22 Nov 2017 15:45:06 -0800 (PST)
From: Suhas Nandakumar <suhasietf@gmail.com>
Date: Wed, 22 Nov 2017 15:45:06 -0800
Message-ID: <CAMRcRGQ=xrV8ybtVrfVc-=_A4-w2p+-UPZU7-3KoxMPAr+bDrg@mail.gmail.com>
To: suit@ietf.org
Content-Type: multipart/alternative; boundary="f403045d7a24ca4d15055e9ae8cd"
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/m81jaVF-R8lim2RaF8d-dWm8HS4>
Subject: [Suit] Suit Charter: WG Relationships to Others
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Nov 2017 23:45:10 -0000

--f403045d7a24ca4d15055e9ae8cd
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Hello All


Current charter text says the following on the matter in the subject

"""

This group will aim to maintain a close relationship with silicon vendors
and OEMs that develop IoT operating systems.

"""


I suggest that it is more important for this group=E2=80=99s success is als=
o to
maintain relationships with the people that actually build and deploy IOT
devices and these should also be added here.


Cheers

Suhas Nandakumar

--f403045d7a24ca4d15055e9ae8cd
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><span id=3D"gmail-docs-internal-guid-7cd131fa-e61d-ab52-ae=
8d-1211db8cb2e4"><p style=3D"line-height:1.38;margin-top:0pt;margin-bottom:=
8pt"><span style=3D"background-color:transparent;color:rgb(0,0,0);font-fami=
ly:Arial;font-size:11pt;white-space:pre-wrap">Hello All</span></p><p style=
=3D"line-height:1.38;margin-top:0pt;margin-bottom:8pt"><span style=3D"backg=
round-color:transparent;color:rgb(0,0,0);font-family:Arial;font-size:11pt;w=
hite-space:pre-wrap"><br></span></p><p style=3D"line-height:1.38;margin-top=
:0pt;margin-bottom:8pt"><span style=3D"background-color:transparent;color:r=
gb(0,0,0);font-family:Arial;font-size:11pt;white-space:pre-wrap">Current ch=
arter text says the following on the matter in the subject</span><br></p><p=
 dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:8pt"><s=
pan style=3D"font-size:12pt;font-family:Arial;color:rgb(36,41,46);vertical-=
align:baseline;white-space:pre-wrap">&quot;&quot;&quot;</span></p><p dir=3D=
"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:8pt"><span sty=
le=3D"font-size:12pt;font-family:Arial;color:rgb(36,41,46);vertical-align:b=
aseline;white-space:pre-wrap">This group will aim to maintain a close relat=
ionship with silicon vendors and OEMs that develop IoT operating systems.</=
span></p><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bot=
tom:8pt"><span style=3D"font-size:12pt;font-family:Arial;color:rgb(36,41,46=
);vertical-align:baseline;white-space:pre-wrap">&quot;&quot;&quot;</span></=
p><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:8pt=
"><span style=3D"font-size:12pt;font-family:Arial;color:rgb(36,41,46);verti=
cal-align:baseline;white-space:pre-wrap"><br></span></p><p dir=3D"ltr" styl=
e=3D"line-height:1.38;margin-top:0pt;margin-bottom:8pt"><span style=3D"font=
-size:12pt;font-family:Arial;color:rgb(36,41,46);vertical-align:baseline;wh=
ite-space:pre-wrap">I suggest that it is more important for this group=E2=
=80=99s success is also to maintain relationships with the people that actu=
ally build and deploy IOT devices and these should also be added here.</spa=
n></p><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom=
:8pt"><span style=3D"font-size:12pt;font-family:Arial;color:rgb(36,41,46);v=
ertical-align:baseline;white-space:pre-wrap"><br></span></p><p style=3D"lin=
e-height:1.38;margin-top:0pt;margin-bottom:8pt"><span style=3D"font-size:12=
pt;font-family:Arial;color:rgb(36,41,46);vertical-align:baseline;white-spac=
e:pre-wrap">Cheers</span></p><p style=3D"line-height:1.38;margin-top:0pt;ma=
rgin-bottom:8pt"><span style=3D"font-size:12pt;font-family:Arial;color:rgb(=
36,41,46);vertical-align:baseline;white-space:pre-wrap">Suhas Nandakumar</s=
pan></p><div><span style=3D"font-size:12pt;font-family:Arial;color:rgb(36,4=
1,46);vertical-align:baseline;white-space:pre-wrap"><br></span></div></span=
></div>

--f403045d7a24ca4d15055e9ae8cd--


From nobody Wed Nov 22 15:46:06 2017
Return-Path: <suhasietf@gmail.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D4FE01200F1 for <suit@ietfa.amsl.com>; Wed, 22 Nov 2017 15:46:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.989
X-Spam-Level: 
X-Spam-Status: No, score=-1.989 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vZZaq3Ou3Z2F for <suit@ietfa.amsl.com>; Wed, 22 Nov 2017 15:46:03 -0800 (PST)
Received: from mail-vk0-x236.google.com (mail-vk0-x236.google.com [IPv6:2607:f8b0:400c:c05::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EE7D2126DFB for <suit@ietf.org>; Wed, 22 Nov 2017 15:46:02 -0800 (PST)
Received: by mail-vk0-x236.google.com with SMTP id p80so10826745vkd.10 for <suit@ietf.org>; Wed, 22 Nov 2017 15:46:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;  h=mime-version:from:date:message-id:subject:to; bh=rA410iuv+7KtOaqnzavtl8kKMTMhIBNGQFDmUKwTdg4=; b=RPRzz5v/dheHrLsnMVzQXcwoul16nZb6JlmMob1Mhq+8DtLQuBBEqkxgeTtxH43pJX ckVtrJwdV7ePQdFw7R8Fa8bzfJw/u/R/gJt2n+/EcmW6eoVKGNTXeCT9f4TY+Z95Da8W hM/RNDi9CvSDv/V0Jp3M9Wm4fLLQF2vV+ppDUEKGT9dajwMb03vB3cmYT9IPeQWiXU7E ol+zJOP1BqFeA3QdwS0IQhg94HGlUJIrmHnIw97wLuecQxnbVTtVA+y5lFHwWGgCgg24 dpgRxjS8byVASZ6v/DFT6OWd51qAVzRtu8dFNfFAbZeAwJbBUWPhJKpyFqoevkx8Ipm3 rBbg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=rA410iuv+7KtOaqnzavtl8kKMTMhIBNGQFDmUKwTdg4=; b=NbG0nJDSkIe0sgsI1wt1LOt0oF4O65y29iswvRwBez/P8Osf3qYrx4URYGvl6Ep2FZ zpQcgI+lGfdm+ZOrYUhdzJiDFlmpNxJCI2yAhjXORD2dnmmEVZbiVl5L+dVj1UVk9BC0 U5m12+wLJiS7BlbgtfbUBtMhCxy7/AUV8oS35pfMMNoeZcAFnlbsLeE1DC00Df9dj54x lMAjtAGY4YF5L08XT/RBQdM7nHiUNwU5CvHCz3LOqfopFwxR04xx8z/RplozD+ek6oYB 3I70nl0eTuBvYCbD+P+yecbHE7MrlVzkoOkhziy1upns9xknIMwPN8f3xvr9VWojgxER 8u7g==
X-Gm-Message-State: AJaThX5XeFuY2GATypQVS7IFGqBUHeT+BwskCsTKKFLW6bYCZsXHWtms fvWyBZasE97LTylPyQ7NpzpS4ObtzpfvlPqGV91r+g==
X-Google-Smtp-Source: AGs4zMZnGBGzTdP4cyCUA4rrWqsgiE7ylMZ4VDSTI2VqciryafllZqxMPUN5q5Qfoyxul7ZdDJL99iFObYGFSA/kKOg=
X-Received: by 10.31.56.10 with SMTP id f10mr15453982vka.106.1511394361994; Wed, 22 Nov 2017 15:46:01 -0800 (PST)
MIME-Version: 1.0
Received: by 10.159.33.194 with HTTP; Wed, 22 Nov 2017 15:46:01 -0800 (PST)
From: Suhas Nandakumar <suhasietf@gmail.com>
Date: Wed, 22 Nov 2017 15:46:01 -0800
Message-ID: <CAMRcRGS9Exxr8w94AmrMb1ww6ffjtz6gSHCXXosD695AJDJySw@mail.gmail.com>
To: suit@ietf.org
Content-Type: multipart/alternative; boundary="001a1143e9b60ff455055e9aec53"
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/0UFjykeVNeSG2zZADP3_42-VNqo>
Subject: [Suit] Suit Charter: IOTSU Workshop information in the Charter
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Nov 2017 23:46:05 -0000

--001a1143e9b60ff455055e9aec53
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Hello All

I am trying to get my head around the purpose of the following text in the
charter about IOTSU workshop to the WG objectives and deliverables. If we
think capturing IOTSU workshop background aids in WG objectives, we might
have to reword the current text to capture the intent. Otherwise, i propose
removing the below text from the charter.

=E2=80=9CIn June of 2016 the Internet Architecture Board organized a worksh=
op on
'Internet of Things (IoT) Software Update (IOTSU)', which took place at
Trinity College in Dublin, Ireland. The main goal of the workshop was to
foster a discussion on requirements, challenges, and solutions for bringing
software and firmware updates to IoT devices. This workshop also made clear
that there are challenges with misaligned incentives and complex value
chains. It is nevertheless seen as important to create=E2=80=9D

Thanks
Suhas Nandakumar

--001a1143e9b60ff455055e9aec53
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><span id=3D"gmail-docs-internal-guid-7cd131fa-e61e-e6d3-24=
c5-cf122443306c"><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;ma=
rgin-bottom:8pt"><span style=3D"font-size:11pt;font-family:Arial;background=
-color:transparent;vertical-align:baseline;white-space:pre-wrap">Hello All<=
/span></p><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bo=
ttom:8pt"><span style=3D"font-size:11pt;font-family:Arial;background-color:=
transparent;vertical-align:baseline;white-space:pre-wrap">I am trying to ge=
t my head around the purpose of the following text in the charter about IOT=
SU workshop to the WG objectives and deliverables. If we think capturing IO=
TSU workshop background aids in WG objectives, we might have to reword the =
current text to capture the intent. Otherwise, i propose removing the below=
 text from the charter.</span></p><p dir=3D"ltr" style=3D"line-height:1.38;=
margin-top:0pt;margin-bottom:8pt"><span style=3D"font-size:11.5pt;font-fami=
ly:Arial;vertical-align:baseline;white-space:pre-wrap">=E2=80=9CIn June of =
2016 the Internet Architecture Board organized a workshop on &#39;Internet =
of Things (IoT) Software Update (IOTSU)&#39;, which took place at Trinity C=
ollege in Dublin, Ireland. The main goal of the workshop was to foster a di=
scussion on requirements, challenges, and solutions for bringing software a=
nd firmware updates to IoT devices. This workshop also made clear that ther=
e are challenges with misaligned incentives and complex value chains. It is=
 nevertheless seen as important to create=E2=80=9D</span></p><div><span sty=
le=3D"font-size:11.5pt;font-family:Arial;vertical-align:baseline;white-spac=
e:pre-wrap"><br></span></div><div><span style=3D"font-size:11.5pt;font-fami=
ly:Arial;vertical-align:baseline;white-space:pre-wrap">Thanks</span></div><=
div><span style=3D"font-size:11.5pt;font-family:Arial;vertical-align:baseli=
ne;white-space:pre-wrap">Suhas Nandakumar</span></div><div><span style=3D"f=
ont-size:11.5pt;font-family:Arial;vertical-align:baseline;white-space:pre-w=
rap"><br></span></div></span></div>

--001a1143e9b60ff455055e9aec53--


From nobody Wed Nov 22 15:46:16 2017
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F21E129B46 for <suit@ietfa.amsl.com>; Wed, 22 Nov 2017 15:46:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id APiPa4MJIs0p for <suit@ietfa.amsl.com>; Wed, 22 Nov 2017 15:46:09 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F107F1200F1 for <suit@ietf.org>; Wed, 22 Nov 2017 15:46:08 -0800 (PST)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 2FB6D20008; Wed, 22 Nov 2017 18:48:15 -0500 (EST)
Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id E628C82B25; Wed, 22 Nov 2017 18:46:07 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Suhas Nandakumar <suhasietf@gmail.com>
cc: suit@ietf.org
In-Reply-To: <CAMRcRGQbXX5Cog=Jccgrkuz48oGnw0v3AAx-N20UaZhXbW=H5g@mail.gmail.com>
References: <CAMRcRGQbXX5Cog=Jccgrkuz48oGnw0v3AAx-N20UaZhXbW=H5g@mail.gmail.com>
X-Mailer: MH-E 8.6; nmh 1.7-RC3; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature"
Date: Wed, 22 Nov 2017 18:46:07 -0500
Message-ID: <589.1511394367@obiwan.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/LEu-UcewvDZ1KYhsp789rA4aEzE>
Subject: Re: [Suit] SUIT Charter: Firmware Server Discovery and Download Mechanism
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Nov 2017 23:46:10 -0000

--=-=-=
Content-Type: text/plain


Suhas Nandakumar <suhasietf@gmail.com> wrote:
    > I would like to propose following addition to the above list

    > *   Mechanisms to discover new firmware is available and the location
    > to download it from

I'm actually okay with this in the charter, provided that we don't invent
anything new.   I can imagine doint this with CoAP OBSERVE, DNS-SD, HTTP requests,
and I'm sure I'll think of four more in a minute.

--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-




--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAloWDD8ACgkQgItw+93Q
3WVj/Qf+Mn/eBS2iA256UGcZiSitszifi2ETZJDt5UvikE3dbEGqdAwkccOrIKyR
h3t+wBtUrIHwVe+fhxKlywuKkyuID43+Kw+NQNtT0rXrcSJQB5S8oYGfRE+QaXYV
TQ+q3RWzIpLVmkclFIE3MDM7tFox5mudmzfp4euEHJiVHruaziqkkD2VWPeBz6Yz
T0U5xapsfL5AN46h+onvJbXaOq+NCj43dv3ZWw5MFgCnXoI0gmEg74ZnzKAdfo6F
rMlf+Gt9wOQm4s8MWj4iC18eStyhbAj7QlrARX2yx1wWfc4HFju8x2QuI6sbYO49
tlf+VzF9Js3FEVeAFZl2o05TP47vjQ==
=5L4n
-----END PGP SIGNATURE-----
--=-=-=--


From nobody Wed Nov 22 15:50:57 2017
Return-Path: <suhasietf@gmail.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 57D53126B6E for <suit@ietfa.amsl.com>; Wed, 22 Nov 2017 15:50:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Level: 
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E-nUrR-idttw for <suit@ietfa.amsl.com>; Wed, 22 Nov 2017 15:50:54 -0800 (PST)
Received: from mail-vk0-x22c.google.com (mail-vk0-x22c.google.com [IPv6:2607:f8b0:400c:c05::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7F8B61200F1 for <suit@ietf.org>; Wed, 22 Nov 2017 15:50:54 -0800 (PST)
Received: by mail-vk0-x22c.google.com with SMTP id s141so5035376vkb.12 for <suit@ietf.org>; Wed, 22 Nov 2017 15:50:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;  h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=S0YEoZZHl23FtcHOzdj7VQNAUzTm/9JioMRUJFV4SlI=; b=b7iSvVi3LDfq+70jhcsPjpDZ9JyPxIiYR0VhY4MpRcVI9FqMasyg6iS7c4tKZwsIGb FMR8eeo6hJ/EcuWdIEuvQqIcXAtSI6k+Ed0wAXfUV2HzASUSVAZQpM53+dcgDNiXiQPq vZ5fxN5V70y6pZ9099Qo+HvdDh38Jm7ZU5Isnp/1j/7RMkUjOuCQqEnpoB/ARZ601mkr JU9CrPJ12nIKvWJmkx8pr64BAxwAQj28OZtKlkXLD6xVr5dK4J/7QPU4t5ylB+NfoiNY nnoBdBbXN0e86hwgZQGh/9UTLQviHXjSxATWahz0yUnZHx0QchGN7kle6HCWoTPl9rl+ T8QA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=S0YEoZZHl23FtcHOzdj7VQNAUzTm/9JioMRUJFV4SlI=; b=WRTspAzEpiZq1JcBkBRJqgvReHQIWTBsCTw5Nnr8eNNS7xmJYkXbi+2BoUBl2mk2ny PCBRMDYUt4QUcq2gq4eaeJEXncdB1y4jT9Yzx2xGAhDfOzNY4qeNnYj8tGWwucoKOMuw +XFV04JptyiA21635Yhl7J3Ta8VFU80iGdRyIdF83XF/7wNmh8327yDlTZ5INbCmJZzb IwOQD1xyn5s475nLOb/x4HcvIsvxdFZ4HeaunCEssPjXGXPMb5xlfsQLCZUcNS2CXG5h 8tirI3FRToCMxLHzi4k/kQxqxihqPo0Nww7XM+1pEQ9dllARbfogQhbRXjVmAMFzmmm8 Y6dA==
X-Gm-Message-State: AJaThX5kKvtmkkzinncLNn0/jFrOGwUehChYlx+i910CMp+EHgRKJqjb TDWD1kQcIh4UmcJcwP97fY6r465COV16zf/JyRQ=
X-Google-Smtp-Source: AGs4zMYelMg2I1eIm09C8dlJFZB7vf24nBo1/lXydBqs6scPvJhW007xsLWOpdVW4KsTNFtmx25Ja5pIf3qJ0V6mhoA=
X-Received: by 10.31.252.15 with SMTP id a15mr18167761vki.33.1511394653675; Wed, 22 Nov 2017 15:50:53 -0800 (PST)
MIME-Version: 1.0
Received: by 10.159.33.194 with HTTP; Wed, 22 Nov 2017 15:50:53 -0800 (PST)
In-Reply-To: <589.1511394367@obiwan.sandelman.ca>
References: <CAMRcRGQbXX5Cog=Jccgrkuz48oGnw0v3AAx-N20UaZhXbW=H5g@mail.gmail.com> <589.1511394367@obiwan.sandelman.ca>
From: Suhas Nandakumar <suhasietf@gmail.com>
Date: Wed, 22 Nov 2017 15:50:53 -0800
Message-ID: <CAMRcRGTFc3Ru63Kra5F+tLmJAb3xzyMwCB5o5Xd-uZcCk0kSkA@mail.gmail.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: suit@ietf.org
Content-Type: multipart/alternative; boundary="94eb2c1497ca72a404055e9afde5"
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/F8AIlQnwF6-tN6sdkxwkBA76p88>
Subject: Re: [Suit] SUIT Charter: Firmware Server Discovery and Download Mechanism
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Nov 2017 23:50:56 -0000

--94eb2c1497ca72a404055e9afde5
Content-Type: text/plain; charset="UTF-8"

Hi Micheal,

 My thinking was same on not inventing new mechanism and re-use existing
ones.

Cheers
Suhas

On Wed, Nov 22, 2017 at 3:46 PM, Michael Richardson <mcr+ietf@sandelman.ca>
wrote:

>
> Suhas Nandakumar <suhasietf@gmail.com> wrote:
>     > I would like to propose following addition to the above list
>
>     > *   Mechanisms to discover new firmware is available and the location
>     > to download it from
>
> I'm actually okay with this in the charter, provided that we don't invent
> anything new.   I can imagine doint this with CoAP OBSERVE, DNS-SD, HTTP
> requests,
> and I'm sure I'll think of four more in a minute.
>
> --
> Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
>  -= IPv6 IoT consulting =-
>
>
>
>

--94eb2c1497ca72a404055e9afde5
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Hi Micheal,<div><br></div><div>=C2=A0My thinking was same =
on not inventing new mechanism and re-use existing ones.</div><div><br></di=
v><div>Cheers</div><div>Suhas<br><div class=3D"gmail_extra"><br><div class=
=3D"gmail_quote">On Wed, Nov 22, 2017 at 3:46 PM, Michael Richardson <span =
dir=3D"ltr">&lt;<a href=3D"mailto:mcr+ietf@sandelman.ca" target=3D"_blank">=
mcr+ietf@sandelman.ca</a>&gt;</span> wrote:<br><blockquote class=3D"gmail_q=
uote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1e=
x"><span class=3D""><br>
Suhas Nandakumar &lt;<a href=3D"mailto:suhasietf@gmail.com">suhasietf@gmail=
.com</a>&gt; wrote:<br>
=C2=A0 =C2=A0 &gt; I would like to propose following addition to the above =
list<br>
<br>
</span>=C2=A0 =C2=A0 &gt; *=C2=A0 =C2=A0Mechanisms to discover new firmware=
 is available and the location<br>
=C2=A0 =C2=A0 &gt; to download it from<br>
<br>
I&#39;m actually okay with this in the charter, provided that we don&#39;t =
invent<br>
anything new.=C2=A0 =C2=A0I can imagine doint this with CoAP OBSERVE, DNS-S=
D, HTTP requests,<br>
and I&#39;m sure I&#39;ll think of four more in a minute.<br>
<br>
--<br>
Michael Richardson &lt;<a href=3D"mailto:mcr%2BIETF@sandelman.ca">mcr+IETF@=
sandelman.ca</a>&gt;, Sandelman Software Works<br>
=C2=A0-=3D IPv6 IoT consulting =3D-<br>
<br>
<br>
<br>
</blockquote></div><br></div></div></div>

--94eb2c1497ca72a404055e9afde5--


From nobody Wed Nov 22 23:31:04 2017
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 201F4129C6F for <suit@ietfa.amsl.com>; Wed, 22 Nov 2017 23:31:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.92
X-Spam-Level: 
X-Spam-Status: No, score=-1.92 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PYopQ2dvC63p for <suit@ietfa.amsl.com>; Wed, 22 Nov 2017 23:30:59 -0800 (PST)
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-ve1eur01on0070.outbound.protection.outlook.com [104.47.1.70]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 03A4E124239 for <suit@ietf.org>; Wed, 22 Nov 2017 23:30:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=G/wUlgBJfa1ULCHfd8uZcl8QpSXhS8Z8y1AlUZR8+TY=; b=P/OTt1RExt/BhCPWwazCQ87s79B9oFYbf6uVqwl1dRh29rJ5BTKR20jbGDnlANk7RGUTZC5hSN1sY9d4fRJywJVOzxDzDqzch6b42jeiEK6JS8R+6Hsw+MkSnrqALDM0/jw13e/GJ0Wevlx84CRz3OhWOBNtV4VKKc/+sc52etw=
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com (10.167.90.148) by AM4PR0801MB2707.eurprd08.prod.outlook.com (10.167.90.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.239.5; Thu, 23 Nov 2017 07:30:56 +0000
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::edae:da33:a0c9:fe3f]) by AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::edae:da33:a0c9:fe3f%13]) with mapi id 15.20.0239.009; Thu, 23 Nov 2017 07:30:56 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Suhas Nandakumar <suhasietf@gmail.com>, "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] Suit Charter: Working Group Objectives - Another Try
Thread-Index: AQHTY+s1BVnIngppoEiBHljPC/qEvaMhkQPw
Date: Thu, 23 Nov 2017 07:30:56 +0000
Message-ID: <AM4PR0801MB27063101E53AA1E2F7FEB55BFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
References: <CAMRcRGQDRiz8f4bib6mveDQ0R2Jzn4bQytDrxTxypkU9vTC5Qg@mail.gmail.com>
In-Reply-To: <CAMRcRGQDRiz8f4bib6mveDQ0R2Jzn4bQytDrxTxypkU9vTC5Qg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [80.92.114.7]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM4PR0801MB2707; 6:D5XYbdO0gpJYvM9ec6+jtI2uZgGlKA59NLjCaIvhzIWeXN55bOtG+feItu94mnJB/pzWR4mSrG6btMFYf6/42LwntSYoHTqujbcHKFxIazRmvcb7Vo3TsH4sYMrthGl9L+q3sUS20XBXseHWjRlMJEajqskofHGDu4BGcQtRuqOEthHLunoe8u2YenwHL+S91uBiznNT5Mc7bIVHbkMqbfkywTttoDKNDpE+Poj1ceWOwai2CSFG61sobpyEpIGWKEBTe5mzja8c8kvopdq/qihrElb3FRu0WPVcMnU1GvOEDrKBr5PDdmnZW35MnJ9VjpZOSsrOcwes8DAWvxRudI2ZF/df7Lmv1WjEO53H3JI=; 5:muoHYw+9gGRpzivtJIHJnV9/NfSolyIosHegXmgjknQ9Yx00HYMXjIeflVD29wMBy/XK713WCWjGg1fJHdw3cgd5+QSD3FFey3GET9vI9QTC41rKhY+liHDDTTY7Tng0eG9bgsEPwd0P8QXbdaIn4ZsJl0fSGsbcObv+6nsL/uU=; 24:h+IjYaYJCH+A4HKpRmp8MB2PhpPnGMN/Y1fgSppxnsrvFzrBrqpe6EkaYmDeq5G0RHcsXnrC6iFsCB35fABBTEW8cXLqdckGY8R44y+treM=; 7:O61IMZ0xFgyE5ulMBZ/sKsle/xJnkgY+aGDJP6zAcr3q3i+W/3IvfAPjKO7OI2ksUY+ncuRVrWaTYl3JSjvMgQ1QrVv4jrvKgzHJOSSSpQ6+zE/oJKBpcO81b7JZ2V4xQPnkT9lW616Bf3oxCAqX7EXo9gc3KONWC8FBshyc0NHk+xI8qBZyRpQfaUH4rwGHiT91ukm15SAmF+aP3mJi8cRoag0Y/l/DpNMDLiM6fJKOIYhE+wzbWhwq6Y6KuaZd
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 8e136bbc-7102-4963-4340-08d532442294
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(5600022)(4604075)(48565401081)(2017052603258); SRVR:AM4PR0801MB2707; 
x-ms-traffictypediagnostic: AM4PR0801MB2707:
x-microsoft-antispam-prvs: <AM4PR0801MB270791F6299CC7570E7E5483FA210@AM4PR0801MB2707.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(192374486261705)(131327999870524)(227612066756510)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(93006095)(93001095)(3002001)(3231022)(100000703101)(100105400095)(10201501046)(6055026)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(20161123558100)(20161123564025)(20161123562025)(20161123555025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:AM4PR0801MB2707; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:AM4PR0801MB2707; 
x-forefront-prvs: 05009853EF
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(366004)(346002)(39860400002)(376002)(40434004)(199003)(53754006)(189002)(86362001)(5890100001)(2950100002)(53546010)(2501003)(53936002)(110136005)(3280700002)(6306002)(54896002)(97736004)(14454004)(9686003)(316002)(229853002)(9326002)(68736007)(8936002)(3660700001)(6246003)(2906002)(66066001)(3846002)(478600001)(101416001)(790700001)(102836003)(106356001)(6116002)(105586002)(2900100001)(5250100002)(76176999)(50986999)(54356999)(39060400002)(6506006)(8676002)(99286004)(72206003)(33656002)(5660300001)(81156014)(81166006)(55016002)(7696004)(7736002)(189998001)(25786009)(74316002)(6436002); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR0801MB2707; H:AM4PR0801MB2706.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com; 
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_AM4PR0801MB27063101E53AA1E2F7FEB55BFA210AM4PR0801MB2706_"
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 8e136bbc-7102-4963-4340-08d532442294
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Nov 2017 07:30:56.1318 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0801MB2707
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/BuxbfXD8kLxWZoBPuenCgh4Ulak>
Subject: Re: [Suit] Suit Charter: Working Group Objectives - Another Try
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Nov 2017 07:31:02 -0000

--_000_AM4PR0801MB27063101E53AA1E2F7FEB55BFA210AM4PR0801MB2706_
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64

SGkgU3VoYXMsDQoNClRoZSBwcmV2aW91cyBjaGFydGVyIHRleHQgZGlkIG5vdCBzZXBhcmF0ZSBy
ZXF1aXJlbWVudHMgZnJvbSB0aGUgYXJjaGl0ZWN0dXJlLiBUaGF0IHdhcyBkb25lIGludGVudGlv
bmFsbHkgc2luY2UgcmVxdWlyZW1lbnRzIG9uIHRoZWlyIG93biBoYXZlIHR1cm5lZCBvdXQgdG8g
YmUgcHJldHR5IG1lYW5pbmdsZXNzLiBGb3IgdGhpcyByZWFzb24gdGhlIElFU0cgaGFzIGJlZW4g
cHVzaGluZyBiYWNrIG9uIHB1cmUgcmVxdWlyZW1lbnRzIGRvY3VtZW50cy4NCg0KUmVnYXJkaW5n
IHRoZSBkYXRhIG1vZGVsIGRlcGVuZGluZyBvbiBob3cgeW91IHJlYWQgUkZDIDM0NDQsIHdoaWNo
IGRlZmluZXMgdGhlIGRpZmZlcmVuY2UgYmV0d2VlbiBhIGRhdGEgbW9kZWwgYW5kIGFuIGluZm9y
bWF0aW9uIG1vZGVsLCBhIGRhdGEgbW9kZWwgbWF5IGFscmVhZHkgcHJvdmlkZSB0aGUgZW5jb2Rp
bmcgZm9ybWF0LiBIZW5jZSwgSSBwcmVmZXIgdG8gYXZvaWQgdGhlIHRlcm0gZGF0YSBtb2RlbCBh
bHRvZ2V0aGVyIGFuZCBqdXN0IHNheSDigJxEb2N1bWVudCB0aGF0IGNhcHR1cmVzIG1ldGFkYXRh
IGFuZCBzZWN1cml0eSBwcm9wZXJ0aWVzIGFib3V0IHRoZSBmaXJtd2FyZSBpbiB0aGUgZm9ybSBv
ZiBhIG1hbmlmZXN0LuKAnQ0KDQpDaWFvDQpIYW5uZXMNCg0KRnJvbTogU3VpdCBbbWFpbHRvOnN1
aXQtYm91bmNlc0BpZXRmLm9yZ10gT24gQmVoYWxmIE9mIFN1aGFzIE5hbmRha3VtYXINClNlbnQ6
IDIzIE5vdmVtYmVyIDIwMTcgMDA6NDANClRvOiBzdWl0QGlldGYub3JnDQpTdWJqZWN0OiBbU3Vp
dF0gU3VpdCBDaGFydGVyOiBXb3JraW5nIEdyb3VwIE9iamVjdGl2ZXMgLSBBbm90aGVyIFRyeQ0K
DQoNCkhlbGxvIEFsbA0KDQpUaGUgY3VycmVudCBjaGFydGVyIGhhcyBmb2xsb3dpbmcgdGV4dCBv
biB0aGUgZGVsaXZlcmFibGVzIGZvciB0aGlzIHdvcmtpbmcgZ3JvdXAuIEhhdmluZyBleHBsaWNp
dGx5IGxpc3Rpbmcgb3V0IG9mIHRoZSBvYmplY3RpdmVzIG1pZ2h0IGJlIHJlYWxseSBoZWxwZnVs
IGhlcmUuDQoNCkFsc28gdGhlIGN1cnJlbnQgdGV4dCBtaXNzZXMgZWxlbWVudHMgb24gZmlybXdh
cmUgc2VydmVyIGRpc2NvdmVyeSB0aGF0IGdhdGhlcmVkIHN1cHBvcnQgZHVyaW5nIHRoZSBCT0Yg
ZGlzY3Vzc2lvbnMgYXMgc2VlbiBpbiB0aGUgY3VycmVudCBjaGFydGVyIHRleHQNCg0KIiIiDQoN
CkluIHBhcnRpY3VsYXIgdGhpcyBncm91cCBhaW1zIHRvIHB1Ymxpc2ggc2V2ZXJhbCBkb2N1bWVu
dHMsIG5hbWVseToNCg0KLSBBbiBJb1QgZmlybXdhcmUgdXBkYXRlIGFyY2hpdGVjdHVyZSB0aGF0
IGluY2x1ZGVzIGEgZGVzY3JpcHRpb24gb2YgdGhlIGludm9sdmVkIGVudGl0aWVzLCBzZWN1cml0
eSB0aHJlYXRzLCBhbmQgYXNzdW1wdGlvbnMuDQoNCi0gT25lIG9yIG1vcmUgbWFuaWZlc3QgZm9y
bWF0IHNwZWNpZmljYXRpb25zLuKAnQ0KDQogIiIiDQoNCkJlbG93IChpbiBpdGFsaWNpemVkKSBp
cyBhbiBhbiBhdHRlbXB0IHRvIGhlbHAgY2xhcmlmeSB0aGUgV0cgb2JqZWN0aXZlcy4gUGxlYXNl
IGxldCBtZSBrbm93IHlvdXIgdGhvdWdodHMuDQoNCg0KDQpUaGlzIFdHIHdpbGwgd29yayBvbiBk
ZXZlbG9waW5nIGFuIGludGVyb3BlcmFibGUgc2VjdXJlIGZpcm13YXJlIHVwZ3JhZGUgc29sdXRp
b24gZm9yIElvVCBkZXZpY2VzIHRoYXQgYXJlIGNvbnN0cmFpbmVkIGluIHRoZWlyIHJlc291cmNl
cyAoc3VjaCBhcyBSQU0sIEZsYXNoKS4gVGhlIHNvbHV0aW9uIG11c3QgZW5hYmxlIGZpcm13YXJl
IHVwZ3JhZGVzIGZvciB0aGUgSW9UIGRldmljZXMgdW5kZXIgdmFyaW91cyBkZXBsb3ltZW50IG9w
dGlvbnMgKHN1Y2ggYXMsIGRlcGxveW1lbnRzIHVuZGVyIGNvbnN0cmFpbmVkIG5ldHdvcmsgYWNj
ZXNzIHR5cGljYWxseSBjb250cm9sbGVkIGJ5IGFuIEVudGVycHJpc2UgSVQgZGVwYXJ0bWVudCBv
ciBmYWN0b3J5IE9UIGdyb3VwIGFzIHdlbGwgYXMgd2l0aCBvcGVuIEludGVybmV0IGFjY2VzcyBk
ZXBsb3ltZW50cykuDQoNCkFuIGV4dGVuc2libGUgbWFuaWZlc3QgZm9ybWF0IHRvIGRlc2NyaWJl
IG1ldGFkYXRhIGFib3V0IHRoZSBmaXJtd2FyZSBhbmQgaXRzIHNlY3VyaXR5IHByb3BlcnRpZXMg
d2lsbCBiZSBkZXZlbG9wZWQgYnkgdGhpcyBXRy4gVGhlIHdvcmtpbmcgZ3JvdXAgd2lsbCBhbHNv
IGRldmVsb3AgYW5kIGFyY2hpdGVjdCBzb2x1dGlvbiB0aGF0IGVuYWJsZSB0aGUgSW9UIGRldmlj
ZXMgdG8gbG9jYXRlIHRoZSBmaXJtd2FyZSB1cGRhdGUgc2VydmVyIChhbmQgbWFuaWZlc3QpIHZp
YSBleGlzdGluZyB0cmFuc3BvcnQgcHJvdG9jb2wgbWVjaGFuaXNtcy4NCg0KSW4gcGFydGljdWxh
ciwgdGhpcyBXRyB3aWxsIHBlcmZvcm0gdGhlIGZvbGxvd2luZyB3b3JrOg0KDQrCtyAgICAgICBE
b2N1bWVudCB0aGF0IGRlZmluZXMgdGhlIHJlcXVpcmVtZW50cyBmb3Igc2VjdXJlIGZpcm13YXJl
IHVwZ3JhZGUgc29sdXRpb24uDQoNCsK3ICAgICAgIERlZmluZSBhIGdlbmVyYWwgYXJjaGl0ZWN0
dXJlIHRoYXQgZW5hYmxlcyBzZWN1cmUgSW9UIGZpcm13YXJlIHVwZ3JhZGUgZGVzY3JpYmluZyBp
bnZvbHZlZCBlbGVtZW50cywgc2VjdXJpdHkgdGhyZWF0cywgdXBkYXRlIHNlcnZlciBkaXNjb3Zl
cnkgYW5kIGFzc3VtcHRpb25zLg0KDQrCtyAgICAgICBEb2N1bWVudCB0aGF0IGRlc2NyaWJlcyB0
aGUgZGF0YSBtb2RlbCAgdGhhdCBjYXB0dXJlcyBtZXRhZGF0YSBhbmQgc2VjdXJpdHkgcHJvcGVy
dGllcyBhYm91dCB0aGUgZmlybXdhcmUgaW4gdGhlIGZvcm0gb2YgYSBtYW5pZmVzdC4NCg0Kwrcg
ICAgICAgRGVmaW5lIG9uZSBvciBtb3JlIGVuY29kaW5nIGZvcm1hdHMgZm9yIHRoZSBtYW5pZmVz
dC4NCg0KwrcgICAgICAgRG9jdW1lbnQgZGVzY3JpYmluZyB1c2Ugb2YgZXhpc3RpbmcgdHJhbnNw
b3J0IGFuZCBwcm90b2NvbCBtZWNoYW5pc21zIHRvIGxvY2F0ZSBhbmQgZG93bmxvYWQgdGhlIGZp
cm13YXJlLg0KDQrCtyAgICAgICBBIGJlc3QgY3VycmVudCBwcmFjdGljZXMgZG9jdW1lbnQgdGhh
dCBkZWZpbmVzIGZpcm13YXJlIGluc3RhbGxhdGlvbiBwcm9jZXNzIG9uIHRoZSBJb1QgZGV2aWNl
Lg0KDQpJIGJlbGlldmUgc29tZXRoaW5nIG9uIHRoZSBzaW1pbGFyIGxpbmVzIGNsZWFybHkgaWRl
bnRpZmllcyB0aGUgd29ya2luZyBvYmplY3RpdmVzIGFuZCBkZWxpdmVyYWJsZXMgZm9yIHRoaXMg
ZWZmb3J0Lg0KDQpDaGVlcnMNClN1aGFzIE5hbmRha3VtYXINCg0KSU1QT1JUQU5UIE5PVElDRTog
VGhlIGNvbnRlbnRzIG9mIHRoaXMgZW1haWwgYW5kIGFueSBhdHRhY2htZW50cyBhcmUgY29uZmlk
ZW50aWFsIGFuZCBtYXkgYWxzbyBiZSBwcml2aWxlZ2VkLiBJZiB5b3UgYXJlIG5vdCB0aGUgaW50
ZW5kZWQgcmVjaXBpZW50LCBwbGVhc2Ugbm90aWZ5IHRoZSBzZW5kZXIgaW1tZWRpYXRlbHkgYW5k
IGRvIG5vdCBkaXNjbG9zZSB0aGUgY29udGVudHMgdG8gYW55IG90aGVyIHBlcnNvbiwgdXNlIGl0
IGZvciBhbnkgcHVycG9zZSwgb3Igc3RvcmUgb3IgY29weSB0aGUgaW5mb3JtYXRpb24gaW4gYW55
IG1lZGl1bS4gVGhhbmsgeW91Lg0K

--_000_AM4PR0801MB27063101E53AA1E2F7FEB55BFA210AM4PR0801MB2706_
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: base64

PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy
bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt
YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj
cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv
VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg
Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv
ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTQgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl
PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6
V2luZ2RpbmdzOw0KCXBhbm9zZS0xOjUgMCAwIDAgMCAwIDAgMCAwIDA7fQ0KQGZvbnQtZmFjZQ0K
CXtmb250LWZhbWlseTpXaW5nZGluZ3M7DQoJcGFub3NlLTE6NSAwIDAgMCAwIDAgMCAwIDAgMDt9
DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OkNhbGlicmk7DQoJcGFub3NlLTE6MiAxNSA1IDIg
MiAyIDQgMyAyIDQ7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseTpUYWhvbWE7DQoJcGFub3Nl
LTE6MiAxMSA2IDQgMyA1IDQgNCAyIDQ7fQ0KLyogU3R5bGUgRGVmaW5pdGlvbnMgKi8NCnAuTXNv
Tm9ybWFsLCBsaS5Nc29Ob3JtYWwsIGRpdi5Nc29Ob3JtYWwNCgl7bWFyZ2luOjBjbTsNCgltYXJn
aW4tYm90dG9tOi4wMDAxcHQ7DQoJZm9udC1zaXplOjEyLjBwdDsNCglmb250LWZhbWlseToiVGlt
ZXMgTmV3IFJvbWFuIiwic2VyaWYiO30NCmE6bGluaywgc3Bhbi5Nc29IeXBlcmxpbmsNCgl7bXNv
LXN0eWxlLXByaW9yaXR5Ojk5Ow0KCWNvbG9yOmJsdWU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVy
bGluZTt9DQphOnZpc2l0ZWQsIHNwYW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQNCgl7bXNvLXN0eWxl
LXByaW9yaXR5Ojk5Ow0KCWNvbG9yOnB1cnBsZTsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5l
O30NCnANCgl7bXNvLXN0eWxlLXByaW9yaXR5Ojk5Ow0KCW1zby1tYXJnaW4tdG9wLWFsdDphdXRv
Ow0KCW1hcmdpbi1yaWdodDowY207DQoJbXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG87DQoJbWFy
Z2luLWxlZnQ6MGNtOw0KCWZvbnQtc2l6ZToxMi4wcHQ7DQoJZm9udC1mYW1pbHk6IlRpbWVzIE5l
dyBSb21hbiIsInNlcmlmIjt9DQpzcGFuLkVtYWlsU3R5bGUxOA0KCXttc28tc3R5bGUtdHlwZTpw
ZXJzb25hbC1yZXBseTsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsInNhbnMtc2VyaWYiOw0KCWNv
bG9yOiMxRjQ5N0Q7fQ0KLk1zb0NocERlZmF1bHQNCgl7bXNvLXN0eWxlLXR5cGU6ZXhwb3J0LW9u
bHk7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLCJzYW5zLXNlcmlmIjsNCgltc28tZmFyZWFzdC1s
YW5ndWFnZTpFTi1VUzt9DQpAcGFnZSBXb3JkU2VjdGlvbjENCgl7c2l6ZTo2MTIuMHB0IDc5Mi4w
cHQ7DQoJbWFyZ2luOjcyLjBwdCA3Mi4wcHQgNzIuMHB0IDcyLjBwdDt9DQpkaXYuV29yZFNlY3Rp
b24xDQoJe3BhZ2U6V29yZFNlY3Rpb24xO30NCi8qIExpc3QgRGVmaW5pdGlvbnMgKi8NCkBsaXN0
IGwwDQoJe21zby1saXN0LWlkOjEzOTg2Njk1NjU7DQoJbXNvLWxpc3QtdGVtcGxhdGUtaWRzOjEw
NjkwODMxNDY7fQ0KQGxpc3QgbDA6bGV2ZWwxDQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1
bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgrc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjM2LjBwdDsN
Cgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsN
Cgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OlN5bWJvbDt9DQpAbGlz
dCBsMDpsZXZlbDINCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZl
bC10ZXh0Om87DQoJbXNvLWxldmVsLXRhYi1zdG9wOjcyLjBwdDsNCgltc28tbGV2ZWwtbnVtYmVy
LXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCgltc28tYW5zaS1mb250LXNp
emU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDb3VyaWVyIE5ldyI7DQoJbXNvLWJpZGktZm9udC1m
YW1pbHk6IlRpbWVzIE5ldyBSb21hbiI7fQ0KQGxpc3QgbDA6bGV2ZWwzDQoJe21zby1sZXZlbC1u
dW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxldmVsLXRh
Yi1zdG9wOjEwOC4wcHQ7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQt
aW5kZW50Oi0xOC4wcHQ7DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWls
eTpXaW5nZGluZ3M7fQ0KQGxpc3QgbDA6bGV2ZWw0DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0
OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjE0NC4w
cHQ7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0xOC4w
cHQ7DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7
fQ0KQGxpc3QgbDA6bGV2ZWw1DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCglt
c28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjE4MC4wcHQ7DQoJbXNvLWxl
dmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7DQoJbXNvLWFu
c2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxpc3QgbDA6
bGV2ZWw2DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4
dDrvgqc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjIxNi4wcHQ7DQoJbXNvLWxldmVsLW51bWJlci1w
b3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7DQoJbXNvLWFuc2ktZm9udC1zaXpl
OjEwLjBwdDsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxpc3QgbDA6bGV2ZWw3DQoJe21z
by1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNv
LWxldmVsLXRhYi1zdG9wOjI1Mi4wcHQ7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0
Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglm
b250LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxpc3QgbDA6bGV2ZWw4DQoJe21zby1sZXZlbC1udW1i
ZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxldmVsLXRhYi1z
dG9wOjI4OC4wcHQ7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5k
ZW50Oi0xOC4wcHQ7DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpX
aW5nZGluZ3M7fQ0KQGxpc3QgbDA6bGV2ZWw5DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1
bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjMyNC4wcHQ7
DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7
DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0K
b2wNCgl7bWFyZ2luLWJvdHRvbTowY207fQ0KdWwNCgl7bWFyZ2luLWJvdHRvbTowY207fQ0KLS0+
PC9zdHlsZT48IS0tW2lmIGd0ZSBtc28gOV0+PHhtbD4NCjxvOnNoYXBlZGVmYXVsdHMgdjpleHQ9
ImVkaXQiIHNwaWRtYXg9IjEwMjYiIC8+DQo8L3htbD48IVtlbmRpZl0tLT48IS0tW2lmIGd0ZSBt
c28gOV0+PHhtbD4NCjxvOnNoYXBlbGF5b3V0IHY6ZXh0PSJlZGl0Ij4NCjxvOmlkbWFwIHY6ZXh0
PSJlZGl0IiBkYXRhPSIxIiAvPg0KPC9vOnNoYXBlbGF5b3V0PjwveG1sPjwhW2VuZGlmXS0tPg0K
PC9oZWFkPg0KPGJvZHkgbGFuZz0iRU4tR0IiIGxpbms9ImJsdWUiIHZsaW5rPSJwdXJwbGUiPg0K
PGRpdiBjbGFzcz0iV29yZFNlY3Rpb24xIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0
eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1
b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojMUY0OTdEIj5IaSBTdWhhcywNCjxvOnA+PC9vOnA+
PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6
MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZx
dW90Oztjb2xvcjojMUY0OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFz
cz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTom
cXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6IzFGNDk3RCI+
VGhlIHByZXZpb3VzIGNoYXJ0ZXIgdGV4dCBkaWQgbm90IHNlcGFyYXRlIHJlcXVpcmVtZW50cyBm
cm9tIHRoZSBhcmNoaXRlY3R1cmUuIFRoYXQgd2FzIGRvbmUgaW50ZW50aW9uYWxseSBzaW5jZSBy
ZXF1aXJlbWVudHMgb24gdGhlaXIgb3duIGhhdmUgdHVybmVkIG91dCB0bw0KIGJlIHByZXR0eSBt
ZWFuaW5nbGVzcy4gRm9yIHRoaXMgcmVhc29uIHRoZSBJRVNHIGhhcyBiZWVuIHB1c2hpbmcgYmFj
ayBvbiBwdXJlIHJlcXVpcmVtZW50cyBkb2N1bWVudHMuDQo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+
DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250
LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6
IzFGNDk3RCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1h
bCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJy
aSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPlJlZ2FyZGluZyB0
aGUgZGF0YSBtb2RlbCBkZXBlbmRpbmcgb24gaG93IHlvdSByZWFkIFJGQyAzNDQ0LCB3aGljaCBk
ZWZpbmVzIHRoZSBkaWZmZXJlbmNlIGJldHdlZW4gYSBkYXRhIG1vZGVsIGFuZCBhbiBpbmZvcm1h
dGlvbiBtb2RlbCwgYSBkYXRhIG1vZGVsIG1heSBhbHJlYWR5DQogcHJvdmlkZSB0aGUgZW5jb2Rp
bmcgZm9ybWF0LiBIZW5jZSwgSSBwcmVmZXIgdG8gYXZvaWQgdGhlIHRlcm0gZGF0YSBtb2RlbCBh
bHRvZ2V0aGVyIGFuZCBqdXN0IHNheSDigJxEb2N1bWVudCB0aGF0IGNhcHR1cmVzIG1ldGFkYXRh
IGFuZCBzZWN1cml0eSBwcm9wZXJ0aWVzIGFib3V0IHRoZSBmaXJtd2FyZSBpbiB0aGUgZm9ybSBv
ZiBhIG1hbmlmZXN0LuKAnTxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3Jt
YWwiPjxhIG5hbWU9Il9NYWlsRW5kQ29tcG9zZSI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4w
cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7
O2NvbG9yOiMxRjQ5N0QiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvYT48L3A+DQo8cCBjbGFz
cz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTom
cXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6IzFGNDk3RCI+
Q2lhbzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0
eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1
b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojMUY0OTdEIj5IYW5uZXM8bzpwPjwvbzpwPjwvc3Bh
bj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBw
dDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7
Y29sb3I6IzFGNDk3RCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1z
b05vcm1hbCI+PGI+PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJmb250LXNpemU6MTAuMHB0O2Zv
bnQtZmFtaWx5OiZxdW90O1RhaG9tYSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij5Gcm9t
Ojwvc3Bhbj48L2I+PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJmb250LXNpemU6MTAuMHB0O2Zv
bnQtZmFtaWx5OiZxdW90O1RhaG9tYSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij4gU3Vp
dCBbbWFpbHRvOnN1aXQtYm91bmNlc0BpZXRmLm9yZ10NCjxiPk9uIEJlaGFsZiBPZiA8L2I+U3Vo
YXMgTmFuZGFrdW1hcjxicj4NCjxiPlNlbnQ6PC9iPiAyMyBOb3ZlbWJlciAyMDE3IDAwOjQwPGJy
Pg0KPGI+VG86PC9iPiBzdWl0QGlldGYub3JnPGJyPg0KPGI+U3ViamVjdDo8L2I+IFtTdWl0XSBT
dWl0IENoYXJ0ZXI6IFdvcmtpbmcgR3JvdXAgT2JqZWN0aXZlcyAtIEFub3RoZXIgVHJ5PG86cD48
L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48
L3A+DQo8ZGl2Pg0KPHAgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDowY207bWFyZ2luLXJpZ2h0
OjBjbTttYXJnaW4tYm90dG9tOjguMHB0O21hcmdpbi1sZWZ0OjBjbSI+DQo8c3BhbiBzdHlsZT0i
Zm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtBcmlhbCZxdW90OywmcXVvdDtzYW5z
LXNlcmlmJnF1b3Q7Ij5IZWxsbyBBbGw8L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBzdHlsZT0i
bXNvLW1hcmdpbi10b3AtYWx0OjBjbTttYXJnaW4tcmlnaHQ6MGNtO21hcmdpbi1ib3R0b206OC4w
cHQ7bWFyZ2luLWxlZnQ6MGNtIj4NCjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQt
ZmFtaWx5OiZxdW90O0FyaWFsJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPlRoZSBjdXJy
ZW50IGNoYXJ0ZXIgaGFzIGZvbGxvd2luZyB0ZXh0IG9uIHRoZSBkZWxpdmVyYWJsZXMgZm9yIHRo
aXMgd29ya2luZyBncm91cC4gSGF2aW5nIGV4cGxpY2l0bHkgbGlzdGluZyBvdXQgb2YgdGhlIG9i
amVjdGl2ZXMgbWlnaHQgYmUgcmVhbGx5IGhlbHBmdWwgaGVyZS4NCjwvc3Bhbj48bzpwPjwvbzpw
PjwvcD4NCjxwIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6MGNtO21hcmdpbi1yaWdodDowY207
bWFyZ2luLWJvdHRvbTo4LjBwdDttYXJnaW4tbGVmdDowY20iPg0KPHNwYW4gc3R5bGU9ImZvbnQt
c2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7QXJpYWwmcXVvdDssJnF1b3Q7c2Fucy1zZXJp
ZiZxdW90OyI+QWxzbyB0aGUgY3VycmVudCB0ZXh0IG1pc3NlcyBlbGVtZW50cyBvbiBmaXJtd2Fy
ZSBzZXJ2ZXIgZGlzY292ZXJ5IHRoYXQgZ2F0aGVyZWQgc3VwcG9ydCBkdXJpbmcgdGhlIEJPRiBk
aXNjdXNzaW9ucyBhcyBzZWVuIGluIHRoZSBjdXJyZW50IGNoYXJ0ZXIgdGV4dDwvc3Bhbj48bzpw
PjwvbzpwPjwvcD4NCjxwIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6MGNtO21hcmdpbi1yaWdo
dDowY207bWFyZ2luLWJvdHRvbTo4LjBwdDttYXJnaW4tbGVmdDowY20iPg0KPHNwYW4gc3R5bGU9
ImZvbnQtc2l6ZToxMS41cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7QXJpYWwmcXVvdDssJnF1b3Q7c2Fu
cy1zZXJpZiZxdW90OyI+JnF1b3Q7JnF1b3Q7JnF1b3Q7PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0K
PHAgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDowY207bWFyZ2luLXJpZ2h0OjBjbTttYXJnaW4t
Ym90dG9tOjguMHB0O21hcmdpbi1sZWZ0OjBjbSI+DQo8c3BhbiBzdHlsZT0iZm9udC1zaXplOjEx
LjVwdDtmb250LWZhbWlseTomcXVvdDtBcmlhbCZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7
Ij5JbiBwYXJ0aWN1bGFyIHRoaXMgZ3JvdXAgYWltcyB0byBwdWJsaXNoIHNldmVyYWwgZG9jdW1l
bnRzLCBuYW1lbHk6PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgc3R5bGU9Im1zby1tYXJnaW4t
dG9wLWFsdDowY207bWFyZ2luLXJpZ2h0OjBjbTttYXJnaW4tYm90dG9tOjguMHB0O21hcmdpbi1s
ZWZ0OjBjbSI+DQo8c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjVwdDtmb250LWZhbWlseTomcXVv
dDtBcmlhbCZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij4tIEFuIElvVCBmaXJtd2FyZSB1
cGRhdGUgYXJjaGl0ZWN0dXJlIHRoYXQgaW5jbHVkZXMgYSBkZXNjcmlwdGlvbiBvZiB0aGUgaW52
b2x2ZWQgZW50aXRpZXMsIHNlY3VyaXR5IHRocmVhdHMsIGFuZCBhc3N1bXB0aW9ucy48L3NwYW4+
PG86cD48L286cD48L3A+DQo8cCBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OjBjbTttYXJnaW4t
cmlnaHQ6MGNtO21hcmdpbi1ib3R0b206OC4wcHQ7bWFyZ2luLWxlZnQ6MGNtIj4NCjxzcGFuIHN0
eWxlPSJmb250LXNpemU6MTEuNXB0O2ZvbnQtZmFtaWx5OiZxdW90O0FyaWFsJnF1b3Q7LCZxdW90
O3NhbnMtc2VyaWYmcXVvdDsiPi0gT25lIG9yIG1vcmUgbWFuaWZlc3QgZm9ybWF0IHNwZWNpZmlj
YXRpb25zLuKAnTwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIHN0eWxlPSJtc28tbWFyZ2luLXRv
cC1hbHQ6MGNtO21hcmdpbi1yaWdodDowY207bWFyZ2luLWJvdHRvbTo4LjBwdDttYXJnaW4tbGVm
dDowY20iPg0KJm5ic3A7JnF1b3Q7JnF1b3Q7JnF1b3Q7PG86cD48L286cD48L3A+DQo8cCBzdHls
ZT0ibXNvLW1hcmdpbi10b3AtYWx0OjBjbTttYXJnaW4tcmlnaHQ6MGNtO21hcmdpbi1ib3R0b206
OC4wcHQ7bWFyZ2luLWxlZnQ6MGNtIj4NCjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuNXB0O2Zv
bnQtZmFtaWx5OiZxdW90O0FyaWFsJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPkJlbG93
IChpbiBpdGFsaWNpemVkKSBpcyBhbiBhbiBhdHRlbXB0IHRvIGhlbHAgY2xhcmlmeSB0aGUgV0cg
b2JqZWN0aXZlcy4gUGxlYXNlIGxldCBtZSBrbm93IHlvdXIgdGhvdWdodHMuPC9zcGFuPjxvOnA+
PC9vOnA+PC9wPg0KPHAgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDowY207bWFyZ2luLXJpZ2h0
OjBjbTttYXJnaW4tYm90dG9tOjguMHB0O21hcmdpbi1sZWZ0OjBjbSI+DQombmJzcDs8bzpwPjwv
bzpwPjwvcD4NCjxwIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6MGNtO21hcmdpbi1yaWdodDow
Y207bWFyZ2luLWJvdHRvbTo4LjBwdDttYXJnaW4tbGVmdDowY20iPg0KPGk+PHNwYW4gc3R5bGU9
ImZvbnQtZmFtaWx5OiZxdW90O0FyaWFsJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29s
b3I6IzI0MjkyRSI+VGhpcyBXRyB3aWxsIHdvcmsgb24gZGV2ZWxvcGluZyBhbiBpbnRlcm9wZXJh
YmxlIHNlY3VyZSBmaXJtd2FyZSB1cGdyYWRlIHNvbHV0aW9uIGZvciBJb1QgZGV2aWNlcyB0aGF0
IGFyZSBjb25zdHJhaW5lZCBpbiB0aGVpciByZXNvdXJjZXMgKHN1Y2ggYXMgUkFNLCBGbGFzaCku
IFRoZSBzb2x1dGlvbiBtdXN0IGVuYWJsZSBmaXJtd2FyZQ0KIHVwZ3JhZGVzIGZvciB0aGUgSW9U
IGRldmljZXMgdW5kZXIgdmFyaW91cyBkZXBsb3ltZW50IG9wdGlvbnMgKHN1Y2ggYXMsIGRlcGxv
eW1lbnRzIHVuZGVyIGNvbnN0cmFpbmVkIG5ldHdvcmsgYWNjZXNzIHR5cGljYWxseSBjb250cm9s
bGVkIGJ5IGFuIEVudGVycHJpc2UgSVQgZGVwYXJ0bWVudCBvciBmYWN0b3J5IE9UIGdyb3VwIGFz
IHdlbGwgYXMgd2l0aCBvcGVuIEludGVybmV0IGFjY2VzcyBkZXBsb3ltZW50cykuPC9zcGFuPjwv
aT48bzpwPjwvbzpwPjwvcD4NCjxwIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6MGNtO21hcmdp
bi1yaWdodDowY207bWFyZ2luLWJvdHRvbTo4LjBwdDttYXJnaW4tbGVmdDowY20iPg0KPGk+PHNw
YW4gc3R5bGU9ImZvbnQtZmFtaWx5OiZxdW90O0FyaWFsJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYm
cXVvdDs7Y29sb3I6IzI0MjkyRSI+QW4gZXh0ZW5zaWJsZSBtYW5pZmVzdCBmb3JtYXQgdG8gZGVz
Y3JpYmUgbWV0YWRhdGEgYWJvdXQgdGhlIGZpcm13YXJlIGFuZCBpdHMgc2VjdXJpdHkgcHJvcGVy
dGllcyB3aWxsIGJlIGRldmVsb3BlZCBieSB0aGlzIFdHLiBUaGUgd29ya2luZyBncm91cCB3aWxs
IGFsc28gZGV2ZWxvcCBhbmQgYXJjaGl0ZWN0IHNvbHV0aW9uIHRoYXQgZW5hYmxlDQogdGhlIElv
VCBkZXZpY2VzIHRvIGxvY2F0ZSB0aGUgZmlybXdhcmUgdXBkYXRlIHNlcnZlciAoYW5kIG1hbmlm
ZXN0KSB2aWEgZXhpc3RpbmcgdHJhbnNwb3J0IHByb3RvY29sIG1lY2hhbmlzbXMuPC9zcGFuPjwv
aT48bzpwPjwvbzpwPjwvcD4NCjxwIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6MGNtO21hcmdp
bi1yaWdodDowY207bWFyZ2luLWJvdHRvbToxMi4wcHQ7bWFyZ2luLWxlZnQ6MGNtIj4NCjxpPjxz
cGFuIHN0eWxlPSJmb250LWZhbWlseTomcXVvdDtBcmlhbCZxdW90OywmcXVvdDtzYW5zLXNlcmlm
JnF1b3Q7O2NvbG9yOiMyNDI5MkUiPkluIHBhcnRpY3VsYXIsIHRoaXMgV0cgd2lsbCBwZXJmb3Jt
IHRoZSBmb2xsb3dpbmcgd29yazo8L3NwYW4+PC9pPjxvOnA+PC9vOnA+PC9wPg0KPHAgc3R5bGU9
Im1zby1tYXJnaW4tdG9wLWFsdDowY207bWFyZ2luLXJpZ2h0OjBjbTttYXJnaW4tYm90dG9tOjBj
bTttYXJnaW4tbGVmdDozNi4wcHQ7bWFyZ2luLWJvdHRvbTouMDAwMXB0O3RleHQtaW5kZW50Oi0x
OC4wcHQ7bXNvLWxpc3Q6bDAgbGV2ZWwxIGxmbzE7dmVydGljYWwtYWxpZ246YmFzZWxpbmUiPg0K
PCFbaWYgIXN1cHBvcnRMaXN0c10+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1m
YW1pbHk6U3ltYm9sO2NvbG9yOiMyNDI5MkUiPjxzcGFuIHN0eWxlPSJtc28tbGlzdDpJZ25vcmUi
PsK3PHNwYW4gc3R5bGU9ImZvbnQ6Ny4wcHQgJnF1b3Q7VGltZXMgTmV3IFJvbWFuJnF1b3Q7Ij4m
bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsNCjwvc3Bhbj48L3NwYW4+PC9zcGFu
PjwhW2VuZGlmXT48aT48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6JnF1b3Q7QXJpYWwmcXVvdDss
JnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojMjQyOTJFIj5Eb2N1bWVudCB0aGF0IGRlZmlu
ZXMgdGhlIHJlcXVpcmVtZW50cyBmb3Igc2VjdXJlIGZpcm13YXJlIHVwZ3JhZGUgc29sdXRpb24u
PG86cD48L286cD48L3NwYW4+PC9pPjwvcD4NCjxwIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6
MGNtO21hcmdpbi1yaWdodDowY207bWFyZ2luLWJvdHRvbTowY207bWFyZ2luLWxlZnQ6MzYuMHB0
O21hcmdpbi1ib3R0b206LjAwMDFwdDt0ZXh0LWluZGVudDotMTguMHB0O21zby1saXN0OmwwIGxl
dmVsMSBsZm8xO3ZlcnRpY2FsLWFsaWduOmJhc2VsaW5lIj4NCjwhW2lmICFzdXBwb3J0TGlzdHNd
PjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OlN5bWJvbDtjb2xvcjoj
MjQyOTJFIj48c3BhbiBzdHlsZT0ibXNvLWxpc3Q6SWdub3JlIj7CtzxzcGFuIHN0eWxlPSJmb250
OjcuMHB0ICZxdW90O1RpbWVzIE5ldyBSb21hbiZxdW90OyI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i
c3A7Jm5ic3A7Jm5ic3A7DQo8L3NwYW4+PC9zcGFuPjwvc3Bhbj48IVtlbmRpZl0+PGk+PHNwYW4g
c3R5bGU9ImZvbnQtZmFtaWx5OiZxdW90O0FyaWFsJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVv
dDs7Y29sb3I6IzI0MjkyRSI+RGVmaW5lIGEgZ2VuZXJhbCBhcmNoaXRlY3R1cmUgdGhhdCBlbmFi
bGVzIHNlY3VyZSBJb1QgZmlybXdhcmUgdXBncmFkZSBkZXNjcmliaW5nIGludm9sdmVkIGVsZW1l
bnRzLCBzZWN1cml0eSB0aHJlYXRzLCB1cGRhdGUgc2VydmVyIGRpc2NvdmVyeSBhbmQgYXNzdW1w
dGlvbnMuPG86cD48L286cD48L3NwYW4+PC9pPjwvcD4NCjxwIHN0eWxlPSJtc28tbWFyZ2luLXRv
cC1hbHQ6MGNtO21hcmdpbi1yaWdodDowY207bWFyZ2luLWJvdHRvbTowY207bWFyZ2luLWxlZnQ6
MzYuMHB0O21hcmdpbi1ib3R0b206LjAwMDFwdDt0ZXh0LWluZGVudDotMTguMHB0O21zby1saXN0
OmwwIGxldmVsMSBsZm8xO3ZlcnRpY2FsLWFsaWduOmJhc2VsaW5lIj4NCjwhW2lmICFzdXBwb3J0
TGlzdHNdPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OlN5bWJvbDtj
b2xvcjojMjQyOTJFIj48c3BhbiBzdHlsZT0ibXNvLWxpc3Q6SWdub3JlIj7CtzxzcGFuIHN0eWxl
PSJmb250OjcuMHB0ICZxdW90O1RpbWVzIE5ldyBSb21hbiZxdW90OyI+Jm5ic3A7Jm5ic3A7Jm5i
c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7DQo8L3NwYW4+PC9zcGFuPjwvc3Bhbj48IVtlbmRpZl0+PGk+
PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OiZxdW90O0FyaWFsJnF1b3Q7LCZxdW90O3NhbnMtc2Vy
aWYmcXVvdDs7Y29sb3I6IzI0MjkyRSI+RG9jdW1lbnQgdGhhdCBkZXNjcmliZXMgdGhlIGRhdGEg
bW9kZWwgJm5ic3A7dGhhdCBjYXB0dXJlcyBtZXRhZGF0YSBhbmQgc2VjdXJpdHkgcHJvcGVydGll
cyBhYm91dCB0aGUgZmlybXdhcmUgaW4gdGhlIGZvcm0gb2YgYSBtYW5pZmVzdC48bzpwPjwvbzpw
Pjwvc3Bhbj48L2k+PC9wPg0KPHAgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDowY207bWFyZ2lu
LXJpZ2h0OjBjbTttYXJnaW4tYm90dG9tOjBjbTttYXJnaW4tbGVmdDozNi4wcHQ7bWFyZ2luLWJv
dHRvbTouMDAwMXB0O3RleHQtaW5kZW50Oi0xOC4wcHQ7bXNvLWxpc3Q6bDAgbGV2ZWwxIGxmbzE7
dmVydGljYWwtYWxpZ246YmFzZWxpbmUiPg0KPCFbaWYgIXN1cHBvcnRMaXN0c10+PHNwYW4gc3R5
bGU9ImZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6U3ltYm9sO2NvbG9yOiMyNDI5MkUiPjxz
cGFuIHN0eWxlPSJtc28tbGlzdDpJZ25vcmUiPsK3PHNwYW4gc3R5bGU9ImZvbnQ6Ny4wcHQgJnF1
b3Q7VGltZXMgTmV3IFJvbWFuJnF1b3Q7Ij4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm
bmJzcDsNCjwvc3Bhbj48L3NwYW4+PC9zcGFuPjwhW2VuZGlmXT48aT48c3BhbiBzdHlsZT0iZm9u
dC1mYW1pbHk6JnF1b3Q7QXJpYWwmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjoj
MjQyOTJFIj5EZWZpbmUgb25lIG9yIG1vcmUgZW5jb2RpbmcgZm9ybWF0cyBmb3IgdGhlIG1hbmlm
ZXN0LjxvOnA+PC9vOnA+PC9zcGFuPjwvaT48L3A+DQo8cCBzdHlsZT0ibXNvLW1hcmdpbi10b3At
YWx0OjBjbTttYXJnaW4tcmlnaHQ6MGNtO21hcmdpbi1ib3R0b206MTIuMHB0O21hcmdpbi1sZWZ0
OjM2LjBwdDt0ZXh0LWluZGVudDotMTguMHB0O21zby1saXN0OmwwIGxldmVsMSBsZm8xO3ZlcnRp
Y2FsLWFsaWduOmJhc2VsaW5lIj4NCjwhW2lmICFzdXBwb3J0TGlzdHNdPjxzcGFuIHN0eWxlPSJm
b250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OlN5bWJvbDtjb2xvcjojMjQyOTJFIj48c3BhbiBz
dHlsZT0ibXNvLWxpc3Q6SWdub3JlIj7CtzxzcGFuIHN0eWxlPSJmb250OjcuMHB0ICZxdW90O1Rp
bWVzIE5ldyBSb21hbiZxdW90OyI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7
DQo8L3NwYW4+PC9zcGFuPjwvc3Bhbj48IVtlbmRpZl0+PGk+PHNwYW4gc3R5bGU9ImZvbnQtZmFt
aWx5OiZxdW90O0FyaWFsJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6IzI0Mjky
RSI+RG9jdW1lbnQgZGVzY3JpYmluZyB1c2Ugb2YgZXhpc3RpbmcgdHJhbnNwb3J0IGFuZCBwcm90
b2NvbCBtZWNoYW5pc21zIHRvIGxvY2F0ZSBhbmQgZG93bmxvYWQgdGhlIGZpcm13YXJlLjxvOnA+
PC9vOnA+PC9zcGFuPjwvaT48L3A+DQo8cCBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OjMuMHB0
O21hcmdpbi1yaWdodDowY207bWFyZ2luLWJvdHRvbToxMi4wcHQ7bWFyZ2luLWxlZnQ6MzYuMHB0
O3RleHQtaW5kZW50Oi0xOC4wcHQ7bXNvLWxpc3Q6bDAgbGV2ZWwxIGxmbzE7dmVydGljYWwtYWxp
Z246YmFzZWxpbmUiPg0KPCFbaWYgIXN1cHBvcnRMaXN0c10+PHNwYW4gc3R5bGU9ImZvbnQtc2l6
ZToxMC4wcHQ7Zm9udC1mYW1pbHk6U3ltYm9sO2NvbG9yOiMyNDI5MkUiPjxzcGFuIHN0eWxlPSJt
c28tbGlzdDpJZ25vcmUiPsK3PHNwYW4gc3R5bGU9ImZvbnQ6Ny4wcHQgJnF1b3Q7VGltZXMgTmV3
IFJvbWFuJnF1b3Q7Ij4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsNCjwvc3Bh
bj48L3NwYW4+PC9zcGFuPjwhW2VuZGlmXT48aT48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6JnF1
b3Q7QXJpYWwmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojMjQyOTJFIj5BIGJl
c3QgY3VycmVudCBwcmFjdGljZXMgZG9jdW1lbnQgdGhhdCBkZWZpbmVzIGZpcm13YXJlIGluc3Rh
bGxhdGlvbiBwcm9jZXNzIG9uIHRoZSBJb1QgZGV2aWNlLjxvOnA+PC9vOnA+PC9zcGFuPjwvaT48
L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8
L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1mYW1p
bHk6JnF1b3Q7QXJpYWwmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojMjQyOTJF
Ij5JIGJlbGlldmUgc29tZXRoaW5nIG9uIHRoZSBzaW1pbGFyIGxpbmVzIGNsZWFybHkgaWRlbnRp
ZmllcyB0aGUgd29ya2luZyBvYmplY3RpdmVzIGFuZCBkZWxpdmVyYWJsZXMgZm9yIHRoaXMgZWZm
b3J0Ljwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29O
b3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1z
b05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OiZxdW90O0FyaWFsJnF1b3Q7LCZxdW90
O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6IzI0MjkyRSI+Q2hlZXJzPC9zcGFuPjxvOnA+PC9vOnA+
PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZv
bnQtZmFtaWx5OiZxdW90O0FyaWFsJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6
IzI0MjkyRSI+U3VoYXMgTmFuZGFrdW1hcjwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0K
PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+
DQo8L2Rpdj4NCjwvZGl2Pg0KSU1QT1JUQU5UIE5PVElDRTogVGhlIGNvbnRlbnRzIG9mIHRoaXMg
ZW1haWwgYW5kIGFueSBhdHRhY2htZW50cyBhcmUgY29uZmlkZW50aWFsIGFuZCBtYXkgYWxzbyBi
ZSBwcml2aWxlZ2VkLiBJZiB5b3UgYXJlIG5vdCB0aGUgaW50ZW5kZWQgcmVjaXBpZW50LCBwbGVh
c2Ugbm90aWZ5IHRoZSBzZW5kZXIgaW1tZWRpYXRlbHkgYW5kIGRvIG5vdCBkaXNjbG9zZSB0aGUg
Y29udGVudHMgdG8gYW55IG90aGVyIHBlcnNvbiwgdXNlIGl0IGZvciBhbnkgcHVycG9zZSwNCiBv
ciBzdG9yZSBvciBjb3B5IHRoZSBpbmZvcm1hdGlvbiBpbiBhbnkgbWVkaXVtLiBUaGFuayB5b3Uu
DQo8L2JvZHk+DQo8L2h0bWw+DQo=

--_000_AM4PR0801MB27063101E53AA1E2F7FEB55BFA210AM4PR0801MB2706_--


From nobody Wed Nov 22 23:31:48 2017
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 08E5B126DC2 for <suit@ietfa.amsl.com>; Wed, 22 Nov 2017 23:31:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.7
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IFTfznETOW_5 for <suit@ietfa.amsl.com>; Wed, 22 Nov 2017 23:31:45 -0800 (PST)
Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-eopbgr20082.outbound.protection.outlook.com [40.107.2.82]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A6622127342 for <suit@ietf.org>; Wed, 22 Nov 2017 23:31:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=6axGIGsGuJGMqUuFeF7+jZ/GweZ2E83peZ+/UzGrP30=; b=Bhk0g9i6XR3lwNW5xHuUgB7EKRLj257WfsK2ctq69hXSWqXWHBs53DMTL8gAYWumKL62j/OJw7ztuHzAnZfa5haVBEMJU4Fu+CoZPpxTL9xtav4mGDB3C9xPtLM8laCu/xJBeusK/3FC+Er4Qp6MP7lzXRdABV0VKylfDg7e4hY=
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com (10.167.90.148) by AM4PR0801MB2705.eurprd08.prod.outlook.com (10.167.90.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.239.5; Thu, 23 Nov 2017 07:31:42 +0000
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::edae:da33:a0c9:fe3f]) by AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::edae:da33:a0c9:fe3f%13]) with mapi id 15.20.0239.009; Thu, 23 Nov 2017 07:31:42 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Suhas Nandakumar <suhasietf@gmail.com>, "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] Manifest Formats
Thread-Index: AQHTY+td/mA+/vbT2kSyVEnPOS/e4aMhkjBQ
Date: Thu, 23 Nov 2017 07:31:42 +0000
Message-ID: <AM4PR0801MB270630DAF02E36407E12B79DFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
References: <CAMRcRGQo_3ygGXeOEc0KR=E97Oax85p1L0UV62mMtv2E0zggaw@mail.gmail.com>
In-Reply-To: <CAMRcRGQo_3ygGXeOEc0KR=E97Oax85p1L0UV62mMtv2E0zggaw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com; 
x-originating-ip: [80.92.114.7]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM4PR0801MB2705; 6:T5007yIReNhpZrkk0ONbl4taVhld6QHBlwwsn6m4FpT137DjfKASdG/HbbMuaMY8HEGmLhPS/NUcRcfwLXLtIy7HmdQqWpKqss0STQ1rNzAujeYYhQcGDGmmZwGZAjGHzKUsFcDTPFeof+GeFsOjJYuJTmMECqlC5KaG15V0LbDBeZjcjCrcDsPUrycM+MUTlVFhFhb8SZO2NBbRYDiU6FzfGJR4uCA92yBpi3PksObRoQYyiDwtVIBJqV51SqR+zSocQwHul+au38lDsh+hFnH9rWeV2QLahIO7uodNN7ozjpN5QMewsIpfxMkoggGLOUqvor7wbF0XwO1vNNRAF0/Eey2gkqLz4FMo5SZvoX4=; 5:fDTOF8Sm2Y7YNJ/JxCREZAfBJG47vAu6CKIVSubGCIm5DCSnscBytHV5yOr/avIfjAoxbsonmcVD/2ka3DqoRn3WMEkADJz1CDgM1dOqSvLRA+GJzDWKFwBpE3w7v/Ax/4XA9lga1xl+Ivy4r61P9HK7PPmfiBKOHYmAUTONnys=; 24:VPYjGIKgwWGGw0nG/V6Xl0s9sdw2je5Xprzsb3qdtUMgzAv/obHppzBe+yb7deNO2atmOF58MuYrbUGzAav3i0YJ1VmFHPxssCLmYFnwRcA=; 7:Y2VcVxqIFfHCkYnUfHqqJZC+Z7WCgJYvfYRy4EBlNi40ulE5cwtfb2mOSrfxxN5C/btw+EfySKkuath625Ary5vQOuwfFQAaY8sDpuVjJ0iLvS10AkSR8+c8cJU83u3+JlMPcikSR5LmXyxDggJovtgmjw0rRHF9w8UmJsEtai70lY6xRUpJXHTw0E15xwRhB54nAiiaf4E0/h07FtJQmdljCt3LK43PlYgyf9PajAnw5mlnRq+Il6OJcXbr1/fZ
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 97fa72b6-8355-4dc9-ca58-08d532443e19
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603199); SRVR:AM4PR0801MB2705; 
x-ms-traffictypediagnostic: AM4PR0801MB2705:
x-microsoft-antispam-prvs: <AM4PR0801MB2705F01B1EBE4D977B1C9F3FFA210@AM4PR0801MB2705.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(227612066756510)(21748063052155); 
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(100000703101)(100105400095)(10201501046)(3002001)(93006095)(93001095)(3231022)(6055026)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123562025)(20161123564025)(20161123560025)(20161123555025)(20161123558100)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:AM4PR0801MB2705; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:AM4PR0801MB2705; 
x-forefront-prvs: 05009853EF
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(376002)(346002)(39860400002)(366004)(199003)(189002)(40434004)(33656002)(6506006)(53936002)(110136005)(3846002)(9686003)(102836003)(790700001)(6306002)(2501003)(6436002)(5890100001)(97736004)(478600001)(54896002)(6246003)(50986999)(76176999)(99286004)(6116002)(54356999)(25786009)(229853002)(316002)(101416001)(39060400002)(53546010)(68736007)(8936002)(9326002)(55016002)(7736002)(81166006)(81156014)(86362001)(74316002)(5250100002)(189998001)(14454004)(106356001)(66066001)(2900100001)(105586002)(3280700002)(2906002)(8676002)(72206003)(3660700001)(2950100002)(7696004)(5660300001); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR0801MB2705; H:AM4PR0801MB2706.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_AM4PR0801MB270630DAF02E36407E12B79DFA210AM4PR0801MB2706_"
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 97fa72b6-8355-4dc9-ca58-08d532443e19
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Nov 2017 07:31:42.3054 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0801MB2705
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/WaiiQjB3tEYWNk38XsI9P-DJehA>
Subject: Re: [Suit] Manifest Formats
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Nov 2017 07:31:47 -0000

--_000_AM4PR0801MB270630DAF02E36407E12B79DFA210AM4PR0801MB2706_
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64

SGkgU3VoYXMsDQoNCkRvIHlvdSBhZ3JlZSB0aGF0IGhhdmluZyBtdWx0aXBsZSBmb3JtYXRzIHdp
bGwgY2F1c2UgYWRkaXRpb25hbCBwYWluIGFuZCBsb3dlciBpbnRlcm9wZXJhYmlsaXR5Pw0KDQpD
aWFvDQpIYW5uZXMNCg0KRnJvbTogU3VpdCBbbWFpbHRvOnN1aXQtYm91bmNlc0BpZXRmLm9yZ10g
T24gQmVoYWxmIE9mIFN1aGFzIE5hbmRha3VtYXINClNlbnQ6IDIzIE5vdmVtYmVyIDIwMTcgMDA6
NDENClRvOiBzdWl0QGlldGYub3JnDQpTdWJqZWN0OiBbU3VpdF0gTWFuaWZlc3QgRm9ybWF0cw0K
DQoNCkhpLA0KDQpDdXJyZW50IGNoYXJ0ZXIgc2F5cw0KDQoiIiIgQSBsb3dlciBudW1iZXIgb2Yg
Zm9ybWF0cyBpcyBwcmVmZXJyZWQgdG8gcmVkdWNlIGNvZGUgc2l6ZSBmb3Igc3VwcG9ydGluZyBk
ZWNvZGVycyBvbiBkZXZpY2VzIHJlY2VpdmluZyBhIG1hbmlmZXN0IGFuZCB0byBtYXhpbWl6ZSBp
bnRlcm9wZXJhYmlsaXR5IG9mIHNvbHV0aW9ucw0KDQoiIiINCg0KSSBkb27igJl0IHRoaW5rIHRo
aXMgaXMgYXBwbGljYWJsZSBzaW5jZSBhIGRldmljZSB3aWxsIHN1cHBvcnQganVzdCBvbmUgZm9y
bWF0LCBUaGUgbXVsdGlwbGljaXR5IG9mIHRoZSBmb3JtYXRzIGlzIG5lZWRlZCBvbiB0aGUgRmly
bXdhcmUgc2VydmVyIHRvIHN1cHBvcnQgZGV2aWNlcyB3aXRoIGRpZmZlcmVudCBjYXBhYmlsaXRp
ZXMgb24gdGhlIG1hbmlmZXN0IGVuY29kaW5nIGZvcm1hdC4gVGhpcyBjb21tZW50IGluIHRoZSBj
aGFydGVyIHNlZW1zIGluY29ycmVjdC4NCg0KDQoNCkNoZWVycw0KDQpTdWhhcyBOYW5kYWt1bWFy
DQoNCklNUE9SVEFOVCBOT1RJQ0U6IFRoZSBjb250ZW50cyBvZiB0aGlzIGVtYWlsIGFuZCBhbnkg
YXR0YWNobWVudHMgYXJlIGNvbmZpZGVudGlhbCBhbmQgbWF5IGFsc28gYmUgcHJpdmlsZWdlZC4g
SWYgeW91IGFyZSBub3QgdGhlIGludGVuZGVkIHJlY2lwaWVudCwgcGxlYXNlIG5vdGlmeSB0aGUg
c2VuZGVyIGltbWVkaWF0ZWx5IGFuZCBkbyBub3QgZGlzY2xvc2UgdGhlIGNvbnRlbnRzIHRvIGFu
eSBvdGhlciBwZXJzb24sIHVzZSBpdCBmb3IgYW55IHB1cnBvc2UsIG9yIHN0b3JlIG9yIGNvcHkg
dGhlIGluZm9ybWF0aW9uIGluIGFueSBtZWRpdW0uIFRoYW5rIHlvdS4NCg==

--_000_AM4PR0801MB270630DAF02E36407E12B79DFA210AM4PR0801MB2706_
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: base64

PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy
bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt
YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj
cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv
VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg
Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv
ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTQgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl
PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6
Q2FsaWJyaTsNCglwYW5vc2UtMToyIDE1IDUgMiAyIDIgNCAzIDIgNDt9DQpAZm9udC1mYWNlDQoJ
e2ZvbnQtZmFtaWx5OlRhaG9tYTsNCglwYW5vc2UtMToyIDExIDYgNCAzIDUgNCA0IDIgNDt9DQov
KiBTdHlsZSBEZWZpbml0aW9ucyAqLw0KcC5Nc29Ob3JtYWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1z
b05vcm1hbA0KCXttYXJnaW46MGNtOw0KCW1hcmdpbi1ib3R0b206LjAwMDFwdDsNCglmb250LXNp
emU6MTIuMHB0Ow0KCWZvbnQtZmFtaWx5OiJUaW1lcyBOZXcgUm9tYW4iLCJzZXJpZiI7fQ0KYTps
aW5rLCBzcGFuLk1zb0h5cGVybGluaw0KCXttc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6
Ymx1ZTsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lO30NCmE6dmlzaXRlZCwgc3Bhbi5Nc29I
eXBlcmxpbmtGb2xsb3dlZA0KCXttc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6cHVycGxl
Ow0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KcA0KCXttc28tc3R5bGUtcHJpb3JpdHk6
OTk7DQoJbXNvLW1hcmdpbi10b3AtYWx0OmF1dG87DQoJbWFyZ2luLXJpZ2h0OjBjbTsNCgltc28t
bWFyZ2luLWJvdHRvbS1hbHQ6YXV0bzsNCgltYXJnaW4tbGVmdDowY207DQoJZm9udC1zaXplOjEy
LjBwdDsNCglmb250LWZhbWlseToiVGltZXMgTmV3IFJvbWFuIiwic2VyaWYiO30NCnNwYW4uRW1h
aWxTdHlsZTE4DQoJe21zby1zdHlsZS10eXBlOnBlcnNvbmFsLXJlcGx5Ow0KCWZvbnQtZmFtaWx5
OiJDYWxpYnJpIiwic2Fucy1zZXJpZiI7DQoJY29sb3I6IzFGNDk3RDt9DQouTXNvQ2hwRGVmYXVs
dA0KCXttc28tc3R5bGUtdHlwZTpleHBvcnQtb25seTsNCglmb250LWZhbWlseToiQ2FsaWJyaSIs
InNhbnMtc2VyaWYiOw0KCW1zby1mYXJlYXN0LWxhbmd1YWdlOkVOLVVTO30NCkBwYWdlIFdvcmRT
ZWN0aW9uMQ0KCXtzaXplOjYxMi4wcHQgNzkyLjBwdDsNCgltYXJnaW46NzIuMHB0IDcyLjBwdCA3
Mi4wcHQgNzIuMHB0O30NCmRpdi5Xb3JkU2VjdGlvbjENCgl7cGFnZTpXb3JkU2VjdGlvbjE7fQ0K
LS0+PC9zdHlsZT48IS0tW2lmIGd0ZSBtc28gOV0+PHhtbD4NCjxvOnNoYXBlZGVmYXVsdHMgdjpl
eHQ9ImVkaXQiIHNwaWRtYXg9IjEwMjYiIC8+DQo8L3htbD48IVtlbmRpZl0tLT48IS0tW2lmIGd0
ZSBtc28gOV0+PHhtbD4NCjxvOnNoYXBlbGF5b3V0IHY6ZXh0PSJlZGl0Ij4NCjxvOmlkbWFwIHY6
ZXh0PSJlZGl0IiBkYXRhPSIxIiAvPg0KPC9vOnNoYXBlbGF5b3V0PjwveG1sPjwhW2VuZGlmXS0t
Pg0KPC9oZWFkPg0KPGJvZHkgbGFuZz0iRU4tR0IiIGxpbms9ImJsdWUiIHZsaW5rPSJwdXJwbGUi
Pg0KPGRpdiBjbGFzcz0iV29yZFNlY3Rpb24xIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFu
IHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDss
JnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojMUY0OTdEIj5IaSBTdWhhcywNCjxvOnA+PC9v
OnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNp
emU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJp
ZiZxdW90Oztjb2xvcjojMUY0OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBj
bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWls
eTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6IzFGNDk3
RCI+RG8geW91IGFncmVlIHRoYXQgaGF2aW5nIG11bHRpcGxlIGZvcm1hdHMgd2lsbCBjYXVzZSBh
ZGRpdGlvbmFsIHBhaW4gYW5kIGxvd2VyIGludGVyb3BlcmFiaWxpdHk/DQo8bzpwPjwvbzpwPjwv
c3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEx
LjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVv
dDs7Y29sb3I6IzFGNDk3RCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9
Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1
b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPkNp
YW88YnI+DQpIYW5uZXM8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFs
Ij48YSBuYW1lPSJfTWFpbEVuZENvbXBvc2UiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0
O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztj
b2xvcjojMUY0OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L2E+PC9wPg0KPHAgY2xhc3M9
Ik1zb05vcm1hbCI+PGI+PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJmb250LXNpemU6MTAuMHB0
O2ZvbnQtZmFtaWx5OiZxdW90O1RhaG9tYSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij5G
cm9tOjwvc3Bhbj48L2I+PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJmb250LXNpemU6MTAuMHB0
O2ZvbnQtZmFtaWx5OiZxdW90O1RhaG9tYSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij4g
U3VpdCBbbWFpbHRvOnN1aXQtYm91bmNlc0BpZXRmLm9yZ10NCjxiPk9uIEJlaGFsZiBPZiA8L2I+
U3VoYXMgTmFuZGFrdW1hcjxicj4NCjxiPlNlbnQ6PC9iPiAyMyBOb3ZlbWJlciAyMDE3IDAwOjQx
PGJyPg0KPGI+VG86PC9iPiBzdWl0QGlldGYub3JnPGJyPg0KPGI+U3ViamVjdDo8L2I+IFtTdWl0
XSBNYW5pZmVzdCBGb3JtYXRzPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05v
cm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8ZGl2Pg0KPHAgc3R5bGU9Im1zby1tYXJnaW4t
dG9wLWFsdDowY207bWFyZ2luLXJpZ2h0OjBjbTttYXJnaW4tYm90dG9tOjguMHB0O21hcmdpbi1s
ZWZ0OjBjbSI+DQo8c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVv
dDtBcmlhbCZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij5IaSwgPC9zcGFuPjxvOnA+PC9v
OnA+PC9wPg0KPHAgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDowY207bWFyZ2luLXJpZ2h0OjBj
bTttYXJnaW4tYm90dG9tOjguMHB0O21hcmdpbi1sZWZ0OjBjbSI+DQo8c3BhbiBzdHlsZT0iZm9u
dC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtBcmlhbCZxdW90OywmcXVvdDtzYW5zLXNl
cmlmJnF1b3Q7Ij5DdXJyZW50IGNoYXJ0ZXIgc2F5czwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxw
IHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6MGNtO21hcmdpbi1yaWdodDowY207bWFyZ2luLWJv
dHRvbTo4LjBwdDttYXJnaW4tbGVmdDowY20iPg0KPHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4w
cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7QXJpYWwmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+
JnF1b3Q7JnF1b3Q7JnF1b3Q7IDwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjVwdDtm
b250LWZhbWlseTomcXVvdDtBcmlhbCZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij5BIGxv
d2VyIG51bWJlciBvZiBmb3JtYXRzIGlzIHByZWZlcnJlZCB0byByZWR1Y2UgY29kZSBzaXplIGZv
ciBzdXBwb3J0aW5nIGRlY29kZXJzIG9uIGRldmljZXMgcmVjZWl2aW5nIGEgbWFuaWZlc3QgYW5k
DQogdG8gbWF4aW1pemUgaW50ZXJvcGVyYWJpbGl0eSBvZiBzb2x1dGlvbnM8L3NwYW4+PG86cD48
L286cD48L3A+DQo8cCBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OjBjbTttYXJnaW4tcmlnaHQ6
MGNtO21hcmdpbi1ib3R0b206OC4wcHQ7bWFyZ2luLWxlZnQ6MGNtIj4NCjxzcGFuIHN0eWxlPSJm
b250LXNpemU6MTEuNXB0O2ZvbnQtZmFtaWx5OiZxdW90O0FyaWFsJnF1b3Q7LCZxdW90O3NhbnMt
c2VyaWYmcXVvdDsiPiZxdW90OyZxdW90OyZxdW90Ozwvc3Bhbj4mbmJzcDs8bzpwPjwvbzpwPjwv
cD4NCjxwIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6MGNtO21hcmdpbi1yaWdodDowY207bWFy
Z2luLWJvdHRvbTo4LjBwdDttYXJnaW4tbGVmdDowY20iPg0KPHNwYW4gc3R5bGU9ImZvbnQtc2l6
ZToxMS41cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7QXJpYWwmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZx
dW90OyI+SSBkb27igJl0IHRoaW5rIHRoaXMgaXMgYXBwbGljYWJsZSBzaW5jZSBhIGRldmljZSB3
aWxsIHN1cHBvcnQganVzdCBvbmUgZm9ybWF0LCBUaGUgbXVsdGlwbGljaXR5IG9mIHRoZSBmb3Jt
YXRzIGlzIG5lZWRlZCBvbiB0aGUgRmlybXdhcmUgc2VydmVyIHRvIHN1cHBvcnQgZGV2aWNlcyB3
aXRoIGRpZmZlcmVudCBjYXBhYmlsaXRpZXMgb24NCiB0aGUgbWFuaWZlc3QgZW5jb2RpbmcgZm9y
bWF0LiBUaGlzIGNvbW1lbnQgaW4gdGhlIGNoYXJ0ZXIgc2VlbXMgaW5jb3JyZWN0Ljwvc3Bhbj48
bzpwPjwvbzpwPjwvcD4NCjxwIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6MGNtO21hcmdpbi1y
aWdodDowY207bWFyZ2luLWJvdHRvbTo4LjBwdDttYXJnaW4tbGVmdDowY20iPg0KPG86cD4mbmJz
cDs8L286cD48L3A+DQo8cCBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OjBjbTttYXJnaW4tcmln
aHQ6MGNtO21hcmdpbi1ib3R0b206OC4wcHQ7bWFyZ2luLWxlZnQ6MGNtIj4NCjxzcGFuIHN0eWxl
PSJmb250LXNpemU6MTEuNXB0O2ZvbnQtZmFtaWx5OiZxdW90O0FyaWFsJnF1b3Q7LCZxdW90O3Nh
bnMtc2VyaWYmcXVvdDsiPkNoZWVyczwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIHN0eWxlPSJt
c28tbWFyZ2luLXRvcC1hbHQ6MGNtO21hcmdpbi1yaWdodDowY207bWFyZ2luLWJvdHRvbTo4LjBw
dDttYXJnaW4tbGVmdDowY20iPg0KPHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS41cHQ7Zm9udC1m
YW1pbHk6JnF1b3Q7QXJpYWwmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+U3VoYXMgTmFu
ZGFrdW1hcjwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFs
Ij48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCklNUE9SVEFO
VCBOT1RJQ0U6IFRoZSBjb250ZW50cyBvZiB0aGlzIGVtYWlsIGFuZCBhbnkgYXR0YWNobWVudHMg
YXJlIGNvbmZpZGVudGlhbCBhbmQgbWF5IGFsc28gYmUgcHJpdmlsZWdlZC4gSWYgeW91IGFyZSBu
b3QgdGhlIGludGVuZGVkIHJlY2lwaWVudCwgcGxlYXNlIG5vdGlmeSB0aGUgc2VuZGVyIGltbWVk
aWF0ZWx5IGFuZCBkbyBub3QgZGlzY2xvc2UgdGhlIGNvbnRlbnRzIHRvIGFueSBvdGhlciBwZXJz
b24sIHVzZSBpdCBmb3IgYW55IHB1cnBvc2UsDQogb3Igc3RvcmUgb3IgY29weSB0aGUgaW5mb3Jt
YXRpb24gaW4gYW55IG1lZGl1bS4gVGhhbmsgeW91Lg0KPC9ib2R5Pg0KPC9odG1sPg0K

--_000_AM4PR0801MB270630DAF02E36407E12B79DFA210AM4PR0801MB2706_--


From nobody Wed Nov 22 23:34:17 2017
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9CD9C126DC2 for <suit@ietfa.amsl.com>; Wed, 22 Nov 2017 23:34:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.92
X-Spam-Level: 
X-Spam-Status: No, score=-1.92 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jnpBIlucHdQA for <suit@ietfa.amsl.com>; Wed, 22 Nov 2017 23:34:14 -0800 (PST)
Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-eopbgr20062.outbound.protection.outlook.com [40.107.2.62]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BA4E71274D0 for <suit@ietf.org>; Wed, 22 Nov 2017 23:34:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=NlSiT0Ndog6zICRFx6PsFG+QdL0rV4Ogq1i/+1MK78U=; b=BOwQnZP1j42IfEufDoogpMPM9cA0khM7Taw84x/D1h2le8Mw6NJkEEgB6YJKGXOYtAECKRDqEgJzKyC1BSutR9WhmDYUIRM76U6qve2X/ne6Zsi+XJdWQ5eDRsu2/g3lISn7fVXfnBrH2iby0bALxmAt/NHlg6bbVzdxusR55A4=
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com (10.167.90.148) by AM4PR0801MB2705.eurprd08.prod.outlook.com (10.167.90.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.239.5; Thu, 23 Nov 2017 07:34:11 +0000
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::edae:da33:a0c9:fe3f]) by AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::edae:da33:a0c9:fe3f%13]) with mapi id 15.20.0239.009; Thu, 23 Nov 2017 07:34:11 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Suhas Nandakumar <suhasietf@gmail.com>, "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] SUIT Charter: Multisource signed manifest and permission model
Thread-Index: AQHTY+vDQlqb9LaNPkqTL2LkFmQIIaMhkmyw
Date: Thu, 23 Nov 2017 07:34:11 +0000
Message-ID: <AM4PR0801MB27062E89DF0AFF79EA676082FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
References: <CAMRcRGSWgO_y+_zC_p=aD-aBsuKCth9fE8fniUgVg6nPWKa20g@mail.gmail.com>
In-Reply-To: <CAMRcRGSWgO_y+_zC_p=aD-aBsuKCth9fE8fniUgVg6nPWKa20g@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com; 
x-originating-ip: [80.92.114.7]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM4PR0801MB2705; 6:NwwKpfQmj/ox4Du0FAez3d1GllVkiNxjzLAWIE7Eez5s31JPvWGq5nf7325aHeIhdSrc1GkWBCwTpb3hp4u+ZGsHfwPI66BnsXFyH31os5yXRiXjaRHK4IZkPjt2gZQ2q/KDkw8ZKa7t3EcY7rf0sVjKeOgUi45YB8qvY4IiySalChE4aKTYMaiXNMflTS0MerDNK+Vb5C4OJFweEj5/wZdaSoRm9SZUuGT/F9NjtVZfC7yAuNkhWWUyWkubHxugrrjnAkhaIYN7NFVjX72R8TSqTWRmN9jNTCOaniwvzj/Kt5W06aEu37WuKDg3HwcbvY3lmbM/m8WMF6mvD5ZvywM4Ng+arWOe3oFxKXp61A0=; 5:sV3WLeqUYgfxgkpPlCoIXEEjtMiuKKQdpcOtt5ntNRJmOfruK4WlLg7v3Tjq4fWkUg5wiDNPROAlbfK+Xf5Qhmhs7Li/J3iYZ97RAh9v8AqZgDIsQVLmE2loCaGsWHVQTARJbonkv2waHIBk5RLsQDetFhxEIG+MVege9TvQ3LU=; 24:4RpCBtNc0msBYaTtbMVQtkHObubxeBM7+SENQfCgeUu0VB0k87g4qMkODzlmUdeXtPGhFHCDvodfki0rRfk+FYLuqcoNYIn4yiAK19VI0Bs=; 7:R2sgNXaFr0YalZxClRln+vDNkWuGY+mR31FCmldWT8JenTzZRKIKiNfHxdOAZ+LK2p5caG8E0dOUdtHh9Sri3wHDFK7OxLY7kC1VzM+mwL20tL4VCmmrgumurZ6yVwFBpdl6lJYUONZNVxwz6203mHekz7yiZiYrGoEFfasCOobWf5c+o5THyO63mWtH9Isu0i1izrx+22FjN8B94OIipINkuwyikv+1y1GnEBxxlOpicPZdHehyGDAJzfXv5KeF
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: f0f97553-c612-4a84-99cc-08d53244970b
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603199); SRVR:AM4PR0801MB2705; 
x-ms-traffictypediagnostic: AM4PR0801MB2705:
x-microsoft-antispam-prvs: <AM4PR0801MB2705B94E3ECDC1B4FB93C1FFFA210@AM4PR0801MB2705.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(227612066756510)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(100000703101)(100105400095)(10201501046)(3002001)(93006095)(93001095)(3231022)(6055026)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123562025)(20161123564025)(20161123560025)(20161123555025)(20161123558100)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:AM4PR0801MB2705; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:AM4PR0801MB2705; 
x-forefront-prvs: 05009853EF
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(376002)(346002)(39860400002)(366004)(53754006)(199003)(189002)(40434004)(33656002)(6506006)(53936002)(110136005)(3846002)(9686003)(102836003)(790700001)(6306002)(2501003)(6436002)(5890100001)(97736004)(478600001)(54896002)(6246003)(50986999)(76176999)(99286004)(6116002)(54356999)(25786009)(229853002)(316002)(101416001)(39060400002)(53546010)(68736007)(8936002)(9326002)(55016002)(7736002)(81166006)(81156014)(86362001)(74316002)(5250100002)(189998001)(14454004)(106356001)(66066001)(2900100001)(105586002)(3280700002)(2906002)(8676002)(72206003)(3660700001)(2950100002)(7696004)(5660300001); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR0801MB2705; H:AM4PR0801MB2706.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_AM4PR0801MB27062E89DF0AFF79EA676082FA210AM4PR0801MB2706_"
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f0f97553-c612-4a84-99cc-08d53244970b
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Nov 2017 07:34:11.5296 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0801MB2705
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/7tM94WAarq4EvKVggN1MSKFPULs>
Subject: Re: [Suit] SUIT Charter: Multisource signed manifest and permission model
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Nov 2017 07:34:16 -0000

--_000_AM4PR0801MB27062E89DF0AFF79EA676082FA210AM4PR0801MB2706_
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64

SGkgU3VoYXMsDQoNCllvdSBhcmUgYWxyZWFkeSBpbnRvIHNvbHV0aW9uIHRlcnJpdG9yeS4gSSB0
aGluayB3ZSBzaG91bGQgZGlzY3VzcyBzdWNoIGNvbmNlcHRzIGxhdGVyLCBhZnRlciB0aGUgY2hh
cnRlcmluZyBzcGFjZS4NCg0KQ3VycmVudGx5IHRoZSBzZW50ZW5jZSBvbmx5IHNheXMgdGhhdCB3
ZSB3YW50IHRvIHN1cHBvcnQgZGlmZmVyZW50IGRlcGxveW1lbnQgc2NlbmFyaW9zLg0KDQpEbyB5
b3UgZGlzYWdyZWUgdGhhdCBpdCBzaG91bGQgc3VwcG9ydCBkaWZmZXJlbnQgZGVwbG95bWVudCBz
Y2VuYXJpb3M/DQoNCk5vdGUgdGhhdCBpdCBkb2VzIG5vdCBzYXkg4oCcbXVsdGlwbGUgc2lnbmF0
dXJlc+KAnSBhbnl3aGVyZS4NCg0KQ2lhbw0KSGFubmVzDQoNCkZyb206IFN1aXQgW21haWx0bzpz
dWl0LWJvdW5jZXNAaWV0Zi5vcmddIE9uIEJlaGFsZiBPZiBTdWhhcyBOYW5kYWt1bWFyDQpTZW50
OiAyMyBOb3ZlbWJlciAyMDE3IDAwOjQ0DQpUbzogc3VpdEBpZXRmLm9yZw0KU3ViamVjdDogW1N1
aXRdIFNVSVQgQ2hhcnRlcjogTXVsdGlzb3VyY2Ugc2lnbmVkIG1hbmlmZXN0IGFuZCBwZXJtaXNz
aW9uIG1vZGVsDQoNCg0KSGkgQWxsLA0KDQpUaGUgY3VycmVudCBjaGFydGVyIHNheXMgdGhlIGZv
bGxvd2luZyBhYm91dCBhbGxvd2luZyBtYW5pZmVzdCBhbmQgZmlybXdhcmUgc2lnbmVkIGJ5IGRp
ZmZlcmVudCBzb3VyY2VzIGFuZCBoYXZpbmcgYW4gZXhwcmVzc2l2ZSBwZXJtaXNzaW9ucyBtb2Rl
bC4NCg0KIiIiDQoNClRvIHN1cHBvcnQgYSB3aWRlIHJhbmdlIG9mIGRlcGxveW1lbnQgc2NlbmFy
aW9zLCB0aGUgZm9ybWF0cyBhcmUgZXhwZWN0ZWQgdG8gYmUgZXhwcmVzc2l2ZSBlbm91Z2ggdG8g
YWxsb3cgdGhlIHVzZSBvZiBkaWZmZXJlbnQgc29mdHdhcmUgc291cmNlcyBhbmQgcGVybWlzc2lv
biBtb2RlbHMuDQoNCiIiIg0KDQoNCkkgdGhpbmsgdGhlIHdob2xlIGlkZWEgb2YgbXVsdGlwbGUg
cGVvcGxlIHNpZ25pbmcgaXMgdmVyeSB1bmNsZWFyIG9uIHRoZSByZXF1aXJlbWVudHMgYW5kIGl0
cyBhcHBsaWNhYmlsaXR5IG9yIGl0cyB3aWRlc3ByZWFkIHVzZS4gTW9zdCBjb21tb24gZGVwbG95
bWVudHMgdG9kYXkgZm9sbG93IHRoZSBtb2RlbCBvZiBzaW5nbGUgdmVuZG9yIHNpZ25pbmcgdGhl
IGZpcm13YXJlLiBBIGNlcnRpZmljYXRpb24gbGFiIG1pZ2h0IGNlcnRpZnkgdGhhdCBhIGdpdmVu
IHZlcnNpb24gbWVldHMgc29tZSByZXF1aXJlbWVudHMgYW5kIGFuZCBhbiBvcGVyYXRvciBtaWdo
dCB1c2UgdGhhdCBpbmZvcm1hdGlvbiB0byBkZWNpZGUgd2hhdCB2ZXJzaW9uIHRoZXkgZGVwbG95
IGJ1dCBuZWl0aGVyIHRoZSBjZXJ0aWZpY2F0aW9uIGxhYiBvciB0aGUgb3BlcmF0b3Igc2lnbiBh
bnl0aGluZy4NCg0KSSBwcm9wb3NlIHRoYXQgdGhlIFdHIHNob3VsZCByZWNvbnNpZGVyIHRoaXMg
cmVxdWlyZW1lbnQgZm9yIHNjb3BpbmcgcHVycG9zZXMgYW5kIHNob3VsZCBjb25zaWRlciBtdWx0
aS12ZW5kb3Igc2lnbmluZy9wZXJtaXNzaW9ucyBtb2RlbCAgYXMgYSBmdXR1cmUgZXh0ZW5zaW9u
IGluc3RlYWQuIFRoaXMgc2hvdWxkIGJlIHJlbW92ZWQgdW5sZXNzIHdlIGNhbiBzcGVjaWZ5IHdo
YXQgdGhlIG5lZWQgaXMgYW5kIGJlIGNsZWFyIG9uIHRoZSB0cnVzdCBtb2RlbHMgc3VwcG9ydGVk
Lg0KDQoNCkNoZWVycw0KU3VoYXMgTmFuZGFrdW1hcg0KSU1QT1JUQU5UIE5PVElDRTogVGhlIGNv
bnRlbnRzIG9mIHRoaXMgZW1haWwgYW5kIGFueSBhdHRhY2htZW50cyBhcmUgY29uZmlkZW50aWFs
IGFuZCBtYXkgYWxzbyBiZSBwcml2aWxlZ2VkLiBJZiB5b3UgYXJlIG5vdCB0aGUgaW50ZW5kZWQg
cmVjaXBpZW50LCBwbGVhc2Ugbm90aWZ5IHRoZSBzZW5kZXIgaW1tZWRpYXRlbHkgYW5kIGRvIG5v
dCBkaXNjbG9zZSB0aGUgY29udGVudHMgdG8gYW55IG90aGVyIHBlcnNvbiwgdXNlIGl0IGZvciBh
bnkgcHVycG9zZSwgb3Igc3RvcmUgb3IgY29weSB0aGUgaW5mb3JtYXRpb24gaW4gYW55IG1lZGl1
bS4gVGhhbmsgeW91Lg0K

--_000_AM4PR0801MB27062E89DF0AFF79EA676082FA210AM4PR0801MB2706_
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: base64

PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy
bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt
YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj
cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv
VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg
Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv
ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTQgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl
PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6
Q2FsaWJyaTsNCglwYW5vc2UtMToyIDE1IDUgMiAyIDIgNCAzIDIgNDt9DQpAZm9udC1mYWNlDQoJ
e2ZvbnQtZmFtaWx5OlRhaG9tYTsNCglwYW5vc2UtMToyIDExIDYgNCAzIDUgNCA0IDIgNDt9DQov
KiBTdHlsZSBEZWZpbml0aW9ucyAqLw0KcC5Nc29Ob3JtYWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1z
b05vcm1hbA0KCXttYXJnaW46MGNtOw0KCW1hcmdpbi1ib3R0b206LjAwMDFwdDsNCglmb250LXNp
emU6MTIuMHB0Ow0KCWZvbnQtZmFtaWx5OiJUaW1lcyBOZXcgUm9tYW4iLCJzZXJpZiI7fQ0KYTps
aW5rLCBzcGFuLk1zb0h5cGVybGluaw0KCXttc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6
Ymx1ZTsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lO30NCmE6dmlzaXRlZCwgc3Bhbi5Nc29I
eXBlcmxpbmtGb2xsb3dlZA0KCXttc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6cHVycGxl
Ow0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KcA0KCXttc28tc3R5bGUtcHJpb3JpdHk6
OTk7DQoJbXNvLW1hcmdpbi10b3AtYWx0OmF1dG87DQoJbWFyZ2luLXJpZ2h0OjBjbTsNCgltc28t
bWFyZ2luLWJvdHRvbS1hbHQ6YXV0bzsNCgltYXJnaW4tbGVmdDowY207DQoJZm9udC1zaXplOjEy
LjBwdDsNCglmb250LWZhbWlseToiVGltZXMgTmV3IFJvbWFuIiwic2VyaWYiO30NCnNwYW4uRW1h
aWxTdHlsZTE4DQoJe21zby1zdHlsZS10eXBlOnBlcnNvbmFsLXJlcGx5Ow0KCWZvbnQtZmFtaWx5
OiJDYWxpYnJpIiwic2Fucy1zZXJpZiI7DQoJY29sb3I6IzFGNDk3RDt9DQouTXNvQ2hwRGVmYXVs
dA0KCXttc28tc3R5bGUtdHlwZTpleHBvcnQtb25seTsNCglmb250LWZhbWlseToiQ2FsaWJyaSIs
InNhbnMtc2VyaWYiOw0KCW1zby1mYXJlYXN0LWxhbmd1YWdlOkVOLVVTO30NCkBwYWdlIFdvcmRT
ZWN0aW9uMQ0KCXtzaXplOjYxMi4wcHQgNzkyLjBwdDsNCgltYXJnaW46NzIuMHB0IDcyLjBwdCA3
Mi4wcHQgNzIuMHB0O30NCmRpdi5Xb3JkU2VjdGlvbjENCgl7cGFnZTpXb3JkU2VjdGlvbjE7fQ0K
LS0+PC9zdHlsZT48IS0tW2lmIGd0ZSBtc28gOV0+PHhtbD4NCjxvOnNoYXBlZGVmYXVsdHMgdjpl
eHQ9ImVkaXQiIHNwaWRtYXg9IjEwMjYiIC8+DQo8L3htbD48IVtlbmRpZl0tLT48IS0tW2lmIGd0
ZSBtc28gOV0+PHhtbD4NCjxvOnNoYXBlbGF5b3V0IHY6ZXh0PSJlZGl0Ij4NCjxvOmlkbWFwIHY6
ZXh0PSJlZGl0IiBkYXRhPSIxIiAvPg0KPC9vOnNoYXBlbGF5b3V0PjwveG1sPjwhW2VuZGlmXS0t
Pg0KPC9oZWFkPg0KPGJvZHkgbGFuZz0iRU4tR0IiIGxpbms9ImJsdWUiIHZsaW5rPSJwdXJwbGUi
Pg0KPGRpdiBjbGFzcz0iV29yZFNlY3Rpb24xIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFu
IHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDss
JnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojMUY0OTdEIj5IaSBTdWhhcywNCjxvOnA+PC9v
OnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNp
emU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJp
ZiZxdW90Oztjb2xvcjojMUY0OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBj
bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWls
eTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6IzFGNDk3
RCI+WW91IGFyZSBhbHJlYWR5IGludG8gc29sdXRpb24gdGVycml0b3J5LiBJIHRoaW5rIHdlIHNo
b3VsZCBkaXNjdXNzIHN1Y2ggY29uY2VwdHMgbGF0ZXIsIGFmdGVyIHRoZSBjaGFydGVyaW5nIHNw
YWNlLg0KPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4g
c3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90Oywm
cXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPjxvOnA+Jm5ic3A7PC9vOnA+PC9z
cGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEu
MHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90
Oztjb2xvcjojMUY0OTdEIj5DdXJyZW50bHkgdGhlIHNlbnRlbmNlIG9ubHkgc2F5cyB0aGF0IHdl
IHdhbnQgdG8gc3VwcG9ydCBkaWZmZXJlbnQgZGVwbG95bWVudCBzY2VuYXJpb3MuDQo8bzpwPjwv
bzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1z
aXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2Vy
aWYmcXVvdDs7Y29sb3I6IzFGNDk3RCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAg
Y2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1p
bHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9yOiMxRjQ5
N0QiPkRvIHlvdSBkaXNhZ3JlZSB0aGF0IGl0IHNob3VsZCBzdXBwb3J0IGRpZmZlcmVudCBkZXBs
b3ltZW50IHNjZW5hcmlvcz8NCjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29O
b3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0Nh
bGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojMUY0OTdEIj48bzpwPiZu
YnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0i
Zm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3Nh
bnMtc2VyaWYmcXVvdDs7Y29sb3I6IzFGNDk3RCI+Tm90ZSB0aGF0IGl0IGRvZXMgbm90IHNheSDi
gJxtdWx0aXBsZSBzaWduYXR1cmVz4oCdIGFueXdoZXJlLjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4N
CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQt
ZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjoj
MUY0OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFs
Ij48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJp
JnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6IzFGNDk3RCI+Q2lhbzxvOnA+PC9v
OnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNp
emU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJp
ZiZxdW90Oztjb2xvcjojMUY0OTdEIj5IYW5uZXM8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBj
bGFzcz0iTXNvTm9ybWFsIj48YSBuYW1lPSJfTWFpbEVuZENvbXBvc2UiPjxzcGFuIHN0eWxlPSJm
b250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fu
cy1zZXJpZiZxdW90Oztjb2xvcjojMUY0OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L2E+
PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGI+PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJm
b250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O1RhaG9tYSZxdW90OywmcXVvdDtzYW5z
LXNlcmlmJnF1b3Q7Ij5Gcm9tOjwvc3Bhbj48L2I+PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJm
b250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O1RhaG9tYSZxdW90OywmcXVvdDtzYW5z
LXNlcmlmJnF1b3Q7Ij4gU3VpdCBbbWFpbHRvOnN1aXQtYm91bmNlc0BpZXRmLm9yZ10NCjxiPk9u
IEJlaGFsZiBPZiA8L2I+U3VoYXMgTmFuZGFrdW1hcjxicj4NCjxiPlNlbnQ6PC9iPiAyMyBOb3Zl
bWJlciAyMDE3IDAwOjQ0PGJyPg0KPGI+VG86PC9iPiBzdWl0QGlldGYub3JnPGJyPg0KPGI+U3Vi
amVjdDo8L2I+IFtTdWl0XSBTVUlUIENoYXJ0ZXI6IE11bHRpc291cmNlIHNpZ25lZCBtYW5pZmVz
dCBhbmQgcGVybWlzc2lvbiBtb2RlbDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJN
c29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPGRpdj4NCjxwIHN0eWxlPSJtc28tbWFy
Z2luLXRvcC1hbHQ6MGNtO21hcmdpbi1yaWdodDowY207bWFyZ2luLWJvdHRvbTo4LjBwdDttYXJn
aW4tbGVmdDowY20iPg0KPHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS41cHQ7Zm9udC1mYW1pbHk6
JnF1b3Q7QXJpYWwmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+SGkgQWxsLDwvc3Bhbj48
bzpwPjwvbzpwPjwvcD4NCjxwIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6MGNtO21hcmdpbi1y
aWdodDowY207bWFyZ2luLWJvdHRvbTo4LjBwdDttYXJnaW4tbGVmdDowY20iPg0KPHNwYW4gc3R5
bGU9ImZvbnQtc2l6ZToxMS41cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7QXJpYWwmcXVvdDssJnF1b3Q7
c2Fucy1zZXJpZiZxdW90OyI+VGhlIGN1cnJlbnQgY2hhcnRlciBzYXlzIHRoZSBmb2xsb3dpbmcg
YWJvdXQgYWxsb3dpbmcgbWFuaWZlc3QgYW5kIGZpcm13YXJlIHNpZ25lZCBieSBkaWZmZXJlbnQg
c291cmNlcyBhbmQgaGF2aW5nIGFuIGV4cHJlc3NpdmUgcGVybWlzc2lvbnMgbW9kZWwuPC9zcGFu
PjxvOnA+PC9vOnA+PC9wPg0KPHAgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDowY207bWFyZ2lu
LXJpZ2h0OjBjbTttYXJnaW4tYm90dG9tOjguMHB0O21hcmdpbi1sZWZ0OjBjbSI+DQo8c3BhbiBz
dHlsZT0iZm9udC1zaXplOjExLjVwdDtmb250LWZhbWlseTomcXVvdDtBcmlhbCZxdW90OywmcXVv
dDtzYW5zLXNlcmlmJnF1b3Q7Ij4mcXVvdDsmcXVvdDsmcXVvdDs8L3NwYW4+PG86cD48L286cD48
L3A+DQo8cCBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OjBjbTttYXJnaW4tcmlnaHQ6MGNtO21h
cmdpbi1ib3R0b206OC4wcHQ7bWFyZ2luLWxlZnQ6MGNtIj4NCjxzcGFuIHN0eWxlPSJmb250LXNp
emU6MTEuNXB0O2ZvbnQtZmFtaWx5OiZxdW90O0FyaWFsJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYm
cXVvdDsiPlRvIHN1cHBvcnQgYSB3aWRlIHJhbmdlIG9mIGRlcGxveW1lbnQgc2NlbmFyaW9zLCB0
aGUgZm9ybWF0cyBhcmUgZXhwZWN0ZWQgdG8gYmUgZXhwcmVzc2l2ZSBlbm91Z2ggdG8gYWxsb3cg
dGhlIHVzZSBvZiBkaWZmZXJlbnQgc29mdHdhcmUgc291cmNlcyBhbmQgcGVybWlzc2lvbiBtb2Rl
bHMuDQo8L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0
OjBjbTttYXJnaW4tcmlnaHQ6MGNtO21hcmdpbi1ib3R0b206OC4wcHQ7bWFyZ2luLWxlZnQ6MGNt
Ij4NCjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuNXB0O2ZvbnQtZmFtaWx5OiZxdW90O0FyaWFs
JnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPiZxdW90OyZxdW90OyZxdW90Ozwvc3Bhbj48
bzpwPjwvbzpwPjwvcD4NCjxwIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6MGNtO21hcmdpbi1y
aWdodDowY207bWFyZ2luLWJvdHRvbTo4LjBwdDttYXJnaW4tbGVmdDowY20iPg0KJm5ic3A7PG86
cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXpl
OjExLjVwdDtmb250LWZhbWlseTomcXVvdDtBcmlhbCZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1
b3Q7Ij5JIHRoaW5rIHRoZSB3aG9sZSBpZGVhIG9mIG11bHRpcGxlIHBlb3BsZSBzaWduaW5nIGlz
IHZlcnkgdW5jbGVhciBvbiB0aGUgcmVxdWlyZW1lbnRzIGFuZCBpdHMgYXBwbGljYWJpbGl0eSBv
ciBpdHMgd2lkZXNwcmVhZCB1c2UuIE1vc3QgY29tbW9uIGRlcGxveW1lbnRzIHRvZGF5IGZvbGxv
dyB0aGUNCiBtb2RlbCBvZiBzaW5nbGUgdmVuZG9yIHNpZ25pbmcgdGhlIGZpcm13YXJlLiBBIGNl
cnRpZmljYXRpb24gbGFiIG1pZ2h0IGNlcnRpZnkgdGhhdCBhIGdpdmVuIHZlcnNpb24gbWVldHMg
c29tZSByZXF1aXJlbWVudHMgYW5kIGFuZCBhbiBvcGVyYXRvciBtaWdodCB1c2UgdGhhdCBpbmZv
cm1hdGlvbiB0byBkZWNpZGUgd2hhdCB2ZXJzaW9uIHRoZXkgZGVwbG95IGJ1dCBuZWl0aGVyIHRo
ZSBjZXJ0aWZpY2F0aW9uIGxhYiBvciB0aGUgb3BlcmF0b3INCiBzaWduIGFueXRoaW5nLiA8L3Nw
YW4+PG86cD48L286cD48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJz
cDs8L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBz
dHlsZT0iZm9udC1zaXplOjExLjVwdDtmb250LWZhbWlseTomcXVvdDtBcmlhbCZxdW90OywmcXVv
dDtzYW5zLXNlcmlmJnF1b3Q7Ij5JIHByb3Bvc2UgdGhhdCB0aGUgV0cgc2hvdWxkIHJlY29uc2lk
ZXIgdGhpcyByZXF1aXJlbWVudCBmb3Igc2NvcGluZyBwdXJwb3NlcyBhbmQgc2hvdWxkIGNvbnNp
ZGVyIG11bHRpLXZlbmRvciBzaWduaW5nL3Blcm1pc3Npb25zIG1vZGVsICZuYnNwO2FzIGEgZnV0
dXJlIGV4dGVuc2lvbiBpbnN0ZWFkLiBUaGlzDQogc2hvdWxkIGJlIHJlbW92ZWQgdW5sZXNzIHdl
IGNhbiBzcGVjaWZ5IHdoYXQgdGhlIG5lZWQgaXMgYW5kIGJlIGNsZWFyIG9uIHRoZSB0cnVzdCBt
b2RlbHMgc3VwcG9ydGVkLg0KPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPGRpdj4NCjxwIGNsYXNz
PSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xh
c3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPGRp
dj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuNXB0O2Zv
bnQtZmFtaWx5OiZxdW90O0FyaWFsJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPkNoZWVy
czwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3Jt
YWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuNXB0O2ZvbnQtZmFtaWx5OiZxdW90O0FyaWFs
JnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPlN1aGFzIE5hbmRha3VtYXI8L3NwYW4+PG86
cD48L286cD48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQpJTVBPUlRBTlQgTk9USUNFOiBU
aGUgY29udGVudHMgb2YgdGhpcyBlbWFpbCBhbmQgYW55IGF0dGFjaG1lbnRzIGFyZSBjb25maWRl
bnRpYWwgYW5kIG1heSBhbHNvIGJlIHByaXZpbGVnZWQuIElmIHlvdSBhcmUgbm90IHRoZSBpbnRl
bmRlZCByZWNpcGllbnQsIHBsZWFzZSBub3RpZnkgdGhlIHNlbmRlciBpbW1lZGlhdGVseSBhbmQg
ZG8gbm90IGRpc2Nsb3NlIHRoZSBjb250ZW50cyB0byBhbnkgb3RoZXIgcGVyc29uLCB1c2UgaXQg
Zm9yIGFueSBwdXJwb3NlLA0KIG9yIHN0b3JlIG9yIGNvcHkgdGhlIGluZm9ybWF0aW9uIGluIGFu
eSBtZWRpdW0uIFRoYW5rIHlvdS4NCjwvYm9keT4NCjwvaHRtbD4NCg==

--_000_AM4PR0801MB27062E89DF0AFF79EA676082FA210AM4PR0801MB2706_--


From nobody Wed Nov 22 23:38:01 2017
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 15E87129A84 for <suit@ietfa.amsl.com>; Wed, 22 Nov 2017 23:38:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.91
X-Spam-Level: 
X-Spam-Status: No, score=-2.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=-1, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3k--61BGA0_R for <suit@ietfa.amsl.com>; Wed, 22 Nov 2017 23:37:57 -0800 (PST)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-db5eur01on0060.outbound.protection.outlook.com [104.47.2.60]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DC32B126C23 for <suit@ietf.org>; Wed, 22 Nov 2017 23:37:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Ld7eWNvEDE706euY1tDpLHnlGpsvhCEgfszvw9d8y4g=; b=FNq1fA9aN3+kabLc4RqtlSgmvuAzQyd+f+vVpL12lT3eehbv4aQ2Hu3rw05aZo2PkTViY9HoKM3pzkPrC5D1D5KkTyusd/tv/clCrItVdBzFCMpw7XJWpyzvGiV9huVuFP77gPdF7DExIW84pTuC9EsOup0hoAi9phyZZNjkmCY=
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com (10.167.90.148) by AM4PR0801MB2707.eurprd08.prod.outlook.com (10.167.90.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.239.5; Thu, 23 Nov 2017 07:37:53 +0000
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::edae:da33:a0c9:fe3f]) by AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::edae:da33:a0c9:fe3f%13]) with mapi id 15.20.0239.009; Thu, 23 Nov 2017 07:37:53 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Suhas Nandakumar <suhasietf@gmail.com>, "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] Suit Charter: WG Relationships to Others
Thread-Index: AQHTY+vy+zyt+E5G4kyppHN7cBs+l6MhkxYA
Date: Thu, 23 Nov 2017 07:37:53 +0000
Message-ID: <AM4PR0801MB2706993E6B8A356EEB8412AFFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
References: <CAMRcRGQ=xrV8ybtVrfVc-=_A4-w2p+-UPZU7-3KoxMPAr+bDrg@mail.gmail.com>
In-Reply-To: <CAMRcRGQ=xrV8ybtVrfVc-=_A4-w2p+-UPZU7-3KoxMPAr+bDrg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [80.92.114.7]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM4PR0801MB2707; 6:ja/hvBCnmLivj2LoimQxzNVYJTpgUgBMBC9DcRWh6YY1KqcEqiGtYHgk4dpGZfhK5hk779MVh/zxyB7d8YLUncJcxiiVdiF6LfLTYYnY/p+ZqJ5h0KIp8u3a5swmBm/WNWflfLOND63X2FwMWp4yybHsXtjvoBnCzTfsyEcwabyzbHlknQJi/fsJxxzPO6AZT4/q4nUA0d1UQSCvzJRxszbVs/5YF2PdADWQHPtMFZfZIDBtybSgi9fS8/ekpVG7RCAnH2vvkyEEAJZW0EHa/TMbh3/fef1VcGBuJ8arDxGwzJE8iOlt7l1xwMCnHj7dIScVnj0b9/XnoqLUX5HuntR5c72iDifCX4wtxOLjAaI=; 5:t+SQh4uAPvlcIfff4b2+AmY0j5aN/GbQGRnW5MfHZZ3E9d9YhYZijcKa2zzLDAsfzMZ/cGaDBISgi2rEIKJoVH1qJlN4jjtWHeLBXdd87EN7buBnWsOu+wzyYgqNzTnUgz28dgXy2W2Ljqohl8+AGYFNZYOXpe9UruTN/CJEwgE=; 24:nvMv9FyXnrCgnwusKR6h4VzvY8xpvPKeVDEycqF0WCbtbE0owfkXs90VFpSEv0nJWsLjR/s08C+YTd2onx9frDfIPCzXxyWyAd9/ZL02S6M=; 7:DLtrZzO5FOK+PeV5EJ5dLZU/wUPp2lIcQEt0vVj64cRgPAjj10YHbwfwMI0WG2rOxO2wpV09fZ1FIQfb4JGDkWwOmEKX6vZy9gcdd3GznDcgFmL8Rk7Q+WcaCwCWcVypvAlqmMJm/p6s4eYxAU/mazmSa70NoRFdDF6DbFAtq7CV04CBf6TIn9V0/0c/kHvqveZ8KR8LWz4QF+ZXAI3e0n75sEDSVyD9ZZFx+oh/F2AaIN7l43x94LfJw35sCNpc
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 7e842ba6-8353-4408-8492-08d532451b28
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(5600022)(4604075)(48565401081)(2017052603258); SRVR:AM4PR0801MB2707; 
x-ms-traffictypediagnostic: AM4PR0801MB2707:
x-microsoft-antispam-prvs: <AM4PR0801MB2707CA4317E78645F5953071FA210@AM4PR0801MB2707.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(227612066756510)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(93006095)(93001095)(3002001)(3231022)(100000703101)(100105400095)(10201501046)(6055026)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(20161123558100)(20161123564025)(20161123562025)(20161123555025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:AM4PR0801MB2707; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:AM4PR0801MB2707; 
x-forefront-prvs: 05009853EF
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(346002)(376002)(39860400002)(366004)(53754006)(199003)(40434004)(189002)(6506006)(8676002)(39060400002)(5250100002)(50986999)(54356999)(76176999)(72206003)(99286004)(101416001)(3846002)(478600001)(790700001)(102836003)(106356001)(6116002)(2900100001)(105586002)(7736002)(189998001)(74316002)(6436002)(25786009)(33656002)(5660300001)(7696004)(81156014)(55016002)(81166006)(2501003)(2950100002)(53546010)(110136005)(53936002)(86362001)(5890100001)(9326002)(229853002)(316002)(3660700001)(6246003)(2906002)(8936002)(68736007)(66066001)(6306002)(54896002)(97736004)(3280700002)(9686003)(14454004); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR0801MB2707; H:AM4PR0801MB2706.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com; 
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_AM4PR0801MB2706993E6B8A356EEB8412AFFA210AM4PR0801MB2706_"
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 7e842ba6-8353-4408-8492-08d532451b28
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Nov 2017 07:37:53.1940 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0801MB2707
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/6k-8zjqDbBPSGbXjr-j5n3Lkbzw>
Subject: Re: [Suit] Suit Charter: WG Relationships to Others
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Nov 2017 07:38:00 -0000

--_000_AM4PR0801MB2706993E6B8A356EEB8412AFFA210AM4PR0801MB2706_
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64

SGkgU3VoYXMsDQoNCldoZXRoZXIgaXQgaXMgbW9yZSBpbXBvcnRhbnQgdG8gdGFsayB0byB0aG9z
ZSBwZW9wbGUgdGhhdCBkZXBsb3kgdGhlIHNvbHV0aW9uIHZzLiB0aG9zZSB3aG8gbmVlZCB0byBp
bXBsZW1lbnQgdGhlbSBpcyBwcm9iYWJseSBpbiB0aGUgZXllIG9mIHRoZSBiZWhvbGRlci4NCg0K
SWYgeW91IHRoaW5rIGl0IGhlbHBzIHdlIGNvdWxkIHJlcGhyYXNlIHRoZSBzZW50ZW5jZSBpbiB0
aGUgZm9sbG93aW5nIHdheToNCg0KDQrigJwNCg0KVGhpcyBncm91cCB3aWxsIGFpbSB0byBtYWlu
dGFpbiBhIGNsb3NlIHJlbGF0aW9uc2hpcCB3aXRoIHNpbGljb24gdmVuZG9ycyBhbmQgT0VNcyB0
aGF0IGRldmVsb3AgSW9UIG9wZXJhdGluZyBzeXN0ZW1zLiBBZGRpdGlvbmFsbHksIHRoZSBncm91
cCB3aWxsIHJlYWNoIG91dCB0byBjb21wYW5pZXMgd2hvIGJ1aWxkIGFuZCBkZXBsb3kgSW9UIGRl
dmljZXMuDQrigJwNCg0KT2YgY291cnNlLCBpdCB3b3VsZCBiZSBncmVhdCBpZiB5b3UgY291bGQg
YnJpbmcgcGVvcGxlIHdobyBidWlsZCBhbmQgZGVwbG95IElvVCBkZXZpY2VzIHRvIHRoZSBJRVRG
Lg0KDQpDaWFvDQpIYW5uZXMNCg0KRnJvbTogU3VpdCBbbWFpbHRvOnN1aXQtYm91bmNlc0BpZXRm
Lm9yZ10gT24gQmVoYWxmIE9mIFN1aGFzIE5hbmRha3VtYXINClNlbnQ6IDIzIE5vdmVtYmVyIDIw
MTcgMDA6NDUNClRvOiBzdWl0QGlldGYub3JnDQpTdWJqZWN0OiBbU3VpdF0gU3VpdCBDaGFydGVy
OiBXRyBSZWxhdGlvbnNoaXBzIHRvIE90aGVycw0KDQoNCkhlbGxvIEFsbA0KDQoNCg0KQ3VycmVu
dCBjaGFydGVyIHRleHQgc2F5cyB0aGUgZm9sbG93aW5nIG9uIHRoZSBtYXR0ZXIgaW4gdGhlIHN1
YmplY3QNCg0KIiIiDQoNClRoaXMgZ3JvdXAgd2lsbCBhaW0gdG8gbWFpbnRhaW4gYSBjbG9zZSBy
ZWxhdGlvbnNoaXAgd2l0aCBzaWxpY29uIHZlbmRvcnMgYW5kIE9FTXMgdGhhdCBkZXZlbG9wIElv
VCBvcGVyYXRpbmcgc3lzdGVtcy4NCg0KIiIiDQoNCg0KDQpJIHN1Z2dlc3QgdGhhdCBpdCBpcyBt
b3JlIGltcG9ydGFudCBmb3IgdGhpcyBncm91cOKAmXMgc3VjY2VzcyBpcyBhbHNvIHRvIG1haW50
YWluIHJlbGF0aW9uc2hpcHMgd2l0aCB0aGUgcGVvcGxlIHRoYXQgYWN0dWFsbHkgYnVpbGQgYW5k
IGRlcGxveSBJT1QgZGV2aWNlcyBhbmQgdGhlc2Ugc2hvdWxkIGFsc28gYmUgYWRkZWQgaGVyZS4N
Cg0KDQoNCkNoZWVycw0KDQpTdWhhcyBOYW5kYWt1bWFyDQoNCklNUE9SVEFOVCBOT1RJQ0U6IFRo
ZSBjb250ZW50cyBvZiB0aGlzIGVtYWlsIGFuZCBhbnkgYXR0YWNobWVudHMgYXJlIGNvbmZpZGVu
dGlhbCBhbmQgbWF5IGFsc28gYmUgcHJpdmlsZWdlZC4gSWYgeW91IGFyZSBub3QgdGhlIGludGVu
ZGVkIHJlY2lwaWVudCwgcGxlYXNlIG5vdGlmeSB0aGUgc2VuZGVyIGltbWVkaWF0ZWx5IGFuZCBk
byBub3QgZGlzY2xvc2UgdGhlIGNvbnRlbnRzIHRvIGFueSBvdGhlciBwZXJzb24sIHVzZSBpdCBm
b3IgYW55IHB1cnBvc2UsIG9yIHN0b3JlIG9yIGNvcHkgdGhlIGluZm9ybWF0aW9uIGluIGFueSBt
ZWRpdW0uIFRoYW5rIHlvdS4NCg==

--_000_AM4PR0801MB2706993E6B8A356EEB8412AFFA210AM4PR0801MB2706_
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: base64

PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy
bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt
YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj
cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv
VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg
Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv
ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTQgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl
PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6
Q2FsaWJyaTsNCglwYW5vc2UtMToyIDE1IDUgMiAyIDIgNCAzIDIgNDt9DQpAZm9udC1mYWNlDQoJ
e2ZvbnQtZmFtaWx5OlRhaG9tYTsNCglwYW5vc2UtMToyIDExIDYgNCAzIDUgNCA0IDIgNDt9DQov
KiBTdHlsZSBEZWZpbml0aW9ucyAqLw0KcC5Nc29Ob3JtYWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1z
b05vcm1hbA0KCXttYXJnaW46MGNtOw0KCW1hcmdpbi1ib3R0b206LjAwMDFwdDsNCglmb250LXNp
emU6MTIuMHB0Ow0KCWZvbnQtZmFtaWx5OiJUaW1lcyBOZXcgUm9tYW4iLCJzZXJpZiI7fQ0KYTps
aW5rLCBzcGFuLk1zb0h5cGVybGluaw0KCXttc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6
Ymx1ZTsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lO30NCmE6dmlzaXRlZCwgc3Bhbi5Nc29I
eXBlcmxpbmtGb2xsb3dlZA0KCXttc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6cHVycGxl
Ow0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KcA0KCXttc28tc3R5bGUtcHJpb3JpdHk6
OTk7DQoJbXNvLW1hcmdpbi10b3AtYWx0OmF1dG87DQoJbWFyZ2luLXJpZ2h0OjBjbTsNCgltc28t
bWFyZ2luLWJvdHRvbS1hbHQ6YXV0bzsNCgltYXJnaW4tbGVmdDowY207DQoJZm9udC1zaXplOjEy
LjBwdDsNCglmb250LWZhbWlseToiVGltZXMgTmV3IFJvbWFuIiwic2VyaWYiO30NCnNwYW4uRW1h
aWxTdHlsZTE4DQoJe21zby1zdHlsZS10eXBlOnBlcnNvbmFsLXJlcGx5Ow0KCWZvbnQtZmFtaWx5
OiJDYWxpYnJpIiwic2Fucy1zZXJpZiI7DQoJY29sb3I6IzFGNDk3RDt9DQouTXNvQ2hwRGVmYXVs
dA0KCXttc28tc3R5bGUtdHlwZTpleHBvcnQtb25seTsNCglmb250LWZhbWlseToiQ2FsaWJyaSIs
InNhbnMtc2VyaWYiOw0KCW1zby1mYXJlYXN0LWxhbmd1YWdlOkVOLVVTO30NCkBwYWdlIFdvcmRT
ZWN0aW9uMQ0KCXtzaXplOjYxMi4wcHQgNzkyLjBwdDsNCgltYXJnaW46NzIuMHB0IDcyLjBwdCA3
Mi4wcHQgNzIuMHB0O30NCmRpdi5Xb3JkU2VjdGlvbjENCgl7cGFnZTpXb3JkU2VjdGlvbjE7fQ0K
LS0+PC9zdHlsZT48IS0tW2lmIGd0ZSBtc28gOV0+PHhtbD4NCjxvOnNoYXBlZGVmYXVsdHMgdjpl
eHQ9ImVkaXQiIHNwaWRtYXg9IjEwMjYiIC8+DQo8L3htbD48IVtlbmRpZl0tLT48IS0tW2lmIGd0
ZSBtc28gOV0+PHhtbD4NCjxvOnNoYXBlbGF5b3V0IHY6ZXh0PSJlZGl0Ij4NCjxvOmlkbWFwIHY6
ZXh0PSJlZGl0IiBkYXRhPSIxIiAvPg0KPC9vOnNoYXBlbGF5b3V0PjwveG1sPjwhW2VuZGlmXS0t
Pg0KPC9oZWFkPg0KPGJvZHkgbGFuZz0iRU4tR0IiIGxpbms9ImJsdWUiIHZsaW5rPSJwdXJwbGUi
Pg0KPGRpdiBjbGFzcz0iV29yZFNlY3Rpb24xIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFu
IHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDss
JnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojMUY0OTdEIj5IaSBTdWhhcywNCjxvOnA+PC9v
OnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNp
emU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJp
ZiZxdW90Oztjb2xvcjojMUY0OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBj
bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWls
eTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6IzFGNDk3
RCI+V2hldGhlciBpdCBpcyBtb3JlIGltcG9ydGFudCB0byB0YWxrIHRvIHRob3NlIHBlb3BsZSB0
aGF0IGRlcGxveSB0aGUgc29sdXRpb24gdnMuIHRob3NlIHdobyBuZWVkIHRvIGltcGxlbWVudCB0
aGVtIGlzIHByb2JhYmx5IGluIHRoZSBleWUgb2YgdGhlIGJlaG9sZGVyLg0KPG86cD48L286cD48
L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGEgbmFtZT0iX01haWxFbmRDb21wb3Nl
Ij48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJp
JnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6IzFGNDk3RCI+PG86cD4mbmJzcDs8
L286cD48L3NwYW4+PC9hPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJm
b250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fu
cy1zZXJpZiZxdW90Oztjb2xvcjojMUY0OTdEIj5JZiB5b3UgdGhpbmsgaXQgaGVscHMgd2UgY291
bGQgcmVwaHJhc2UgdGhlIHNlbnRlbmNlIGluIHRoZSBmb2xsb3dpbmcgd2F5Og0KPG86cD48L286
cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6
ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlm
JnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIHN0
eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6MGNtO21hcmdpbi1yaWdodDowY207bWFyZ2luLWJvdHRv
bTo4LjBwdDttYXJnaW4tbGVmdDowY20iPg0KPHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7
Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2Nv
bG9yOiMxRjQ5N0QiPuKAnDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIHN0eWxlPSJtc28tbWFy
Z2luLXRvcC1hbHQ6MGNtO21hcmdpbi1yaWdodDowY207bWFyZ2luLWJvdHRvbTo4LjBwdDttYXJn
aW4tbGVmdDowY20iPg0KPHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6
JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9yOiMxRjQ5N0Qi
PlRoaXMgZ3JvdXAgd2lsbCBhaW0gdG8gbWFpbnRhaW4gYSBjbG9zZSByZWxhdGlvbnNoaXAgd2l0
aCBzaWxpY29uIHZlbmRvcnMgYW5kIE9FTXMgdGhhdCBkZXZlbG9wIElvVCBvcGVyYXRpbmcgc3lz
dGVtcy4gQWRkaXRpb25hbGx5LCB0aGUgZ3JvdXAgd2lsbCByZWFjaCBvdXQgdG8gY29tcGFuaWVz
IHdobyBidWlsZA0KIGFuZCBkZXBsb3kgSW9UIGRldmljZXMuIDxvOnA+PC9vOnA+PC9zcGFuPjwv
cD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2Zv
bnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xv
cjojMUY0OTdEIj7igJw8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFs
Ij48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJp
JnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6IzFGNDk3RCI+PG86cD4mbmJzcDs8
L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQt
c2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNl
cmlmJnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPk9mIGNvdXJzZSwgaXQgd291bGQgYmUgZ3JlYXQgaWYN
CjxiPnlvdTwvYj4gY291bGQgYnJpbmcgcGVvcGxlIHdobyBidWlsZCBhbmQgZGVwbG95IElvVCBk
ZXZpY2VzIHRvIHRoZSBJRVRGLiA8bzpwPg0KPC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJN
c29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90
O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojMUY0OTdEIj48bzpw
PiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHls
ZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90
O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6IzFGNDk3RCI+Q2lhbzxvOnA+PC9vOnA+PC9zcGFuPjwv
cD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2Zv
bnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xv
cjojMUY0OTdEIj5IYW5uZXM8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9y
bWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxp
YnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6IzFGNDk3RCI+PG86cD4mbmJz
cDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGI+PHNwYW4gbGFuZz0i
RU4tVVMiIHN0eWxlPSJmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O1RhaG9tYSZx
dW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij5Gcm9tOjwvc3Bhbj48L2I+PHNwYW4gbGFuZz0i
RU4tVVMiIHN0eWxlPSJmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O1RhaG9tYSZx
dW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij4gU3VpdCBbbWFpbHRvOnN1aXQtYm91bmNlc0Bp
ZXRmLm9yZ10NCjxiPk9uIEJlaGFsZiBPZiA8L2I+U3VoYXMgTmFuZGFrdW1hcjxicj4NCjxiPlNl
bnQ6PC9iPiAyMyBOb3ZlbWJlciAyMDE3IDAwOjQ1PGJyPg0KPGI+VG86PC9iPiBzdWl0QGlldGYu
b3JnPGJyPg0KPGI+U3ViamVjdDo8L2I+IFtTdWl0XSBTdWl0IENoYXJ0ZXI6IFdHIFJlbGF0aW9u
c2hpcHMgdG8gT3RoZXJzPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1h
bCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8ZGl2Pg0KPHAgc3R5bGU9Im1zby1tYXJnaW4tdG9w
LWFsdDowY207bWFyZ2luLXJpZ2h0OjBjbTttYXJnaW4tYm90dG9tOjguMHB0O21hcmdpbi1sZWZ0
OjBjbSI+DQo8c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtB
cmlhbCZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9yOmJsYWNrIj5IZWxsbyBBbGw8
L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OjBjbTtt
YXJnaW4tcmlnaHQ6MGNtO21hcmdpbi1ib3R0b206OC4wcHQ7bWFyZ2luLWxlZnQ6MGNtIj4NCjxv
OnA+Jm5ic3A7PC9vOnA+PC9wPg0KPHAgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDowY207bWFy
Z2luLXJpZ2h0OjBjbTttYXJnaW4tYm90dG9tOjguMHB0O21hcmdpbi1sZWZ0OjBjbSI+DQo8c3Bh
biBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtBcmlhbCZxdW90Oywm
cXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9yOmJsYWNrIj5DdXJyZW50IGNoYXJ0ZXIgdGV4dCBz
YXlzIHRoZSBmb2xsb3dpbmcgb24gdGhlIG1hdHRlciBpbiB0aGUgc3ViamVjdDwvc3Bhbj48bzpw
PjwvbzpwPjwvcD4NCjxwIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6MGNtO21hcmdpbi1yaWdo
dDowY207bWFyZ2luLWJvdHRvbTo4LjBwdDttYXJnaW4tbGVmdDowY20iPg0KPHNwYW4gc3R5bGU9
ImZvbnQtZmFtaWx5OiZxdW90O0FyaWFsJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29s
b3I6IzI0MjkyRSI+JnF1b3Q7JnF1b3Q7JnF1b3Q7PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAg
c3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDowY207bWFyZ2luLXJpZ2h0OjBjbTttYXJnaW4tYm90
dG9tOjguMHB0O21hcmdpbi1sZWZ0OjBjbSI+DQo8c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6JnF1
b3Q7QXJpYWwmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojMjQyOTJFIj5UaGlz
IGdyb3VwIHdpbGwgYWltIHRvIG1haW50YWluIGEgY2xvc2UgcmVsYXRpb25zaGlwIHdpdGggc2ls
aWNvbiB2ZW5kb3JzIGFuZCBPRU1zIHRoYXQgZGV2ZWxvcCBJb1Qgb3BlcmF0aW5nIHN5c3RlbXMu
PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDowY207
bWFyZ2luLXJpZ2h0OjBjbTttYXJnaW4tYm90dG9tOjguMHB0O21hcmdpbi1sZWZ0OjBjbSI+DQo8
c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6JnF1b3Q7QXJpYWwmcXVvdDssJnF1b3Q7c2Fucy1zZXJp
ZiZxdW90Oztjb2xvcjojMjQyOTJFIj4mcXVvdDsmcXVvdDsmcXVvdDs8L3NwYW4+PG86cD48L286
cD48L3A+DQo8cCBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OjBjbTttYXJnaW4tcmlnaHQ6MGNt
O21hcmdpbi1ib3R0b206OC4wcHQ7bWFyZ2luLWxlZnQ6MGNtIj4NCjxvOnA+Jm5ic3A7PC9vOnA+
PC9wPg0KPHAgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDowY207bWFyZ2luLXJpZ2h0OjBjbTtt
YXJnaW4tYm90dG9tOjguMHB0O21hcmdpbi1sZWZ0OjBjbSI+DQo8c3BhbiBzdHlsZT0iZm9udC1m
YW1pbHk6JnF1b3Q7QXJpYWwmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojMjQy
OTJFIj5JIHN1Z2dlc3QgdGhhdCBpdCBpcyBtb3JlIGltcG9ydGFudCBmb3IgdGhpcyBncm91cOKA
mXMgc3VjY2VzcyBpcyBhbHNvIHRvIG1haW50YWluIHJlbGF0aW9uc2hpcHMgd2l0aCB0aGUgcGVv
cGxlIHRoYXQgYWN0dWFsbHkgYnVpbGQgYW5kIGRlcGxveSBJT1QgZGV2aWNlcyBhbmQgdGhlc2Ug
c2hvdWxkIGFsc28gYmUgYWRkZWQgaGVyZS48L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBzdHls
ZT0ibXNvLW1hcmdpbi10b3AtYWx0OjBjbTttYXJnaW4tcmlnaHQ6MGNtO21hcmdpbi1ib3R0b206
OC4wcHQ7bWFyZ2luLWxlZnQ6MGNtIj4NCjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPHAgc3R5bGU9
Im1zby1tYXJnaW4tdG9wLWFsdDowY207bWFyZ2luLXJpZ2h0OjBjbTttYXJnaW4tYm90dG9tOjgu
MHB0O21hcmdpbi1sZWZ0OjBjbSI+DQo8c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6JnF1b3Q7QXJp
YWwmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojMjQyOTJFIj5DaGVlcnM8L3Nw
YW4+PG86cD48L286cD48L3A+DQo8cCBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OjBjbTttYXJn
aW4tcmlnaHQ6MGNtO21hcmdpbi1ib3R0b206OC4wcHQ7bWFyZ2luLWxlZnQ6MGNtIj4NCjxzcGFu
IHN0eWxlPSJmb250LWZhbWlseTomcXVvdDtBcmlhbCZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1
b3Q7O2NvbG9yOiMyNDI5MkUiPlN1aGFzIE5hbmRha3VtYXI8L3NwYW4+PG86cD48L286cD48L3A+
DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rp
dj4NCjwvZGl2Pg0KPC9kaXY+DQpJTVBPUlRBTlQgTk9USUNFOiBUaGUgY29udGVudHMgb2YgdGhp
cyBlbWFpbCBhbmQgYW55IGF0dGFjaG1lbnRzIGFyZSBjb25maWRlbnRpYWwgYW5kIG1heSBhbHNv
IGJlIHByaXZpbGVnZWQuIElmIHlvdSBhcmUgbm90IHRoZSBpbnRlbmRlZCByZWNpcGllbnQsIHBs
ZWFzZSBub3RpZnkgdGhlIHNlbmRlciBpbW1lZGlhdGVseSBhbmQgZG8gbm90IGRpc2Nsb3NlIHRo
ZSBjb250ZW50cyB0byBhbnkgb3RoZXIgcGVyc29uLCB1c2UgaXQgZm9yIGFueSBwdXJwb3NlLA0K
IG9yIHN0b3JlIG9yIGNvcHkgdGhlIGluZm9ybWF0aW9uIGluIGFueSBtZWRpdW0uIFRoYW5rIHlv
dS4NCjwvYm9keT4NCjwvaHRtbD4NCg==

--_000_AM4PR0801MB2706993E6B8A356EEB8412AFFA210AM4PR0801MB2706_--


From nobody Wed Nov 22 23:40:46 2017
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 525471279E5 for <suit@ietfa.amsl.com>; Wed, 22 Nov 2017 23:40:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.92
X-Spam-Level: 
X-Spam-Status: No, score=-1.92 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J9Ygpw7Hm1QJ for <suit@ietfa.amsl.com>; Wed, 22 Nov 2017 23:40:42 -0800 (PST)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-db5eur01on0050.outbound.protection.outlook.com [104.47.2.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 66F0012711E for <suit@ietf.org>; Wed, 22 Nov 2017 23:40:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=93pVexFmM2iZW5n9aKGCPnq7NfWiT1VJmflDiQJtrQY=; b=Qck3xu2QIdxb3gBrz8YhTvnzGYTfhrKQYQRGVJsRnJpMixl1UFMe4CJPdfbZ6+KTHdaZivBIz3TeOcH/h+/9OFeUXmIZwQsair3jNNw3afkLqz7H+SdvyWNievxsZmqtJCgpFCb2W2ZMzj1yhHZqChhosy8oyIArVF8h50d1w5U=
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com (10.167.90.148) by AM4PR0801MB2707.eurprd08.prod.outlook.com (10.167.90.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.239.5; Thu, 23 Nov 2017 07:40:37 +0000
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::edae:da33:a0c9:fe3f]) by AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::edae:da33:a0c9:fe3f%13]) with mapi id 15.20.0239.009; Thu, 23 Nov 2017 07:40:37 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Suhas Nandakumar <suhasietf@gmail.com>, "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] SUIT Charter: RFC4108 Reference in the charter
Thread-Index: AQHTY+oDo0W4651Oc0mcrkg8VbRVzaMhlBcQ
Date: Thu, 23 Nov 2017 07:40:36 +0000
Message-ID: <AM4PR0801MB2706FBF71B766D9929CBA0B1FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
References: <CAMRcRGTGnEc6M1ywrW2TVo7Ueoi4TKhEhBvwriiS9vXE6imZbg@mail.gmail.com>
In-Reply-To: <CAMRcRGTGnEc6M1ywrW2TVo7Ueoi4TKhEhBvwriiS9vXE6imZbg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [80.92.114.7]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM4PR0801MB2707; 6:VwIQcDOF4vSPHmUqf8vm8QYW5sEpErJcD2r0LKUSo0uP7kY73DUQaNaFTrMcKd7AsalENsRYt7bOJVZXeK0gn2akyJVP4gb+B0PsLvwbRXzC/RNXZp+JTw5GzwWEsxQE1zlcMuwbq8NPiEklu5cXTcf41ea0dYOsQrzMmdb717GJ2PiDCLNvZxm7u6pULo8KzvR2wE1iR0rHEc4O9VtE46oa4oSn28R8IbPRAFDqvT/QQLop+VDHg6M8e5QXMGXs+1Nzb3llo6Yi3aApINw6RA/Mugh4z8AJssK9QFrU98bqKEP7E4xoPIl7IJ0DidOWhXLoccDjSyzmQ9ICU2sqkv6ohwIjOO6bD5vjlEoX6/4=; 5:X1AneyFaNWSmgYHDJb2DesF7HxwfD5Ba6JibOxj+xE4Iq11zmATA4Dw+LR+ZkgMLb97D1r3hkpungbpy39laSPgu8dvp1Gg2iaX2E25V4f3KQKzrauwZLbepnT5uZ4jggn/Mk80doev2wmMKX5ECmnrqw7169Sh7fpXjDsyoKMk=; 24:1V0PLBu+i8IUJJVDe7sSwE7IYEqtQHZERVMXJpH8dybvx/8dUYmg4ea0KwU1yrzZ5I3DWeej9mI0YhCuHcmjPMIgbQ9wfUpjpAQ6a5cVClE=; 7:anYxP/R7YecmC6g3D06NPeQo7gGrDozOGmtcFQnPyMRCATOJNQ5R2mhaMfMGbNabcttZ2ZUqEh8c7rPNBT82ZuGaU5PTqbh+MX+rqWa4pNcUOAafNWzeSebknuizXGBoaEu/XBcj9neNx0rEshAmKAUJiyI568DFTbhubSGGIMpAuayKPnnzVo32S91PyYGx9uzc1iUuv5ebZbU89VNh+bzq4nPPaaJ7+DpUbSISTwhGqoQs+KHKPn+hG+M8YwN2
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 7ef510c6-bfb2-4978-b3c5-08d532457cc3
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(5600022)(4604075)(48565401081)(2017052603258); SRVR:AM4PR0801MB2707; 
x-ms-traffictypediagnostic: AM4PR0801MB2707:
x-microsoft-antispam-prvs: <AM4PR0801MB27073995F5BA2C0B1567B1A3FA210@AM4PR0801MB2707.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(227612066756510)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(93006095)(93001095)(3002001)(3231022)(100000703101)(100105400095)(10201501046)(6055026)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(20161123558100)(20161123564025)(20161123562025)(20161123555025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:AM4PR0801MB2707; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:AM4PR0801MB2707; 
x-forefront-prvs: 05009853EF
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(346002)(376002)(39860400002)(366004)(53754006)(199003)(40434004)(189002)(6506006)(8676002)(39060400002)(5250100002)(50986999)(54356999)(76176999)(72206003)(99286004)(101416001)(3846002)(478600001)(790700001)(102836003)(106356001)(6116002)(2900100001)(105586002)(7736002)(189998001)(74316002)(6436002)(25786009)(33656002)(5660300001)(7696004)(81156014)(55016002)(81166006)(2501003)(2950100002)(53546010)(110136005)(53936002)(86362001)(5890100001)(9326002)(229853002)(316002)(3660700001)(6246003)(2906002)(8936002)(68736007)(66066001)(6306002)(54896002)(97736004)(3280700002)(9686003)(14454004); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR0801MB2707; H:AM4PR0801MB2706.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com; 
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_AM4PR0801MB2706FBF71B766D9929CBA0B1FA210AM4PR0801MB2706_"
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 7ef510c6-bfb2-4978-b3c5-08d532457cc3
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Nov 2017 07:40:36.9500 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0801MB2707
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/gE-_3vCT0icQq6Ev6h_n1-PxIpc>
Subject: Re: [Suit] SUIT Charter: RFC4108 Reference in the charter
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Nov 2017 07:40:44 -0000

--_000_AM4PR0801MB2706FBF71B766D9929CBA0B1FA210AM4PR0801MB2706_
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64

SGkgU3VoYXMsDQoNCkkgdGhpbmsgaXQgaXMgaGVscGZ1bCBpbiB0d28gd2F5czoNCg0KDQotICAg
ICAgICAgIEZpcnN0IFJGQyA0MTA4IGlsbHVzdHJhdGVzIHRoYXQgdGhlIElFVEYgaGFzIHB1Ymxp
c2hlZCBhIGRvY3VtZW50IGluIHRoaXMgYXJlYSBhbHJlYWR5Lg0KDQoNCi0gICAgICAgICAgU2Vj
b25kLCBpdCBpcyB1c2VmdWwgYmFja2dyb3VuZCBtYXRlcmlhbC4gSSBhbHdheXMgZmluZCBpdCBp
bnRlcmVzdGluZyB0byB0YWtlIHRoZSBzdGF0ZS1vZi10aGUtYXJ0IGludG8gYWNjb3VudC4gVG9v
IG9mdGVuIHdlIGlnbm9yZSBwcmlvciB3b3JrIGFuZCByZXBlYXQgdGhlIHNhbWUgbWlzdGFrZXMg
b3ZlciBhbmQgb3ZlciBhZ2Fpbi4NCg0KSSBhZ3JlZSB0aGF0IFJGQyA0MTA4IGlzIG5vdCBpbiB3
aWRlc3ByZWFkIHVzZSBidXQgaXMgdGhlIHRleHQgZG9lcyBub3QgY2xhaW0gdGhhdC4NCg0KQ2lh
bw0KSGFubmVzDQoNCkZyb206IFN1aXQgW21haWx0bzpzdWl0LWJvdW5jZXNAaWV0Zi5vcmddIE9u
IEJlaGFsZiBPZiBTdWhhcyBOYW5kYWt1bWFyDQpTZW50OiAyMyBOb3ZlbWJlciAyMDE3IDAwOjMx
DQpUbzogc3VpdEBpZXRmLm9yZw0KU3ViamVjdDogW1N1aXRdIFNVSVQgQ2hhcnRlcjogUkZDNDEw
OCBSZWZlcmVuY2UgaW4gdGhlIGNoYXJ0ZXINCg0KDQpIZWxsbyBBbGwNCg0KVGhlIGNoYXJ0ZXIg
Y3VycmVudCBzYXlzIHRoZSBmb2xsb3dpbmcgb24gdGhlIENNUyBvciBSRkMgNDEwOA0KDQoiIiIN
Cg0KUkZDIDQxMDggcHJvdmlkZXMgYSBtYW5pZmVzdCBmb3JtYXQgdGhhdCB1c2VzIHRoZSBDcnlw
dG9ncmFwaGljIE1lc3NhZ2UgU3ludGF4IChDTVMpIHRvIHByb3RlY3QgZmlybXdhcmUgcGFja2Fn
ZXMuIE1vcmUgdGhhbiB0ZW4geWVhcnMgaGF2ZSBwYXNzZWQgc2luY2UgdGhlIHB1YmxpY2F0aW9u
IG9mIFJGQyA0MTA4LCBhbmQgZ3JlYXRlciBleHBlcmllbmNlIHdpdGggSW9UIGRlcGxveW1lbnRz
IGhhcyBsZWQgdG8gYWRkaXRpb25hbCBmdW5jdGlvbmFsaXR5LCByZXF1aXJpbmcgYSBjb250ZW1w
b3Jhcnkgc3RhbmRhcmRpemVkIHNvbHV0aW9uIHRvIGJlIGRlZmluZWQuDQoNCiIiIg0KDQpJIGZl
ZWwgdGhpcyBwYXJhIGlzIG5vdCBhZGRpbmcgdmFsdWUgdG8gdGhlIFdHIG9iamVjdGl2ZXMgYW5k
IHNob3VsZCBiZSByZW1vdmVkIGZyb20gdGhlIGNoYXJ0ZXIuIElJUkMgdGhlIEJPRiBkaXNjdXNz
aW9ucyBhbHNvIGluZGljYXRlZCBzb21ldGhpbmcgb24gdGhlIHNpbWlsYXIgbGluZXMgYW5kIFJG
QzQxMDggaXMgbm90IGluIHdpZGVzcHJlYWQgdXNlIGFzIG9mIHRvZGF5Lg0KDQoNCg0KQ2hlZXJz
DQoNClN1aGFzIE5hbmRha3VtYXINCg0KSU1QT1JUQU5UIE5PVElDRTogVGhlIGNvbnRlbnRzIG9m
IHRoaXMgZW1haWwgYW5kIGFueSBhdHRhY2htZW50cyBhcmUgY29uZmlkZW50aWFsIGFuZCBtYXkg
YWxzbyBiZSBwcml2aWxlZ2VkLiBJZiB5b3UgYXJlIG5vdCB0aGUgaW50ZW5kZWQgcmVjaXBpZW50
LCBwbGVhc2Ugbm90aWZ5IHRoZSBzZW5kZXIgaW1tZWRpYXRlbHkgYW5kIGRvIG5vdCBkaXNjbG9z
ZSB0aGUgY29udGVudHMgdG8gYW55IG90aGVyIHBlcnNvbiwgdXNlIGl0IGZvciBhbnkgcHVycG9z
ZSwgb3Igc3RvcmUgb3IgY29weSB0aGUgaW5mb3JtYXRpb24gaW4gYW55IG1lZGl1bS4gVGhhbmsg
eW91Lg0K

--_000_AM4PR0801MB2706FBF71B766D9929CBA0B1FA210AM4PR0801MB2706_
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: base64

PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy
bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt
YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj
cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv
VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg
Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv
ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTQgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl
PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6
V2luZ2RpbmdzOw0KCXBhbm9zZS0xOjUgMCAwIDAgMCAwIDAgMCAwIDA7fQ0KQGZvbnQtZmFjZQ0K
CXtmb250LWZhbWlseTpXaW5nZGluZ3M7DQoJcGFub3NlLTE6NSAwIDAgMCAwIDAgMCAwIDAgMDt9
DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OkNhbGlicmk7DQoJcGFub3NlLTE6MiAxNSA1IDIg
MiAyIDQgMyAyIDQ7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseTpUYWhvbWE7DQoJcGFub3Nl
LTE6MiAxMSA2IDQgMyA1IDQgNCAyIDQ7fQ0KLyogU3R5bGUgRGVmaW5pdGlvbnMgKi8NCnAuTXNv
Tm9ybWFsLCBsaS5Nc29Ob3JtYWwsIGRpdi5Nc29Ob3JtYWwNCgl7bWFyZ2luOjBjbTsNCgltYXJn
aW4tYm90dG9tOi4wMDAxcHQ7DQoJZm9udC1zaXplOjEyLjBwdDsNCglmb250LWZhbWlseToiVGlt
ZXMgTmV3IFJvbWFuIiwic2VyaWYiO30NCmE6bGluaywgc3Bhbi5Nc29IeXBlcmxpbmsNCgl7bXNv
LXN0eWxlLXByaW9yaXR5Ojk5Ow0KCWNvbG9yOmJsdWU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVy
bGluZTt9DQphOnZpc2l0ZWQsIHNwYW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQNCgl7bXNvLXN0eWxl
LXByaW9yaXR5Ojk5Ow0KCWNvbG9yOnB1cnBsZTsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5l
O30NCnANCgl7bXNvLXN0eWxlLXByaW9yaXR5Ojk5Ow0KCW1zby1tYXJnaW4tdG9wLWFsdDphdXRv
Ow0KCW1hcmdpbi1yaWdodDowY207DQoJbXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG87DQoJbWFy
Z2luLWxlZnQ6MGNtOw0KCWZvbnQtc2l6ZToxMi4wcHQ7DQoJZm9udC1mYW1pbHk6IlRpbWVzIE5l
dyBSb21hbiIsInNlcmlmIjt9DQpwLk1zb0xpc3RQYXJhZ3JhcGgsIGxpLk1zb0xpc3RQYXJhZ3Jh
cGgsIGRpdi5Nc29MaXN0UGFyYWdyYXBoDQoJe21zby1zdHlsZS1wcmlvcml0eTozNDsNCgltYXJn
aW4tdG9wOjBjbTsNCgltYXJnaW4tcmlnaHQ6MGNtOw0KCW1hcmdpbi1ib3R0b206MGNtOw0KCW1h
cmdpbi1sZWZ0OjM2LjBwdDsNCgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJZm9udC1zaXplOjEy
LjBwdDsNCglmb250LWZhbWlseToiVGltZXMgTmV3IFJvbWFuIiwic2VyaWYiO30NCnNwYW4uRW1h
aWxTdHlsZTE4DQoJe21zby1zdHlsZS10eXBlOnBlcnNvbmFsLXJlcGx5Ow0KCWZvbnQtZmFtaWx5
OiJDYWxpYnJpIiwic2Fucy1zZXJpZiI7DQoJY29sb3I6IzFGNDk3RDt9DQouTXNvQ2hwRGVmYXVs
dA0KCXttc28tc3R5bGUtdHlwZTpleHBvcnQtb25seTsNCglmb250LWZhbWlseToiQ2FsaWJyaSIs
InNhbnMtc2VyaWYiOw0KCW1zby1mYXJlYXN0LWxhbmd1YWdlOkVOLVVTO30NCkBwYWdlIFdvcmRT
ZWN0aW9uMQ0KCXtzaXplOjYxMi4wcHQgNzkyLjBwdDsNCgltYXJnaW46NzIuMHB0IDcyLjBwdCA3
Mi4wcHQgNzIuMHB0O30NCmRpdi5Xb3JkU2VjdGlvbjENCgl7cGFnZTpXb3JkU2VjdGlvbjE7fQ0K
LyogTGlzdCBEZWZpbml0aW9ucyAqLw0KQGxpc3QgbDANCgl7bXNvLWxpc3QtaWQ6OTM2MDIwNTQ7
DQoJbXNvLWxpc3QtdHlwZTpoeWJyaWQ7DQoJbXNvLWxpc3QtdGVtcGxhdGUtaWRzOi0xOTkwMDU5
Nzc0IC03ODEzOTU0NDQgMTM0ODA3NTU1IDEzNDgwNzU1NyAxMzQ4MDc1NTMgMTM0ODA3NTU1IDEz
NDgwNzU1NyAxMzQ4MDc1NTMgMTM0ODA3NTU1IDEzNDgwNzU1Nzt9DQpAbGlzdCBsMDpsZXZlbDEN
Cgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Oi07DQoJ
bXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0
Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLCJzYW5zLXNl
cmlmIjsNCgltc28tZmFyZWFzdC1mb250LWZhbWlseTpDYWxpYnJpOw0KCW1zby1iaWRpLWZvbnQt
ZmFtaWx5OiJUaW1lcyBOZXcgUm9tYW4iO30NCkBsaXN0IGwwOmxldmVsMg0KCXttc28tbGV2ZWwt
bnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ6bzsNCgltc28tbGV2ZWwtdGFi
LXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRl
bnQ6LTE4LjBwdDsNCglmb250LWZhbWlseToiQ291cmllciBOZXciO30NCkBsaXN0IGwwOmxldmVs
Mw0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674Kn
Ow0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246
bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczt9DQpA
bGlzdCBsMDpsZXZlbDQNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1s
ZXZlbC10ZXh0Ou+CtzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVt
YmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCglmb250LWZhbWlseTpT
eW1ib2w7fQ0KQGxpc3QgbDA6bGV2ZWw1DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxl
dDsNCgltc28tbGV2ZWwtdGV4dDpvOw0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1s
ZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCWZvbnQt
ZmFtaWx5OiJDb3VyaWVyIE5ldyI7fQ0KQGxpc3QgbDA6bGV2ZWw2DQoJe21zby1sZXZlbC1udW1i
ZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxldmVsLXRhYi1z
dG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50
Oi0xOC4wcHQ7DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCkBsaXN0IGwwOmxldmVsNw0KCXtt
c28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1z
by1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsN
Cgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCWZvbnQtZmFtaWx5OlN5bWJvbDt9DQpAbGlzdCBsMDps
ZXZlbDgNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0
Om87DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlv
bjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7DQoJZm9udC1mYW1pbHk6IkNvdXJpZXIgTmV3
Ijt9DQpAbGlzdCBsMDpsZXZlbDkNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0K
CW1zby1sZXZlbC10ZXh0Ou+CpzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2
ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCglmb250LWZh
bWlseTpXaW5nZGluZ3M7fQ0Kb2wNCgl7bWFyZ2luLWJvdHRvbTowY207fQ0KdWwNCgl7bWFyZ2lu
LWJvdHRvbTowY207fQ0KLS0+PC9zdHlsZT48IS0tW2lmIGd0ZSBtc28gOV0+PHhtbD4NCjxvOnNo
YXBlZGVmYXVsdHMgdjpleHQ9ImVkaXQiIHNwaWRtYXg9IjEwMjYiIC8+DQo8L3htbD48IVtlbmRp
Zl0tLT48IS0tW2lmIGd0ZSBtc28gOV0+PHhtbD4NCjxvOnNoYXBlbGF5b3V0IHY6ZXh0PSJlZGl0
Ij4NCjxvOmlkbWFwIHY6ZXh0PSJlZGl0IiBkYXRhPSIxIiAvPg0KPC9vOnNoYXBlbGF5b3V0Pjwv
eG1sPjwhW2VuZGlmXS0tPg0KPC9oZWFkPg0KPGJvZHkgbGFuZz0iRU4tR0IiIGxpbms9ImJsdWUi
IHZsaW5rPSJwdXJwbGUiPg0KPGRpdiBjbGFzcz0iV29yZFNlY3Rpb24xIj4NCjxwIGNsYXNzPSJN
c29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90
O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojMUY0OTdEIj5IaSBT
dWhhcywNCjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFu
IHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDss
JnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojMUY0OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwv
c3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEx
LjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVv
dDs7Y29sb3I6IzFGNDk3RCI+SSB0aGluayBpdCBpcyBoZWxwZnVsIGluIHR3byB3YXlzOg0KPG86
cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZv
bnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5z
LXNlcmlmJnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4N
CjxwIGNsYXNzPSJNc29MaXN0UGFyYWdyYXBoIiBzdHlsZT0idGV4dC1pbmRlbnQ6LTE4LjBwdDtt
c28tbGlzdDpsMCBsZXZlbDEgbGZvMSI+PCFbaWYgIXN1cHBvcnRMaXN0c10+PHNwYW4gc3R5bGU9
ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtz
YW5zLXNlcmlmJnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPjxzcGFuIHN0eWxlPSJtc28tbGlzdDpJZ25v
cmUiPi08c3BhbiBzdHlsZT0iZm9udDo3LjBwdCAmcXVvdDtUaW1lcyBOZXcgUm9tYW4mcXVvdDsi
PiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOw0K
PC9zcGFuPjwvc3Bhbj48L3NwYW4+PCFbZW5kaWZdPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEu
MHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90
Oztjb2xvcjojMUY0OTdEIj5GaXJzdCBSRkMgNDEwOCBpbGx1c3RyYXRlcyB0aGF0IHRoZSBJRVRG
IGhhcyBwdWJsaXNoZWQgYSBkb2N1bWVudCBpbiB0aGlzIGFyZWEgYWxyZWFkeS48bzpwPjwvbzpw
Pjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXpl
OjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYm
cXVvdDs7Y29sb3I6IzFGNDk3RCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xh
c3M9Ik1zb0xpc3RQYXJhZ3JhcGgiIHN0eWxlPSJ0ZXh0LWluZGVudDotMTguMHB0O21zby1saXN0
OmwwIGxldmVsMSBsZm8xIj48IVtpZiAhc3VwcG9ydExpc3RzXT48c3BhbiBzdHlsZT0iZm9udC1z
aXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2Vy
aWYmcXVvdDs7Y29sb3I6IzFGNDk3RCI+PHNwYW4gc3R5bGU9Im1zby1saXN0Oklnbm9yZSI+LTxz
cGFuIHN0eWxlPSJmb250OjcuMHB0ICZxdW90O1RpbWVzIE5ldyBSb21hbiZxdW90OyI+Jm5ic3A7
Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7DQo8L3NwYW4+
PC9zcGFuPjwvc3Bhbj48IVtlbmRpZl0+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9u
dC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9y
OiMxRjQ5N0QiPlNlY29uZCwgaXQgaXMgdXNlZnVsIGJhY2tncm91bmQgbWF0ZXJpYWwuIEkgYWx3
YXlzIGZpbmQgaXQgaW50ZXJlc3RpbmcgdG8gdGFrZSB0aGUgc3RhdGUtb2YtdGhlLWFydCBpbnRv
IGFjY291bnQuIFRvbyBvZnRlbiB3ZSBpZ25vcmUgcHJpb3Igd29yayBhbmQNCiByZXBlYXQgdGhl
IHNhbWUgbWlzdGFrZXMgb3ZlciBhbmQgb3ZlciBhZ2Fpbi4gPG86cD48L286cD48L3NwYW4+PC9w
Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9u
dC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9y
OiMxRjQ5N0QiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3Jt
YWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGli
cmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojMUY0OTdEIj5JIGFncmVlIHRo
YXQgUkZDIDQxMDggaXMgbm90IGluIHdpZGVzcHJlYWQgdXNlIGJ1dCBpcyB0aGUgdGV4dCBkb2Vz
IG5vdCBjbGFpbSB0aGF0Lg0KPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05v
cm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2Fs
aWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPjxvOnA+Jm5i
c3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJm
b250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fu
cy1zZXJpZiZxdW90Oztjb2xvcjojMUY0OTdEIj5DaWFvPG86cD48L286cD48L3NwYW4+PC9wPg0K
PHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1m
YW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9yOiMx
RjQ5N0QiPkhhbm5lczxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi
PjxhIG5hbWU9Il9NYWlsRW5kQ29tcG9zZSI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7
Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2Nv
bG9yOiMxRjQ5N0QiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvYT48L3A+DQo8cCBjbGFzcz0i
TXNvTm9ybWFsIj48Yj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9ImZvbnQtc2l6ZToxMC4wcHQ7
Zm9udC1mYW1pbHk6JnF1b3Q7VGFob21hJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPkZy
b206PC9zcGFuPjwvYj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9ImZvbnQtc2l6ZToxMC4wcHQ7
Zm9udC1mYW1pbHk6JnF1b3Q7VGFob21hJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPiBT
dWl0IFttYWlsdG86c3VpdC1ib3VuY2VzQGlldGYub3JnXQ0KPGI+T24gQmVoYWxmIE9mIDwvYj5T
dWhhcyBOYW5kYWt1bWFyPGJyPg0KPGI+U2VudDo8L2I+IDIzIE5vdmVtYmVyIDIwMTcgMDA6MzE8
YnI+DQo8Yj5Ubzo8L2I+IHN1aXRAaWV0Zi5vcmc8YnI+DQo8Yj5TdWJqZWN0OjwvYj4gW1N1aXRd
IFNVSVQgQ2hhcnRlcjogUkZDNDEwOCBSZWZlcmVuY2UgaW4gdGhlIGNoYXJ0ZXI8bzpwPjwvbzpw
Pjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4N
CjxkaXY+DQo8cCBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OjBjbTttYXJnaW4tcmlnaHQ6MGNt
O21hcmdpbi1ib3R0b206OC4wcHQ7bWFyZ2luLWxlZnQ6MGNtIj4NCjxzcGFuIHN0eWxlPSJmb250
LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0FyaWFsJnF1b3Q7LCZxdW90O3NhbnMtc2Vy
aWYmcXVvdDsiPkhlbGxvIEFsbDwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjxwIHN0eWxlPSJtc28t
bWFyZ2luLXRvcC1hbHQ6MGNtO21hcmdpbi1yaWdodDowY207bWFyZ2luLWJvdHRvbTo4LjBwdDtt
YXJnaW4tbGVmdDowY20iPg0KPHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1p
bHk6JnF1b3Q7QXJpYWwmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+VGhlIGNoYXJ0ZXIg
Y3VycmVudCBzYXlzIHRoZSBmb2xsb3dpbmcgb24gdGhlIENNUyBvciBSRkMgNDEwOA0KPC9zcGFu
PjxvOnA+PC9vOnA+PC9wPg0KPHAgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDowY207bWFyZ2lu
LXJpZ2h0OjBjbTttYXJnaW4tYm90dG9tOjguMHB0O21hcmdpbi1sZWZ0OjBjbSI+DQo8c3BhbiBz
dHlsZT0iZm9udC1zaXplOjExLjVwdDtmb250LWZhbWlseTomcXVvdDtBcmlhbCZxdW90OywmcXVv
dDtzYW5zLXNlcmlmJnF1b3Q7Ij4mcXVvdDsmcXVvdDsmcXVvdDs8L3NwYW4+PG86cD48L286cD48
L3A+DQo8cCBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OjBjbTttYXJnaW4tcmlnaHQ6MGNtO21h
cmdpbi1ib3R0b206OC4wcHQ7bWFyZ2luLWxlZnQ6MGNtIj4NCjxzcGFuIHN0eWxlPSJmb250LXNp
emU6MTEuNXB0O2ZvbnQtZmFtaWx5OiZxdW90O0FyaWFsJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYm
cXVvdDsiPlJGQyA0MTA4IHByb3ZpZGVzIGEgbWFuaWZlc3QgZm9ybWF0IHRoYXQgdXNlcyB0aGUg
Q3J5cHRvZ3JhcGhpYyBNZXNzYWdlIFN5bnRheCAoQ01TKSB0byBwcm90ZWN0IGZpcm13YXJlIHBh
Y2thZ2VzLiBNb3JlIHRoYW4gdGVuIHllYXJzIGhhdmUgcGFzc2VkIHNpbmNlIHRoZSBwdWJsaWNh
dGlvbiBvZiBSRkMgNDEwOCwgYW5kIGdyZWF0ZXINCiBleHBlcmllbmNlIHdpdGggSW9UIGRlcGxv
eW1lbnRzIGhhcyBsZWQgdG8gYWRkaXRpb25hbCBmdW5jdGlvbmFsaXR5LCByZXF1aXJpbmcgYSBj
b250ZW1wb3Jhcnkgc3RhbmRhcmRpemVkIHNvbHV0aW9uIHRvIGJlIGRlZmluZWQuPC9zcGFuPjxv
OnA+PC9vOnA+PC9wPg0KPHAgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDowY207bWFyZ2luLXJp
Z2h0OjBjbTttYXJnaW4tYm90dG9tOjguMHB0O21hcmdpbi1sZWZ0OjBjbSI+DQo8c3BhbiBzdHls
ZT0iZm9udC1zaXplOjExLjVwdDtmb250LWZhbWlseTomcXVvdDtBcmlhbCZxdW90OywmcXVvdDtz
YW5zLXNlcmlmJnF1b3Q7Ij4mcXVvdDsmcXVvdDsmcXVvdDs8L3NwYW4+PG86cD48L286cD48L3A+
DQo8cCBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OjBjbTttYXJnaW4tcmlnaHQ6MGNtO21hcmdp
bi1ib3R0b206OC4wcHQ7bWFyZ2luLWxlZnQ6MGNtIj4NCjxzcGFuIHN0eWxlPSJmb250LXNpemU6
MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0FyaWFsJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVv
dDsiPkkgZmVlbCB0aGlzIHBhcmEgaXMgbm90IGFkZGluZyB2YWx1ZSB0byB0aGUgV0cgb2JqZWN0
aXZlcyBhbmQgc2hvdWxkIGJlIHJlbW92ZWQgZnJvbSB0aGUgY2hhcnRlci4gSUlSQyB0aGUgQk9G
IGRpc2N1c3Npb25zIGFsc28gaW5kaWNhdGVkIHNvbWV0aGluZyBvbiB0aGUgc2ltaWxhciBsaW5l
cyBhbmQgUkZDNDEwOCBpcyBub3QgaW4gd2lkZXNwcmVhZA0KIHVzZSBhcyBvZiB0b2RheS48L3Nw
YW4+PG86cD48L286cD48L3A+DQo8cCBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OjBjbTttYXJn
aW4tcmlnaHQ6MGNtO21hcmdpbi1ib3R0b206OC4wcHQ7bWFyZ2luLWxlZnQ6MGNtIj4NCjxvOnA+
Jm5ic3A7PC9vOnA+PC9wPg0KPHAgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDowY207bWFyZ2lu
LXJpZ2h0OjBjbTttYXJnaW4tYm90dG9tOjguMHB0O21hcmdpbi1sZWZ0OjBjbSI+DQo8c3BhbiBz
dHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtBcmlhbCZxdW90OywmcXVv
dDtzYW5zLXNlcmlmJnF1b3Q7Ij5DaGVlcnM8L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBzdHls
ZT0ibXNvLW1hcmdpbi10b3AtYWx0OjBjbTttYXJnaW4tcmlnaHQ6MGNtO21hcmdpbi1ib3R0b206
OC4wcHQ7bWFyZ2luLWxlZnQ6MGNtIj4NCjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2Zv
bnQtZmFtaWx5OiZxdW90O0FyaWFsJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPlN1aGFz
IE5hbmRha3VtYXI8L3NwYW4+PG86cD48L286cD48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05v
cm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQpJTVBP
UlRBTlQgTk9USUNFOiBUaGUgY29udGVudHMgb2YgdGhpcyBlbWFpbCBhbmQgYW55IGF0dGFjaG1l
bnRzIGFyZSBjb25maWRlbnRpYWwgYW5kIG1heSBhbHNvIGJlIHByaXZpbGVnZWQuIElmIHlvdSBh
cmUgbm90IHRoZSBpbnRlbmRlZCByZWNpcGllbnQsIHBsZWFzZSBub3RpZnkgdGhlIHNlbmRlciBp
bW1lZGlhdGVseSBhbmQgZG8gbm90IGRpc2Nsb3NlIHRoZSBjb250ZW50cyB0byBhbnkgb3RoZXIg
cGVyc29uLCB1c2UgaXQgZm9yIGFueSBwdXJwb3NlLA0KIG9yIHN0b3JlIG9yIGNvcHkgdGhlIGlu
Zm9ybWF0aW9uIGluIGFueSBtZWRpdW0uIFRoYW5rIHlvdS4NCjwvYm9keT4NCjwvaHRtbD4NCg==

--_000_AM4PR0801MB2706FBF71B766D9929CBA0B1FA210AM4PR0801MB2706_--


From nobody Wed Nov 22 23:44:15 2017
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 52061129D9D for <suit@ietfa.amsl.com>; Wed, 22 Nov 2017 23:44:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.92
X-Spam-Level: 
X-Spam-Status: No, score=-1.92 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1jBcSb7_-UGp for <suit@ietfa.amsl.com>; Wed, 22 Nov 2017 23:44:12 -0800 (PST)
Received: from EUR03-AM5-obe.outbound.protection.outlook.com (mail-eopbgr30068.outbound.protection.outlook.com [40.107.3.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 701CE128896 for <suit@ietf.org>; Wed, 22 Nov 2017 23:44:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=bQ91Sp43Nk+oQf+EfD6wpUNeIMsRuKc5p262LR5fp9g=; b=S59YvQuTq+y0O3ApWvdSk+lT7ILb0P0cnOz540qgdFo2sgHJgoESj0Au3YxZaHRqTc8moTYjTtZhqQb/SHQk3uu7yMrmJQhI77r+fjfO+7TEE4UxLDMrELy4ZRe3lE7CJFbDiwFg7+3ZBy87JlBic/SDw/9ryp3X0FteAyhwMuo=
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com (10.167.90.148) by AM4PR0801MB2706.eurprd08.prod.outlook.com (10.167.90.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.239.5; Thu, 23 Nov 2017 07:44:08 +0000
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::edae:da33:a0c9:fe3f]) by AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::edae:da33:a0c9:fe3f%13]) with mapi id 15.20.0239.009; Thu, 23 Nov 2017 07:44:08 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Suhas Nandakumar <suhasietf@gmail.com>, "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] Suit Charter: IOTSU Workshop information in the Charter
Thread-Index: AQHTY+wqAsF0MY2IS0ms28BgN5zyxaMhlOTg
Date: Thu, 23 Nov 2017 07:44:08 +0000
Message-ID: <AM4PR0801MB270652765D73B805AEF6E07BFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
References: <CAMRcRGS9Exxr8w94AmrMb1ww6ffjtz6gSHCXXosD695AJDJySw@mail.gmail.com>
In-Reply-To: <CAMRcRGS9Exxr8w94AmrMb1ww6ffjtz6gSHCXXosD695AJDJySw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com; 
x-originating-ip: [80.92.114.7]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM4PR0801MB2706; 6:6tiSeBogE8g8kxBi8cHsAYENhqA+1pXoEp4i+d9/VMUw9iQZfIJldMSXLJtPwRIPvnHg1A7h+SCymu4IiKoKTCFQWLQLWwIyht8Ud8lcdizIiT31Hiawu3DmxbTcTfkv6pq5Cuwkvbe9OGRBIMTFFPVOuA+MhRwSoRnc5xKMXSJMU+RnZhHz2sOCbHly7UpNT2mCyxpXhe8HsVI1mGrpRDBXVtwYyQDFxGod7y9oP/cLZ+06Xbyfcvi3oz6rYJqt+1eBxlen2Cu35GA4sQPctwy1tq0TSG9jr8wEJUUQyx+2ppr3i4EcXTefLC0UvTei4sFkvxA25CIO1etqSy9KSYpWAL6nYMGs1Z2nae3421E=; 5:GA521KornuKD3gfE/VU2sTcH2dNdNI22hpu6B/fQfkXiEk12oZq6t3QI5BuPcqAj0Ots9OmGimcEdRoRDOeu+qEbxtPQqp4UVCk4FglGiGJcgANOM4xaidNxb6JNDrtimUcB5vZqAJ+fLZ3M0cC2zSFaIdouZWGNdL+sg+sQh8s=; 24:2qhHcniVRETm6ogseXPFXVR4OzDO7h0Rh9BjbLV9WME/qho33NINZCiEyO9TOs39QaUCYSJQJy5SUG3wQ5IuKqrGiCFnE0tYnl1iT6agY8E=; 7:BCKu3VQbO5L4Ib/oME4i7WyPWmRsAEwIES4xkVjUiICuqf0e6t0PPcxi1v1LzKifcAXJ6vIkpK8XQiMV06TMLXAyGPNEa+IgaNaM173/Iz6fMz8oJFa/YGIf963GPKZqPTuocDXZhLhuWACjRYFkhg7vb9YIjc4zp3j4+uobUHMjisQkWH6okLIOCvxFVHhihIbqhfTljzFfTbmtp0gcHeVvUMvTg9cZOEcnXbfIqqm4D28aLAUXHY0ktRrmbbzy
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 71768c37-cbd9-49d7-11e1-08d53245fb19
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(48565401081)(5600022)(4604075)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(2017052603258); SRVR:AM4PR0801MB2706; 
x-ms-traffictypediagnostic: AM4PR0801MB2706:
x-microsoft-antispam-prvs: <AM4PR0801MB27068D3BF77E8F8C0D2D87C8FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(227612066756510)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(93006095)(93001095)(3002001)(3231022)(100000703101)(100105400095)(10201501046)(6055026)(6041248)(20161123560025)(20161123558100)(20161123562025)(20161123555025)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:AM4PR0801MB2706; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:AM4PR0801MB2706; 
x-forefront-prvs: 05009853EF
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(366004)(376002)(346002)(39860400002)(189002)(40434004)(53754006)(199003)(3660700001)(106356001)(6246003)(39060400002)(54896002)(316002)(25786009)(53936002)(6306002)(9686003)(2900100001)(68736007)(72206003)(14454004)(6506006)(97736004)(478600001)(86362001)(55016002)(2501003)(5890100001)(105586002)(229853002)(53546010)(5660300001)(99286004)(6436002)(76176999)(110136005)(50986999)(7736002)(790700001)(6116002)(3846002)(102836003)(54356999)(2906002)(3280700002)(8676002)(81166006)(9326002)(7696004)(81156014)(66066001)(2950100002)(8936002)(33656002)(5250100002)(101416001)(74316002)(189998001); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR0801MB2706; H:AM4PR0801MB2706.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_AM4PR0801MB270652765D73B805AEF6E07BFA210AM4PR0801MB2706_"
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 71768c37-cbd9-49d7-11e1-08d53245fb19
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Nov 2017 07:44:08.9024 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0801MB2706
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/SuhyRU4jTbT9lmmieA4xsT_oAZw>
Subject: Re: [Suit] Suit Charter: IOTSU Workshop information in the Charter
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Nov 2017 07:44:14 -0000

--_000_AM4PR0801MB270652765D73B805AEF6E07BFA210AM4PR0801MB2706_
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64

SGkgU3VoYXMsDQoNCllvdSBoYXZlIGJldHRlciBsYW5ndWFnZSBza2lsbHMgdGhhbiBJIGRvIGFu
ZCBzbyBoZWxwIHRvIGltcHJvdmUgdGhlIHdvcmRpbmcuDQoNClRoZSB0ZXh0IGlsbHVzdHJhdGVz
IHRoYXQgdGhlIElFVEYgaGFzIGJlZW4gbG9va2luZyBhdCB0aGUgdG9waWMgb2YgZmlybXdhcmUg
dXBkYXRlcyBmb3IgYSB3aGlsZSBhbHJlYWR5IGFuZCB0aGUgSUFCIGhhcyBldmVuIG9yZ2FuaXpl
ZCBhIHdvcmtzaG9wIHRvIHJlYWNoIG91dCB0byBpbnRlcmVzdGVkIHBhcnRpZXMuDQpGb3Igc29t
ZW9uZSB3aG8gaXMgbmV3IHRvIHRoZSBJRVRGIHRoaXMgaW5mb3JtYXRpb24sIGluY2x1ZGluZyB0
aGUgcmVmZXJlbmNlIHRvIHRoYXQgd29ya3Nob3AgcmVwb3J0LCBtYXliZSB1c2VmdWwgYmFja2dy
b3VuZCBpbmZvcm1hdGlvbiBzaW5jZSB0aGV5IG1heSBiZSB3b25kZXJpbmcgd2h5IHRoZSBJRVRG
IGNhcmVzIGFib3V0IHRoaXMgdG9waWMuDQoNCkNoYXJ0ZXJzIGluIHRoZSBJRVRGIGluIGdlbmVy
YWwgYWxzbyBwcm92aWRlIGEgYml0IG9mIGludHJvZHVjdGlvbiBhbmQgaWxsdXN0cmF0ZSB0aGUg
aGlzdG9yeSBvZiBob3cgd2UgZ290IGhlcmUuDQoNCkNpYW8NCkhhbm5lcw0KDQpGcm9tOiBTdWl0
IFttYWlsdG86c3VpdC1ib3VuY2VzQGlldGYub3JnXSBPbiBCZWhhbGYgT2YgU3VoYXMgTmFuZGFr
dW1hcg0KU2VudDogMjMgTm92ZW1iZXIgMjAxNyAwMDo0Ng0KVG86IHN1aXRAaWV0Zi5vcmcNClN1
YmplY3Q6IFtTdWl0XSBTdWl0IENoYXJ0ZXI6IElPVFNVIFdvcmtzaG9wIGluZm9ybWF0aW9uIGlu
IHRoZSBDaGFydGVyDQoNCg0KSGVsbG8gQWxsDQoNCkkgYW0gdHJ5aW5nIHRvIGdldCBteSBoZWFk
IGFyb3VuZCB0aGUgcHVycG9zZSBvZiB0aGUgZm9sbG93aW5nIHRleHQgaW4gdGhlIGNoYXJ0ZXIg
YWJvdXQgSU9UU1Ugd29ya3Nob3AgdG8gdGhlIFdHIG9iamVjdGl2ZXMgYW5kIGRlbGl2ZXJhYmxl
cy4gSWYgd2UgdGhpbmsgY2FwdHVyaW5nIElPVFNVIHdvcmtzaG9wIGJhY2tncm91bmQgYWlkcyBp
biBXRyBvYmplY3RpdmVzLCB3ZSBtaWdodCBoYXZlIHRvIHJld29yZCB0aGUgY3VycmVudCB0ZXh0
IHRvIGNhcHR1cmUgdGhlIGludGVudC4gT3RoZXJ3aXNlLCBpIHByb3Bvc2UgcmVtb3ZpbmcgdGhl
IGJlbG93IHRleHQgZnJvbSB0aGUgY2hhcnRlci4NCg0K4oCcSW4gSnVuZSBvZiAyMDE2IHRoZSBJ
bnRlcm5ldCBBcmNoaXRlY3R1cmUgQm9hcmQgb3JnYW5pemVkIGEgd29ya3Nob3Agb24gJ0ludGVy
bmV0IG9mIFRoaW5ncyAoSW9UKSBTb2Z0d2FyZSBVcGRhdGUgKElPVFNVKScsIHdoaWNoIHRvb2sg
cGxhY2UgYXQgVHJpbml0eSBDb2xsZWdlIGluIER1YmxpbiwgSXJlbGFuZC4gVGhlIG1haW4gZ29h
bCBvZiB0aGUgd29ya3Nob3Agd2FzIHRvIGZvc3RlciBhIGRpc2N1c3Npb24gb24gcmVxdWlyZW1l
bnRzLCBjaGFsbGVuZ2VzLCBhbmQgc29sdXRpb25zIGZvciBicmluZ2luZyBzb2Z0d2FyZSBhbmQg
ZmlybXdhcmUgdXBkYXRlcyB0byBJb1QgZGV2aWNlcy4gVGhpcyB3b3Jrc2hvcCBhbHNvIG1hZGUg
Y2xlYXIgdGhhdCB0aGVyZSBhcmUgY2hhbGxlbmdlcyB3aXRoIG1pc2FsaWduZWQgaW5jZW50aXZl
cyBhbmQgY29tcGxleCB2YWx1ZSBjaGFpbnMuIEl0IGlzIG5ldmVydGhlbGVzcyBzZWVuIGFzIGlt
cG9ydGFudCB0byBjcmVhdGXigJ0NCg0KVGhhbmtzDQpTdWhhcyBOYW5kYWt1bWFyDQoNCklNUE9S
VEFOVCBOT1RJQ0U6IFRoZSBjb250ZW50cyBvZiB0aGlzIGVtYWlsIGFuZCBhbnkgYXR0YWNobWVu
dHMgYXJlIGNvbmZpZGVudGlhbCBhbmQgbWF5IGFsc28gYmUgcHJpdmlsZWdlZC4gSWYgeW91IGFy
ZSBub3QgdGhlIGludGVuZGVkIHJlY2lwaWVudCwgcGxlYXNlIG5vdGlmeSB0aGUgc2VuZGVyIGlt
bWVkaWF0ZWx5IGFuZCBkbyBub3QgZGlzY2xvc2UgdGhlIGNvbnRlbnRzIHRvIGFueSBvdGhlciBw
ZXJzb24sIHVzZSBpdCBmb3IgYW55IHB1cnBvc2UsIG9yIHN0b3JlIG9yIGNvcHkgdGhlIGluZm9y
bWF0aW9uIGluIGFueSBtZWRpdW0uIFRoYW5rIHlvdS4NCg==

--_000_AM4PR0801MB270652765D73B805AEF6E07BFA210AM4PR0801MB2706_
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: base64

PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy
bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt
YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj
cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv
VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg
Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv
ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTQgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl
PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6
Q2FsaWJyaTsNCglwYW5vc2UtMToyIDE1IDUgMiAyIDIgNCAzIDIgNDt9DQpAZm9udC1mYWNlDQoJ
e2ZvbnQtZmFtaWx5OlRhaG9tYTsNCglwYW5vc2UtMToyIDExIDYgNCAzIDUgNCA0IDIgNDt9DQov
KiBTdHlsZSBEZWZpbml0aW9ucyAqLw0KcC5Nc29Ob3JtYWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1z
b05vcm1hbA0KCXttYXJnaW46MGNtOw0KCW1hcmdpbi1ib3R0b206LjAwMDFwdDsNCglmb250LXNp
emU6MTIuMHB0Ow0KCWZvbnQtZmFtaWx5OiJUaW1lcyBOZXcgUm9tYW4iLCJzZXJpZiI7fQ0KYTps
aW5rLCBzcGFuLk1zb0h5cGVybGluaw0KCXttc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6
Ymx1ZTsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lO30NCmE6dmlzaXRlZCwgc3Bhbi5Nc29I
eXBlcmxpbmtGb2xsb3dlZA0KCXttc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6cHVycGxl
Ow0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KcA0KCXttc28tc3R5bGUtcHJpb3JpdHk6
OTk7DQoJbXNvLW1hcmdpbi10b3AtYWx0OmF1dG87DQoJbWFyZ2luLXJpZ2h0OjBjbTsNCgltc28t
bWFyZ2luLWJvdHRvbS1hbHQ6YXV0bzsNCgltYXJnaW4tbGVmdDowY207DQoJZm9udC1zaXplOjEy
LjBwdDsNCglmb250LWZhbWlseToiVGltZXMgTmV3IFJvbWFuIiwic2VyaWYiO30NCnNwYW4uRW1h
aWxTdHlsZTE4DQoJe21zby1zdHlsZS10eXBlOnBlcnNvbmFsLXJlcGx5Ow0KCWZvbnQtZmFtaWx5
OiJDYWxpYnJpIiwic2Fucy1zZXJpZiI7DQoJY29sb3I6IzFGNDk3RDt9DQouTXNvQ2hwRGVmYXVs
dA0KCXttc28tc3R5bGUtdHlwZTpleHBvcnQtb25seTsNCglmb250LWZhbWlseToiQ2FsaWJyaSIs
InNhbnMtc2VyaWYiOw0KCW1zby1mYXJlYXN0LWxhbmd1YWdlOkVOLVVTO30NCkBwYWdlIFdvcmRT
ZWN0aW9uMQ0KCXtzaXplOjYxMi4wcHQgNzkyLjBwdDsNCgltYXJnaW46NzIuMHB0IDcyLjBwdCA3
Mi4wcHQgNzIuMHB0O30NCmRpdi5Xb3JkU2VjdGlvbjENCgl7cGFnZTpXb3JkU2VjdGlvbjE7fQ0K
LS0+PC9zdHlsZT48IS0tW2lmIGd0ZSBtc28gOV0+PHhtbD4NCjxvOnNoYXBlZGVmYXVsdHMgdjpl
eHQ9ImVkaXQiIHNwaWRtYXg9IjEwMjYiIC8+DQo8L3htbD48IVtlbmRpZl0tLT48IS0tW2lmIGd0
ZSBtc28gOV0+PHhtbD4NCjxvOnNoYXBlbGF5b3V0IHY6ZXh0PSJlZGl0Ij4NCjxvOmlkbWFwIHY6
ZXh0PSJlZGl0IiBkYXRhPSIxIiAvPg0KPC9vOnNoYXBlbGF5b3V0PjwveG1sPjwhW2VuZGlmXS0t
Pg0KPC9oZWFkPg0KPGJvZHkgbGFuZz0iRU4tR0IiIGxpbms9ImJsdWUiIHZsaW5rPSJwdXJwbGUi
Pg0KPGRpdiBjbGFzcz0iV29yZFNlY3Rpb24xIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFu
IHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDss
JnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojMUY0OTdEIj5IaSBTdWhhcywNCjxvOnA+PC9v
OnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNp
emU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJp
ZiZxdW90Oztjb2xvcjojMUY0OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBj
bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWls
eTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6IzFGNDk3
RCI+WW91IGhhdmUgYmV0dGVyIGxhbmd1YWdlIHNraWxscyB0aGFuIEkgZG8gYW5kIHNvIGhlbHAg
dG8gaW1wcm92ZSB0aGUgd29yZGluZy4NCjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNz
PSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZx
dW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojMUY0OTdEIj48
bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBz
dHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZx
dW90O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6IzFGNDk3RCI+VGhlIHRleHQgaWxsdXN0cmF0ZXMg
dGhhdCB0aGUgSUVURiBoYXMgYmVlbiBsb29raW5nIGF0IHRoZSB0b3BpYyBvZiBmaXJtd2FyZSB1
cGRhdGVzIGZvciBhIHdoaWxlIGFscmVhZHkgYW5kIHRoZSBJQUIgaGFzIGV2ZW4gb3JnYW5pemVk
IGEgd29ya3Nob3AgdG8gcmVhY2gNCiBvdXQgdG8gaW50ZXJlc3RlZCBwYXJ0aWVzLiA8bzpwPjwv
bzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48YSBuYW1lPSJfTWFpbEVuZENv
bXBvc2UiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0Nh
bGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojMUY0OTdEIj5Gb3Igc29t
ZW9uZSB3aG8gaXMgbmV3IHRvIHRoZSBJRVRGIHRoaXMgaW5mb3JtYXRpb24sIGluY2x1ZGluZyB0
aGUgcmVmZXJlbmNlIHRvIHRoYXQgd29ya3Nob3AgcmVwb3J0LCBtYXliZSB1c2VmdWwgYmFja2dy
b3VuZCBpbmZvcm1hdGlvbg0KIHNpbmNlIHRoZXkgbWF5IGJlIHdvbmRlcmluZyB3aHkgdGhlIElF
VEYgY2FyZXMgYWJvdXQgdGhpcyB0b3BpYy4gPG86cD48L286cD48L3NwYW4+PC9hPjwvcD4NCjxw
IGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFt
aWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojMUY0
OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48
c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1
b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6IzFGNDk3RCI+Q2hhcnRlcnMgaW4gdGhl
IElFVEYgaW4gZ2VuZXJhbCBhbHNvIHByb3ZpZGUgYSBiaXQgb2YgaW50cm9kdWN0aW9uIGFuZCBp
bGx1c3RyYXRlIHRoZSBoaXN0b3J5IG9mIGhvdyB3ZSBnb3QgaGVyZS4NCjxvOnA+PC9vOnA+PC9z
cGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEu
MHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90
Oztjb2xvcjojMUY0OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0i
TXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVv
dDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6IzFGNDk3RCI+Q2lh
bzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxl
PSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7
c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojMUY0OTdEIj5IYW5uZXM8bzpwPjwvbzpwPjwvc3Bhbj48
L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtm
b250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29s
b3I6IzFGNDk3RCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05v
cm1hbCI+PGI+PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJmb250LXNpemU6MTAuMHB0O2ZvbnQt
ZmFtaWx5OiZxdW90O1RhaG9tYSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij5Gcm9tOjwv
c3Bhbj48L2I+PHNwYW4gbGFuZz0iRU4tVVMiIHN0eWxlPSJmb250LXNpemU6MTAuMHB0O2ZvbnQt
ZmFtaWx5OiZxdW90O1RhaG9tYSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7Ij4gU3VpdCBb
bWFpbHRvOnN1aXQtYm91bmNlc0BpZXRmLm9yZ10NCjxiPk9uIEJlaGFsZiBPZiA8L2I+U3VoYXMg
TmFuZGFrdW1hcjxicj4NCjxiPlNlbnQ6PC9iPiAyMyBOb3ZlbWJlciAyMDE3IDAwOjQ2PGJyPg0K
PGI+VG86PC9iPiBzdWl0QGlldGYub3JnPGJyPg0KPGI+U3ViamVjdDo8L2I+IFtTdWl0XSBTdWl0
IENoYXJ0ZXI6IElPVFNVIFdvcmtzaG9wIGluZm9ybWF0aW9uIGluIHRoZSBDaGFydGVyPG86cD48
L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48
L3A+DQo8ZGl2Pg0KPHAgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDowY207bWFyZ2luLXJpZ2h0
OjBjbTttYXJnaW4tYm90dG9tOjguMHB0O21hcmdpbi1sZWZ0OjBjbSI+DQo8c3BhbiBzdHlsZT0i
Zm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtBcmlhbCZxdW90OywmcXVvdDtzYW5z
LXNlcmlmJnF1b3Q7Ij5IZWxsbyBBbGw8L3NwYW4+PG86cD48L286cD48L3A+DQo8cCBzdHlsZT0i
bXNvLW1hcmdpbi10b3AtYWx0OjBjbTttYXJnaW4tcmlnaHQ6MGNtO21hcmdpbi1ib3R0b206OC4w
cHQ7bWFyZ2luLWxlZnQ6MGNtIj4NCjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQt
ZmFtaWx5OiZxdW90O0FyaWFsJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPkkgYW0gdHJ5
aW5nIHRvIGdldCBteSBoZWFkIGFyb3VuZCB0aGUgcHVycG9zZSBvZiB0aGUgZm9sbG93aW5nIHRl
eHQgaW4gdGhlIGNoYXJ0ZXIgYWJvdXQgSU9UU1Ugd29ya3Nob3AgdG8gdGhlIFdHIG9iamVjdGl2
ZXMgYW5kIGRlbGl2ZXJhYmxlcy4gSWYgd2UgdGhpbmsgY2FwdHVyaW5nIElPVFNVIHdvcmtzaG9w
IGJhY2tncm91bmQgYWlkcw0KIGluIFdHIG9iamVjdGl2ZXMsIHdlIG1pZ2h0IGhhdmUgdG8gcmV3
b3JkIHRoZSBjdXJyZW50IHRleHQgdG8gY2FwdHVyZSB0aGUgaW50ZW50LiBPdGhlcndpc2UsIGkg
cHJvcG9zZSByZW1vdmluZyB0aGUgYmVsb3cgdGV4dCBmcm9tIHRoZSBjaGFydGVyLjwvc3Bhbj48
bzpwPjwvbzpwPjwvcD4NCjxwIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6MGNtO21hcmdpbi1y
aWdodDowY207bWFyZ2luLWJvdHRvbTo4LjBwdDttYXJnaW4tbGVmdDowY20iPg0KPHNwYW4gc3R5
bGU9ImZvbnQtc2l6ZToxMS41cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7QXJpYWwmcXVvdDssJnF1b3Q7
c2Fucy1zZXJpZiZxdW90OyI+4oCcSW4gSnVuZSBvZiAyMDE2IHRoZSBJbnRlcm5ldCBBcmNoaXRl
Y3R1cmUgQm9hcmQgb3JnYW5pemVkIGEgd29ya3Nob3Agb24gJ0ludGVybmV0IG9mIFRoaW5ncyAo
SW9UKSBTb2Z0d2FyZSBVcGRhdGUgKElPVFNVKScsIHdoaWNoIHRvb2sgcGxhY2UgYXQgVHJpbml0
eSBDb2xsZWdlIGluIER1YmxpbiwgSXJlbGFuZC4gVGhlIG1haW4gZ29hbA0KIG9mIHRoZSB3b3Jr
c2hvcCB3YXMgdG8gZm9zdGVyIGEgZGlzY3Vzc2lvbiBvbiByZXF1aXJlbWVudHMsIGNoYWxsZW5n
ZXMsIGFuZCBzb2x1dGlvbnMgZm9yIGJyaW5naW5nIHNvZnR3YXJlIGFuZCBmaXJtd2FyZSB1cGRh
dGVzIHRvIElvVCBkZXZpY2VzLiBUaGlzIHdvcmtzaG9wIGFsc28gbWFkZSBjbGVhciB0aGF0IHRo
ZXJlIGFyZSBjaGFsbGVuZ2VzIHdpdGggbWlzYWxpZ25lZCBpbmNlbnRpdmVzIGFuZCBjb21wbGV4
IHZhbHVlIGNoYWlucy4gSXQNCiBpcyBuZXZlcnRoZWxlc3Mgc2VlbiBhcyBpbXBvcnRhbnQgdG8g
Y3JlYXRl4oCdPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3Jt
YWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05v
cm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS41cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7QXJp
YWwmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+VGhhbmtzPC9zcGFuPjxvOnA+PC9vOnA+
PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZv
bnQtc2l6ZToxMS41cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7QXJpYWwmcXVvdDssJnF1b3Q7c2Fucy1z
ZXJpZiZxdW90OyI+U3VoYXMgTmFuZGFrdW1hcjwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjwvZGl2
Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9k
aXY+DQo8L2Rpdj4NCjwvZGl2Pg0KSU1QT1JUQU5UIE5PVElDRTogVGhlIGNvbnRlbnRzIG9mIHRo
aXMgZW1haWwgYW5kIGFueSBhdHRhY2htZW50cyBhcmUgY29uZmlkZW50aWFsIGFuZCBtYXkgYWxz
byBiZSBwcml2aWxlZ2VkLiBJZiB5b3UgYXJlIG5vdCB0aGUgaW50ZW5kZWQgcmVjaXBpZW50LCBw
bGVhc2Ugbm90aWZ5IHRoZSBzZW5kZXIgaW1tZWRpYXRlbHkgYW5kIGRvIG5vdCBkaXNjbG9zZSB0
aGUgY29udGVudHMgdG8gYW55IG90aGVyIHBlcnNvbiwgdXNlIGl0IGZvciBhbnkgcHVycG9zZSwN
CiBvciBzdG9yZSBvciBjb3B5IHRoZSBpbmZvcm1hdGlvbiBpbiBhbnkgbWVkaXVtLiBUaGFuayB5
b3UuDQo8L2JvZHk+DQo8L2h0bWw+DQo=

--_000_AM4PR0801MB270652765D73B805AEF6E07BFA210AM4PR0801MB2706_--


From nobody Wed Nov 22 23:59:11 2017
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EB8AF127978 for <suit@ietfa.amsl.com>; Wed, 22 Nov 2017 23:59:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Level: 
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id itNxK6fQ1xUm for <suit@ietfa.amsl.com>; Wed, 22 Nov 2017 23:59:08 -0800 (PST)
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-ve1eur01on0086.outbound.protection.outlook.com [104.47.1.86]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 149B7127078 for <suit@ietf.org>; Wed, 22 Nov 2017 23:59:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Gu6vvtfKWyeuKrJ+NWv6yqTse7StkXw34HAWbHnZBv0=; b=NMygtHpVxmo1QGmexNw6rWD/4yfmHHK37urPn5l/lOiBFuuFCLW1ap033ZVsdmP1i81M1y0wlpbE5wvNyswKMiGQk8isuv8+nqPROkPZpkFE9VGONESQS3iEppgmfoES03mI2fRSBr1t1Gz2/0roGpZxrjlf6Z6+B3FTIT5rQuQ=
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com (10.167.90.148) by AM4PR0801MB2706.eurprd08.prod.outlook.com (10.167.90.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.239.5; Thu, 23 Nov 2017 07:59:05 +0000
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::edae:da33:a0c9:fe3f]) by AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::edae:da33:a0c9:fe3f%13]) with mapi id 15.20.0239.009; Thu, 23 Nov 2017 07:59:05 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>, Suhas Nandakumar <suhasietf@gmail.com>
CC: "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] SUIT Charter: Firmware Server Discovery and Download Mechanism
Thread-Index: AQHTY+nKOBJ15iHy80Of+kwRfWqQtaMhEE6AgACHNyA=
Date: Thu, 23 Nov 2017 07:59:05 +0000
Message-ID: <AM4PR0801MB2706942518011D9489B0DC6DFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
References: <CAMRcRGQbXX5Cog=Jccgrkuz48oGnw0v3AAx-N20UaZhXbW=H5g@mail.gmail.com> <589.1511394367@obiwan.sandelman.ca>
In-Reply-To: <589.1511394367@obiwan.sandelman.ca>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com; 
x-originating-ip: [80.92.114.7]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM4PR0801MB2706; 6:+MUjD6SRrdS5fw/ANNihF0oDnXH8GUbZM5DX3PfL2h+Y7vTrKgF8Ad1uARK2AO3MlX+K3OAqCtDFsdLlPrjP+rhGt3/ZXfAmgum+AiLGOTK52DrfT28ldCWhY8MONegCA8RQo9npiVZkQlNjobRDA8r9HhBBvEW4tB9zeMbDeUHFyKpIrlHWm0Gd0tu4DVWct8ek3gSV4/krXZz6eXv2lQ9KO9I/ovHdTWtStePrTf1xfEooPl0M44IAzRWt6XjtDYeYA2f4GTTbbIHuBNCN38AhzKqJSMvCY6O90mc2YEsA3Uu4SzjFAKt+rTMMkv+82KGc4AEUvqTjZVpIaWyoKkLxwHZmA6ZwloQUc68X2nY=; 5:oYZDrl5w12pJ5e+HeC7vxUPMm/MgJCwthEb7Pdq0QRfSgMrlDZKc5Ls75ewtE7amvLWE5dHDDxsX5roZDSbk6GQyEreavurlR5vVt4qKnQ4W0f74fT7CnIHvPu31wJteCmX4il0m9Qm6JHI7HtE8/d8BRoGIyu5UjshxiJKkdsk=; 24:HYx8O6Z66C61vUoZvZUGu2S2ufjnhSzP7NBgmSVF3385tBOERTYoRvR87QgUZCQQI7eck/vsefETGRQVLmHsIO20354vvaok3/U116C7eSQ=; 7:74WuAr3R+ADjgJQWMD9EcoH3Kc0zKa+UiYmh3wJ0JDfJ8ffOx+Geko/3NxucarQo0VqUVJf9yWpEf8Jdbr6LXOdMiewg0Ht8IcGfI6oTR6vXK0Ap+zBo+UAEZDBjAzCO9wxQ9C/rqgKnV8TSZvZoyZ5qxrBlBsJQuY7Mrsn+REnV8OMT4BN+juRZueeV56EJosoLu28F8WrMMOePMh3ligoseCAy+Vbv4tfSULC4e9bV+YqOhRn10WUTXq9L+Wlh
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 2da93816-0a25-4a48-4ec7-08d53248115d
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(48565401081)(5600022)(4604075)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(2017052603258); SRVR:AM4PR0801MB2706; 
x-ms-traffictypediagnostic: AM4PR0801MB2706:
x-microsoft-antispam-prvs: <AM4PR0801MB2706C348FED1F28E2DA0328CFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(190756311086443)(158342451672863);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(93006095)(93001095)(3002001)(3231022)(100000703101)(100105400095)(10201501046)(6055026)(6041248)(20161123560025)(20161123558100)(20161123562025)(20161123555025)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:AM4PR0801MB2706; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:AM4PR0801MB2706; 
x-forefront-prvs: 05009853EF
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(39860400002)(346002)(366004)(376002)(13464003)(199003)(24454002)(40434004)(189002)(110136005)(50986999)(76176999)(54356999)(305945005)(6116002)(7736002)(3846002)(102836003)(53546010)(99286004)(5660300001)(6436002)(7696004)(81156014)(8676002)(81166006)(5250100002)(74316002)(189998001)(101416001)(2950100002)(66066001)(33656002)(8936002)(3280700002)(2906002)(72206003)(68736007)(2900100001)(14454004)(39060400002)(3660700001)(6246003)(106356001)(53936002)(25786009)(9686003)(316002)(4326008)(229853002)(5890100001)(105586002)(55016002)(6506006)(97736004)(86362001)(478600001); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR0801MB2706; H:AM4PR0801MB2706.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 2da93816-0a25-4a48-4ec7-08d53248115d
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Nov 2017 07:59:05.2373 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0801MB2706
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/TA3Cexi7g536lKSfFrviWh8OmJ8>
Subject: Re: [Suit] SUIT Charter: Firmware Server Discovery and Download Mechanism
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Nov 2017 07:59:10 -0000

Hi Suhas, Hi Michael,

the problem is the slippery slope here: as mentioned on the mailing list (n=
ot by me) it is not only about discovering the server but very quickly you =
are talking about "how do I push firmware updates to devices (instead of ju=
st polling)", "how do I learn what capabilities the device has (since the s=
erver wants to offer the appropriate firmware to the device)", "how do get =
information about the current state of the firmware update (has it been dow=
nloaded already, has the device successfully replaced the firmware, etc.)",=
 "can I reset the device to a previous version of the firmware that is alre=
ady on the device", "how much flash space is still left on the device", etc=
.

Some standardization work has been done in this field already, which I had =
pointed out in previous email discussions.

I am wondering why you don't create your own working group just to work on =
this topic. This would help to create more focused work.

Ciao
Hannes

-----Original Message-----
From: Suit [mailto:suit-bounces@ietf.org] On Behalf Of Michael Richardson
Sent: 23 November 2017 00:46
To: Suhas Nandakumar
Cc: suit@ietf.org
Subject: Re: [Suit] SUIT Charter: Firmware Server Discovery and Download Me=
chanism


Suhas Nandakumar <suhasietf@gmail.com> wrote:
    > I would like to propose following addition to the above list

    > *   Mechanisms to discover new firmware is available and the location
    > to download it from

I'm actually okay with this in the charter, provided that we don't invent
anything new.   I can imagine doint this with CoAP OBSERVE, DNS-SD, HTTP re=
quests,
and I'm sure I'll think of four more in a minute.

--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works  -=3D =
IPv6 IoT consulting =3D-



IMPORTANT NOTICE: The contents of this email and any attachments are confid=
ential and may also be privileged. If you are not the intended recipient, p=
lease notify the sender immediately and do not disclose the contents to any=
 other person, use it for any purpose, or store or copy the information in =
any medium. Thank you.


From nobody Thu Nov 23 00:01:46 2017
Return-Path: <cabo@tzi.org>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5186A127978 for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 00:01:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5V8v6VA3znAP for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 00:01:43 -0800 (PST)
Received: from mailhost.informatik.uni-bremen.de (mailhost.informatik.uni-bremen.de [IPv6:2001:638:708:30c9::12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 86E9112726E for <suit@ietf.org>; Thu, 23 Nov 2017 00:01:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at informatik.uni-bremen.de
Received: from submithost.informatik.uni-bremen.de (submithost.informatik.uni-bremen.de [134.102.201.11]) by mailhost.informatik.uni-bremen.de (8.14.5/8.14.5) with ESMTP id vAN81c7F011576; Thu, 23 Nov 2017 09:01:38 +0100 (CET)
Received: from client-0152.vpn.uni-bremen.de (client-0152.vpn.uni-bremen.de [134.102.107.152]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by submithost.informatik.uni-bremen.de (Postfix) with ESMTPSA id 3yjBc21MXpzDWpm; Thu, 23 Nov 2017 09:01:38 +0100 (CET)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <AM4PR0801MB270630DAF02E36407E12B79DFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
Date: Thu, 23 Nov 2017 09:01:37 +0100
Cc: Suhas Nandakumar <suhasietf@gmail.com>, "suit@ietf.org" <suit@ietf.org>
X-Mao-Original-Outgoing-Id: 533116896.833634-6bc595889bbccd4817c810cc2b24eee8
Content-Transfer-Encoding: quoted-printable
Message-Id: <48439ED2-6618-4987-BC56-0D059F012890@tzi.org>
References: <CAMRcRGQo_3ygGXeOEc0KR=E97Oax85p1L0UV62mMtv2E0zggaw@mail.gmail.com> <AM4PR0801MB270630DAF02E36407E12B79DFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/fYScZHegutzFGJLYy6VOLVSXeYc>
Subject: Re: [Suit] Manifest Formats
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Nov 2017 08:01:45 -0000

On Nov 23, 2017, at 08:31, Hannes Tschofenig <Hannes.Tschofenig@arm.com> =
wrote:
>=20
> Do you agree that having multiple formats will cause additional pain =
and lower interoperability?

I=E2=80=99m not Suhas, but I=E2=80=99d like to point out that while this =
is trivially true, it may also be trivially irrelevant, as demonstrated =
by a sentence like:

> having both UDP and TCP as transport protocols for IP will cause =
additional pain and lower interoperability

(I=E2=80=99m not sure what =E2=80=9Cformat=E2=80=9D means here; if this =
is about serializations, different considerations apply than if this is =
about information models and security models.)

Gr=C3=BC=C3=9Fe, Carsten


From nobody Thu Nov 23 00:10:17 2017
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 722BB12E059 for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 00:10:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Level: 
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rXe6AuZLCYy4 for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 00:10:14 -0800 (PST)
Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-eopbgr20052.outbound.protection.outlook.com [40.107.2.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9A29412E048 for <suit@ietf.org>; Thu, 23 Nov 2017 00:09:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=ClXjADXM2eYeKYw7RT7GpxfSwGEP8SumpdpyA39BlGU=; b=mv+EVVtD0COVA7iiPA2OXreK81IltTVWuKtUYsnItjyIpZa6ZnmnZn5/GL3Irjr21+rGUePcWYaUo+egNth/CDIZ7Jwrt5pI8Td2O1DUkn4/QnK4UK8Bo3eAl9wrxa5tLtkW1GTFRzUwi0UlNQoCnzuIRXegpsqkt+69WRy6ChU=
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com (10.167.90.148) by AM4PR0801MB2708.eurprd08.prod.outlook.com (10.167.90.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.239.5; Thu, 23 Nov 2017 08:09:55 +0000
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::edae:da33:a0c9:fe3f]) by AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::edae:da33:a0c9:fe3f%13]) with mapi id 15.20.0239.009; Thu, 23 Nov 2017 08:09:55 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Carsten Bormann <cabo@tzi.org>
CC: Suhas Nandakumar <suhasietf@gmail.com>, "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] Manifest Formats
Thread-Index: AQHTY+td/mA+/vbT2kSyVEnPOS/e4aMhkjBQgAAIi4CAAAAcEA==
Date: Thu, 23 Nov 2017 08:09:55 +0000
Message-ID: <AM4PR0801MB2706CCE1F426621EC437FEE7FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
References: <CAMRcRGQo_3ygGXeOEc0KR=E97Oax85p1L0UV62mMtv2E0zggaw@mail.gmail.com> <AM4PR0801MB270630DAF02E36407E12B79DFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <48439ED2-6618-4987-BC56-0D059F012890@tzi.org>
In-Reply-To: <48439ED2-6618-4987-BC56-0D059F012890@tzi.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com; 
x-originating-ip: [80.92.114.7]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM4PR0801MB2708; 6:HDXgavKHb4YcJnd3buqQvoEm/Epy5dU9xLcSH52DYKD/rygd1bUasyb78a4t06HIA96DaonpWA3YexQK4X6A4gMWLmkAqaDugPCAEaOrkq9G4hFffWHF+0c8uGSquRWu4CJShU2/m6tQc0nAjSAaKuvp9ZAETKGh3n645vG4goSzlR4ZMhdEDp/m7gysDoEIcHT9jLjQu7knFGW+xqdy6R2DjAEWgtbFjtwnRh3aS4zgMx865kjEEFEdOgfpn66nLz89UGwG5hDlVmUA2aV6CQKqpEc2zsC1xu5zDZHnUMgnGxZgOsaAHPgFQ310vxc79XW9tRWZ0MYK1Df0smvqyfeAetgm+IR+vNGREcHb5sE=; 5:NGclO/sZXj1yHw1kXTlG6CEs58FQzFsOkX1AECCo04Tw+vIX8G5ms44CmGpYMpNkQwdCCqs7sJ5yABLDUT4CDqRFXFIb9vAgYC4MtzIuDzCC27ijd95zr0fiejdBoYwqiYbJvdkNeKKH2aw0mV7spxBwUcNtzHjRseTZ/GSbKkQ=; 24:AsJcGNvpHnqiZaVRx1vfje6jVzpVpqDsZpqzX0zUYPHfFIUi7tjjxCPQ3v1syAvOokhBCyDkp9Jve7pDoitiycxZvZh6q7CUltOlqYFQ3wA=; 7:4JQ6dQ4RvLg81q0Ls3ZTO62wVOabedUlqSyJvVUM95with81GLNDMF99Nn6jVLZeZyY7BAsRXsbqiGxaTT09iryWM6eym8QkoJhNCaY9FrQlcW4DHALsfFPlXOesEzs8zxIDo9FafqET/DI7IUDj5nM45v8QrOn8LuuoJaFDgIRk5NMw9oxs6M73s1/NxzClj3d1IwMnuCtJmq6BqS0GtT0/mH4mGALee5Bm6x3VxGvL9E3lxbVGHPJT9Upa7Mfw
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 7f90cdf0-bf69-4340-ded6-08d5324994c8
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(48565401081)(5600022)(4604075)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(2017052603258); SRVR:AM4PR0801MB2708; 
x-ms-traffictypediagnostic: AM4PR0801MB2708:
x-microsoft-antispam-prvs: <AM4PR0801MB2708A2117CC5D0ABB224E04CFA210@AM4PR0801MB2708.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(180628864354917)(192374486261705);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(100000703101)(100105400095)(93006095)(93001095)(10201501046)(3002001)(3231022)(6055026)(6041248)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123558100)(20161123555025)(20161123560025)(20161123562025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:AM4PR0801MB2708; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:AM4PR0801MB2708; 
x-forefront-prvs: 05009853EF
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(376002)(366004)(346002)(39860400002)(13464003)(40434004)(24454002)(189002)(199003)(54906003)(39060400002)(97736004)(86362001)(14454004)(8676002)(478600001)(4326008)(316002)(5890100001)(25786009)(5660300001)(6246003)(55016002)(72206003)(68736007)(229853002)(2950100002)(53936002)(189998001)(6916009)(3280700002)(101416001)(6436002)(9686003)(54356999)(3660700001)(50986999)(53546010)(74316002)(76176999)(7696004)(6506006)(5250100002)(8936002)(2906002)(7736002)(305945005)(99286004)(81166006)(102836003)(66066001)(2900100001)(6116002)(3846002)(106356001)(81156014)(33656002)(105586002); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR0801MB2708; H:AM4PR0801MB2706.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 7f90cdf0-bf69-4340-ded6-08d5324994c8
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Nov 2017 08:09:55.2205 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0801MB2708
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/JLTpNDLo5yq8U80Fp7NCwLDnCcM>
Subject: Re: [Suit] Manifest Formats
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Nov 2017 08:10:16 -0000

SGkgQ2Fyc3RlbiwNCg0KRm9ybWF0IGhlcmUgbWVhbnMgaGF2aW5nIGFuIEFTTi4xLCBYTUwsIEpT
T04sIENCT1IsIGV0Yy4gZW5jb2RpbmdzIG9mIHRoZSBtYW5pZmVzdCAoKyB0aGUgYXBwcm9wcmlh
dGUgc2VjdXJpdHkgbWVjaGFuaXNtcykuDQoNCkZvciB1cyBvZmZlcmluZyBvcGVyYXRpbmcgc3lz
dGVtcyB3ZSBmZWFyIHRoYXQgb25lIGN1c3RvbWVyIHdpbGwgd2FudCBBU04uMSBhbmQgdGhlIG90
aGVyIHdhbnQgSlNPTiwgbGlrZSB0aGV5IGRvIHdpdGggSW9UIHByb3RvY29scyAoZS5nLiwgQ29B
UCBhbmQgTVFUVCkgdG9kYXkgYXMgd2VsbC4gVGhlIHJlc3VsdCBpcyB0aGF0IHdlIGhhdmUgdG8g
c3VwcG9ydCBldmVyeXRoaW5nIGFuZCB3aGlsZSB0aGV5IHdpbGwgbm90IGJlIGNvbXBpbGVkIGlu
dG8gdGhlIGNvZGUgYXQgdGhlIHNhbWUgdGltZSB0aGV5IG5lZWQgdG8gYmUgYXZhaWxhYmxlIGFu
ZCBuZWVkIHRvIGJlIG1haW50YWluZWQuDQoNCldoZW4geW91IHRoZW4gdXBkYXRlIGEgZmxlZXQg
b2YgZGV2aWNlcywgc29tZSBvZiB0aGVtIG1heSBzdXBwb3J0IGZvbyBhbmQgc29tZSBiYXIuIElt
YWdpbmUgYSB2ZWhpY2xlIHRoYXQgY29tZXMgd2l0aCBtYW55IGRpZmZlcmVudCBwcm9jZXNzb3Jz
IGFuZCB0aGV5IHJlcXVpcmUgYSBtaXh0dXJlIG9mIGRpZmZlcmVudCBmb3JtYXRzLiBUaGUgYmFj
a2VuZCBpbmZyYXN0cnVjdHVyZSB0aGVuIG5lZWRzIHRvIGtub3cgd2hhdCBmb3JtYXQgaXMgc3Vw
cG9ydGVkIGJ5IHdoaWNoIGRldmljZS9wcm9jZXNzb3IuDQoNCkkgaG9wZSB0aGlzIG1ha2VzIHNl
bnNlLg0KDQpDaWFvDQpIYW5uZXMNCg0KDQotLS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLQ0KRnJv
bTogQ2Fyc3RlbiBCb3JtYW5uIFttYWlsdG86Y2Fib0B0emkub3JnXQ0KU2VudDogMjMgTm92ZW1i
ZXIgMjAxNyAwOTowMg0KVG86IEhhbm5lcyBUc2Nob2ZlbmlnDQpDYzogU3VoYXMgTmFuZGFrdW1h
cjsgc3VpdEBpZXRmLm9yZw0KU3ViamVjdDogUmU6IFtTdWl0XSBNYW5pZmVzdCBGb3JtYXRzDQoN
Ck9uIE5vdiAyMywgMjAxNywgYXQgMDg6MzEsIEhhbm5lcyBUc2Nob2ZlbmlnIDxIYW5uZXMuVHNj
aG9mZW5pZ0Bhcm0uY29tPiB3cm90ZToNCj4NCj4gRG8geW91IGFncmVlIHRoYXQgaGF2aW5nIG11
bHRpcGxlIGZvcm1hdHMgd2lsbCBjYXVzZSBhZGRpdGlvbmFsIHBhaW4gYW5kIGxvd2VyIGludGVy
b3BlcmFiaWxpdHk/DQoNCknigJltIG5vdCBTdWhhcywgYnV0IEnigJlkIGxpa2UgdG8gcG9pbnQg
b3V0IHRoYXQgd2hpbGUgdGhpcyBpcyB0cml2aWFsbHkgdHJ1ZSwgaXQgbWF5IGFsc28gYmUgdHJp
dmlhbGx5IGlycmVsZXZhbnQsIGFzIGRlbW9uc3RyYXRlZCBieSBhIHNlbnRlbmNlIGxpa2U6DQoN
Cj4gaGF2aW5nIGJvdGggVURQIGFuZCBUQ1AgYXMgdHJhbnNwb3J0IHByb3RvY29scyBmb3IgSVAg
d2lsbCBjYXVzZSBhZGRpdGlvbmFsIHBhaW4gYW5kIGxvd2VyIGludGVyb3BlcmFiaWxpdHkNCg0K
KEnigJltIG5vdCBzdXJlIHdoYXQg4oCcZm9ybWF04oCdIG1lYW5zIGhlcmU7IGlmIHRoaXMgaXMg
YWJvdXQgc2VyaWFsaXphdGlvbnMsIGRpZmZlcmVudCBjb25zaWRlcmF0aW9ucyBhcHBseSB0aGFu
IGlmIHRoaXMgaXMgYWJvdXQgaW5mb3JtYXRpb24gbW9kZWxzIGFuZCBzZWN1cml0eSBtb2RlbHMu
KQ0KDQpHcsO8w59lLCBDYXJzdGVuDQoNCklNUE9SVEFOVCBOT1RJQ0U6IFRoZSBjb250ZW50cyBv
ZiB0aGlzIGVtYWlsIGFuZCBhbnkgYXR0YWNobWVudHMgYXJlIGNvbmZpZGVudGlhbCBhbmQgbWF5
IGFsc28gYmUgcHJpdmlsZWdlZC4gSWYgeW91IGFyZSBub3QgdGhlIGludGVuZGVkIHJlY2lwaWVu
dCwgcGxlYXNlIG5vdGlmeSB0aGUgc2VuZGVyIGltbWVkaWF0ZWx5IGFuZCBkbyBub3QgZGlzY2xv
c2UgdGhlIGNvbnRlbnRzIHRvIGFueSBvdGhlciBwZXJzb24sIHVzZSBpdCBmb3IgYW55IHB1cnBv
c2UsIG9yIHN0b3JlIG9yIGNvcHkgdGhlIGluZm9ybWF0aW9uIGluIGFueSBtZWRpdW0uIFRoYW5r
IHlvdS4NCg==


From nobody Thu Nov 23 00:59:07 2017
Return-Path: <henk.birkholz@sit.fraunhofer.de>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B195B127775 for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 00:59:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level: 
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hmN1R0Y3OrgR for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 00:59:02 -0800 (PST)
Received: from mail-edgeKA27.fraunhofer.de (mail-edgeka27.fraunhofer.de [153.96.1.27]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1F642126CBF for <suit@ietf.org>; Thu, 23 Nov 2017 00:59:00 -0800 (PST)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A2HdAgBp299Z/xoBYJleGwEBAQMBAQEJAQEBgy8uZG4nB4NzmVGBSyuWLw6CBAoYC4FegzoChD9BFgECAQEBAQEBAQNoKIJqRiwBAQEBAQFPAj4sAQEBBAEBIQ8BBTYCGQkCEQQBAQECAhESAwICJx8BCAgGDQYCAQEVAooCAQQMjXudZ4InizwBAQEBAQEBAQEBAQEBAQEBAQEBAQEYBYEOgh+CB4FRgTowK4J/gT2DAxIBEgEHRBMNgkeCYQWKHI4xiHeBCIEmjHOHXRuBWYQAg1UFgVCFXpU+AgQGBQIZAYE5JgkpgQMLUyZdhSaBeHWJIoEkAYEQAQEB
X-IPAS-Result: A2HdAgBp299Z/xoBYJleGwEBAQMBAQEJAQEBgy8uZG4nB4NzmVGBSyuWLw6CBAoYC4FegzoChD9BFgECAQEBAQEBAQNoKIJqRiwBAQEBAQFPAj4sAQEBBAEBIQ8BBTYCGQkCEQQBAQECAhESAwICJx8BCAgGDQYCAQEVAooCAQQMjXudZ4InizwBAQEBAQEBAQEBAQEBAQEBAQEBAQEYBYEOgh+CB4FRgTowK4J/gT2DAxIBEgEHRBMNgkeCYQWKHI4xiHeBCIEmjHOHXRuBWYQAg1UFgVCFXpU+AgQGBQIZAYE5JgkpgQMLUyZdhSaBeHWJIoEkAYEQAQEB
X-IronPort-AV: E=Sophos;i="5.43,368,1503352800";  d="scan'208";a="1523471"
Received: from mail-mtaka26.fraunhofer.de ([153.96.1.26]) by mail-edgeKA27.fraunhofer.de with ESMTP/TLS/DHE-RSA-AES256-SHA; 23 Nov 2017 09:58:52 +0100
X-IronPort-AV: E=Sophos;i="5.44,441,1505772000"; d="scan'208";a="270833994"
X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown
Received: from mailext.sit.fraunhofer.de ([141.12.72.89]) by mail-mtaka26.fraunhofer.de with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 23 Nov 2017 09:58:39 +0100
Received: from mail.sit.fraunhofer.de (mail.sit.fraunhofer.de [141.12.84.171]) by mailext.sit.fraunhofer.de (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id vAN8wbHw005662 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <suit@ietf.org>; Thu, 23 Nov 2017 09:58:39 +0100
Received: from [134.102.160.161] (134.102.160.161) by mail.sit.fraunhofer.de (141.12.84.171) with Microsoft SMTP Server (TLS) id 14.3.361.1; Thu, 23 Nov 2017 09:58:32 +0100
To: <suit@ietf.org>
References: <CAMRcRGTGnEc6M1ywrW2TVo7Ueoi4TKhEhBvwriiS9vXE6imZbg@mail.gmail.com> <AM4PR0801MB2706FBF71B766D9929CBA0B1FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
From: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
Message-ID: <c9e1ae04-00e2-4e25-c84e-c93ed2faf7c1@sit.fraunhofer.de>
Date: Thu, 23 Nov 2017 09:58:32 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <AM4PR0801MB2706FBF71B766D9929CBA0B1FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
Content-Type: text/plain; charset="utf-8"; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Originating-IP: [134.102.160.161]
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/EUr4b_p-V2D6wxXQxlTCytQCrP0>
Subject: Re: [Suit] SUIT Charter: RFC4108 Reference in the charter
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Nov 2017 08:59:06 -0000

Hello,

calling RFC 4108 "state-of-the-art" is some kind of euphemism, right?

I know it is the only good reference in the RFC space - the Concise 
Software Identifier I-D also references 4108 for over a year now... but 
we decided to leave only the very basic information elements from RFC 
4108 in the CoSWID draft, will finish the current draft and create a 
corresponding extension draft when SUIT has come to life and agreed on 
mandatory metadata and optional metatdata information elements to be 
included in the manifest.

RFC 4108 is "pre-IoT" and is based on assumptions that mostly do not 
exactly apply anymore today, especially encoding wise.

I am strongly against encoding wars: but either we extend the 
expressiveness of 4108 and continue the use of CMS (which, I think, is a 
lesson learned and might be one of the things we do not want to repeat) 
or we create a way forward that take into account the requirements 
today. And Richard and others, for example, had some very good use cases 
at the first Bar BoF, if I remember correctly.

Viele Grüße,

Henk

On 11/23/2017 08:40 AM, Hannes Tschofenig wrote:
> Hi Suhas,
> 
> I think it is helpful in two ways:
> 
> -First RFC 4108 illustrates that the IETF has published a document in 
> this area already.
> 
> -Second, it is useful background material. I always find it interesting 
> to take the state-of-the-art into account. Too often we ignore prior 
> work and repeat the same mistakes over and over again.
> 
> I agree that RFC 4108 is not in widespread use but is the text does not 
> claim that.
> 
> Ciao
> 
> Hannes
> 
> *From:*Suit [mailto:suit-bounces@ietf.org] *On Behalf Of *Suhas Nandakumar
> *Sent:* 23 November 2017 00:31
> *To:* suit@ietf.org
> *Subject:* [Suit] SUIT Charter: RFC4108 Reference in the charter
> 
> Hello All
> 
> The charter current says the following on the CMS or RFC 4108
> 
> """
> 
> RFC 4108 provides a manifest format that uses the Cryptographic Message 
> Syntax (CMS) to protect firmware packages. More than ten years have 
> passed since the publication of RFC 4108, and greater experience with 
> IoT deployments has led to additional functionality, requiring a 
> contemporary standardized solution to be defined.
> 
> """
> 
> I feel this para is not adding value to the WG objectives and should be 
> removed from the charter. IIRC the BOF discussions also indicated 
> something on the similar lines and RFC4108 is not in widespread use as 
> of today.
> 
> Cheers
> 
> Suhas Nandakumar
> 
> IMPORTANT NOTICE: The contents of this email and any attachments are 
> confidential and may also be privileged. If you are not the intended 
> recipient, please notify the sender immediately and do not disclose the 
> contents to any other person, use it for any purpose, or store or copy 
> the information in any medium. Thank you.
> 
> 
> _______________________________________________
> Suit mailing list
> Suit@ietf.org
> https://www.ietf.org/mailman/listinfo/suit
> 


From nobody Thu Nov 23 01:01:50 2017
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E641127863 for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 01:01:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.701
X-Spam-Level: 
X-Spam-Status: No, score=-4.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cS2TtIucZR-q for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 01:01:42 -0800 (PST)
Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-eopbgr20045.outbound.protection.outlook.com [40.107.2.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 500D7127275 for <suit@ietf.org>; Thu, 23 Nov 2017 01:01:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=ZcgrNS2zE5apTO9+hUU9acWbGAWAeiQ5AVlhxIP6ciY=; b=Ea3q0SbjT5lK1zpjtDHjLo7pqxg+lFVTb8IeA9rsYUmqDxw/W9lxWgToKPJH1Kh/iAcQKHmKmGq2keBFWEs3CSfULLa6ZCwB7akgDSg0w36eRHLCydZu1yLaJsyo9ycMmeEziGWfkYotMO7789Gq/9dWeRyToslKtlthcOH76nM=
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com (10.167.90.148) by AM4PR0801MB2707.eurprd08.prod.outlook.com (10.167.90.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.239.5; Thu, 23 Nov 2017 09:01:39 +0000
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::edae:da33:a0c9:fe3f]) by AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::edae:da33:a0c9:fe3f%13]) with mapi id 15.20.0239.009; Thu, 23 Nov 2017 09:01:39 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>, "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] SUIT Charter: RFC4108 Reference in the charter
Thread-Index: AQHTY+oDo0W4651Oc0mcrkg8VbRVzaMhlBcQgAAWjgCAAABx0A==
Date: Thu, 23 Nov 2017 09:01:39 +0000
Message-ID: <AM4PR0801MB27065CB26E49B2BB834644EEFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
References: <CAMRcRGTGnEc6M1ywrW2TVo7Ueoi4TKhEhBvwriiS9vXE6imZbg@mail.gmail.com> <AM4PR0801MB2706FBF71B766D9929CBA0B1FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <c9e1ae04-00e2-4e25-c84e-c93ed2faf7c1@sit.fraunhofer.de>
In-Reply-To: <c9e1ae04-00e2-4e25-c84e-c93ed2faf7c1@sit.fraunhofer.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [80.92.114.7]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM4PR0801MB2707; 6:zLvPYJFA/ygxtVeFUsuJrl9gFH7T/WupazqxS7cT4zWHl7ZzjD2usRXcKun2mzs9YNBmYyfu2NfDD1ebSyEl9ak5LKpBu3665p/UrNqFDlgrObiG9POntLDJkfQo4SQg6ab1/kHMoMFFJZqtSOX9x+VhFxIJLykGoCuuOXZbPajbOgh+rWRv4kVT8VocCHBVL11rMsjsN0euU+6Qq4BF66adDG8z83X+k+eeHGCXwNYu/A9YwRNmWAtWpYw1irHJ6eBfoglrkcy8ftA5J75WEeCyFiJ1Yik2pg2LrCxPHkMOHVzYFMvTSTmzrxes5+f4bkXhqPEek7jR3hE0/vu55adNZwaaf1UBmkRKgK4LSD8=; 5:N+GGpHF9y7v6Ne0MnMDH9k+vEBor/ei55hPxjwMlUkAruxg4U0Zjd8/xpqk7F17rUjGfSBWUQebOrJDe1KAugKsQ91FsUXruAlNGPgbm91quRbAbKpolu9caz2bEcfpzipMIQ81oQBYzP7ykuC9QyBL6OE4CWF+WjPMObGp1ebA=; 24:K8h7V7fLkMjq4CHq1n95PIUZEqhHldEobfhQvq+BaiUbkEe6JRnvPi8+oJgv8BCe69VFmmL/p8GYTSEiobCL63M7dkPeBAyWC65u8gnw7pA=; 7:xKrqYJ/yPaaSodjZG/H0m+7Yc+De3SBC1KLfXHMrp4RYuJ8cs5bFhrtbaCzg2Doh9QgiFAWkFFw3oZSEO++jjJFXhs7caYqbHZInspFamZDbeCPEu0ke8q6AgnMnPGMXXjpcgPDex4E0vd2yeDd0sNBGWwBTdAkGiVUlqb4x/KkTfH4pd3KvAOjimsTdtSI+eQKeA2BpqZKjLHqa7/ve3gTdMDpFOXWxRSP6zabBLmN16xIyLEkqLxxvNRV3JPFV
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 6f94d314-e499-420a-0f84-08d53250cf2b
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(5600022)(4604075)(48565401081)(2017052603258); SRVR:AM4PR0801MB2707; 
x-ms-traffictypediagnostic: AM4PR0801MB2707:
x-microsoft-antispam-prvs: <AM4PR0801MB27071138A738A3F34069DE71FA210@AM4PR0801MB2707.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(131327999870524);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(93006095)(93001095)(3002001)(3231022)(100000703101)(100105400095)(10201501046)(6055026)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(20161123558100)(20161123564025)(20161123562025)(20161123555025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:AM4PR0801MB2707; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:AM4PR0801MB2707; 
x-forefront-prvs: 05009853EF
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(366004)(346002)(376002)(39860400002)(24454002)(13464003)(40434004)(199003)(53754006)(189002)(86362001)(5890100001)(2950100002)(53546010)(2501003)(53936002)(110136005)(3280700002)(966005)(6306002)(97736004)(14454004)(9686003)(66066001)(316002)(229853002)(8936002)(68736007)(6246003)(3660700001)(2906002)(478600001)(3846002)(101416001)(102836003)(6116002)(106356001)(2900100001)(105586002)(5250100002)(54356999)(76176999)(50986999)(6506006)(8676002)(99286004)(72206003)(33656002)(5660300001)(81156014)(55016002)(81166006)(7696004)(7736002)(189998001)(305945005)(25786009)(74316002)(6436002); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR0801MB2707; H:AM4PR0801MB2706.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com; 
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 6f94d314-e499-420a-0f84-08d53250cf2b
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Nov 2017 09:01:39.6646 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0801MB2707
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/xN0DKpAQwIZWSHL6jGA06VjW7vQ>
Subject: Re: [Suit] SUIT Charter: RFC4108 Reference in the charter
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Nov 2017 09:01:49 -0000

SGkgSGVuaywNCg0KVGhpcyBpcyBub3QgYWJvdXQgY29kaW5nIHdhcnMuIFdlIGFyZSBvbmx5IHRh
bGtpbmcgYWJvdXQgd2hldGhlciBpdCBpcyB1c2VmdWwgdG8gbWVudGlvbiBwcmlvciBJRVRGIHdv
cmsgaW4gdGhlIGNoYXJ0ZXIuIE5vdGhpbmcgbW9yZS4NCg0KVGhlcmUgaXMgc2VwYXJhdGUgdGV4
dCBpbiB0aGUgY2hhcnRlciB0aGF0IHNheXMgdGhlIGdyb3VwIHdpbGwgcGljayBvbmUgb3IgbXVs
dGlwbGUgZW5jb2RpbmcgZm9ybWF0cy4NCg0KQ2lhbw0KSGFubmVzDQoNCi0tLS0tT3JpZ2luYWwg
TWVzc2FnZS0tLS0tDQpGcm9tOiBTdWl0IFttYWlsdG86c3VpdC1ib3VuY2VzQGlldGYub3JnXSBP
biBCZWhhbGYgT2YgSGVuayBCaXJraG9seg0KU2VudDogMjMgTm92ZW1iZXIgMjAxNyAwOTo1OQ0K
VG86IHN1aXRAaWV0Zi5vcmcNClN1YmplY3Q6IFJlOiBbU3VpdF0gU1VJVCBDaGFydGVyOiBSRkM0
MTA4IFJlZmVyZW5jZSBpbiB0aGUgY2hhcnRlcg0KDQpIZWxsbywNCg0KY2FsbGluZyBSRkMgNDEw
OCAic3RhdGUtb2YtdGhlLWFydCIgaXMgc29tZSBraW5kIG9mIGV1cGhlbWlzbSwgcmlnaHQ/DQoN
Ckkga25vdyBpdCBpcyB0aGUgb25seSBnb29kIHJlZmVyZW5jZSBpbiB0aGUgUkZDIHNwYWNlIC0g
dGhlIENvbmNpc2UgU29mdHdhcmUgSWRlbnRpZmllciBJLUQgYWxzbyByZWZlcmVuY2VzIDQxMDgg
Zm9yIG92ZXIgYSB5ZWFyIG5vdy4uLiBidXQgd2UgZGVjaWRlZCB0byBsZWF2ZSBvbmx5IHRoZSB2
ZXJ5IGJhc2ljIGluZm9ybWF0aW9uIGVsZW1lbnRzIGZyb20gUkZDDQo0MTA4IGluIHRoZSBDb1NX
SUQgZHJhZnQsIHdpbGwgZmluaXNoIHRoZSBjdXJyZW50IGRyYWZ0IGFuZCBjcmVhdGUgYSBjb3Jy
ZXNwb25kaW5nIGV4dGVuc2lvbiBkcmFmdCB3aGVuIFNVSVQgaGFzIGNvbWUgdG8gbGlmZSBhbmQg
YWdyZWVkIG9uIG1hbmRhdG9yeSBtZXRhZGF0YSBhbmQgb3B0aW9uYWwgbWV0YXRkYXRhIGluZm9y
bWF0aW9uIGVsZW1lbnRzIHRvIGJlIGluY2x1ZGVkIGluIHRoZSBtYW5pZmVzdC4NCg0KUkZDIDQx
MDggaXMgInByZS1Jb1QiIGFuZCBpcyBiYXNlZCBvbiBhc3N1bXB0aW9ucyB0aGF0IG1vc3RseSBk
byBub3QgZXhhY3RseSBhcHBseSBhbnltb3JlIHRvZGF5LCBlc3BlY2lhbGx5IGVuY29kaW5nIHdp
c2UuDQoNCkkgYW0gc3Ryb25nbHkgYWdhaW5zdCBlbmNvZGluZyB3YXJzOiBidXQgZWl0aGVyIHdl
IGV4dGVuZCB0aGUgZXhwcmVzc2l2ZW5lc3Mgb2YgNDEwOCBhbmQgY29udGludWUgdGhlIHVzZSBv
ZiBDTVMgKHdoaWNoLCBJIHRoaW5rLCBpcyBhIGxlc3NvbiBsZWFybmVkIGFuZCBtaWdodCBiZSBv
bmUgb2YgdGhlIHRoaW5ncyB3ZSBkbyBub3Qgd2FudCB0byByZXBlYXQpIG9yIHdlIGNyZWF0ZSBh
IHdheSBmb3J3YXJkIHRoYXQgdGFrZSBpbnRvIGFjY291bnQgdGhlIHJlcXVpcmVtZW50cyB0b2Rh
eS4gQW5kIFJpY2hhcmQgYW5kIG90aGVycywgZm9yIGV4YW1wbGUsIGhhZCBzb21lIHZlcnkgZ29v
ZCB1c2UgY2FzZXMgYXQgdGhlIGZpcnN0IEJhciBCb0YsIGlmIEkgcmVtZW1iZXIgY29ycmVjdGx5
Lg0KDQpWaWVsZSBHcsO8w59lLA0KDQpIZW5rDQoNCk9uIDExLzIzLzIwMTcgMDg6NDAgQU0sIEhh
bm5lcyBUc2Nob2ZlbmlnIHdyb3RlOg0KPiBIaSBTdWhhcywNCj4NCj4gSSB0aGluayBpdCBpcyBo
ZWxwZnVsIGluIHR3byB3YXlzOg0KPg0KPiAtRmlyc3QgUkZDIDQxMDggaWxsdXN0cmF0ZXMgdGhh
dCB0aGUgSUVURiBoYXMgcHVibGlzaGVkIGEgZG9jdW1lbnQgaW4NCj4gdGhpcyBhcmVhIGFscmVh
ZHkuDQo+DQo+IC1TZWNvbmQsIGl0IGlzIHVzZWZ1bCBiYWNrZ3JvdW5kIG1hdGVyaWFsLiBJIGFs
d2F5cyBmaW5kIGl0DQo+IGludGVyZXN0aW5nIHRvIHRha2UgdGhlIHN0YXRlLW9mLXRoZS1hcnQg
aW50byBhY2NvdW50LiBUb28gb2Z0ZW4gd2UNCj4gaWdub3JlIHByaW9yIHdvcmsgYW5kIHJlcGVh
dCB0aGUgc2FtZSBtaXN0YWtlcyBvdmVyIGFuZCBvdmVyIGFnYWluLg0KPg0KPiBJIGFncmVlIHRo
YXQgUkZDIDQxMDggaXMgbm90IGluIHdpZGVzcHJlYWQgdXNlIGJ1dCBpcyB0aGUgdGV4dCBkb2Vz
DQo+IG5vdCBjbGFpbSB0aGF0Lg0KPg0KPiBDaWFvDQo+DQo+IEhhbm5lcw0KPg0KPiAqRnJvbToq
U3VpdCBbbWFpbHRvOnN1aXQtYm91bmNlc0BpZXRmLm9yZ10gKk9uIEJlaGFsZiBPZiAqU3VoYXMN
Cj4gTmFuZGFrdW1hcg0KPiAqU2VudDoqIDIzIE5vdmVtYmVyIDIwMTcgMDA6MzENCj4gKlRvOiog
c3VpdEBpZXRmLm9yZw0KPiAqU3ViamVjdDoqIFtTdWl0XSBTVUlUIENoYXJ0ZXI6IFJGQzQxMDgg
UmVmZXJlbmNlIGluIHRoZSBjaGFydGVyDQo+DQo+IEhlbGxvIEFsbA0KPg0KPiBUaGUgY2hhcnRl
ciBjdXJyZW50IHNheXMgdGhlIGZvbGxvd2luZyBvbiB0aGUgQ01TIG9yIFJGQyA0MTA4DQo+DQo+
ICIiIg0KPg0KPiBSRkMgNDEwOCBwcm92aWRlcyBhIG1hbmlmZXN0IGZvcm1hdCB0aGF0IHVzZXMg
dGhlIENyeXB0b2dyYXBoaWMNCj4gTWVzc2FnZSBTeW50YXggKENNUykgdG8gcHJvdGVjdCBmaXJt
d2FyZSBwYWNrYWdlcy4gTW9yZSB0aGFuIHRlbiB5ZWFycw0KPiBoYXZlIHBhc3NlZCBzaW5jZSB0
aGUgcHVibGljYXRpb24gb2YgUkZDIDQxMDgsIGFuZCBncmVhdGVyIGV4cGVyaWVuY2UNCj4gd2l0
aCBJb1QgZGVwbG95bWVudHMgaGFzIGxlZCB0byBhZGRpdGlvbmFsIGZ1bmN0aW9uYWxpdHksIHJl
cXVpcmluZyBhDQo+IGNvbnRlbXBvcmFyeSBzdGFuZGFyZGl6ZWQgc29sdXRpb24gdG8gYmUgZGVm
aW5lZC4NCj4NCj4gIiIiDQo+DQo+IEkgZmVlbCB0aGlzIHBhcmEgaXMgbm90IGFkZGluZyB2YWx1
ZSB0byB0aGUgV0cgb2JqZWN0aXZlcyBhbmQgc2hvdWxkDQo+IGJlIHJlbW92ZWQgZnJvbSB0aGUg
Y2hhcnRlci4gSUlSQyB0aGUgQk9GIGRpc2N1c3Npb25zIGFsc28gaW5kaWNhdGVkDQo+IHNvbWV0
aGluZyBvbiB0aGUgc2ltaWxhciBsaW5lcyBhbmQgUkZDNDEwOCBpcyBub3QgaW4gd2lkZXNwcmVh
ZCB1c2UgYXMNCj4gb2YgdG9kYXkuDQo+DQo+IENoZWVycw0KPg0KPiBTdWhhcyBOYW5kYWt1bWFy
DQo+DQo+IElNUE9SVEFOVCBOT1RJQ0U6IFRoZSBjb250ZW50cyBvZiB0aGlzIGVtYWlsIGFuZCBh
bnkgYXR0YWNobWVudHMgYXJlDQo+IGNvbmZpZGVudGlhbCBhbmQgbWF5IGFsc28gYmUgcHJpdmls
ZWdlZC4gSWYgeW91IGFyZSBub3QgdGhlIGludGVuZGVkDQo+IHJlY2lwaWVudCwgcGxlYXNlIG5v
dGlmeSB0aGUgc2VuZGVyIGltbWVkaWF0ZWx5IGFuZCBkbyBub3QgZGlzY2xvc2UNCj4gdGhlIGNv
bnRlbnRzIHRvIGFueSBvdGhlciBwZXJzb24sIHVzZSBpdCBmb3IgYW55IHB1cnBvc2UsIG9yIHN0
b3JlIG9yDQo+IGNvcHkgdGhlIGluZm9ybWF0aW9uIGluIGFueSBtZWRpdW0uIFRoYW5rIHlvdS4N
Cj4NCj4NCj4gX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18N
Cj4gU3VpdCBtYWlsaW5nIGxpc3QNCj4gU3VpdEBpZXRmLm9yZw0KPiBodHRwczovL3d3dy5pZXRm
Lm9yZy9tYWlsbWFuL2xpc3RpbmZvL3N1aXQNCj4NCg0KX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fX19fX19fX18NClN1aXQgbWFpbGluZyBsaXN0DQpTdWl0QGlldGYub3Jn
DQpodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL3N1aXQNCklNUE9SVEFOVCBO
T1RJQ0U6IFRoZSBjb250ZW50cyBvZiB0aGlzIGVtYWlsIGFuZCBhbnkgYXR0YWNobWVudHMgYXJl
IGNvbmZpZGVudGlhbCBhbmQgbWF5IGFsc28gYmUgcHJpdmlsZWdlZC4gSWYgeW91IGFyZSBub3Qg
dGhlIGludGVuZGVkIHJlY2lwaWVudCwgcGxlYXNlIG5vdGlmeSB0aGUgc2VuZGVyIGltbWVkaWF0
ZWx5IGFuZCBkbyBub3QgZGlzY2xvc2UgdGhlIGNvbnRlbnRzIHRvIGFueSBvdGhlciBwZXJzb24s
IHVzZSBpdCBmb3IgYW55IHB1cnBvc2UsIG9yIHN0b3JlIG9yIGNvcHkgdGhlIGluZm9ybWF0aW9u
IGluIGFueSBtZWRpdW0uIFRoYW5rIHlvdS4NCg==


From nobody Thu Nov 23 01:02:15 2017
Return-Path: <henk.birkholz@sit.fraunhofer.de>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B16A7127863 for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 01:02:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.901
X-Spam-Level: 
X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yuPcZ2uMzKbQ for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 01:01:57 -0800 (PST)
Received: from iron01.fraunhofer.de (iron01.fraunhofer.de [153.96.1.54]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3FC85127BA3 for <suit@ietf.org>; Thu, 23 Nov 2017 01:01:57 -0800 (PST)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A2GABQDh299Z/xoBYJleHAEBBAEBCgEBg11kbicHg3OZUYFLCSKYQQoYC4UYAoQ/VwECAQEBAQECA2gogmpGLAEBAQEBAU8CPi0BAQQBASEPAQU2GwkCGAICJgICJyAQBg0GAgEBihkBBAELjXudZ4InizwBAQEHAQEBAQEBHQWBDoIfggeBUYIVC4J0hVGCR4JhBYoclyiBCIEmlkSHVQWHLpU+AgQGBQIZAYE5WIEOUyZdhx51ikYBgRABAQE
X-IPAS-Result: A2GABQDh299Z/xoBYJleHAEBBAEBCgEBg11kbicHg3OZUYFLCSKYQQoYC4UYAoQ/VwECAQEBAQECA2gogmpGLAEBAQEBAU8CPi0BAQQBASEPAQU2GwkCGAICJgICJyAQBg0GAgEBihkBBAELjXudZ4InizwBAQEHAQEBAQEBHQWBDoIfggeBUYIVC4J0hVGCR4JhBYoclyiBCIEmlkSHVQWHLpU+AgQGBQIZAYE5WIEOUyZdhx51ikYBgRABAQE
X-IronPort-AV: E=Sophos;i="5.43,368,1503352800"; d="scan'208";a="100311953"
Received: from mail-mtaka26.fraunhofer.de ([153.96.1.26]) by iron01.fraunhofer.de with ESMTP/TLS/DHE-RSA-AES256-SHA; 23 Nov 2017 10:01:55 +0100
X-IronPort-AV: E=Sophos;i="5.44,441,1505772000"; d="scan'208";a="270834945"
X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown
Received: from mailext.sit.fraunhofer.de ([141.12.72.89]) by mail-mtaka26.fraunhofer.de with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 23 Nov 2017 10:01:47 +0100
Received: from mail.sit.fraunhofer.de (mail.sit.fraunhofer.de [141.12.84.171]) by mailext.sit.fraunhofer.de (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id vAN91jNQ005788 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <suit@ietf.org>; Thu, 23 Nov 2017 10:01:46 +0100
Received: from [134.102.160.161] (134.102.160.161) by mail.sit.fraunhofer.de (141.12.84.171) with Microsoft SMTP Server (TLS) id 14.3.361.1; Thu, 23 Nov 2017 10:01:39 +0100
To: <suit@ietf.org>
References: <CAMRcRGQo_3ygGXeOEc0KR=E97Oax85p1L0UV62mMtv2E0zggaw@mail.gmail.com> <AM4PR0801MB270630DAF02E36407E12B79DFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <48439ED2-6618-4987-BC56-0D059F012890@tzi.org>
From: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
Message-ID: <59cfc088-0bfb-5012-cf8a-c2a06fff8a8e@sit.fraunhofer.de>
Date: Thu, 23 Nov 2017 10:01:39 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <48439ED2-6618-4987-BC56-0D059F012890@tzi.org>
Content-Type: text/plain; charset="utf-8"; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Originating-IP: [134.102.160.161]
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/YGKNoNR3wxFs3g2tbXSmKplPoXg>
Subject: Re: [Suit] Manifest Formats
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Nov 2017 09:02:07 -0000

Hello,

my assumption is that we are talking about a serialization of a data 
model for data in motion here.

And a personal note: I would really like not to have to to nest 
sequences in sets with one item nested in sequences again, anymore.

Viele Grüße,

Henk

On 11/23/2017 09:01 AM, Carsten Bormann wrote:
> On Nov 23, 2017, at 08:31, Hannes Tschofenig <Hannes.Tschofenig@arm.com> wrote:
>>
>> Do you agree that having multiple formats will cause additional pain and lower interoperability?
> 
> I’m not Suhas, but I’d like to point out that while this is trivially true, it may also be trivially irrelevant, as demonstrated by a sentence like:
> 
>> having both UDP and TCP as transport protocols for IP will cause additional pain and lower interoperability
> 
> (I’m not sure what “format” means here; if this is about serializations, different considerations apply than if this is about information models and security models.)
> 
> Grüße, Carsten
> 
> _______________________________________________
> Suit mailing list
> Suit@ietf.org
> https://www.ietf.org/mailman/listinfo/suit
> 


From nobody Thu Nov 23 01:10:41 2017
Return-Path: <henk.birkholz@sit.fraunhofer.de>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 77B76127863 for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 01:10:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.901
X-Spam-Level: 
X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JJ_yZS7GzaTG for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 01:10:38 -0800 (PST)
Received: from iron01.fraunhofer.de (iron01.fraunhofer.de [153.96.1.54]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 89497126B7E for <suit@ietf.org>; Thu, 23 Nov 2017 01:10:37 -0800 (PST)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A2HTAgDh299Z/xoBYJleGgEBAQECAQEBAQgBAQEBgy8uZG4nB4NzmVGBSwkilj2CBAoYC4FegzoChD9XAQIBAQEBAQIDaCiCakYsAQEBAQEBTwI+LAEBAQQBASEPAQU2AhUECQIRBAEBAQICERIDAgInHwEICAYBDAYCAQEVAooCAQQBC417nWeCJ4s8AQEBAQEBAQEBAQEBAQEBAQEBAQEBGAWBDoIfgTVSgVFuTDArC4J0gT2DAxIBEgEHRBOCVIJhBZhNiHeBCIEmjHOHXRuFWYNVBYFQhV6VPgIEBgUCGQGBOViBAwtTJl2FJoF4dYkigSQBgRABAQE
X-IPAS-Result: A2HTAgDh299Z/xoBYJleGgEBAQECAQEBAQgBAQEBgy8uZG4nB4NzmVGBSwkilj2CBAoYC4FegzoChD9XAQIBAQEBAQIDaCiCakYsAQEBAQEBTwI+LAEBAQQBASEPAQU2AhUECQIRBAEBAQICERIDAgInHwEICAYBDAYCAQEVAooCAQQBC417nWeCJ4s8AQEBAQEBAQEBAQEBAQEBAQEBAQEBGAWBDoIfgTVSgVFuTDArC4J0gT2DAxIBEgEHRBOCVIJhBZhNiHeBCIEmjHOHXRuFWYNVBYFQhV6VPgIEBgUCGQGBOViBAwtTJl2FJoF4dYkigSQBgRABAQE
X-IronPort-AV: E=Sophos;i="5.43,368,1503352800"; d="scan'208";a="100312257"
Received: from mail-mtaka26.fraunhofer.de ([153.96.1.26]) by iron01.fraunhofer.de with ESMTP/TLS/DHE-RSA-AES256-SHA; 23 Nov 2017 10:10:35 +0100
X-IronPort-AV: E=Sophos;i="5.44,441,1505772000"; d="scan'208";a="270837569"
X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown
Received: from mailext.sit.fraunhofer.de ([141.12.72.89]) by mail-mtaka26.fraunhofer.de with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 23 Nov 2017 10:10:34 +0100
Received: from mail.sit.fraunhofer.de (mail.sit.fraunhofer.de [141.12.84.171]) by mailext.sit.fraunhofer.de (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id vAN9AXnG005972 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 23 Nov 2017 10:10:34 +0100
Received: from [134.102.160.161] (134.102.160.161) by mail.sit.fraunhofer.de (141.12.84.171) with Microsoft SMTP Server (TLS) id 14.3.361.1; Thu, 23 Nov 2017 10:10:27 +0100
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, "suit@ietf.org" <suit@ietf.org>
References: <CAMRcRGTGnEc6M1ywrW2TVo7Ueoi4TKhEhBvwriiS9vXE6imZbg@mail.gmail.com> <AM4PR0801MB2706FBF71B766D9929CBA0B1FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <c9e1ae04-00e2-4e25-c84e-c93ed2faf7c1@sit.fraunhofer.de> <AM4PR0801MB27065CB26E49B2BB834644EEFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
From: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
Message-ID: <308e17f9-e5db-2bb5-3377-c4c19cc177a6@sit.fraunhofer.de>
Date: Thu, 23 Nov 2017 10:10:27 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <AM4PR0801MB27065CB26E49B2BB834644EEFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
Content-Type: text/plain; charset="utf-8"; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Originating-IP: [134.102.160.161]
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/Bd1W4jqCsTqN2-V2zMVkP0QciJg>
Subject: Re: [Suit] SUIT Charter: RFC4108 Reference in the charter
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Nov 2017 09:10:40 -0000

Very good,

still, the information elements derived from the data model of RFC 4108 
would have to be discussed,revised with scrutiny and have to be 
refactored. It is only state-of-the-art in the sense that VHS is 
state-of-the-art for analog video tapes, I think.

The point here is, is the content of 4108 vital enough to be included in 
the charter? And I would dare to say it is not.

Starting with requirements from scratch seems to be more productive to 
me in contrast to make some of the "old things" fit into the "old thing" 
just because it is there (and afak not even used significantly).

Viele Grüße,

Henk

On 11/23/2017 10:01 AM, Hannes Tschofenig wrote:
> Hi Henk,
> 
> This is not about coding wars. We are only talking about whether it is useful to mention prior IETF work in the charter. Nothing more.
> 
> There is separate text in the charter that says the group will pick one or multiple encoding formats.
> 
> Ciao
> Hannes
> 
> -----Original Message-----
> From: Suit [mailto:suit-bounces@ietf.org] On Behalf Of Henk Birkholz
> Sent: 23 November 2017 09:59
> To: suit@ietf.org
> Subject: Re: [Suit] SUIT Charter: RFC4108 Reference in the charter
> 
> Hello,
> 
> calling RFC 4108 "state-of-the-art" is some kind of euphemism, right?
> 
> I know it is the only good reference in the RFC space - the Concise Software Identifier I-D also references 4108 for over a year now... but we decided to leave only the very basic information elements from RFC
> 4108 in the CoSWID draft, will finish the current draft and create a corresponding extension draft when SUIT has come to life and agreed on mandatory metadata and optional metatdata information elements to be included in the manifest.
> 
> RFC 4108 is "pre-IoT" and is based on assumptions that mostly do not exactly apply anymore today, especially encoding wise.
> 
> I am strongly against encoding wars: but either we extend the expressiveness of 4108 and continue the use of CMS (which, I think, is a lesson learned and might be one of the things we do not want to repeat) or we create a way forward that take into account the requirements today. And Richard and others, for example, had some very good use cases at the first Bar BoF, if I remember correctly.
> 
> Viele Grüße,
> 
> Henk
> 
> On 11/23/2017 08:40 AM, Hannes Tschofenig wrote:
>> Hi Suhas,
>>
>> I think it is helpful in two ways:
>>
>> -First RFC 4108 illustrates that the IETF has published a document in
>> this area already.
>>
>> -Second, it is useful background material. I always find it
>> interesting to take the state-of-the-art into account. Too often we
>> ignore prior work and repeat the same mistakes over and over again.
>>
>> I agree that RFC 4108 is not in widespread use but is the text does
>> not claim that.
>>
>> Ciao
>>
>> Hannes
>>
>> *From:*Suit [mailto:suit-bounces@ietf.org] *On Behalf Of *Suhas
>> Nandakumar
>> *Sent:* 23 November 2017 00:31
>> *To:* suit@ietf.org
>> *Subject:* [Suit] SUIT Charter: RFC4108 Reference in the charter
>>
>> Hello All
>>
>> The charter current says the following on the CMS or RFC 4108
>>
>> """
>>
>> RFC 4108 provides a manifest format that uses the Cryptographic
>> Message Syntax (CMS) to protect firmware packages. More than ten years
>> have passed since the publication of RFC 4108, and greater experience
>> with IoT deployments has led to additional functionality, requiring a
>> contemporary standardized solution to be defined.
>>
>> """
>>
>> I feel this para is not adding value to the WG objectives and should
>> be removed from the charter. IIRC the BOF discussions also indicated
>> something on the similar lines and RFC4108 is not in widespread use as
>> of today.
>>
>> Cheers
>>
>> Suhas Nandakumar
>>
>> IMPORTANT NOTICE: The contents of this email and any attachments are
>> confidential and may also be privileged. If you are not the intended
>> recipient, please notify the sender immediately and do not disclose
>> the contents to any other person, use it for any purpose, or store or
>> copy the information in any medium. Thank you.
>>
>>
>> _______________________________________________
>> Suit mailing list
>> Suit@ietf.org
>> https://www.ietf.org/mailman/listinfo/suit
>>
> 
> _______________________________________________
> Suit mailing list
> Suit@ietf.org
> https://www.ietf.org/mailman/listinfo/suit
> IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
> 


From nobody Thu Nov 23 01:24:09 2017
Return-Path: <henk.birkholz@sit.fraunhofer.de>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ECAD71286CA for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 01:24:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level: 
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m6X9n7l67-kc for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 01:24:06 -0800 (PST)
Received: from mail-edgeKA27.fraunhofer.de (mail-edgeka27.fraunhofer.de [153.96.1.27]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EE75A127275 for <suit@ietf.org>; Thu, 23 Nov 2017 01:24:04 -0800 (PST)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A2HeAgBp299Z/xoBYJleGwEBAQMBAQEJAQEBg11kbicHg3OZUYFLK4hFjXiCBAoYC4FegzoChD9CFQECAQEBAQEBAQNoKIJqRiwBAQEBAQFPAj4sAQEBBAEBIQ8BBTYCFQQJAhEEAQEBAgIjAwICIQYfAQgIBg0GAgEBF4lrAxQBBAyNe5wzEYEjgieHQA2DbwEBAQEBAQQBAQEBAQEBARsFgQ6CH4E1UoFRbnwrgn+CXoF0ARIBCAFCIIJHgmEFihyWbDyBCIEmjHNQhw0bgVmEAINVBYcuiiGCX4g+AgQGBQIZAYE5NSOBAwtTJl2HHnWJIoEkAYEQAQEB
X-IPAS-Result: A2HeAgBp299Z/xoBYJleGwEBAQMBAQEJAQEBg11kbicHg3OZUYFLK4hFjXiCBAoYC4FegzoChD9CFQECAQEBAQEBAQNoKIJqRiwBAQEBAQFPAj4sAQEBBAEBIQ8BBTYCFQQJAhEEAQEBAgIjAwICIQYfAQgIBg0GAgEBF4lrAxQBBAyNe5wzEYEjgieHQA2DbwEBAQEBAQQBAQEBAQEBARsFgQ6CH4E1UoFRbnwrgn+CXoF0ARIBCAFCIIJHgmEFihyWbDyBCIEmjHNQhw0bgVmEAINVBYcuiiGCX4g+AgQGBQIZAYE5NSOBAwtTJl2HHnWJIoEkAYEQAQEB
X-IronPort-AV: E=Sophos;i="5.43,368,1503352800";  d="scan'208";a="1524281"
Received: from mail-mtaka26.fraunhofer.de ([153.96.1.26]) by mail-edgeKA27.fraunhofer.de with ESMTP/TLS/DHE-RSA-AES256-SHA; 23 Nov 2017 10:24:04 +0100
X-IronPort-AV: E=Sophos;i="5.44,441,1505772000"; d="scan'208";a="270841250"
X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown
Received: from mailext.sit.fraunhofer.de ([141.12.72.89]) by mail-mtaka26.fraunhofer.de with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 23 Nov 2017 10:23:53 +0100
Received: from mail.sit.fraunhofer.de (mail.sit.fraunhofer.de [141.12.84.171]) by mailext.sit.fraunhofer.de (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id vAN9NoC2006310 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <suit@ietf.org>; Thu, 23 Nov 2017 10:23:51 +0100
Received: from [134.102.160.161] (134.102.160.161) by mail.sit.fraunhofer.de (141.12.84.171) with Microsoft SMTP Server (TLS) id 14.3.361.1; Thu, 23 Nov 2017 10:23:45 +0100
To: <suit@ietf.org>
References: <CAMRcRGQbXX5Cog=Jccgrkuz48oGnw0v3AAx-N20UaZhXbW=H5g@mail.gmail.com> <589.1511394367@obiwan.sandelman.ca> <AM4PR0801MB2706942518011D9489B0DC6DFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
From: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
Message-ID: <512a039b-ca00-5cf7-bee1-988942e4656b@sit.fraunhofer.de>
Date: Thu, 23 Nov 2017 10:23:44 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <AM4PR0801MB2706942518011D9489B0DC6DFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
Content-Type: text/plain; charset="utf-8"; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Originating-IP: [134.102.160.161]
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/Eb0iHWmcUsrmm05skX5pQIlyYyQ>
Subject: Re: [Suit] SUIT Charter: Firmware Server Discovery and Download Mechanism
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Nov 2017 09:24:08 -0000

Hello,

I am not surprised that people expect a whole work-flow to be in scope 
if text, such as "secure firmware update mechanism", is in the charter. 
Maybe we just prerequisite enrollment, or imprint, or "zerotouch" 
solutions? Maybe we recommend a best practice?

I would recommend to elaborate on "A mechanism to transport firmware 
images to compatible devices", highlighting the scope of the "mechanism".

Viele Grüße,

Henk


On 11/23/2017 08:59 AM, Hannes Tschofenig wrote:
> Hi Suhas, Hi Michael,
> 
> the problem is the slippery slope here: as mentioned on the mailing list (not by me) it is not only about discovering the server but very quickly you are talking about "how do I push firmware updates to devices (instead of just polling)", "how do I learn what capabilities the device has (since the server wants to offer the appropriate firmware to the device)", "how do get information about the current state of the firmware update (has it been downloaded already, has the device successfully replaced the firmware, etc.)", "can I reset the device to a previous version of the firmware that is already on the device", "how much flash space is still left on the device", etc.
> 
> Some standardization work has been done in this field already, which I had pointed out in previous email discussions.
> 
> I am wondering why you don't create your own working group just to work on this topic. This would help to create more focused work.
> 
> Ciao
> Hannes
> 
> -----Original Message-----
> From: Suit [mailto:suit-bounces@ietf.org] On Behalf Of Michael Richardson
> Sent: 23 November 2017 00:46
> To: Suhas Nandakumar
> Cc: suit@ietf.org
> Subject: Re: [Suit] SUIT Charter: Firmware Server Discovery and Download Mechanism
> 
> 
> Suhas Nandakumar <suhasietf@gmail.com> wrote:
>      > I would like to propose following addition to the above list
> 
>      > *   Mechanisms to discover new firmware is available and the location
>      > to download it from
> 
> I'm actually okay with this in the charter, provided that we don't invent
> anything new.   I can imagine doint this with CoAP OBSERVE, DNS-SD, HTTP requests,
> and I'm sure I'll think of four more in a minute.
> 
> --
> Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works  -= IPv6 IoT consulting =-
> 
> 
> 
> IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
> 
> _______________________________________________
> Suit mailing list
> Suit@ietf.org
> https://www.ietf.org/mailman/listinfo/suit
> 


From nobody Thu Nov 23 02:02:04 2017
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C1C3C12878D for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 02:02:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Level: 
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wsbbtxZucFVB for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 02:01:54 -0800 (PST)
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-ve1eur01on0083.outbound.protection.outlook.com [104.47.1.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2BC451286CA for <suit@ietf.org>; Thu, 23 Nov 2017 02:01:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=aW7xuBq42erx0/wouAskfq2zTMuKymQqC4d6nIBnQaw=; b=BYruZ0pdf6YhC38gu+fivQsreSsYtPpXbu9JYn6FVO6NeEuKreciF49ISGynf75QDyH+9Zi/FWoJ3A7zzLu8FjkSvioioB4k7m5VgFfY9k57hmZ4EoucQgrSa9ciFf7l6Hb+YErPsjRN3XACpLCBHUq/Ig2v3wztcS2qrHw7B2A=
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com (10.167.90.148) by AM4PR0801MB2708.eurprd08.prod.outlook.com (10.167.90.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.239.5; Thu, 23 Nov 2017 10:01:50 +0000
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::edae:da33:a0c9:fe3f]) by AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::edae:da33:a0c9:fe3f%13]) with mapi id 15.20.0239.009; Thu, 23 Nov 2017 10:01:50 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>, "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] SUIT Charter: RFC4108 Reference in the charter
Thread-Index: AQHTY+oDo0W4651Oc0mcrkg8VbRVzaMhlBcQgAAWjgCAAABx0IAAAuOAgAAKPtA=
Date: Thu, 23 Nov 2017 10:01:50 +0000
Message-ID: <AM4PR0801MB2706D6B0366F06CFAE962BA0FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
References: <CAMRcRGTGnEc6M1ywrW2TVo7Ueoi4TKhEhBvwriiS9vXE6imZbg@mail.gmail.com> <AM4PR0801MB2706FBF71B766D9929CBA0B1FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <c9e1ae04-00e2-4e25-c84e-c93ed2faf7c1@sit.fraunhofer.de> <AM4PR0801MB27065CB26E49B2BB834644EEFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <308e17f9-e5db-2bb5-3377-c4c19cc177a6@sit.fraunhofer.de>
In-Reply-To: <308e17f9-e5db-2bb5-3377-c4c19cc177a6@sit.fraunhofer.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com; 
x-originating-ip: [80.92.114.7]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM4PR0801MB2708; 6:tZbKIdcu2gCRTtKubfjVODmMwGtd8akpfBWNyhmUuZUP7GJ5GOfiQfW5wuC2BfJQjZK07zKVgFRi/ol21qozTdaEJY7JNksRmAwipp5EgwLAxyNBSjGGrXkWZjELDnVPl7nQ3cLc/E4IYfGd9xgQHS3BcwEIC23dEsU6GE0gTCr2ZKeWnA5LFmCjadKRmrD1DibSI0jJaR90dBYWe7cimTN+T3cI0wWRtTVhiIA1G+85JEcddToFtwZRGQM3Aob2g3/GLT0jg61spGy5XPnAK3CSSFYwAS6cgic1dMAqX6FJH66B2sW2NCjKbKnq9TnjQFb/i5m9KhFSEhM888RXY5re+Yw0hF3mu2A+ZOPAlYQ=; 5:1JeNdpeqEIwnYoPbjByi6yHXPLZdCAAl5RqnNBSop6SlK9pHa7g4y/Vv/zn5zASNq8KHSTuZczt009yMZIXKQn8pCIkdoqhdcm1ed1KeWgK2SAEVriB0rtXrIapiUz1F6mS7h7Z7VORrOzvGkAloJNF9CbzxMPnUPKMP0y3mS6c=; 24:3oJ3bb0JavCxh/YStGI1rTgeu3NAnxlYnN1aN7KNNlcyWFbXA7B19slZK+6nAGmoVmGlCdB1CBWg7j5MsAM9i8o2QETloZLPm3Wt+biZKUk=; 7:Y6vk7bHG5Z7cTZJa9K5QYv1hSXcj6RH0dnZRAFjWAr9zvHkCyDdmXISOxjJYraHGoVYYnRRkAQVPzAox3qAWqhMlBHAOP8ahiPrAfJX95FzyCcxHcUwpFL+O78w8X2S+OOQHSq2rTFTsmKcE9+a5Rc2/NAqNuLWXtP2Q4FCXeFg5zEJ2NTGh1N7sX13ZPXyWhTJ+WsfOH/HT9OQqYnO+x1qUKQU8/lP+HmFxofmVLxjaZexewrXPMIc7TaIeCqG0
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 0cd1ef32-fc6c-45ca-2c26-08d532593755
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(5600025)(4604075)(2017052603258); SRVR:AM4PR0801MB2708; 
x-ms-traffictypediagnostic: AM4PR0801MB2708:
x-microsoft-antispam-prvs: <AM4PR0801MB2708D8ED5FA6A1A8A25D97B5FA210@AM4PR0801MB2708.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(131327999870524);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(100000703101)(100105400095)(93006095)(93001095)(10201501046)(3002001)(3231022)(6055026)(6041248)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123558100)(20161123555025)(20161123560025)(20161123562025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:AM4PR0801MB2708; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:AM4PR0801MB2708; 
x-forefront-prvs: 05009853EF
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(39860400002)(346002)(366004)(376002)(24454002)(199003)(189002)(13464003)(53754006)(40434004)(5250100002)(8936002)(305945005)(99286004)(2906002)(7736002)(9686003)(6436002)(50986999)(54356999)(6306002)(3660700001)(3280700002)(101416001)(74316002)(6506006)(7696004)(76176999)(53546010)(33656002)(106356001)(81156014)(3846002)(105586002)(81166006)(2900100001)(6116002)(102836003)(66066001)(478600001)(8676002)(316002)(93886005)(14454004)(97736004)(86362001)(72206003)(68736007)(110136005)(966005)(2950100002)(53936002)(189998001)(229853002)(2501003)(5890100001)(55016002)(6246003)(5660300001)(25786009); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR0801MB2708; H:AM4PR0801MB2706.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 0cd1ef32-fc6c-45ca-2c26-08d532593755
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Nov 2017 10:01:50.3350 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0801MB2708
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/uHVC-Drd0szzXsIeIxXk_tZmQ2Q>
Subject: Re: [Suit] SUIT Charter: RFC4108 Reference in the charter
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Nov 2017 10:02:03 -0000

SGkgSGVuaywNCg0KSSBmYWlsIHRvIHVuZGVyc3RhbmQgd2h5IHlvdSBhcmUgc28gbXVjaCBhZ2Fp
bnN0IGV2ZW4gbWVudGlvbmluZyBwcmlvciBhcnQgaW4gdGhlIGNoYXJ0ZXIuIEp1c3QgYmVjYXVz
ZSBSRkMgNDEwOCBvciB0aGUgSUFCIHdvcmtzaG9wIGFyZSBtZW50aW9uZWQgaW4gdGhlIGNoYXJ0
ZXIgdGV4dCBkb2VzIG5vdCBtZWFuIHRoYXQgdGhlIGdyb3VwIGNhbm5vdCBsaXN0IHRoZSByZXF1
aXJlbWVudHMgaW4gYSBkb2N1bWVudCBhZ2Fpbi4gV2hlcmUgZG8geW91IGdldCB0aGlzIGltcHJl
c3Npb24gZnJvbT8NCg0KSSBhbSBub3Qgc3VyZSB0aGUgY29tcGFyaXNvbiB3aXRoIFZIUyBpcyBh
cHByb3ByaWF0ZSBzaW5jZSB3ZSBhcmUgbm90IHdyaXRpbmcgYSBjaGFydGVyIGZvciBhIHRlY2hu
b2xvZ3kgdGhhdCByZXBsYWNlcyBWSFMuDQoNCkFzIG1lbnRpb25lZCB0byBTdWhhcyB0aGUgcHVy
cG9zZSBvZiBtZW50aW9uaW5nIFJGQyA0MTA4IGFuZCBhbHNvIHRoZSBJQUIgd29ya3Nob3AgaXMg
dG8gaGlnaGxpZ2h0IHRoYXQgdGhlIElFVEYgaGFzIGJlZW4gbG9va2luZyBpbnRvIHRoaXMgdG9w
aWMgYmVmb3JlLiBZb3UgcHJlZmVyIG5vdCB0byBtZW50aW9uIGFueXRoaW5nIGFib3V0IHByaW9y
IElFVEYgd29yayBpbiB0aGlzIGFyZWEgdG8gdGhlIHJlYWRlci4gSXMgdGhhdCBjb3JyZWN0Pw0K
DQpDaWFvDQpIYW5uZXMNCg0KLS0tLS1PcmlnaW5hbCBNZXNzYWdlLS0tLS0NCkZyb206IEhlbmsg
Qmlya2hvbHogW21haWx0bzpoZW5rLmJpcmtob2x6QHNpdC5mcmF1bmhvZmVyLmRlXQ0KU2VudDog
MjMgTm92ZW1iZXIgMjAxNyAxMDoxMA0KVG86IEhhbm5lcyBUc2Nob2ZlbmlnOyBzdWl0QGlldGYu
b3JnDQpTdWJqZWN0OiBSZTogW1N1aXRdIFNVSVQgQ2hhcnRlcjogUkZDNDEwOCBSZWZlcmVuY2Ug
aW4gdGhlIGNoYXJ0ZXINCg0KVmVyeSBnb29kLA0KDQpzdGlsbCwgdGhlIGluZm9ybWF0aW9uIGVs
ZW1lbnRzIGRlcml2ZWQgZnJvbSB0aGUgZGF0YSBtb2RlbCBvZiBSRkMgNDEwOCB3b3VsZCBoYXZl
IHRvIGJlIGRpc2N1c3NlZCxyZXZpc2VkIHdpdGggc2NydXRpbnkgYW5kIGhhdmUgdG8gYmUgcmVm
YWN0b3JlZC4gSXQgaXMgb25seSBzdGF0ZS1vZi10aGUtYXJ0IGluIHRoZSBzZW5zZSB0aGF0IFZI
UyBpcyBzdGF0ZS1vZi10aGUtYXJ0IGZvciBhbmFsb2cgdmlkZW8gdGFwZXMsIEkgdGhpbmsuDQoN
ClRoZSBwb2ludCBoZXJlIGlzLCBpcyB0aGUgY29udGVudCBvZiA0MTA4IHZpdGFsIGVub3VnaCB0
byBiZSBpbmNsdWRlZCBpbiB0aGUgY2hhcnRlcj8gQW5kIEkgd291bGQgZGFyZSB0byBzYXkgaXQg
aXMgbm90Lg0KDQpTdGFydGluZyB3aXRoIHJlcXVpcmVtZW50cyBmcm9tIHNjcmF0Y2ggc2VlbXMg
dG8gYmUgbW9yZSBwcm9kdWN0aXZlIHRvIG1lIGluIGNvbnRyYXN0IHRvIG1ha2Ugc29tZSBvZiB0
aGUgIm9sZCB0aGluZ3MiIGZpdCBpbnRvIHRoZSAib2xkIHRoaW5nIg0KanVzdCBiZWNhdXNlIGl0
IGlzIHRoZXJlIChhbmQgYWZhayBub3QgZXZlbiB1c2VkIHNpZ25pZmljYW50bHkpLg0KDQpWaWVs
ZSBHcsO8w59lLA0KDQpIZW5rDQoNCk9uIDExLzIzLzIwMTcgMTA6MDEgQU0sIEhhbm5lcyBUc2No
b2ZlbmlnIHdyb3RlOg0KPiBIaSBIZW5rLA0KPg0KPiBUaGlzIGlzIG5vdCBhYm91dCBjb2Rpbmcg
d2Fycy4gV2UgYXJlIG9ubHkgdGFsa2luZyBhYm91dCB3aGV0aGVyIGl0IGlzIHVzZWZ1bCB0byBt
ZW50aW9uIHByaW9yIElFVEYgd29yayBpbiB0aGUgY2hhcnRlci4gTm90aGluZyBtb3JlLg0KPg0K
PiBUaGVyZSBpcyBzZXBhcmF0ZSB0ZXh0IGluIHRoZSBjaGFydGVyIHRoYXQgc2F5cyB0aGUgZ3Jv
dXAgd2lsbCBwaWNrIG9uZSBvciBtdWx0aXBsZSBlbmNvZGluZyBmb3JtYXRzLg0KPg0KPiBDaWFv
DQo+IEhhbm5lcw0KPg0KPiAtLS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLQ0KPiBGcm9tOiBTdWl0
IFttYWlsdG86c3VpdC1ib3VuY2VzQGlldGYub3JnXSBPbiBCZWhhbGYgT2YgSGVuayBCaXJraG9s
eg0KPiBTZW50OiAyMyBOb3ZlbWJlciAyMDE3IDA5OjU5DQo+IFRvOiBzdWl0QGlldGYub3JnDQo+
IFN1YmplY3Q6IFJlOiBbU3VpdF0gU1VJVCBDaGFydGVyOiBSRkM0MTA4IFJlZmVyZW5jZSBpbiB0
aGUgY2hhcnRlcg0KPg0KPiBIZWxsbywNCj4NCj4gY2FsbGluZyBSRkMgNDEwOCAic3RhdGUtb2Yt
dGhlLWFydCIgaXMgc29tZSBraW5kIG9mIGV1cGhlbWlzbSwgcmlnaHQ/DQo+DQo+IEkga25vdyBp
dCBpcyB0aGUgb25seSBnb29kIHJlZmVyZW5jZSBpbiB0aGUgUkZDIHNwYWNlIC0gdGhlIENvbmNp
c2UNCj4gU29mdHdhcmUgSWRlbnRpZmllciBJLUQgYWxzbyByZWZlcmVuY2VzIDQxMDggZm9yIG92
ZXIgYSB5ZWFyIG5vdy4uLg0KPiBidXQgd2UgZGVjaWRlZCB0byBsZWF2ZSBvbmx5IHRoZSB2ZXJ5
IGJhc2ljIGluZm9ybWF0aW9uIGVsZW1lbnRzIGZyb20NCj4gUkZDDQo+IDQxMDggaW4gdGhlIENv
U1dJRCBkcmFmdCwgd2lsbCBmaW5pc2ggdGhlIGN1cnJlbnQgZHJhZnQgYW5kIGNyZWF0ZSBhIGNv
cnJlc3BvbmRpbmcgZXh0ZW5zaW9uIGRyYWZ0IHdoZW4gU1VJVCBoYXMgY29tZSB0byBsaWZlIGFu
ZCBhZ3JlZWQgb24gbWFuZGF0b3J5IG1ldGFkYXRhIGFuZCBvcHRpb25hbCBtZXRhdGRhdGEgaW5m
b3JtYXRpb24gZWxlbWVudHMgdG8gYmUgaW5jbHVkZWQgaW4gdGhlIG1hbmlmZXN0Lg0KPg0KPiBS
RkMgNDEwOCBpcyAicHJlLUlvVCIgYW5kIGlzIGJhc2VkIG9uIGFzc3VtcHRpb25zIHRoYXQgbW9z
dGx5IGRvIG5vdCBleGFjdGx5IGFwcGx5IGFueW1vcmUgdG9kYXksIGVzcGVjaWFsbHkgZW5jb2Rp
bmcgd2lzZS4NCj4NCj4gSSBhbSBzdHJvbmdseSBhZ2FpbnN0IGVuY29kaW5nIHdhcnM6IGJ1dCBl
aXRoZXIgd2UgZXh0ZW5kIHRoZSBleHByZXNzaXZlbmVzcyBvZiA0MTA4IGFuZCBjb250aW51ZSB0
aGUgdXNlIG9mIENNUyAod2hpY2gsIEkgdGhpbmssIGlzIGEgbGVzc29uIGxlYXJuZWQgYW5kIG1p
Z2h0IGJlIG9uZSBvZiB0aGUgdGhpbmdzIHdlIGRvIG5vdCB3YW50IHRvIHJlcGVhdCkgb3Igd2Ug
Y3JlYXRlIGEgd2F5IGZvcndhcmQgdGhhdCB0YWtlIGludG8gYWNjb3VudCB0aGUgcmVxdWlyZW1l
bnRzIHRvZGF5LiBBbmQgUmljaGFyZCBhbmQgb3RoZXJzLCBmb3IgZXhhbXBsZSwgaGFkIHNvbWUg
dmVyeSBnb29kIHVzZSBjYXNlcyBhdCB0aGUgZmlyc3QgQmFyIEJvRiwgaWYgSSByZW1lbWJlciBj
b3JyZWN0bHkuDQo+DQo+IFZpZWxlIEdyw7zDn2UsDQo+DQo+IEhlbmsNCj4NCj4gT24gMTEvMjMv
MjAxNyAwODo0MCBBTSwgSGFubmVzIFRzY2hvZmVuaWcgd3JvdGU6DQo+PiBIaSBTdWhhcywNCj4+
DQo+PiBJIHRoaW5rIGl0IGlzIGhlbHBmdWwgaW4gdHdvIHdheXM6DQo+Pg0KPj4gLUZpcnN0IFJG
QyA0MTA4IGlsbHVzdHJhdGVzIHRoYXQgdGhlIElFVEYgaGFzIHB1Ymxpc2hlZCBhIGRvY3VtZW50
IGluDQo+PiB0aGlzIGFyZWEgYWxyZWFkeS4NCj4+DQo+PiAtU2Vjb25kLCBpdCBpcyB1c2VmdWwg
YmFja2dyb3VuZCBtYXRlcmlhbC4gSSBhbHdheXMgZmluZCBpdA0KPj4gaW50ZXJlc3RpbmcgdG8g
dGFrZSB0aGUgc3RhdGUtb2YtdGhlLWFydCBpbnRvIGFjY291bnQuIFRvbyBvZnRlbiB3ZQ0KPj4g
aWdub3JlIHByaW9yIHdvcmsgYW5kIHJlcGVhdCB0aGUgc2FtZSBtaXN0YWtlcyBvdmVyIGFuZCBv
dmVyIGFnYWluLg0KPj4NCj4+IEkgYWdyZWUgdGhhdCBSRkMgNDEwOCBpcyBub3QgaW4gd2lkZXNw
cmVhZCB1c2UgYnV0IGlzIHRoZSB0ZXh0IGRvZXMNCj4+IG5vdCBjbGFpbSB0aGF0Lg0KPj4NCj4+
IENpYW8NCj4+DQo+PiBIYW5uZXMNCj4+DQo+PiAqRnJvbToqU3VpdCBbbWFpbHRvOnN1aXQtYm91
bmNlc0BpZXRmLm9yZ10gKk9uIEJlaGFsZiBPZiAqU3VoYXMNCj4+IE5hbmRha3VtYXINCj4+ICpT
ZW50OiogMjMgTm92ZW1iZXIgMjAxNyAwMDozMQ0KPj4gKlRvOiogc3VpdEBpZXRmLm9yZw0KPj4g
KlN1YmplY3Q6KiBbU3VpdF0gU1VJVCBDaGFydGVyOiBSRkM0MTA4IFJlZmVyZW5jZSBpbiB0aGUg
Y2hhcnRlcg0KPj4NCj4+IEhlbGxvIEFsbA0KPj4NCj4+IFRoZSBjaGFydGVyIGN1cnJlbnQgc2F5
cyB0aGUgZm9sbG93aW5nIG9uIHRoZSBDTVMgb3IgUkZDIDQxMDgNCj4+DQo+PiAiIiINCj4+DQo+
PiBSRkMgNDEwOCBwcm92aWRlcyBhIG1hbmlmZXN0IGZvcm1hdCB0aGF0IHVzZXMgdGhlIENyeXB0
b2dyYXBoaWMNCj4+IE1lc3NhZ2UgU3ludGF4IChDTVMpIHRvIHByb3RlY3QgZmlybXdhcmUgcGFj
a2FnZXMuIE1vcmUgdGhhbiB0ZW4NCj4+IHllYXJzIGhhdmUgcGFzc2VkIHNpbmNlIHRoZSBwdWJs
aWNhdGlvbiBvZiBSRkMgNDEwOCwgYW5kIGdyZWF0ZXINCj4+IGV4cGVyaWVuY2Ugd2l0aCBJb1Qg
ZGVwbG95bWVudHMgaGFzIGxlZCB0byBhZGRpdGlvbmFsIGZ1bmN0aW9uYWxpdHksDQo+PiByZXF1
aXJpbmcgYSBjb250ZW1wb3Jhcnkgc3RhbmRhcmRpemVkIHNvbHV0aW9uIHRvIGJlIGRlZmluZWQu
DQo+Pg0KPj4gIiIiDQo+Pg0KPj4gSSBmZWVsIHRoaXMgcGFyYSBpcyBub3QgYWRkaW5nIHZhbHVl
IHRvIHRoZSBXRyBvYmplY3RpdmVzIGFuZCBzaG91bGQNCj4+IGJlIHJlbW92ZWQgZnJvbSB0aGUg
Y2hhcnRlci4gSUlSQyB0aGUgQk9GIGRpc2N1c3Npb25zIGFsc28gaW5kaWNhdGVkDQo+PiBzb21l
dGhpbmcgb24gdGhlIHNpbWlsYXIgbGluZXMgYW5kIFJGQzQxMDggaXMgbm90IGluIHdpZGVzcHJl
YWQgdXNlDQo+PiBhcyBvZiB0b2RheS4NCj4+DQo+PiBDaGVlcnMNCj4+DQo+PiBTdWhhcyBOYW5k
YWt1bWFyDQo+Pg0KPj4gSU1QT1JUQU5UIE5PVElDRTogVGhlIGNvbnRlbnRzIG9mIHRoaXMgZW1h
aWwgYW5kIGFueSBhdHRhY2htZW50cyBhcmUNCj4+IGNvbmZpZGVudGlhbCBhbmQgbWF5IGFsc28g
YmUgcHJpdmlsZWdlZC4gSWYgeW91IGFyZSBub3QgdGhlIGludGVuZGVkDQo+PiByZWNpcGllbnQs
IHBsZWFzZSBub3RpZnkgdGhlIHNlbmRlciBpbW1lZGlhdGVseSBhbmQgZG8gbm90IGRpc2Nsb3Nl
DQo+PiB0aGUgY29udGVudHMgdG8gYW55IG90aGVyIHBlcnNvbiwgdXNlIGl0IGZvciBhbnkgcHVy
cG9zZSwgb3Igc3RvcmUgb3INCj4+IGNvcHkgdGhlIGluZm9ybWF0aW9uIGluIGFueSBtZWRpdW0u
IFRoYW5rIHlvdS4NCj4+DQo+Pg0KPj4gX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX18NCj4+IFN1aXQgbWFpbGluZyBsaXN0DQo+PiBTdWl0QGlldGYub3JnDQo+
PiBodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL3N1aXQNCj4+DQo+DQo+IF9f
X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fDQo+IFN1aXQgbWFp
bGluZyBsaXN0DQo+IFN1aXRAaWV0Zi5vcmcNCj4gaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1h
bi9saXN0aW5mby9zdWl0DQo+IElNUE9SVEFOVCBOT1RJQ0U6IFRoZSBjb250ZW50cyBvZiB0aGlz
IGVtYWlsIGFuZCBhbnkgYXR0YWNobWVudHMgYXJlIGNvbmZpZGVudGlhbCBhbmQgbWF5IGFsc28g
YmUgcHJpdmlsZWdlZC4gSWYgeW91IGFyZSBub3QgdGhlIGludGVuZGVkIHJlY2lwaWVudCwgcGxl
YXNlIG5vdGlmeSB0aGUgc2VuZGVyIGltbWVkaWF0ZWx5IGFuZCBkbyBub3QgZGlzY2xvc2UgdGhl
IGNvbnRlbnRzIHRvIGFueSBvdGhlciBwZXJzb24sIHVzZSBpdCBmb3IgYW55IHB1cnBvc2UsIG9y
IHN0b3JlIG9yIGNvcHkgdGhlIGluZm9ybWF0aW9uIGluIGFueSBtZWRpdW0uIFRoYW5rIHlvdS4N
Cj4NCklNUE9SVEFOVCBOT1RJQ0U6IFRoZSBjb250ZW50cyBvZiB0aGlzIGVtYWlsIGFuZCBhbnkg
YXR0YWNobWVudHMgYXJlIGNvbmZpZGVudGlhbCBhbmQgbWF5IGFsc28gYmUgcHJpdmlsZWdlZC4g
SWYgeW91IGFyZSBub3QgdGhlIGludGVuZGVkIHJlY2lwaWVudCwgcGxlYXNlIG5vdGlmeSB0aGUg
c2VuZGVyIGltbWVkaWF0ZWx5IGFuZCBkbyBub3QgZGlzY2xvc2UgdGhlIGNvbnRlbnRzIHRvIGFu
eSBvdGhlciBwZXJzb24sIHVzZSBpdCBmb3IgYW55IHB1cnBvc2UsIG9yIHN0b3JlIG9yIGNvcHkg
dGhlIGluZm9ybWF0aW9uIGluIGFueSBtZWRpdW0uIFRoYW5rIHlvdS4NCg==


From nobody Thu Nov 23 02:10:01 2017
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A8611287A0 for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 02:09:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Level: 
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qqxjfv_-34f1 for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 02:09:56 -0800 (PST)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-db5eur01on0046.outbound.protection.outlook.com [104.47.2.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C447B128792 for <suit@ietf.org>; Thu, 23 Nov 2017 02:09:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=iD+XCdxWwP8cjQd1NdD9UWfsSH9QPSBoKRWU3QrcELU=; b=UB8KTi/pDi8LXcJ7TchntHVM7MMMxDjuHJUZBls5zbVNJjVKDB1rOC22PRHhaUt2+d1BV9cJP3LiETxSJuEIroBrQHFD2hC9O/M+ej1lo+2bkQ4Tahed6E4Tlz74rbtd8ECidNSQkp/ftA9lr8k9kirATx0bRRx6ELmmFvkzE1s=
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com (10.167.90.148) by AM4PR0801MB2707.eurprd08.prod.outlook.com (10.167.90.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.239.5; Thu, 23 Nov 2017 10:09:52 +0000
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::edae:da33:a0c9:fe3f]) by AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::edae:da33:a0c9:fe3f%13]) with mapi id 15.20.0239.009; Thu, 23 Nov 2017 10:09:52 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>, "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] SUIT Charter: Firmware Server Discovery and Download Mechanism
Thread-Index: AQHTY+nKOBJ15iHy80Of+kwRfWqQtaMhEE6AgACHNyCAABorAIAACz8w
Date: Thu, 23 Nov 2017 10:09:52 +0000
Message-ID: <AM4PR0801MB27067933617964FF23228B87FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
References: <CAMRcRGQbXX5Cog=Jccgrkuz48oGnw0v3AAx-N20UaZhXbW=H5g@mail.gmail.com> <589.1511394367@obiwan.sandelman.ca> <AM4PR0801MB2706942518011D9489B0DC6DFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <512a039b-ca00-5cf7-bee1-988942e4656b@sit.fraunhofer.de>
In-Reply-To: <512a039b-ca00-5cf7-bee1-988942e4656b@sit.fraunhofer.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [80.92.114.7]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM4PR0801MB2707; 6:Ok+KkZfeGZgqbtGISnCM1fLMQu5oW17b28cWB9eRzegYVcdmn9rwQ5sKXIBKRU9kGoJGFYzLPG4VWWfYRzMCu4JAuSHw8gYSyRXtYlKbaxOe3TqBF9Qc71ErsICKHOanjIsTkasy9xKkvq534gJsUd2kasfP11LO29G2lE7ERZPjJuuOxFxTCOaw7mFFJitUzIiJy5g0xq7T9YRolKVrGjmCf/HxtAThinJSB546p1UuktD7bOdMwM0wD2yVL+Rz5Lh7syPPzmUEkdmksH0Xci5FbTKw8ueKzfB8VrmGB3B+AbuBk0kiDzs7N6u/2LDBT2LpRvChiMNdAqNTqZsT+INtuSrOMw9accnJo8723Ho=; 5:NnhJHqHWK5ARg7TAAZIq1lUNaFab1xyw36xzcIgNuDAHXzrrgD55X/hNTLiUAyMM7l4laVS56wttyMpvHENU/dOrF+gKbhhAvCdsrZMLsawTY54N5p+nbdkwVwiGJ7MNTaHDM9dad+B6BjKPDEguD2mRtWdBSX1jXqrAEte0AWA=; 24:Y1dq8lMDHW9KUagVbQUVvZHEy49hXRuY0ZZ5Dsr2O36YPs69Q8a/OQeANg+Rg0aJgFGMfNHqRALhc504zXgDK/C6p1fF/AntcGYwi29XS8c=; 7:+wBtE2x3MaSstvkyqs50X4sHvNjvBW/0hO991lC8W+V9G79mZOnTAqY50mZK5/AWJbC0+I5/KwIiqpWofbFMu6Da9V73ttf2Sl3qLkPIgSxycvB0wFGByOpzKtqDDR0MHMGixM90Uv5IuYexiLw1jieWy6NoUg2l0TRmr6RY2zS2wGgmAAxLmNii8PkrcqIkH0k/EsPJ73AylAGKQUUaiQwBnvAPLhxSGOhyl1GadJigvTUxxfT7OJMcn66eG7wU
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 2b924be1-3698-4de0-fa70-08d5325a56ec
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(48565401081)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(5600025)(4604075)(2017052603258); SRVR:AM4PR0801MB2707; 
x-ms-traffictypediagnostic: AM4PR0801MB2707:
x-microsoft-antispam-prvs: <AM4PR0801MB270769047F79510BCF1491B1FA210@AM4PR0801MB2707.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(190756311086443)(158342451672863);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(93006095)(93001095)(3002001)(3231022)(100000703101)(100105400095)(10201501046)(6055026)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(20161123558100)(20161123564025)(20161123562025)(20161123555025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:AM4PR0801MB2707; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:AM4PR0801MB2707; 
x-forefront-prvs: 05009853EF
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(346002)(39860400002)(376002)(366004)(199003)(40434004)(189002)(13464003)(24454002)(8676002)(6506006)(5250100002)(54356999)(76176999)(50986999)(72206003)(99286004)(101416001)(478600001)(3846002)(102836003)(2900100001)(106356001)(6116002)(105586002)(189998001)(7736002)(305945005)(6436002)(25786009)(74316002)(33656002)(81156014)(5660300001)(7696004)(55016002)(81166006)(2501003)(2950100002)(53546010)(110136005)(53936002)(5890100001)(86362001)(229853002)(93886005)(316002)(6246003)(3660700001)(2906002)(8936002)(68736007)(6306002)(97736004)(66066001)(3280700002)(966005)(9686003)(14454004); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR0801MB2707; H:AM4PR0801MB2706.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com; 
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 2b924be1-3698-4de0-fa70-08d5325a56ec
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Nov 2017 10:09:52.8359 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0801MB2707
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/uAQBUTIg85xXnKovPLT5fZagm-s>
Subject: Re: [Suit] SUIT Charter: Firmware Server Discovery and Download Mechanism
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Nov 2017 10:09:59 -0000

SGkgSGVuaywNCg0KdGhlIHB1cnBvc2Ugb2YgdGhlIGN1cnJlbnQgY2hhcnRlciBpcyB0byBmb2N1
cyBvbmx5IG9uIGEgc3Vic2V0IG9mIHRoZSBsaXN0ZWQgdG9waWNzLCBuYW1lbHkgdGhlIG1hbmlm
ZXN0IGZvcm1hdC4NCkhlbmNlLCB0aGUgb3RoZXIgcGFydHMgKHdoaWNoIGFyZSBub3QgaW4gc2Nv
cGUpIGFyZSBub3QgZGVzY3JpYmVkIGluIGdyZWF0IGRldGFpbC4NCg0KRm9yIHRoaXMgcmVhc29u
LCBJIGhhdmUgc3VnZ2VzdGVkIHRvIFN1aGFzIHRvIHByb3Bvc2UgaGlzIG93biB3b3JraW5nIGdy
b3VwIHRoYXQgZm9jdXNlcyBvbiB0aGUgdG9waWMgb2YgIm1lY2hhbmlzbSB0byB0cmFuc3BvcnQg
ZmlybXdhcmUgaW1hZ2VzIHRvIGNvbXBhdGlibGUgZGV2aWNlcyIuDQoNCkl0IGlzIG5vdCB1bmNv
bW1vbiB0byBzcGxpdCB3b3JrIGJldHdlZW4gd29ya2luZyBncm91cHMuDQoNCkkgd291bGQgcHJl
ZmVyIHRvIGdldCBzdGFydGVkIHNvb24gcmF0aGVyIHRoYW4gY29udGludWluZyB0aGlzIGRpc2N1
c3Npb24gZm9yIG1vbnRocyB3aXRob3V0IGFjdHVhbGx5IG1ha2luZyBhbnkgcmVhbCBwcm9ncmVz
cy4gRm9yIHRoaXMgZXhhY3QgcmVhc29uIEkgYXJndWVkIHRvIGhhdmUgYSBtb3JlIGZvY3VzZWQg
Y2hhcnRlci4gSSBtYXkgYmUgaGFyZCB0byBiZWxpZXZlIGJ1dCBzb21lIGNvbXBhbmllcyBhcmUg
YWN0dWFsbHkgaW50ZXJlc3RlZCBpbiBicmluZ2luZyBhIHN0YW5kYXJkaXplZCBtYW5pZmVzdCBm
b3JtYXQgdG8gdGhlIG1hcmtldC4NCg0KUmVnYXJkaW5nIHRoZSBiZXN0IHBvc3NpYmxlIG5hbWUg
Zm9yIGEgZ3JvdXA6IEkgcmVhbGx5IGRvbuKAmXQgY2FyZS4gSSBkaWRuJ3QgY2FyZSB3aGVuIHdl
IGNoYW5nZWQgdGhlIG5hbWUgZnJvbSBGVUQgdG8gU1VJVCBhbmQgSSB3aWxsIG5vdCBjYXJlIGlm
IHdlIGNoYW5nZSBpdCBhZ2Fpbi4gSSBjYXJlIGFib3V0IG1ha2luZyBwcm9ncmVzcyBvbiB0aGUg
dGVjaG5pY2FsIGZyb250LiBJIHdhbnQgdG8gc2l0IHdpdGggb3RoZXJzIGF0IHRoZSBIYWNrYXRo
b24gaW4gTG9uZG9uIGFuZCB3b3JrIG9uIHNvbWUgY29kZS4gSSBhbHNvIHdhbnQgYW4gaW50ZXJp
bSBtZWV0aW5nIGJlZm9yZSB0aGUgTG9uZG9uIElFVEYgbWVldGluZyB0byBtZWV0IHNvbWUgb2Yg
dGhlIG90aGVyIGZvbGtzIHdvcmtpbmcgb24gSW9UIE9TcyAvIGJvb3Rsb2FkZXJzLg0KDQpDaWFv
DQpIYW5uZXMNCg0KLS0tLS1PcmlnaW5hbCBNZXNzYWdlLS0tLS0NCkZyb206IFN1aXQgW21haWx0
bzpzdWl0LWJvdW5jZXNAaWV0Zi5vcmddIE9uIEJlaGFsZiBPZiBIZW5rIEJpcmtob2x6DQpTZW50
OiAyMyBOb3ZlbWJlciAyMDE3IDEwOjI0DQpUbzogc3VpdEBpZXRmLm9yZw0KU3ViamVjdDogUmU6
IFtTdWl0XSBTVUlUIENoYXJ0ZXI6IEZpcm13YXJlIFNlcnZlciBEaXNjb3ZlcnkgYW5kIERvd25s
b2FkIE1lY2hhbmlzbQ0KDQpIZWxsbywNCg0KSSBhbSBub3Qgc3VycHJpc2VkIHRoYXQgcGVvcGxl
IGV4cGVjdCBhIHdob2xlIHdvcmstZmxvdyB0byBiZSBpbiBzY29wZSBpZiB0ZXh0LCBzdWNoIGFz
ICJzZWN1cmUgZmlybXdhcmUgdXBkYXRlIG1lY2hhbmlzbSIsIGlzIGluIHRoZSBjaGFydGVyLg0K
TWF5YmUgd2UganVzdCBwcmVyZXF1aXNpdGUgZW5yb2xsbWVudCwgb3IgaW1wcmludCwgb3IgInpl
cm90b3VjaCINCnNvbHV0aW9ucz8gTWF5YmUgd2UgcmVjb21tZW5kIGEgYmVzdCBwcmFjdGljZT8N
Cg0KSSB3b3VsZCByZWNvbW1lbmQgdG8gZWxhYm9yYXRlIG9uICJBIG1lY2hhbmlzbSB0byB0cmFu
c3BvcnQgZmlybXdhcmUgaW1hZ2VzIHRvIGNvbXBhdGlibGUgZGV2aWNlcyIsIGhpZ2hsaWdodGlu
ZyB0aGUgc2NvcGUgb2YgdGhlICJtZWNoYW5pc20iLg0KDQpWaWVsZSBHcsO8w59lLA0KDQpIZW5r
DQoNCg0KT24gMTEvMjMvMjAxNyAwODo1OSBBTSwgSGFubmVzIFRzY2hvZmVuaWcgd3JvdGU6DQo+
IEhpIFN1aGFzLCBIaSBNaWNoYWVsLA0KPg0KPiB0aGUgcHJvYmxlbSBpcyB0aGUgc2xpcHBlcnkg
c2xvcGUgaGVyZTogYXMgbWVudGlvbmVkIG9uIHRoZSBtYWlsaW5nIGxpc3QgKG5vdCBieSBtZSkg
aXQgaXMgbm90IG9ubHkgYWJvdXQgZGlzY292ZXJpbmcgdGhlIHNlcnZlciBidXQgdmVyeSBxdWlj
a2x5IHlvdSBhcmUgdGFsa2luZyBhYm91dCAiaG93IGRvIEkgcHVzaCBmaXJtd2FyZSB1cGRhdGVz
IHRvIGRldmljZXMgKGluc3RlYWQgb2YganVzdCBwb2xsaW5nKSIsICJob3cgZG8gSSBsZWFybiB3
aGF0IGNhcGFiaWxpdGllcyB0aGUgZGV2aWNlIGhhcyAoc2luY2UgdGhlIHNlcnZlciB3YW50cyB0
byBvZmZlciB0aGUgYXBwcm9wcmlhdGUgZmlybXdhcmUgdG8gdGhlIGRldmljZSkiLCAiaG93IGRv
IGdldCBpbmZvcm1hdGlvbiBhYm91dCB0aGUgY3VycmVudCBzdGF0ZSBvZiB0aGUgZmlybXdhcmUg
dXBkYXRlIChoYXMgaXQgYmVlbiBkb3dubG9hZGVkIGFscmVhZHksIGhhcyB0aGUgZGV2aWNlIHN1
Y2Nlc3NmdWxseSByZXBsYWNlZCB0aGUgZmlybXdhcmUsIGV0Yy4pIiwgImNhbiBJIHJlc2V0IHRo
ZSBkZXZpY2UgdG8gYSBwcmV2aW91cyB2ZXJzaW9uIG9mIHRoZSBmaXJtd2FyZSB0aGF0IGlzIGFs
cmVhZHkgb24gdGhlIGRldmljZSIsICJob3cgbXVjaCBmbGFzaCBzcGFjZSBpcyBzdGlsbCBsZWZ0
IG9uIHRoZSBkZXZpY2UiLCBldGMuDQo+DQo+IFNvbWUgc3RhbmRhcmRpemF0aW9uIHdvcmsgaGFz
IGJlZW4gZG9uZSBpbiB0aGlzIGZpZWxkIGFscmVhZHksIHdoaWNoIEkgaGFkIHBvaW50ZWQgb3V0
IGluIHByZXZpb3VzIGVtYWlsIGRpc2N1c3Npb25zLg0KPg0KPiBJIGFtIHdvbmRlcmluZyB3aHkg
eW91IGRvbid0IGNyZWF0ZSB5b3VyIG93biB3b3JraW5nIGdyb3VwIGp1c3QgdG8gd29yayBvbiB0
aGlzIHRvcGljLiBUaGlzIHdvdWxkIGhlbHAgdG8gY3JlYXRlIG1vcmUgZm9jdXNlZCB3b3JrLg0K
Pg0KPiBDaWFvDQo+IEhhbm5lcw0KPg0KPiAtLS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLQ0KPiBG
cm9tOiBTdWl0IFttYWlsdG86c3VpdC1ib3VuY2VzQGlldGYub3JnXSBPbiBCZWhhbGYgT2YgTWlj
aGFlbA0KPiBSaWNoYXJkc29uDQo+IFNlbnQ6IDIzIE5vdmVtYmVyIDIwMTcgMDA6NDYNCj4gVG86
IFN1aGFzIE5hbmRha3VtYXINCj4gQ2M6IHN1aXRAaWV0Zi5vcmcNCj4gU3ViamVjdDogUmU6IFtT
dWl0XSBTVUlUIENoYXJ0ZXI6IEZpcm13YXJlIFNlcnZlciBEaXNjb3ZlcnkgYW5kDQo+IERvd25s
b2FkIE1lY2hhbmlzbQ0KPg0KPg0KPiBTdWhhcyBOYW5kYWt1bWFyIDxzdWhhc2lldGZAZ21haWwu
Y29tPiB3cm90ZToNCj4gICAgICA+IEkgd291bGQgbGlrZSB0byBwcm9wb3NlIGZvbGxvd2luZyBh
ZGRpdGlvbiB0byB0aGUgYWJvdmUgbGlzdA0KPg0KPiAgICAgID4gKiAgIE1lY2hhbmlzbXMgdG8g
ZGlzY292ZXIgbmV3IGZpcm13YXJlIGlzIGF2YWlsYWJsZSBhbmQgdGhlIGxvY2F0aW9uDQo+ICAg
ICAgPiB0byBkb3dubG9hZCBpdCBmcm9tDQo+DQo+IEknbSBhY3R1YWxseSBva2F5IHdpdGggdGhp
cyBpbiB0aGUgY2hhcnRlciwgcHJvdmlkZWQgdGhhdCB3ZSBkb24ndCBpbnZlbnQNCj4gYW55dGhp
bmcgbmV3LiAgIEkgY2FuIGltYWdpbmUgZG9pbnQgdGhpcyB3aXRoIENvQVAgT0JTRVJWRSwgRE5T
LVNELCBIVFRQIHJlcXVlc3RzLA0KPiBhbmQgSSdtIHN1cmUgSSdsbCB0aGluayBvZiBmb3VyIG1v
cmUgaW4gYSBtaW51dGUuDQo+DQo+IC0tDQo+IE1pY2hhZWwgUmljaGFyZHNvbiA8bWNyK0lFVEZA
c2FuZGVsbWFuLmNhPiwgU2FuZGVsbWFuIFNvZnR3YXJlIFdvcmtzDQo+IC09IElQdjYgSW9UIGNv
bnN1bHRpbmcgPS0NCj4NCj4NCj4NCj4gSU1QT1JUQU5UIE5PVElDRTogVGhlIGNvbnRlbnRzIG9m
IHRoaXMgZW1haWwgYW5kIGFueSBhdHRhY2htZW50cyBhcmUgY29uZmlkZW50aWFsIGFuZCBtYXkg
YWxzbyBiZSBwcml2aWxlZ2VkLiBJZiB5b3UgYXJlIG5vdCB0aGUgaW50ZW5kZWQgcmVjaXBpZW50
LCBwbGVhc2Ugbm90aWZ5IHRoZSBzZW5kZXIgaW1tZWRpYXRlbHkgYW5kIGRvIG5vdCBkaXNjbG9z
ZSB0aGUgY29udGVudHMgdG8gYW55IG90aGVyIHBlcnNvbiwgdXNlIGl0IGZvciBhbnkgcHVycG9z
ZSwgb3Igc3RvcmUgb3IgY29weSB0aGUgaW5mb3JtYXRpb24gaW4gYW55IG1lZGl1bS4gVGhhbmsg
eW91Lg0KPg0KPiBfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
Xw0KPiBTdWl0IG1haWxpbmcgbGlzdA0KPiBTdWl0QGlldGYub3JnDQo+IGh0dHBzOi8vd3d3Lmll
dGYub3JnL21haWxtYW4vbGlzdGluZm8vc3VpdA0KPg0KDQpfX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fX19fX19fX19fXw0KU3VpdCBtYWlsaW5nIGxpc3QNClN1aXRAaWV0Zi5v
cmcNCmh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8vc3VpdA0KSU1QT1JUQU5U
IE5PVElDRTogVGhlIGNvbnRlbnRzIG9mIHRoaXMgZW1haWwgYW5kIGFueSBhdHRhY2htZW50cyBh
cmUgY29uZmlkZW50aWFsIGFuZCBtYXkgYWxzbyBiZSBwcml2aWxlZ2VkLiBJZiB5b3UgYXJlIG5v
dCB0aGUgaW50ZW5kZWQgcmVjaXBpZW50LCBwbGVhc2Ugbm90aWZ5IHRoZSBzZW5kZXIgaW1tZWRp
YXRlbHkgYW5kIGRvIG5vdCBkaXNjbG9zZSB0aGUgY29udGVudHMgdG8gYW55IG90aGVyIHBlcnNv
biwgdXNlIGl0IGZvciBhbnkgcHVycG9zZSwgb3Igc3RvcmUgb3IgY29weSB0aGUgaW5mb3JtYXRp
b24gaW4gYW55IG1lZGl1bS4gVGhhbmsgeW91Lg0K


From nobody Thu Nov 23 02:14:15 2017
Return-Path: <cabo@tzi.org>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 329A2120726 for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 02:14:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CFc_LwEOI4Wq for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 02:14:06 -0800 (PST)
Received: from mailhost.informatik.uni-bremen.de (mailhost.informatik.uni-bremen.de [IPv6:2001:638:708:30c9::12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DCC7A1287A3 for <suit@ietf.org>; Thu, 23 Nov 2017 02:14:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at informatik.uni-bremen.de
Received: from submithost.informatik.uni-bremen.de (submithost.informatik.uni-bremen.de [134.102.201.11]) by mailhost.informatik.uni-bremen.de (8.14.5/8.14.5) with ESMTP id vANAE0wF008772; Thu, 23 Nov 2017 11:14:00 +0100 (CET)
Received: from [192.168.217.124] (p5DC7E827.dip0.t-ipconnect.de [93.199.232.39]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by submithost.informatik.uni-bremen.de (Postfix) with ESMTPSA id 3yjFXm3yJHzDWsK; Thu, 23 Nov 2017 11:14:00 +0100 (CET)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <AM4PR0801MB2706D6B0366F06CFAE962BA0FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
Date: Thu, 23 Nov 2017 11:13:59 +0100
Cc: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>, "suit@ietf.org" <suit@ietf.org>
X-Mao-Original-Outgoing-Id: 533124839.407381-955cae8af87e90454e686443d1a91b93
Content-Transfer-Encoding: quoted-printable
Message-Id: <E1B999AE-A056-4DFE-9307-9FB1D29B5F9D@tzi.org>
References: <CAMRcRGTGnEc6M1ywrW2TVo7Ueoi4TKhEhBvwriiS9vXE6imZbg@mail.gmail.com> <AM4PR0801MB2706FBF71B766D9929CBA0B1FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <c9e1ae04-00e2-4e25-c84e-c93ed2faf7c1@sit.fraunhofer.de> <AM4PR0801MB27065CB26E49B2BB834644EEFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <308e17f9-e5db-2bb5-3377-c4c19cc177a6@sit.fraunhofer.de> <AM4PR0801MB2706D6B0366F06CFAE962BA0FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/susnDMGSEwyTj4DSY2W1tHfPzUY>
Subject: Re: [Suit] SUIT Charter: RFC4108 Reference in the charter
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Nov 2017 10:14:13 -0000

On Nov 23, 2017, at 11:01, Hannes Tschofenig <Hannes.Tschofenig@arm.com> =
wrote:
>=20
> As mentioned to Suhas the purpose of mentioning RFC 4108 and also the =
IAB workshop is to highlight that the IETF has been looking into this =
topic before. You prefer not to mention anything about prior IETF work =
in this area to the reader. Is that correct?

I=E2=80=99m not Henk, but the charter is there to guide (and constrain) =
the work of the WG.

I believe it is good if WG participants know about RFC 4108 and the =
IoTSU workshop.
But what guidance, what constraints are you trying to derive from these?
The reference to IoTSU is somewhat unambiguous, but, as I mentioned =
previously a few times already, it is too easy to raise the =
misconception that SUIT is the RFC 4108 tweaking WG.  The sense of the =
BOF in Singapore was quite different.

Gr=C3=BC=C3=9Fe, Carsten


From nobody Thu Nov 23 02:22:14 2017
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D58BE1287A7 for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 02:22:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Level: 
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K1-ARgGL4PaH for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 02:22:10 -0800 (PST)
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-he1eur01on0045.outbound.protection.outlook.com [104.47.0.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BA3A11287A5 for <suit@ietf.org>; Thu, 23 Nov 2017 02:22:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=loe4dpdIoBZPNOztRjV0IkbA1M4l9A0YAnuxlzl0LmY=; b=rzuh/KGh+xufD3UWzAg74sdoxPtB97XSSk38QxWlMUZ5NkylVR6X/5ExM/jCkOpcEYh9WyufmatONaGcnm6l4SUMIb3zAGLyISDBkYVB0HBAp9OCuxd9QcvIj73Ntg4JKD5xDmqF15N0heGBbburd0+E3/l0L/I1ZotjAX2awQs=
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com (10.167.90.148) by AM4PR0801MB2706.eurprd08.prod.outlook.com (10.167.90.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.239.5; Thu, 23 Nov 2017 10:22:06 +0000
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::edae:da33:a0c9:fe3f]) by AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::edae:da33:a0c9:fe3f%13]) with mapi id 15.20.0239.009; Thu, 23 Nov 2017 10:22:06 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Carsten Bormann <cabo@tzi.org>
CC: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>, "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] SUIT Charter: RFC4108 Reference in the charter
Thread-Index: AQHTY+oDo0W4651Oc0mcrkg8VbRVzaMhlBcQgAAWjgCAAABx0IAAAuOAgAAKPtCAAAeDgIAAAL3A
Date: Thu, 23 Nov 2017 10:22:06 +0000
Message-ID: <AM4PR0801MB2706F49FD951AE9D7E2CFA2CFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
References: <CAMRcRGTGnEc6M1ywrW2TVo7Ueoi4TKhEhBvwriiS9vXE6imZbg@mail.gmail.com> <AM4PR0801MB2706FBF71B766D9929CBA0B1FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <c9e1ae04-00e2-4e25-c84e-c93ed2faf7c1@sit.fraunhofer.de> <AM4PR0801MB27065CB26E49B2BB834644EEFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <308e17f9-e5db-2bb5-3377-c4c19cc177a6@sit.fraunhofer.de> <AM4PR0801MB2706D6B0366F06CFAE962BA0FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <E1B999AE-A056-4DFE-9307-9FB1D29B5F9D@tzi.org>
In-Reply-To: <E1B999AE-A056-4DFE-9307-9FB1D29B5F9D@tzi.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com; 
x-originating-ip: [80.92.114.7]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM4PR0801MB2706; 6:PFfScytUUOyFtiWi6B2Y41m7Dx5wKsmIdV/97iib2sUBfzg5n0bF4nx9b3q6IlonD92zIb54g9rlXstMNoBaPq1LDwpeN38AS15AuL4wcChDNVTbTOIiGG3ROPCGdnYEvtLdZNqpqIr3FlaujwnjQjyAm/baSrdXab41CHaAIIDBKnhgJW0S4Js07kLIYn4ViHRQp2hVXs2vfZ0+Ds2cmr9T5lKUCKgwCkp3mA0vFaFh/xG0WTRI75A923P7I4GyxLGckz0qYMrTgzZtPoU0wuspIu6h2PFKXG6IWRC5hzbLIIdH4ZMGQbk3hljBLH4Mujx3KFabE9ke/JNNTczfouMNgrUxWsnaDmrT1jW8PMk=; 5:1lhf0w045fJNHzgOwkoHI5McDjjGEvHLyGFXyZtnXtI6IQ750EFncNW2kVSfFg3ehDLvaEeTUlfjEJQjuKAQYlFhXGhEzAoXXTJujAH6KH/QenkJMQGQLKIsnSDdKaosD36ty+V0h2iGm7VtFyOgk9nEpEoNVicG6aPkLjppza0=; 24:gqA+WHCEu4avEH6OMCW5gnvMTJad6xm/IAERaNqnD5h92FjJkNSd0/qdqMz8eK2NIO+DJc4op9TyXPGlph1BVMGbuoDKTa0dQyC8fHili2A=; 7:m/tJ82Iz10CAeNmVha9ZJUxczdAYB6WA/OQGYlIYEJ4DELFtduGOo7gncVaZPJzZCv7CYRdmt/b1qPtm05p8prWdOqaj+gOJcgKcyi6d09A5F0p7W0oy+k12aXJxUmu0az+U0wlvW5ImiSgLiS+Z8atYwiikow+lRmVP5DmG3c62EPisDb0Vj2VPulnu0gFY68Turayp3Svw5CLCAwxiUHWgqW0kOROD5+HnQUvw847O2nz9mOC4m0Gg3K5mA1E3
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: ebf76200-881d-4236-80da-08d5325c0c06
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(5600025)(4604075)(2017052603258); SRVR:AM4PR0801MB2706; 
x-ms-traffictypediagnostic: AM4PR0801MB2706:
x-microsoft-antispam-prvs: <AM4PR0801MB2706D102B1684C5BDAF3BE0FFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(180628864354917);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(93006095)(93001095)(3002001)(3231022)(100000703101)(100105400095)(10201501046)(6055026)(6041248)(20161123560025)(20161123558100)(20161123562025)(20161123555025)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:AM4PR0801MB2706; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:AM4PR0801MB2706; 
x-forefront-prvs: 05009853EF
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(376002)(366004)(346002)(39860400002)(24454002)(189002)(40434004)(13464003)(199003)(3660700001)(106356001)(6246003)(316002)(25786009)(53936002)(9686003)(2900100001)(68736007)(72206003)(14454004)(93886005)(6506006)(97736004)(478600001)(86362001)(105586002)(4326008)(55016002)(5890100001)(229853002)(53546010)(5660300001)(99286004)(50986999)(7736002)(3846002)(305945005)(6116002)(102836003)(6436002)(54356999)(2906002)(3280700002)(8936002)(81166006)(7696004)(6916009)(81156014)(8676002)(66066001)(2950100002)(33656002)(101416001)(5250100002)(54906003)(76176999)(74316002)(189998001); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR0801MB2706; H:AM4PR0801MB2706.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ebf76200-881d-4236-80da-08d5325c0c06
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Nov 2017 10:22:06.1675 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0801MB2706
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/bowE9iNsmLxDmgkPaEV3u_ucQMk>
Subject: Re: [Suit] SUIT Charter: RFC4108 Reference in the charter
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Nov 2017 10:22:13 -0000

Q2Fyc3RlbiwNCg0KVGhlIHB1cnBvc2Ugb2YgYSBjaGFydGVyIGlzIG5vdCBvbmx5IHRvIGd1aWRl
IHRoZSB3b3JrIGJ1dCBhbHNvIHRvIHByb3ZpZGUgc29tZSBiYWNrZ3JvdW5kLiBKdXN0IGxvb2sg
YXQgb3RoZXIgY2hhcnRlcnMgaW4gdGhlIElFVEYuDQoNClRoZSBhdWRpZW5jZSBvZiBhIGNoYXJ0
ZXIgdGV4dCBpcyBhbHNvIG5vdCBqdXN0IGZvciB0aGUgV0cgcGFydGljaXBhbnRzIHNpbmNlIGl0
IGlzICBhbHNvIHN1cHBvc2VkIHRvIGF0dHJhY3Qgb3RoZXJzIHdobyBhcmUgbm90IHlldCBpbiB0
aGUgSUVURi4gU2luY2Ugb25lIENpc2NvIHBlcnNvbiBhdCB0aGUgU1VJVCBCT0Ygc2FpZCB0aGF0
ICJub2JvZHkgbGlzdGVucyB0byB0aGUgSUVURiBpbiB0aGlzIGFyZWEiIEkgYmVsaWV2ZSBpdCBp
cyBldmVuIG1vcmUgaW1wb3J0YW50IHRvIG1ha2UgdGhlIGJhY2tncm91bmQgaW5mbyB1bmRlcnN0
b29kIGJleW9uZCB0aGUgdHlwaWNhbCBJRVRGIGNvbW11bml0eS4NCg0KSWYgdGhlIEJPRiBjaGFp
cnMgZmVlbCB0aGF0IHRoZSBSRkMgNDEwOCByZWZlcmVuY2UgdXBzZXRzIHJlYWRlcnMgdG9vIG11
Y2ggdGhlbiBJIHdpbGwgbm90IGZpZ2h0IGZvciBpdC4NCg0KQ2lhbw0KSGFubmVzDQoNCi0tLS0t
T3JpZ2luYWwgTWVzc2FnZS0tLS0tDQpGcm9tOiBDYXJzdGVuIEJvcm1hbm4gW21haWx0bzpjYWJv
QHR6aS5vcmddDQpTZW50OiAyMyBOb3ZlbWJlciAyMDE3IDExOjE0DQpUbzogSGFubmVzIFRzY2hv
ZmVuaWcNCkNjOiBIZW5rIEJpcmtob2x6OyBzdWl0QGlldGYub3JnDQpTdWJqZWN0OiBSZTogW1N1
aXRdIFNVSVQgQ2hhcnRlcjogUkZDNDEwOCBSZWZlcmVuY2UgaW4gdGhlIGNoYXJ0ZXINCg0KT24g
Tm92IDIzLCAyMDE3LCBhdCAxMTowMSwgSGFubmVzIFRzY2hvZmVuaWcgPEhhbm5lcy5Uc2Nob2Zl
bmlnQGFybS5jb20+IHdyb3RlOg0KPg0KPiBBcyBtZW50aW9uZWQgdG8gU3VoYXMgdGhlIHB1cnBv
c2Ugb2YgbWVudGlvbmluZyBSRkMgNDEwOCBhbmQgYWxzbyB0aGUgSUFCIHdvcmtzaG9wIGlzIHRv
IGhpZ2hsaWdodCB0aGF0IHRoZSBJRVRGIGhhcyBiZWVuIGxvb2tpbmcgaW50byB0aGlzIHRvcGlj
IGJlZm9yZS4gWW91IHByZWZlciBub3QgdG8gbWVudGlvbiBhbnl0aGluZyBhYm91dCBwcmlvciBJ
RVRGIHdvcmsgaW4gdGhpcyBhcmVhIHRvIHRoZSByZWFkZXIuIElzIHRoYXQgY29ycmVjdD8NCg0K
SeKAmW0gbm90IEhlbmssIGJ1dCB0aGUgY2hhcnRlciBpcyB0aGVyZSB0byBndWlkZSAoYW5kIGNv
bnN0cmFpbikgdGhlIHdvcmsgb2YgdGhlIFdHLg0KDQpJIGJlbGlldmUgaXQgaXMgZ29vZCBpZiBX
RyBwYXJ0aWNpcGFudHMga25vdyBhYm91dCBSRkMgNDEwOCBhbmQgdGhlIElvVFNVIHdvcmtzaG9w
Lg0KQnV0IHdoYXQgZ3VpZGFuY2UsIHdoYXQgY29uc3RyYWludHMgYXJlIHlvdSB0cnlpbmcgdG8g
ZGVyaXZlIGZyb20gdGhlc2U/DQpUaGUgcmVmZXJlbmNlIHRvIElvVFNVIGlzIHNvbWV3aGF0IHVu
YW1iaWd1b3VzLCBidXQsIGFzIEkgbWVudGlvbmVkIHByZXZpb3VzbHkgYSBmZXcgdGltZXMgYWxy
ZWFkeSwgaXQgaXMgdG9vIGVhc3kgdG8gcmFpc2UgdGhlIG1pc2NvbmNlcHRpb24gdGhhdCBTVUlU
IGlzIHRoZSBSRkMgNDEwOCB0d2Vha2luZyBXRy4gIFRoZSBzZW5zZSBvZiB0aGUgQk9GIGluIFNp
bmdhcG9yZSB3YXMgcXVpdGUgZGlmZmVyZW50Lg0KDQpHcsO8w59lLCBDYXJzdGVuDQoNCklNUE9S
VEFOVCBOT1RJQ0U6IFRoZSBjb250ZW50cyBvZiB0aGlzIGVtYWlsIGFuZCBhbnkgYXR0YWNobWVu
dHMgYXJlIGNvbmZpZGVudGlhbCBhbmQgbWF5IGFsc28gYmUgcHJpdmlsZWdlZC4gSWYgeW91IGFy
ZSBub3QgdGhlIGludGVuZGVkIHJlY2lwaWVudCwgcGxlYXNlIG5vdGlmeSB0aGUgc2VuZGVyIGlt
bWVkaWF0ZWx5IGFuZCBkbyBub3QgZGlzY2xvc2UgdGhlIGNvbnRlbnRzIHRvIGFueSBvdGhlciBw
ZXJzb24sIHVzZSBpdCBmb3IgYW55IHB1cnBvc2UsIG9yIHN0b3JlIG9yIGNvcHkgdGhlIGluZm9y
bWF0aW9uIGluIGFueSBtZWRpdW0uIFRoYW5rIHlvdS4NCg==


From nobody Thu Nov 23 02:31:44 2017
Return-Path: <cabo@tzi.org>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C9B071287A3 for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 02:31:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z8_xpyZj7lwt for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 02:31:40 -0800 (PST)
Received: from mailhost.informatik.uni-bremen.de (mailhost.informatik.uni-bremen.de [IPv6:2001:638:708:30c9::12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 41DB412420B for <suit@ietf.org>; Thu, 23 Nov 2017 02:31:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at informatik.uni-bremen.de
Received: from submithost.informatik.uni-bremen.de (submithost.informatik.uni-bremen.de [134.102.201.11]) by mailhost.informatik.uni-bremen.de (8.14.5/8.14.5) with ESMTP id vANAVUmu024912; Thu, 23 Nov 2017 11:31:30 +0100 (CET)
Received: from [192.168.217.124] (p5DC7E827.dip0.t-ipconnect.de [93.199.232.39]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by submithost.informatik.uni-bremen.de (Postfix) with ESMTPSA id 3yjFwy2PV9zDWsk; Thu, 23 Nov 2017 11:31:30 +0100 (CET)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <AM4PR0801MB2706CCE1F426621EC437FEE7FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
Date: Thu, 23 Nov 2017 11:31:29 +0100
Cc: Suhas Nandakumar <suhasietf@gmail.com>, "suit@ietf.org" <suit@ietf.org>
X-Mao-Original-Outgoing-Id: 533125889.488229-f7c8ba5eb67833863d79649ca868aaa8
Content-Transfer-Encoding: quoted-printable
Message-Id: <0F2EC7AB-A841-4219-B576-FE9131A2E500@tzi.org>
References: <CAMRcRGQo_3ygGXeOEc0KR=E97Oax85p1L0UV62mMtv2E0zggaw@mail.gmail.com> <AM4PR0801MB270630DAF02E36407E12B79DFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <48439ED2-6618-4987-BC56-0D059F012890@tzi.org> <AM4PR0801MB2706CCE1F426621EC437FEE7FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/2iFiwyT9GG0BWxZ1MVmwisXvG0g>
Subject: Re: [Suit] Manifest Formats
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Nov 2017 10:31:43 -0000

On Nov 23, 2017, at 09:09, Hannes Tschofenig <Hannes.Tschofenig@arm.com> =
wrote:
>=20
> Format here means having an ASN.1, XML, JSON, CBOR, etc. encodings of =
the manifest (+ the appropriate security mechanisms).

But that list is rather confused/ing.

ASN.1 is an abstract syntax notation, i.e. a data model specification =
language.
It comes with a number of serializations such as BER/DER and OER (or =
even XER).
While BER/DER has history in the IETF, you=E2=80=99d probably want to =
use OER in a car.

XML is a generic data model with two serializations: XML character =
format and EXI.  It is often used with one of three data model =
specification languages: XML DTD, XSD, and Relax-NG (ASN.1 via XER is =
theoretically possible, but rarely used).  IETF also uses YANG to =
specify data models that are then serialized in XML.

JSON and CBOR are two serializations for a common generic data model =
(which has been made extensible, and was extended, for CBOR).
No dominating data model specification language has evolved in this =
space, although IETF has been using YANG and CDDL.

BER/DER has PKCS7/CMS as a security spec (which uses ASN.1 as its data =
model specification language).

I don=E2=80=99t know a security spec that would be applicable for XML in =
this space.

JSON and CBOR come with JOSE and COSE, respectively; the latter uses =
CDDL as its data model specification language.  There is currently no =
way to specify these security data models in YANG.

What exactly do you mean by =E2=80=9Cformat" now?  I would have thought =
that would be the specific data model of the manifest, including =
security mechanisms, combined with a preferred serialization.

Gr=C3=BC=C3=9Fe, Carsten


From nobody Thu Nov 23 02:39:01 2017
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9AD8712896F for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 02:39:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Level: 
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EKxbcEa0Lery for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 02:38:58 -0800 (PST)
Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-eopbgr20067.outbound.protection.outlook.com [40.107.2.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4E9DF128959 for <suit@ietf.org>; Thu, 23 Nov 2017 02:38:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=dXrtIreOuk2r7Rygosa9CJgN6C1s0PuIePmnkLiC78o=; b=Duflkg7PeWb47Gx0BPx9ot1CRlZVjFyGFtP7kjra/nbKtpcI64G3tPvSGPDQud0rnyfwwlpE+3zMY9axmbseGhpu05Rtjfrs+nX9NULKcXht+flk0oVsG8ndfsRn175ZhCHupQyXr5hbyBd9dPjJjk9qEUdt4AdWviDT9PFgNe0=
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com (10.167.90.148) by AM4PR0801MB2707.eurprd08.prod.outlook.com (10.167.90.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.239.5; Thu, 23 Nov 2017 10:38:55 +0000
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::edae:da33:a0c9:fe3f]) by AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::edae:da33:a0c9:fe3f%13]) with mapi id 15.20.0239.009; Thu, 23 Nov 2017 10:38:55 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Carsten Bormann <cabo@tzi.org>
CC: Suhas Nandakumar <suhasietf@gmail.com>, "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] Manifest Formats
Thread-Index: AQHTY+td/mA+/vbT2kSyVEnPOS/e4aMhkjBQgAAIi4CAAAAcEIAAKcSAgAAAxOA=
Date: Thu, 23 Nov 2017 10:38:55 +0000
Message-ID: <AM4PR0801MB27067F7EBCB4CDEE2AA6CC41FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
References: <CAMRcRGQo_3ygGXeOEc0KR=E97Oax85p1L0UV62mMtv2E0zggaw@mail.gmail.com> <AM4PR0801MB270630DAF02E36407E12B79DFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <48439ED2-6618-4987-BC56-0D059F012890@tzi.org> <AM4PR0801MB2706CCE1F426621EC437FEE7FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <0F2EC7AB-A841-4219-B576-FE9131A2E500@tzi.org>
In-Reply-To: <0F2EC7AB-A841-4219-B576-FE9131A2E500@tzi.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [80.92.114.7]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM4PR0801MB2707; 6:dRu/OdxBv/eSQ+vYAM2116wn/DWfNQ+I5l6DyJ1qih0wxanj6PktaAPl9zTK6PNxrfwMawNUWm9LKjT5iDS0h7eFwsAhftnhIqjmahcRFJIq5ByJzbBrm24ni6IKGekkTol3mbPuQySx5V4OBjWvV4dHzfFcKYoCScr5oouVVEvIntvlZcGXS0zs7aHub4SIdedldgXED3C+FW1aVTTXmxpZCdNxiHSvwnTmtrWEeIuuzUoI6gFtNkBXaXZK6cmCDTtVfVw+2pJzspq4YXd4KzuHfC/FVKcuOzuJSlBu8mHkBl0TE2hFNNSvbDATEXUaKI/2U+FXsAXgQNaHTjclUpziq+SDi4D4VTX8yJ6IwXU=; 5:Yf8N0vVnLY29lF6ByjsTV4PK3LsDMzhUsfYAL/twDu89rGScW7n0JPvcumZ6KrZ/1NQCq41jkwXvJ7gS3zeS9qqmaJcSwGOx6cj+0tOC+qA7fr2yQVFbYSFI39YTzwFlqgM9/OdNxcM92zIv6/NJUlPERHx1aSeeD+5w9/MlI0M=; 24:yY+3psT1vxuPBriCOCOg3hxbni1GYy1EnFnl3RpCuibEgDSA8DsnX2d/r3XEMvugfh3va8dIxs0jaLDYEWMYlio7FEppiAI9KWmQ83Z2Q/o=; 7:fvhXDy8N1yJiyuXd89lFcJg/IUn7ViX6VXFDeP6vcfun+Tubboou+1WF9ZKGOqY9Bp6r/dQKM7w/PQTci3//N+dT81M2lAQTjP1EkMPWEFgczgsAr/0ITJO98A7c+2YJsTgi5EF7N+42IHAQgrIaMao/70bGPvUS200tq8eP7zwA2b8515cIoYLDQGlquIK4PmLc72LcI2j/oNizqB3OsJYLmmZNeb+j8kpqdgtXsyLPAAvf4dH9sFDhHCcuYNZ1
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 453cd163-4a54-4848-5b9c-08d5325e65a5
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(48565401081)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(5600025)(4604075)(2017052603258); SRVR:AM4PR0801MB2707; 
x-ms-traffictypediagnostic: AM4PR0801MB2707:
x-microsoft-antispam-prvs: <AM4PR0801MB2707C323A3F86F080B8E80D6FA210@AM4PR0801MB2707.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(180628864354917)(192374486261705);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(93006095)(93001095)(3002001)(3231022)(100000703101)(100105400095)(10201501046)(6055026)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(20161123558100)(20161123564025)(20161123562025)(20161123555025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:AM4PR0801MB2707; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:AM4PR0801MB2707; 
x-forefront-prvs: 05009853EF
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(346002)(376002)(39860400002)(366004)(199003)(40434004)(189002)(13464003)(24454002)(6506006)(8676002)(39060400002)(5250100002)(54356999)(50986999)(76176999)(72206003)(99286004)(101416001)(478600001)(3846002)(102836003)(2900100001)(6116002)(106356001)(105586002)(189998001)(7736002)(305945005)(6436002)(25786009)(74316002)(33656002)(81156014)(5660300001)(4326008)(7696004)(55016002)(81166006)(6916009)(53546010)(2950100002)(54906003)(53936002)(5890100001)(86362001)(229853002)(93886005)(316002)(3660700001)(6246003)(2906002)(8936002)(68736007)(97736004)(66066001)(3280700002)(9686003)(14454004); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR0801MB2707; H:AM4PR0801MB2706.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com; 
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 453cd163-4a54-4848-5b9c-08d5325e65a5
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Nov 2017 10:38:55.5662 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0801MB2707
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/W4aiG87ISkZOnZrU96PI9w1QNhI>
Subject: Re: [Suit] Manifest Formats
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Nov 2017 10:39:00 -0000

SGkgQ2Fyc3RlbiwNCg0KWWVzLCB0aGVyZSBhcmUgbG90cyBvZiBkZXRhaWxzIHRvIGRpc2N1c3Mg
YnV0IGRvIHlvdSB0aGluayB0aGF0IGFueSBvZiB0aGlzIHNob3VsZCBnbyBpbnRvIHRoZSBjaGFy
dGVyIChnaXZlbiB0aGF0IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGNoYXJ0ZXIgYWxyZWFk
eSBzYXlzIHRoYXQgd2Ugd2lsbCBkaXNjdXNzIHRoaXMgYW5kIHBpY2sgb25lIG9yIG11bHRpcGxl
IGZvcm1hdHMpPw0KDQpDaWFvDQpIYW5uZXMNCg0KLS0tLS1PcmlnaW5hbCBNZXNzYWdlLS0tLS0N
CkZyb206IENhcnN0ZW4gQm9ybWFubiBbbWFpbHRvOmNhYm9AdHppLm9yZ10NClNlbnQ6IDIzIE5v
dmVtYmVyIDIwMTcgMTE6MzENClRvOiBIYW5uZXMgVHNjaG9mZW5pZw0KQ2M6IFN1aGFzIE5hbmRh
a3VtYXI7IHN1aXRAaWV0Zi5vcmcNClN1YmplY3Q6IFJlOiBbU3VpdF0gTWFuaWZlc3QgRm9ybWF0
cw0KDQpPbiBOb3YgMjMsIDIwMTcsIGF0IDA5OjA5LCBIYW5uZXMgVHNjaG9mZW5pZyA8SGFubmVz
LlRzY2hvZmVuaWdAYXJtLmNvbT4gd3JvdGU6DQo+DQo+IEZvcm1hdCBoZXJlIG1lYW5zIGhhdmlu
ZyBhbiBBU04uMSwgWE1MLCBKU09OLCBDQk9SLCBldGMuIGVuY29kaW5ncyBvZiB0aGUgbWFuaWZl
c3QgKCsgdGhlIGFwcHJvcHJpYXRlIHNlY3VyaXR5IG1lY2hhbmlzbXMpLg0KDQpCdXQgdGhhdCBs
aXN0IGlzIHJhdGhlciBjb25mdXNlZC9pbmcuDQoNCkFTTi4xIGlzIGFuIGFic3RyYWN0IHN5bnRh
eCBub3RhdGlvbiwgaS5lLiBhIGRhdGEgbW9kZWwgc3BlY2lmaWNhdGlvbiBsYW5ndWFnZS4NCkl0
IGNvbWVzIHdpdGggYSBudW1iZXIgb2Ygc2VyaWFsaXphdGlvbnMgc3VjaCBhcyBCRVIvREVSIGFu
ZCBPRVIgKG9yIGV2ZW4gWEVSKS4NCldoaWxlIEJFUi9ERVIgaGFzIGhpc3RvcnkgaW4gdGhlIElF
VEYsIHlvdeKAmWQgcHJvYmFibHkgd2FudCB0byB1c2UgT0VSIGluIGEgY2FyLg0KDQpYTUwgaXMg
YSBnZW5lcmljIGRhdGEgbW9kZWwgd2l0aCB0d28gc2VyaWFsaXphdGlvbnM6IFhNTCBjaGFyYWN0
ZXIgZm9ybWF0IGFuZCBFWEkuICBJdCBpcyBvZnRlbiB1c2VkIHdpdGggb25lIG9mIHRocmVlIGRh
dGEgbW9kZWwgc3BlY2lmaWNhdGlvbiBsYW5ndWFnZXM6IFhNTCBEVEQsIFhTRCwgYW5kIFJlbGF4
LU5HIChBU04uMSB2aWEgWEVSIGlzIHRoZW9yZXRpY2FsbHkgcG9zc2libGUsIGJ1dCByYXJlbHkg
dXNlZCkuICBJRVRGIGFsc28gdXNlcyBZQU5HIHRvIHNwZWNpZnkgZGF0YSBtb2RlbHMgdGhhdCBh
cmUgdGhlbiBzZXJpYWxpemVkIGluIFhNTC4NCg0KSlNPTiBhbmQgQ0JPUiBhcmUgdHdvIHNlcmlh
bGl6YXRpb25zIGZvciBhIGNvbW1vbiBnZW5lcmljIGRhdGEgbW9kZWwgKHdoaWNoIGhhcyBiZWVu
IG1hZGUgZXh0ZW5zaWJsZSwgYW5kIHdhcyBleHRlbmRlZCwgZm9yIENCT1IpLg0KTm8gZG9taW5h
dGluZyBkYXRhIG1vZGVsIHNwZWNpZmljYXRpb24gbGFuZ3VhZ2UgaGFzIGV2b2x2ZWQgaW4gdGhp
cyBzcGFjZSwgYWx0aG91Z2ggSUVURiBoYXMgYmVlbiB1c2luZyBZQU5HIGFuZCBDRERMLg0KDQpC
RVIvREVSIGhhcyBQS0NTNy9DTVMgYXMgYSBzZWN1cml0eSBzcGVjICh3aGljaCB1c2VzIEFTTi4x
IGFzIGl0cyBkYXRhIG1vZGVsIHNwZWNpZmljYXRpb24gbGFuZ3VhZ2UpLg0KDQpJIGRvbuKAmXQg
a25vdyBhIHNlY3VyaXR5IHNwZWMgdGhhdCB3b3VsZCBiZSBhcHBsaWNhYmxlIGZvciBYTUwgaW4g
dGhpcyBzcGFjZS4NCg0KSlNPTiBhbmQgQ0JPUiBjb21lIHdpdGggSk9TRSBhbmQgQ09TRSwgcmVz
cGVjdGl2ZWx5OyB0aGUgbGF0dGVyIHVzZXMgQ0RETCBhcyBpdHMgZGF0YSBtb2RlbCBzcGVjaWZp
Y2F0aW9uIGxhbmd1YWdlLiAgVGhlcmUgaXMgY3VycmVudGx5IG5vIHdheSB0byBzcGVjaWZ5IHRo
ZXNlIHNlY3VyaXR5IGRhdGEgbW9kZWxzIGluIFlBTkcuDQoNCldoYXQgZXhhY3RseSBkbyB5b3Ug
bWVhbiBieSDigJxmb3JtYXQiIG5vdz8gIEkgd291bGQgaGF2ZSB0aG91Z2h0IHRoYXQgd291bGQg
YmUgdGhlIHNwZWNpZmljIGRhdGEgbW9kZWwgb2YgdGhlIG1hbmlmZXN0LCBpbmNsdWRpbmcgc2Vj
dXJpdHkgbWVjaGFuaXNtcywgY29tYmluZWQgd2l0aCBhIHByZWZlcnJlZCBzZXJpYWxpemF0aW9u
Lg0KDQpHcsO8w59lLCBDYXJzdGVuDQoNCklNUE9SVEFOVCBOT1RJQ0U6IFRoZSBjb250ZW50cyBv
ZiB0aGlzIGVtYWlsIGFuZCBhbnkgYXR0YWNobWVudHMgYXJlIGNvbmZpZGVudGlhbCBhbmQgbWF5
IGFsc28gYmUgcHJpdmlsZWdlZC4gSWYgeW91IGFyZSBub3QgdGhlIGludGVuZGVkIHJlY2lwaWVu
dCwgcGxlYXNlIG5vdGlmeSB0aGUgc2VuZGVyIGltbWVkaWF0ZWx5IGFuZCBkbyBub3QgZGlzY2xv
c2UgdGhlIGNvbnRlbnRzIHRvIGFueSBvdGhlciBwZXJzb24sIHVzZSBpdCBmb3IgYW55IHB1cnBv
c2UsIG9yIHN0b3JlIG9yIGNvcHkgdGhlIGluZm9ybWF0aW9uIGluIGFueSBtZWRpdW0uIFRoYW5r
IHlvdS4NCg==


From nobody Thu Nov 23 02:42:25 2017
Return-Path: <cabo@tzi.org>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 93789127B60 for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 02:42:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Fm1MGE-yXid6 for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 02:42:17 -0800 (PST)
Received: from mailhost.informatik.uni-bremen.de (mailhost.informatik.uni-bremen.de [IPv6:2001:638:708:30c9::12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6202012896F for <suit@ietf.org>; Thu, 23 Nov 2017 02:42:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at informatik.uni-bremen.de
Received: from submithost.informatik.uni-bremen.de (submithost.informatik.uni-bremen.de [IPv6:2001:638:708:30c9::b]) by mailhost.informatik.uni-bremen.de (8.14.5/8.14.5) with ESMTP id vANAg9tM003562; Thu, 23 Nov 2017 11:42:09 +0100 (CET)
Received: from [192.168.217.124] (p5DC7E827.dip0.t-ipconnect.de [93.199.232.39]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by submithost.informatik.uni-bremen.de (Postfix) with ESMTPSA id 3yjG9F3VpFzDWt7; Thu, 23 Nov 2017 11:42:09 +0100 (CET)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <AM4PR0801MB27067F7EBCB4CDEE2AA6CC41FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
Date: Thu, 23 Nov 2017 11:42:08 +0100
Cc: "suit@ietf.org" <suit@ietf.org>, Suhas Nandakumar <suhasietf@gmail.com>
X-Mao-Original-Outgoing-Id: 533126528.290299-4aab022302136f6606bd4a1c61ee6ab0
Content-Transfer-Encoding: quoted-printable
Message-Id: <68033829-6706-4A86-BAD4-A6D7B331341C@tzi.org>
References: <CAMRcRGQo_3ygGXeOEc0KR=E97Oax85p1L0UV62mMtv2E0zggaw@mail.gmail.com> <AM4PR0801MB270630DAF02E36407E12B79DFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <48439ED2-6618-4987-BC56-0D059F012890@tzi.org> <AM4PR0801MB2706CCE1F426621EC437FEE7FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <0F2EC7AB-A841-4219-B576-FE9131A2E500@tzi.org> <AM4PR0801MB27067F7EBCB4CDEE2AA6CC41FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/FRZ3vAF2ClBLUQdirQN9a6SnSso>
Subject: Re: [Suit] Manifest Formats
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Nov 2017 10:42:23 -0000

On Nov 23, 2017, at 11:38, Hannes Tschofenig <Hannes.Tschofenig@arm.com> =
wrote:
>=20
> Hi Carsten,
>=20
> Yes, there are lots of details to discuss but do you think that any of =
this should go into the charter (given that the current version of the =
charter already says that we will discuss this and pick one or multiple =
formats)?

Well, I=E2=80=99d say we=E2=80=99ll design a format and pick one or more =
serializations for it.
I was just trying to explain why the term =E2=80=9Cformat=E2=80=9D maybe =
is a bit too fuzzy in those places of the charter where we want to be =
specific.

Gr=C3=BC=C3=9Fe, Carsten


>=20
> Ciao
> Hannes
>=20
> -----Original Message-----
> From: Carsten Bormann [mailto:cabo@tzi.org]
> Sent: 23 November 2017 11:31
> To: Hannes Tschofenig
> Cc: Suhas Nandakumar; suit@ietf.org
> Subject: Re: [Suit] Manifest Formats
>=20
> On Nov 23, 2017, at 09:09, Hannes Tschofenig =
<Hannes.Tschofenig@arm.com> wrote:
>>=20
>> Format here means having an ASN.1, XML, JSON, CBOR, etc. encodings of =
the manifest (+ the appropriate security mechanisms).
>=20
> But that list is rather confused/ing.
>=20
> ASN.1 is an abstract syntax notation, i.e. a data model specification =
language.
> It comes with a number of serializations such as BER/DER and OER (or =
even XER).
> While BER/DER has history in the IETF, you=E2=80=99d probably want to =
use OER in a car.
>=20
> XML is a generic data model with two serializations: XML character =
format and EXI.  It is often used with one of three data model =
specification languages: XML DTD, XSD, and Relax-NG (ASN.1 via XER is =
theoretically possible, but rarely used).  IETF also uses YANG to =
specify data models that are then serialized in XML.
>=20
> JSON and CBOR are two serializations for a common generic data model =
(which has been made extensible, and was extended, for CBOR).
> No dominating data model specification language has evolved in this =
space, although IETF has been using YANG and CDDL.
>=20
> BER/DER has PKCS7/CMS as a security spec (which uses ASN.1 as its data =
model specification language).
>=20
> I don=E2=80=99t know a security spec that would be applicable for XML =
in this space.
>=20
> JSON and CBOR come with JOSE and COSE, respectively; the latter uses =
CDDL as its data model specification language.  There is currently no =
way to specify these security data models in YANG.
>=20
> What exactly do you mean by =E2=80=9Cformat" now?  I would have =
thought that would be the specific data model of the manifest, including =
security mechanisms, combined with a preferred serialization.
>=20
> Gr=C3=BC=C3=9Fe, Carsten
>=20
> IMPORTANT NOTICE: The contents of this email and any attachments are =
confidential and may also be privileged. If you are not the intended =
recipient, please notify the sender immediately and do not disclose the =
contents to any other person, use it for any purpose, or store or copy =
the information in any medium. Thank you.
> _______________________________________________
> Suit mailing list
> Suit@ietf.org
> https://www.ietf.org/mailman/listinfo/suit
>=20
>=20


From nobody Thu Nov 23 02:48:35 2017
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 705CD128792 for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 02:48:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Level: 
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id flS8vVn6cHLz for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 02:48:31 -0800 (PST)
Received: from EUR03-AM5-obe.outbound.protection.outlook.com (mail-eopbgr30045.outbound.protection.outlook.com [40.107.3.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 69FD212878D for <suit@ietf.org>; Thu, 23 Nov 2017 02:48:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=+AtwWYtpnaoHy7Wsw+WZqd3X86qEUzeLGKGCEO2zORg=; b=VYaMZeodKK0L6hKKb7NjBhpjtonqVa3A0M7aPrR3x1t7a6RHi6EtazOoULi3gLPWIuz0hRe/E7OnFtYvyECCOJxD5vi+FomxMPmkOVdFrd8zYFjeR/3PczLQ/NkNWPrgPDwJ6wANRm8o7bss4cYMv4UawkmzfKAPFpzTEyRm/qY=
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com (10.167.90.148) by AM4PR0801MB2705.eurprd08.prod.outlook.com (10.167.90.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.239.5; Thu, 23 Nov 2017 10:48:28 +0000
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::edae:da33:a0c9:fe3f]) by AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::edae:da33:a0c9:fe3f%13]) with mapi id 15.20.0239.009; Thu, 23 Nov 2017 10:48:28 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Carsten Bormann <cabo@tzi.org>
CC: "suit@ietf.org" <suit@ietf.org>, Suhas Nandakumar <suhasietf@gmail.com>
Thread-Topic: [Suit] Manifest Formats
Thread-Index: AQHTY+td/mA+/vbT2kSyVEnPOS/e4aMhkjBQgAAIi4CAAAAcEIAAKcSAgAAAxOCAAAI1AIAAABtA
Date: Thu, 23 Nov 2017 10:48:28 +0000
Message-ID: <AM4PR0801MB2706E5E1BD2C996BEB5A4A40FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
References: <CAMRcRGQo_3ygGXeOEc0KR=E97Oax85p1L0UV62mMtv2E0zggaw@mail.gmail.com> <AM4PR0801MB270630DAF02E36407E12B79DFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <48439ED2-6618-4987-BC56-0D059F012890@tzi.org> <AM4PR0801MB2706CCE1F426621EC437FEE7FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <0F2EC7AB-A841-4219-B576-FE9131A2E500@tzi.org> <AM4PR0801MB27067F7EBCB4CDEE2AA6CC41FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <68033829-6706-4A86-BAD4-A6D7B331341C@tzi.org>
In-Reply-To: <68033829-6706-4A86-BAD4-A6D7B331341C@tzi.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com; 
x-originating-ip: [80.92.114.7]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM4PR0801MB2705; 6:Y2893132I+9PlV3/BR26xGmjpRRrJ2TlmbQy5Mjil9ztbRWNKljKCPwPxEt+QfA4Snoq6m7UzL35sTXC5IwEt16GcULVPThZNwNHOtkmJq6p+zuE2+BAEkmMAYxJjy6vTXnwUwdCWfJiFQ8ig2MkFTingHfyZFQg1WeVcvCj37LEK4xjNDpluYNUFQK8U15QouGTijtSZbeM0FhH1eln10B19GI2bRpVumT4ltI0+f/3WeZnI3FrY0SmYlcSBdKaiAzkp9vCiVKpTV/dWCBdiIXb/8m1bwiEjYTp1e6Fq5aXtRZDEYoklGAO1Zf2lbZ3zw11rwz50lyghPJikyzsGdBkCoSXRrZGm5EMiT5r04o=; 5:zAa0ZIRcQwJxqebaFsLmke66mHVFK0qfk+XJWH77eBjVu+iY0jXO7c866SQE4fmzX/0evoQEAV9XzQxhmIzNWe9t6ZupmRwLhTQh1s6E11f/b6fShXCdUDeyIEijZ44cTVJZiDItFQ9ueR977ru+aF9pgyEX7DOg2wtoRw5oMd4=; 24:s+KC3c/GUP+glOM2ARIsivp3ogCJ31BXA/0SA87fFz0+AnRbTN/g8H4JH+11B00J4yOAYF1tZt/EyJmhycqcKpQXfSIHKBnOsdBJrk+uzus=; 7:mDuUsrOXGsRQY4t9cZxCN+C2BfO7DBI+mxcobO1MkbPMb/sdMt+PS084CsxvB6mrIIZxyI6YdZrERF6KDKA/wRMpbkKLZ9Y2mKi5WqnGv0sci9qmJOZx+6g0faNahYrGCukW5WNUmXBw/GZPtfppGcxbsgjuLZwc3s0HoEYc7JSMZI9wzNsCxVHClk27qJkX99gYLoWfo8Y3+a2XgEztfp4dsO4bLqrYn/+dH1nr+/nAMxJJGU2vDLIEV1e7bSzF
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 0e1acf76-eccb-4348-8703-08d5325fbb0a
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(5600025)(4604075)(2017052603199); SRVR:AM4PR0801MB2705; 
x-ms-traffictypediagnostic: AM4PR0801MB2705:
x-microsoft-antispam-prvs: <AM4PR0801MB2705C626C1E049403934E665FA210@AM4PR0801MB2705.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(100000703101)(100105400095)(10201501046)(3002001)(93006095)(93001095)(3231022)(6055026)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123562025)(20161123564025)(20161123560025)(20161123555025)(20161123558100)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:AM4PR0801MB2705; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:AM4PR0801MB2705; 
x-forefront-prvs: 05009853EF
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(366004)(39860400002)(376002)(346002)(189002)(40434004)(199003)(189998001)(86362001)(81166006)(81156014)(74316002)(7736002)(5250100002)(305945005)(72206003)(7696004)(2950100002)(2906002)(3660700001)(8676002)(3280700002)(6916009)(5660300001)(66066001)(14454004)(106356001)(105586002)(2900100001)(4326008)(9686003)(3846002)(102836003)(5890100001)(6246003)(478600001)(97736004)(6436002)(33656002)(54906003)(53936002)(6506006)(101416001)(316002)(229853002)(55016002)(8936002)(68736007)(39060400002)(93886005)(76176999)(50986999)(99286004)(54356999)(25786009)(6116002); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR0801MB2705; H:AM4PR0801MB2706.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 0e1acf76-eccb-4348-8703-08d5325fbb0a
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Nov 2017 10:48:28.3166 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0801MB2705
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/w1ptWYmJ6ahdQpx3VzeyWKS7PaU>
Subject: Re: [Suit] Manifest Formats
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Nov 2017 10:48:33 -0000

SGkgQ2Fyc3RlbiwNCg0KPiBXZWxsLCBJ4oCZZCBzYXkgd2XigJlsbCBkZXNpZ24gYSBmb3JtYXQg
YW5kIHBpY2sgb25lIG9yIG1vcmUgc2VyaWFsaXphdGlvbnMgZm9yIGl0Lg0KPiBJIHdhcyBqdXN0
IHRyeWluZyB0byBleHBsYWluIHdoeSB0aGUgdGVybSDigJxmb3JtYXTigJ0gbWF5YmUgaXMgYSBi
aXQgdG9vIGZ1enp5IGluIHRob3NlIHBsYWNlcyBvZiB0aGUgY2hhcnRlciB3aGVyZSB3ZSB3YW50
IHRvIGJlIHNwZWNpZmljLg0KDQpGb3IgbWUgdGhlIHF1ZXN0aW9uIHdhcyB3aGV0aGVyIHdlIHJl
c3RyaWN0IHRoZSBkZXNpZ24gYXQgY2hhcnRlciB3cml0aW5nIHRpbWUgb3Igd2hlbiB0aGUgZ3Jv
dXAgd2FzIGZvcm1lZC4gSSBwcmVmZXJyZWQgdGhlIGZvcm1lciBhbmQgbG9zdC4gU28sIG5vdyB3
ZSBkbyBpdCBsYXR0ZXIuIFRoYXQncyBmaW5lLg0KQWRkaW5nIHRoZSBkaXN0aW5jdGlvbiBiZXR3
ZWVuIGZvcm1hdCBhbmQgc2VyaWFsaXphdGlvbiBpbiB0aGUgY2hhcnRlciB3aWxsIG5vdCBtYWtl
IGFueSBkaWZmZXJlbmNlIElNSE8uIEkgdGhpbmsgd2UgYXJlIGp1c3QgZGFuY2luZyBhcm91bmQg
dGhlIHRvcGljLg0KDQpMZXQgdXMgZmluaXNoIHRoZSBjaGFydGVyIGFuZCBzdGFydCB0aGUgcmVh
bCB3b3JrLg0KDQpDaWFvDQpIYW5uZXMNCklNUE9SVEFOVCBOT1RJQ0U6IFRoZSBjb250ZW50cyBv
ZiB0aGlzIGVtYWlsIGFuZCBhbnkgYXR0YWNobWVudHMgYXJlIGNvbmZpZGVudGlhbCBhbmQgbWF5
IGFsc28gYmUgcHJpdmlsZWdlZC4gSWYgeW91IGFyZSBub3QgdGhlIGludGVuZGVkIHJlY2lwaWVu
dCwgcGxlYXNlIG5vdGlmeSB0aGUgc2VuZGVyIGltbWVkaWF0ZWx5IGFuZCBkbyBub3QgZGlzY2xv
c2UgdGhlIGNvbnRlbnRzIHRvIGFueSBvdGhlciBwZXJzb24sIHVzZSBpdCBmb3IgYW55IHB1cnBv
c2UsIG9yIHN0b3JlIG9yIGNvcHkgdGhlIGluZm9ybWF0aW9uIGluIGFueSBtZWRpdW0uIFRoYW5r
IHlvdS4NCg==


From nobody Thu Nov 23 03:06:55 2017
Return-Path: <henk.birkholz@sit.fraunhofer.de>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC431128959 for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 03:06:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level: 
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id US8PQSQdgBUp for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 03:06:52 -0800 (PST)
Received: from mail-edgeKA24.fraunhofer.de (mail-edgeka24.fraunhofer.de [153.96.1.24]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C3F012878D for <suit@ietf.org>; Thu, 23 Nov 2017 03:06:50 -0800 (PST)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A2HpBACh299Z/xoHYZlXBx0BBQELAYNdgVIug3OZUYFLK5Y9ggQKhTsChD9DFAECAQEBAQEBAQNoKIUeAQUjDwEFUQkCGAICJgICRxAGDQgBAReKAgEEjgacMxGBI4InizwBCwElgQ6CH4IHgVGBaiuCf4RSARIBCQNfgkeCYQWhRIEIgSaJEpUHBYculT4CBAYFAhkBgTk2IoEDC1MmXYceiggPGAOBCQGBEAEBAQ
X-IPAS-Result: A2HpBACh299Z/xoHYZlXBx0BBQELAYNdgVIug3OZUYFLK5Y9ggQKhTsChD9DFAECAQEBAQEBAQNoKIUeAQUjDwEFUQkCGAICJgICRxAGDQgBAReKAgEEjgacMxGBI4InizwBCwElgQ6CH4IHgVGBaiuCf4RSARIBCQNfgkeCYQWhRIEIgSaJEpUHBYculT4CBAYFAhkBgTk2IoEDC1MmXYceiggPGAOBCQGBEAEBAQ
X-IronPort-AV: E=Sophos;i="5.43,368,1503352800";  d="scan'208";a="1567701"
Received: from mail-mtas26.fraunhofer.de ([153.97.7.26]) by mail-edgeKA24.fraunhofer.de with ESMTP/TLS/DHE-RSA-AES256-SHA; 23 Nov 2017 12:06:49 +0100
X-IronPort-AV: E=Sophos;i="5.44,441,1505772000";  d="scan'208";a="3715417"
X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown
Received: from mailext.sit.fraunhofer.de ([141.12.72.89]) by mail-mtaS26.fraunhofer.de with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 23 Nov 2017 12:06:47 +0100
Received: from mail.sit.fraunhofer.de (mail.sit.fraunhofer.de [141.12.84.171]) by mailext.sit.fraunhofer.de (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id vANB6jI4008362 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <suit@ietf.org>; Thu, 23 Nov 2017 12:06:46 +0100
Received: from [134.102.160.161] (134.102.160.161) by mail.sit.fraunhofer.de (141.12.84.171) with Microsoft SMTP Server (TLS) id 14.3.361.1; Thu, 23 Nov 2017 12:06:40 +0100
To: <suit@ietf.org>
References: <CAMRcRGQbXX5Cog=Jccgrkuz48oGnw0v3AAx-N20UaZhXbW=H5g@mail.gmail.com> <589.1511394367@obiwan.sandelman.ca> <AM4PR0801MB2706942518011D9489B0DC6DFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <512a039b-ca00-5cf7-bee1-988942e4656b@sit.fraunhofer.de> <AM4PR0801MB27067933617964FF23228B87FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
From: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
Message-ID: <d4475dcb-828f-00e9-4dc4-f23e8aade2fa@sit.fraunhofer.de>
Date: Thu, 23 Nov 2017 12:06:39 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <AM4PR0801MB27067933617964FF23228B87FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
Content-Type: text/plain; charset="utf-8"; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Originating-IP: [134.102.160.161]
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/T03kszfb1Brp_8Ibz7IYnO2SlSE>
Subject: Re: [Suit] SUIT Charter: Firmware Server Discovery and Download Mechanism
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Nov 2017 11:06:55 -0000

Hello Hannes,

tl;dr I though the consensus was going into the direction of a small 
list of formats. I consider this to be correct unless consensus shows 
otherwise.




The remainder of this email are just observations:

This statement

On 11/23/2017 11:09 AM, Hannes Tschofenig wrote:
> I may be hard to believe but some companies are actually interested in bringing a standardized manifest format to the market.

in combination with these statements

On 11/23/2017 10:01 AM, Hannes Tschofenig wrote:
> There is separate text in the charter that says the group will pick one or multiple encoding formats.

On 11/23/2017 09:09 AM, Hannes Tschofenig wrote:
> Format here means having an ASN.1, XML, JSON, CBOR, etc. encodings of the manifest (+ the appropriate security mechanisms).

seem to contradict each other?


Either there is a standardized manifest format, or there are multiple 
based on the same data model? Also including ASN.1 in the list is 
somehow confusing to me. If we are talking about format here, I think 
ASN.1 does not fit that list.

And it might also sound surprising, but because some companies (e.g. a 
few that rely on SOTA) are interested in to market solutions, we started 
to address this in drafts before the first TEEP BoF. Now that TEEP is 
emerging, we are splitting the work wrt firmware, and suspended some of 
it to wait for TEEP manifest definition output in order to retain 
interoperability - which is effectively a delay already (but addressing 
a bigger group of stakeholder seems vital, so... viable & necessary).


Viele Grüße,

Henk











From nobody Thu Nov 23 03:17:47 2017
Return-Path: <henk.birkholz@sit.fraunhofer.de>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 125EE127876 for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 03:17:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level: 
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9QFyCwTV55Jn for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 03:17:43 -0800 (PST)
Received: from mail-edgeKA24.fraunhofer.de (mail-edgeka24.fraunhofer.de [153.96.1.24]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0332E12878D for <suit@ietf.org>; Thu, 23 Nov 2017 03:17:42 -0800 (PST)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A2EsAgCh299Z/xoBYJleGgEBAQECAQEBAQgBAQEBgy8uZG4nB4NzmVGBSyuWLw6CBAoYC4FegzoChD9BFgECAQEBAQEBAQNoKIJqRiwBAQEBAQFPAj4sAQEBAwEBASEPAQU2Ag4HBAkCEQQBAQECAhESAwICJx8BCAgGAQwGAgEBFQKJewcBBAyNep1ngieLPAEBAQEBAQEBAQEBAQEBAQEBAQEBARgFgQ6CH4E1UoFRbkwwK4J/gT2DAxIBEgEHRBOCVIJhBZhNiHeBCIEmjHOHXRuFWYNVBYFQhV6VPgIEBgUCGQGBOSYKKIEDC1MmXYUmgXh1AYkhgSQBgRABAQE
X-IPAS-Result: A2EsAgCh299Z/xoBYJleGgEBAQECAQEBAQgBAQEBgy8uZG4nB4NzmVGBSyuWLw6CBAoYC4FegzoChD9BFgECAQEBAQEBAQNoKIJqRiwBAQEBAQFPAj4sAQEBAwEBASEPAQU2Ag4HBAkCEQQBAQECAhESAwICJx8BCAgGAQwGAgEBFQKJewcBBAyNep1ngieLPAEBAQEBAQEBAQEBAQEBAQEBAQEBARgFgQ6CH4E1UoFRbkwwK4J/gT2DAxIBEgEHRBOCVIJhBZhNiHeBCIEmjHOHXRuFWYNVBYFQhV6VPgIEBgUCGQGBOSYKKIEDC1MmXYUmgXh1AYkhgSQBgRABAQE
X-IronPort-AV: E=Sophos;i="5.43,368,1503352800";  d="scan'208";a="1567925"
Received: from mail-mtaka26.fraunhofer.de ([153.96.1.26]) by mail-edgeKA24.fraunhofer.de with ESMTP/TLS/DHE-RSA-AES256-SHA; 23 Nov 2017 12:17:37 +0100
X-IronPort-AV: E=Sophos;i="5.44,441,1505772000"; d="scan'208";a="270870058"
X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown
Received: from mailext.sit.fraunhofer.de ([141.12.72.89]) by mail-mtaka26.fraunhofer.de with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 23 Nov 2017 12:17:35 +0100
Received: from mail.sit.fraunhofer.de (mail.sit.fraunhofer.de [141.12.84.171]) by mailext.sit.fraunhofer.de (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id vANBHXJu008522 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 23 Nov 2017 12:17:34 +0100
Received: from [134.102.160.161] (134.102.160.161) by mail.sit.fraunhofer.de (141.12.84.171) with Microsoft SMTP Server (TLS) id 14.3.361.1; Thu, 23 Nov 2017 12:17:27 +0100
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, "suit@ietf.org" <suit@ietf.org>
References: <CAMRcRGTGnEc6M1ywrW2TVo7Ueoi4TKhEhBvwriiS9vXE6imZbg@mail.gmail.com> <AM4PR0801MB2706FBF71B766D9929CBA0B1FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <c9e1ae04-00e2-4e25-c84e-c93ed2faf7c1@sit.fraunhofer.de> <AM4PR0801MB27065CB26E49B2BB834644EEFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <308e17f9-e5db-2bb5-3377-c4c19cc177a6@sit.fraunhofer.de> <AM4PR0801MB2706D6B0366F06CFAE962BA0FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
From: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
Message-ID: <7dad9342-c0e9-0e57-1a3b-b1fe33cb55a4@sit.fraunhofer.de>
Date: Thu, 23 Nov 2017 12:17:27 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <AM4PR0801MB2706D6B0366F06CFAE962BA0FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
Content-Type: text/plain; charset="utf-8"; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Originating-IP: [134.102.160.161]
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/-MM4jCZuuhJP0hGDdlEB6FgqoGY>
Subject: Re: [Suit] SUIT Charter: RFC4108 Reference in the charter
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Nov 2017 11:17:46 -0000

Hello Hannes,

because it is misleading, I think (and I was only talking about the RFC 
not the WS) in combination with:

> greater experience with IoT deployments has led to additional functionality

SUIT is not about additional functionality, I think. It is about new work.

And I think the VHS analogy is okay, because like RFC 4108 it is a 
standard and only a relatively small number of stakeholders are planning 
to use it as a guideline for future technology. It is a good reference 
for an existing standard though.

In consequence, RFC 4108 should be mentioned in a corresponding 
documents that cover actual information elements or structure.

In respect to referring to a whole workshop... I have no strong opinion. 
It is just little bit general, I think.


Viele Grüße,

Henk

On 11/23/2017 11:01 AM, Hannes Tschofenig wrote:
> Hi Henk,
> 
> I fail to understand why you are so much against even mentioning prior art in the charter. Just because RFC 4108 or the IAB workshop are mentioned in the charter text does not mean that the group cannot list the requirements in a document again. Where do you get this impression from?
> 
> I am not sure the comparison with VHS is appropriate since we are not writing a charter for a technology that replaces VHS.
> 
> As mentioned to Suhas the purpose of mentioning RFC 4108 and also the IAB workshop is to highlight that the IETF has been looking into this topic before. You prefer not to mention anything about prior IETF work in this area to the reader. Is that correct?
> 
> Ciao
> Hannes
> 
> -----Original Message-----
> From: Henk Birkholz [mailto:henk.birkholz@sit.fraunhofer.de]
> Sent: 23 November 2017 10:10
> To: Hannes Tschofenig; suit@ietf.org
> Subject: Re: [Suit] SUIT Charter: RFC4108 Reference in the charter
> 
> Very good,
> 
> still, the information elements derived from the data model of RFC 4108 would have to be discussed,revised with scrutiny and have to be refactored. It is only state-of-the-art in the sense that VHS is state-of-the-art for analog video tapes, I think.
> 
> The point here is, is the content of 4108 vital enough to be included in the charter? And I would dare to say it is not.
> 
> Starting with requirements from scratch seems to be more productive to me in contrast to make some of the "old things" fit into the "old thing"
> just because it is there (and afak not even used significantly).
> 
> Viele Grüße,
> 
> Henk
> 
> On 11/23/2017 10:01 AM, Hannes Tschofenig wrote:
>> Hi Henk,
>>
>> This is not about coding wars. We are only talking about whether it is useful to mention prior IETF work in the charter. Nothing more.
>>
>> There is separate text in the charter that says the group will pick one or multiple encoding formats.
>>
>> Ciao
>> Hannes
>>
>> -----Original Message-----
>> From: Suit [mailto:suit-bounces@ietf.org] On Behalf Of Henk Birkholz
>> Sent: 23 November 2017 09:59
>> To: suit@ietf.org
>> Subject: Re: [Suit] SUIT Charter: RFC4108 Reference in the charter
>>
>> Hello,
>>
>> calling RFC 4108 "state-of-the-art" is some kind of euphemism, right?
>>
>> I know it is the only good reference in the RFC space - the Concise
>> Software Identifier I-D also references 4108 for over a year now...
>> but we decided to leave only the very basic information elements from
>> RFC
>> 4108 in the CoSWID draft, will finish the current draft and create a corresponding extension draft when SUIT has come to life and agreed on mandatory metadata and optional metatdata information elements to be included in the manifest.
>>
>> RFC 4108 is "pre-IoT" and is based on assumptions that mostly do not exactly apply anymore today, especially encoding wise.
>>
>> I am strongly against encoding wars: but either we extend the expressiveness of 4108 and continue the use of CMS (which, I think, is a lesson learned and might be one of the things we do not want to repeat) or we create a way forward that take into account the requirements today. And Richard and others, for example, had some very good use cases at the first Bar BoF, if I remember correctly.
>>
>> Viele Grüße,
>>
>> Henk
>>
>> On 11/23/2017 08:40 AM, Hannes Tschofenig wrote:
>>> Hi Suhas,
>>>
>>> I think it is helpful in two ways:
>>>
>>> -First RFC 4108 illustrates that the IETF has published a document in
>>> this area already.
>>>
>>> -Second, it is useful background material. I always find it
>>> interesting to take the state-of-the-art into account. Too often we
>>> ignore prior work and repeat the same mistakes over and over again.
>>>
>>> I agree that RFC 4108 is not in widespread use but is the text does
>>> not claim that.
>>>
>>> Ciao
>>>
>>> Hannes
>>>
>>> *From:*Suit [mailto:suit-bounces@ietf.org] *On Behalf Of *Suhas
>>> Nandakumar
>>> *Sent:* 23 November 2017 00:31
>>> *To:* suit@ietf.org
>>> *Subject:* [Suit] SUIT Charter: RFC4108 Reference in the charter
>>>
>>> Hello All
>>>
>>> The charter current says the following on the CMS or RFC 4108
>>>
>>> """
>>>
>>> RFC 4108 provides a manifest format that uses the Cryptographic
>>> Message Syntax (CMS) to protect firmware packages. More than ten
>>> years have passed since the publication of RFC 4108, and greater
>>> experience with IoT deployments has led to additional functionality,
>>> requiring a contemporary standardized solution to be defined.
>>>
>>> """
>>>
>>> I feel this para is not adding value to the WG objectives and should
>>> be removed from the charter. IIRC the BOF discussions also indicated
>>> something on the similar lines and RFC4108 is not in widespread use
>>> as of today.
>>>
>>> Cheers
>>>
>>> Suhas Nandakumar
>>>
>>> IMPORTANT NOTICE: The contents of this email and any attachments are
>>> confidential and may also be privileged. If you are not the intended
>>> recipient, please notify the sender immediately and do not disclose
>>> the contents to any other person, use it for any purpose, or store or
>>> copy the information in any medium. Thank you.
>>>
>>>
>>> _______________________________________________
>>> Suit mailing list
>>> Suit@ietf.org
>>> https://www.ietf.org/mailman/listinfo/suit
>>>
>>
>> _______________________________________________
>> Suit mailing list
>> Suit@ietf.org
>> https://www.ietf.org/mailman/listinfo/suit
>> IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
>>
> IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
> 


From nobody Thu Nov 23 03:22:30 2017
Return-Path: <cabo@tzi.org>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D7270126CE8 for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 03:22:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3EfN5F8HdQeh for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 03:22:26 -0800 (PST)
Received: from mailhost.informatik.uni-bremen.de (mailhost.informatik.uni-bremen.de [IPv6:2001:638:708:30c9::12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C7403128990 for <suit@ietf.org>; Thu, 23 Nov 2017 03:22:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at informatik.uni-bremen.de
Received: from submithost.informatik.uni-bremen.de (submithost.informatik.uni-bremen.de [IPv6:2001:638:708:30c9::b]) by mailhost.informatik.uni-bremen.de (8.14.5/8.14.5) with ESMTP id vANBMKVm008217; Thu, 23 Nov 2017 12:22:20 +0100 (CET)
Received: from [192.168.217.124] (p5DC7E827.dip0.t-ipconnect.de [93.199.232.39]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by submithost.informatik.uni-bremen.de (Postfix) with ESMTPSA id 3yjH3c03ydzDWv4; Thu, 23 Nov 2017 12:22:19 +0100 (CET)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <AM4PR0801MB2706942518011D9489B0DC6DFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
Date: Thu, 23 Nov 2017 12:22:17 +0100
Cc: Michael Richardson <mcr+ietf@sandelman.ca>, Suhas Nandakumar <suhasietf@gmail.com>, "suit@ietf.org" <suit@ietf.org>
X-Mao-Original-Outgoing-Id: 533128937.524411-3fdb7450f729d3340587f79345ba56e4
Content-Transfer-Encoding: quoted-printable
Message-Id: <032ED31A-4956-4418-954B-0F884801D71C@tzi.org>
References: <CAMRcRGQbXX5Cog=Jccgrkuz48oGnw0v3AAx-N20UaZhXbW=H5g@mail.gmail.com> <589.1511394367@obiwan.sandelman.ca> <AM4PR0801MB2706942518011D9489B0DC6DFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/R17_Hkr9vVfhhyKLIgyIVQk14mI>
Subject: Re: [Suit] SUIT Charter: Firmware Server Discovery and Download Mechanism
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Nov 2017 11:22:28 -0000

On Nov 23, 2017, at 08:59, Hannes Tschofenig <Hannes.Tschofenig@arm.com> =
wrote:
>=20
> I am wondering why you don't create your own working group just to =
work on this topic. This would help to create more focused work.

Or use an existing one.  SUIT would be the wrong one, as it focuses on =
securely authorizing firmware updates, although many of the properties =
conveyed in a SUIT manifest will be important for discovery, too.

LWM2M uses CoAP for firmware transfer.
If CoAP (or the CoRE discovery mechanisms) have gaps or shortcomings for =
applications that need to do firmware transfer, I think the CoRE WG =
would be interested to hear about that.  A draft not unlike =
draft-birkholz-yang-push-coap-problemstatement would be wonderful to =
prime this discussion.

Gr=C3=BC=C3=9Fe, Carsten


From nobody Thu Nov 23 07:27:22 2017
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 136F6129459 for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 07:27:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.701
X-Spam-Level: 
X-Spam-Status: No, score=-4.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aYe9F4OYBqes for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 07:27:18 -0800 (PST)
Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-eopbgr00050.outbound.protection.outlook.com [40.107.0.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 76ADB12EAB3 for <suit@ietf.org>; Thu, 23 Nov 2017 07:27:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=wMypbckZW5Pzh7l6ers12fHBt+P9qLnnuOtBiqIBi10=; b=patdXzZbcSz6/8EFtGUtSnN/q1FJMm2gKuMUOkVHh3Wp2Vfw6iZj8y8/0ZxmTcHcMJuV58HrsBCiKPa4wXozjHYveLPHeTgVxf4nanWyIJduO3tc40C2kXnXgD4DqyKvfUz/BHpXc61UtYnMmDC3CHaeC6YCGGAiuFoGS308osA=
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com (10.167.90.148) by AM4PR0801MB2705.eurprd08.prod.outlook.com (10.167.90.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.239.5; Thu, 23 Nov 2017 15:27:15 +0000
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::edae:da33:a0c9:fe3f]) by AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::edae:da33:a0c9:fe3f%13]) with mapi id 15.20.0239.009; Thu, 23 Nov 2017 15:27:15 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>, "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] SUIT Charter: Firmware Server Discovery and Download Mechanism
Thread-Index: AQHTY+nKOBJ15iHy80Of+kwRfWqQtaMhEE6AgACHNyCAABorAIAACz8wgAARgoCAAER7EA==
Date: Thu, 23 Nov 2017 15:27:15 +0000
Message-ID: <AM4PR0801MB270676B2560410315A744BF9FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
References: <CAMRcRGQbXX5Cog=Jccgrkuz48oGnw0v3AAx-N20UaZhXbW=H5g@mail.gmail.com> <589.1511394367@obiwan.sandelman.ca> <AM4PR0801MB2706942518011D9489B0DC6DFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <512a039b-ca00-5cf7-bee1-988942e4656b@sit.fraunhofer.de> <AM4PR0801MB27067933617964FF23228B87FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <d4475dcb-828f-00e9-4dc4-f23e8aade2fa@sit.fraunhofer.de>
In-Reply-To: <d4475dcb-828f-00e9-4dc4-f23e8aade2fa@sit.fraunhofer.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com; 
x-originating-ip: [80.92.114.7]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM4PR0801MB2705; 6:GEWKZcTmL/jsKQ2x9iRRcMqgoIEkTTezF20zNmGMdltsPJdLt7UuNVPeXE2hgkEabbtv0lVFxP/FRNQMWwVnL9pubC5FmzvFypCF/VNlemz4okr17uvGE3aDfAc2+H6Lzy3EYZoqdMsYiO4R64RrovHM8mcz84USTaouzubghUOj3pJNrb0FjltuT7LzGXCH45KcS/7c+iIq/RaxYSq/563+UAyyUwi3X43j/OccCH7Qq2uyyw8O/MHnzlLPRMzjOyR9oZfG5EvLDWUZs3QL1/cHvhKqOyb5kVDcIdZlWNd2Ekbhi5ic5zGt1kNcj9YHy3GOWfQaW/RbDwRSUSvWY9JQMT8J3URyqARPkVC9rgs=; 5:kvFgK5NoJDl7rhdT5nrkuRUtE3irYqQyz34a4QqKlAe1V7IRyNxrpp+AXg269WIcpkqJltXEpAxFbj+79lp7b4zaBLaGE3GDl381x2GRznyU1t60CupMJ4Rch4EXHzy3SHAzOOcKyCkdE/ausch41vw4fbXCw1GjB3RHP9X3i8w=; 24:eSlM5CmJuseMdJ3xmg0d1Nr1nHGa7PKBoZ2nmnixwxA+9zndjUmbXbwVUF+wUe7V4BcD44gHjFte7dBGBOu1+2XYr/mFHfGEg67U6DbFtlI=; 7:71fik3bf+Ke8gXgp2MTpLpdffAG0sUvZl085RZIB7ZhdDqn8tr+5atTZfPlVi84M7Is7xf/vVhSFYfvVs8J4cyAzK9KVCY4ASM5YpXn6+4LfwHj01+v5/24M8tOa0oz0J/oqx6g1HKWCp1k5CQd4hSrruse0XYe9xTDloHhJiFfFCe1DKIGRu6rmVeEusp7pTrq07+Qjcl/fM6B77E/9scd8ageP8Vm8gzxo67uWhXUc+KgsoqidlgSzWHYblifJ
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 0ff40597-6ebf-4e55-5f84-08d53286ad04
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(5600025)(4604075)(2017052603199); SRVR:AM4PR0801MB2705; 
x-ms-traffictypediagnostic: AM4PR0801MB2705:
x-microsoft-antispam-prvs: <AM4PR0801MB2705101013FB892E1A1532A3FA210@AM4PR0801MB2705.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(192374486261705)(100405760836317); 
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(100000703101)(100105400095)(10201501046)(3002001)(93006095)(93001095)(3231022)(6055026)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123562025)(20161123564025)(20161123560025)(20161123555025)(20161123558100)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:AM4PR0801MB2705; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:AM4PR0801MB2705; 
x-forefront-prvs: 05009853EF
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(376002)(346002)(39860400002)(366004)(199003)(189002)(24454002)(40434004)(316002)(33656002)(6506006)(110136005)(53936002)(102836003)(9686003)(6436002)(3846002)(6306002)(2501003)(97736004)(478600001)(5890100001)(6246003)(50986999)(99286004)(76176999)(6116002)(7696005)(25786009)(54356999)(229853002)(55016002)(101416001)(53546010)(68736007)(93886005)(8936002)(7736002)(86362001)(81166006)(81156014)(74316002)(966005)(5250100002)(305945005)(189998001)(106356001)(66066001)(72206003)(2900100001)(105586002)(2906002)(8676002)(3660700001)(14454004)(2950100002)(5660300001)(3280700002); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR0801MB2705; H:AM4PR0801MB2706.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 0ff40597-6ebf-4e55-5f84-08d53286ad04
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Nov 2017 15:27:15.1607 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0801MB2705
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/dkeuP5doniHeoGo8UdIGp4ftLCo>
Subject: Re: [Suit] SUIT Charter: Firmware Server Discovery and Download Mechanism
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Nov 2017 15:27:21 -0000

SGkgSGVuaywNCg0KPiBIZWxsbyBIYW5uZXMsDQoNCj4gdGw7ZHIgSSB0aG91Z2ggdGhlIGNvbnNl
bnN1cyB3YXMgZ29pbmcgaW50byB0aGUgZGlyZWN0aW9uIG9mIGEgc21hbGwgbGlzdCBvZiBmb3Jt
YXRzLiBJIGNvbnNpZGVyIHRoaXMgdG8gYmUgY29ycmVjdCB1bmxlc3MgY29uc2Vuc3VzIHNob3dz
IG90aGVyd2lzZS4NCg0KW0hhbm5lc10gVGhhdCB3b3VsZCBiZSBnb29kLiBCdXQgbGV0J3Mgc2Vl
IHdoZW4gd2UgZ2V0IHRvIHRoZSBwb2ludCBvZiBzZWxlY3RpbmcuDQoNCg0KVGhlIHJlbWFpbmRl
ciBvZiB0aGlzIGVtYWlsIGFyZSBqdXN0IG9ic2VydmF0aW9uczoNCg0KVGhpcyBzdGF0ZW1lbnQN
Cg0KT24gMTEvMjMvMjAxNyAxMTowOSBBTSwgSGFubmVzIFRzY2hvZmVuaWcgd3JvdGU6DQo+IEkg
bWF5IGJlIGhhcmQgdG8gYmVsaWV2ZSBidXQgc29tZSBjb21wYW5pZXMgYXJlIGFjdHVhbGx5IGlu
dGVyZXN0ZWQgaW4gYnJpbmdpbmcgYSBzdGFuZGFyZGl6ZWQgbWFuaWZlc3QgZm9ybWF0IHRvIHRo
ZSBtYXJrZXQuDQoNCmluIGNvbWJpbmF0aW9uIHdpdGggdGhlc2Ugc3RhdGVtZW50cw0KDQpPbiAx
MS8yMy8yMDE3IDEwOjAxIEFNLCBIYW5uZXMgVHNjaG9mZW5pZyB3cm90ZToNCj4gVGhlcmUgaXMg
c2VwYXJhdGUgdGV4dCBpbiB0aGUgY2hhcnRlciB0aGF0IHNheXMgdGhlIGdyb3VwIHdpbGwgcGlj
ayBvbmUgb3IgbXVsdGlwbGUgZW5jb2RpbmcgZm9ybWF0cy4NCg0KT24gMTEvMjMvMjAxNyAwOTow
OSBBTSwgSGFubmVzIFRzY2hvZmVuaWcgd3JvdGU6DQo+IEZvcm1hdCBoZXJlIG1lYW5zIGhhdmlu
ZyBhbiBBU04uMSwgWE1MLCBKU09OLCBDQk9SLCBldGMuIGVuY29kaW5ncyBvZiB0aGUgbWFuaWZl
c3QgKCsgdGhlIGFwcHJvcHJpYXRlIHNlY3VyaXR5IG1lY2hhbmlzbXMpLg0KDQpzZWVtIHRvIGNv
bnRyYWRpY3QgZWFjaCBvdGhlcj8NCg0KDQpFaXRoZXIgdGhlcmUgaXMgYSBzdGFuZGFyZGl6ZWQg
bWFuaWZlc3QgZm9ybWF0LCBvciB0aGVyZSBhcmUgbXVsdGlwbGUgYmFzZWQgb24gdGhlIHNhbWUg
ZGF0YSBtb2RlbD8gQWxzbyBpbmNsdWRpbmcgQVNOLjEgaW4gdGhlIGxpc3QgaXMgc29tZWhvdyBj
b25mdXNpbmcgdG8gbWUuIElmIHdlIGFyZSB0YWxraW5nIGFib3V0IGZvcm1hdCBoZXJlLCBJIHRo
aW5rDQpBU04uMSBkb2VzIG5vdCBmaXQgdGhhdCBsaXN0Lg0KDQpbSGFubmVzXSBJIGRvbid0IHNl
ZSB0aGUgY29udHJhZGljdGlvbi4gV2hlbiB3ZSBzdWJtaXR0ZWQgb3VyIGluaXRpYWwgZHJhZnQg
dmVyc2lvbiwgd2hpY2ggZGVzY3JpYmVkIGEgc29sdXRpb24gYmFzZWQgb24gQVNOMS4vREVSICsg
Q01TLCBzb21lIGZvbGtzIHNhaWQgIkkgd2FudCBKU09OL0pPU0UiIGFuZCB5ZXQgb3RoZXJzIHNh
aWQgIkkgd2FudCBDQk9SL0NPU0UiLiBIZW5jZSwgdGhlIGNoYXJ0ZXIgdGV4dCBjaGFuZ2VkIGJ5
IGRlbGF5aW5nIHRoZSBkZWNpc2lvbiB0byBhIGxhdGVyIHRpbWUgaW4gdGhlIHdvcmtpbmcgZ3Jv
dXAuIFdoYXQgbWF0dGVycyB1bHRpbWF0ZWx5IGlzIHdoYXQgb25lIGhhcyB0byBpbXBsZW1lbnQg
cmF0aGVyIHRoYW4gd2hhdCBjbGV2ZXIgaW50ZXJtZWRpYXRlIGxhbmd1YWdlIHdlIHVzZSBvciBo
b3cgd2Ugc3RydWN0dXJlIGRvY3VtZW50cy4NCg0KQW5kIGl0IG1pZ2h0IGFsc28gc291bmQgc3Vy
cHJpc2luZywgYnV0IGJlY2F1c2Ugc29tZSBjb21wYW5pZXMgKGUuZy4gYSBmZXcgdGhhdCByZWx5
IG9uIFNPVEEpIGFyZSBpbnRlcmVzdGVkIGluIHRvIG1hcmtldCBzb2x1dGlvbnMsIHdlIHN0YXJ0
ZWQgdG8gYWRkcmVzcyB0aGlzIGluIGRyYWZ0cyBiZWZvcmUgdGhlIGZpcnN0IFRFRVAgQm9GLiBO
b3cgdGhhdCBURUVQIGlzIGVtZXJnaW5nLCB3ZSBhcmUgc3BsaXR0aW5nIHRoZSB3b3JrIHdydCBm
aXJtd2FyZSwgYW5kIHN1c3BlbmRlZCBzb21lIG9mIGl0IHRvIHdhaXQgZm9yIFRFRVAgbWFuaWZl
c3QgZGVmaW5pdGlvbiBvdXRwdXQgaW4gb3JkZXIgdG8gcmV0YWluIGludGVyb3BlcmFiaWxpdHkg
LSB3aGljaCBpcyBlZmZlY3RpdmVseSBhIGRlbGF5IGFscmVhZHkgKGJ1dCBhZGRyZXNzaW5nIGEg
YmlnZ2VyIGdyb3VwIG9mIHN0YWtlaG9sZGVyIHNlZW1zIHZpdGFsLCBzby4uLiB2aWFibGUgJiBu
ZWNlc3NhcnkpLg0KDQpbSGFubmVzXSBJIGFtIG5vdCBzdXJlIEkgdW5kZXJzdG9vZCB0aGlzIHN0
YXRlbWVudC4gVGhlIE9wZW4gVHJ1c3QgUHJvdG9jb2wsIHdoaWNoIGlzIHRoZSBvbmx5IHNvbHV0
aW9uIHNvIGZhciBzdWJtaXR0ZWQgdG8gdGhlIFRFRVAgZ3JvdXAsIGRvZXMgbm90IGRlZmluZSBh
IG1hbmlmZXN0IGZvcm1hdC4gQXQgdGhlIFRFRVAgQk9GIGZvbGtzIGFyZ3VlZCB0aGF0IGl0IHdv
dWxkIGJlIGEgZ29vZCBpZGVhIHRvIHJlLXVzZSB0aGUgbWFuaWZlc3QgZm9ybWF0IGZyb20gU1VJ
VCBpbiBURUVQIGJ1dCB0aGF0IGhhc24ndCBiZWVuIGRvbmUgc28gZmFyIChhbHRob3VnaCBJIHRo
aW5rIGl0IGlzIGEgZ29vZCBpZGVhKS4NCg0KQ2lhbw0KSGFubmVzDQoNClZpZWxlIEdyw7zDn2Us
DQoNCkhlbmsNCg0KDQoNCg0KDQoNCg0KDQoNCg0KX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fX19fX18NClN1aXQgbWFpbGluZyBsaXN0DQpTdWl0QGlldGYub3JnDQpo
dHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL3N1aXQNCklNUE9SVEFOVCBOT1RJ
Q0U6IFRoZSBjb250ZW50cyBvZiB0aGlzIGVtYWlsIGFuZCBhbnkgYXR0YWNobWVudHMgYXJlIGNv
bmZpZGVudGlhbCBhbmQgbWF5IGFsc28gYmUgcHJpdmlsZWdlZC4gSWYgeW91IGFyZSBub3QgdGhl
IGludGVuZGVkIHJlY2lwaWVudCwgcGxlYXNlIG5vdGlmeSB0aGUgc2VuZGVyIGltbWVkaWF0ZWx5
IGFuZCBkbyBub3QgZGlzY2xvc2UgdGhlIGNvbnRlbnRzIHRvIGFueSBvdGhlciBwZXJzb24sIHVz
ZSBpdCBmb3IgYW55IHB1cnBvc2UsIG9yIHN0b3JlIG9yIGNvcHkgdGhlIGluZm9ybWF0aW9uIGlu
IGFueSBtZWRpdW0uIFRoYW5rIHlvdS4NCg==


From nobody Thu Nov 23 07:37:10 2017
Return-Path: <suhasietf@gmail.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 75AEA126BFD for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 07:37:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level: 
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m_VYPn4sRhrb for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 07:37:05 -0800 (PST)
Received: from mail-vk0-x22b.google.com (mail-vk0-x22b.google.com [IPv6:2607:f8b0:400c:c05::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7665712EAFF for <suit@ietf.org>; Thu, 23 Nov 2017 07:37:04 -0800 (PST)
Received: by mail-vk0-x22b.google.com with SMTP id j67so11989856vkd.8 for <suit@ietf.org>; Thu, 23 Nov 2017 07:37:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;  h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=lPjDTbGcil/Eo/cB7N7MGQ2ZklKP5oZ5fl6ffN0wrUA=; b=RhivqN8vWDtATimLD2a3ZgpvhT2TLjzd7w6XMVRbpd2rYxlN0Ob0aMR9GtRPoILIxg JPzpTUeGxo5+JhO3lsafLflMoxYApbmjjr/KWLD4qn1S4EwYu29e8VbLnlxMtHRHQ2Zn ornhj1DiEyoVw8W9kQEOkKswUk/ZKu1w/fvzWeRUS5D5P7TtbYeXK2f0r79FFZ4/+nHh Q7n6e02qltxI3Llsu11Yxj49DCA54qg8sFbESlwrYqgwgEUvUvIF5EtwEiCx7escIKyW 0946JkwZjrmZP/iupu2XJMA5wG7rJNZCt862cekLVmrltqgI6SjuOGqebNfpNVdU662Z oEvg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=lPjDTbGcil/Eo/cB7N7MGQ2ZklKP5oZ5fl6ffN0wrUA=; b=L/hi3Fi4k7Mq014rewHL8UB4J51pUBI8wYxStTJ/51NW7aZdTkyqMQnGj0mJmqo+VQ +asKjR5Zv5920amL4VTUmCQ0xmR6fhvRHGj6ilSVT7oI+V5o85kbziYu/n+BepcAgFFE 70TGSpzIteg5VSpVaGlrFc8nYCg1e4fbl1/G50jQe+v6v0rwbAxQoYUIPwONuYVr1Pk3 GRWVOXLvy2JVlEMlhYhCTrTh4mhu4BRNfW6l1m4DfiApYZZ8d8mEEvUAp0NvAlae542J L80fOhp6yGj0qn5va45KOp5Xf1tbQtRx04V1Mst0wSPmXKrMhA5NPiG69i0t6LaWlst8 DDNQ==
X-Gm-Message-State: AJaThX4YW7r1gcpZH5NEs4wESw5IAYP0ZNxDA7CrIDgxRPpjdL3kgoT1 DGt6CTngf/JKXdCixTDFcgrByrOUIFAayN1HkS0=
X-Google-Smtp-Source: AGs4zMagQrGn1DEC4ZmM6LhvDfSR5cppvIPPmkx/7BFa9YZZ8Xy7dKK8JxrsvJFtAz250ZJ1QcHa+BNtE807bBZRYNk=
X-Received: by 10.31.41.138 with SMTP id p132mr19946485vkp.21.1511451423471; Thu, 23 Nov 2017 07:37:03 -0800 (PST)
MIME-Version: 1.0
Received: by 10.159.33.194 with HTTP; Thu, 23 Nov 2017 07:37:02 -0800 (PST)
In-Reply-To: <AM4PR0801MB2706FBF71B766D9929CBA0B1FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
References: <CAMRcRGTGnEc6M1ywrW2TVo7Ueoi4TKhEhBvwriiS9vXE6imZbg@mail.gmail.com> <AM4PR0801MB2706FBF71B766D9929CBA0B1FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
From: Suhas Nandakumar <suhasietf@gmail.com>
Date: Thu, 23 Nov 2017 07:37:02 -0800
Message-ID: <CAMRcRGTi3EasQYdxDY+VcG5dVXNYEV5f74EDYXT4HF9c_mbwSQ@mail.gmail.com>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
Cc: "suit@ietf.org" <suit@ietf.org>
Content-Type: multipart/alternative; boundary="001a113ef9803103df055ea835c2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/rnOtpal-6Ot7g4i3kUzyxErd2Vg>
Subject: Re: [Suit] SUIT Charter: RFC4108 Reference in the charter
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Nov 2017 15:37:06 -0000

--001a113ef9803103df055ea835c2
Content-Type: text/plain; charset="UTF-8"

Hello Hannes,

  Comments inline

Thanks


On Wed, Nov 22, 2017 at 11:40 PM, Hannes Tschofenig <
Hannes.Tschofenig@arm.com> wrote:

> Hi Suhas,
>
>
>
> I think it is helpful in two ways:
>
>
>
> -          First RFC 4108 illustrates that the IETF has published a
> document in this area already.
>
>
>
> -          Second, it is useful background material. I always find it
> interesting to take the state-of-the-art into account. Too often we ignore
> prior work and repeat the same mistakes over and over again.
>
>
Not disputing it is useful as background information and i do think it
should be mentioned in the architecture document, for example .
FWIW its preferred the charter text focus on the work the group will
perform and more streamlined it is , the better it is.


>
>
> I agree that RFC 4108 is not in widespread use but is the text does not
> claim that.
>
>
>
> Ciao
>
> Hannes
>
>
>
> *From:* Suit [mailto:suit-bounces@ietf.org] *On Behalf Of *Suhas
> Nandakumar
> *Sent:* 23 November 2017 00:31
> *To:* suit@ietf.org
> *Subject:* [Suit] SUIT Charter: RFC4108 Reference in the charter
>
>
>
> Hello All
>
> The charter current says the following on the CMS or RFC 4108
>
> """
>
> RFC 4108 provides a manifest format that uses the Cryptographic Message
> Syntax (CMS) to protect firmware packages. More than ten years have passed
> since the publication of RFC 4108, and greater experience with IoT
> deployments has led to additional functionality, requiring a contemporary
> standardized solution to be defined.
>
> """
>
> I feel this para is not adding value to the WG objectives and should be
> removed from the charter. IIRC the BOF discussions also indicated something
> on the similar lines and RFC4108 is not in widespread use as of today.
>
>
>
> Cheers
>
> Suhas Nandakumar
>
>
> IMPORTANT NOTICE: The contents of this email and any attachments are
> confidential and may also be privileged. If you are not the intended
> recipient, please notify the sender immediately and do not disclose the
> contents to any other person, use it for any purpose, or store or copy the
> information in any medium. Thank you.
>

--001a113ef9803103df055ea835c2
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Hello Hannes,<div><br></div><div>=C2=A0 Comments inline</d=
iv><div><br></div><div>Thanks</div><div><br></div><div class=3D"gmail_extra=
"><br><div class=3D"gmail_quote">On Wed, Nov 22, 2017 at 11:40 PM, Hannes T=
schofenig <span dir=3D"ltr">&lt;<a href=3D"mailto:Hannes.Tschofenig@arm.com=
" target=3D"_blank">Hannes.Tschofenig@arm.com</a>&gt;</span> wrote:<br><blo=
ckquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #c=
cc solid;padding-left:1ex">





<div lang=3D"EN-GB" link=3D"blue" vlink=3D"purple">
<div class=3D"m_-3757836029346800995WordSection1">
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#1f497d">Hi Suhas,
<u></u><u></u></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#1f497d"><u></u>=C2=A0<u></u></spa=
n></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#1f497d">I think it is helpful in =
two ways:
<u></u><u></u></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#1f497d"><u></u>=C2=A0<u></u></spa=
n></p>
<p class=3D"m_-3757836029346800995MsoListParagraph"><u></u><span style=3D"f=
ont-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;colo=
r:#1f497d"><span>-<span style=3D"font:7.0pt &quot;Times New Roman&quot;">=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0
</span></span></span><u></u><span style=3D"font-size:11.0pt;font-family:&qu=
ot;Calibri&quot;,&quot;sans-serif&quot;;color:#1f497d">First RFC 4108 illus=
trates that the IETF has published a document in this area already.<u></u><=
u></u></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#1f497d"><u></u>=C2=A0<u></u></spa=
n></p>
<p class=3D"m_-3757836029346800995MsoListParagraph"><u></u><span style=3D"f=
ont-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;colo=
r:#1f497d"><span>-<span style=3D"font:7.0pt &quot;Times New Roman&quot;">=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0
</span></span></span><u></u><span style=3D"font-size:11.0pt;font-family:&qu=
ot;Calibri&quot;,&quot;sans-serif&quot;;color:#1f497d">Second, it is useful=
 background material. I always find it interesting to take the state-of-the=
-art into account. Too often we ignore prior work and
 repeat the same mistakes over and over again. <u></u><u></u></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#1f497d"><u></u></span></p></div><=
/div></blockquote><div><br></div><div>Not disputing it is useful as backgro=
und information and i do think it should be mentioned in the architecture d=
ocument, for example .=C2=A0</div><div>FWIW its preferred the charter text =
focus on the work the group will perform and more streamlined it is , the b=
etter it is.=C2=A0</div><div>=C2=A0</div><blockquote class=3D"gmail_quote" =
style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><di=
v lang=3D"EN-GB" link=3D"blue" vlink=3D"purple"><div class=3D"m_-3757836029=
346800995WordSection1"><p class=3D"MsoNormal"><span style=3D"font-size:11.0=
pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1f497d">=
=C2=A0<u></u></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#1f497d">I agree that RFC 4108 is =
not in widespread use but is the text does not claim that.
<u></u><u></u></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#1f497d"><u></u>=C2=A0<u></u></spa=
n></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#1f497d">Ciao<u></u><u></u></span>=
</p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#1f497d">Hannes<u></u><u></u></spa=
n></p>
<p class=3D"MsoNormal"><a name=3D"m_-3757836029346800995__MailEndCompose"><=
span style=3D"font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-s=
erif&quot;;color:#1f497d"><u></u>=C2=A0<u></u></span></a></p>
<p class=3D"MsoNormal"><b><span lang=3D"EN-US" style=3D"font-size:10.0pt;fo=
nt-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;">From:</span></b><span =
lang=3D"EN-US" style=3D"font-size:10.0pt;font-family:&quot;Tahoma&quot;,&qu=
ot;sans-serif&quot;"> Suit [mailto:<a href=3D"mailto:suit-bounces@ietf.org"=
 target=3D"_blank">suit-bounces@ietf.org</a>]
<b>On Behalf Of </b>Suhas Nandakumar<br>
<b>Sent:</b> 23 November 2017 00:31<br>
<b>To:</b> <a href=3D"mailto:suit@ietf.org" target=3D"_blank">suit@ietf.org=
</a><br>
<b>Subject:</b> [Suit] SUIT Charter: RFC4108 Reference in the charter<u></u=
><u></u></span></p><div><div class=3D"h5">
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
<div>
<p style=3D"margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm">
<span style=3D"font-size:11.0pt;font-family:&quot;Arial&quot;,&quot;sans-se=
rif&quot;">Hello All</span><u></u><u></u></p>
<p style=3D"margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm">
<span style=3D"font-size:11.0pt;font-family:&quot;Arial&quot;,&quot;sans-se=
rif&quot;">The charter current says the following on the CMS or RFC 4108
</span><u></u><u></u></p>
<p style=3D"margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm">
<span style=3D"font-size:11.5pt;font-family:&quot;Arial&quot;,&quot;sans-se=
rif&quot;">&quot;&quot;&quot;</span><u></u><u></u></p>
<p style=3D"margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm">
<span style=3D"font-size:11.5pt;font-family:&quot;Arial&quot;,&quot;sans-se=
rif&quot;">RFC 4108 provides a manifest format that uses the Cryptographic =
Message Syntax (CMS) to protect firmware packages. More than ten years have=
 passed since the publication of RFC 4108, and greater
 experience with IoT deployments has led to additional functionality, requi=
ring a contemporary standardized solution to be defined.</span><u></u><u></=
u></p>
<p style=3D"margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm">
<span style=3D"font-size:11.5pt;font-family:&quot;Arial&quot;,&quot;sans-se=
rif&quot;">&quot;&quot;&quot;</span><u></u><u></u></p>
<p style=3D"margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm">
<span style=3D"font-size:11.0pt;font-family:&quot;Arial&quot;,&quot;sans-se=
rif&quot;">I feel this para is not adding value to the WG objectives and sh=
ould be removed from the charter. IIRC the BOF discussions also indicated s=
omething on the similar lines and RFC4108 is not in widespread
 use as of today.</span><u></u><u></u></p>
<p style=3D"margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm">
<u></u>=C2=A0<u></u></p>
<p style=3D"margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm">
<span style=3D"font-size:11.0pt;font-family:&quot;Arial&quot;,&quot;sans-se=
rif&quot;">Cheers</span><u></u><u></u></p>
<p style=3D"margin-right:0cm;margin-bottom:8.0pt;margin-left:0cm">
<span style=3D"font-size:11.0pt;font-family:&quot;Arial&quot;,&quot;sans-se=
rif&quot;">Suhas Nandakumar</span><u></u><u></u></p>
<div>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
</div>
</div>
</div></div></div>
IMPORTANT NOTICE: The contents of this email and any attachments are confid=
ential and may also be privileged. If you are not the intended recipient, p=
lease notify the sender immediately and do not disclose the contents to any=
 other person, use it for any purpose,
 or store or copy the information in any medium. Thank you.
</div>

</blockquote></div><br></div></div>

--001a113ef9803103df055ea835c2--


From nobody Thu Nov 23 07:48:22 2017
Return-Path: <suhasietf@gmail.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DBF1312EB03 for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 07:48:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level: 
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jDu680NM9au4 for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 07:48:18 -0800 (PST)
Received: from mail-ua0-x22e.google.com (mail-ua0-x22e.google.com [IPv6:2607:f8b0:400c:c08::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A27FB12EB27 for <suit@ietf.org>; Thu, 23 Nov 2017 07:48:18 -0800 (PST)
Received: by mail-ua0-x22e.google.com with SMTP id l25so13037549uag.8 for <suit@ietf.org>; Thu, 23 Nov 2017 07:48:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;  h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=kZYLD8zBapMerBmdinC3paoO6ya7XbzgZCY9ExoIaNE=; b=d38tBROhISk/35ZKoJJUu3tpmfnmLlCBAg2ElJqeRoA4EGuUVdGRhxu1Ynd9JLCCj3 HDo+dyR91KSjxySdc8elnGL7ABmxLE1lIJB1mOUgu1DblVotPQqcm+cEESszQ8czBgHx 7wksu1i/Hx9lLf/tCYfO2Ok9vcWXZYCEZVYsXAvr4Iqltw6IxMGP28a1dtPMsttVFeq5 cRWSR0fAGSVI96Np3NyuhwJT3mqxzeeBTXuQ+I0vf+L7ANY6GU6aBGAUWcSTpTXRzLmj YmNJ4A5viqBlSzxggnBH6AsYErw6EmIDJ9BVJ8wiVbT+a8UWcuGAHQItnpuW5QVyv2vC onOw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=kZYLD8zBapMerBmdinC3paoO6ya7XbzgZCY9ExoIaNE=; b=fIGGjxGUgjE+UNlZfNaxSCFqzNbsSJdimbiwb3b21aBs2mNTgFcRJ0j/CMXCkIWAK7 Cmc6oSzwshWR0nTueU2p0wQDS7h9gWIlVoLIT6gwd7AH/hpPvJ+lzWLi9B4Cbp6J6Acr 2h/XGRLFtgUCy8oa9GUqADN7Q0pGeOCRgYGA+rA8mlShQ0fE8S5tdOKClCtvKgIop6UJ PvudLFdRQYIj2vRIiaAOabP+OZgFcOtJEQzqOS3hEY4OhlXxciSsgKZ/gLZwTSXDCF9L YIvsM5RbzaNzR8TYmqwuu4L/595Asrw5e0hRESgH9a/duM8MSfqAbDXjNqqsfZiXToQ6 AxZA==
X-Gm-Message-State: AJaThX79NM1z2LKZlBYGT4zBtukyFdIV6TORI7WNaCARb9Vnc2zicNnx i1Qe4XceVz7MgTjioIeTHegDrWQy+KCsYLAyT6o=
X-Google-Smtp-Source: AGs4zMZ93pz3T8BOE0C3E6nam0xAtj/n7YJ82Q9D2oGr1hkIDEYnSmiA+XEbKglSg/VKbGaqNjvB5hW5WKcTXCHd8OI=
X-Received: by 10.176.10.28 with SMTP id q28mr19887520uah.17.1511452097620; Thu, 23 Nov 2017 07:48:17 -0800 (PST)
MIME-Version: 1.0
Received: by 10.159.33.194 with HTTP; Thu, 23 Nov 2017 07:48:17 -0800 (PST)
In-Reply-To: <AM4PR0801MB2706942518011D9489B0DC6DFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
References: <CAMRcRGQbXX5Cog=Jccgrkuz48oGnw0v3AAx-N20UaZhXbW=H5g@mail.gmail.com> <589.1511394367@obiwan.sandelman.ca> <AM4PR0801MB2706942518011D9489B0DC6DFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
From: Suhas Nandakumar <suhasietf@gmail.com>
Date: Thu, 23 Nov 2017 07:48:17 -0800
Message-ID: <CAMRcRGSibG+Db3HROm3E4bPNOH0GiwuOVigLg26Ca92CO2X9VA@mail.gmail.com>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
Cc: Michael Richardson <mcr+ietf@sandelman.ca>, "suit@ietf.org" <suit@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c0e9c765fae5c055ea85d37"
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/QJO76TBtMz1CieW--H8Ok_d2INc>
Subject: Re: [Suit] SUIT Charter: Firmware Server Discovery and Download Mechanism
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Nov 2017 15:48:21 -0000

--94eb2c0e9c765fae5c055ea85d37
Content-Type: text/plain; charset="UTF-8"

Hello Hannes,

 please see responses inline.

On Wed, Nov 22, 2017 at 11:59 PM, Hannes Tschofenig <
Hannes.Tschofenig@arm.com> wrote:

> Hi Suhas, Hi Michael,
>
> the problem is the slippery slope here: as mentioned on the mailing list
> (not by me) it is not only about discovering the server but very quickly
> you are talking about "how do I push firmware updates to devices (instead
> of just polling)", "how do I learn what capabilities the device has (since
> the server wants to offer the appropriate firmware to the device)", "how do
> get information about the current state of the firmware update (has it been
> downloaded already, has the device successfully replaced the firmware,
> etc.)", "can I reset the device to a previous version of the firmware that
> is already on the device", "how much flash space is still left on the
> device", etc.
>
>
I think we are mixing different things here. What I am proposing is a need
to discover the location of the firmware server that has the manifest and
the image, when the device is ready to upgrade  (say, using polling, for
example)
The above list of things you have is way more complicated than what is
being asked. I think we shouldn't mix "firmware server location discovery"
with "capabilities discovery or negotiation mechanism"



> Some standardization work has been done in this field already, which I had
> pointed out in previous email discussions.
>
> I am wondering why you don't create your own working group just to work on
> this topic. This would help to create more focused work.
>
> Ciao
> Hannes
>
> -----Original Message-----
> From: Suit [mailto:suit-bounces@ietf.org] On Behalf Of Michael Richardson
> Sent: 23 November 2017 00:46
> To: Suhas Nandakumar
> Cc: suit@ietf.org
> Subject: Re: [Suit] SUIT Charter: Firmware Server Discovery and Download
> Mechanism
>
>
> Suhas Nandakumar <suhasietf@gmail.com> wrote:
>     > I would like to propose following addition to the above list
>
>     > *   Mechanisms to discover new firmware is available and the location
>     > to download it from
>
> I'm actually okay with this in the charter, provided that we don't invent
> anything new.   I can imagine doint this with CoAP OBSERVE, DNS-SD, HTTP
> requests,
> and I'm sure I'll think of four more in a minute.
>
> --
> Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works  -=
> IPv6 IoT consulting =-
>
>
>
> IMPORTANT NOTICE: The contents of this email and any attachments are
> confidential and may also be privileged. If you are not the intended
> recipient, please notify the sender immediately and do not disclose the
> contents to any other person, use it for any purpose, or store or copy the
> information in any medium. Thank you.
>

--94eb2c0e9c765fae5c055ea85d37
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Hello Hannes,<div><br></div><div>=C2=A0please see response=
s inline.</div><div class=3D"gmail_extra"><br><div class=3D"gmail_quote">On=
 Wed, Nov 22, 2017 at 11:59 PM, Hannes Tschofenig <span dir=3D"ltr">&lt;<a =
href=3D"mailto:Hannes.Tschofenig@arm.com" target=3D"_blank">Hannes.Tschofen=
ig@arm.com</a>&gt;</span> wrote:<br><blockquote class=3D"gmail_quote" style=
=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Suhas=
, Hi Michael,<br>
<br>
the problem is the slippery slope here: as mentioned on the mailing list (n=
ot by me) it is not only about discovering the server but very quickly you =
are talking about &quot;how do I push firmware updates to devices (instead =
of just polling)&quot;, &quot;how do I learn what capabilities the device h=
as (since the server wants to offer the appropriate firmware to the device)=
&quot;, &quot;how do get information about the current state of the firmwar=
e update (has it been downloaded already, has the device successfully repla=
ced the firmware, etc.)&quot;, &quot;can I reset the device to a previous v=
ersion of the firmware that is already on the device&quot;, &quot;how much =
flash space is still left on the device&quot;, etc.<br>
<br></blockquote><div><br></div><div>I think we are mixing different things=
 here. What I am proposing is a need to discover the location of the firmwa=
re server that has the manifest and the image, when the device is ready to =
upgrade=C2=A0 (say, using polling, for example)</div><div>The above list of=
 things you have is way more complicated than what is being asked. I think =
we shouldn&#39;t mix &quot;firmware server location discovery&quot; with &q=
uot;capabilities discovery or negotiation mechanism&quot;<br></div><div><br=
></div><div>=C2=A0</div><blockquote class=3D"gmail_quote" style=3D"margin:0=
 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Some standardization work has been done in this field already, which I had =
pointed out in previous email discussions.<br>
<br>
I am wondering why you don&#39;t create your own working group just to work=
 on this topic. This would help to create more focused work.<br>
<br>
Ciao<br>
Hannes<br>
<div><div class=3D"h5"><br>
-----Original Message-----<br>
From: Suit [mailto:<a href=3D"mailto:suit-bounces@ietf.org">suit-bounces@ie=
tf.org</a>] On Behalf Of Michael Richardson<br>
Sent: 23 November 2017 00:46<br>
To: Suhas Nandakumar<br>
Cc: <a href=3D"mailto:suit@ietf.org">suit@ietf.org</a><br>
Subject: Re: [Suit] SUIT Charter: Firmware Server Discovery and Download Me=
chanism<br>
<br>
<br>
Suhas Nandakumar &lt;<a href=3D"mailto:suhasietf@gmail.com">suhasietf@gmail=
.com</a>&gt; wrote:<br>
=C2=A0 =C2=A0 &gt; I would like to propose following addition to the above =
list<br>
<br>
=C2=A0 =C2=A0 &gt; *=C2=A0 =C2=A0Mechanisms to discover new firmware is ava=
ilable and the location<br>
=C2=A0 =C2=A0 &gt; to download it from<br>
<br>
I&#39;m actually okay with this in the charter, provided that we don&#39;t =
invent<br>
anything new.=C2=A0 =C2=A0I can imagine doint this with CoAP OBSERVE, DNS-S=
D, HTTP requests,<br>
and I&#39;m sure I&#39;ll think of four more in a minute.<br>
<br>
--<br>
Michael Richardson &lt;<a href=3D"mailto:mcr%2BIETF@sandelman.ca">mcr+IETF@=
sandelman.ca</a>&gt;, Sandelman Software Works=C2=A0 -=3D IPv6 IoT consulti=
ng =3D-<br>
<br>
<br>
<br>
</div></div>IMPORTANT NOTICE: The contents of this email and any attachment=
s are confidential and may also be privileged. If you are not the intended =
recipient, please notify the sender immediately and do not disclose the con=
tents to any other person, use it for any purpose, or store or copy the inf=
ormation in any medium. Thank you.<br>
</blockquote></div><br></div></div>

--94eb2c0e9c765fae5c055ea85d37--


From nobody Thu Nov 23 07:52:26 2017
Return-Path: <suhasietf@gmail.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DAD4E12EB29 for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 07:52:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level: 
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5tdJgJWoHI6d for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 07:52:24 -0800 (PST)
Received: from mail-vk0-x232.google.com (mail-vk0-x232.google.com [IPv6:2607:f8b0:400c:c05::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 168791293DA for <suit@ietf.org>; Thu, 23 Nov 2017 07:52:24 -0800 (PST)
Received: by mail-vk0-x232.google.com with SMTP id o70so12053318vkc.9 for <suit@ietf.org>; Thu, 23 Nov 2017 07:52:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;  h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=GE6emyO49QOMqC4ujdWkrKgPnFmKJbVfBnLPKGWDxfY=; b=fEdgEd+F5s538VyK96ytU6BWjyEONhYjxYK3hVVH91pXqOLGIWoPSH7LUIJW98t9LF C14UxtbQQc7UvlOe05ydNYS3ga1QJcDfgXaF3MEfaju1o0z6EQCQY7aXJqbZF5WRWWXr 3SV5GCxRVTHmf0bPsu3/xBfp0HwaNJGWmy/Nq1jBNN02EvC42NNR1DJohd5q7MRUXWaD wsxTcaklVttGsHHu8knXDHh9D5wZURieAHcG8eQyzjTA4p6bYkEq6KZE/eYV9j9VRbKU BmvioiBMuj9zRG068X9JGpQo9sHgZR6hDCNLZdRs8u0QN1kjoN0/GtMaLdGwnN9HIIKu UsrQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=GE6emyO49QOMqC4ujdWkrKgPnFmKJbVfBnLPKGWDxfY=; b=f4GQwD24xAW4K/2QS6ncbslD5q3E/SsMfbSDgJ7jNEyiW16Qw/cJB7NKTvcuyAUlOR oAaJ2JcMea4Y2t+Fee4LTXj6cwFt+ipakMfb0WueVgm0y6CUknlHP390UrAO8G6qn+iv ugWfvMB+/2g57WvYAKtfzshmntWeFdg2119v4gUMTusj4qBF5v6/y477OLtYkx6Iu1Cr HeSXZMWf+ebN82XGq2kMjUXqxOwZOqnxzZU+XeIIRnydEi3JD9EGOeNf4nc5oEiA2Si5 zIEJQ1m59x+hpkmLsD0N4YgUo80WL3mjdUS6vq66VLY2PzdfghGRH0WDLruZQu5wzJGv 3pmg==
X-Gm-Message-State: AJaThX4rQrHYfnWgsr38zVSYojK9QK7t9qCYzcRoyRB6c/fNZYQNsVrn O+A99iWHO+C18WGXLW6vbGsqs39ai688WYyh+Ks=
X-Google-Smtp-Source: AGs4zMblHWq5ptvxu0t+BxLuNzYJO0wl75q+x129dVFTpN3XExm82dxUNb7Pzr44CobOB565R5hkHvW21Xszr9HvVP0=
X-Received: by 10.31.237.71 with SMTP id l68mr18726747vkh.17.1511452342983; Thu, 23 Nov 2017 07:52:22 -0800 (PST)
MIME-Version: 1.0
Received: by 10.159.33.194 with HTTP; Thu, 23 Nov 2017 07:52:22 -0800 (PST)
In-Reply-To: <AM4PR0801MB2706CCE1F426621EC437FEE7FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
References: <CAMRcRGQo_3ygGXeOEc0KR=E97Oax85p1L0UV62mMtv2E0zggaw@mail.gmail.com> <AM4PR0801MB270630DAF02E36407E12B79DFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <48439ED2-6618-4987-BC56-0D059F012890@tzi.org> <AM4PR0801MB2706CCE1F426621EC437FEE7FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
From: Suhas Nandakumar <suhasietf@gmail.com>
Date: Thu, 23 Nov 2017 07:52:22 -0800
Message-ID: <CAMRcRGTCMqmO8MT2m2_ZrU4UaUeV5dOrb+UM0AL9D_F8ry0raw@mail.gmail.com>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
Cc: Carsten Bormann <cabo@tzi.org>, "suit@ietf.org" <suit@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c096da2ffa229055ea86b72"
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/z9yYToGTqya9J_YXYn2fj7f5u8Q>
Subject: Re: [Suit] Manifest Formats
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Nov 2017 15:52:26 -0000

--94eb2c096da2ffa229055ea86b72
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Thu, Nov 23, 2017 at 12:09 AM, Hannes Tschofenig <
Hannes.Tschofenig@arm.com> wrote:

> Hi Carsten,
>
> Format here means having an ASN.1, XML, JSON, CBOR, etc. encodings of the
> manifest (+ the appropriate security mechanisms).
>
> For us offering operating systems we fear that one customer will want
> ASN.1 and the other want JSON, like they do with IoT protocols (e.g., CoA=
P
> and MQTT) today as well. The result is that we have to support everything
> and while they will not be compiled into the code at the same time they
> need to be available and need to be maintained.
>
> When you then update a fleet of devices, some of them may support foo and
> some bar. Imagine a vehicle that comes with many different processors and
> they require a mixture of different formats. The backend infrastructure
> then needs to know what format is supported by which device/processor.
>

The device will ask for the format that it supports. Say, the device needs
manifest in CBOR format for example
 The device is basically dumb in that context and I am saying we don't need
to complicate that. Let the burden of having multiple encodings support be
on the update server and the device will ask the only thing it supports.


>
> I hope this makes sense.
>
> Ciao
> Hannes
>
>
> -----Original Message-----
> From: Carsten Bormann [mailto:cabo@tzi.org]
> Sent: 23 November 2017 09:02
> To: Hannes Tschofenig
> Cc: Suhas Nandakumar; suit@ietf.org
> Subject: Re: [Suit] Manifest Formats
>
> On Nov 23, 2017, at 08:31, Hannes Tschofenig <Hannes.Tschofenig@arm.com>
> wrote:
> >
> > Do you agree that having multiple formats will cause additional pain an=
d
> lower interoperability?
>
> I=E2=80=99m not Suhas, but I=E2=80=99d like to point out that while this =
is trivially
> true, it may also be trivially irrelevant, as demonstrated by a sentence
> like:
>
> > having both UDP and TCP as transport protocols for IP will cause
> additional pain and lower interoperability
>
> (I=E2=80=99m not sure what =E2=80=9Cformat=E2=80=9D means here; if this i=
s about serializations,
> different considerations apply than if this is about information models a=
nd
> security models.)
>
> Gr=C3=BC=C3=9Fe, Carsten
>
> IMPORTANT NOTICE: The contents of this email and any attachments are
> confidential and may also be privileged. If you are not the intended
> recipient, please notify the sender immediately and do not disclose the
> contents to any other person, use it for any purpose, or store or copy th=
e
> information in any medium. Thank you.
>

--94eb2c096da2ffa229055ea86b72
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><br><div class=3D"gmail_extra"><br><div class=3D"gmail_quo=
te">On Thu, Nov 23, 2017 at 12:09 AM, Hannes Tschofenig <span dir=3D"ltr">&=
lt;<a href=3D"mailto:Hannes.Tschofenig@arm.com" target=3D"_blank">Hannes.Ts=
chofenig@arm.com</a>&gt;</span> wrote:<br><blockquote class=3D"gmail_quote"=
 style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi=
 Carsten,<br>
<br>
Format here means having an ASN.1, XML, JSON, CBOR, etc. encodings of the m=
anifest (+ the appropriate security mechanisms).<br>
<br>
For us offering operating systems we fear that one customer will want ASN.1=
 and the other want JSON, like they do with IoT protocols (e.g., CoAP and M=
QTT) today as well. The result is that we have to support everything and wh=
ile they will not be compiled into the code at the same time they need to b=
e available and need to be maintained.<br>
<br>
When you then update a fleet of devices, some of them may support foo and s=
ome bar. Imagine a vehicle that comes with many different processors and th=
ey require a mixture of different formats. The backend infrastructure then =
needs to know what format is supported by which device/processor.<br></bloc=
kquote><div><br></div><div>The device will ask for the format that it suppo=
rts. Say, the device needs manifest in CBOR format for example</div><div>=
=C2=A0The device is basically dumb in that context and I am saying we don&#=
39;t need to complicate that. Let the burden of having multiple encodings s=
upport be on the update server and the device will ask the only thing it su=
pports.=C2=A0</div><div>=C2=A0</div><blockquote class=3D"gmail_quote" style=
=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
I hope this makes sense.<br>
<br>
Ciao<br>
Hannes<br>
<br>
<br>
-----Original Message-----<br>
From: Carsten Bormann [mailto:<a href=3D"mailto:cabo@tzi.org">cabo@tzi.org<=
/a>]<br>
Sent: 23 November 2017 09:02<br>
To: Hannes Tschofenig<br>
Cc: Suhas Nandakumar; <a href=3D"mailto:suit@ietf.org">suit@ietf.org</a><br=
>
Subject: Re: [Suit] Manifest Formats<br>
<span class=3D""><br>
On Nov 23, 2017, at 08:31, Hannes Tschofenig &lt;<a href=3D"mailto:Hannes.T=
schofenig@arm.com">Hannes.Tschofenig@arm.com</a>&gt; wrote:<br>
&gt;<br>
&gt; Do you agree that having multiple formats will cause additional pain a=
nd lower interoperability?<br>
<br>
</span>I=E2=80=99m not Suhas, but I=E2=80=99d like to point out that while =
this is trivially true, it may also be trivially irrelevant, as demonstrate=
d by a sentence like:<br>
<br>
&gt; having both UDP and TCP as transport protocols for IP will cause addit=
ional pain and lower interoperability<br>
<br>
(I=E2=80=99m not sure what =E2=80=9Cformat=E2=80=9D means here; if this is =
about serializations, different considerations apply than if this is about =
information models and security models.)<br>
<br>
Gr=C3=BC=C3=9Fe, Carsten<br>
<div class=3D"HOEnZb"><div class=3D"h5"><br>
IMPORTANT NOTICE: The contents of this email and any attachments are confid=
ential and may also be privileged. If you are not the intended recipient, p=
lease notify the sender immediately and do not disclose the contents to any=
 other person, use it for any purpose, or store or copy the information in =
any medium. Thank you.<br>
</div></div></blockquote></div><br></div></div>

--94eb2c096da2ffa229055ea86b72--


From nobody Thu Nov 23 08:13:23 2017
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AD6F112EB6E for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 08:13:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.91
X-Spam-Level: 
X-Spam-Status: No, score=-2.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=-1, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mA2z0tMFJ7Tl for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 08:13:19 -0800 (PST)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-db5eur01on0066.outbound.protection.outlook.com [104.47.2.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6AA4712EB56 for <suit@ietf.org>; Thu, 23 Nov 2017 08:13:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=TOPI4G94I3i01OfulHy5BZp7oQksUEDGpukWVnQXo50=; b=T7nB0n98RXeJeFcCJwYTTZnb82RcwWjPQz5WWAz3oZz6Dt18IeOjwzII/GJ0VjCXl8zHfesDLdPh84i17nOKCmCJOgDSiPAwS9B+HytUKo/4u7jhwOaOpPixbl2TQDfpyAWu4iTZMlAcCUA/qrKs55mbbdDP78/fXTHaO9j3J1A=
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com (10.167.90.148) by AM4PR0801MB2706.eurprd08.prod.outlook.com (10.167.90.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.239.5; Thu, 23 Nov 2017 16:13:16 +0000
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::edae:da33:a0c9:fe3f]) by AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::edae:da33:a0c9:fe3f%13]) with mapi id 15.20.0239.009; Thu, 23 Nov 2017 16:13:16 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Suhas Nandakumar <suhasietf@gmail.com>
CC: Carsten Bormann <cabo@tzi.org>, "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] Manifest Formats
Thread-Index: AQHTY+td/mA+/vbT2kSyVEnPOS/e4aMhkjBQgAAIi4CAAAAcEIAAg2sAgAAE4xA=
Date: Thu, 23 Nov 2017 16:13:15 +0000
Message-ID: <AM4PR0801MB2706F3857B5B5B39BDED0B07FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
References: <CAMRcRGQo_3ygGXeOEc0KR=E97Oax85p1L0UV62mMtv2E0zggaw@mail.gmail.com> <AM4PR0801MB270630DAF02E36407E12B79DFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <48439ED2-6618-4987-BC56-0D059F012890@tzi.org> <AM4PR0801MB2706CCE1F426621EC437FEE7FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <CAMRcRGTCMqmO8MT2m2_ZrU4UaUeV5dOrb+UM0AL9D_F8ry0raw@mail.gmail.com>
In-Reply-To: <CAMRcRGTCMqmO8MT2m2_ZrU4UaUeV5dOrb+UM0AL9D_F8ry0raw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com; 
x-originating-ip: [80.92.114.7]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM4PR0801MB2706; 6:OBhtYcCCh/BA3QfdD4ezeDfBnBUbP3nKJ4OdheCFS2MTVnHfakjcRPoX83FRvqE502Vj+bTOfCvNL+qrAVt9nbPjwui5G0VMIQH45pXrQnPpPZAbZDwju5kfn0SwuIPVH6h9WBYfqxVT7PCqwfRsWRMLu4KQVNBWy0DlJmWTI/81ArZunGUFfPxKAzTJlZj3UhZ7OSdgVj0du3IFsAM4iulZ1hjfsrpcKkjdwVecSnIyiviVNVCgB+gcvm5cV9oI3KZCO4NVvMd+np6X2n101ZdoDLw4rTabf0fNaX3CbXps3aeMh5bPtflgJblsuT46PL/ltEuhiPefgB2TJVKsRU/wMBZ2foPsEGBDKOKvD9A=; 5:iJu9pUaQiHhAC6RY6z/K/jJ+WBeCiGZZKX5YjBlIEE6Y8+fzqHGj/ZP8FgROa/MbtrJS6dgDmsPoKYmIoSVoBXekFPHcRC7pPI4ymp2vYRqwjscn1IP+U9bqA970qBzT0ZjixrJb0FXlyWuWC8JKBg90Sby0O8ZQpAw7rNKQiM0=; 24:NXmMeqXDt6STFQf1sXt+pANQ/zWSnDLUcOUijr4yt38ezI0C++ixXCJ9NSR2Fx2m3keTbBfIawDJY0/8odqdjKjTEzXfCzZpuy2lEsZC1a8=; 7:/Sq8nLHSjPSKnG+qscBh/ZhHV/+H5z22Xdn+TwtHBlmA0Wc7pyGYCqA8LCUUBp5H9sjw1Lr/vg6bnjd0tCf1C+ks8Ah9/zyq/zm163+OrIlm+3/QGhDkqXzvlK9/lL9VyXDXfLmpXB3oBwR2OCYQs44nj+oF7VhoSrQx3yoDJ/5tqRMzj+DjMsOM4G8TphsUlNmvJOIM0aSevYwjWDx6XuPGnqAvYe2G8tL4IQRfpCGp1iwkD3wh9lQXVauE1b/I
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 1c15739a-1dd9-4a63-309b-08d5328d1a95
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(5600025)(4604075)(2017052603258); SRVR:AM4PR0801MB2706; 
x-ms-traffictypediagnostic: AM4PR0801MB2706:
x-microsoft-antispam-prvs: <AM4PR0801MB2706F8C6630AD627B0AF0CE2FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(180628864354917)(192374486261705)(227612066756510)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(93006095)(93001095)(3002001)(3231022)(100000703101)(100105400095)(10201501046)(6055026)(6041248)(20161123560025)(20161123558100)(20161123562025)(20161123555025)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:AM4PR0801MB2706; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:AM4PR0801MB2706; 
x-forefront-prvs: 05009853EF
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(366004)(376002)(346002)(39860400002)(24454002)(189002)(40434004)(13464003)(199003)(3660700001)(6246003)(39060400002)(54896002)(236005)(106356001)(25786009)(316002)(53936002)(6306002)(9686003)(68736007)(2900100001)(72206003)(14454004)(93886005)(6506006)(478600001)(97736004)(86362001)(7696005)(4326008)(5890100001)(55016002)(105586002)(229853002)(53546010)(5660300001)(99286004)(1411001)(3846002)(50986999)(7736002)(102836003)(6116002)(790700001)(6436002)(54356999)(2906002)(3280700002)(8936002)(81156014)(9326002)(101416001)(74316002)(81166006)(8676002)(6916009)(2950100002)(66066001)(33656002)(5250100002)(54906003)(189998001)(76176999); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR0801MB2706; H:AM4PR0801MB2706.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_AM4PR0801MB2706F3857B5B5B39BDED0B07FA210AM4PR0801MB2706_"
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 1c15739a-1dd9-4a63-309b-08d5328d1a95
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Nov 2017 16:13:15.9305 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0801MB2706
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/l942hOAMqATQvqP0UwCimKriIWA>
Subject: Re: [Suit] Manifest Formats
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Nov 2017 16:13:22 -0000

--_000_AM4PR0801MB2706F3857B5B5B39BDED0B07FA210AM4PR0801MB2706_
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64

SGkgU3VoYXMsDQoNClRoZSB3YXkgd2Ugd291bGQgbGlrZSB0aGlzIHRvIHdvcmsgaXMgbm90IHRv
IGhhdmUgdGhlIHVwZGF0ZSBzZXJ2ZXIgY3JlYXRlIHRoZXNlIG1hbmlmZXN0cyBpbiByZWFsLXRp
bWUsIGJhc2VkIG9uIHdoYXQgdGhlIGRldmljZSBhc2tzIGZvci4gSW5zdGVhZCwgdGhlIG1hbmlm
ZXN0cyBhcmUgY3JlYXRlZCBhbmQgc2lnbmVkIGJ5IHRoZSBkZXZlbG9wZXIgKHVzaW5nIGEgdG9v
bCBvciBhIHdlYiBzZXJ2aWNlKS4gVGhlIHVwZGF0ZSBzZXJ2ZXIgaXMgbWFpbmx5IGEgcmVwb3Np
dG9yeS4gVGhpcyBhcHByb2FjaCBwcm92aWRlcyBiZXR0ZXIgc2VjdXJpdHkuDQoNCklmIHlvdSBs
b29rIGJhY2sgaW4gdGhlIGhpc3Rvcnkgb2YgdGhlIElFVEYgc2VjdXJpdHkgd29yayB0aGVuIGRl
ZmluaW5nIG11bHRpcGxlLCBzaW1pbGFyIHNvbHV0aW9uIGhhcyBub3QgYmVlbiBhIGdyZWF0IHN1
Y2Nlc3Mgc3RvcnkuDQoNCkNpYW8NCkhhbm5lcw0KDQoNCkZyb206IFN1aGFzIE5hbmRha3VtYXIg
W21haWx0bzpzdWhhc2lldGZAZ21haWwuY29tXQ0KU2VudDogMjMgTm92ZW1iZXIgMjAxNyAxNjo1
Mg0KVG86IEhhbm5lcyBUc2Nob2ZlbmlnDQpDYzogQ2Fyc3RlbiBCb3JtYW5uOyBzdWl0QGlldGYu
b3JnDQpTdWJqZWN0OiBSZTogW1N1aXRdIE1hbmlmZXN0IEZvcm1hdHMNCg0KDQoNCk9uIFRodSwg
Tm92IDIzLCAyMDE3IGF0IDEyOjA5IEFNLCBIYW5uZXMgVHNjaG9mZW5pZyA8SGFubmVzLlRzY2hv
ZmVuaWdAYXJtLmNvbTxtYWlsdG86SGFubmVzLlRzY2hvZmVuaWdAYXJtLmNvbT4+IHdyb3RlOg0K
SGkgQ2Fyc3RlbiwNCg0KRm9ybWF0IGhlcmUgbWVhbnMgaGF2aW5nIGFuIEFTTi4xLCBYTUwsIEpT
T04sIENCT1IsIGV0Yy4gZW5jb2RpbmdzIG9mIHRoZSBtYW5pZmVzdCAoKyB0aGUgYXBwcm9wcmlh
dGUgc2VjdXJpdHkgbWVjaGFuaXNtcykuDQoNCkZvciB1cyBvZmZlcmluZyBvcGVyYXRpbmcgc3lz
dGVtcyB3ZSBmZWFyIHRoYXQgb25lIGN1c3RvbWVyIHdpbGwgd2FudCBBU04uMSBhbmQgdGhlIG90
aGVyIHdhbnQgSlNPTiwgbGlrZSB0aGV5IGRvIHdpdGggSW9UIHByb3RvY29scyAoZS5nLiwgQ29B
UCBhbmQgTVFUVCkgdG9kYXkgYXMgd2VsbC4gVGhlIHJlc3VsdCBpcyB0aGF0IHdlIGhhdmUgdG8g
c3VwcG9ydCBldmVyeXRoaW5nIGFuZCB3aGlsZSB0aGV5IHdpbGwgbm90IGJlIGNvbXBpbGVkIGlu
dG8gdGhlIGNvZGUgYXQgdGhlIHNhbWUgdGltZSB0aGV5IG5lZWQgdG8gYmUgYXZhaWxhYmxlIGFu
ZCBuZWVkIHRvIGJlIG1haW50YWluZWQuDQoNCldoZW4geW91IHRoZW4gdXBkYXRlIGEgZmxlZXQg
b2YgZGV2aWNlcywgc29tZSBvZiB0aGVtIG1heSBzdXBwb3J0IGZvbyBhbmQgc29tZSBiYXIuIElt
YWdpbmUgYSB2ZWhpY2xlIHRoYXQgY29tZXMgd2l0aCBtYW55IGRpZmZlcmVudCBwcm9jZXNzb3Jz
IGFuZCB0aGV5IHJlcXVpcmUgYSBtaXh0dXJlIG9mIGRpZmZlcmVudCBmb3JtYXRzLiBUaGUgYmFj
a2VuZCBpbmZyYXN0cnVjdHVyZSB0aGVuIG5lZWRzIHRvIGtub3cgd2hhdCBmb3JtYXQgaXMgc3Vw
cG9ydGVkIGJ5IHdoaWNoIGRldmljZS9wcm9jZXNzb3IuDQoNClRoZSBkZXZpY2Ugd2lsbCBhc2sg
Zm9yIHRoZSBmb3JtYXQgdGhhdCBpdCBzdXBwb3J0cy4gU2F5LCB0aGUgZGV2aWNlIG5lZWRzIG1h
bmlmZXN0IGluIENCT1IgZm9ybWF0IGZvciBleGFtcGxlDQogVGhlIGRldmljZSBpcyBiYXNpY2Fs
bHkgZHVtYiBpbiB0aGF0IGNvbnRleHQgYW5kIEkgYW0gc2F5aW5nIHdlIGRvbid0IG5lZWQgdG8g
Y29tcGxpY2F0ZSB0aGF0LiBMZXQgdGhlIGJ1cmRlbiBvZiBoYXZpbmcgbXVsdGlwbGUgZW5jb2Rp
bmdzIHN1cHBvcnQgYmUgb24gdGhlIHVwZGF0ZSBzZXJ2ZXIgYW5kIHRoZSBkZXZpY2Ugd2lsbCBh
c2sgdGhlIG9ubHkgdGhpbmcgaXQgc3VwcG9ydHMuDQoNCg0KSSBob3BlIHRoaXMgbWFrZXMgc2Vu
c2UuDQoNCkNpYW8NCkhhbm5lcw0KDQoNCi0tLS0tT3JpZ2luYWwgTWVzc2FnZS0tLS0tDQpGcm9t
OiBDYXJzdGVuIEJvcm1hbm4gW21haWx0bzpjYWJvQHR6aS5vcmc8bWFpbHRvOmNhYm9AdHppLm9y
Zz5dDQpTZW50OiAyMyBOb3ZlbWJlciAyMDE3IDA5OjAyDQpUbzogSGFubmVzIFRzY2hvZmVuaWcN
CkNjOiBTdWhhcyBOYW5kYWt1bWFyOyBzdWl0QGlldGYub3JnPG1haWx0bzpzdWl0QGlldGYub3Jn
Pg0KU3ViamVjdDogUmU6IFtTdWl0XSBNYW5pZmVzdCBGb3JtYXRzDQoNCk9uIE5vdiAyMywgMjAx
NywgYXQgMDg6MzEsIEhhbm5lcyBUc2Nob2ZlbmlnIDxIYW5uZXMuVHNjaG9mZW5pZ0Bhcm0uY29t
PG1haWx0bzpIYW5uZXMuVHNjaG9mZW5pZ0Bhcm0uY29tPj4gd3JvdGU6DQo+DQo+IERvIHlvdSBh
Z3JlZSB0aGF0IGhhdmluZyBtdWx0aXBsZSBmb3JtYXRzIHdpbGwgY2F1c2UgYWRkaXRpb25hbCBw
YWluIGFuZCBsb3dlciBpbnRlcm9wZXJhYmlsaXR5Pw0KDQpJ4oCZbSBub3QgU3VoYXMsIGJ1dCBJ
4oCZZCBsaWtlIHRvIHBvaW50IG91dCB0aGF0IHdoaWxlIHRoaXMgaXMgdHJpdmlhbGx5IHRydWUs
IGl0IG1heSBhbHNvIGJlIHRyaXZpYWxseSBpcnJlbGV2YW50LCBhcyBkZW1vbnN0cmF0ZWQgYnkg
YSBzZW50ZW5jZSBsaWtlOg0KDQo+IGhhdmluZyBib3RoIFVEUCBhbmQgVENQIGFzIHRyYW5zcG9y
dCBwcm90b2NvbHMgZm9yIElQIHdpbGwgY2F1c2UgYWRkaXRpb25hbCBwYWluIGFuZCBsb3dlciBp
bnRlcm9wZXJhYmlsaXR5DQoNCihJ4oCZbSBub3Qgc3VyZSB3aGF0IOKAnGZvcm1hdOKAnSBtZWFu
cyBoZXJlOyBpZiB0aGlzIGlzIGFib3V0IHNlcmlhbGl6YXRpb25zLCBkaWZmZXJlbnQgY29uc2lk
ZXJhdGlvbnMgYXBwbHkgdGhhbiBpZiB0aGlzIGlzIGFib3V0IGluZm9ybWF0aW9uIG1vZGVscyBh
bmQgc2VjdXJpdHkgbW9kZWxzLikNCg0KR3LDvMOfZSwgQ2Fyc3Rlbg0KDQpJTVBPUlRBTlQgTk9U
SUNFOiBUaGUgY29udGVudHMgb2YgdGhpcyBlbWFpbCBhbmQgYW55IGF0dGFjaG1lbnRzIGFyZSBj
b25maWRlbnRpYWwgYW5kIG1heSBhbHNvIGJlIHByaXZpbGVnZWQuIElmIHlvdSBhcmUgbm90IHRo
ZSBpbnRlbmRlZCByZWNpcGllbnQsIHBsZWFzZSBub3RpZnkgdGhlIHNlbmRlciBpbW1lZGlhdGVs
eSBhbmQgZG8gbm90IGRpc2Nsb3NlIHRoZSBjb250ZW50cyB0byBhbnkgb3RoZXIgcGVyc29uLCB1
c2UgaXQgZm9yIGFueSBwdXJwb3NlLCBvciBzdG9yZSBvciBjb3B5IHRoZSBpbmZvcm1hdGlvbiBp
biBhbnkgbWVkaXVtLiBUaGFuayB5b3UuDQoNCklNUE9SVEFOVCBOT1RJQ0U6IFRoZSBjb250ZW50
cyBvZiB0aGlzIGVtYWlsIGFuZCBhbnkgYXR0YWNobWVudHMgYXJlIGNvbmZpZGVudGlhbCBhbmQg
bWF5IGFsc28gYmUgcHJpdmlsZWdlZC4gSWYgeW91IGFyZSBub3QgdGhlIGludGVuZGVkIHJlY2lw
aWVudCwgcGxlYXNlIG5vdGlmeSB0aGUgc2VuZGVyIGltbWVkaWF0ZWx5IGFuZCBkbyBub3QgZGlz
Y2xvc2UgdGhlIGNvbnRlbnRzIHRvIGFueSBvdGhlciBwZXJzb24sIHVzZSBpdCBmb3IgYW55IHB1
cnBvc2UsIG9yIHN0b3JlIG9yIGNvcHkgdGhlIGluZm9ybWF0aW9uIGluIGFueSBtZWRpdW0uIFRo
YW5rIHlvdS4NCg==

--_000_AM4PR0801MB2706F3857B5B5B39BDED0B07FA210AM4PR0801MB2706_
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: base64

PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy
bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt
YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj
cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv
VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg
Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv
ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTQgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl
PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6
Q2FsaWJyaTsNCglwYW5vc2UtMToyIDE1IDUgMiAyIDIgNCAzIDIgNDt9DQpAZm9udC1mYWNlDQoJ
e2ZvbnQtZmFtaWx5OlRhaG9tYTsNCglwYW5vc2UtMToyIDExIDYgNCAzIDUgNCA0IDIgNDt9DQov
KiBTdHlsZSBEZWZpbml0aW9ucyAqLw0KcC5Nc29Ob3JtYWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1z
b05vcm1hbA0KCXttYXJnaW46MGNtOw0KCW1hcmdpbi1ib3R0b206LjAwMDFwdDsNCglmb250LXNp
emU6MTIuMHB0Ow0KCWZvbnQtZmFtaWx5OiJUaW1lcyBOZXcgUm9tYW4iLCJzZXJpZiI7fQ0KYTps
aW5rLCBzcGFuLk1zb0h5cGVybGluaw0KCXttc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6
Ymx1ZTsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lO30NCmE6dmlzaXRlZCwgc3Bhbi5Nc29I
eXBlcmxpbmtGb2xsb3dlZA0KCXttc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6cHVycGxl
Ow0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KcC5Nc29BY2V0YXRlLCBsaS5Nc29BY2V0
YXRlLCBkaXYuTXNvQWNldGF0ZQ0KCXttc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJbXNvLXN0eWxl
LWxpbms6IkJhbGxvb24gVGV4dCBDaGFyIjsNCgltYXJnaW46MGNtOw0KCW1hcmdpbi1ib3R0b206
LjAwMDFwdDsNCglmb250LXNpemU6OC4wcHQ7DQoJZm9udC1mYW1pbHk6IlRhaG9tYSIsInNhbnMt
c2VyaWYiO30NCnNwYW4uQmFsbG9vblRleHRDaGFyDQoJe21zby1zdHlsZS1uYW1lOiJCYWxsb29u
IFRleHQgQ2hhciI7DQoJbXNvLXN0eWxlLXByaW9yaXR5Ojk5Ow0KCW1zby1zdHlsZS1saW5rOiJC
YWxsb29uIFRleHQiOw0KCWZvbnQtZmFtaWx5OiJUYWhvbWEiLCJzYW5zLXNlcmlmIjsNCgltc28t
ZmFyZWFzdC1sYW5ndWFnZTpFTi1HQjt9DQpzcGFuLkVtYWlsU3R5bGUxOQ0KCXttc28tc3R5bGUt
dHlwZTpwZXJzb25hbC1yZXBseTsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsInNhbnMtc2VyaWYi
Ow0KCWNvbG9yOiMxRjQ5N0Q7fQ0KLk1zb0NocERlZmF1bHQNCgl7bXNvLXN0eWxlLXR5cGU6ZXhw
b3J0LW9ubHk7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLCJzYW5zLXNlcmlmIjsNCgltc28tZmFy
ZWFzdC1sYW5ndWFnZTpFTi1VUzt9DQpAcGFnZSBXb3JkU2VjdGlvbjENCgl7c2l6ZTo2MTIuMHB0
IDc5Mi4wcHQ7DQoJbWFyZ2luOjcyLjBwdCA3Mi4wcHQgNzIuMHB0IDcyLjBwdDt9DQpkaXYuV29y
ZFNlY3Rpb24xDQoJe3BhZ2U6V29yZFNlY3Rpb24xO30NCi0tPjwvc3R5bGU+PCEtLVtpZiBndGUg
bXNvIDldPjx4bWw+DQo8bzpzaGFwZWRlZmF1bHRzIHY6ZXh0PSJlZGl0IiBzcGlkbWF4PSIxMDI2
IiAvPg0KPC94bWw+PCFbZW5kaWZdLS0+PCEtLVtpZiBndGUgbXNvIDldPjx4bWw+DQo8bzpzaGFw
ZWxheW91dCB2OmV4dD0iZWRpdCI+DQo8bzppZG1hcCB2OmV4dD0iZWRpdCIgZGF0YT0iMSIgLz4N
CjwvbzpzaGFwZWxheW91dD48L3htbD48IVtlbmRpZl0tLT4NCjwvaGVhZD4NCjxib2R5IGxhbmc9
IkVOLUdCIiBsaW5rPSJibHVlIiB2bGluaz0icHVycGxlIj4NCjxkaXYgY2xhc3M9IldvcmRTZWN0
aW9uMSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBw
dDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7
Y29sb3I6IzFGNDk3RCI+SGkgU3VoYXMsDQo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFz
cz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTom
cXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6IzFGNDk3RCI+
PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4g
c3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90Oywm
cXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPlRoZSB3YXkgd2Ugd291bGQgbGlr
ZSB0aGlzIHRvIHdvcmsgaXMgbm90IHRvIGhhdmUgdGhlIHVwZGF0ZSBzZXJ2ZXIgY3JlYXRlIHRo
ZXNlIG1hbmlmZXN0cyBpbiByZWFsLXRpbWUsIGJhc2VkIG9uIHdoYXQgdGhlIGRldmljZSBhc2tz
IGZvci4gSW5zdGVhZCwgdGhlIG1hbmlmZXN0cw0KIGFyZSBjcmVhdGVkIGFuZCBzaWduZWQgYnkg
dGhlIGRldmVsb3BlciAodXNpbmcgYSB0b29sIG9yIGEgd2ViIHNlcnZpY2UpLiBUaGUgdXBkYXRl
IHNlcnZlciBpcyBtYWlubHkgYSByZXBvc2l0b3J5LiBUaGlzIGFwcHJvYWNoIHByb3ZpZGVzIGJl
dHRlciBzZWN1cml0eS4NCjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3Jt
YWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGli
cmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojMUY0OTdEIj48bzpwPiZuYnNw
OzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9u
dC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMt
c2VyaWYmcXVvdDs7Y29sb3I6IzFGNDk3RCI+SWYgeW91IGxvb2sgYmFjayBpbiB0aGUgaGlzdG9y
eSBvZiB0aGUgSUVURiBzZWN1cml0eSB3b3JrIHRoZW4gZGVmaW5pbmcgbXVsdGlwbGUsIHNpbWls
YXIgc29sdXRpb24gaGFzIG5vdCBiZWVuIGEgZ3JlYXQgc3VjY2VzcyBzdG9yeS4NCjxvOnA+PC9v
OnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNp
emU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJp
ZiZxdW90Oztjb2xvcjojMUY0OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBj
bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWls
eTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6IzFGNDk3
RCI+Q2lhbzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFu
IHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDss
JnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojMUY0OTdEIj5IYW5uZXM8bzpwPjwvbzpwPjwv
c3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEx
LjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVv
dDs7Y29sb3I6IzFGNDk3RCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9
Ik1zb05vcm1hbCI+PGEgbmFtZT0iX01haWxFbmRDb21wb3NlIj48c3BhbiBzdHlsZT0iZm9udC1z
aXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2Vy
aWYmcXVvdDs7Y29sb3I6IzFGNDk3RCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9hPjwvcD4N
CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxiPjxzcGFuIGxhbmc9IkVOLVVTIiBzdHlsZT0iZm9udC1z
aXplOjEwLjBwdDtmb250LWZhbWlseTomcXVvdDtUYWhvbWEmcXVvdDssJnF1b3Q7c2Fucy1zZXJp
ZiZxdW90OyI+RnJvbTo8L3NwYW4+PC9iPjxzcGFuIGxhbmc9IkVOLVVTIiBzdHlsZT0iZm9udC1z
aXplOjEwLjBwdDtmb250LWZhbWlseTomcXVvdDtUYWhvbWEmcXVvdDssJnF1b3Q7c2Fucy1zZXJp
ZiZxdW90OyI+IFN1aGFzIE5hbmRha3VtYXIgW21haWx0bzpzdWhhc2lldGZAZ21haWwuY29tXQ0K
PGJyPg0KPGI+U2VudDo8L2I+IDIzIE5vdmVtYmVyIDIwMTcgMTY6NTI8YnI+DQo8Yj5Ubzo8L2I+
IEhhbm5lcyBUc2Nob2ZlbmlnPGJyPg0KPGI+Q2M6PC9iPiBDYXJzdGVuIEJvcm1hbm47IHN1aXRA
aWV0Zi5vcmc8YnI+DQo8Yj5TdWJqZWN0OjwvYj4gUmU6IFtTdWl0XSBNYW5pZmVzdCBGb3JtYXRz
PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8
L286cD48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48
L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8
ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+T24gVGh1LCBOb3YgMjMsIDIwMTcgYXQgMTI6MDkg
QU0sIEhhbm5lcyBUc2Nob2ZlbmlnICZsdDs8YSBocmVmPSJtYWlsdG86SGFubmVzLlRzY2hvZmVu
aWdAYXJtLmNvbSIgdGFyZ2V0PSJfYmxhbmsiPkhhbm5lcy5Uc2Nob2ZlbmlnQGFybS5jb208L2E+
Jmd0OyB3cm90ZTo8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPkhpIENhcnN0
ZW4sPGJyPg0KPGJyPg0KRm9ybWF0IGhlcmUgbWVhbnMgaGF2aW5nIGFuIEFTTi4xLCBYTUwsIEpT
T04sIENCT1IsIGV0Yy4gZW5jb2RpbmdzIG9mIHRoZSBtYW5pZmVzdCAoJiM0MzsgdGhlIGFwcHJv
cHJpYXRlIHNlY3VyaXR5IG1lY2hhbmlzbXMpLjxicj4NCjxicj4NCkZvciB1cyBvZmZlcmluZyBv
cGVyYXRpbmcgc3lzdGVtcyB3ZSBmZWFyIHRoYXQgb25lIGN1c3RvbWVyIHdpbGwgd2FudCBBU04u
MSBhbmQgdGhlIG90aGVyIHdhbnQgSlNPTiwgbGlrZSB0aGV5IGRvIHdpdGggSW9UIHByb3RvY29s
cyAoZS5nLiwgQ29BUCBhbmQgTVFUVCkgdG9kYXkgYXMgd2VsbC4gVGhlIHJlc3VsdCBpcyB0aGF0
IHdlIGhhdmUgdG8gc3VwcG9ydCBldmVyeXRoaW5nIGFuZCB3aGlsZSB0aGV5IHdpbGwgbm90IGJl
IGNvbXBpbGVkIGludG8NCiB0aGUgY29kZSBhdCB0aGUgc2FtZSB0aW1lIHRoZXkgbmVlZCB0byBi
ZSBhdmFpbGFibGUgYW5kIG5lZWQgdG8gYmUgbWFpbnRhaW5lZC48YnI+DQo8YnI+DQpXaGVuIHlv
dSB0aGVuIHVwZGF0ZSBhIGZsZWV0IG9mIGRldmljZXMsIHNvbWUgb2YgdGhlbSBtYXkgc3VwcG9y
dCBmb28gYW5kIHNvbWUgYmFyLiBJbWFnaW5lIGEgdmVoaWNsZSB0aGF0IGNvbWVzIHdpdGggbWFu
eSBkaWZmZXJlbnQgcHJvY2Vzc29ycyBhbmQgdGhleSByZXF1aXJlIGEgbWl4dHVyZSBvZiBkaWZm
ZXJlbnQgZm9ybWF0cy4gVGhlIGJhY2tlbmQgaW5mcmFzdHJ1Y3R1cmUgdGhlbiBuZWVkcyB0byBr
bm93IHdoYXQgZm9ybWF0IGlzIHN1cHBvcnRlZA0KIGJ5IHdoaWNoIGRldmljZS9wcm9jZXNzb3Iu
PG86cD48L286cD48L3A+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8
L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5UaGUgZGV2aWNl
IHdpbGwgYXNrIGZvciB0aGUgZm9ybWF0IHRoYXQgaXQgc3VwcG9ydHMuIFNheSwgdGhlIGRldmlj
ZSBuZWVkcyBtYW5pZmVzdCBpbiBDQk9SIGZvcm1hdCBmb3IgZXhhbXBsZTxvOnA+PC9vOnA+PC9w
Pg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+Jm5ic3A7VGhlIGRldmljZSBp
cyBiYXNpY2FsbHkgZHVtYiBpbiB0aGF0IGNvbnRleHQgYW5kIEkgYW0gc2F5aW5nIHdlIGRvbid0
IG5lZWQgdG8gY29tcGxpY2F0ZSB0aGF0LiBMZXQgdGhlIGJ1cmRlbiBvZiBoYXZpbmcgbXVsdGlw
bGUgZW5jb2RpbmdzIHN1cHBvcnQgYmUgb24gdGhlIHVwZGF0ZSBzZXJ2ZXIgYW5kIHRoZSBkZXZp
Y2Ugd2lsbCBhc2sgdGhlIG9ubHkgdGhpbmcgaXQgc3VwcG9ydHMuJm5ic3A7PG86cD48L286cD48
L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj4mbmJzcDs8bzpwPjwvbzpw
PjwvcD4NCjwvZGl2Pg0KPGJsb2NrcXVvdGUgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci1sZWZ0
OnNvbGlkICNDQ0NDQ0MgMS4wcHQ7cGFkZGluZzowY20gMGNtIDBjbSA2LjBwdDttYXJnaW4tbGVm
dDo0LjhwdDttYXJnaW4tcmlnaHQ6MGNtIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxicj4NCkkg
aG9wZSB0aGlzIG1ha2VzIHNlbnNlLjxicj4NCjxicj4NCkNpYW88YnI+DQpIYW5uZXM8YnI+DQo8
YnI+DQo8YnI+DQotLS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLTxicj4NCkZyb206IENhcnN0ZW4g
Qm9ybWFubiBbbWFpbHRvOjxhIGhyZWY9Im1haWx0bzpjYWJvQHR6aS5vcmciPmNhYm9AdHppLm9y
ZzwvYT5dPGJyPg0KU2VudDogMjMgTm92ZW1iZXIgMjAxNyAwOTowMjxicj4NClRvOiBIYW5uZXMg
VHNjaG9mZW5pZzxicj4NCkNjOiBTdWhhcyBOYW5kYWt1bWFyOyA8YSBocmVmPSJtYWlsdG86c3Vp
dEBpZXRmLm9yZyI+c3VpdEBpZXRmLm9yZzwvYT48YnI+DQpTdWJqZWN0OiBSZTogW1N1aXRdIE1h
bmlmZXN0IEZvcm1hdHM8YnI+DQo8YnI+DQpPbiBOb3YgMjMsIDIwMTcsIGF0IDA4OjMxLCBIYW5u
ZXMgVHNjaG9mZW5pZyAmbHQ7PGEgaHJlZj0ibWFpbHRvOkhhbm5lcy5Uc2Nob2ZlbmlnQGFybS5j
b20iPkhhbm5lcy5Uc2Nob2ZlbmlnQGFybS5jb208L2E+Jmd0OyB3cm90ZTo8YnI+DQomZ3Q7PGJy
Pg0KJmd0OyBEbyB5b3UgYWdyZWUgdGhhdCBoYXZpbmcgbXVsdGlwbGUgZm9ybWF0cyB3aWxsIGNh
dXNlIGFkZGl0aW9uYWwgcGFpbiBhbmQgbG93ZXIgaW50ZXJvcGVyYWJpbGl0eT88YnI+DQo8YnI+
DQpJ4oCZbSBub3QgU3VoYXMsIGJ1dCBJ4oCZZCBsaWtlIHRvIHBvaW50IG91dCB0aGF0IHdoaWxl
IHRoaXMgaXMgdHJpdmlhbGx5IHRydWUsIGl0IG1heSBhbHNvIGJlIHRyaXZpYWxseSBpcnJlbGV2
YW50LCBhcyBkZW1vbnN0cmF0ZWQgYnkgYSBzZW50ZW5jZSBsaWtlOjxicj4NCjxicj4NCiZndDsg
aGF2aW5nIGJvdGggVURQIGFuZCBUQ1AgYXMgdHJhbnNwb3J0IHByb3RvY29scyBmb3IgSVAgd2ls
bCBjYXVzZSBhZGRpdGlvbmFsIHBhaW4gYW5kIGxvd2VyIGludGVyb3BlcmFiaWxpdHk8YnI+DQo8
YnI+DQooSeKAmW0gbm90IHN1cmUgd2hhdCDigJxmb3JtYXTigJ0gbWVhbnMgaGVyZTsgaWYgdGhp
cyBpcyBhYm91dCBzZXJpYWxpemF0aW9ucywgZGlmZmVyZW50IGNvbnNpZGVyYXRpb25zIGFwcGx5
IHRoYW4gaWYgdGhpcyBpcyBhYm91dCBpbmZvcm1hdGlvbiBtb2RlbHMgYW5kIHNlY3VyaXR5IG1v
ZGVscy4pPGJyPg0KPGJyPg0KR3LDvMOfZSwgQ2Fyc3RlbjxvOnA+PC9vOnA+PC9wPg0KPGRpdj4N
CjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48YnI+DQpJTVBPUlRBTlQgTk9USUNFOiBUaGUg
Y29udGVudHMgb2YgdGhpcyBlbWFpbCBhbmQgYW55IGF0dGFjaG1lbnRzIGFyZSBjb25maWRlbnRp
YWwgYW5kIG1heSBhbHNvIGJlIHByaXZpbGVnZWQuIElmIHlvdSBhcmUgbm90IHRoZSBpbnRlbmRl
ZCByZWNpcGllbnQsIHBsZWFzZSBub3RpZnkgdGhlIHNlbmRlciBpbW1lZGlhdGVseSBhbmQgZG8g
bm90IGRpc2Nsb3NlIHRoZSBjb250ZW50cyB0byBhbnkgb3RoZXIgcGVyc29uLCB1c2UgaXQgZm9y
IGFueSBwdXJwb3NlLA0KIG9yIHN0b3JlIG9yIGNvcHkgdGhlIGluZm9ybWF0aW9uIGluIGFueSBt
ZWRpdW0uIFRoYW5rIHlvdS48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Jsb2Nr
cXVvdGU+DQo8L2Rpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9w
Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KSU1QT1JUQU5UIE5PVElDRTogVGhlIGNvbnRlbnRz
IG9mIHRoaXMgZW1haWwgYW5kIGFueSBhdHRhY2htZW50cyBhcmUgY29uZmlkZW50aWFsIGFuZCBt
YXkgYWxzbyBiZSBwcml2aWxlZ2VkLiBJZiB5b3UgYXJlIG5vdCB0aGUgaW50ZW5kZWQgcmVjaXBp
ZW50LCBwbGVhc2Ugbm90aWZ5IHRoZSBzZW5kZXIgaW1tZWRpYXRlbHkgYW5kIGRvIG5vdCBkaXNj
bG9zZSB0aGUgY29udGVudHMgdG8gYW55IG90aGVyIHBlcnNvbiwgdXNlIGl0IGZvciBhbnkgcHVy
cG9zZSwNCiBvciBzdG9yZSBvciBjb3B5IHRoZSBpbmZvcm1hdGlvbiBpbiBhbnkgbWVkaXVtLiBU
aGFuayB5b3UuDQo8L2JvZHk+DQo8L2h0bWw+DQo=

--_000_AM4PR0801MB2706F3857B5B5B39BDED0B07FA210AM4PR0801MB2706_--


From nobody Thu Nov 23 08:15:33 2017
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C41B912EB30 for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 08:15:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.7
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i1vdjm4wn14o for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 08:15:30 -0800 (PST)
Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-eopbgr50064.outbound.protection.outlook.com [40.107.5.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E8E2412944C for <suit@ietf.org>; Thu, 23 Nov 2017 08:09:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=mdaLccgd9j8p3wxRF15jbXomy7/P/+r3iDSzUtnc+jo=; b=R50miYEIe5Zhg3QLNRkrk/P08RwjDS2codUHO2VdJK3ujYAftx5CFFopGuxrTwMDl1BXMHUo5fZnpJQVqhWcTCqjpW63iGyzfPYcoQxkkpR39ArItDxYg7lb6jOND9YqDtRcXJ3FBucMePP2CB2+D4pedBHpaOKGMaDBVC/pcDw=
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com (10.167.90.148) by AM4PR0801MB2707.eurprd08.prod.outlook.com (10.167.90.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.239.5; Thu, 23 Nov 2017 16:09:47 +0000
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::edae:da33:a0c9:fe3f]) by AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::edae:da33:a0c9:fe3f%13]) with mapi id 15.20.0239.009; Thu, 23 Nov 2017 16:09:47 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Suhas Nandakumar <suhasietf@gmail.com>
CC: Michael Richardson <mcr+ietf@sandelman.ca>, "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] SUIT Charter: Firmware Server Discovery and Download Mechanism
Thread-Index: AQHTY+nKOBJ15iHy80Of+kwRfWqQtaMhEE6AgACHNyCAAIWcgIAABZdw
Date: Thu, 23 Nov 2017 16:09:46 +0000
Message-ID: <AM4PR0801MB27067DB876FC3586EF925896FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
References: <CAMRcRGQbXX5Cog=Jccgrkuz48oGnw0v3AAx-N20UaZhXbW=H5g@mail.gmail.com> <589.1511394367@obiwan.sandelman.ca> <AM4PR0801MB2706942518011D9489B0DC6DFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <CAMRcRGSibG+Db3HROm3E4bPNOH0GiwuOVigLg26Ca92CO2X9VA@mail.gmail.com>
In-Reply-To: <CAMRcRGSibG+Db3HROm3E4bPNOH0GiwuOVigLg26Ca92CO2X9VA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [80.92.114.7]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM4PR0801MB2707; 6:g6bG6WF6OCJHnf4NeeJbjsLM6lzE9FusJ9ROB4rP9yDlUPA7DWOCN3U0YkAN+QdyLxapylMokp4rp9fb7brh7yeqQ7rGHG7ikBifUQ8OdkMMpHjunT8uLV+o0UKJjaSE1+pUiWTjhcsWEdz8bM/GhSjWpJd6EuXQFTNV4fQ4t3DGnfPZtxfWzuRLnO7mBrWvmzgdi0qW/2Z9G/vwaSQ1acZeGr4N63udTFsGKKMAaBxNVCTnYhTAp25z05fK65OUFLWbd+nF6hIvjtYQFrztiBoLUMuyRZ88TFY0aZtKgqQSiYrlICrlFlIuxA4SoFWqw1BAJz4FnpY60TC457PCbet0giVyzfnSOizdhFdW5Wo=; 5:61v/9ZhQ4CsaodQDWimLA7fl+cd4YT+V8iAldOgFZDa/LiYETQfMEPPdzjHAQMqe5D6jdoaoYaKTWdpTqOd4woo+oOLrzOWBrvS5Rc57do/PJmxJ7HqRzzsVg5XlxpLuo2zUWu15rVT6UfLcIkqSMNQoNd6SK25e4Vt6yweI5jU=; 24:AK8+LMvDMs/0yxT1XtFoyzEuW8sdS9OKiHNA17ImFW7y7b7FInAjBK1ZFlTeishMee7C2Yp6NmCPv4WEiEUlfOI7QgaE3KN/gX/BKNp+cOM=; 7:cniDnMoJz+UqpaTOY+EyqJJ01IHD6zl3m8T3ZDhJUqWU3zZIcRT03YJrOV8jZC3N488DzmFTRpKZNgidEVx+GwCmYEqlGeF2YA0pLTaE2DSjbzMkjY+djdtc8JawPxvj1z/4EQu8OpWOl/Pr4Ixi2QAYXnQzldKbncJhq+2Seh7uRty6q74jtkLFinN5yZpT13acuke9HRbUSQEhwZDD6JR/E3pp5Y0H1yifsUMpSUYx2eNaLjN5uRFK5SiNUGR2
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: c9de5f03-4ff4-42bc-afd9-08d5328c9e0a
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(48565401081)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(5600025)(4604075)(2017052603258); SRVR:AM4PR0801MB2707; 
x-ms-traffictypediagnostic: AM4PR0801MB2707:
x-microsoft-antispam-prvs: <AM4PR0801MB2707367FF591E72507FFEA2EFA210@AM4PR0801MB2707.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(227612066756510)(21748063052155); 
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(93006095)(93001095)(3002001)(3231022)(100000703101)(100105400095)(10201501046)(6055026)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(20161123558100)(20161123564025)(20161123562025)(20161123555025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:AM4PR0801MB2707; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:AM4PR0801MB2707; 
x-forefront-prvs: 05009853EF
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(346002)(39860400002)(376002)(366004)(199003)(40434004)(189002)(39060400002)(8676002)(5250100002)(6506006)(54356999)(76176999)(50986999)(72206003)(99286004)(3846002)(101416001)(478600001)(790700001)(102836003)(6116002)(106356001)(105586002)(2900100001)(25786009)(7736002)(189998001)(7696005)(6436002)(74316002)(55016002)(33656002)(5660300001)(81156014)(4326008)(81166006)(6916009)(2950100002)(53936002)(54906003)(86362001)(5890100001)(316002)(93886005)(2906002)(66066001)(3660700001)(6246003)(68736007)(8936002)(6306002)(1411001)(97736004)(3280700002)(9326002)(54896002)(229853002)(9686003)(14454004); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR0801MB2707; H:AM4PR0801MB2706.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com; 
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_AM4PR0801MB27067DB876FC3586EF925896FA210AM4PR0801MB2706_"
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: c9de5f03-4ff4-42bc-afd9-08d5328c9e0a
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Nov 2017 16:09:47.0166 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0801MB2707
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/JUrjhWe7yNoPyilMZrwp5E6j52Y>
Subject: Re: [Suit] SUIT Charter: Firmware Server Discovery and Download Mechanism
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Nov 2017 16:15:32 -0000

--_000_AM4PR0801MB27067DB876FC3586EF925896FA210AM4PR0801MB2706_
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64

SGkgU3VoYXMsDQoNCkkgdGhpbmsgd2UgYXJlIG1peGluZyBkaWZmZXJlbnQgdGhpbmdzIGhlcmUu
IFdoYXQgSSBhbSBwcm9wb3NpbmcgaXMgYSBuZWVkIHRvIGRpc2NvdmVyIHRoZSBsb2NhdGlvbiBv
ZiB0aGUgZmlybXdhcmUgc2VydmVyIHRoYXQgaGFzIHRoZSBtYW5pZmVzdCBhbmQgdGhlIGltYWdl
LCB3aGVuIHRoZSBkZXZpY2UgaXMgcmVhZHkgdG8gdXBncmFkZSAgKHNheSwgdXNpbmcgcG9sbGlu
ZywgZm9yIGV4YW1wbGUpDQpUaGUgYWJvdmUgbGlzdCBvZiB0aGluZ3MgeW91IGhhdmUgaXMgd2F5
IG1vcmUgY29tcGxpY2F0ZWQgdGhhbiB3aGF0IGlzIGJlaW5nIGFza2VkLiBJIHRoaW5rIHdlIHNo
b3VsZG4ndCBtaXggImZpcm13YXJlIHNlcnZlciBsb2NhdGlvbiBkaXNjb3ZlcnkiIHdpdGggImNh
cGFiaWxpdGllcyBkaXNjb3Zlcnkgb3IgbmVnb3RpYXRpb24gbWVjaGFuaXNtIg0KDQpCdXQgdGhl
cmUgYXJlIGFsc28gb3RoZXIgcGVvcGxlIGluIHRoaXMgYW5kIHRoZXkgaGF2ZSByYWlzZWQgYWRk
aXRpb25hbCBpZGVhcy4gVGhhdOKAmXMgdGhlIHNsaXBwZXJ5IHNsb3BlLg0KDQpDaWFvDQpIYW5u
ZXMNCklNUE9SVEFOVCBOT1RJQ0U6IFRoZSBjb250ZW50cyBvZiB0aGlzIGVtYWlsIGFuZCBhbnkg
YXR0YWNobWVudHMgYXJlIGNvbmZpZGVudGlhbCBhbmQgbWF5IGFsc28gYmUgcHJpdmlsZWdlZC4g
SWYgeW91IGFyZSBub3QgdGhlIGludGVuZGVkIHJlY2lwaWVudCwgcGxlYXNlIG5vdGlmeSB0aGUg
c2VuZGVyIGltbWVkaWF0ZWx5IGFuZCBkbyBub3QgZGlzY2xvc2UgdGhlIGNvbnRlbnRzIHRvIGFu
eSBvdGhlciBwZXJzb24sIHVzZSBpdCBmb3IgYW55IHB1cnBvc2UsIG9yIHN0b3JlIG9yIGNvcHkg
dGhlIGluZm9ybWF0aW9uIGluIGFueSBtZWRpdW0uIFRoYW5rIHlvdS4NCg==

--_000_AM4PR0801MB27067DB876FC3586EF925896FA210AM4PR0801MB2706_
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: base64

PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy
bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt
YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj
cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv
VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg
Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv
ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTQgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl
PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6
Q2FsaWJyaTsNCglwYW5vc2UtMToyIDE1IDUgMiAyIDIgNCAzIDIgNDt9DQpAZm9udC1mYWNlDQoJ
e2ZvbnQtZmFtaWx5OlRhaG9tYTsNCglwYW5vc2UtMToyIDExIDYgNCAzIDUgNCA0IDIgNDt9DQov
KiBTdHlsZSBEZWZpbml0aW9ucyAqLw0KcC5Nc29Ob3JtYWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1z
b05vcm1hbA0KCXttYXJnaW46MGNtOw0KCW1hcmdpbi1ib3R0b206LjAwMDFwdDsNCglmb250LXNp
emU6MTIuMHB0Ow0KCWZvbnQtZmFtaWx5OiJUaW1lcyBOZXcgUm9tYW4iLCJzZXJpZiI7fQ0KYTps
aW5rLCBzcGFuLk1zb0h5cGVybGluaw0KCXttc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6
Ymx1ZTsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lO30NCmE6dmlzaXRlZCwgc3Bhbi5Nc29I
eXBlcmxpbmtGb2xsb3dlZA0KCXttc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6cHVycGxl
Ow0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KcC5Nc29BY2V0YXRlLCBsaS5Nc29BY2V0
YXRlLCBkaXYuTXNvQWNldGF0ZQ0KCXttc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJbXNvLXN0eWxl
LWxpbms6IkJhbGxvb24gVGV4dCBDaGFyIjsNCgltYXJnaW46MGNtOw0KCW1hcmdpbi1ib3R0b206
LjAwMDFwdDsNCglmb250LXNpemU6OC4wcHQ7DQoJZm9udC1mYW1pbHk6IlRhaG9tYSIsInNhbnMt
c2VyaWYiO30NCnNwYW4uQmFsbG9vblRleHRDaGFyDQoJe21zby1zdHlsZS1uYW1lOiJCYWxsb29u
IFRleHQgQ2hhciI7DQoJbXNvLXN0eWxlLXByaW9yaXR5Ojk5Ow0KCW1zby1zdHlsZS1saW5rOiJC
YWxsb29uIFRleHQiOw0KCWZvbnQtZmFtaWx5OiJUYWhvbWEiLCJzYW5zLXNlcmlmIjsNCgltc28t
ZmFyZWFzdC1sYW5ndWFnZTpFTi1HQjt9DQpzcGFuLkVtYWlsU3R5bGUxOQ0KCXttc28tc3R5bGUt
dHlwZTpwZXJzb25hbC1yZXBseTsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsInNhbnMtc2VyaWYi
Ow0KCWNvbG9yOiMxRjQ5N0Q7fQ0KLk1zb0NocERlZmF1bHQNCgl7bXNvLXN0eWxlLXR5cGU6ZXhw
b3J0LW9ubHk7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLCJzYW5zLXNlcmlmIjsNCgltc28tZmFy
ZWFzdC1sYW5ndWFnZTpFTi1VUzt9DQpAcGFnZSBXb3JkU2VjdGlvbjENCgl7c2l6ZTo2MTIuMHB0
IDc5Mi4wcHQ7DQoJbWFyZ2luOjcyLjBwdCA3Mi4wcHQgNzIuMHB0IDcyLjBwdDt9DQpkaXYuV29y
ZFNlY3Rpb24xDQoJe3BhZ2U6V29yZFNlY3Rpb24xO30NCi0tPjwvc3R5bGU+PCEtLVtpZiBndGUg
bXNvIDldPjx4bWw+DQo8bzpzaGFwZWRlZmF1bHRzIHY6ZXh0PSJlZGl0IiBzcGlkbWF4PSIxMDI2
IiAvPg0KPC94bWw+PCFbZW5kaWZdLS0+PCEtLVtpZiBndGUgbXNvIDldPjx4bWw+DQo8bzpzaGFw
ZWxheW91dCB2OmV4dD0iZWRpdCI+DQo8bzppZG1hcCB2OmV4dD0iZWRpdCIgZGF0YT0iMSIgLz4N
CjwvbzpzaGFwZWxheW91dD48L3htbD48IVtlbmRpZl0tLT4NCjwvaGVhZD4NCjxib2R5IGxhbmc9
IkVOLUdCIiBsaW5rPSJibHVlIiB2bGluaz0icHVycGxlIj4NCjxkaXYgY2xhc3M9IldvcmRTZWN0
aW9uMSI+DQo8ZGl2Pg0KPGRpdj4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+
PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0QiPkhpIFN1aGFzLCA8bzpwPjwvbzpwPjwvc3Bhbj48
L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+PG86
cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+SSB0aGluayB3
ZSBhcmUgbWl4aW5nIGRpZmZlcmVudCB0aGluZ3MgaGVyZS4gV2hhdCBJIGFtIHByb3Bvc2luZyBp
cyBhIG5lZWQgdG8gZGlzY292ZXIgdGhlIGxvY2F0aW9uIG9mIHRoZSBmaXJtd2FyZSBzZXJ2ZXIg
dGhhdCBoYXMgdGhlIG1hbmlmZXN0IGFuZCB0aGUgaW1hZ2UsIHdoZW4gdGhlIGRldmljZSBpcyBy
ZWFkeSB0byB1cGdyYWRlJm5ic3A7IChzYXksIHVzaW5nIHBvbGxpbmcsIGZvciBleGFtcGxlKTxv
OnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+VGhlIGFi
b3ZlIGxpc3Qgb2YgdGhpbmdzIHlvdSBoYXZlIGlzIHdheSBtb3JlIGNvbXBsaWNhdGVkIHRoYW4g
d2hhdCBpcyBiZWluZyBhc2tlZC4gSSB0aGluayB3ZSBzaG91bGRuJ3QgbWl4ICZxdW90O2Zpcm13
YXJlIHNlcnZlciBsb2NhdGlvbiBkaXNjb3ZlcnkmcXVvdDsgd2l0aCAmcXVvdDtjYXBhYmlsaXRp
ZXMgZGlzY292ZXJ5IG9yIG5lZ290aWF0aW9uIG1lY2hhbmlzbSZxdW90OzxvOnA+PC9vOnA+PC9w
Pg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9y
OiMxRjQ5N0QiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3Jt
YWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGli
cmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojMUY0OTdEIj5CdXQgdGhlcmUg
YXJlIGFsc28gb3RoZXIgcGVvcGxlIGluIHRoaXMgYW5kIHRoZXkgaGF2ZSByYWlzZWQgYWRkaXRp
b25hbCBpZGVhcy4gVGhhdOKAmXMgdGhlIHNsaXBwZXJ5IHNsb3BlLg0KPG86cD48L286cD48L3Nw
YW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4w
cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7
O2NvbG9yOiMxRjQ5N0QiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPC9k
aXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iY29sb3I6IzFGNDk3RCI+Q2lh
bzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxl
PSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7
c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojMUY0OTdEIj5IYW5uZXM8bzpwPjwvbzpwPjwvc3Bhbj48
L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQpJTVBPUlRBTlQgTk9USUNFOiBUaGUgY29udGVu
dHMgb2YgdGhpcyBlbWFpbCBhbmQgYW55IGF0dGFjaG1lbnRzIGFyZSBjb25maWRlbnRpYWwgYW5k
IG1heSBhbHNvIGJlIHByaXZpbGVnZWQuIElmIHlvdSBhcmUgbm90IHRoZSBpbnRlbmRlZCByZWNp
cGllbnQsIHBsZWFzZSBub3RpZnkgdGhlIHNlbmRlciBpbW1lZGlhdGVseSBhbmQgZG8gbm90IGRp
c2Nsb3NlIHRoZSBjb250ZW50cyB0byBhbnkgb3RoZXIgcGVyc29uLCB1c2UgaXQgZm9yIGFueSBw
dXJwb3NlLA0KIG9yIHN0b3JlIG9yIGNvcHkgdGhlIGluZm9ybWF0aW9uIGluIGFueSBtZWRpdW0u
IFRoYW5rIHlvdS4NCjwvYm9keT4NCjwvaHRtbD4NCg==

--_000_AM4PR0801MB27067DB876FC3586EF925896FA210AM4PR0801MB2706_--


From nobody Thu Nov 23 08:21:18 2017
Return-Path: <henk.birkholz@sit.fraunhofer.de>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C87312EB6C for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 08:21:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.901
X-Spam-Level: 
X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NF_82o7oyvJC for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 08:21:14 -0800 (PST)
Received: from iron01.fraunhofer.de (iron01.fraunhofer.de [153.96.1.54]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AB1D512EB32 for <suit@ietf.org>; Thu, 23 Nov 2017 08:21:12 -0800 (PST)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A2FBBADh299Z/xoBYJlXBxwBAQQBAQoBAYMvLmRuJweDc5lRgUsrlj2CBAoYC4FegzoChD9XAQIBAQEBAQIDaCiCakYsAQEBAQEBTwI+LQEBBAEBIQ8BBTYCGQkCGAICJgICJyAQBgEMBgIBAReKAgEEAQuNe5wzEYEjgieLPAEBAQEBBQEBAQEBAR0FgQ6CH4E1UoFRbnwrgn+EUgESAQkDP4JngmEFoUSBCIEmiRKDYYddG4VZg1UFhy6VPgIEBgUCGQGBOViBAwtTJl2FGhyBaHWJEw8YA4EJAYEQAQEB
X-IPAS-Result: A2FBBADh299Z/xoBYJlXBxwBAQQBAQoBAYMvLmRuJweDc5lRgUsrlj2CBAoYC4FegzoChD9XAQIBAQEBAQIDaCiCakYsAQEBAQEBTwI+LQEBBAEBIQ8BBTYCGQkCGAICJgICJyAQBgEMBgIBAReKAgEEAQuNe5wzEYEjgieLPAEBAQEBBQEBAQEBAR0FgQ6CH4E1UoFRbnwrgn+EUgESAQkDP4JngmEFoUSBCIEmiRKDYYddG4VZg1UFhy6VPgIEBgUCGQGBOViBAwtTJl2FGhyBaHWJEw8YA4EJAYEQAQEB
X-IronPort-AV: E=Sophos;i="5.43,368,1503352800"; d="scan'208";a="100322550"
Received: from mail-mtaka26.fraunhofer.de ([153.96.1.26]) by iron01.fraunhofer.de with ESMTP/TLS/DHE-RSA-AES256-SHA; 23 Nov 2017 17:21:10 +0100
X-IronPort-AV: E=Sophos;i="5.44,441,1505772000"; d="scan'208";a="270929860"
X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown
Received: from mailext.sit.fraunhofer.de ([141.12.72.89]) by mail-mtaka26.fraunhofer.de with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 23 Nov 2017 17:21:09 +0100
Received: from mail.sit.fraunhofer.de (mail.sit.fraunhofer.de [141.12.84.171]) by mailext.sit.fraunhofer.de (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id vANGL7Ku015658 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 23 Nov 2017 17:21:08 +0100
Received: from [134.102.160.161] (134.102.160.161) by mail.sit.fraunhofer.de (141.12.84.171) with Microsoft SMTP Server (TLS) id 14.3.361.1; Thu, 23 Nov 2017 17:21:02 +0100
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, "suit@ietf.org" <suit@ietf.org>
References: <CAMRcRGQbXX5Cog=Jccgrkuz48oGnw0v3AAx-N20UaZhXbW=H5g@mail.gmail.com> <589.1511394367@obiwan.sandelman.ca> <AM4PR0801MB2706942518011D9489B0DC6DFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <512a039b-ca00-5cf7-bee1-988942e4656b@sit.fraunhofer.de> <AM4PR0801MB27067933617964FF23228B87FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <d4475dcb-828f-00e9-4dc4-f23e8aade2fa@sit.fraunhofer.de> <AM4PR0801MB270676B2560410315A744BF9FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
From: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
Message-ID: <9ed2fd3e-4fe9-28dd-1b29-e93c2d9880d8@sit.fraunhofer.de>
Date: Thu, 23 Nov 2017 17:21:01 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <AM4PR0801MB270676B2560410315A744BF9FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
Content-Type: text/plain; charset="utf-8"; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Originating-IP: [134.102.160.161]
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/hjTbAnewbtFjxYQILplmqOexo64>
Subject: Re: [Suit] SUIT Charter: Firmware Server Discovery and Download Mechanism
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Nov 2017 16:21:17 -0000

Oh Im sorry, I was confusing TEEP and SUIT again... my fault! :)

So please %s/TEEP/SUIT/g

That said, we added a firmware resource collection to the Concise 
Software Identifier draft in early February this year, which enables 
this document type to be used as a (Reference Integrity Measurement) 
Manifest and/or Container for firmware components.

When the TEEP BoF formed, we separated that part from the core data 
definition and moved it as an extension data definition into an appendix 
of the same draft in expectation of more input.

As we aim for WGLC in December this year (and there will be no decisions 
on firmware related content available until then for sure, 
unfortunately), we will now only include a minimal set of core 
attributes about firmware resources in the core document and create 
another draft that will extend this resource collection in order to 
become a TEEP conform representation later on.


Viele Grüße,

Henk

p.s.

The contradiction I see is that you could use ASN.1 (which is not a 
format/encoding - which I was trying to hint at wrt your list of 
formats, but Carsten was way more elaborate as me on that topic as I 
just saw) in a CMS scenario, but cannot (only) use ASN.1, if you want to 
accommodate more than encodings that are typically defined via the ASN.1 
data model language.

Typically, you (have to / should?) decide on a "clever intermediate 
language", if you do the latter, or am I missing something here? You 
could use multiple languages at once - I guess - and try to keep them 
aligned during the design period of the vocabulary, but I would not like 
to be the person who has to do that.



On 11/23/2017 04:27 PM, Hannes Tschofenig wrote:
> Hi Henk,
> 
>> Hello Hannes,
> 
>> tl;dr I though the consensus was going into the direction of a small list of formats. I consider this to be correct unless consensus shows otherwise.
> 
> [Hannes] That would be good. But let's see when we get to the point of selecting.
> 
> 
> The remainder of this email are just observations:
> 
> This statement
> 
> On 11/23/2017 11:09 AM, Hannes Tschofenig wrote:
>> I may be hard to believe but some companies are actually interested in bringing a standardized manifest format to the market.
> 
> in combination with these statements
> 
> On 11/23/2017 10:01 AM, Hannes Tschofenig wrote:
>> There is separate text in the charter that says the group will pick one or multiple encoding formats.
> 
> On 11/23/2017 09:09 AM, Hannes Tschofenig wrote:
>> Format here means having an ASN.1, XML, JSON, CBOR, etc. encodings of the manifest (+ the appropriate security mechanisms).
> 
> seem to contradict each other?
> 
> 
> Either there is a standardized manifest format, or there are multiple based on the same data model? Also including ASN.1 in the list is somehow confusing to me. If we are talking about format here, I think
> ASN.1 does not fit that list.
> 
> [Hannes] I don't see the contradiction. When we submitted our initial draft version, which described a solution based on ASN1./DER + CMS, some folks said "I want JSON/JOSE" and yet others said "I want CBOR/COSE". Hence, the charter text changed by delaying the decision to a later time in the working group. What matters ultimately is what one has to implement rather than what clever intermediate language we use or how we structure documents.
> 
> And it might also sound surprising, but because some companies (e.g. a few that rely on SOTA) are interested in to market solutions, we started to address this in drafts before the first TEEP BoF. Now that TEEP is emerging, we are splitting the work wrt firmware, and suspended some of it to wait for TEEP manifest definition output in order to retain interoperability - which is effectively a delay already (but addressing a bigger group of stakeholder seems vital, so... viable & necessary).
> 
> [Hannes] I am not sure I understood this statement. The Open Trust Protocol, which is the only solution so far submitted to the TEEP group, does not define a manifest format. At the TEEP BOF folks argued that it would be a good idea to re-use the manifest format from SUIT in TEEP but that hasn't been done so far (although I think it is a good idea).
> 
> Ciao
> Hannes
> 
> Viele Grüße,
> 
> Henk
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> _______________________________________________
> Suit mailing list
> Suit@ietf.org
> https://www.ietf.org/mailman/listinfo/suit
> IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
> 


From nobody Thu Nov 23 08:26:21 2017
Return-Path: <henk.birkholz@sit.fraunhofer.de>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 106D912EB4E for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 08:26:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.901
X-Spam-Level: 
X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L6M0QWmc4-Iv for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 08:26:17 -0800 (PST)
Received: from iron01.fraunhofer.de (iron01.fraunhofer.de [153.96.1.54]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DCD3612EB30 for <suit@ietf.org>; Thu, 23 Nov 2017 08:26:16 -0800 (PST)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A2E/BADh299Z/xoBYJlXBxwBAQQBAQoBAYNdZG4nB4NzmVGBSyuWPYIEChgLgV6DOgKEP1cBAgEBAQEBAgNoKIJqRiwBAQEBAQFPAj4tAQEEAQEhDwEFNgIZCQIYAgImAgInIBAGDQYCAQEXigIBBAELjXucMxGBI4InizwBAQEHAQEBAQEeBYEOgh+CB4FRgWorgn+EUgESAQkDP4JngmEFoUSBCIEmiRKDYYddG4VZg1UFhy6VPgIEBgUCGQGBOViBAwtTJl2FGhyBaHWJEw8YA4EJAYEQAQEB
X-IPAS-Result: A2E/BADh299Z/xoBYJlXBxwBAQQBAQoBAYNdZG4nB4NzmVGBSyuWPYIEChgLgV6DOgKEP1cBAgEBAQEBAgNoKIJqRiwBAQEBAQFPAj4tAQEEAQEhDwEFNgIZCQIYAgImAgInIBAGDQYCAQEXigIBBAELjXucMxGBI4InizwBAQEHAQEBAQEeBYEOgh+CB4FRgWorgn+EUgESAQkDP4JngmEFoUSBCIEmiRKDYYddG4VZg1UFhy6VPgIEBgUCGQGBOViBAwtTJl2FGhyBaHWJEw8YA4EJAYEQAQEB
X-IronPort-AV: E=Sophos;i="5.43,368,1503352800"; d="scan'208";a="100322675"
Received: from mail-mtaka26.fraunhofer.de ([153.96.1.26]) by iron01.fraunhofer.de with ESMTP/TLS/DHE-RSA-AES256-SHA; 23 Nov 2017 17:26:14 +0100
X-IronPort-AV: E=Sophos;i="5.44,441,1505772000"; d="scan'208";a="270930637"
X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown
Received: from mailext.sit.fraunhofer.de ([141.12.72.89]) by mail-mtaka26.fraunhofer.de with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 23 Nov 2017 17:26:13 +0100
Received: from mail.sit.fraunhofer.de (mail.sit.fraunhofer.de [141.12.84.171]) by mailext.sit.fraunhofer.de (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id vANGQCT1016167 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <suit@ietf.org>; Thu, 23 Nov 2017 17:26:13 +0100
Received: from [134.102.160.161] (134.102.160.161) by mail.sit.fraunhofer.de (141.12.84.171) with Microsoft SMTP Server (TLS) id 14.3.361.1; Thu, 23 Nov 2017 17:26:06 +0100
To: <suit@ietf.org>
References: <CAMRcRGQbXX5Cog=Jccgrkuz48oGnw0v3AAx-N20UaZhXbW=H5g@mail.gmail.com> <589.1511394367@obiwan.sandelman.ca> <AM4PR0801MB2706942518011D9489B0DC6DFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <512a039b-ca00-5cf7-bee1-988942e4656b@sit.fraunhofer.de> <AM4PR0801MB27067933617964FF23228B87FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <d4475dcb-828f-00e9-4dc4-f23e8aade2fa@sit.fraunhofer.de> <AM4PR0801MB270676B2560410315A744BF9FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <9ed2fd3e-4fe9-28dd-1b29-e93c2d9880d8@sit.fraunhofer.de>
From: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
Message-ID: <93c16682-3ee7-9e0e-28c4-f03bc724b0a0@sit.fraunhofer.de>
Date: Thu, 23 Nov 2017 17:26:06 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <9ed2fd3e-4fe9-28dd-1b29-e93c2d9880d8@sit.fraunhofer.de>
Content-Type: text/plain; charset="utf-8"; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Originating-IP: [134.102.160.161]
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/xDfXffIEBFzgJ8fQwnNQsq_AfBU>
Subject: Re: [Suit] SUIT Charter: Firmware Server Discovery and Download Mechanism
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Nov 2017 16:26:20 -0000

And again... I meant SUIT, this now seems to be stuck in my head *sigh*

On 11/23/2017 05:21 PM, Henk Birkholz wrote:
> Oh Im sorry, I was confusing TEEP and SUIT again... my fault! :)
> 
> So please %s/TEEP/SUIT/g
> 
> That said, we added a firmware resource collection to the Concise 
> Software Identifier draft in early February this year, which enables 
> this document type to be used as a (Reference Integrity Measurement) 
> Manifest and/or Container for firmware components.
> 
> When the TEEP BoF formed, we separated that part from the core data 
> definition and moved it as an extension data definition into an appendix 
> of the same draft in expectation of more input.
> 
> As we aim for WGLC in December this year (and there will be no decisions 
> on firmware related content available until then for sure, 
> unfortunately), we will now only include a minimal set of core 
> attributes about firmware resources in the core document and create 
> another draft that will extend this resource collection in order to 
> become a TEEP conform representation later on.
> 
> 
> Viele Grüße,
> 
> Henk
> 
> p.s.
> 
> The contradiction I see is that you could use ASN.1 (which is not a 
> format/encoding - which I was trying to hint at wrt your list of 
> formats, but Carsten was way more elaborate as me on that topic as I 
> just saw) in a CMS scenario, but cannot (only) use ASN.1, if you want to 
> accommodate more than encodings that are typically defined via the ASN.1 
> data model language.
> 
> Typically, you (have to / should?) decide on a "clever intermediate 
> language", if you do the latter, or am I missing something here? You 
> could use multiple languages at once - I guess - and try to keep them 
> aligned during the design period of the vocabulary, but I would not like 
> to be the person who has to do that.
> 
> 
> 
> On 11/23/2017 04:27 PM, Hannes Tschofenig wrote:
>> Hi Henk,
>>
>>> Hello Hannes,
>>
>>> tl;dr I though the consensus was going into the direction of a small 
>>> list of formats. I consider this to be correct unless consensus shows 
>>> otherwise.
>>
>> [Hannes] That would be good. But let's see when we get to the point of 
>> selecting.
>>
>>
>> The remainder of this email are just observations:
>>
>> This statement
>>
>> On 11/23/2017 11:09 AM, Hannes Tschofenig wrote:
>>> I may be hard to believe but some companies are actually interested 
>>> in bringing a standardized manifest format to the market.
>>
>> in combination with these statements
>>
>> On 11/23/2017 10:01 AM, Hannes Tschofenig wrote:
>>> There is separate text in the charter that says the group will pick 
>>> one or multiple encoding formats.
>>
>> On 11/23/2017 09:09 AM, Hannes Tschofenig wrote:
>>> Format here means having an ASN.1, XML, JSON, CBOR, etc. encodings of 
>>> the manifest (+ the appropriate security mechanisms).
>>
>> seem to contradict each other?
>>
>>
>> Either there is a standardized manifest format, or there are multiple 
>> based on the same data model? Also including ASN.1 in the list is 
>> somehow confusing to me. If we are talking about format here, I think
>> ASN.1 does not fit that list.
>>
>> [Hannes] I don't see the contradiction. When we submitted our initial 
>> draft version, which described a solution based on ASN1./DER + CMS, 
>> some folks said "I want JSON/JOSE" and yet others said "I want 
>> CBOR/COSE". Hence, the charter text changed by delaying the decision 
>> to a later time in the working group. What matters ultimately is what 
>> one has to implement rather than what clever intermediate language we 
>> use or how we structure documents.
>>
>> And it might also sound surprising, but because some companies (e.g. a 
>> few that rely on SOTA) are interested in to market solutions, we 
>> started to address this in drafts before the first TEEP BoF. Now that 
>> TEEP is emerging, we are splitting the work wrt firmware, and 
>> suspended some of it to wait for TEEP manifest definition output in 
>> order to retain interoperability - which is effectively a delay 
>> already (but addressing a bigger group of stakeholder seems vital, 
>> so... viable & necessary).
>>
>> [Hannes] I am not sure I understood this statement. The Open Trust 
>> Protocol, which is the only solution so far submitted to the TEEP 
>> group, does not define a manifest format. At the TEEP BOF folks argued 
>> that it would be a good idea to re-use the manifest format from SUIT 
>> in TEEP but that hasn't been done so far (although I think it is a 
>> good idea).
>>
>> Ciao
>> Hannes
>>
>> Viele Grüße,
>>
>> Henk
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> Suit mailing list
>> Suit@ietf.org
>> https://www.ietf.org/mailman/listinfo/suit
>> IMPORTANT NOTICE: The contents of this email and any attachments are 
>> confidential and may also be privileged. If you are not the intended 
>> recipient, please notify the sender immediately and do not disclose 
>> the contents to any other person, use it for any purpose, or store or 
>> copy the information in any medium. Thank you.
>>
> 
> _______________________________________________
> Suit mailing list
> Suit@ietf.org
> https://www.ietf.org/mailman/listinfo/suit


From nobody Thu Nov 23 08:30:01 2017
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E7FA012EB86 for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 08:29:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Level: 
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WP21ebgmMrMc for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 08:29:56 -0800 (PST)
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-he1eur01on0055.outbound.protection.outlook.com [104.47.0.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3581612EB30 for <suit@ietf.org>; Thu, 23 Nov 2017 08:29:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=fe/okQwdJCDW51RahMwdaNPF1U4h/zsNJj30r4a3LhQ=; b=RYBtfp08rIQtGOJcMtv5yInocmCdujjwjWNyLIDcUbs4Yg6tnuqz+FUpFPli376aIUzXleZx+stYFjFaJu46LbDIlhF46dDeIFwqaOlrVxnR4to8jJlN3BFtxW67VIchurcH3kknJ/YvFHPug+KR78ic9YzQWiPNj+lTy1d/LpE=
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com (10.167.90.148) by AM4PR0801MB2707.eurprd08.prod.outlook.com (10.167.90.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.239.5; Thu, 23 Nov 2017 16:29:53 +0000
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::edae:da33:a0c9:fe3f]) by AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::edae:da33:a0c9:fe3f%13]) with mapi id 15.20.0239.009; Thu, 23 Nov 2017 16:29:53 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>, "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] SUIT Charter: Firmware Server Discovery and Download Mechanism
Thread-Index: AQHTY+nKOBJ15iHy80Of+kwRfWqQtaMhEE6AgACHNyCAABorAIAACz8wgAARgoCAAER7EIAAE1qAgAABbACAAADAYA==
Date: Thu, 23 Nov 2017 16:29:53 +0000
Message-ID: <AM4PR0801MB2706A5583DEC02CC61CFE1AAFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
References: <CAMRcRGQbXX5Cog=Jccgrkuz48oGnw0v3AAx-N20UaZhXbW=H5g@mail.gmail.com> <589.1511394367@obiwan.sandelman.ca> <AM4PR0801MB2706942518011D9489B0DC6DFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <512a039b-ca00-5cf7-bee1-988942e4656b@sit.fraunhofer.de> <AM4PR0801MB27067933617964FF23228B87FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <d4475dcb-828f-00e9-4dc4-f23e8aade2fa@sit.fraunhofer.de> <AM4PR0801MB270676B2560410315A744BF9FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <9ed2fd3e-4fe9-28dd-1b29-e93c2d9880d8@sit.fraunhofer.de> <93c16682-3ee7-9e0e-28c4-f03bc724b0a0@sit.fraunhofer.de>
In-Reply-To: <93c16682-3ee7-9e0e-28c4-f03bc724b0a0@sit.fraunhofer.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [80.92.114.7]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM4PR0801MB2707; 6:Wcr2ReddhucT2dQVydUvvWaQ7v0JpuJVJ/J/0u56Ebd1k0HwOb6bKhcvodEKo12P7IbHHyVwE9nkiU+kT25Wk93PLAg1bwSi1Z1b2OShv0Tubc+M6hMwu9mKLH3l27RkeRTfTfQlavUJWUaZh94ebrG4g/cJoTh87tWIRUYxhSPQ3MEPRZF6Df4PDnPuzj8FOnuLzW1UAtZQheaS2QjsI3/x9EidecLmdbqU8ONMrUoaDIYjhbM0b52U8o6QwmjpElAO542XftNkYVS9mIVc7mDmu9hRynhq7M8zQ7+i4Gy8z+6nmBOLpnG4JxxUJK3jqdm9Jx6TckwpvMsuQBQ7cEpNBjXf2XxpddC5jha1SoE=; 5:zo39CNMmbD1u0pZGr/wIbZ+3mIrsC4GsnB/gyqlPzAlNvyd1CtEq8H/dZ4AjfLxuqvQ0cgSvLt8Ds3k5O8fDKJ/wGCZRhxpJwDAxAEgLjgCb95gil3N/pnSZXYzbpj2HQc6NA5tNFlxv54LdR3mikOETPPFuICbphuPzWz+/VBY=; 24:VTB03QM1pLrzzTPC/IktAqUaIJ2r41iYXMaWRNVAEXz6qM/z6Ln7XDFnh+q72flTFVZ8HNqbwQDf00Eoc/GQhAvLYQTEjmpR4K16hgZn4AU=; 7:3aV4uW6RBcmMDBO+iZIwvBbRnDt4CzAHPhCK9PxzMzzYyiw4LBXo581BMOn+91Im4DAEnvpd79MwkFqdQH6Yt3cLCDoAsyjgIEo8FIX2hFmGUM71Y/EXg05mF/pcmzOg3s7atH6oiu2Pb3fm5YlBPhBpx4wDLUSvfFOQRzNKJOp1meveYNCxH7aaTtzhEJWJTA2IeHZ36ed1mWT8DRDXU1tgOTpqR2FHeGKBniZmh9JF3V4dLDdqMy8on4nH7lsQ
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 3d92f5c9-8c1c-436d-94cc-08d5328f6ce9
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(48565401081)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(5600025)(4604075)(2017052603258); SRVR:AM4PR0801MB2707; 
x-ms-traffictypediagnostic: AM4PR0801MB2707:
x-microsoft-antispam-prvs: <AM4PR0801MB27075F73690243149F134084FA210@AM4PR0801MB2707.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(192374486261705)(100405760836317); 
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(93006095)(93001095)(3002001)(3231022)(100000703101)(100105400095)(10201501046)(6055026)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(20161123558100)(20161123564025)(20161123562025)(20161123555025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:AM4PR0801MB2707; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:AM4PR0801MB2707; 
x-forefront-prvs: 05009853EF
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(366004)(346002)(39860400002)(376002)(24454002)(13464003)(40434004)(199003)(189002)(86362001)(5890100001)(2950100002)(2501003)(53936002)(53546010)(110136005)(6306002)(966005)(229853002)(97736004)(3280700002)(9686003)(14454004)(93886005)(316002)(68736007)(8936002)(2906002)(3660700001)(6246003)(66066001)(101416001)(478600001)(3846002)(102836003)(106356001)(6116002)(2900100001)(105586002)(8676002)(5250100002)(6506006)(54356999)(76176999)(50986999)(72206003)(99286004)(33656002)(55016002)(81156014)(5660300001)(81166006)(7736002)(189998001)(25786009)(305945005)(74316002)(6436002)(7696005); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR0801MB2707; H:AM4PR0801MB2706.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com; 
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 3d92f5c9-8c1c-436d-94cc-08d5328f6ce9
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Nov 2017 16:29:53.0346 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0801MB2707
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/dlUoYEDuFjgBSs7TyQJYndnFgZg>
Subject: Re: [Suit] SUIT Charter: Firmware Server Discovery and Download Mechanism
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Nov 2017 16:29:59 -0000

SGkgSGVuaywNCg0KTWF5YmUgeW91IG5lZWQgdG8gZXhwbGFpbiB3aGF0IHlvdSBhcmUgZG9pbmcg
d2l0aCB5b3VyIENvbmNpc2UgU29mdHdhcmUgSWRlbnRpZmllciBkcmFmdCBhbmQgd2hvIHRoZSB0
YXJnZXQgYXVkaWVuY2Ugd2FzIGZvciBpdC4NCg0KQ2lhbw0KSGFubmVzDQoNCg0KLS0tLS1Pcmln
aW5hbCBNZXNzYWdlLS0tLS0NCkZyb206IFN1aXQgW21haWx0bzpzdWl0LWJvdW5jZXNAaWV0Zi5v
cmddIE9uIEJlaGFsZiBPZiBIZW5rIEJpcmtob2x6DQpTZW50OiAyMyBOb3ZlbWJlciAyMDE3IDE3
OjI2DQpUbzogc3VpdEBpZXRmLm9yZw0KU3ViamVjdDogUmU6IFtTdWl0XSBTVUlUIENoYXJ0ZXI6
IEZpcm13YXJlIFNlcnZlciBEaXNjb3ZlcnkgYW5kIERvd25sb2FkIE1lY2hhbmlzbQ0KDQpBbmQg
YWdhaW4uLi4gSSBtZWFudCBTVUlULCB0aGlzIG5vdyBzZWVtcyB0byBiZSBzdHVjayBpbiBteSBo
ZWFkICpzaWdoKg0KDQpPbiAxMS8yMy8yMDE3IDA1OjIxIFBNLCBIZW5rIEJpcmtob2x6IHdyb3Rl
Og0KPiBPaCBJbSBzb3JyeSwgSSB3YXMgY29uZnVzaW5nIFRFRVAgYW5kIFNVSVQgYWdhaW4uLi4g
bXkgZmF1bHQhIDopDQo+DQo+IFNvIHBsZWFzZSAlcy9URUVQL1NVSVQvZw0KPg0KPiBUaGF0IHNh
aWQsIHdlIGFkZGVkIGEgZmlybXdhcmUgcmVzb3VyY2UgY29sbGVjdGlvbiB0byB0aGUgQ29uY2lz
ZQ0KPiBTb2Z0d2FyZSBJZGVudGlmaWVyIGRyYWZ0IGluIGVhcmx5IEZlYnJ1YXJ5IHRoaXMgeWVh
ciwgd2hpY2ggZW5hYmxlcw0KPiB0aGlzIGRvY3VtZW50IHR5cGUgdG8gYmUgdXNlZCBhcyBhIChS
ZWZlcmVuY2UgSW50ZWdyaXR5IE1lYXN1cmVtZW50KQ0KPiBNYW5pZmVzdCBhbmQvb3IgQ29udGFp
bmVyIGZvciBmaXJtd2FyZSBjb21wb25lbnRzLg0KPg0KPiBXaGVuIHRoZSBURUVQIEJvRiBmb3Jt
ZWQsIHdlIHNlcGFyYXRlZCB0aGF0IHBhcnQgZnJvbSB0aGUgY29yZSBkYXRhDQo+IGRlZmluaXRp
b24gYW5kIG1vdmVkIGl0IGFzIGFuIGV4dGVuc2lvbiBkYXRhIGRlZmluaXRpb24gaW50byBhbg0K
PiBhcHBlbmRpeCBvZiB0aGUgc2FtZSBkcmFmdCBpbiBleHBlY3RhdGlvbiBvZiBtb3JlIGlucHV0
Lg0KPg0KPiBBcyB3ZSBhaW0gZm9yIFdHTEMgaW4gRGVjZW1iZXIgdGhpcyB5ZWFyIChhbmQgdGhl
cmUgd2lsbCBiZSBubw0KPiBkZWNpc2lvbnMgb24gZmlybXdhcmUgcmVsYXRlZCBjb250ZW50IGF2
YWlsYWJsZSB1bnRpbCB0aGVuIGZvciBzdXJlLA0KPiB1bmZvcnR1bmF0ZWx5KSwgd2Ugd2lsbCBu
b3cgb25seSBpbmNsdWRlIGEgbWluaW1hbCBzZXQgb2YgY29yZQ0KPiBhdHRyaWJ1dGVzIGFib3V0
IGZpcm13YXJlIHJlc291cmNlcyBpbiB0aGUgY29yZSBkb2N1bWVudCBhbmQgY3JlYXRlDQo+IGFu
b3RoZXIgZHJhZnQgdGhhdCB3aWxsIGV4dGVuZCB0aGlzIHJlc291cmNlIGNvbGxlY3Rpb24gaW4g
b3JkZXIgdG8NCj4gYmVjb21lIGEgVEVFUCBjb25mb3JtIHJlcHJlc2VudGF0aW9uIGxhdGVyIG9u
Lg0KPg0KPg0KPiBWaWVsZSBHcsO8w59lLA0KPg0KPiBIZW5rDQo+DQo+IHAucy4NCj4NCj4gVGhl
IGNvbnRyYWRpY3Rpb24gSSBzZWUgaXMgdGhhdCB5b3UgY291bGQgdXNlIEFTTi4xICh3aGljaCBp
cyBub3QgYQ0KPiBmb3JtYXQvZW5jb2RpbmcgLSB3aGljaCBJIHdhcyB0cnlpbmcgdG8gaGludCBh
dCB3cnQgeW91ciBsaXN0IG9mDQo+IGZvcm1hdHMsIGJ1dCBDYXJzdGVuIHdhcyB3YXkgbW9yZSBl
bGFib3JhdGUgYXMgbWUgb24gdGhhdCB0b3BpYyBhcyBJDQo+IGp1c3Qgc2F3KSBpbiBhIENNUyBz
Y2VuYXJpbywgYnV0IGNhbm5vdCAob25seSkgdXNlIEFTTi4xLCBpZiB5b3Ugd2FudA0KPiB0byBh
Y2NvbW1vZGF0ZSBtb3JlIHRoYW4gZW5jb2RpbmdzIHRoYXQgYXJlIHR5cGljYWxseSBkZWZpbmVk
IHZpYSB0aGUNCj4gQVNOLjEgZGF0YSBtb2RlbCBsYW5ndWFnZS4NCj4NCj4gVHlwaWNhbGx5LCB5
b3UgKGhhdmUgdG8gLyBzaG91bGQ/KSBkZWNpZGUgb24gYSAiY2xldmVyIGludGVybWVkaWF0ZQ0K
PiBsYW5ndWFnZSIsIGlmIHlvdSBkbyB0aGUgbGF0dGVyLCBvciBhbSBJIG1pc3Npbmcgc29tZXRo
aW5nIGhlcmU/IFlvdQ0KPiBjb3VsZCB1c2UgbXVsdGlwbGUgbGFuZ3VhZ2VzIGF0IG9uY2UgLSBJ
IGd1ZXNzIC0gYW5kIHRyeSB0byBrZWVwIHRoZW0NCj4gYWxpZ25lZCBkdXJpbmcgdGhlIGRlc2ln
biBwZXJpb2Qgb2YgdGhlIHZvY2FidWxhcnksIGJ1dCBJIHdvdWxkIG5vdA0KPiBsaWtlIHRvIGJl
IHRoZSBwZXJzb24gd2hvIGhhcyB0byBkbyB0aGF0Lg0KPg0KPg0KPg0KPiBPbiAxMS8yMy8yMDE3
IDA0OjI3IFBNLCBIYW5uZXMgVHNjaG9mZW5pZyB3cm90ZToNCj4+IEhpIEhlbmssDQo+Pg0KPj4+
IEhlbGxvIEhhbm5lcywNCj4+DQo+Pj4gdGw7ZHIgSSB0aG91Z2ggdGhlIGNvbnNlbnN1cyB3YXMg
Z29pbmcgaW50byB0aGUgZGlyZWN0aW9uIG9mIGEgc21hbGwNCj4+PiBsaXN0IG9mIGZvcm1hdHMu
IEkgY29uc2lkZXIgdGhpcyB0byBiZSBjb3JyZWN0IHVubGVzcyBjb25zZW5zdXMNCj4+PiBzaG93
cyBvdGhlcndpc2UuDQo+Pg0KPj4gW0hhbm5lc10gVGhhdCB3b3VsZCBiZSBnb29kLiBCdXQgbGV0
J3Mgc2VlIHdoZW4gd2UgZ2V0IHRvIHRoZSBwb2ludA0KPj4gb2Ygc2VsZWN0aW5nLg0KPj4NCj4+
DQo+PiBUaGUgcmVtYWluZGVyIG9mIHRoaXMgZW1haWwgYXJlIGp1c3Qgb2JzZXJ2YXRpb25zOg0K
Pj4NCj4+IFRoaXMgc3RhdGVtZW50DQo+Pg0KPj4gT24gMTEvMjMvMjAxNyAxMTowOSBBTSwgSGFu
bmVzIFRzY2hvZmVuaWcgd3JvdGU6DQo+Pj4gSSBtYXkgYmUgaGFyZCB0byBiZWxpZXZlIGJ1dCBz
b21lIGNvbXBhbmllcyBhcmUgYWN0dWFsbHkgaW50ZXJlc3RlZA0KPj4+IGluIGJyaW5naW5nIGEg
c3RhbmRhcmRpemVkIG1hbmlmZXN0IGZvcm1hdCB0byB0aGUgbWFya2V0Lg0KPj4NCj4+IGluIGNv
bWJpbmF0aW9uIHdpdGggdGhlc2Ugc3RhdGVtZW50cw0KPj4NCj4+IE9uIDExLzIzLzIwMTcgMTA6
MDEgQU0sIEhhbm5lcyBUc2Nob2ZlbmlnIHdyb3RlOg0KPj4+IFRoZXJlIGlzIHNlcGFyYXRlIHRl
eHQgaW4gdGhlIGNoYXJ0ZXIgdGhhdCBzYXlzIHRoZSBncm91cCB3aWxsIHBpY2sNCj4+PiBvbmUg
b3IgbXVsdGlwbGUgZW5jb2RpbmcgZm9ybWF0cy4NCj4+DQo+PiBPbiAxMS8yMy8yMDE3IDA5OjA5
IEFNLCBIYW5uZXMgVHNjaG9mZW5pZyB3cm90ZToNCj4+PiBGb3JtYXQgaGVyZSBtZWFucyBoYXZp
bmcgYW4gQVNOLjEsIFhNTCwgSlNPTiwgQ0JPUiwgZXRjLiBlbmNvZGluZ3MNCj4+PiBvZiB0aGUg
bWFuaWZlc3QgKCsgdGhlIGFwcHJvcHJpYXRlIHNlY3VyaXR5IG1lY2hhbmlzbXMpLg0KPj4NCj4+
IHNlZW0gdG8gY29udHJhZGljdCBlYWNoIG90aGVyPw0KPj4NCj4+DQo+PiBFaXRoZXIgdGhlcmUg
aXMgYSBzdGFuZGFyZGl6ZWQgbWFuaWZlc3QgZm9ybWF0LCBvciB0aGVyZSBhcmUgbXVsdGlwbGUN
Cj4+IGJhc2VkIG9uIHRoZSBzYW1lIGRhdGEgbW9kZWw/IEFsc28gaW5jbHVkaW5nIEFTTi4xIGlu
IHRoZSBsaXN0IGlzDQo+PiBzb21laG93IGNvbmZ1c2luZyB0byBtZS4gSWYgd2UgYXJlIHRhbGtp
bmcgYWJvdXQgZm9ybWF0IGhlcmUsIEkgdGhpbmsNCj4+IEFTTi4xIGRvZXMgbm90IGZpdCB0aGF0
IGxpc3QuDQo+Pg0KPj4gW0hhbm5lc10gSSBkb24ndCBzZWUgdGhlIGNvbnRyYWRpY3Rpb24uIFdo
ZW4gd2Ugc3VibWl0dGVkIG91ciBpbml0aWFsDQo+PiBkcmFmdCB2ZXJzaW9uLCB3aGljaCBkZXNj
cmliZWQgYSBzb2x1dGlvbiBiYXNlZCBvbiBBU04xLi9ERVIgKyBDTVMsDQo+PiBzb21lIGZvbGtz
IHNhaWQgIkkgd2FudCBKU09OL0pPU0UiIGFuZCB5ZXQgb3RoZXJzIHNhaWQgIkkgd2FudA0KPj4g
Q0JPUi9DT1NFIi4gSGVuY2UsIHRoZSBjaGFydGVyIHRleHQgY2hhbmdlZCBieSBkZWxheWluZyB0
aGUgZGVjaXNpb24NCj4+IHRvIGEgbGF0ZXIgdGltZSBpbiB0aGUgd29ya2luZyBncm91cC4gV2hh
dCBtYXR0ZXJzIHVsdGltYXRlbHkgaXMgd2hhdA0KPj4gb25lIGhhcyB0byBpbXBsZW1lbnQgcmF0
aGVyIHRoYW4gd2hhdCBjbGV2ZXIgaW50ZXJtZWRpYXRlIGxhbmd1YWdlIHdlDQo+PiB1c2Ugb3Ig
aG93IHdlIHN0cnVjdHVyZSBkb2N1bWVudHMuDQo+Pg0KPj4gQW5kIGl0IG1pZ2h0IGFsc28gc291
bmQgc3VycHJpc2luZywgYnV0IGJlY2F1c2Ugc29tZSBjb21wYW5pZXMgKGUuZy4NCj4+IGEgZmV3
IHRoYXQgcmVseSBvbiBTT1RBKSBhcmUgaW50ZXJlc3RlZCBpbiB0byBtYXJrZXQgc29sdXRpb25z
LCB3ZQ0KPj4gc3RhcnRlZCB0byBhZGRyZXNzIHRoaXMgaW4gZHJhZnRzIGJlZm9yZSB0aGUgZmly
c3QgVEVFUCBCb0YuIE5vdyB0aGF0DQo+PiBURUVQIGlzIGVtZXJnaW5nLCB3ZSBhcmUgc3BsaXR0
aW5nIHRoZSB3b3JrIHdydCBmaXJtd2FyZSwgYW5kDQo+PiBzdXNwZW5kZWQgc29tZSBvZiBpdCB0
byB3YWl0IGZvciBURUVQIG1hbmlmZXN0IGRlZmluaXRpb24gb3V0cHV0IGluDQo+PiBvcmRlciB0
byByZXRhaW4gaW50ZXJvcGVyYWJpbGl0eSAtIHdoaWNoIGlzIGVmZmVjdGl2ZWx5IGEgZGVsYXkN
Cj4+IGFscmVhZHkgKGJ1dCBhZGRyZXNzaW5nIGEgYmlnZ2VyIGdyb3VwIG9mIHN0YWtlaG9sZGVy
IHNlZW1zIHZpdGFsLA0KPj4gc28uLi4gdmlhYmxlICYgbmVjZXNzYXJ5KS4NCj4+DQo+PiBbSGFu
bmVzXSBJIGFtIG5vdCBzdXJlIEkgdW5kZXJzdG9vZCB0aGlzIHN0YXRlbWVudC4gVGhlIE9wZW4g
VHJ1c3QNCj4+IFByb3RvY29sLCB3aGljaCBpcyB0aGUgb25seSBzb2x1dGlvbiBzbyBmYXIgc3Vi
bWl0dGVkIHRvIHRoZSBURUVQDQo+PiBncm91cCwgZG9lcyBub3QgZGVmaW5lIGEgbWFuaWZlc3Qg
Zm9ybWF0LiBBdCB0aGUgVEVFUCBCT0YgZm9sa3MNCj4+IGFyZ3VlZCB0aGF0IGl0IHdvdWxkIGJl
IGEgZ29vZCBpZGVhIHRvIHJlLXVzZSB0aGUgbWFuaWZlc3QgZm9ybWF0DQo+PiBmcm9tIFNVSVQg
aW4gVEVFUCBidXQgdGhhdCBoYXNuJ3QgYmVlbiBkb25lIHNvIGZhciAoYWx0aG91Z2ggSSB0aGlu
aw0KPj4gaXQgaXMgYSBnb29kIGlkZWEpLg0KPj4NCj4+IENpYW8NCj4+IEhhbm5lcw0KPj4NCj4+
IFZpZWxlIEdyw7zDn2UsDQo+Pg0KPj4gSGVuaw0KPj4NCj4+DQo+Pg0KPj4NCj4+DQo+Pg0KPj4N
Cj4+DQo+Pg0KPj4NCj4+IF9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fDQo+PiBTdWl0IG1haWxpbmcgbGlzdA0KPj4gU3VpdEBpZXRmLm9yZw0KPj4gaHR0cHM6
Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9zdWl0DQo+PiBJTVBPUlRBTlQgTk9USUNF
OiBUaGUgY29udGVudHMgb2YgdGhpcyBlbWFpbCBhbmQgYW55IGF0dGFjaG1lbnRzIGFyZQ0KPj4g
Y29uZmlkZW50aWFsIGFuZCBtYXkgYWxzbyBiZSBwcml2aWxlZ2VkLiBJZiB5b3UgYXJlIG5vdCB0
aGUgaW50ZW5kZWQNCj4+IHJlY2lwaWVudCwgcGxlYXNlIG5vdGlmeSB0aGUgc2VuZGVyIGltbWVk
aWF0ZWx5IGFuZCBkbyBub3QgZGlzY2xvc2UNCj4+IHRoZSBjb250ZW50cyB0byBhbnkgb3RoZXIg
cGVyc29uLCB1c2UgaXQgZm9yIGFueSBwdXJwb3NlLCBvciBzdG9yZSBvcg0KPj4gY29weSB0aGUg
aW5mb3JtYXRpb24gaW4gYW55IG1lZGl1bS4gVGhhbmsgeW91Lg0KPj4NCj4NCj4gX19fX19fX19f
X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18NCj4gU3VpdCBtYWlsaW5nIGxp
c3QNCj4gU3VpdEBpZXRmLm9yZw0KPiBodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3Rp
bmZvL3N1aXQNCg0KX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X18NClN1aXQgbWFpbGluZyBsaXN0DQpTdWl0QGlldGYub3JnDQpodHRwczovL3d3dy5pZXRmLm9y
Zy9tYWlsbWFuL2xpc3RpbmZvL3N1aXQNCklNUE9SVEFOVCBOT1RJQ0U6IFRoZSBjb250ZW50cyBv
ZiB0aGlzIGVtYWlsIGFuZCBhbnkgYXR0YWNobWVudHMgYXJlIGNvbmZpZGVudGlhbCBhbmQgbWF5
IGFsc28gYmUgcHJpdmlsZWdlZC4gSWYgeW91IGFyZSBub3QgdGhlIGludGVuZGVkIHJlY2lwaWVu
dCwgcGxlYXNlIG5vdGlmeSB0aGUgc2VuZGVyIGltbWVkaWF0ZWx5IGFuZCBkbyBub3QgZGlzY2xv
c2UgdGhlIGNvbnRlbnRzIHRvIGFueSBvdGhlciBwZXJzb24sIHVzZSBpdCBmb3IgYW55IHB1cnBv
c2UsIG9yIHN0b3JlIG9yIGNvcHkgdGhlIGluZm9ybWF0aW9uIGluIGFueSBtZWRpdW0uIFRoYW5r
IHlvdS4NCg==


From nobody Thu Nov 23 08:33:01 2017
Return-Path: <suhasietf@gmail.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 636E612EB8D for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 08:32:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level: 
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0VtPGF-cwuLy for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 08:32:53 -0800 (PST)
Received: from mail-vk0-x235.google.com (mail-vk0-x235.google.com [IPv6:2607:f8b0:400c:c05::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DEBCC12EB87 for <suit@ietf.org>; Thu, 23 Nov 2017 08:32:52 -0800 (PST)
Received: by mail-vk0-x235.google.com with SMTP id n63so12118500vkf.2 for <suit@ietf.org>; Thu, 23 Nov 2017 08:32:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;  h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=3h8OGSgwc4XTDJ+1VEvKBXg16R2Hs2407cVs7cQG4cY=; b=XasVEbcW/vZvU5PrE35bG4E1fueYZttqluArd1l4OvWet5lzhdqmtARXnDhkz0ceZN TULyj7uXS4MMxxWAp3Uq2+obYr6kV6skZgjLC74alFL4BwDIEJjTgsWjYXaVZbyFE/Ww E8ywpRkkh0XXxCPYb5abvcmGXNRWTdTEYsHI34jfTrReS7N4DBte8+0TqbMBxFZA/ROx 94YzIc6VYh9hifIAOSc4nlqWpQv1nVeZZs8AeKfgAjXkd2iKj+sm/JjOhIx5NOypUPp/ Ij3oaCfoMnqE+UeRenWzUF36GEgirMNFdqhJ03801cLaQT2uRq7iTDEWWea8XaURVKpu HErw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=3h8OGSgwc4XTDJ+1VEvKBXg16R2Hs2407cVs7cQG4cY=; b=b1BMfhFn1iQn2sxHBQJQkMk0B42FkQ1dXhEbx8XuG7+y2KsW6/khyMX4QpphTzrMj1 JJyHSKyWqj8osOz+kWZ5E7dB6CqQWL7XtYbBMb/n0rqYhovkkHv2PXyFOa+T9RG2bkJt c20s+DiQqOz2fZcAAyEPoKYMhlMf0ypqe77oes7G4QtzCpEZN1XiKzvM8OnWTo/72XHR bo3Gej8lmTPwfem/LkZWM7filOW6ESt80jv4tOydhSIXyTsMU/iTLr0fuioThrElJadN Q2OnAyxeeB2Rp2oZv3uhtn3n6CeqdEhZYeS79iTOOzvraOD9+lIoWVh76AIbpZqcpwVk +9lw==
X-Gm-Message-State: AJaThX4Fv0d2oufl/hAGzSlwT9uMAhIObC/8GAlAc9H54Huhsp26FLYb 0P5HSX2o+Ai14we1giZXewKDMhI3P/LkOV/yQsY=
X-Google-Smtp-Source: AGs4zMbbxzIyfQgB+GYLWr9XsJekf63vaSNj2AoknI/c4mGASyWxESxUUGnF5GMXfXkdYpN7UPziB4EWnpfJVZ0VOAE=
X-Received: by 10.31.129.133 with SMTP id c127mr18853120vkd.22.1511454772018;  Thu, 23 Nov 2017 08:32:52 -0800 (PST)
MIME-Version: 1.0
Received: by 10.159.33.194 with HTTP; Thu, 23 Nov 2017 08:32:51 -0800 (PST)
In-Reply-To: <AM4PR0801MB27067DB876FC3586EF925896FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
References: <CAMRcRGQbXX5Cog=Jccgrkuz48oGnw0v3AAx-N20UaZhXbW=H5g@mail.gmail.com> <589.1511394367@obiwan.sandelman.ca> <AM4PR0801MB2706942518011D9489B0DC6DFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <CAMRcRGSibG+Db3HROm3E4bPNOH0GiwuOVigLg26Ca92CO2X9VA@mail.gmail.com> <AM4PR0801MB27067DB876FC3586EF925896FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
From: Suhas Nandakumar <suhasietf@gmail.com>
Date: Thu, 23 Nov 2017 08:32:51 -0800
Message-ID: <CAMRcRGQrvkSjdV4re7e-vBHm7Zg41x-1PyRBesuainHep=Xgtw@mail.gmail.com>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
Cc: Michael Richardson <mcr+ietf@sandelman.ca>, "suit@ietf.org" <suit@ietf.org>
Content-Type: multipart/alternative; boundary="001a114425c8c7c2e3055ea8fc94"
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/l7DXiCkrc4qdSxlF9_cDV3xyioY>
Subject: Re: [Suit] SUIT Charter: Firmware Server Discovery and Download Mechanism
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Nov 2017 16:32:59 -0000

--001a114425c8c7c2e3055ea8fc94
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Thu, Nov 23, 2017 at 8:09 AM, Hannes Tschofenig <
Hannes.Tschofenig@arm.com> wrote:

> Hi Suhas,
>
>
>
> I think we are mixing different things here. What I am proposing is a nee=
d
> to discover the location of the firmware server that has the manifest and
> the image, when the device is ready to upgrade  (say, using polling, for
> example)
>
> The above list of things you have is way more complicated than what is
> being asked. I think we shouldn't mix "firmware server location discovery=
"
> with "capabilities discovery or negotiation mechanism"
>
>
>
> But there are also other people in this and they have raised additional
> ideas. That=E2=80=99s the slippery slope.
>

As long as we separate the concerns and ask for consensus , it is not a
slippery slope. From BOF discussions, there was more support for former
than the latter, IIRC.

Thanks
Suhas


>
>
> Ciao
>
> Hannes
> IMPORTANT NOTICE: The contents of this email and any attachments are
> confidential and may also be privileged. If you are not the intended
> recipient, please notify the sender immediately and do not disclose the
> contents to any other person, use it for any purpose, or store or copy th=
e
> information in any medium. Thank you.
>

--001a114425c8c7c2e3055ea8fc94
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><br><div class=3D"gmail_extra"><br><div class=3D"gmail_quo=
te">On Thu, Nov 23, 2017 at 8:09 AM, Hannes Tschofenig <span dir=3D"ltr">&l=
t;<a href=3D"mailto:Hannes.Tschofenig@arm.com" target=3D"_blank">Hannes.Tsc=
hofenig@arm.com</a>&gt;</span> wrote:<br><blockquote class=3D"gmail_quote" =
style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">





<div lang=3D"EN-GB" link=3D"blue" vlink=3D"purple">
<div class=3D"m_-8387068777134162973WordSection1">
<div>
<div>
<div>
<div>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d">Hi Suhas, <u></u><u></=
u></span></p><span class=3D"">
<p class=3D"MsoNormal"><span style=3D"color:#1f497d"><u></u>=C2=A0<u></u></=
span></p>
<p class=3D"MsoNormal">I think we are mixing different things here. What I =
am proposing is a need to discover the location of the firmware server that=
 has the manifest and the image, when the device is ready to upgrade=C2=A0 =
(say, using polling, for example)<u></u><u></u></p>
</span></div><span class=3D"">
<div>
<p class=3D"MsoNormal">The above list of things you have is way more compli=
cated than what is being asked. I think we shouldn&#39;t mix &quot;firmware=
 server location discovery&quot; with &quot;capabilities discovery or negot=
iation mechanism&quot;<u></u><u></u></p>
</div>
</span><div>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d"><u></u>=C2=A0<u></u></=
span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#1f497d">But there are also other =
people in this and they have raised additional ideas. That=E2=80=99s the sl=
ippery slope.</span></p></div></div></div></div></div></div></blockquote><d=
iv><br></div><div>As long as we separate the concerns and ask for consensus=
 , it is not a slippery slope. From BOF discussions, there was more support=
 for former than the latter, IIRC.</div><div><br></div><div>Thanks</div><di=
v>Suhas</div><div>=C2=A0</div><blockquote class=3D"gmail_quote" style=3D"ma=
rgin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div lang=3D"E=
N-GB" link=3D"blue" vlink=3D"purple"><div class=3D"m_-8387068777134162973Wo=
rdSection1"><div><div><div><div><p class=3D"MsoNormal"><span style=3D"font-=
size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1=
f497d">
<u></u><u></u></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#1f497d"><u></u>=C2=A0<u></u></spa=
n></p>
</div>
</div>
<p class=3D"MsoNormal"><span style=3D"color:#1f497d">Ciao<span class=3D"HOE=
nZb"><font color=3D"#888888"><u></u><u></u></font></span></span></p><span c=
lass=3D"HOEnZb"><font color=3D"#888888">
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#1f497d">Hannes<u></u><u></u></spa=
n></p>
</font></span></div>
</div>
</div><span class=3D"">
IMPORTANT NOTICE: The contents of this email and any attachments are confid=
ential and may also be privileged. If you are not the intended recipient, p=
lease notify the sender immediately and do not disclose the contents to any=
 other person, use it for any purpose,
 or store or copy the information in any medium. Thank you.
</span></div>

</blockquote></div><br></div></div>

--001a114425c8c7c2e3055ea8fc94--


From nobody Thu Nov 23 08:36:10 2017
Return-Path: <suhasietf@gmail.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 28F4912EB8B for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 08:36:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level: 
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9h2trzHyb-Nr for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 08:36:06 -0800 (PST)
Received: from mail-ua0-x229.google.com (mail-ua0-x229.google.com [IPv6:2607:f8b0:400c:c08::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 05CF2129468 for <suit@ietf.org>; Thu, 23 Nov 2017 08:36:06 -0800 (PST)
Received: by mail-ua0-x229.google.com with SMTP id e10so13121366uah.10 for <suit@ietf.org>; Thu, 23 Nov 2017 08:36:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;  h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=x304W5QHiZBnB9jY7IdBKnOfd/SK+fwcaBhAIoFjQe4=; b=CEuUEeToxjndsYOgTkihIbXqROJyYyRuZxhWfUf2SuR8hZxJh2RxckqnujixYdzVvl 2SqYTYjVqr0GGAWrMh052N1BrFMqNlG7lXfPYraMYwX9YcEr5pelM7wJxBChpqO32Yld QKZYIShJUWSs4paIlsKc2iNz8+RD6ELuZ0wPQR38hBLY3a/bSVznqnWxG9HNSDjiuk+x Ogwj9IMegZT6nmMG3XYWCFX9t3mCVwUJQ1fQ9SNWn5ryEoAlE4nfdEE+HxALaljFJMHw AO1S6mExwbUBXvdbd8tCeLnegCtheMRLvoHmCVdt3tvk7YB7ptcGIaBeeDUIKeb9C9hL aDPg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=x304W5QHiZBnB9jY7IdBKnOfd/SK+fwcaBhAIoFjQe4=; b=M17Bqtg5frd7WrFItzjLpoLHsDGDDlP4NrOVhpOJUc491QlhMH8uHJWEqIB24L+TpN L4nWd64dIDb4gSjnL1PmaFGVtE5uIcYe0d6hYGlTW9pUYgLTzEMOPs5c0kmR4g40HfBv XTYrpqREJGPe4byFw5KiItq9W1kUXVgAE1U5d0TLC4LyqfJKalxc/aB+wV2FoU2PksQV GPsogCH4aVRtDT9WFbjBuze9KrwnLVLqJJ5HJi9ygy/km6JC/0VU3nmJLh/+VuqwzhSM 8A5Cvay1U/qICNcuJwyZeE34Q5b2+EsTsJM5YgScq2xt3qtrL5C7nRXZUc/kVdlDDGNB brew==
X-Gm-Message-State: AJaThX6qk70NdCXqzuligz18KdS9SZJO0wusQXzA1lrCaoEiKetRvHXa RFp3pFRcbSolYcXzZ5ESY0G6hKe2BpbRY4bvuWg=
X-Google-Smtp-Source: AGs4zMbsEpEcmpaDRbQF6H4QOIlFC+JLfnHMg11MX5243eXNsimDIvKQbLHhzPosYMZr/nj3Lt5np3rTtuqUNIggROk=
X-Received: by 10.176.89.79 with SMTP id o15mr18466394uad.163.1511454965101; Thu, 23 Nov 2017 08:36:05 -0800 (PST)
MIME-Version: 1.0
Received: by 10.159.33.194 with HTTP; Thu, 23 Nov 2017 08:36:04 -0800 (PST)
In-Reply-To: <AM4PR0801MB2706F3857B5B5B39BDED0B07FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
References: <CAMRcRGQo_3ygGXeOEc0KR=E97Oax85p1L0UV62mMtv2E0zggaw@mail.gmail.com> <AM4PR0801MB270630DAF02E36407E12B79DFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <48439ED2-6618-4987-BC56-0D059F012890@tzi.org> <AM4PR0801MB2706CCE1F426621EC437FEE7FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <CAMRcRGTCMqmO8MT2m2_ZrU4UaUeV5dOrb+UM0AL9D_F8ry0raw@mail.gmail.com> <AM4PR0801MB2706F3857B5B5B39BDED0B07FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
From: Suhas Nandakumar <suhasietf@gmail.com>
Date: Thu, 23 Nov 2017 08:36:04 -0800
Message-ID: <CAMRcRGT2hvHdU6LQ0Eik5fG+aHqi2d0qj2ED41xd-Cy2d8B_2w@mail.gmail.com>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
Cc: Carsten Bormann <cabo@tzi.org>, "suit@ietf.org" <suit@ietf.org>
Content-Type: multipart/alternative; boundary="001a1149815c49fa72055ea9081b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/vDK3OzT8Lyzqvlkg8g_kVu_58zs>
Subject: Re: [Suit] Manifest Formats
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Nov 2017 16:36:08 -0000

--001a1149815c49fa72055ea9081b
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Thu, Nov 23, 2017 at 8:13 AM, Hannes Tschofenig <
Hannes.Tschofenig@arm.com> wrote:

> Hi Suhas,
>
>
>
> The way we would like this to work is not to have the update server creat=
e
> these manifests in real-time, based on what the device asks for. Instead,
> the manifests are created and signed by the developer (using a tool or a
> web service). The update server is mainly a repository. This approach
> provides better security.
>
>
>


Hello Hannes,

  I think i am not stating it should be real-time created either and you
are right that update server is just a repository. I don't think I am
disagreeing on that either.
  More than one encoding is created an stored on the server



> If you look back in the history of the IETF security work then defining
> multiple, similar solution has not been a great success story.
>
>
>
> Ciao
>
> Hannes
>
>
>
>
>
> *From:* Suhas Nandakumar [mailto:suhasietf@gmail.com]
> *Sent:* 23 November 2017 16:52
> *To:* Hannes Tschofenig
> *Cc:* Carsten Bormann; suit@ietf.org
>
> *Subject:* Re: [Suit] Manifest Formats
>
>
>
>
>
>
>
> On Thu, Nov 23, 2017 at 12:09 AM, Hannes Tschofenig <
> Hannes.Tschofenig@arm.com> wrote:
>
> Hi Carsten,
>
> Format here means having an ASN.1, XML, JSON, CBOR, etc. encodings of the
> manifest (+ the appropriate security mechanisms).
>
> For us offering operating systems we fear that one customer will want
> ASN.1 and the other want JSON, like they do with IoT protocols (e.g., CoA=
P
> and MQTT) today as well. The result is that we have to support everything
> and while they will not be compiled into the code at the same time they
> need to be available and need to be maintained.
>
> When you then update a fleet of devices, some of them may support foo and
> some bar. Imagine a vehicle that comes with many different processors and
> they require a mixture of different formats. The backend infrastructure
> then needs to know what format is supported by which device/processor.
>
>
>
> The device will ask for the format that it supports. Say, the device need=
s
> manifest in CBOR format for example
>
>  The device is basically dumb in that context and I am saying we don't
> need to complicate that. Let the burden of having multiple encodings
> support be on the update server and the device will ask the only thing it
> supports.
>
>
>
>
> I hope this makes sense.
>
> Ciao
> Hannes
>
>
> -----Original Message-----
> From: Carsten Bormann [mailto:cabo@tzi.org]
> Sent: 23 November 2017 09:02
> To: Hannes Tschofenig
> Cc: Suhas Nandakumar; suit@ietf.org
> Subject: Re: [Suit] Manifest Formats
>
> On Nov 23, 2017, at 08:31, Hannes Tschofenig <Hannes.Tschofenig@arm.com>
> wrote:
> >
> > Do you agree that having multiple formats will cause additional pain an=
d
> lower interoperability?
>
> I=E2=80=99m not Suhas, but I=E2=80=99d like to point out that while this =
is trivially
> true, it may also be trivially irrelevant, as demonstrated by a sentence
> like:
>
> > having both UDP and TCP as transport protocols for IP will cause
> additional pain and lower interoperability
>
> (I=E2=80=99m not sure what =E2=80=9Cformat=E2=80=9D means here; if this i=
s about serializations,
> different considerations apply than if this is about information models a=
nd
> security models.)
>
> Gr=C3=BC=C3=9Fe, Carsten
>
>
> IMPORTANT NOTICE: The contents of this email and any attachments are
> confidential and may also be privileged. If you are not the intended
> recipient, please notify the sender immediately and do not disclose the
> contents to any other person, use it for any purpose, or store or copy th=
e
> information in any medium. Thank you.
>
>
> IMPORTANT NOTICE: The contents of this email and any attachments are
> confidential and may also be privileged. If you are not the intended
> recipient, please notify the sender immediately and do not disclose the
> contents to any other person, use it for any purpose, or store or copy th=
e
> information in any medium. Thank you.
>

--001a1149815c49fa72055ea9081b
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><br><div class=3D"gmail_extra"><br><div class=3D"gmail_quo=
te">On Thu, Nov 23, 2017 at 8:13 AM, Hannes Tschofenig <span dir=3D"ltr">&l=
t;<a href=3D"mailto:Hannes.Tschofenig@arm.com" target=3D"_blank">Hannes.Tsc=
hofenig@arm.com</a>&gt;</span> wrote:<br><blockquote class=3D"gmail_quote" =
style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">





<div lang=3D"EN-GB" link=3D"blue" vlink=3D"purple">
<div class=3D"m_-3078642666777168078WordSection1">
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#1f497d">Hi Suhas,
<u></u><u></u></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#1f497d"><u></u>=C2=A0<u></u></spa=
n></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#1f497d">The way we would like thi=
s to work is not to have the update server create these manifests in real-t=
ime, based on what the device asks for. Instead, the manifests
 are created and signed by the developer (using a tool or a web service). T=
he update server is mainly a repository. This approach provides better secu=
rity.
<u></u><u></u></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#1f497d"><u></u>=C2=A0</span></p><=
/div></div></blockquote><div><br></div><div><br></div><div>Hello Hannes,</d=
iv><div><br></div><div>=C2=A0 I think i am not stating it should be real-ti=
me created either and you are right that update server is just a repository=
. I don&#39;t think I am disagreeing on that either.</div><div>=C2=A0 More =
than one encoding is created an stored on the server</div><div><br></div><d=
iv>=C2=A0</div><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex=
;border-left:1px #ccc solid;padding-left:1ex"><div lang=3D"EN-GB" link=3D"b=
lue" vlink=3D"purple"><div class=3D"m_-3078642666777168078WordSection1"><p =
class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Calib=
ri&quot;,&quot;sans-serif&quot;;color:#1f497d"><u></u></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#1f497d">If you look back in the h=
istory of the IETF security work then defining multiple, similar solution h=
as not been a great success story.
<u></u><u></u></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#1f497d"><u></u>=C2=A0<u></u></spa=
n></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#1f497d">Ciao<u></u><u></u></span>=
</p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#1f497d">Hannes<u></u><u></u></spa=
n></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:&quot;Ca=
libri&quot;,&quot;sans-serif&quot;;color:#1f497d"><u></u>=C2=A0<u></u></spa=
n></p>
<p class=3D"MsoNormal"><a name=3D"m_-3078642666777168078__MailEndCompose"><=
span style=3D"font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-s=
erif&quot;;color:#1f497d"><u></u>=C2=A0<u></u></span></a></p>
<p class=3D"MsoNormal"><b><span lang=3D"EN-US" style=3D"font-size:10.0pt;fo=
nt-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;">From:</span></b><span =
lang=3D"EN-US" style=3D"font-size:10.0pt;font-family:&quot;Tahoma&quot;,&qu=
ot;sans-serif&quot;"> Suhas Nandakumar [mailto:<a href=3D"mailto:suhasietf@=
gmail.com" target=3D"_blank">suhasietf@gmail.com</a>]
<br>
<b>Sent:</b> 23 November 2017 16:52<br>
<b>To:</b> Hannes Tschofenig<br>
<b>Cc:</b> Carsten Bormann; <a href=3D"mailto:suit@ietf.org" target=3D"_bla=
nk">suit@ietf.org</a></span></p><div><div class=3D"h5"><br>
<b>Subject:</b> Re: [Suit] Manifest Formats<u></u><u></u></div></div><p></p=
><div><div class=3D"h5">
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
<div>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
<div>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
<div>
<p class=3D"MsoNormal">On Thu, Nov 23, 2017 at 12:09 AM, Hannes Tschofenig =
&lt;<a href=3D"mailto:Hannes.Tschofenig@arm.com" target=3D"_blank">Hannes.T=
schofenig@arm.com</a>&gt; wrote:<u></u><u></u></p>
<p class=3D"MsoNormal">Hi Carsten,<br>
<br>
Format here means having an ASN.1, XML, JSON, CBOR, etc. encodings of the m=
anifest (+ the appropriate security mechanisms).<br>
<br>
For us offering operating systems we fear that one customer will want ASN.1=
 and the other want JSON, like they do with IoT protocols (e.g., CoAP and M=
QTT) today as well. The result is that we have to support everything and wh=
ile they will not be compiled into
 the code at the same time they need to be available and need to be maintai=
ned.<br>
<br>
When you then update a fleet of devices, some of them may support foo and s=
ome bar. Imagine a vehicle that comes with many different processors and th=
ey require a mixture of different formats. The backend infrastructure then =
needs to know what format is supported
 by which device/processor.<u></u><u></u></p>
<div>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
</div>
<div>
<p class=3D"MsoNormal">The device will ask for the format that it supports.=
 Say, the device needs manifest in CBOR format for example<u></u><u></u></p=
>
</div>
<div>
<p class=3D"MsoNormal">=C2=A0The device is basically dumb in that context a=
nd I am saying we don&#39;t need to complicate that. Let the burden of havi=
ng multiple encodings support be on the update server and the device will a=
sk the only thing it supports.=C2=A0<u></u><u></u></p>
</div>
<div>
<p class=3D"MsoNormal">=C2=A0<u></u><u></u></p>
</div>
<blockquote style=3D"border:none;border-left:solid #cccccc 1.0pt;padding:0c=
m 0cm 0cm 6.0pt;margin-left:4.8pt;margin-right:0cm">
<p class=3D"MsoNormal"><br>
I hope this makes sense.<br>
<br>
Ciao<br>
Hannes<br>
<br>
<br>
-----Original Message-----<br>
From: Carsten Bormann [mailto:<a href=3D"mailto:cabo@tzi.org" target=3D"_bl=
ank">cabo@tzi.org</a>]<br>
Sent: 23 November 2017 09:02<br>
To: Hannes Tschofenig<br>
Cc: Suhas Nandakumar; <a href=3D"mailto:suit@ietf.org" target=3D"_blank">su=
it@ietf.org</a><br>
Subject: Re: [Suit] Manifest Formats<br>
<br>
On Nov 23, 2017, at 08:31, Hannes Tschofenig &lt;<a href=3D"mailto:Hannes.T=
schofenig@arm.com" target=3D"_blank">Hannes.Tschofenig@arm.com</a>&gt; wrot=
e:<br>
&gt;<br>
&gt; Do you agree that having multiple formats will cause additional pain a=
nd lower interoperability?<br>
<br>
I=E2=80=99m not Suhas, but I=E2=80=99d like to point out that while this is=
 trivially true, it may also be trivially irrelevant, as demonstrated by a =
sentence like:<br>
<br>
&gt; having both UDP and TCP as transport protocols for IP will cause addit=
ional pain and lower interoperability<br>
<br>
(I=E2=80=99m not sure what =E2=80=9Cformat=E2=80=9D means here; if this is =
about serializations, different considerations apply than if this is about =
information models and security models.)<br>
<br>
Gr=C3=BC=C3=9Fe, Carsten<u></u><u></u></p>
<div>
<div>
<p class=3D"MsoNormal"><br>
IMPORTANT NOTICE: The contents of this email and any attachments are confid=
ential and may also be privileged. If you are not the intended recipient, p=
lease notify the sender immediately and do not disclose the contents to any=
 other person, use it for any purpose,
 or store or copy the information in any medium. Thank you.<u></u><u></u></=
p>
</div>
</div>
</blockquote>
</div>
<p class=3D"MsoNormal"><u></u>=C2=A0<u></u></p>
</div>
</div>
</div></div></div><div><div class=3D"h5">
IMPORTANT NOTICE: The contents of this email and any attachments are confid=
ential and may also be privileged. If you are not the intended recipient, p=
lease notify the sender immediately and do not disclose the contents to any=
 other person, use it for any purpose,
 or store or copy the information in any medium. Thank you.
</div></div></div>

</blockquote></div><br></div></div>

--001a1149815c49fa72055ea9081b--


From nobody Thu Nov 23 08:39:02 2017
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 41F0212EB9B for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 08:39:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.92
X-Spam-Level: 
X-Spam-Status: No, score=-1.92 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N6ke2s0pTo-r for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 08:38:58 -0800 (PST)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-db5eur01on0078.outbound.protection.outlook.com [104.47.2.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 24A6412EB8E for <suit@ietf.org>; Thu, 23 Nov 2017 08:38:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=U2rm3RDwqrSWkbOzFOiRm/34ZAsMNsQ4hM57gUOkZ3o=; b=GfkV59H1KCXWvhaZrswqHYsr7N4wLI+hc6LVErJNVRrno383h9yhX7bZSyh4U8ly+/fNi2A/WxQAU8JVFdCyu9E6jsfo6DUvLx1nxSJXwsHFUSaWHxv2bj06+wcrY5o6DfL9ihxlq+jBmdVsa3lsMWXynzr/NjV5JL4mMKXoJOE=
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com (10.167.90.148) by AM4PR0801MB2706.eurprd08.prod.outlook.com (10.167.90.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.239.5; Thu, 23 Nov 2017 16:38:54 +0000
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::edae:da33:a0c9:fe3f]) by AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::edae:da33:a0c9:fe3f%13]) with mapi id 15.20.0239.009; Thu, 23 Nov 2017 16:38:54 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Suhas Nandakumar <suhasietf@gmail.com>
CC: Michael Richardson <mcr+ietf@sandelman.ca>, "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] SUIT Charter: Firmware Server Discovery and Download Mechanism
Thread-Index: AQHTY+nKOBJ15iHy80Of+kwRfWqQtaMhEE6AgACHNyCAAIWcgIAABZdwgAAG3YCAAAEWwA==
Date: Thu, 23 Nov 2017 16:38:54 +0000
Message-ID: <AM4PR0801MB2706B98AA0918E6D623822FBFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
References: <CAMRcRGQbXX5Cog=Jccgrkuz48oGnw0v3AAx-N20UaZhXbW=H5g@mail.gmail.com> <589.1511394367@obiwan.sandelman.ca> <AM4PR0801MB2706942518011D9489B0DC6DFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <CAMRcRGSibG+Db3HROm3E4bPNOH0GiwuOVigLg26Ca92CO2X9VA@mail.gmail.com> <AM4PR0801MB27067DB876FC3586EF925896FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <CAMRcRGQrvkSjdV4re7e-vBHm7Zg41x-1PyRBesuainHep=Xgtw@mail.gmail.com>
In-Reply-To: <CAMRcRGQrvkSjdV4re7e-vBHm7Zg41x-1PyRBesuainHep=Xgtw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com; 
x-originating-ip: [80.92.114.7]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM4PR0801MB2706; 6:5HPLks9ph+QG+HlApOmOv90/EwfzQ2zLEe75zyosPaGhev/f0/qiN7xhGklX4kYWzDQbGaMCpt2ict4R1/8u3RZyBwQ3NyUihUpCX39CaWIwaVG7xPX/5cgzTQBPy9txjAhm/qfhs50tdkAt0mclb4a+Nbqgh/s5eSpQxRPwiVEW41jjXRFVc5DoTNZ98Wl1KUxaip0BMZS95dRFEtRkwjOpkv0KJoTUlpD2vuBiZNwr6BDlYjlQ8xanyknHyJkxUnyosnrIpFTjzB0FNDI6LQ4Yc8d11WIMBGp4sUoDz9BwlE7yLO1QfYvFavdDkjhQ1x/RibDXttGA+HIiI8mAbcMID+tVVk8i1fgGqHgtJ14=; 5:XRbI7GnbFgJMFcIPXxqFSqHbPvwm4YxCzDUujFOz2ZVsuhnFzjnrZT2+IiMa9ONGpdgEb7rh/iC/Qx81LCBknD+vmBia1EHkQtJLZ+j0naYDbW2L9dJcVu52ms+dBHucF5F0giXHLMWdqiUULpwRzCT9FrkT9Mfnl/dDqW12NcE=; 24:yvg4xN2dd3pUnZfzDY7HemyiFcmvjg58SJMgZsN2B8sPw6tMpuxCa56o8d7IOMX0WJxkogD7VDyHJ7KDxdC+hDYIDdCKqJtxCyNYyJqs+kE=; 7:BMaA/WWAS4emRAGepZP45GUh6pt5E/dZvVfqjBHyg3vqe6ckV3FQrFd9yeDOammhq2dmtjq1A3z7WCHIQm2scvf0oxrtuj2msTyZYQ8C6MQUqsColdOQZeNkNAaPTYKzSdnNeUYGXdSm0CCRbWKUDWP580TwjFwlXctP4yOIqpdaJdgbryStwHmk/8IrASnwYM8qsoHx8sBo3+W0J3YKYn8gWafCVPJCjgO1wrUhUjPyjHmZZACJ87UyxpG/Sd7v
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: c8fe1228-e915-4f6c-a50b-08d53290af7f
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(5600025)(4604075)(2017052603258); SRVR:AM4PR0801MB2706; 
x-ms-traffictypediagnostic: AM4PR0801MB2706:
x-microsoft-antispam-prvs: <AM4PR0801MB2706EA3A592D22034AC04965FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(100405760836317)(227612066756510)(21748063052155); 
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(93006095)(93001095)(3002001)(3231022)(100000703101)(100105400095)(10201501046)(6055026)(6041248)(20161123560025)(20161123558100)(20161123562025)(20161123555025)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:AM4PR0801MB2706; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:AM4PR0801MB2706; 
x-forefront-prvs: 05009853EF
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(39860400002)(366004)(376002)(346002)(199003)(40434004)(189002)(50986999)(1411001)(3846002)(6436002)(54356999)(102836003)(6116002)(7736002)(790700001)(99286004)(5660300001)(101416001)(74316002)(6916009)(8676002)(81166006)(81156014)(189998001)(76176999)(54906003)(2950100002)(66066001)(5250100002)(33656002)(2906002)(3280700002)(8936002)(72206003)(2900100001)(68736007)(14454004)(93886005)(106356001)(54896002)(39060400002)(3660700001)(6246003)(316002)(53936002)(25786009)(9686003)(6306002)(4326008)(229853002)(55016002)(5890100001)(105586002)(478600001)(6506006)(97736004)(86362001)(7696005); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR0801MB2706; H:AM4PR0801MB2706.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_AM4PR0801MB2706B98AA0918E6D623822FBFA210AM4PR0801MB2706_"
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: c8fe1228-e915-4f6c-a50b-08d53290af7f
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Nov 2017 16:38:54.2756 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0801MB2706
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/72raadAVGzccjK-oT1XjzaMbI9M>
Subject: Re: [Suit] SUIT Charter: Firmware Server Discovery and Download Mechanism
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Nov 2017 16:39:00 -0000

--_000_AM4PR0801MB2706B98AA0918E6D623822FBFA210AM4PR0801MB2706_
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64

DQoNCsOYICBBcyBsb25nIGFzIHdlIHNlcGFyYXRlIHRoZSBjb25jZXJucyBhbmQgYXNrIGZvciBj
b25zZW5zdXMgLCBpdCBpcyBub3QgYSBzbGlwcGVyeSBzbG9wZS4gRnJvbSBCT0YgZGlzY3Vzc2lv
bnMsIHRoZXJlIHdhcyBtb3JlIHN1cHBvcnQgZm9yIGZvcm1lciB0aGFuIHRoZSBsYXR0ZXIsIElJ
UkMuDQoNCk9mIGNvdXJzZSwgdGhhdCB3YXMgb25seSB0aGUgdmlldyBvZiB0aGUgQk9GIHBhcnRp
Y2lwYW50cy4gVGhpcyBuZWVkcyB0byBiZSByZS1jb25maXJtZWQgd2l0aCB0aGUgcGFydGljaXBh
bnRzIG9uIHRoZSBsaXN0IG9mIHdoaWNoIG1hbnkgaGF2ZSBub3QgYmVlbiBhYmxlIHRvIHRyYXZl
bCB0byBTaW5nYXBvcmUuDQoNCkluIGFueSBjYXNlLCBJIGFncmVlIHdpdGggQ2Fyc3RlbiB0aGF0
IHlvdSBzaG91bGQgcmUtdXNlIGFuIGV4aXN0aW5nIHdvcmtpbmcgZ3JvdXAuIEkgYW0gYWxzbyBp
biBmYXZvdXIgb2YgZG9pbmcgdGhlIGRpc2NvdmVyeSB3b3JrIChvciB3aGF0ZXZlciB0aGlzIHR1
cm5zIGludG8pIGluIGEgbmV3IHdvcmtpbmcgZ3JvdXAuDQoNCkNpYW8NCkhhbm5lcw0KDQpJTVBP
UlRBTlQgTk9USUNFOiBUaGUgY29udGVudHMgb2YgdGhpcyBlbWFpbCBhbmQgYW55IGF0dGFjaG1l
bnRzIGFyZSBjb25maWRlbnRpYWwgYW5kIG1heSBhbHNvIGJlIHByaXZpbGVnZWQuIElmIHlvdSBh
cmUgbm90IHRoZSBpbnRlbmRlZCByZWNpcGllbnQsIHBsZWFzZSBub3RpZnkgdGhlIHNlbmRlciBp
bW1lZGlhdGVseSBhbmQgZG8gbm90IGRpc2Nsb3NlIHRoZSBjb250ZW50cyB0byBhbnkgb3RoZXIg
cGVyc29uLCB1c2UgaXQgZm9yIGFueSBwdXJwb3NlLCBvciBzdG9yZSBvciBjb3B5IHRoZSBpbmZv
cm1hdGlvbiBpbiBhbnkgbWVkaXVtLiBUaGFuayB5b3UuDQo=

--_000_AM4PR0801MB2706B98AA0918E6D623822FBFA210AM4PR0801MB2706_
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: base64

PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy
bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt
YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj
cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv
VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg
Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv
ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTQgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl
PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6
V2luZ2RpbmdzOw0KCXBhbm9zZS0xOjUgMCAwIDAgMCAwIDAgMCAwIDA7fQ0KQGZvbnQtZmFjZQ0K
CXtmb250LWZhbWlseTpXaW5nZGluZ3M7DQoJcGFub3NlLTE6NSAwIDAgMCAwIDAgMCAwIDAgMDt9
DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OkNhbGlicmk7DQoJcGFub3NlLTE6MiAxNSA1IDIg
MiAyIDQgMyAyIDQ7fQ0KLyogU3R5bGUgRGVmaW5pdGlvbnMgKi8NCnAuTXNvTm9ybWFsLCBsaS5N
c29Ob3JtYWwsIGRpdi5Nc29Ob3JtYWwNCgl7bWFyZ2luOjBjbTsNCgltYXJnaW4tYm90dG9tOi4w
MDAxcHQ7DQoJZm9udC1zaXplOjEyLjBwdDsNCglmb250LWZhbWlseToiVGltZXMgTmV3IFJvbWFu
Iiwic2VyaWYiO30NCmE6bGluaywgc3Bhbi5Nc29IeXBlcmxpbmsNCgl7bXNvLXN0eWxlLXByaW9y
aXR5Ojk5Ow0KCWNvbG9yOmJsdWU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQphOnZp
c2l0ZWQsIHNwYW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQNCgl7bXNvLXN0eWxlLXByaW9yaXR5Ojk5
Ow0KCWNvbG9yOnB1cnBsZTsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lO30NCnAuTXNvTGlz
dFBhcmFncmFwaCwgbGkuTXNvTGlzdFBhcmFncmFwaCwgZGl2Lk1zb0xpc3RQYXJhZ3JhcGgNCgl7
bXNvLXN0eWxlLXByaW9yaXR5OjM0Ow0KCW1hcmdpbi10b3A6MGNtOw0KCW1hcmdpbi1yaWdodDow
Y207DQoJbWFyZ2luLWJvdHRvbTowY207DQoJbWFyZ2luLWxlZnQ6MzYuMHB0Ow0KCW1hcmdpbi1i
b3R0b206LjAwMDFwdDsNCglmb250LXNpemU6MTIuMHB0Ow0KCWZvbnQtZmFtaWx5OiJUaW1lcyBO
ZXcgUm9tYW4iLCJzZXJpZiI7fQ0Kc3Bhbi5ob2VuemINCgl7bXNvLXN0eWxlLW5hbWU6aG9lbnpi
O30NCnNwYW4uRW1haWxTdHlsZTE4DQoJe21zby1zdHlsZS10eXBlOnBlcnNvbmFsLXJlcGx5Ow0K
CWZvbnQtZmFtaWx5OiJDYWxpYnJpIiwic2Fucy1zZXJpZiI7DQoJY29sb3I6IzFGNDk3RDt9DQou
TXNvQ2hwRGVmYXVsdA0KCXttc28tc3R5bGUtdHlwZTpleHBvcnQtb25seTsNCglmb250LWZhbWls
eToiQ2FsaWJyaSIsInNhbnMtc2VyaWYiOw0KCW1zby1mYXJlYXN0LWxhbmd1YWdlOkVOLVVTO30N
CkBwYWdlIFdvcmRTZWN0aW9uMQ0KCXtzaXplOjYxMi4wcHQgNzkyLjBwdDsNCgltYXJnaW46NzIu
MHB0IDcyLjBwdCA3Mi4wcHQgNzIuMHB0O30NCmRpdi5Xb3JkU2VjdGlvbjENCgl7cGFnZTpXb3Jk
U2VjdGlvbjE7fQ0KLyogTGlzdCBEZWZpbml0aW9ucyAqLw0KQGxpc3QgbDANCgl7bXNvLWxpc3Qt
aWQ6MTA0Mzk5MDY0MDsNCgltc28tbGlzdC10eXBlOmh5YnJpZDsNCgltc28tbGlzdC10ZW1wbGF0
ZS1pZHM6MjE0MjE2NjIxNiAxNjU3MTkxODk2IDEzNDgwNzU1NSAxMzQ4MDc1NTcgMTM0ODA3NTUz
IDEzNDgwNzU1NSAxMzQ4MDc1NTcgMTM0ODA3NTUzIDEzNDgwNzU1NSAxMzQ4MDc1NTc7fQ0KQGxp
c3QgbDA6bGV2ZWwxDQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2
ZWwtdGV4dDrvg5g7DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJl
ci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7DQoJZm9udC1mYW1pbHk6V2lu
Z2RpbmdzOw0KCW1zby1mYXJlYXN0LWZvbnQtZmFtaWx5OkNhbGlicmk7DQoJbXNvLWJpZGktZm9u
dC1mYW1pbHk6IlRpbWVzIE5ldyBSb21hbiI7DQoJY29sb3I6IzFGNDk3RDt9DQpAbGlzdCBsMDps
ZXZlbDINCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0
Om87DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlv
bjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7DQoJZm9udC1mYW1pbHk6IkNvdXJpZXIgTmV3
Ijt9DQpAbGlzdCBsMDpsZXZlbDMNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0K
CW1zby1sZXZlbC10ZXh0Ou+CpzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2
ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCglmb250LWZh
bWlseTpXaW5nZGluZ3M7fQ0KQGxpc3QgbDA6bGV2ZWw0DQoJe21zby1sZXZlbC1udW1iZXItZm9y
bWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgrc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5v
bmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0xOC4w
cHQ7DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGwwOmxldmVsNQ0KCXttc28tbGV2ZWwt
bnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ6bzsNCgltc28tbGV2ZWwtdGFi
LXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRl
bnQ6LTE4LjBwdDsNCglmb250LWZhbWlseToiQ291cmllciBOZXciO30NCkBsaXN0IGwwOmxldmVs
Ng0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674Kn
Ow0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246
bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczt9DQpA
bGlzdCBsMDpsZXZlbDcNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1s
ZXZlbC10ZXh0Ou+CtzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVt
YmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCglmb250LWZhbWlseTpT
eW1ib2w7fQ0KQGxpc3QgbDA6bGV2ZWw4DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxl
dDsNCgltc28tbGV2ZWwtdGV4dDpvOw0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1s
ZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCWZvbnQt
ZmFtaWx5OiJDb3VyaWVyIE5ldyI7fQ0KQGxpc3QgbDA6bGV2ZWw5DQoJe21zby1sZXZlbC1udW1i
ZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxldmVsLXRhYi1z
dG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50
Oi0xOC4wcHQ7DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCm9sDQoJe21hcmdpbi1ib3R0b206
MGNtO30NCnVsDQoJe21hcmdpbi1ib3R0b206MGNtO30NCi0tPjwvc3R5bGU+PCEtLVtpZiBndGUg
bXNvIDldPjx4bWw+DQo8bzpzaGFwZWRlZmF1bHRzIHY6ZXh0PSJlZGl0IiBzcGlkbWF4PSIxMDI2
IiAvPg0KPC94bWw+PCFbZW5kaWZdLS0+PCEtLVtpZiBndGUgbXNvIDldPjx4bWw+DQo8bzpzaGFw
ZWxheW91dCB2OmV4dD0iZWRpdCI+DQo8bzppZG1hcCB2OmV4dD0iZWRpdCIgZGF0YT0iMSIgLz4N
CjwvbzpzaGFwZWxheW91dD48L3htbD48IVtlbmRpZl0tLT4NCjwvaGVhZD4NCjxib2R5IGxhbmc9
IkVOLUdCIiBsaW5rPSJibHVlIiB2bGluaz0icHVycGxlIj4NCjxkaXYgY2xhc3M9IldvcmRTZWN0
aW9uMSI+DQo8ZGl2Pg0KPGRpdj4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+
PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTGlzdFBh
cmFncmFwaCIgc3R5bGU9InRleHQtaW5kZW50Oi0xOC4wcHQ7bXNvLWxpc3Q6bDAgbGV2ZWwxIGxm
bzEiPjwhW2lmICFzdXBwb3J0TGlzdHNdPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTpXaW5nZGlu
Z3M7Y29sb3I6IzFGNDk3RCI+PHNwYW4gc3R5bGU9Im1zby1saXN0Oklnbm9yZSI+w5g8c3BhbiBz
dHlsZT0iZm9udDo3LjBwdCAmcXVvdDtUaW1lcyBOZXcgUm9tYW4mcXVvdDsiPiZuYnNwOw0KPC9z
cGFuPjwvc3Bhbj48L3NwYW4+PCFbZW5kaWZdPkFzIGxvbmcgYXMgd2Ugc2VwYXJhdGUgdGhlIGNv
bmNlcm5zIGFuZCBhc2sgZm9yIGNvbnNlbnN1cyAsIGl0IGlzIG5vdCBhIHNsaXBwZXJ5IHNsb3Bl
LiBGcm9tIEJPRiBkaXNjdXNzaW9ucywgdGhlcmUgd2FzIG1vcmUgc3VwcG9ydCBmb3IgZm9ybWVy
IHRoYW4gdGhlIGxhdHRlciwgSUlSQy48bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxw
IGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8L2Rpdj4N
CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj5PZiBjb3Vy
c2UsIHRoYXQgd2FzIG9ubHkgdGhlIHZpZXcgb2YgdGhlIEJPRiBwYXJ0aWNpcGFudHMuIFRoaXMg
bmVlZHMgdG8gYmUgcmUtY29uZmlybWVkIHdpdGggdGhlIHBhcnRpY2lwYW50cyBvbiB0aGUgbGlz
dCBvZiB3aGljaCBtYW55IGhhdmUgbm90IGJlZW4gYWJsZSB0byB0cmF2ZWwgdG8gU2luZ2Fwb3Jl
Lg0KPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5
bGU9ImNvbG9yOiMxRjQ5N0QiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNz
PSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj5JbiBhbnkgY2FzZSwgSSBh
Z3JlZSB3aXRoIENhcnN0ZW4gdGhhdCB5b3Ugc2hvdWxkIHJlLXVzZSBhbiBleGlzdGluZyB3b3Jr
aW5nIGdyb3VwLiBJIGFtIGFsc28gaW4gZmF2b3VyIG9mIGRvaW5nIHRoZSBkaXNjb3Zlcnkgd29y
ayAob3Igd2hhdGV2ZXIgdGhpcyB0dXJucyBpbnRvKSBpbiBhIG5ldyB3b3JraW5nIGdyb3VwLg0K
PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9
ImNvbG9yOiMxRjQ5N0QiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJN
c29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJjb2xvcjojMUY0OTdEIj5DaWFvPG86cD48L286cD48L3Nw
YW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImNvbG9yOiMxRjQ5N0Qi
Pkhhbm5lczxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFu
IHN0eWxlPSJjb2xvcjojMUY0OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rp
dj4NCjwvZGl2Pg0KPC9kaXY+DQpJTVBPUlRBTlQgTk9USUNFOiBUaGUgY29udGVudHMgb2YgdGhp
cyBlbWFpbCBhbmQgYW55IGF0dGFjaG1lbnRzIGFyZSBjb25maWRlbnRpYWwgYW5kIG1heSBhbHNv
IGJlIHByaXZpbGVnZWQuIElmIHlvdSBhcmUgbm90IHRoZSBpbnRlbmRlZCByZWNpcGllbnQsIHBs
ZWFzZSBub3RpZnkgdGhlIHNlbmRlciBpbW1lZGlhdGVseSBhbmQgZG8gbm90IGRpc2Nsb3NlIHRo
ZSBjb250ZW50cyB0byBhbnkgb3RoZXIgcGVyc29uLCB1c2UgaXQgZm9yIGFueSBwdXJwb3NlLA0K
IG9yIHN0b3JlIG9yIGNvcHkgdGhlIGluZm9ybWF0aW9uIGluIGFueSBtZWRpdW0uIFRoYW5rIHlv
dS4NCjwvYm9keT4NCjwvaHRtbD4NCg==

--_000_AM4PR0801MB2706B98AA0918E6D623822FBFA210AM4PR0801MB2706_--


From nobody Thu Nov 23 08:42:20 2017
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AF51F129464 for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 08:42:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.92
X-Spam-Level: 
X-Spam-Status: No, score=-1.92 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hF2exXGu_XZy for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 08:42:16 -0800 (PST)
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-ve1eur01on0087.outbound.protection.outlook.com [104.47.1.87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 004E112EB9F for <suit@ietf.org>; Thu, 23 Nov 2017 08:42:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=OYoqczUFZ88XPhb25VNgbO9qs6uqdP9yPN1EGwx2fhc=; b=BgjrMIFlDCS/0rU9awvYQIQ52s0kaoJPA11wizO4O//n1KkY1/pllE57aqcKKmAJV8az6IewPMeFu8yaKsGE5b3hR9xl82gDxynl2zIMToe8MIYAhGzCCUrK3kayCsd6zlAwvU9Rka0iJ4UwKx2Hhd9sax6oWRyb9atPIbV3OQw=
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com (10.167.90.148) by AM4PR0801MB2708.eurprd08.prod.outlook.com (10.167.90.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.239.5; Thu, 23 Nov 2017 16:42:10 +0000
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::edae:da33:a0c9:fe3f]) by AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::edae:da33:a0c9:fe3f%13]) with mapi id 15.20.0239.009; Thu, 23 Nov 2017 16:42:10 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Suhas Nandakumar <suhasietf@gmail.com>
CC: Carsten Bormann <cabo@tzi.org>, "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] Manifest Formats
Thread-Index: AQHTY+td/mA+/vbT2kSyVEnPOS/e4aMhkjBQgAAIi4CAAAAcEIAAg2sAgAAE4xCAAAdTAIAAANlA
Date: Thu, 23 Nov 2017 16:42:09 +0000
Message-ID: <AM4PR0801MB2706F1E431848971D2B78ACDFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
References: <CAMRcRGQo_3ygGXeOEc0KR=E97Oax85p1L0UV62mMtv2E0zggaw@mail.gmail.com> <AM4PR0801MB270630DAF02E36407E12B79DFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <48439ED2-6618-4987-BC56-0D059F012890@tzi.org> <AM4PR0801MB2706CCE1F426621EC437FEE7FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <CAMRcRGTCMqmO8MT2m2_ZrU4UaUeV5dOrb+UM0AL9D_F8ry0raw@mail.gmail.com> <AM4PR0801MB2706F3857B5B5B39BDED0B07FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <CAMRcRGT2hvHdU6LQ0Eik5fG+aHqi2d0qj2ED41xd-Cy2d8B_2w@mail.gmail.com>
In-Reply-To: <CAMRcRGT2hvHdU6LQ0Eik5fG+aHqi2d0qj2ED41xd-Cy2d8B_2w@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com; 
x-originating-ip: [80.92.114.7]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM4PR0801MB2708; 6:wDgqHEic1Txv7QscOySKuq9R13/9PzT+11519r+mOmC5zI6jlzSDia/11DdVdFxlXfeSjDn1BFYeGCFfAsNzUO8CH64aA21T0HPZJwpnq4XgI6tH05H94cgRxVvYt8ykJBFjPKqYjznpieaHQ2CW0RvQeHiAvqxrnUV/kehqTgzDjhXmnsxILFzngol8/MjejyshNMDUzpR8dESP8qaHwMd/KJhmXPx/9hn4TBfSfDIATCGq5z2U5ZaU+7g/Um6m9qO6nNS/6xIvlHmGigx/UTFPcFj1dXD0uOrvPzzZ4jf6WYPLe121zBGENyf5WO+oFDc8Qcdiyi+A8A1sDLZoUHBupT6oC7suoJFgXE5qF5Y=; 5:sHKj2Kg+ey8sd+DGt12ZtWZfD9KLVGivOCnw8xlmPJzCiopt0GslnObSRfSzqIFCj9en2EXSrxR3dm8w8BtgNzKTqNlMq6MWwpTfVhGvrD+lU/toKVD4kvLoGO621p+dA+Mn7VplRkVN2/AILiRgdbXzAF1pTDH/hKP9ncRm2MI=; 24:aAV9BxBF7T0llFa/F5YXjaYY7rLat3mSNfc1DkQmvF7MU2rFz38tn//3MuwgOfmwuJe41H0A6Lqpvl4gvQl1wRCeKDXcRJ42k+0tyn3Se+U=; 7:CPCAJQQFjjvx0R7gsOkQfiVI2TOz8kmoVtpQE48R2w4WcdV9b0vJwa5Z0VHWfzsTL332wdVZuTeRS841b5DU7HaUxk23Be2P+NAcLPTeY11+I87IDeaYc1wRNjqx866zBb1J2vSDOiFtj4oF12v0n54ClZ3QalMCh4jDm8yudOkyUCop70CXH/DyKVGAZt1nxReHP4liafncIhu2WDWlmGDu+QeIQD9NGYFCwjpvOxPWL7XsUrF5sfZBiGdIF9jT
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: ec287093-bb18-43d8-83e1-08d53291241f
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(5600025)(4604075)(2017052603258); SRVR:AM4PR0801MB2708; 
x-ms-traffictypediagnostic: AM4PR0801MB2708:
x-microsoft-antispam-prvs: <AM4PR0801MB27085B92E886770C24C96943FA210@AM4PR0801MB2708.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(180628864354917)(227612066756510)(21748063052155); 
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(100000703101)(100105400095)(93006095)(93001095)(10201501046)(3002001)(3231022)(6055026)(6041248)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123558100)(20161123555025)(20161123560025)(20161123562025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:AM4PR0801MB2708; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:AM4PR0801MB2708; 
x-forefront-prvs: 05009853EF
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39860400002)(346002)(376002)(366004)(40434004)(24454002)(189002)(199003)(93886005)(39060400002)(97736004)(54906003)(86362001)(14454004)(1411001)(8676002)(478600001)(4326008)(316002)(5890100001)(25786009)(7696005)(6246003)(5660300001)(2950100002)(53936002)(6916009)(68736007)(72206003)(229853002)(55016002)(189998001)(101416001)(3280700002)(6436002)(6306002)(54356999)(3660700001)(50986999)(53546010)(74316002)(6506006)(76176999)(9686003)(5250100002)(7736002)(54896002)(236005)(2906002)(8936002)(99286004)(66066001)(81156014)(102836003)(2900100001)(6116002)(106356001)(81166006)(33656002)(790700001)(105586002)(3846002); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR0801MB2708; H:AM4PR0801MB2706.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_AM4PR0801MB2706F1E431848971D2B78ACDFA210AM4PR0801MB2706_"
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ec287093-bb18-43d8-83e1-08d53291241f
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Nov 2017 16:42:09.9235 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0801MB2708
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/lkeA-_3VuPzPUxVingBeBv_4F_s>
Subject: Re: [Suit] Manifest Formats
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Nov 2017 16:42:19 -0000

--_000_AM4PR0801MB2706F1E431848971D2B78ACDFA210AM4PR0801MB2706_
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64

U3VoYXMsDQoNCnN0b3JpbmcgbW9yZSB0aGFuIG9uZSBmb3JtYXQgc291bmRzIGRlZmluaXRlbHkg
YmV0dGVyIHRoYW4gaGF2aW5nIHRvIGRvIGFueXRoaW5nIGluIHJlYWwtdGltZS4NCkF0IGxlYXN0
IHdlIGFncmVlIG9uIHNvbWV0aGluZyA7LSkNCg0KQ2lhbw0KSGFubmVzDQoNCg0KRnJvbTogU3Vo
YXMgTmFuZGFrdW1hciBbbWFpbHRvOnN1aGFzaWV0ZkBnbWFpbC5jb21dDQpTZW50OiAyMyBOb3Zl
bWJlciAyMDE3IDE3OjM2DQpUbzogSGFubmVzIFRzY2hvZmVuaWcNCkNjOiBDYXJzdGVuIEJvcm1h
bm47IHN1aXRAaWV0Zi5vcmcNClN1YmplY3Q6IFJlOiBbU3VpdF0gTWFuaWZlc3QgRm9ybWF0cw0K
DQoNCg0KT24gVGh1LCBOb3YgMjMsIDIwMTcgYXQgODoxMyBBTSwgSGFubmVzIFRzY2hvZmVuaWcg
PEhhbm5lcy5Uc2Nob2ZlbmlnQGFybS5jb208bWFpbHRvOkhhbm5lcy5Uc2Nob2ZlbmlnQGFybS5j
b20+PiB3cm90ZToNCkhpIFN1aGFzLA0KDQpUaGUgd2F5IHdlIHdvdWxkIGxpa2UgdGhpcyB0byB3
b3JrIGlzIG5vdCB0byBoYXZlIHRoZSB1cGRhdGUgc2VydmVyIGNyZWF0ZSB0aGVzZSBtYW5pZmVz
dHMgaW4gcmVhbC10aW1lLCBiYXNlZCBvbiB3aGF0IHRoZSBkZXZpY2UgYXNrcyBmb3IuIEluc3Rl
YWQsIHRoZSBtYW5pZmVzdHMgYXJlIGNyZWF0ZWQgYW5kIHNpZ25lZCBieSB0aGUgZGV2ZWxvcGVy
ICh1c2luZyBhIHRvb2wgb3IgYSB3ZWIgc2VydmljZSkuIFRoZSB1cGRhdGUgc2VydmVyIGlzIG1h
aW5seSBhIHJlcG9zaXRvcnkuIFRoaXMgYXBwcm9hY2ggcHJvdmlkZXMgYmV0dGVyIHNlY3VyaXR5
Lg0KDQoNCg0KSGVsbG8gSGFubmVzLA0KDQogIEkgdGhpbmsgaSBhbSBub3Qgc3RhdGluZyBpdCBz
aG91bGQgYmUgcmVhbC10aW1lIGNyZWF0ZWQgZWl0aGVyIGFuZCB5b3UgYXJlIHJpZ2h0IHRoYXQg
dXBkYXRlIHNlcnZlciBpcyBqdXN0IGEgcmVwb3NpdG9yeS4gSSBkb24ndCB0aGluayBJIGFtIGRp
c2FncmVlaW5nIG9uIHRoYXQgZWl0aGVyLg0KICBNb3JlIHRoYW4gb25lIGVuY29kaW5nIGlzIGNy
ZWF0ZWQgYW4gc3RvcmVkIG9uIHRoZSBzZXJ2ZXINCg0KDQpJTVBPUlRBTlQgTk9USUNFOiBUaGUg
Y29udGVudHMgb2YgdGhpcyBlbWFpbCBhbmQgYW55IGF0dGFjaG1lbnRzIGFyZSBjb25maWRlbnRp
YWwgYW5kIG1heSBhbHNvIGJlIHByaXZpbGVnZWQuIElmIHlvdSBhcmUgbm90IHRoZSBpbnRlbmRl
ZCByZWNpcGllbnQsIHBsZWFzZSBub3RpZnkgdGhlIHNlbmRlciBpbW1lZGlhdGVseSBhbmQgZG8g
bm90IGRpc2Nsb3NlIHRoZSBjb250ZW50cyB0byBhbnkgb3RoZXIgcGVyc29uLCB1c2UgaXQgZm9y
IGFueSBwdXJwb3NlLCBvciBzdG9yZSBvciBjb3B5IHRoZSBpbmZvcm1hdGlvbiBpbiBhbnkgbWVk
aXVtLiBUaGFuayB5b3UuDQo=

--_000_AM4PR0801MB2706F1E431848971D2B78ACDFA210AM4PR0801MB2706_
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: base64

PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy
bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt
YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj
cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv
VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg
Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv
ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTQgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl
PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6
Q2FsaWJyaTsNCglwYW5vc2UtMToyIDE1IDUgMiAyIDIgNCAzIDIgNDt9DQpAZm9udC1mYWNlDQoJ
e2ZvbnQtZmFtaWx5OlRhaG9tYTsNCglwYW5vc2UtMToyIDExIDYgNCAzIDUgNCA0IDIgNDt9DQov
KiBTdHlsZSBEZWZpbml0aW9ucyAqLw0KcC5Nc29Ob3JtYWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1z
b05vcm1hbA0KCXttYXJnaW46MGNtOw0KCW1hcmdpbi1ib3R0b206LjAwMDFwdDsNCglmb250LXNp
emU6MTIuMHB0Ow0KCWZvbnQtZmFtaWx5OiJUaW1lcyBOZXcgUm9tYW4iLCJzZXJpZiI7fQ0KYTps
aW5rLCBzcGFuLk1zb0h5cGVybGluaw0KCXttc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6
Ymx1ZTsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lO30NCmE6dmlzaXRlZCwgc3Bhbi5Nc29I
eXBlcmxpbmtGb2xsb3dlZA0KCXttc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6cHVycGxl
Ow0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KcA0KCXttc28tc3R5bGUtcHJpb3JpdHk6
OTk7DQoJbXNvLW1hcmdpbi10b3AtYWx0OmF1dG87DQoJbWFyZ2luLXJpZ2h0OjBjbTsNCgltc28t
bWFyZ2luLWJvdHRvbS1hbHQ6YXV0bzsNCgltYXJnaW4tbGVmdDowY207DQoJZm9udC1zaXplOjEy
LjBwdDsNCglmb250LWZhbWlseToiVGltZXMgTmV3IFJvbWFuIiwic2VyaWYiO30NCnAuTXNvQWNl
dGF0ZSwgbGkuTXNvQWNldGF0ZSwgZGl2Lk1zb0FjZXRhdGUNCgl7bXNvLXN0eWxlLXByaW9yaXR5
Ojk5Ow0KCW1zby1zdHlsZS1saW5rOiJCYWxsb29uIFRleHQgQ2hhciI7DQoJbWFyZ2luOjBjbTsN
CgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJZm9udC1zaXplOjguMHB0Ow0KCWZvbnQtZmFtaWx5
OiJUYWhvbWEiLCJzYW5zLXNlcmlmIjt9DQpzcGFuLkJhbGxvb25UZXh0Q2hhcg0KCXttc28tc3R5
bGUtbmFtZToiQmFsbG9vbiBUZXh0IENoYXIiOw0KCW1zby1zdHlsZS1wcmlvcml0eTo5OTsNCglt
c28tc3R5bGUtbGluazoiQmFsbG9vbiBUZXh0IjsNCglmb250LWZhbWlseToiVGFob21hIiwic2Fu
cy1zZXJpZiI7DQoJbXNvLWZhcmVhc3QtbGFuZ3VhZ2U6RU4tR0I7fQ0Kc3Bhbi5FbWFpbFN0eWxl
MjANCgl7bXNvLXN0eWxlLXR5cGU6cGVyc29uYWwtcmVwbHk7DQoJZm9udC1mYW1pbHk6IkNhbGli
cmkiLCJzYW5zLXNlcmlmIjsNCgljb2xvcjojMUY0OTdEO30NCi5Nc29DaHBEZWZhdWx0DQoJe21z
by1zdHlsZS10eXBlOmV4cG9ydC1vbmx5Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIiwic2Fucy1z
ZXJpZiI7DQoJbXNvLWZhcmVhc3QtbGFuZ3VhZ2U6RU4tVVM7fQ0KQHBhZ2UgV29yZFNlY3Rpb24x
DQoJe3NpemU6NjEyLjBwdCA3OTIuMHB0Ow0KCW1hcmdpbjo3Mi4wcHQgNzIuMHB0IDcyLjBwdCA3
Mi4wcHQ7fQ0KZGl2LldvcmRTZWN0aW9uMQ0KCXtwYWdlOldvcmRTZWN0aW9uMTt9DQotLT48L3N0
eWxlPjwhLS1baWYgZ3RlIG1zbyA5XT48eG1sPg0KPG86c2hhcGVkZWZhdWx0cyB2OmV4dD0iZWRp
dCIgc3BpZG1heD0iMTAyNiIgLz4NCjwveG1sPjwhW2VuZGlmXS0tPjwhLS1baWYgZ3RlIG1zbyA5
XT48eG1sPg0KPG86c2hhcGVsYXlvdXQgdjpleHQ9ImVkaXQiPg0KPG86aWRtYXAgdjpleHQ9ImVk
aXQiIGRhdGE9IjEiIC8+DQo8L286c2hhcGVsYXlvdXQ+PC94bWw+PCFbZW5kaWZdLS0+DQo8L2hl
YWQ+DQo8Ym9keSBsYW5nPSJFTi1HQiIgbGluaz0iYmx1ZSIgdmxpbms9InB1cnBsZSI+DQo8ZGl2
IGNsYXNzPSJXb3JkU2VjdGlvbjEiPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9
ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtz
YW5zLXNlcmlmJnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPlN1aGFzLA0KPG86cD48L286cD48L3NwYW4+
PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7
Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2Nv
bG9yOiMxRjQ5N0QiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29O
b3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0Nh
bGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojMUY0OTdEIj5zdG9yaW5n
IG1vcmUgdGhhbiBvbmUgZm9ybWF0IHNvdW5kcyBkZWZpbml0ZWx5IGJldHRlciB0aGFuIGhhdmlu
ZyB0byBkbyBhbnl0aGluZyBpbiByZWFsLXRpbWUuDQo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8
cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZh
bWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6IzFG
NDk3RCI+QXQgbGVhc3Qgd2UgYWdyZWUgb24gc29tZXRoaW5nIDstKTxvOnA+PC9vOnA+PC9zcGFu
PjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0
O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztj
b2xvcjojMUY0OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNv
Tm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtD
YWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6IzFGNDk3RCI+Q2lhbzxv
OnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJm
b250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7c2Fu
cy1zZXJpZiZxdW90Oztjb2xvcjojMUY0OTdEIj5IYW5uZXM8bzpwPjwvbzpwPjwvc3Bhbj48L3A+
DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250
LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6
IzFGNDk3RCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1h
bCI+PGEgbmFtZT0iX01haWxFbmRDb21wb3NlIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBw
dDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7
Y29sb3I6IzFGNDk3RCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9hPjwvcD4NCjxwIGNsYXNz
PSJNc29Ob3JtYWwiPjxiPjxzcGFuIGxhbmc9IkVOLVVTIiBzdHlsZT0iZm9udC1zaXplOjEwLjBw
dDtmb250LWZhbWlseTomcXVvdDtUYWhvbWEmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+
RnJvbTo8L3NwYW4+PC9iPjxzcGFuIGxhbmc9IkVOLVVTIiBzdHlsZT0iZm9udC1zaXplOjEwLjBw
dDtmb250LWZhbWlseTomcXVvdDtUYWhvbWEmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90OyI+
IFN1aGFzIE5hbmRha3VtYXIgW21haWx0bzpzdWhhc2lldGZAZ21haWwuY29tXQ0KPGJyPg0KPGI+
U2VudDo8L2I+IDIzIE5vdmVtYmVyIDIwMTcgMTc6MzY8YnI+DQo8Yj5Ubzo8L2I+IEhhbm5lcyBU
c2Nob2ZlbmlnPGJyPg0KPGI+Q2M6PC9iPiBDYXJzdGVuIEJvcm1hbm47IHN1aXRAaWV0Zi5vcmc8
YnI+DQo8Yj5TdWJqZWN0OjwvYj4gUmU6IFtTdWl0XSBNYW5pZmVzdCBGb3JtYXRzPG86cD48L286
cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+
DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8ZGl2
Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8ZGl2Pg0KPHAg
Y2xhc3M9Ik1zb05vcm1hbCI+T24gVGh1LCBOb3YgMjMsIDIwMTcgYXQgODoxMyBBTSwgSGFubmVz
IFRzY2hvZmVuaWcgJmx0OzxhIGhyZWY9Im1haWx0bzpIYW5uZXMuVHNjaG9mZW5pZ0Bhcm0uY29t
IiB0YXJnZXQ9Il9ibGFuayI+SGFubmVzLlRzY2hvZmVuaWdAYXJtLmNvbTwvYT4mZ3Q7IHdyb3Rl
OjxvOnA+PC9vOnA+PC9wPg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHls
ZT0ibXNvLW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG8iPjxz
cGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVv
dDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojMUY0OTdEIj5IaSBTdWhhcywNCjwvc3Bh
bj48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2lu
LXRvcC1hbHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gc3R5bGU9ImZv
bnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5z
LXNlcmlmJnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPiZuYnNwOzwvc3Bhbj48bzpwPjwvbzpwPjwvcD4N
CjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6YXV0bzttc28t
bWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9u
dC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9y
OiMxRjQ5N0QiPlRoZSB3YXkgd2Ugd291bGQgbGlrZSB0aGlzIHRvIHdvcmsgaXMgbm90IHRvIGhh
dmUgdGhlIHVwZGF0ZSBzZXJ2ZXIgY3JlYXRlIHRoZXNlIG1hbmlmZXN0cyBpbiByZWFsLXRpbWUs
DQogYmFzZWQgb24gd2hhdCB0aGUgZGV2aWNlIGFza3MgZm9yLiBJbnN0ZWFkLCB0aGUgbWFuaWZl
c3RzIGFyZSBjcmVhdGVkIGFuZCBzaWduZWQgYnkgdGhlIGRldmVsb3BlciAodXNpbmcgYSB0b29s
IG9yIGEgd2ViIHNlcnZpY2UpLiBUaGUgdXBkYXRlIHNlcnZlciBpcyBtYWlubHkgYSByZXBvc2l0
b3J5LiBUaGlzIGFwcHJvYWNoIHByb3ZpZGVzIGJldHRlciBzZWN1cml0eS4NCjwvc3Bhbj48bzpw
PjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1h
bHQ6YXV0bzttc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0byI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6
ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlm
JnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPiZuYnNwOzwvc3Bhbj48bzpwPjwvbzpwPjwvcD4NCjwvZGl2
Pg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48
L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpw
PjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPkhlbGxvIEhhbm5lcyw8
bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+
Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+Jm5i
c3A7IEkgdGhpbmsgaSBhbSBub3Qgc3RhdGluZyBpdCBzaG91bGQgYmUgcmVhbC10aW1lIGNyZWF0
ZWQgZWl0aGVyIGFuZCB5b3UgYXJlIHJpZ2h0IHRoYXQgdXBkYXRlIHNlcnZlciBpcyBqdXN0IGEg
cmVwb3NpdG9yeS4gSSBkb24ndCB0aGluayBJIGFtIGRpc2FncmVlaW5nIG9uIHRoYXQgZWl0aGVy
LjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+Jm5i
c3A7IE1vcmUgdGhhbiBvbmUgZW5jb2RpbmcgaXMgY3JlYXRlZCBhbiBzdG9yZWQgb24gdGhlIHNl
cnZlcjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+
PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1h
bCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQpJTVBPUlRB
TlQgTk9USUNFOiBUaGUgY29udGVudHMgb2YgdGhpcyBlbWFpbCBhbmQgYW55IGF0dGFjaG1lbnRz
IGFyZSBjb25maWRlbnRpYWwgYW5kIG1heSBhbHNvIGJlIHByaXZpbGVnZWQuIElmIHlvdSBhcmUg
bm90IHRoZSBpbnRlbmRlZCByZWNpcGllbnQsIHBsZWFzZSBub3RpZnkgdGhlIHNlbmRlciBpbW1l
ZGlhdGVseSBhbmQgZG8gbm90IGRpc2Nsb3NlIHRoZSBjb250ZW50cyB0byBhbnkgb3RoZXIgcGVy
c29uLCB1c2UgaXQgZm9yIGFueSBwdXJwb3NlLA0KIG9yIHN0b3JlIG9yIGNvcHkgdGhlIGluZm9y
bWF0aW9uIGluIGFueSBtZWRpdW0uIFRoYW5rIHlvdS4NCjwvYm9keT4NCjwvaHRtbD4NCg==

--_000_AM4PR0801MB2706F1E431848971D2B78ACDFA210AM4PR0801MB2706_--


From nobody Thu Nov 23 09:06:03 2017
Return-Path: <henk.birkholz@sit.fraunhofer.de>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B236912946F for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 09:06:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.901
X-Spam-Level: 
X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q3_H6-x_X4sv for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 09:05:58 -0800 (PST)
Received: from iron02.fraunhofer.de (iron02.fraunhofer.de [153.96.1.56]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 873D912EBF2 for <suit@ietf.org>; Thu, 23 Nov 2017 09:05:56 -0800 (PST)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A2F5AQAh299Z/xoBYJlXBxoBAQEBAgEBAQEIAQEBAYNdZG4nB4NzmVGBSyt5lUSBQRsoChgLgV6DOgKEP1cBAgEBAQEBAgNoKIJmBEYmAwMBAQEBAQEBAQEjAQEBAQEBAQEBAQEBAQEBGgIIBREgEgIYAQEBAgIBASEECwEFNgIVBAkCEQQBAQECAiMDAgInHwEICAYBDAYCAQEXigIBBAELjXqcMxGBI4FtOos8AQEBAQEBAQMBAQEBAQEBAQEBHoEOgh+BNTEQEYFRbnwrgko1hFIBEgEJAz+CZ4JhBYoilyKBCIEmhTCDYoNhh10bQoUXg1UFhy6KIYglgngCBAYFAhkBgTlYgQMLUyZdhRkBBReBaHUBAQGJEA8YA4EJAYEQAQEB
X-IPAS-Result: A2F5AQAh299Z/xoBYJlXBxoBAQEBAgEBAQEIAQEBAYNdZG4nB4NzmVGBSyt5lUSBQRsoChgLgV6DOgKEP1cBAgEBAQEBAgNoKIJmBEYmAwMBAQEBAQEBAQEjAQEBAQEBAQEBAQEBAQEBGgIIBREgEgIYAQEBAgIBASEECwEFNgIVBAkCEQQBAQECAiMDAgInHwEICAYBDAYCAQEXigIBBAELjXqcMxGBI4FtOos8AQEBAQEBAQMBAQEBAQEBAQEBHoEOgh+BNTEQEYFRbnwrgko1hFIBEgEJAz+CZ4JhBYoilyKBCIEmhTCDYoNhh10bQoUXg1UFhy6KIYglgngCBAYFAhkBgTlYgQMLUyZdhRkBBReBaHUBAQGJEA8YA4EJAYEQAQEB
X-IronPort-AV: E=Sophos;i="5.43,368,1503352800"; d="scan'208";a="81972236"
Received: from mail-mtaka26.fraunhofer.de ([153.96.1.26]) by iron02.fraunhofer.de with ESMTP/TLS/DHE-RSA-AES256-SHA; 23 Nov 2017 18:05:49 +0100
X-IronPort-AV: E=Sophos;i="5.44,441,1505772000"; d="scan'208";a="270937628"
X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown
Received: from mailext.sit.fraunhofer.de ([141.12.72.89]) by mail-mtaka26.fraunhofer.de with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 23 Nov 2017 18:05:47 +0100
Received: from mail.sit.fraunhofer.de (mail.sit.fraunhofer.de [141.12.84.171]) by mailext.sit.fraunhofer.de (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id vANH5gGL019825 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 23 Nov 2017 18:05:43 +0100
Received: from [134.102.160.161] (134.102.160.161) by mail.sit.fraunhofer.de (141.12.84.171) with Microsoft SMTP Server (TLS) id 14.3.361.1; Thu, 23 Nov 2017 18:05:37 +0100
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, "suit@ietf.org" <suit@ietf.org>
References: <CAMRcRGQbXX5Cog=Jccgrkuz48oGnw0v3AAx-N20UaZhXbW=H5g@mail.gmail.com> <589.1511394367@obiwan.sandelman.ca> <AM4PR0801MB2706942518011D9489B0DC6DFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <512a039b-ca00-5cf7-bee1-988942e4656b@sit.fraunhofer.de> <AM4PR0801MB27067933617964FF23228B87FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <d4475dcb-828f-00e9-4dc4-f23e8aade2fa@sit.fraunhofer.de> <AM4PR0801MB270676B2560410315A744BF9FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <9ed2fd3e-4fe9-28dd-1b29-e93c2d9880d8@sit.fraunhofer.de> <93c16682-3ee7-9e0e-28c4-f03bc724b0a0@sit.fraunhofer.de> <AM4PR0801MB2706A5583DEC02CC61CFE1AAFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
From: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
Message-ID: <4efd6388-61e1-a437-99c8-f3df5aa40fcf@sit.fraunhofer.de>
Date: Thu, 23 Nov 2017 18:05:36 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <AM4PR0801MB2706A5583DEC02CC61CFE1AAFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
Content-Type: text/plain; charset="utf-8"; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Originating-IP: [134.102.160.161]
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/u9fMBKvE4b7F41aMgjlwkZwTU7s>
Subject: Re: [Suit] SUIT Charter: Firmware Server Discovery and Download Mechanism
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Nov 2017 17:06:02 -0000

Hm... if that is not clear by reading the draft, I would very welcome a 
review, Hannes!

Software Identifiers (SWID) are documents that provide metadata about 
software components. The traditional audience (and I mean "draft 
readers", not SWID consumers) are the entities creating and or 
distributing software to be installed on (composite) system entities.



Some more detail:

SWID documents can be created by the manufacturer/vendor/distributor and 
can be signed (CoSWID also be encrypted). If they include, for examples 
hash-values about the software components and are signed they can 
provide so called "golden measurements"/"well known values" -> reference 
integrity measurements manifests (RIM manifests). In general, they can 
express a multitude of additional metadata (e.g. various types of 
versions, the roles of the creator or issuer, etc.), and semantic 
dependencies between software components (e.g. patches, requires, 
supersedes, etc.), as well as the different forms in which software 
components exist in (installation package, installed, associated with 
license, even running). SWID documents can also be created by "everyone 
else", e.g. by 3rd party products on the system entities - and therefore 
can compose Evidence.

StrongSwan, for example, an open source IPSec VPN solution 
(https://www.strongswan.org/), includes a SWID generator on the client 
side to provide evidence for network access control.

There are various usage scenarios - one of them: a Firmware Update Manifest.

SWID are defined by ISO (19770-2:2015 Software Identification Tags). 
There is a freely available schema for XML encoding 
(http://standards.iso.org/iso/19770/-2/2015-current/schema.xsd) and a 
guidance document of how to use them by NIST 
(http://nvlpubs.nist.gov/nistpubs/ir/2016/NIST.IR.8060.pdf). Concise 
Software Identifier use CBOR/CDDL instead of XML/XSD, include 
clarification provided by NIST about firmware and signatures, reduce 
some ambiguity that is found in the XSD, etc 
(https://github.com/sacmwg/draft-ietf-sacm-coswid).


Viele Grüße,

Henk





On 11/23/2017 05:29 PM, Hannes Tschofenig wrote:
> Hi Henk,
> 
> Maybe you need to explain what you are doing with your Concise Software Identifier draft and who the target audience was for it.
> 
> Ciao
> Hannes
> 
> 
> -----Original Message-----
> From: Suit [mailto:suit-bounces@ietf.org] On Behalf Of Henk Birkholz
> Sent: 23 November 2017 17:26
> To: suit@ietf.org
> Subject: Re: [Suit] SUIT Charter: Firmware Server Discovery and Download Mechanism
> 
> And again... I meant SUIT, this now seems to be stuck in my head *sigh*
> 
> On 11/23/2017 05:21 PM, Henk Birkholz wrote:
>> Oh Im sorry, I was confusing TEEP and SUIT again... my fault! :)
>>
>> So please %s/TEEP/SUIT/g
>>
>> That said, we added a firmware resource collection to the Concise
>> Software Identifier draft in early February this year, which enables
>> this document type to be used as a (Reference Integrity Measurement)
>> Manifest and/or Container for firmware components.
>>
>> When the TEEP BoF formed, we separated that part from the core data
>> definition and moved it as an extension data definition into an
>> appendix of the same draft in expectation of more input.
>>
>> As we aim for WGLC in December this year (and there will be no
>> decisions on firmware related content available until then for sure,
>> unfortunately), we will now only include a minimal set of core
>> attributes about firmware resources in the core document and create
>> another draft that will extend this resource collection in order to
>> become a TEEP conform representation later on.
>>
>>
>> Viele Grüße,
>>
>> Henk
>>
>> p.s.
>>
>> The contradiction I see is that you could use ASN.1 (which is not a
>> format/encoding - which I was trying to hint at wrt your list of
>> formats, but Carsten was way more elaborate as me on that topic as I
>> just saw) in a CMS scenario, but cannot (only) use ASN.1, if you want
>> to accommodate more than encodings that are typically defined via the
>> ASN.1 data model language.
>>
>> Typically, you (have to / should?) decide on a "clever intermediate
>> language", if you do the latter, or am I missing something here? You
>> could use multiple languages at once - I guess - and try to keep them
>> aligned during the design period of the vocabulary, but I would not
>> like to be the person who has to do that.
>>
>>
>>
>> On 11/23/2017 04:27 PM, Hannes Tschofenig wrote:
>>> Hi Henk,
>>>
>>>> Hello Hannes,
>>>
>>>> tl;dr I though the consensus was going into the direction of a small
>>>> list of formats. I consider this to be correct unless consensus
>>>> shows otherwise.
>>>
>>> [Hannes] That would be good. But let's see when we get to the point
>>> of selecting.
>>>
>>>
>>> The remainder of this email are just observations:
>>>
>>> This statement
>>>
>>> On 11/23/2017 11:09 AM, Hannes Tschofenig wrote:
>>>> I may be hard to believe but some companies are actually interested
>>>> in bringing a standardized manifest format to the market.
>>>
>>> in combination with these statements
>>>
>>> On 11/23/2017 10:01 AM, Hannes Tschofenig wrote:
>>>> There is separate text in the charter that says the group will pick
>>>> one or multiple encoding formats.
>>>
>>> On 11/23/2017 09:09 AM, Hannes Tschofenig wrote:
>>>> Format here means having an ASN.1, XML, JSON, CBOR, etc. encodings
>>>> of the manifest (+ the appropriate security mechanisms).
>>>
>>> seem to contradict each other?
>>>
>>>
>>> Either there is a standardized manifest format, or there are multiple
>>> based on the same data model? Also including ASN.1 in the list is
>>> somehow confusing to me. If we are talking about format here, I think
>>> ASN.1 does not fit that list.
>>>
>>> [Hannes] I don't see the contradiction. When we submitted our initial
>>> draft version, which described a solution based on ASN1./DER + CMS,
>>> some folks said "I want JSON/JOSE" and yet others said "I want
>>> CBOR/COSE". Hence, the charter text changed by delaying the decision
>>> to a later time in the working group. What matters ultimately is what
>>> one has to implement rather than what clever intermediate language we
>>> use or how we structure documents.
>>>
>>> And it might also sound surprising, but because some companies (e.g.
>>> a few that rely on SOTA) are interested in to market solutions, we
>>> started to address this in drafts before the first TEEP BoF. Now that
>>> TEEP is emerging, we are splitting the work wrt firmware, and
>>> suspended some of it to wait for TEEP manifest definition output in
>>> order to retain interoperability - which is effectively a delay
>>> already (but addressing a bigger group of stakeholder seems vital,
>>> so... viable & necessary).
>>>
>>> [Hannes] I am not sure I understood this statement. The Open Trust
>>> Protocol, which is the only solution so far submitted to the TEEP
>>> group, does not define a manifest format. At the TEEP BOF folks
>>> argued that it would be a good idea to re-use the manifest format
>>> from SUIT in TEEP but that hasn't been done so far (although I think
>>> it is a good idea).
>>>
>>> Ciao
>>> Hannes
>>>
>>> Viele Grüße,
>>>
>>> Henk
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Suit mailing list
>>> Suit@ietf.org
>>> https://www.ietf.org/mailman/listinfo/suit
>>> IMPORTANT NOTICE: The contents of this email and any attachments are
>>> confidential and may also be privileged. If you are not the intended
>>> recipient, please notify the sender immediately and do not disclose
>>> the contents to any other person, use it for any purpose, or store or
>>> copy the information in any medium. Thank you.
>>>
>>
>> _______________________________________________
>> Suit mailing list
>> Suit@ietf.org
>> https://www.ietf.org/mailman/listinfo/suit
> 
> _______________________________________________
> Suit mailing list
> Suit@ietf.org
> https://www.ietf.org/mailman/listinfo/suit
> IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
> 


From nobody Thu Nov 23 09:35:49 2017
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B7BE5129474; Thu, 23 Nov 2017 09:35:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level: 
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OWs9KhxuhvWZ; Thu, 23 Nov 2017 09:35:46 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 65DC4129471; Thu, 23 Nov 2017 09:35:46 -0800 (PST)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 826C92008C; Thu, 23 Nov 2017 12:37:54 -0500 (EST)
Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id A9EF98068A; Thu, 23 Nov 2017 12:35:44 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Suhas Nandakumar <suhasietf@gmail.com>
cc: suit@ietf.org, suit-chairs@ietf.org
In-Reply-To: <CAMRcRGSgvrhD9Z86vZ9V8hP-xui=gFRuRW6oyO_7y4Jz=MgH1Q@mail.gmail.com>
References: <CAMRcRGSgvrhD9Z86vZ9V8hP-xui=gFRuRW6oyO_7y4Jz=MgH1Q@mail.gmail.com>
X-Mailer: MH-E 8.6; nmh 1.7-RC3; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature"
Date: Thu, 23 Nov 2017 12:35:44 -0500
Message-ID: <19053.1511458544@obiwan.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/f44gEVYxFZpprmdnV8AJvRUIhk8>
Subject: Re: [Suit] Suit Charter Updates Process Question
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Nov 2017 17:35:48 -0000

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable


Suhas Nandakumar <suhasietf@gmail.com> wrote:
    > I am bit confused on the actual process followed in updating the Suit
    > Charter. It looks like the current charter doesn=E2=80=99t seem to re=
flect
    > fully the consensus or discussion points from the BOF.

I think that you should consider that the text gets uploaded on a
quasi-periodic basis so that we can all be talking about the same thing.

    > Also it would have been of great help if the updated charter was sent
    > to the SUIT mailing list for questions/consensus before getting
    > uploaded to the datatracker. I had to accidentally find it embedded in
    > the BOF report sent to saag mailing list.

Yes, I agree that this is less than ideal.
But, for many people this is a down week, both because of US Thanksgiving a=
nd
because it's the week after the IETF meeting, and many people need recovery
time, so please be patient.

    > Should questions/comments about the current charter sent to Suit
    > mailing list be the right way to follow up ? Also, Who is actually
    > updating the charter?

Generally, the BOF chairs and/or proponents do that in consultation with the
sponsoring AD and the ML.

=2D-
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -=3D IPv6 IoT consulting =3D-




--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAloXBvAACgkQgItw+93Q
3WUOEAf+N3fefQErGXWAsT8cmmQDA6jtlDo5sUoSdDT5ffzDWgtMW1RpF88rM02P
cuHmthTrojfTqmO5vZlQW0yOJ/IQygff5NMfPdKa+f8W6XJXGnyrJzW7ZBzOuZgz
6llqlRzasfXBpKoyK2OdFUoEGs4y8EuGxN+I+kTcOElLA4WKVdf/8vwxySKegbMw
w3Un9nwtANn69X3czQjG/71pt3i8Hjm+kkLcmcAsvWMulI2AhPR+vwW/QYVuTAMn
YM5Hr4I8Vp2EW+SuECf+KdH5Lp5pHqC6YRTrfBIr8KoeUp/f6eDG30lvTOjPoQHA
XJYFiG7Q+OEVDIi1jxQUdVM1txvjmA==
=s/+x
-----END PGP SIGNATURE-----
--=-=-=--


From nobody Thu Nov 23 09:44:51 2017
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 45F671293F9 for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 09:44:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level: 
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hYILYvnjQndf for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 09:44:47 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9697112948F for <suit@ietf.org>; Thu, 23 Nov 2017 09:44:47 -0800 (PST)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id B8CD72008C; Thu, 23 Nov 2017 12:46:56 -0500 (EST)
Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id DF1AA8068A; Thu, 23 Nov 2017 12:44:46 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Suhas Nandakumar <suhasietf@gmail.com>
cc: suit@ietf.org
In-Reply-To: <CAMRcRGQDRiz8f4bib6mveDQ0R2Jzn4bQytDrxTxypkU9vTC5Qg@mail.gmail.com>
References: <CAMRcRGQDRiz8f4bib6mveDQ0R2Jzn4bQytDrxTxypkU9vTC5Qg@mail.gmail.com>
X-Mailer: MH-E 8.6; nmh 1.7-RC3; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature"
Date: Thu, 23 Nov 2017 12:44:46 -0500
Message-ID: <21235.1511459086@obiwan.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/e9CuKDo1sDTvL8tB1-Kngwk-ltc>
Subject: Re: [Suit] Suit Charter: Working Group Objectives - Another Try
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Nov 2017 17:44:49 -0000

--=-=-=
Content-Type: text/plain


Suhas Nandakumar <suhasietf@gmail.com> wrote:
    > Below (in italicized) is an an attempt to help clarify the WG

Not everyone will see your italics.
Please stick to text/plan if you want to be universally understood.

    > objectives. Please let me know your thoughts.

I don't like putting the number of documents into the charter as it
restricts the WG from splitting or merging documents as it sees fit.

Documents will get listed in the milestones which are much more easily
mutable (they require only the AD to approve).

Instead, I'd rather discuss the topics that need to be covered.

    > This WG will work on developing an interoperable secure firmware
    > upgrade solution for IoT devices that are constrained in their
    > resources (such as RAM, Flash). The solution must enable firmware
    > upgrades for the IoT devices under various deployment options (such
    > as, deployments under constrained network access typically controlled
    > by an Enterprise IT department or factory OT group as well as with
    > open Internet access deployments).

I like that you have included Enterprise IT and OT in this list.
References to IOTSF meeting and RFC7228 terminology as was in the posted
document will help many people keep us in the right context.

The reference to 4108 as posted online is now much less prescriptive, and I
actually can live with the sentence that was there:
         RFC 4108 provides a manifest format that uses the Cryptographic
         Message Syntax (CMS) to protect firmware packages. More than ten years have
         passed since the publication of RFC 4108, and greater experience with IoT
         deployments has led to additional functionality, requiring a contemporary
         standardized solution to be defined.

as it no longer mandates us to do anything other than acknoledge that it
existed, and might have some good ideas.

    > An extensible manifest format to describe metadata about the firmware
    > and its security properties will be developed by this WG. The working
    > group will also develop and architect solution that enable the IoT
    > devices to locate the firmware update server (and manifest) via
    > existing transport protocol mechanisms.

    > In particular, this WG will perform the following work:

    > *   Document that defines the requirements for secure firmware upgrade
    > solution.

"The requirements for secure firmware upgrade will be documented"

    > *   Define a general architecture that enables secure IoT firmware
    > upgrade describing involved elements, security threats, update
    > server discovery and assumptions.

    > *   Document that describes the data model that captures metadata and
    > security properties about the firmware in the form of a manifest.

"An extensible data model that captures metadata and security properties
about the firmware will be developed and codified in a manifest"

    > *   Define one or more encoding formats for the manifest.

    > *   Document describing use of existing transport and protocol
    > mechanisms to locate and download the firmware.

"One or more optional mechanisms will be described that use existing
transport and discovery protocols to locate and transfer the firmware"

    > *   A best current practices document that defines firmware
    > installation process on the IoT device.

I'm unclear what this means.  I suggest that it be left out, and instead we
write:

"Future work, presently out of scope, could include a best current practices
document that defines firmware installation process on the IoT device."


--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-




--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAloXCQ4ACgkQgItw+93Q
3WVZcAgAmXMZK85YDUQALrvzuyBh4JNVAwqbHWQ8H+TGqoklQ3ycVdOyl8oDAcwZ
Uil80VEItA+/FmJE9sIjjpEdKJMN4qtY5Vh4x+P7VbvnGMRuW/B//NSNl29549Aq
deCGp9PmU8IoQZ8pZAFSfnIpJj73AJhzVP3FIO9B1eoxj5dlfCtAQNe3y0nH8ttl
kECOKgo0uBY0EgX8qWaClawhx/QeJTC9YkIlpspYx4BzswNfAi+BbcRMkf24i0EJ
jUC7xjSydcU6DSyRqiP3pFHF7TphK6SHwvi/AbqAssblkZPiHOE7iChTfuWQIl/w
OFJF4cq0MguO44mHdw0nGq0YFOxIXA==
=vafQ
-----END PGP SIGNATURE-----
--=-=-=--


From nobody Thu Nov 23 09:46:40 2017
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A07601293F9 for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 09:46:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level: 
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EynknSJIElAc for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 09:46:38 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8C01C12948B for <suit@ietf.org>; Thu, 23 Nov 2017 09:46:38 -0800 (PST)
Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id B06482008C; Thu, 23 Nov 2017 12:48:47 -0500 (EST)
Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id D0CFF8068A; Thu, 23 Nov 2017 12:46:37 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Suhas Nandakumar <suhasietf@gmail.com>
cc: suit@ietf.org
In-Reply-To: <CAMRcRGQo_3ygGXeOEc0KR=E97Oax85p1L0UV62mMtv2E0zggaw@mail.gmail.com>
References: <CAMRcRGQo_3ygGXeOEc0KR=E97Oax85p1L0UV62mMtv2E0zggaw@mail.gmail.com>
X-Mailer: MH-E 8.6; nmh 1.7-RC3; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature"
Date: Thu, 23 Nov 2017 12:46:37 -0500
Message-ID: <21724.1511459197@obiwan.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/UNBg5FWF_YcAAZYysJggvWtzqzY>
Subject: Re: [Suit] Manifest Formats
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Nov 2017 17:46:40 -0000

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable


Suhas Nandakumar <suhasietf@gmail.com> wrote:
    > """ A lower number of formats is preferred to reduce code size for
    > supporting decoders on devices receiving a manifest and to maximize
    > interoperability of solutions

    > """

    > I don=E2=80=99t think this is applicable since a device will support =
just one
    > format, The multiplicity of the formats is needed on the Firmware
    > server to support devices with different capabilities on the manifest
    > encoding format. This comment in the charter seems incorrect.

I have made that point as well, and I think it bears repeating.

I understand that operating systems vendors might have to maintain more than
one set of code (of which they will compile one or the other).

Frankly I'd rather have two simple formats that as easily (code) reviewed
than a single format that has gotten complex due to hacks.

=2D-
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -=3D IPv6 IoT consulting =3D-




--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAloXCX0ACgkQgItw+93Q
3WWASgf+JXZbIqdx0ktneeRWWlKyDtgiETnq1cYAEJ/f26vSDL6XJ2laSg4NcKKC
tKNExSSY2nuO/znrO46SczV7kH3E5xYy672Fuv1pDbPhJRTrQcRSi1L7imslZqhg
ldpvZZN7/5MoCbmVJClPiQQCKSazDQJZUV7hQKS0mVKav9oH0eKvW1qRgbRWSLfA
2xK251dkWmmMCuNxuQNJgtvXTdtJZfkN2ack+a5VVT9L+lkYj/f1Vjl2hqD7Bt5W
pwrNKQQ2NCFpcWspVbw6eSBaB/Hufmmj6y3RvoCL7IgwgD/A0T3hlfdXBxsnnY7X
JCl+6np+tsU1P0/uO9KQA9/+roA8Wg==
=psxh
-----END PGP SIGNATURE-----
--=-=-=--


From nobody Thu Nov 23 09:51:49 2017
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E6EF41293F9 for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 09:51:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level: 
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QPq74FJ2kaWA for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 09:51:46 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7A024127077 for <suit@ietf.org>; Thu, 23 Nov 2017 09:51:46 -0800 (PST)
Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id A43462008C for <suit@ietf.org>; Thu, 23 Nov 2017 12:53:55 -0500 (EST)
Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id C63418068A for <suit@ietf.org>; Thu, 23 Nov 2017 12:51:45 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: "suit\@ietf.org" <suit@ietf.org>
In-Reply-To: <AM4PR0801MB27067F7EBCB4CDEE2AA6CC41FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
References: <CAMRcRGQo_3ygGXeOEc0KR=E97Oax85p1L0UV62mMtv2E0zggaw@mail.gmail.com> <AM4PR0801MB270630DAF02E36407E12B79DFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <48439ED2-6618-4987-BC56-0D059F012890@tzi.org> <AM4PR0801MB2706CCE1F426621EC437FEE7FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <0F2EC7AB-A841-4219-B576-FE9131A2E500@tzi.org> <AM4PR0801MB27067F7EBCB4CDEE2AA6CC41FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
X-Mailer: MH-E 8.6; nmh 1.7-RC3; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature"
Date: Thu, 23 Nov 2017 12:51:45 -0500
Message-ID: <22956.1511459505@obiwan.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/KslvzrDVV331Ksln5DuWmn84SvY>
Subject: Re: [Suit] Manifest Formats
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Nov 2017 17:51:48 -0000

--=-=-=
Content-Type: text/plain


Hannes Tschofenig <Hannes.Tschofenig@arm.com> wrote:
    > Yes, there are lots of details to discuss but do you think that any of
    > this should go into the charter (given that the current version of the
    > charter already says that we will discuss this and pick one or multiple
    > formats)?

The charter needs to say one of:
     1) the format shall be X. (at one point it said to enhance 4108, so
          ASN.1 was the data model and DER was the serialization).

     2) there shall be one format, please hold taste test.
          (cf: http://www.redballoon.net/humor/alice.txt )

     3) there can be many serializations, but only one data model.

     4) whatever you want.

I prefer (3), btw.

I have good experience with YANG as the data model, and CBOR+COSE as the
serialization using SID based keys.
{I could live with CMS signed JSON if it wasn't the only possibility}

--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-




--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAloXCrEACgkQgItw+93Q
3WWrTQf+NrL3OZArXtzIKhS6+p+6MiZMrFNa/sYkJy3mQE97BktBjpPhR9Hfbxpk
i62HZ5qiYBhrkxRBK96rA/kMwVafzaIvczNsx7ue/bVzb0sp+CyFGjdQuwPCyuTm
4uxFlZCcArxoGJ796jMuzWSkJ+gyzMJ4eMPcF0wgGRli6o8QR2SUwn2TXTyPwMHE
/C08BSKAJ616lyc85SnLlVHiXdv3wMy6gcnN3ehYWZoWOcAS4wA6VQlBnIVSGZSQ
Fbtd/t/AQ9/6cZdSN8eZJ4t6O2iMoWgPPsNKqBPb9CZO9JDaJuq2b+IN7H+DKHT9
9XEtr8xAbWIDk26zT0E0YH389fo9iA==
=InA4
-----END PGP SIGNATURE-----
--=-=-=--


From nobody Thu Nov 23 09:54:22 2017
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C7AE412EBA0 for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 09:54:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level: 
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jUdiM2H-7NoU for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 09:54:18 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BB5CB129474 for <suit@ietf.org>; Thu, 23 Nov 2017 09:54:18 -0800 (PST)
Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id E19452008C for <suit@ietf.org>; Thu, 23 Nov 2017 12:56:27 -0500 (EST)
Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 0651C8068A for <suit@ietf.org>; Thu, 23 Nov 2017 12:54:18 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: "suit\@ietf.org" <suit@ietf.org>
In-Reply-To: <AM4PR0801MB2706F3857B5B5B39BDED0B07FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
References: <CAMRcRGQo_3ygGXeOEc0KR=E97Oax85p1L0UV62mMtv2E0zggaw@mail.gmail.com> <AM4PR0801MB270630DAF02E36407E12B79DFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <48439ED2-6618-4987-BC56-0D059F012890@tzi.org> <AM4PR0801MB2706CCE1F426621EC437FEE7FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <CAMRcRGTCMqmO8MT2m2_ZrU4UaUeV5dOrb+UM0AL9D_F8ry0raw@mail.gmail.com> <AM4PR0801MB2706F3857B5B5B39BDED0B07FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
X-Mailer: MH-E 8.6; nmh 1.7-RC3; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature"
Date: Thu, 23 Nov 2017 12:54:17 -0500
Message-ID: <23557.1511459657@obiwan.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/K0x1YoxIO-dcLcAkKWaA0u17HrQ>
Subject: Re: [Suit] Manifest Formats
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Nov 2017 17:54:20 -0000

--=-=-=
Content-Type: text/plain


Hannes Tschofenig <Hannes.Tschofenig@arm.com> wrote:
    > The way we would like this to work is not to have the update server
    > create these manifests in real-time, based on what the device asks
    > for. Instead, the manifests are created and signed by the developer
    > (using a tool or a web service). The update server is mainly a
    > repository. This approach provides better security.

Yes, and the developer knows what the device is going to ask for, so this
isn't a problem.

The reason the device should still ask is because it is entirely possible
that devices might evolve over time and change their default.


--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-




--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAloXC0kACgkQgItw+93Q
3WV1wgf/Sf2NaP+FXNQ/srpoBDteTn1BRGG7evGruOoTqZcKR3lcaCbALYQOM9TZ
P/fzQ4ZMNevjWnHHHVfwhKy+KbF9179Xv1M1l+1GCWK6NnKc/Tn2KiJQq2tXW7bt
qmvZ4dGT6s6M43jVDkhlc81ZEgA0/YofrrOCw3VoctLeKNEiBKqJJhXGI3kmV7JR
30U8OcefdTCzoGWtICDx0QeVbrrPLNK7VOytTgDzX+46qjbX9OWJNCkZiij3inzH
0x6MaZXVU/vLhR55TpwIzIJ7UzhN0wcD2fjUBQueEw7pM7W6Vjc0ZxukSffNRrnW
138wNLw6+JdCjqZ7x7dEyJjaoOyBSA==
=vyf2
-----END PGP SIGNATURE-----
--=-=-=--


From nobody Thu Nov 23 09:55:09 2017
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E6C2912EBA0 for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 09:55:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Level: 
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KyxJtXaAKN_S for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 09:54:59 -0800 (PST)
Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-eopbgr50075.outbound.protection.outlook.com [40.107.5.75]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C2633129474 for <suit@ietf.org>; Thu, 23 Nov 2017 09:54:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=WIpE24s3GzehJblWkb2nWthLmF03t2oqrNLLWUuafZY=; b=SCLC6k0owFalyaKT53RH+LPA7kU42Emtx/M+MEErhriZ79dTb4T6Knf8cftfem8KKInbUwwcUfnnD47M0zKaTZAfHlX2EpAzJjOambFzHsDiqOSt5NiP9LdRlR5sn9LkJvbh8FOjLs1qAJ8edevdqgDt3nuBWGeoS8K+CZavquU=
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com (10.167.90.148) by AM4PR0801MB2708.eurprd08.prod.outlook.com (10.167.90.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.239.5; Thu, 23 Nov 2017 17:54:54 +0000
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::edae:da33:a0c9:fe3f]) by AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::edae:da33:a0c9:fe3f%13]) with mapi id 15.20.0239.009; Thu, 23 Nov 2017 17:54:54 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>, "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] SUIT Charter: Firmware Server Discovery and Download Mechanism
Thread-Index: AQHTY+nKOBJ15iHy80Of+kwRfWqQtaMhEE6AgACHNyCAABorAIAACz8wgAARgoCAAER7EIAAE1qAgAABbACAAADAYIAACkkAgAAKRqA=
Date: Thu, 23 Nov 2017 17:54:54 +0000
Message-ID: <AM4PR0801MB27068830207314CE2F5143AAFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
References: <CAMRcRGQbXX5Cog=Jccgrkuz48oGnw0v3AAx-N20UaZhXbW=H5g@mail.gmail.com> <589.1511394367@obiwan.sandelman.ca> <AM4PR0801MB2706942518011D9489B0DC6DFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <512a039b-ca00-5cf7-bee1-988942e4656b@sit.fraunhofer.de> <AM4PR0801MB27067933617964FF23228B87FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <d4475dcb-828f-00e9-4dc4-f23e8aade2fa@sit.fraunhofer.de> <AM4PR0801MB270676B2560410315A744BF9FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <9ed2fd3e-4fe9-28dd-1b29-e93c2d9880d8@sit.fraunhofer.de> <93c16682-3ee7-9e0e-28c4-f03bc724b0a0@sit.fraunhofer.de> <AM4PR0801MB2706A5583DEC02CC61CFE1AAFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <4efd6388-61e1-a437-99c8-f3df5aa40fcf@sit.fraunhofer.de>
In-Reply-To: <4efd6388-61e1-a437-99c8-f3df5aa40fcf@sit.fraunhofer.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com; 
x-originating-ip: [80.92.114.7]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM4PR0801MB2708; 6:nucSykPZc7t9txhM+XpXVTEW1KBHkYzjECTEnJ6GqJqzWyGLiujNdRcgPED47yBbKQQTBGXaZ7qC3vJVJajEWD5q1K+mRVYlADErr7yaFWTr2wTTrJIZrWrGL0Ti0pLv3u5d+HhAQCu7oO6im9tHu6Hk5j7zNCINOf6a6ll+AuBj6iA4LOUUcvuWL7ei+i8n4nLL8YMvonUPULmtBhohBjZ5BDODPEnvs+xSR/jzcwDTgQc65ZxxKLOOsjn16d8IhzB0mAnkvSpMGHkRh8Lfr66KYwwEsWqaXEDUfgu+eD+MBmT+9nmJ/H50HXA3X0F/gkWeJIlTM+ssHSDEaKN0Bl97grHsfWIX8Qzn1ffJk7E=; 5:SCXTjw8sCNNhnau5POlAFDkx1+4hg/RGxEq+WfKJF94wmyLmrrhW7obXdHVHax+Hssm33mvQjOsgWvBhA2EQ/rmXsgLT3Mmo0AgUWCh9Rx5iKFNMt+GqQr/atrRoyKNZIPXLSlylMto9T7c8z4Kh2aAxkYYVcyDxNqBE6ZhF6L0=; 24:ftFSnmsNUPfXZjMX5UMDp35dwcPoDWDJf7lShBXCMF54gkSstz/IOAtUOE3E567QDMFhoP1UfL5VqqWjcwq5Unl5fqebxdbSndI38sGiXNg=; 7:i236offKfRVVfPr4JjWwV8z9DrOxjBb4qmEHxdl9GZJP7gH6tdEjGGxFTcfAOHdk9ntdxspkLcCCB3WJZ4pPq0ABVExm3bIoVgfSPQdAgiEE6aM5ofrja3ROWc9bW4Lml4uElhPj0q6vCJalwzdHR+LU/yURojiBO8fBIEDmN3Dnhv2B4G0+YaaBB02ZHE3HVUY/oAIWZiRFIQVNfYp4OU5UOTOHDdf9qunNC3Vol95gq37fv8GL1Go64qM0odjT
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 664dc94c-a9ac-4085-acc6-08d5329b4d9c
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(5600025)(4604075)(2017052603258); SRVR:AM4PR0801MB2708; 
x-ms-traffictypediagnostic: AM4PR0801MB2708:
x-microsoft-antispam-prvs: <AM4PR0801MB2708C8CFDFD311A0AAC2523AFA210@AM4PR0801MB2708.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(65766998875637)(166708455590820)(192374486261705)(100405760836317);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(100000703101)(100105400095)(93006095)(93001095)(10201501046)(3002001)(3231022)(6055026)(6041248)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123558100)(20161123555025)(20161123560025)(20161123562025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:AM4PR0801MB2708; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:AM4PR0801MB2708; 
x-forefront-prvs: 05009853EF
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(39860400002)(346002)(366004)(376002)(24454002)(199003)(189002)(13464003)(40434004)(5250100002)(8936002)(99286004)(305945005)(7736002)(2906002)(6436002)(50986999)(54356999)(6306002)(3660700001)(101416001)(3280700002)(74316002)(6506006)(9686003)(76176999)(53546010)(33656002)(81166006)(3846002)(106356001)(105586002)(66066001)(6116002)(2900100001)(81156014)(102836003)(478600001)(8676002)(316002)(93886005)(14454004)(97736004)(86362001)(72206003)(110136005)(68736007)(2950100002)(53936002)(189998001)(2501003)(229853002)(55016002)(966005)(5890100001)(6246003)(5660300001)(25786009)(7696005); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR0801MB2708; H:AM4PR0801MB2706.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 664dc94c-a9ac-4085-acc6-08d5329b4d9c
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Nov 2017 17:54:54.4976 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0801MB2708
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/LqnxNf7kEGauGkTyC7bzN53IQGk>
Subject: Re: [Suit] SUIT Charter: Firmware Server Discovery and Download Mechanism
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Nov 2017 17:55:08 -0000

SGkgSGVuaywNCg0KR2l2ZSBtZSBhIGZldyBkYXlzIHRvIGRpZ2VzdCB0aGlzIGluZm8gYW5kIHRv
IHJlYWQgdGhlIHJlZmVyZW5jZWQgZG9jdW1lbnRzLiBJIGhhdmUgbm90IHBhaWQgYXR0ZW50aW9u
IHRvIHRoZSBTQUNNIGdyb3VwIHNpbmNlIEkgd2Fzbid0IGF3YXJlIHRoYXQgaXQgaGFzIGFueXRo
aW5nIHRvIGRvIHdpdGggSW9ULg0KDQpDaWFvDQpIYW5uZXMNCg0KLS0tLS1PcmlnaW5hbCBNZXNz
YWdlLS0tLS0NCkZyb206IEhlbmsgQmlya2hvbHogW21haWx0bzpoZW5rLmJpcmtob2x6QHNpdC5m
cmF1bmhvZmVyLmRlXQ0KU2VudDogMjMgTm92ZW1iZXIgMjAxNyAxODowNg0KVG86IEhhbm5lcyBU
c2Nob2ZlbmlnOyBzdWl0QGlldGYub3JnDQpTdWJqZWN0OiBSZTogW1N1aXRdIFNVSVQgQ2hhcnRl
cjogRmlybXdhcmUgU2VydmVyIERpc2NvdmVyeSBhbmQgRG93bmxvYWQgTWVjaGFuaXNtDQoNCkht
Li4uIGlmIHRoYXQgaXMgbm90IGNsZWFyIGJ5IHJlYWRpbmcgdGhlIGRyYWZ0LCBJIHdvdWxkIHZl
cnkgd2VsY29tZSBhIHJldmlldywgSGFubmVzIQ0KDQpTb2Z0d2FyZSBJZGVudGlmaWVycyAoU1dJ
RCkgYXJlIGRvY3VtZW50cyB0aGF0IHByb3ZpZGUgbWV0YWRhdGEgYWJvdXQgc29mdHdhcmUgY29t
cG9uZW50cy4gVGhlIHRyYWRpdGlvbmFsIGF1ZGllbmNlIChhbmQgSSBtZWFuICJkcmFmdCByZWFk
ZXJzIiwgbm90IFNXSUQgY29uc3VtZXJzKSBhcmUgdGhlIGVudGl0aWVzIGNyZWF0aW5nIGFuZCBv
ciBkaXN0cmlidXRpbmcgc29mdHdhcmUgdG8gYmUgaW5zdGFsbGVkIG9uIChjb21wb3NpdGUpIHN5
c3RlbSBlbnRpdGllcy4NCg0KDQoNClNvbWUgbW9yZSBkZXRhaWw6DQoNClNXSUQgZG9jdW1lbnRz
IGNhbiBiZSBjcmVhdGVkIGJ5IHRoZSBtYW51ZmFjdHVyZXIvdmVuZG9yL2Rpc3RyaWJ1dG9yIGFu
ZCBjYW4gYmUgc2lnbmVkIChDb1NXSUQgYWxzbyBiZSBlbmNyeXB0ZWQpLiBJZiB0aGV5IGluY2x1
ZGUsIGZvciBleGFtcGxlcyBoYXNoLXZhbHVlcyBhYm91dCB0aGUgc29mdHdhcmUgY29tcG9uZW50
cyBhbmQgYXJlIHNpZ25lZCB0aGV5IGNhbiBwcm92aWRlIHNvIGNhbGxlZCAiZ29sZGVuIG1lYXN1
cmVtZW50cyIvIndlbGwga25vd24gdmFsdWVzIiAtPiByZWZlcmVuY2UgaW50ZWdyaXR5IG1lYXN1
cmVtZW50cyBtYW5pZmVzdHMgKFJJTSBtYW5pZmVzdHMpLiBJbiBnZW5lcmFsLCB0aGV5IGNhbiBl
eHByZXNzIGEgbXVsdGl0dWRlIG9mIGFkZGl0aW9uYWwgbWV0YWRhdGEgKGUuZy4gdmFyaW91cyB0
eXBlcyBvZiB2ZXJzaW9ucywgdGhlIHJvbGVzIG9mIHRoZSBjcmVhdG9yIG9yIGlzc3VlciwgZXRj
LiksIGFuZCBzZW1hbnRpYyBkZXBlbmRlbmNpZXMgYmV0d2VlbiBzb2Z0d2FyZSBjb21wb25lbnRz
IChlLmcuIHBhdGNoZXMsIHJlcXVpcmVzLCBzdXBlcnNlZGVzLCBldGMuKSwgYXMgd2VsbCBhcyB0
aGUgZGlmZmVyZW50IGZvcm1zIGluIHdoaWNoIHNvZnR3YXJlIGNvbXBvbmVudHMgZXhpc3QgaW4g
KGluc3RhbGxhdGlvbiBwYWNrYWdlLCBpbnN0YWxsZWQsIGFzc29jaWF0ZWQgd2l0aCBsaWNlbnNl
LCBldmVuIHJ1bm5pbmcpLiBTV0lEIGRvY3VtZW50cyBjYW4gYWxzbyBiZSBjcmVhdGVkIGJ5ICJl
dmVyeW9uZSBlbHNlIiwgZS5nLiBieSAzcmQgcGFydHkgcHJvZHVjdHMgb24gdGhlIHN5c3RlbSBl
bnRpdGllcyAtIGFuZCB0aGVyZWZvcmUgY2FuIGNvbXBvc2UgRXZpZGVuY2UuDQoNClN0cm9uZ1N3
YW4sIGZvciBleGFtcGxlLCBhbiBvcGVuIHNvdXJjZSBJUFNlYyBWUE4gc29sdXRpb24gKGh0dHBz
Oi8vd3d3LnN0cm9uZ3N3YW4ub3JnLyksIGluY2x1ZGVzIGEgU1dJRCBnZW5lcmF0b3Igb24gdGhl
IGNsaWVudCBzaWRlIHRvIHByb3ZpZGUgZXZpZGVuY2UgZm9yIG5ldHdvcmsgYWNjZXNzIGNvbnRy
b2wuDQoNClRoZXJlIGFyZSB2YXJpb3VzIHVzYWdlIHNjZW5hcmlvcyAtIG9uZSBvZiB0aGVtOiBh
IEZpcm13YXJlIFVwZGF0ZSBNYW5pZmVzdC4NCg0KU1dJRCBhcmUgZGVmaW5lZCBieSBJU08gKDE5
NzcwLTI6MjAxNSBTb2Z0d2FyZSBJZGVudGlmaWNhdGlvbiBUYWdzKS4NClRoZXJlIGlzIGEgZnJl
ZWx5IGF2YWlsYWJsZSBzY2hlbWEgZm9yIFhNTCBlbmNvZGluZw0KKGh0dHA6Ly9zdGFuZGFyZHMu
aXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS1jdXJyZW50L3NjaGVtYS54c2QpIGFuZCBhIGd1aWRh
bmNlIGRvY3VtZW50IG9mIGhvdyB0byB1c2UgdGhlbSBieSBOSVNUIChodHRwOi8vbnZscHVicy5u
aXN0Lmdvdi9uaXN0cHVicy9pci8yMDE2L05JU1QuSVIuODA2MC5wZGYpLiBDb25jaXNlIFNvZnR3
YXJlIElkZW50aWZpZXIgdXNlIENCT1IvQ0RETCBpbnN0ZWFkIG9mIFhNTC9YU0QsIGluY2x1ZGUg
Y2xhcmlmaWNhdGlvbiBwcm92aWRlZCBieSBOSVNUIGFib3V0IGZpcm13YXJlIGFuZCBzaWduYXR1
cmVzLCByZWR1Y2Ugc29tZSBhbWJpZ3VpdHkgdGhhdCBpcyBmb3VuZCBpbiB0aGUgWFNELCBldGMg
KGh0dHBzOi8vZ2l0aHViLmNvbS9zYWNtd2cvZHJhZnQtaWV0Zi1zYWNtLWNvc3dpZCkuDQoNCg0K
VmllbGUgR3LDvMOfZSwNCg0KSGVuaw0KDQoNCg0KDQoNCk9uIDExLzIzLzIwMTcgMDU6MjkgUE0s
IEhhbm5lcyBUc2Nob2ZlbmlnIHdyb3RlOg0KPiBIaSBIZW5rLA0KPg0KPiBNYXliZSB5b3UgbmVl
ZCB0byBleHBsYWluIHdoYXQgeW91IGFyZSBkb2luZyB3aXRoIHlvdXIgQ29uY2lzZSBTb2Z0d2Fy
ZSBJZGVudGlmaWVyIGRyYWZ0IGFuZCB3aG8gdGhlIHRhcmdldCBhdWRpZW5jZSB3YXMgZm9yIGl0
Lg0KPg0KPiBDaWFvDQo+IEhhbm5lcw0KPg0KPg0KPiAtLS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0t
LQ0KPiBGcm9tOiBTdWl0IFttYWlsdG86c3VpdC1ib3VuY2VzQGlldGYub3JnXSBPbiBCZWhhbGYg
T2YgSGVuayBCaXJraG9seg0KPiBTZW50OiAyMyBOb3ZlbWJlciAyMDE3IDE3OjI2DQo+IFRvOiBz
dWl0QGlldGYub3JnDQo+IFN1YmplY3Q6IFJlOiBbU3VpdF0gU1VJVCBDaGFydGVyOiBGaXJtd2Fy
ZSBTZXJ2ZXIgRGlzY292ZXJ5IGFuZA0KPiBEb3dubG9hZCBNZWNoYW5pc20NCj4NCj4gQW5kIGFn
YWluLi4uIEkgbWVhbnQgU1VJVCwgdGhpcyBub3cgc2VlbXMgdG8gYmUgc3R1Y2sgaW4gbXkgaGVh
ZA0KPiAqc2lnaCoNCj4NCj4gT24gMTEvMjMvMjAxNyAwNToyMSBQTSwgSGVuayBCaXJraG9seiB3
cm90ZToNCj4+IE9oIEltIHNvcnJ5LCBJIHdhcyBjb25mdXNpbmcgVEVFUCBhbmQgU1VJVCBhZ2Fp
bi4uLiBteSBmYXVsdCEgOikNCj4+DQo+PiBTbyBwbGVhc2UgJXMvVEVFUC9TVUlUL2cNCj4+DQo+
PiBUaGF0IHNhaWQsIHdlIGFkZGVkIGEgZmlybXdhcmUgcmVzb3VyY2UgY29sbGVjdGlvbiB0byB0
aGUgQ29uY2lzZQ0KPj4gU29mdHdhcmUgSWRlbnRpZmllciBkcmFmdCBpbiBlYXJseSBGZWJydWFy
eSB0aGlzIHllYXIsIHdoaWNoIGVuYWJsZXMNCj4+IHRoaXMgZG9jdW1lbnQgdHlwZSB0byBiZSB1
c2VkIGFzIGEgKFJlZmVyZW5jZSBJbnRlZ3JpdHkgTWVhc3VyZW1lbnQpDQo+PiBNYW5pZmVzdCBh
bmQvb3IgQ29udGFpbmVyIGZvciBmaXJtd2FyZSBjb21wb25lbnRzLg0KPj4NCj4+IFdoZW4gdGhl
IFRFRVAgQm9GIGZvcm1lZCwgd2Ugc2VwYXJhdGVkIHRoYXQgcGFydCBmcm9tIHRoZSBjb3JlIGRh
dGENCj4+IGRlZmluaXRpb24gYW5kIG1vdmVkIGl0IGFzIGFuIGV4dGVuc2lvbiBkYXRhIGRlZmlu
aXRpb24gaW50byBhbg0KPj4gYXBwZW5kaXggb2YgdGhlIHNhbWUgZHJhZnQgaW4gZXhwZWN0YXRp
b24gb2YgbW9yZSBpbnB1dC4NCj4+DQo+PiBBcyB3ZSBhaW0gZm9yIFdHTEMgaW4gRGVjZW1iZXIg
dGhpcyB5ZWFyIChhbmQgdGhlcmUgd2lsbCBiZSBubw0KPj4gZGVjaXNpb25zIG9uIGZpcm13YXJl
IHJlbGF0ZWQgY29udGVudCBhdmFpbGFibGUgdW50aWwgdGhlbiBmb3Igc3VyZSwNCj4+IHVuZm9y
dHVuYXRlbHkpLCB3ZSB3aWxsIG5vdyBvbmx5IGluY2x1ZGUgYSBtaW5pbWFsIHNldCBvZiBjb3Jl
DQo+PiBhdHRyaWJ1dGVzIGFib3V0IGZpcm13YXJlIHJlc291cmNlcyBpbiB0aGUgY29yZSBkb2N1
bWVudCBhbmQgY3JlYXRlDQo+PiBhbm90aGVyIGRyYWZ0IHRoYXQgd2lsbCBleHRlbmQgdGhpcyBy
ZXNvdXJjZSBjb2xsZWN0aW9uIGluIG9yZGVyIHRvDQo+PiBiZWNvbWUgYSBURUVQIGNvbmZvcm0g
cmVwcmVzZW50YXRpb24gbGF0ZXIgb24uDQo+Pg0KPj4NCj4+IFZpZWxlIEdyw7zDn2UsDQo+Pg0K
Pj4gSGVuaw0KPj4NCj4+IHAucy4NCj4+DQo+PiBUaGUgY29udHJhZGljdGlvbiBJIHNlZSBpcyB0
aGF0IHlvdSBjb3VsZCB1c2UgQVNOLjEgKHdoaWNoIGlzIG5vdCBhDQo+PiBmb3JtYXQvZW5jb2Rp
bmcgLSB3aGljaCBJIHdhcyB0cnlpbmcgdG8gaGludCBhdCB3cnQgeW91ciBsaXN0IG9mDQo+PiBm
b3JtYXRzLCBidXQgQ2Fyc3RlbiB3YXMgd2F5IG1vcmUgZWxhYm9yYXRlIGFzIG1lIG9uIHRoYXQg
dG9waWMgYXMgSQ0KPj4ganVzdCBzYXcpIGluIGEgQ01TIHNjZW5hcmlvLCBidXQgY2Fubm90IChv
bmx5KSB1c2UgQVNOLjEsIGlmIHlvdSB3YW50DQo+PiB0byBhY2NvbW1vZGF0ZSBtb3JlIHRoYW4g
ZW5jb2RpbmdzIHRoYXQgYXJlIHR5cGljYWxseSBkZWZpbmVkIHZpYSB0aGUNCj4+IEFTTi4xIGRh
dGEgbW9kZWwgbGFuZ3VhZ2UuDQo+Pg0KPj4gVHlwaWNhbGx5LCB5b3UgKGhhdmUgdG8gLyBzaG91
bGQ/KSBkZWNpZGUgb24gYSAiY2xldmVyIGludGVybWVkaWF0ZQ0KPj4gbGFuZ3VhZ2UiLCBpZiB5
b3UgZG8gdGhlIGxhdHRlciwgb3IgYW0gSSBtaXNzaW5nIHNvbWV0aGluZyBoZXJlPyBZb3UNCj4+
IGNvdWxkIHVzZSBtdWx0aXBsZSBsYW5ndWFnZXMgYXQgb25jZSAtIEkgZ3Vlc3MgLSBhbmQgdHJ5
IHRvIGtlZXAgdGhlbQ0KPj4gYWxpZ25lZCBkdXJpbmcgdGhlIGRlc2lnbiBwZXJpb2Qgb2YgdGhl
IHZvY2FidWxhcnksIGJ1dCBJIHdvdWxkIG5vdA0KPj4gbGlrZSB0byBiZSB0aGUgcGVyc29uIHdo
byBoYXMgdG8gZG8gdGhhdC4NCj4+DQo+Pg0KPj4NCj4+IE9uIDExLzIzLzIwMTcgMDQ6MjcgUE0s
IEhhbm5lcyBUc2Nob2ZlbmlnIHdyb3RlOg0KPj4+IEhpIEhlbmssDQo+Pj4NCj4+Pj4gSGVsbG8g
SGFubmVzLA0KPj4+DQo+Pj4+IHRsO2RyIEkgdGhvdWdoIHRoZSBjb25zZW5zdXMgd2FzIGdvaW5n
IGludG8gdGhlIGRpcmVjdGlvbiBvZiBhDQo+Pj4+IHNtYWxsIGxpc3Qgb2YgZm9ybWF0cy4gSSBj
b25zaWRlciB0aGlzIHRvIGJlIGNvcnJlY3QgdW5sZXNzDQo+Pj4+IGNvbnNlbnN1cyBzaG93cyBv
dGhlcndpc2UuDQo+Pj4NCj4+PiBbSGFubmVzXSBUaGF0IHdvdWxkIGJlIGdvb2QuIEJ1dCBsZXQn
cyBzZWUgd2hlbiB3ZSBnZXQgdG8gdGhlIHBvaW50DQo+Pj4gb2Ygc2VsZWN0aW5nLg0KPj4+DQo+
Pj4NCj4+PiBUaGUgcmVtYWluZGVyIG9mIHRoaXMgZW1haWwgYXJlIGp1c3Qgb2JzZXJ2YXRpb25z
Og0KPj4+DQo+Pj4gVGhpcyBzdGF0ZW1lbnQNCj4+Pg0KPj4+IE9uIDExLzIzLzIwMTcgMTE6MDkg
QU0sIEhhbm5lcyBUc2Nob2ZlbmlnIHdyb3RlOg0KPj4+PiBJIG1heSBiZSBoYXJkIHRvIGJlbGll
dmUgYnV0IHNvbWUgY29tcGFuaWVzIGFyZSBhY3R1YWxseSBpbnRlcmVzdGVkDQo+Pj4+IGluIGJy
aW5naW5nIGEgc3RhbmRhcmRpemVkIG1hbmlmZXN0IGZvcm1hdCB0byB0aGUgbWFya2V0Lg0KPj4+
DQo+Pj4gaW4gY29tYmluYXRpb24gd2l0aCB0aGVzZSBzdGF0ZW1lbnRzDQo+Pj4NCj4+PiBPbiAx
MS8yMy8yMDE3IDEwOjAxIEFNLCBIYW5uZXMgVHNjaG9mZW5pZyB3cm90ZToNCj4+Pj4gVGhlcmUg
aXMgc2VwYXJhdGUgdGV4dCBpbiB0aGUgY2hhcnRlciB0aGF0IHNheXMgdGhlIGdyb3VwIHdpbGwg
cGljaw0KPj4+PiBvbmUgb3IgbXVsdGlwbGUgZW5jb2RpbmcgZm9ybWF0cy4NCj4+Pg0KPj4+IE9u
IDExLzIzLzIwMTcgMDk6MDkgQU0sIEhhbm5lcyBUc2Nob2ZlbmlnIHdyb3RlOg0KPj4+PiBGb3Jt
YXQgaGVyZSBtZWFucyBoYXZpbmcgYW4gQVNOLjEsIFhNTCwgSlNPTiwgQ0JPUiwgZXRjLiBlbmNv
ZGluZ3MNCj4+Pj4gb2YgdGhlIG1hbmlmZXN0ICgrIHRoZSBhcHByb3ByaWF0ZSBzZWN1cml0eSBt
ZWNoYW5pc21zKS4NCj4+Pg0KPj4+IHNlZW0gdG8gY29udHJhZGljdCBlYWNoIG90aGVyPw0KPj4+
DQo+Pj4NCj4+PiBFaXRoZXIgdGhlcmUgaXMgYSBzdGFuZGFyZGl6ZWQgbWFuaWZlc3QgZm9ybWF0
LCBvciB0aGVyZSBhcmUNCj4+PiBtdWx0aXBsZSBiYXNlZCBvbiB0aGUgc2FtZSBkYXRhIG1vZGVs
PyBBbHNvIGluY2x1ZGluZyBBU04uMSBpbiB0aGUNCj4+PiBsaXN0IGlzIHNvbWVob3cgY29uZnVz
aW5nIHRvIG1lLiBJZiB3ZSBhcmUgdGFsa2luZyBhYm91dCBmb3JtYXQNCj4+PiBoZXJlLCBJIHRo
aW5rDQo+Pj4gQVNOLjEgZG9lcyBub3QgZml0IHRoYXQgbGlzdC4NCj4+Pg0KPj4+IFtIYW5uZXNd
IEkgZG9uJ3Qgc2VlIHRoZSBjb250cmFkaWN0aW9uLiBXaGVuIHdlIHN1Ym1pdHRlZCBvdXINCj4+
PiBpbml0aWFsIGRyYWZ0IHZlcnNpb24sIHdoaWNoIGRlc2NyaWJlZCBhIHNvbHV0aW9uIGJhc2Vk
IG9uIEFTTjEuL0RFUg0KPj4+ICsgQ01TLCBzb21lIGZvbGtzIHNhaWQgIkkgd2FudCBKU09OL0pP
U0UiIGFuZCB5ZXQgb3RoZXJzIHNhaWQgIkkNCj4+PiB3YW50IENCT1IvQ09TRSIuIEhlbmNlLCB0
aGUgY2hhcnRlciB0ZXh0IGNoYW5nZWQgYnkgZGVsYXlpbmcgdGhlDQo+Pj4gZGVjaXNpb24gdG8g
YSBsYXRlciB0aW1lIGluIHRoZSB3b3JraW5nIGdyb3VwLiBXaGF0IG1hdHRlcnMNCj4+PiB1bHRp
bWF0ZWx5IGlzIHdoYXQgb25lIGhhcyB0byBpbXBsZW1lbnQgcmF0aGVyIHRoYW4gd2hhdCBjbGV2
ZXINCj4+PiBpbnRlcm1lZGlhdGUgbGFuZ3VhZ2Ugd2UgdXNlIG9yIGhvdyB3ZSBzdHJ1Y3R1cmUg
ZG9jdW1lbnRzLg0KPj4+DQo+Pj4gQW5kIGl0IG1pZ2h0IGFsc28gc291bmQgc3VycHJpc2luZywg
YnV0IGJlY2F1c2Ugc29tZSBjb21wYW5pZXMgKGUuZy4NCj4+PiBhIGZldyB0aGF0IHJlbHkgb24g
U09UQSkgYXJlIGludGVyZXN0ZWQgaW4gdG8gbWFya2V0IHNvbHV0aW9ucywgd2UNCj4+PiBzdGFy
dGVkIHRvIGFkZHJlc3MgdGhpcyBpbiBkcmFmdHMgYmVmb3JlIHRoZSBmaXJzdCBURUVQIEJvRi4g
Tm93DQo+Pj4gdGhhdCBURUVQIGlzIGVtZXJnaW5nLCB3ZSBhcmUgc3BsaXR0aW5nIHRoZSB3b3Jr
IHdydCBmaXJtd2FyZSwgYW5kDQo+Pj4gc3VzcGVuZGVkIHNvbWUgb2YgaXQgdG8gd2FpdCBmb3Ig
VEVFUCBtYW5pZmVzdCBkZWZpbml0aW9uIG91dHB1dCBpbg0KPj4+IG9yZGVyIHRvIHJldGFpbiBp
bnRlcm9wZXJhYmlsaXR5IC0gd2hpY2ggaXMgZWZmZWN0aXZlbHkgYSBkZWxheQ0KPj4+IGFscmVh
ZHkgKGJ1dCBhZGRyZXNzaW5nIGEgYmlnZ2VyIGdyb3VwIG9mIHN0YWtlaG9sZGVyIHNlZW1zIHZp
dGFsLA0KPj4+IHNvLi4uIHZpYWJsZSAmIG5lY2Vzc2FyeSkuDQo+Pj4NCj4+PiBbSGFubmVzXSBJ
IGFtIG5vdCBzdXJlIEkgdW5kZXJzdG9vZCB0aGlzIHN0YXRlbWVudC4gVGhlIE9wZW4gVHJ1c3QN
Cj4+PiBQcm90b2NvbCwgd2hpY2ggaXMgdGhlIG9ubHkgc29sdXRpb24gc28gZmFyIHN1Ym1pdHRl
ZCB0byB0aGUgVEVFUA0KPj4+IGdyb3VwLCBkb2VzIG5vdCBkZWZpbmUgYSBtYW5pZmVzdCBmb3Jt
YXQuIEF0IHRoZSBURUVQIEJPRiBmb2xrcw0KPj4+IGFyZ3VlZCB0aGF0IGl0IHdvdWxkIGJlIGEg
Z29vZCBpZGVhIHRvIHJlLXVzZSB0aGUgbWFuaWZlc3QgZm9ybWF0DQo+Pj4gZnJvbSBTVUlUIGlu
IFRFRVAgYnV0IHRoYXQgaGFzbid0IGJlZW4gZG9uZSBzbyBmYXIgKGFsdGhvdWdoIEkgdGhpbmsN
Cj4+PiBpdCBpcyBhIGdvb2QgaWRlYSkuDQo+Pj4NCj4+PiBDaWFvDQo+Pj4gSGFubmVzDQo+Pj4N
Cj4+PiBWaWVsZSBHcsO8w59lLA0KPj4+DQo+Pj4gSGVuaw0KPj4+DQo+Pj4NCj4+Pg0KPj4+DQo+
Pj4NCj4+Pg0KPj4+DQo+Pj4NCj4+Pg0KPj4+DQo+Pj4gX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fX19fX19fX18NCj4+PiBTdWl0IG1haWxpbmcgbGlzdA0KPj4+IFN1aXRA
aWV0Zi5vcmcNCj4+PiBodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL3N1aXQN
Cj4+PiBJTVBPUlRBTlQgTk9USUNFOiBUaGUgY29udGVudHMgb2YgdGhpcyBlbWFpbCBhbmQgYW55
IGF0dGFjaG1lbnRzIGFyZQ0KPj4+IGNvbmZpZGVudGlhbCBhbmQgbWF5IGFsc28gYmUgcHJpdmls
ZWdlZC4gSWYgeW91IGFyZSBub3QgdGhlIGludGVuZGVkDQo+Pj4gcmVjaXBpZW50LCBwbGVhc2Ug
bm90aWZ5IHRoZSBzZW5kZXIgaW1tZWRpYXRlbHkgYW5kIGRvIG5vdCBkaXNjbG9zZQ0KPj4+IHRo
ZSBjb250ZW50cyB0byBhbnkgb3RoZXIgcGVyc29uLCB1c2UgaXQgZm9yIGFueSBwdXJwb3NlLCBv
ciBzdG9yZQ0KPj4+IG9yIGNvcHkgdGhlIGluZm9ybWF0aW9uIGluIGFueSBtZWRpdW0uIFRoYW5r
IHlvdS4NCj4+Pg0KPj4NCj4+IF9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fDQo+PiBTdWl0IG1haWxpbmcgbGlzdA0KPj4gU3VpdEBpZXRmLm9yZw0KPj4gaHR0
cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9zdWl0DQo+DQo+IF9fX19fX19fX19f
X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fDQo+IFN1aXQgbWFpbGluZyBsaXN0
DQo+IFN1aXRAaWV0Zi5vcmcNCj4gaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5m
by9zdWl0DQo+IElNUE9SVEFOVCBOT1RJQ0U6IFRoZSBjb250ZW50cyBvZiB0aGlzIGVtYWlsIGFu
ZCBhbnkgYXR0YWNobWVudHMgYXJlIGNvbmZpZGVudGlhbCBhbmQgbWF5IGFsc28gYmUgcHJpdmls
ZWdlZC4gSWYgeW91IGFyZSBub3QgdGhlIGludGVuZGVkIHJlY2lwaWVudCwgcGxlYXNlIG5vdGlm
eSB0aGUgc2VuZGVyIGltbWVkaWF0ZWx5IGFuZCBkbyBub3QgZGlzY2xvc2UgdGhlIGNvbnRlbnRz
IHRvIGFueSBvdGhlciBwZXJzb24sIHVzZSBpdCBmb3IgYW55IHB1cnBvc2UsIG9yIHN0b3JlIG9y
IGNvcHkgdGhlIGluZm9ybWF0aW9uIGluIGFueSBtZWRpdW0uIFRoYW5rIHlvdS4NCj4NCklNUE9S
VEFOVCBOT1RJQ0U6IFRoZSBjb250ZW50cyBvZiB0aGlzIGVtYWlsIGFuZCBhbnkgYXR0YWNobWVu
dHMgYXJlIGNvbmZpZGVudGlhbCBhbmQgbWF5IGFsc28gYmUgcHJpdmlsZWdlZC4gSWYgeW91IGFy
ZSBub3QgdGhlIGludGVuZGVkIHJlY2lwaWVudCwgcGxlYXNlIG5vdGlmeSB0aGUgc2VuZGVyIGlt
bWVkaWF0ZWx5IGFuZCBkbyBub3QgZGlzY2xvc2UgdGhlIGNvbnRlbnRzIHRvIGFueSBvdGhlciBw
ZXJzb24sIHVzZSBpdCBmb3IgYW55IHB1cnBvc2UsIG9yIHN0b3JlIG9yIGNvcHkgdGhlIGluZm9y
bWF0aW9uIGluIGFueSBtZWRpdW0uIFRoYW5rIHlvdS4NCg==


From nobody Thu Nov 23 09:58:30 2017
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 630EC12948D for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 09:58:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level: 
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6cB7RQSk-wfD for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 09:58:27 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7120B129471 for <suit@ietf.org>; Thu, 23 Nov 2017 09:58:27 -0800 (PST)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id A0C172008C for <suit@ietf.org>; Thu, 23 Nov 2017 13:00:36 -0500 (EST)
Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id BFC1B8068A for <suit@ietf.org>; Thu, 23 Nov 2017 12:58:26 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: "suit\@ietf.org" <suit@ietf.org>
In-Reply-To: <AM4PR0801MB2706942518011D9489B0DC6DFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
References: <CAMRcRGQbXX5Cog=Jccgrkuz48oGnw0v3AAx-N20UaZhXbW=H5g@mail.gmail.com> <589.1511394367@obiwan.sandelman.ca> <AM4PR0801MB2706942518011D9489B0DC6DFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
X-Mailer: MH-E 8.6; nmh 1.7-RC3; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature"
Date: Thu, 23 Nov 2017 12:58:26 -0500
Message-ID: <24510.1511459906@obiwan.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/H0go8Bca0vhCB9TkGgxxJ8cvOXI>
Subject: Re: [Suit] SUIT Charter: Firmware Server Discovery and Download Mechanism
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Nov 2017 17:58:28 -0000

--=-=-=
Content-Type: text/plain


Hannes Tschofenig <Hannes.Tschofenig@arm.com> wrote:
    > the problem is the slippery slope here: as mentioned on the mailing
    > list (not by me) it is not only about discovering the server but very
    > quickly you are talking about "how do I push firmware updates to
    > devices (instead of just polling)", "how do I learn what capabilities

That's why we argue about the charter now and not leave it open.

    > I am wondering why you don't create your own working group just to work
    > on this topic. This would help to create more focused work.

If we would like the same device to be deployable and upgradeable in
unmanaged (call home to vendor) and air-gap firewall situations, then we had
better not bake in the update URL.

Given that the updates are properly signed from an authorized entity, it
doesn't matter where they come from.

--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-




--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAloXDEIACgkQgItw+93Q
3WVnMwf9GWQwRzc4kVuFqWlI8+qd4SPQh8Wp3SewFVvTc0FSi2e2HKdP/JTyu0xe
6HFX5NU34xtSWVTWoy0faZ0tKXs0QQdqtwjKv3uxMhIr0x1soAcyOhtMjtFfmP4J
TVDNWOuO9ZYGiDcJxvhlM7ENTW5EVINxD+9vEWAbfivkmXSOgqZ3MrZwzl7y84b6
uI1q3x9jhqbWsztt24svSHLx85shwx2H7oL1CQ33rDPugxRXHGA+WJqNL3vFUYVb
RL7KKARudOmEgZTGK7F9JE0TNV68B77vwUp61gjyJcduomdgKaFOkzBeoOLiTbhj
2yxyFrwwKFQqoVYROeGrLi9gLtu1Pw==
=Jg9b
-----END PGP SIGNATURE-----
--=-=-=--


From nobody Thu Nov 23 09:59:40 2017
Return-Path: <henk.birkholz@sit.fraunhofer.de>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 52E3512948F for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 09:59:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level: 
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZDszHYe-iFup for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 09:59:36 -0800 (PST)
Received: from mail-edgeKA27.fraunhofer.de (mail-edgeka27.fraunhofer.de [153.96.1.27]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F044A129471 for <suit@ietf.org>; Thu, 23 Nov 2017 09:59:35 -0800 (PST)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A2F5AQBp299Z/xoHYZlXBxoBAQEBAgEBAQEIAQEBAYNdZG4nB4NzmVGBSyt5lTYOgUEbKAoYC4FegzoChD9AFwECAQEBAQEBAQNoKIJmBEYmAwMBAQEBAQEBAQEjAQEBAQEBAQEBAQEBAQEBGgIIBREgEgIYAQEBAgIBASEECwEFNgIVBAkCEQQBAQECAiMDAgInHwEICAYBDAYCAQEXigIBBAyNe5wzEYEjgW06izwBAQEBAQEBAwEBAQEBAQEBAQEegQ6CH4E1MRARgVFufCuCSjWEUgESAQkDP4JngmEFh0eCW5cigQiBJoUwg2KDYYddG0KFF4NVBSSHCoohiCWCeAIEBgUCGQGBOSEDNIEDC1MmXYUZAQUXgWh1AQEBiRAPGAOBCQGBEAEBAQ
X-IPAS-Result: A2F5AQBp299Z/xoHYZlXBxoBAQEBAgEBAQEIAQEBAYNdZG4nB4NzmVGBSyt5lTYOgUEbKAoYC4FegzoChD9AFwECAQEBAQEBAQNoKIJmBEYmAwMBAQEBAQEBAQEjAQEBAQEBAQEBAQEBAQEBGgIIBREgEgIYAQEBAgIBASEECwEFNgIVBAkCEQQBAQECAiMDAgInHwEICAYBDAYCAQEXigIBBAyNe5wzEYEjgW06izwBAQEBAQEBAwEBAQEBAQEBAQEegQ6CH4E1MRARgVFufCuCSjWEUgESAQkDP4JngmEFh0eCW5cigQiBJoUwg2KDYYddG0KFF4NVBSSHCoohiCWCeAIEBgUCGQGBOSEDNIEDC1MmXYUZAQUXgWh1AQEBiRAPGAOBCQGBEAEBAQ
X-IronPort-AV: E=Sophos;i="5.43,368,1503352800";  d="scan'208";a="1535164"
Received: from mail-mtas26.fraunhofer.de ([153.97.7.26]) by mail-edgeKA27.fraunhofer.de with ESMTP/TLS/DHE-RSA-AES256-SHA; 23 Nov 2017 18:59:33 +0100
X-IronPort-AV: E=Sophos;i="5.44,441,1505772000";  d="scan'208";a="3794948"
X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown
Received: from mailext.sit.fraunhofer.de ([141.12.72.89]) by mail-mtaS26.fraunhofer.de with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 23 Nov 2017 18:59:32 +0100
Received: from mail.sit.fraunhofer.de (mail.sit.fraunhofer.de [141.12.84.171]) by mailext.sit.fraunhofer.de (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id vANHxVf8022297 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 23 Nov 2017 18:59:32 +0100
Received: from [134.102.160.161] (134.102.160.161) by mail.sit.fraunhofer.de (141.12.84.171) with Microsoft SMTP Server (TLS) id 14.3.361.1; Thu, 23 Nov 2017 18:59:26 +0100
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, "suit@ietf.org" <suit@ietf.org>
References: <CAMRcRGQbXX5Cog=Jccgrkuz48oGnw0v3AAx-N20UaZhXbW=H5g@mail.gmail.com> <589.1511394367@obiwan.sandelman.ca> <AM4PR0801MB2706942518011D9489B0DC6DFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <512a039b-ca00-5cf7-bee1-988942e4656b@sit.fraunhofer.de> <AM4PR0801MB27067933617964FF23228B87FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <d4475dcb-828f-00e9-4dc4-f23e8aade2fa@sit.fraunhofer.de> <AM4PR0801MB270676B2560410315A744BF9FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <9ed2fd3e-4fe9-28dd-1b29-e93c2d9880d8@sit.fraunhofer.de> <93c16682-3ee7-9e0e-28c4-f03bc724b0a0@sit.fraunhofer.de> <AM4PR0801MB2706A5583DEC02CC61CFE1AAFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <4efd6388-61e1-a437-99c8-f3df5aa40fcf@sit.fraunhofer.de> <AM4PR0801MB27068830207314CE2F5143AAFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
From: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
Message-ID: <03723b0e-2b7a-9ea4-588a-c1e06b581dc4@sit.fraunhofer.de>
Date: Thu, 23 Nov 2017 18:59:25 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <AM4PR0801MB27068830207314CE2F5143AAFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
Content-Type: text/plain; charset="utf-8"; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Originating-IP: [134.102.160.161]
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/gdHqmUrDVkycdwnR1a_G9FOHzOo>
Subject: Re: [Suit] SUIT Charter: Firmware Server Discovery and Download Mechanism
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Nov 2017 17:59:39 -0000

Hello Hannes,

if you (or - by any means - anyone interested) find the time, please 
have a look at the editor's version found at github. Thank you!


Viele Grüße,

Henk

On 11/23/2017 06:54 PM, Hannes Tschofenig wrote:
> Hi Henk,
> 
> Give me a few days to digest this info and to read the referenced documents. I have not paid attention to the SACM group since I wasn't aware that it has anything to do with IoT.
> 
> Ciao
> Hannes
> 
> -----Original Message-----
> From: Henk Birkholz [mailto:henk.birkholz@sit.fraunhofer.de]
> Sent: 23 November 2017 18:06
> To: Hannes Tschofenig; suit@ietf.org
> Subject: Re: [Suit] SUIT Charter: Firmware Server Discovery and Download Mechanism
> 
> Hm... if that is not clear by reading the draft, I would very welcome a review, Hannes!
> 
> Software Identifiers (SWID) are documents that provide metadata about software components. The traditional audience (and I mean "draft readers", not SWID consumers) are the entities creating and or distributing software to be installed on (composite) system entities.
> 
> 
> 
> Some more detail:
> 
> SWID documents can be created by the manufacturer/vendor/distributor and can be signed (CoSWID also be encrypted). If they include, for examples hash-values about the software components and are signed they can provide so called "golden measurements"/"well known values" -> reference integrity measurements manifests (RIM manifests). In general, they can express a multitude of additional metadata (e.g. various types of versions, the roles of the creator or issuer, etc.), and semantic dependencies between software components (e.g. patches, requires, supersedes, etc.), as well as the different forms in which software components exist in (installation package, installed, associated with license, even running). SWID documents can also be created by "everyone else", e.g. by 3rd party products on the system entities - and therefore can compose Evidence.
> 
> StrongSwan, for example, an open source IPSec VPN solution (https://www.strongswan.org/), includes a SWID generator on the client side to provide evidence for network access control.
> 
> There are various usage scenarios - one of them: a Firmware Update Manifest.
> 
> SWID are defined by ISO (19770-2:2015 Software Identification Tags).
> There is a freely available schema for XML encoding
> (http://standards.iso.org/iso/19770/-2/2015-current/schema.xsd) and a guidance document of how to use them by NIST (http://nvlpubs.nist.gov/nistpubs/ir/2016/NIST.IR.8060.pdf). Concise Software Identifier use CBOR/CDDL instead of XML/XSD, include clarification provided by NIST about firmware and signatures, reduce some ambiguity that is found in the XSD, etc (https://github.com/sacmwg/draft-ietf-sacm-coswid).
> 
> 
> Viele Grüße,
> 
> Henk
> 
> 
> 
> 
> 
> On 11/23/2017 05:29 PM, Hannes Tschofenig wrote:
>> Hi Henk,
>>
>> Maybe you need to explain what you are doing with your Concise Software Identifier draft and who the target audience was for it.
>>
>> Ciao
>> Hannes
>>
>>
>> -----Original Message-----
>> From: Suit [mailto:suit-bounces@ietf.org] On Behalf Of Henk Birkholz
>> Sent: 23 November 2017 17:26
>> To: suit@ietf.org
>> Subject: Re: [Suit] SUIT Charter: Firmware Server Discovery and
>> Download Mechanism
>>
>> And again... I meant SUIT, this now seems to be stuck in my head
>> *sigh*
>>
>> On 11/23/2017 05:21 PM, Henk Birkholz wrote:
>>> Oh Im sorry, I was confusing TEEP and SUIT again... my fault! :)
>>>
>>> So please %s/TEEP/SUIT/g
>>>
>>> That said, we added a firmware resource collection to the Concise
>>> Software Identifier draft in early February this year, which enables
>>> this document type to be used as a (Reference Integrity Measurement)
>>> Manifest and/or Container for firmware components.
>>>
>>> When the TEEP BoF formed, we separated that part from the core data
>>> definition and moved it as an extension data definition into an
>>> appendix of the same draft in expectation of more input.
>>>
>>> As we aim for WGLC in December this year (and there will be no
>>> decisions on firmware related content available until then for sure,
>>> unfortunately), we will now only include a minimal set of core
>>> attributes about firmware resources in the core document and create
>>> another draft that will extend this resource collection in order to
>>> become a TEEP conform representation later on.
>>>
>>>
>>> Viele Grüße,
>>>
>>> Henk
>>>
>>> p.s.
>>>
>>> The contradiction I see is that you could use ASN.1 (which is not a
>>> format/encoding - which I was trying to hint at wrt your list of
>>> formats, but Carsten was way more elaborate as me on that topic as I
>>> just saw) in a CMS scenario, but cannot (only) use ASN.1, if you want
>>> to accommodate more than encodings that are typically defined via the
>>> ASN.1 data model language.
>>>
>>> Typically, you (have to / should?) decide on a "clever intermediate
>>> language", if you do the latter, or am I missing something here? You
>>> could use multiple languages at once - I guess - and try to keep them
>>> aligned during the design period of the vocabulary, but I would not
>>> like to be the person who has to do that.
>>>
>>>
>>>
>>> On 11/23/2017 04:27 PM, Hannes Tschofenig wrote:
>>>> Hi Henk,
>>>>
>>>>> Hello Hannes,
>>>>
>>>>> tl;dr I though the consensus was going into the direction of a
>>>>> small list of formats. I consider this to be correct unless
>>>>> consensus shows otherwise.
>>>>
>>>> [Hannes] That would be good. But let's see when we get to the point
>>>> of selecting.
>>>>
>>>>
>>>> The remainder of this email are just observations:
>>>>
>>>> This statement
>>>>
>>>> On 11/23/2017 11:09 AM, Hannes Tschofenig wrote:
>>>>> I may be hard to believe but some companies are actually interested
>>>>> in bringing a standardized manifest format to the market.
>>>>
>>>> in combination with these statements
>>>>
>>>> On 11/23/2017 10:01 AM, Hannes Tschofenig wrote:
>>>>> There is separate text in the charter that says the group will pick
>>>>> one or multiple encoding formats.
>>>>
>>>> On 11/23/2017 09:09 AM, Hannes Tschofenig wrote:
>>>>> Format here means having an ASN.1, XML, JSON, CBOR, etc. encodings
>>>>> of the manifest (+ the appropriate security mechanisms).
>>>>
>>>> seem to contradict each other?
>>>>
>>>>
>>>> Either there is a standardized manifest format, or there are
>>>> multiple based on the same data model? Also including ASN.1 in the
>>>> list is somehow confusing to me. If we are talking about format
>>>> here, I think
>>>> ASN.1 does not fit that list.
>>>>
>>>> [Hannes] I don't see the contradiction. When we submitted our
>>>> initial draft version, which described a solution based on ASN1./DER
>>>> + CMS, some folks said "I want JSON/JOSE" and yet others said "I
>>>> want CBOR/COSE". Hence, the charter text changed by delaying the
>>>> decision to a later time in the working group. What matters
>>>> ultimately is what one has to implement rather than what clever
>>>> intermediate language we use or how we structure documents.
>>>>
>>>> And it might also sound surprising, but because some companies (e.g.
>>>> a few that rely on SOTA) are interested in to market solutions, we
>>>> started to address this in drafts before the first TEEP BoF. Now
>>>> that TEEP is emerging, we are splitting the work wrt firmware, and
>>>> suspended some of it to wait for TEEP manifest definition output in
>>>> order to retain interoperability - which is effectively a delay
>>>> already (but addressing a bigger group of stakeholder seems vital,
>>>> so... viable & necessary).
>>>>
>>>> [Hannes] I am not sure I understood this statement. The Open Trust
>>>> Protocol, which is the only solution so far submitted to the TEEP
>>>> group, does not define a manifest format. At the TEEP BOF folks
>>>> argued that it would be a good idea to re-use the manifest format
>>>> from SUIT in TEEP but that hasn't been done so far (although I think
>>>> it is a good idea).
>>>>
>>>> Ciao
>>>> Hannes
>>>>
>>>> Viele Grüße,
>>>>
>>>> Henk
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Suit mailing list
>>>> Suit@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/suit
>>>> IMPORTANT NOTICE: The contents of this email and any attachments are
>>>> confidential and may also be privileged. If you are not the intended
>>>> recipient, please notify the sender immediately and do not disclose
>>>> the contents to any other person, use it for any purpose, or store
>>>> or copy the information in any medium. Thank you.
>>>>
>>>
>>> _______________________________________________
>>> Suit mailing list
>>> Suit@ietf.org
>>> https://www.ietf.org/mailman/listinfo/suit
>>
>> _______________________________________________
>> Suit mailing list
>> Suit@ietf.org
>> https://www.ietf.org/mailman/listinfo/suit
>> IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
>>
> IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
> 


From nobody Thu Nov 23 10:01:39 2017
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C4F5124D6C for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 10:01:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level: 
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LwHijkCukyNI for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 10:01:37 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0696D1201F8 for <suit@ietf.org>; Thu, 23 Nov 2017 10:01:37 -0800 (PST)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 1E0402008C for <suit@ietf.org>; Thu, 23 Nov 2017 13:03:46 -0500 (EST)
Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 388CF8068A for <suit@ietf.org>; Thu, 23 Nov 2017 13:01:36 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: "suit\@ietf.org" <suit@ietf.org>
In-Reply-To: <032ED31A-4956-4418-954B-0F884801D71C@tzi.org>
References: <CAMRcRGQbXX5Cog=Jccgrkuz48oGnw0v3AAx-N20UaZhXbW=H5g@mail.gmail.com> <589.1511394367@obiwan.sandelman.ca> <AM4PR0801MB2706942518011D9489B0DC6DFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <032ED31A-4956-4418-954B-0F884801D71C@tzi.org>
X-Mailer: MH-E 8.6; nmh 1.7-RC3; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature"
Date: Thu, 23 Nov 2017 13:01:36 -0500
Message-ID: <25279.1511460096@obiwan.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/vWSg7GZEdsMKls8Ti0h1Pbw7Bj0>
Subject: Re: [Suit] SUIT Charter: Firmware Server Discovery and Download Mechanism
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Nov 2017 18:01:38 -0000

--=-=-=
Content-Type: text/plain


Carsten Bormann <cabo@tzi.org> wrote:
    > If CoAP (or the CoRE discovery mechanisms) have gaps or shortcomings
    > for applications that need to do firmware transfer, I think the CoRE WG
    > would be interested to hear about that.  A draft not unlike
    > draft-birkholz-yang-push-coap-problemstatement would be wonderful to
    > prime this discussion.

Carsten, the discovery mechanism might be as simple as stating what
parameters to use for the CoRE discovery process.

--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-




--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAloXDP8ACgkQgItw+93Q
3WXatAgAhwiCgh1eipFWIgrjfAbHxB7Ce6cH3bnnCeemEIDPea9Jg9wLBZ2ou/io
d0sb9fi8Ne3gbmnPts2MDsM5K37luHPv98LUVIQtsRKzXm9FTZO79/l1OkYuuKnK
m3iEbdS//a7hJ0Jk90e+2+k7qLtu3e2knue2GK3A06Zfb8tCT9v2KZULNjZNes6n
NgYBSk4sb0/1eJgjswF8aRl9LeusiesWsu4tiD2SFhk8uJngUIOQtp02IUe3jK3s
CQAquQkEOlpI7ah0EWjDzIS6KjYoF7qazn5wjWzNcc1jd6fO7CQHDDCllycK5gTi
ydvcY8GjxcCCNQqeiELn0xZeA80x/A==
=3eoY
-----END PGP SIGNATURE-----
--=-=-=--


From nobody Thu Nov 23 10:01:49 2017
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3ECB012702E for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 10:01:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.911
X-Spam-Level: 
X-Spam-Status: No, score=-2.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=-1, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J2qKnQFtK7EJ for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 10:01:43 -0800 (PST)
Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-eopbgr50085.outbound.protection.outlook.com [40.107.5.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E226B1201F8 for <suit@ietf.org>; Thu, 23 Nov 2017 10:01:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=ih/p8XK9rPa0kiYJEE/YhWpFNSI8KRjy2Tpnibqgmk4=; b=mB5AryxNWP5rkALwMKHpYIde4U8Jv13p+mNlkanem8iDC2+bmSu/xeIky7IlTXTldsVCKXSms/emQprlxN8siv5P4KkEKa4Ob8I19aJT5PlTcnn6K5aWrpRKE3d1Ols0alVEAmEOxF5tAOpl8ODkN9UbKKxOMrW6bdaSfXlScPQ=
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com (10.167.90.148) by AM4PR0801MB2708.eurprd08.prod.outlook.com (10.167.90.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.239.5; Thu, 23 Nov 2017 18:01:40 +0000
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::edae:da33:a0c9:fe3f]) by AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::edae:da33:a0c9:fe3f%13]) with mapi id 15.20.0239.009; Thu, 23 Nov 2017 18:01:40 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>, "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] SUIT Charter: Firmware Server Discovery and Download Mechanism
Thread-Index: AQHTY+nKOBJ15iHy80Of+kwRfWqQtaMhEE6AgACHNyCAAKn5AIAAAJtA
Date: Thu, 23 Nov 2017 18:01:39 +0000
Message-ID: <AM4PR0801MB2706304F04C9862BC6E991A5FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
References: <CAMRcRGQbXX5Cog=Jccgrkuz48oGnw0v3AAx-N20UaZhXbW=H5g@mail.gmail.com> <589.1511394367@obiwan.sandelman.ca> <AM4PR0801MB2706942518011D9489B0DC6DFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <24510.1511459906@obiwan.sandelman.ca>
In-Reply-To: <24510.1511459906@obiwan.sandelman.ca>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com; 
x-originating-ip: [80.92.114.7]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM4PR0801MB2708; 6:0kdZ5jHED7pkhufoymSk9k5DIHeY4JOEmqLBzSpHhljwG2t6eMd32qR719nngYbc5eNBof2ABzQFe1HHr8zJvO51+uBiMtvG7d/IFcrYV01G3DAF3Qo67/uAe9wWK4U5eWIO3RhybxOJmmwEcbBaLH3cY1auy1ovhe7rWa3Ejsn8nv+HdJkwBgEk8fjQM9SNAGPMuCxSXzZq6gTqAetDaq6hWCOS0yYRCTUCQYsx8gSgYT8uvNAetCacPGj/6aupm0wTHYKvvRS4Sarls/s9XTuIn31q8bdNid967AWThNYWobpoj1WhPj6kIco4ov8BJXGpsnVzWLH7VrTZ97UyLQR0knLM1kyFOxtS4OJFyuE=; 5:/3wOLS2gjy/mnO8frB+kzhuJDjXqV+nweVe2ExjCop/txhf3xQZT+xK2HJo+sV0zQtqTPyHC2kMsD7fGmJ4cv1VhNVvXXbVCtsPTbNeAKjis7iJtDdJ4/Ia8ubAIX/w56CaYwuDBNm0l8vDUfhom0VBydA3plif1gItGr8hvGTE=; 24:z5gEcaJIfdBWetYylr5sWbf+TLRYM14FYb3xUQOsD5/kRc3gciU41DYxx8GSDcAYmRad6vGT6/RzugSSFxzaXhGYTlDqKeVTAsrpQeype9o=; 7:RI3hrq57drmQBWikLYF3+BO+lCuNfnESUJTdOAbq/E3bxMigpQn0LrzOO1bOjc6IgRVJ9T3J9ncuelEOyM+Q8Yk6DE3t+FpBOF0mgtc7HBL3ujL9trMsIYiXGMiPTemToAlFbqLFjKtpXu7to+4rv5fswMA2J+RfoSrad8kIiRwqO0T6j7YAujh9q18QGiYyhNAh5tBOhIu0DAxT1HfsKQl4DewVtdbXct8jlEKRXpW9Qnk7Hdz9VFcl+hDjmbmp
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 13c146c1-9029-48d9-1cf7-08d5329c3f45
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(5600025)(4604075)(2017052603258); SRVR:AM4PR0801MB2708; 
x-ms-traffictypediagnostic: AM4PR0801MB2708:
x-microsoft-antispam-prvs: <AM4PR0801MB2708D9327C8D2F6F0230AA14FA210@AM4PR0801MB2708.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(180628864354917);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(100000703101)(100105400095)(93006095)(93001095)(10201501046)(3002001)(3231022)(6055026)(6041248)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123558100)(20161123555025)(20161123560025)(20161123562025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:AM4PR0801MB2708; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:AM4PR0801MB2708; 
x-forefront-prvs: 05009853EF
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(39860400002)(346002)(366004)(376002)(24454002)(199003)(189002)(13464003)(40434004)(5250100002)(8936002)(99286004)(305945005)(7736002)(2906002)(6436002)(50986999)(54356999)(3660700001)(101416001)(3280700002)(74316002)(6506006)(9686003)(76176999)(53546010)(33656002)(81166006)(3846002)(106356001)(105586002)(66066001)(6116002)(2900100001)(81156014)(102836003)(478600001)(8676002)(316002)(93886005)(14454004)(97736004)(86362001)(72206003)(110136005)(68736007)(2950100002)(53936002)(189998001)(2501003)(229853002)(55016002)(5890100001)(6246003)(5660300001)(25786009)(7696005); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR0801MB2708; H:AM4PR0801MB2706.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 13c146c1-9029-48d9-1cf7-08d5329c3f45
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Nov 2017 18:01:39.9324 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0801MB2708
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/jG0ZODiDQzQ0fgvWK0SEPnspTvM>
Subject: Re: [Suit] SUIT Charter: Firmware Server Discovery and Download Mechanism
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Nov 2017 18:01:47 -0000

Hi Michael,

None of this answers the question why you are not doing your discovery work=
 in one of the existing groups (CORE, DHC, ...) or create a new working gro=
up.

Ciao
Hannes

-----Original Message-----
From: Suit [mailto:suit-bounces@ietf.org] On Behalf Of Michael Richardson
Sent: 23 November 2017 18:58
To: suit@ietf.org
Subject: Re: [Suit] SUIT Charter: Firmware Server Discovery and Download Me=
chanism


Hannes Tschofenig <Hannes.Tschofenig@arm.com> wrote:
    > the problem is the slippery slope here: as mentioned on the mailing
    > list (not by me) it is not only about discovering the server but very
    > quickly you are talking about "how do I push firmware updates to
    > devices (instead of just polling)", "how do I learn what capabilities

That's why we argue about the charter now and not leave it open.

    > I am wondering why you don't create your own working group just to wo=
rk
    > on this topic. This would help to create more focused work.

If we would like the same device to be deployable and upgradeable in unmana=
ged (call home to vendor) and air-gap firewall situations, then we had bett=
er not bake in the update URL.

Given that the updates are properly signed from an authorized entity, it do=
esn't matter where they come from.

--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works  -=3D =
IPv6 IoT consulting =3D-



IMPORTANT NOTICE: The contents of this email and any attachments are confid=
ential and may also be privileged. If you are not the intended recipient, p=
lease notify the sender immediately and do not disclose the contents to any=
 other person, use it for any purpose, or store or copy the information in =
any medium. Thank you.


From nobody Thu Nov 23 10:07:10 2017
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5EE44126C26 for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 10:07:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level: 
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jvjYLsfR0hYw for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 10:07:08 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7F4C0124D6C for <suit@ietf.org>; Thu, 23 Nov 2017 10:07:08 -0800 (PST)
Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id 6FBF32008C for <suit@ietf.org>; Thu, 23 Nov 2017 13:09:17 -0500 (EST)
Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 8A2FE8068A for <suit@ietf.org>; Thu, 23 Nov 2017 13:07:07 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: "suit\@ietf.org" <suit@ietf.org>
In-Reply-To: <E1B999AE-A056-4DFE-9307-9FB1D29B5F9D@tzi.org>
References: <CAMRcRGTGnEc6M1ywrW2TVo7Ueoi4TKhEhBvwriiS9vXE6imZbg@mail.gmail.com> <AM4PR0801MB2706FBF71B766D9929CBA0B1FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <c9e1ae04-00e2-4e25-c84e-c93ed2faf7c1@sit.fraunhofer.de> <AM4PR0801MB27065CB26E49B2BB834644EEFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <308e17f9-e5db-2bb5-3377-c4c19cc177a6@sit.fraunhofer.de> <AM4PR0801MB2706D6B0366F06CFAE962BA0FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <E1B999AE-A056-4DFE-9307-9FB1D29B5F9D@tzi.org>
X-Mailer: MH-E 8.6; nmh 1.7-RC3; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature"
Date: Thu, 23 Nov 2017 13:07:07 -0500
Message-ID: <26840.1511460427@obiwan.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/Ly4AtSdlzwhlfVxMjqth6wlWgiE>
Subject: Re: [Suit] SUIT Charter: RFC4108 Reference in the charter
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Nov 2017 18:07:09 -0000

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable


Carsten Bormann <cabo@tzi.org> wrote:
    >> As mentioned to Suhas the purpose of mentioning RFC 4108 and also the
    >>IAB workshop is to highlight that the IETF has been looking into this
    >>topic before. You prefer not to mention anything about prior IETF work
    >>in this area to the reader. Is that correct?

    > I=E2=80=99m not Henk, but the charter is there to guide (and constrai=
n) the work of the WG.

    > I believe it is good if WG participants know about RFC 4108 and the
    > IoTSU workshop.

+1.

    > The reference to IoTSU is somewhat unambiguous, but, as I mentioned
    > previously a few times already, it is too easy to raise the
    > misconception that SUIT is the RFC 4108 tweaking WG.  The sense of the
    > BOF in Singapore was quite different.

I am happy with the reference that occurs in the text posted on the
datatracker now.  I was unhappy with the prior version.

=2D-
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -=3D IPv6 IoT consulting =3D-




--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAloXDksACgkQgItw+93Q
3WVicQf/Wk0UusjLjl2KTahUquRonXyNBib3mPspN66ipl8dHka5OJsTDus/WZXt
88fuH8qo0tODN8RB00XjWWYjvDpx1rxcVUsQCc4+8X9bYVfZOUq62ZqrYeoRfE2j
r16dniaAXeVn+8rygpUODDC81EaBFKmJHmTepYc7zDq89yyKdwVlc+7jGXDrObqd
uf9R5uvOnmNREqw0bv7UoRQHfYkZfurtKzVgHjEBEvX/t5lIUCIEVxbg3vuARgQ6
R4uhmAmZPKTLbD9FheJc169wI5vLmaTWvjm5/+4E+2pnZv0P8nTio9YOICb/C2mg
DKCJosuYb71SzzTzw1Y0IUFwQTyZMw==
=Bsbv
-----END PGP SIGNATURE-----
--=-=-=--


From nobody Thu Nov 23 10:16:10 2017
Return-Path: <henk.birkholz@sit.fraunhofer.de>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E2DD124D6C for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 10:16:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.901
X-Spam-Level: 
X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RdPcBDN9UtaB for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 10:16:04 -0800 (PST)
Received: from iron01.fraunhofer.de (iron01.fraunhofer.de [153.96.1.54]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7E82E1200C5 for <suit@ietf.org>; Thu, 23 Nov 2017 10:16:03 -0800 (PST)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A2F5AQDh299Z/xoBYJlXBxoBAQEBAgEBAQEIAQEBAYNdZG4nB4NzmVGBSyt5lUSBQRsoChgLgV6DOgKEP1cBAgEBAQEBAgNoKIJmBEYmAwMBAQEBAQEBAQEjAQEBAQEBAQEBAQEBAQEBGgIIBREgEgIYAQEBAgIBASEECwEFNgIVBAkCEQQBAQECAiMDAgInHwEICAYBDAYCAQEXigIBBAELjXucMxGBI4FtOos8AQEBAQEBAQEBAQEBAQEBAQEBAQEBHYEOgh+BNTEQEYFRbnwrgko1hFIBEgEJAz+CZ4JhBYdHgluXIoEIgSaFMINig2GHXRtChReDVQUkhwqKIYglgngCBAYFAhkBgTlYgQMLUyZdhRkBBReBaHUBAQGJEA8YA4EJAYEQAQEB
X-IPAS-Result: A2F5AQDh299Z/xoBYJlXBxoBAQEBAgEBAQEIAQEBAYNdZG4nB4NzmVGBSyt5lUSBQRsoChgLgV6DOgKEP1cBAgEBAQEBAgNoKIJmBEYmAwMBAQEBAQEBAQEjAQEBAQEBAQEBAQEBAQEBGgIIBREgEgIYAQEBAgIBASEECwEFNgIVBAkCEQQBAQECAiMDAgInHwEICAYBDAYCAQEXigIBBAELjXucMxGBI4FtOos8AQEBAQEBAQEBAQEBAQEBAQEBAQEBHYEOgh+BNTEQEYFRbnwrgko1hFIBEgEJAz+CZ4JhBYdHgluXIoEIgSaFMINig2GHXRtChReDVQUkhwqKIYglgngCBAYFAhkBgTlYgQMLUyZdhRkBBReBaHUBAQGJEA8YA4EJAYEQAQEB
X-IronPort-AV: E=Sophos;i="5.43,368,1503352800"; d="scan'208";a="100323888"
Received: from mail-mtaka26.fraunhofer.de ([153.96.1.26]) by iron01.fraunhofer.de with ESMTP/TLS/DHE-RSA-AES256-SHA; 23 Nov 2017 19:15:58 +0100
X-IronPort-AV: E=Sophos;i="5.44,441,1505772000"; d="scan'208";a="270948107"
X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown
Received: from mailext.sit.fraunhofer.de ([141.12.72.89]) by mail-mtaka26.fraunhofer.de with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 23 Nov 2017 19:15:51 +0100
Received: from mail.sit.fraunhofer.de (mail.sit.fraunhofer.de [141.12.84.171]) by mailext.sit.fraunhofer.de (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id vANIFnRZ022904 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 23 Nov 2017 19:15:50 +0100
Received: from [134.102.160.161] (134.102.160.161) by mail.sit.fraunhofer.de (141.12.84.171) with Microsoft SMTP Server (TLS) id 14.3.361.1; Thu, 23 Nov 2017 19:15:44 +0100
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, "suit@ietf.org" <suit@ietf.org>
References: <CAMRcRGQbXX5Cog=Jccgrkuz48oGnw0v3AAx-N20UaZhXbW=H5g@mail.gmail.com> <589.1511394367@obiwan.sandelman.ca> <AM4PR0801MB2706942518011D9489B0DC6DFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <512a039b-ca00-5cf7-bee1-988942e4656b@sit.fraunhofer.de> <AM4PR0801MB27067933617964FF23228B87FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <d4475dcb-828f-00e9-4dc4-f23e8aade2fa@sit.fraunhofer.de> <AM4PR0801MB270676B2560410315A744BF9FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <9ed2fd3e-4fe9-28dd-1b29-e93c2d9880d8@sit.fraunhofer.de> <93c16682-3ee7-9e0e-28c4-f03bc724b0a0@sit.fraunhofer.de> <AM4PR0801MB2706A5583DEC02CC61CFE1AAFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <4efd6388-61e1-a437-99c8-f3df5aa40fcf@sit.fraunhofer.de> <AM4PR0801MB27068830207314CE2F5143AAFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
From: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
Message-ID: <c4bfca06-d27e-4c78-f281-bc701a4291e4@sit.fraunhofer.de>
Date: Thu, 23 Nov 2017 19:15:43 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <AM4PR0801MB27068830207314CE2F5143AAFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
Content-Type: text/plain; charset="utf-8"; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Originating-IP: [134.102.160.161]
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/Ed3ec_2TDmhxazXtkq_Hl-gC7ws>
Subject: Re: [Suit] SUIT Charter: Firmware Server Discovery and Download Mechanism
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Nov 2017 18:16:07 -0000

And to add why this work is done in SACM. There are a lot more reasons 
than "IoT" to use a concise representation.

The RIM manifests of software components (especially those deployed in 
file systems) can become quite... extensive. In some usage scenarios it 
is therefore useful, to just reduce the size of the data in motion, e.g. 
TEE attestations of mobile phones or thousands of VNF in a cloud domain.

Viele Grüße,

Henk

On 11/23/2017 06:54 PM, Hannes Tschofenig wrote:
> Hi Henk,
> 
> Give me a few days to digest this info and to read the referenced documents. I have not paid attention to the SACM group since I wasn't aware that it has anything to do with IoT.
> 
> Ciao
> Hannes
> 
> -----Original Message-----
> From: Henk Birkholz [mailto:henk.birkholz@sit.fraunhofer.de]
> Sent: 23 November 2017 18:06
> To: Hannes Tschofenig; suit@ietf.org
> Subject: Re: [Suit] SUIT Charter: Firmware Server Discovery and Download Mechanism
> 
> Hm... if that is not clear by reading the draft, I would very welcome a review, Hannes!
> 
> Software Identifiers (SWID) are documents that provide metadata about software components. The traditional audience (and I mean "draft readers", not SWID consumers) are the entities creating and or distributing software to be installed on (composite) system entities.
> 
> 
> 
> Some more detail:
> 
> SWID documents can be created by the manufacturer/vendor/distributor and can be signed (CoSWID also be encrypted). If they include, for examples hash-values about the software components and are signed they can provide so called "golden measurements"/"well known values" -> reference integrity measurements manifests (RIM manifests). In general, they can express a multitude of additional metadata (e.g. various types of versions, the roles of the creator or issuer, etc.), and semantic dependencies between software components (e.g. patches, requires, supersedes, etc.), as well as the different forms in which software components exist in (installation package, installed, associated with license, even running). SWID documents can also be created by "everyone else", e.g. by 3rd party products on the system entities - and therefore can compose Evidence.
> 
> StrongSwan, for example, an open source IPSec VPN solution (https://www.strongswan.org/), includes a SWID generator on the client side to provide evidence for network access control.
> 
> There are various usage scenarios - one of them: a Firmware Update Manifest.
> 
> SWID are defined by ISO (19770-2:2015 Software Identification Tags).
> There is a freely available schema for XML encoding
> (http://standards.iso.org/iso/19770/-2/2015-current/schema.xsd) and a guidance document of how to use them by NIST (http://nvlpubs.nist.gov/nistpubs/ir/2016/NIST.IR.8060.pdf). Concise Software Identifier use CBOR/CDDL instead of XML/XSD, include clarification provided by NIST about firmware and signatures, reduce some ambiguity that is found in the XSD, etc (https://github.com/sacmwg/draft-ietf-sacm-coswid).
> 
> 
> Viele Grüße,
> 
> Henk
> 
> 
> 
> 
> 
> On 11/23/2017 05:29 PM, Hannes Tschofenig wrote:
>> Hi Henk,
>>
>> Maybe you need to explain what you are doing with your Concise Software Identifier draft and who the target audience was for it.
>>
>> Ciao
>> Hannes
>>
>>
>> -----Original Message-----
>> From: Suit [mailto:suit-bounces@ietf.org] On Behalf Of Henk Birkholz
>> Sent: 23 November 2017 17:26
>> To: suit@ietf.org
>> Subject: Re: [Suit] SUIT Charter: Firmware Server Discovery and
>> Download Mechanism
>>
>> And again... I meant SUIT, this now seems to be stuck in my head
>> *sigh*
>>
>> On 11/23/2017 05:21 PM, Henk Birkholz wrote:
>>> Oh Im sorry, I was confusing TEEP and SUIT again... my fault! :)
>>>
>>> So please %s/TEEP/SUIT/g
>>>
>>> That said, we added a firmware resource collection to the Concise
>>> Software Identifier draft in early February this year, which enables
>>> this document type to be used as a (Reference Integrity Measurement)
>>> Manifest and/or Container for firmware components.
>>>
>>> When the TEEP BoF formed, we separated that part from the core data
>>> definition and moved it as an extension data definition into an
>>> appendix of the same draft in expectation of more input.
>>>
>>> As we aim for WGLC in December this year (and there will be no
>>> decisions on firmware related content available until then for sure,
>>> unfortunately), we will now only include a minimal set of core
>>> attributes about firmware resources in the core document and create
>>> another draft that will extend this resource collection in order to
>>> become a TEEP conform representation later on.
>>>
>>>
>>> Viele Grüße,
>>>
>>> Henk
>>>
>>> p.s.
>>>
>>> The contradiction I see is that you could use ASN.1 (which is not a
>>> format/encoding - which I was trying to hint at wrt your list of
>>> formats, but Carsten was way more elaborate as me on that topic as I
>>> just saw) in a CMS scenario, but cannot (only) use ASN.1, if you want
>>> to accommodate more than encodings that are typically defined via the
>>> ASN.1 data model language.
>>>
>>> Typically, you (have to / should?) decide on a "clever intermediate
>>> language", if you do the latter, or am I missing something here? You
>>> could use multiple languages at once - I guess - and try to keep them
>>> aligned during the design period of the vocabulary, but I would not
>>> like to be the person who has to do that.
>>>
>>>
>>>
>>> On 11/23/2017 04:27 PM, Hannes Tschofenig wrote:
>>>> Hi Henk,
>>>>
>>>>> Hello Hannes,
>>>>
>>>>> tl;dr I though the consensus was going into the direction of a
>>>>> small list of formats. I consider this to be correct unless
>>>>> consensus shows otherwise.
>>>>
>>>> [Hannes] That would be good. But let's see when we get to the point
>>>> of selecting.
>>>>
>>>>
>>>> The remainder of this email are just observations:
>>>>
>>>> This statement
>>>>
>>>> On 11/23/2017 11:09 AM, Hannes Tschofenig wrote:
>>>>> I may be hard to believe but some companies are actually interested
>>>>> in bringing a standardized manifest format to the market.
>>>>
>>>> in combination with these statements
>>>>
>>>> On 11/23/2017 10:01 AM, Hannes Tschofenig wrote:
>>>>> There is separate text in the charter that says the group will pick
>>>>> one or multiple encoding formats.
>>>>
>>>> On 11/23/2017 09:09 AM, Hannes Tschofenig wrote:
>>>>> Format here means having an ASN.1, XML, JSON, CBOR, etc. encodings
>>>>> of the manifest (+ the appropriate security mechanisms).
>>>>
>>>> seem to contradict each other?
>>>>
>>>>
>>>> Either there is a standardized manifest format, or there are
>>>> multiple based on the same data model? Also including ASN.1 in the
>>>> list is somehow confusing to me. If we are talking about format
>>>> here, I think
>>>> ASN.1 does not fit that list.
>>>>
>>>> [Hannes] I don't see the contradiction. When we submitted our
>>>> initial draft version, which described a solution based on ASN1./DER
>>>> + CMS, some folks said "I want JSON/JOSE" and yet others said "I
>>>> want CBOR/COSE". Hence, the charter text changed by delaying the
>>>> decision to a later time in the working group. What matters
>>>> ultimately is what one has to implement rather than what clever
>>>> intermediate language we use or how we structure documents.
>>>>
>>>> And it might also sound surprising, but because some companies (e.g.
>>>> a few that rely on SOTA) are interested in to market solutions, we
>>>> started to address this in drafts before the first TEEP BoF. Now
>>>> that TEEP is emerging, we are splitting the work wrt firmware, and
>>>> suspended some of it to wait for TEEP manifest definition output in
>>>> order to retain interoperability - which is effectively a delay
>>>> already (but addressing a bigger group of stakeholder seems vital,
>>>> so... viable & necessary).
>>>>
>>>> [Hannes] I am not sure I understood this statement. The Open Trust
>>>> Protocol, which is the only solution so far submitted to the TEEP
>>>> group, does not define a manifest format. At the TEEP BOF folks
>>>> argued that it would be a good idea to re-use the manifest format
>>>> from SUIT in TEEP but that hasn't been done so far (although I think
>>>> it is a good idea).
>>>>
>>>> Ciao
>>>> Hannes
>>>>
>>>> Viele Grüße,
>>>>
>>>> Henk
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Suit mailing list
>>>> Suit@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/suit
>>>> IMPORTANT NOTICE: The contents of this email and any attachments are
>>>> confidential and may also be privileged. If you are not the intended
>>>> recipient, please notify the sender immediately and do not disclose
>>>> the contents to any other person, use it for any purpose, or store
>>>> or copy the information in any medium. Thank you.
>>>>
>>>
>>> _______________________________________________
>>> Suit mailing list
>>> Suit@ietf.org
>>> https://www.ietf.org/mailman/listinfo/suit
>>
>> _______________________________________________
>> Suit mailing list
>> Suit@ietf.org
>> https://www.ietf.org/mailman/listinfo/suit
>> IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
>>
> IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
> 


From nobody Thu Nov 23 12:46:44 2017
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D99B120725 for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 12:46:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level: 
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id arn2oMydR_y2 for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 12:46:41 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 31CD912025C for <suit@ietf.org>; Thu, 23 Nov 2017 12:46:41 -0800 (PST)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 3C90A2008C; Thu, 23 Nov 2017 15:48:50 -0500 (EST)
Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id E7B5B82B23; Thu, 23 Nov 2017 15:46:39 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: "suit\@ietf.org" <suit@ietf.org>
cc: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
In-Reply-To: <4efd6388-61e1-a437-99c8-f3df5aa40fcf@sit.fraunhofer.de>
References: <CAMRcRGQbXX5Cog=Jccgrkuz48oGnw0v3AAx-N20UaZhXbW=H5g@mail.gmail.com> <589.1511394367@obiwan.sandelman.ca> <AM4PR0801MB2706942518011D9489B0DC6DFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <512a039b-ca00-5cf7-bee1-988942e4656b@sit.fraunhofer.de> <AM4PR0801MB27067933617964FF23228B87FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <d4475dcb-828f-00e9-4dc4-f23e8aade2fa@sit.fraunhofer.de> <AM4PR0801MB270676B2560410315A744BF9FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <9ed2fd3e-4fe9-28dd-1b29-e93c2d9880d8@sit.fraunhofer.de> <93c16682-3ee7-9e0e-28c4-f03bc724b0a0@sit.fraunhofer.de> <AM4PR0801MB2706A5583DEC02CC61CFE1AAFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <4efd6388-61e1-a437-99c8-f3df5aa40fcf@sit.fraunhofer.de>
X-Mailer: MH-E 8.6; nmh 1.7-RC3; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature"
Date: Thu, 23 Nov 2017 15:46:39 -0500
Message-ID: <32115.1511469999@obiwan.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/q2s0p8p9se87PCJQZq5E_3xiNJw>
Subject: Re: [Suit] SUIT Charter: Firmware Server Discovery and Download Mechanism
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Nov 2017 20:46:43 -0000

--=-=-=
Content-Type: text/plain


Henk Birkholz <henk.birkholz@sit.fraunhofer.de> wrote:
    > SWID are defined by ISO (19770-2:2015 Software Identification Tags). There is
    > a freely available schema for XML encoding
    > (http://standards.iso.org/iso/19770/-2/2015-current/schema.xsd) and a
    > guidance document of how to use them by NIST
    > (http://nvlpubs.nist.gov/nistpubs/ir/2016/NIST.IR.8060.pdf). Concise Software
    > Identifier use CBOR/CDDL instead of XML/XSD, include clarification provided
    > by NIST about firmware and signatures, reduce some ambiguity that is found in
    > the XSD, etc (https://github.com/sacmwg/draft-ietf-sacm-coswid).

Very cool, thank for posting this.
I was unaware of this work.

It seems like COSWID is so close to the manifest that it should be extended
rather than replaced.

--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-




--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAloXM68ACgkQgItw+93Q
3WVGtAgArxeXTt/0eQcS4msggkKosrHHUV6p0fEozCiFPfKZiYHZxl7xG7xSNWjf
u0/MkBrWUP/6AfiT6Gx7x06LP7bRfKcXkc6BZxCAcPQrv+esvEeo5l7c9XBwDHTo
wayq9O8Y7i2ru2e+UgkiVppzphPDlrKWkHYJlynJUUNuKn1UjFqf6TvJewxk17nD
GTSLt+LKA+ICtkvBQcKhGiA0a1Rm0TawOP8lc9YvDbR3QMERFnFsAZa2ByXZ+VtI
pKub9V4LC0Akb0c04XpP3GfT60Xf3plHJH5/vfj1LvI1rStrxT7n7dr9KzWt34pP
VTTHZAhctZaL15SwGzG2hz/3wfxgVQ==
=neTi
-----END PGP SIGNATURE-----
--=-=-=--


From nobody Thu Nov 23 12:55:29 2017
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 57B90120725 for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 12:55:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level: 
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pYtBY334mXgg for <suit@ietfa.amsl.com>; Thu, 23 Nov 2017 12:55:26 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1A85612025C for <suit@ietf.org>; Thu, 23 Nov 2017 12:55:26 -0800 (PST)
Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id ABE352008C; Thu, 23 Nov 2017 15:57:35 -0500 (EST)
Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 5D3DF82B23; Thu, 23 Nov 2017 15:55:25 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
cc: "suit\@ietf.org" <suit@ietf.org>
In-Reply-To: <AM4PR0801MB2706304F04C9862BC6E991A5FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
References: <CAMRcRGQbXX5Cog=Jccgrkuz48oGnw0v3AAx-N20UaZhXbW=H5g@mail.gmail.com> <589.1511394367@obiwan.sandelman.ca> <AM4PR0801MB2706942518011D9489B0DC6DFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <24510.1511459906@obiwan.sandelman.ca> <AM4PR0801MB2706304F04C9862BC6E991A5FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
X-Mailer: MH-E 8.6; nmh 1.7-RC3; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature"
Date: Thu, 23 Nov 2017 15:55:25 -0500
Message-ID: <1705.1511470525@obiwan.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/X5fEqIVpd-fv_JT-y4DAyMzqI7k>
Subject: Re: [Suit] SUIT Charter: Firmware Server Discovery and Download Mechanism
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Nov 2017 20:55:27 -0000

--=-=-=
Content-Type: text/plain


Hannes Tschofenig <Hannes.Tschofenig@arm.com> wrote:
    > None of this answers the question why you are not doing your discovery
    > work in one of the existing groups (CORE, DHC, ...) or create a new
    > working group.

Because we don't to invent a new discovery protocol.
For that we might need a new WG.
We just want to *use* one in an standard way.
It could be as simple as multicast CoAP for /.well-known/core?rt=suit,
or use DNS-SD.

This might need an IANA action for instance, or we might need to declare a
category of service names.  And perhaps how to interpret the results.

Here, for instance, is the text from BRSKI about discovery using DNS-SD:

   The Pledge MAY perform DNS-based Service Discovery [RFC6763] over
   Multicast DNS [RFC6762] searching for the service
   "_bootstrapks._tcp.local.".

{In fact, that's optional, we use GRASP discovery normatively}
That's it (well, we go on a bunch about congestion concerns, and then IPv4
considerations..., but that's all informative)


--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-




--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAloXNb0ACgkQgItw+93Q
3WU6UwgAo3+Y+QzGegwFC4euMkC+J+0fteUTR01KkHm42Y4TZzOkF1WJ9Yaf8qAs
cAZrKNT06cBEocb9ZH+8qYz3XwCpu/s+jwuwIqyxDzKI0QmlArw/Ze7O9DjQbM2k
LW/vg4KRHLXlKGqDI3eqUCp8HREbo2vGb6zn56r01yU72QbwAMrN6P3u+XB/x/Qu
YW0udNGIbe3ONDudLNB6R7Us4FwCCpDaRGyuok/udvLYHukRVVsgZvMODJP+ZKMl
3mqmDvVYhSO5DcJUVuIuHIA1E0CsyFCkZG4+RvyISBA4N/4BptTaGMe06Ho2s+SU
nzbeqDpfojmvpJthZF1AmqBSJuFMEg==
=vbvV
-----END PGP SIGNATURE-----
--=-=-=--


From nobody Fri Nov 24 22:13:09 2017
Return-Path: <justincappos@gmail.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EDF9F1270A0 for <suit@ietfa.amsl.com>; Fri, 24 Nov 2017 22:13:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.399
X-Spam-Level: 
X-Spam-Status: No, score=-2.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.199, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KwxuFFA6jG2s for <suit@ietfa.amsl.com>; Fri, 24 Nov 2017 22:13:06 -0800 (PST)
Received: from mail-lf0-x234.google.com (mail-lf0-x234.google.com [IPv6:2a00:1450:4010:c07::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CF80B12869B for <suit@ietf.org>; Fri, 24 Nov 2017 22:13:05 -0800 (PST)
Received: by mail-lf0-x234.google.com with SMTP id f134so27386274lfg.8 for <suit@ietf.org>; Fri, 24 Nov 2017 22:13:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;  h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=bofrPCmIeUd2XZi22k7ucfAltkE1VE1KqoiY4vQ6nJ4=; b=Jh305itPvM+dgymzZ+pU+RsqSiKWeVO+mFGX3PzOCUmWwybyYEcLysgEAWrbUHpCnb cdZHC1NHUlNYdsOorzITBP2HJJ36Pnk2C7PVq5SFLJOBNBMCIew4hVZHxq9Z6+xmiU3a qJFUqdKxkOWPNU4bYwz0B+CIOAkUBCuGNaxNzp0WYFnDSuxlQqZctSaD4gFGYwaDjhFj 6kfGdG/00Xiw0/TFl/JNczx/+rw0CU4oxR9zvx29e6aPs3GKj0lSaAT5foh/NBHbXBXu u5wEGdBzLu9IWFO35gAYr6vUHVL/vma2qwEILdlF3/urdT1X1ODnkmnsVACwQc921Q+D QXLg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=bofrPCmIeUd2XZi22k7ucfAltkE1VE1KqoiY4vQ6nJ4=; b=rFzP7ck5u8F4bxpfwFJN3eTiwDgllMEYOlATs/L038INj0nJyTX6xLxgZYZs6743rs SW+07rkOA1QlkqEcjxfdfF6bGsvhhIbRZAVtIDFCJfbLquGhjC8vFTxE5EbSweT+xNeh RiSRgaPW03ELw4Bvdm/9WR0NYjnQc1IJNE6NooOCmvSch0A3C0DI1f0pKgZ16KlRoxCQ PNeKAiQ3od1EsxwOTln63TgyC0C4j89kyCcDixFfrP0ZKM8m3bhXwh9VU7R+u/NVpjHc gSxvcFzm0n74QZSSi5HD7hDgZbv+qHljMtiA44UF6dnMGLO7u9smPzfjHPNdGZK38iWm 4UTA==
X-Gm-Message-State: AJaThX7uXokxlidU+SFp++xxUp+lO5xKHU+jdAmXUTo1TDzY3G3I85DD s3H+JLjZptGcPptZ6lKFlkhdNhXUvje6s5vVGYE=
X-Google-Smtp-Source: AGs4zMZcazZjVCE2BtkLc2Trv7zs4KSjtNwjq6M+Cifbew03PkEfjjJ1ecvzW2XM7oJJyvykkSKp++tAHecvbIJRhmI=
X-Received: by 10.46.80.73 with SMTP id v9mr11358218ljd.93.1511590384099; Fri, 24 Nov 2017 22:13:04 -0800 (PST)
MIME-Version: 1.0
Sender: justincappos@gmail.com
Received: by 10.46.16.8 with HTTP; Fri, 24 Nov 2017 22:12:43 -0800 (PST)
In-Reply-To: <AM4PR0801MB2706CCE1F426621EC437FEE7FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
References: <CAMRcRGQo_3ygGXeOEc0KR=E97Oax85p1L0UV62mMtv2E0zggaw@mail.gmail.com> <AM4PR0801MB270630DAF02E36407E12B79DFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <48439ED2-6618-4987-BC56-0D059F012890@tzi.org> <AM4PR0801MB2706CCE1F426621EC437FEE7FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
From: Justin Cappos <jcappos@nyu.edu>
Date: Sat, 25 Nov 2017 01:12:43 -0500
X-Google-Sender-Auth: bF3cZCJaPtEmP-ILea4Y6oZ0RDM
Message-ID: <CAMVss_q23RXxQQPXm9AqugNUrSzDGxFbSDYxQLaS2g1BvSb9uw@mail.gmail.com>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
Cc: Carsten Bormann <cabo@tzi.org>, "suit@ietf.org" <suit@ietf.org>, Suhas Nandakumar <suhasietf@gmail.com>,  Shikhar Sakhuja <ss9131@nyu.edu>, Ariella C Feuchtwanger <acf469@nyu.edu>, Trishank Kuppusamy <trishank@nyu.edu>,  Sebastien Awwad <sebastienawwad@gmail.com>
Content-Type: multipart/alternative; boundary="f403045fc0bae3e9e1055ec88f61"
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/JxkpzK0I03BpfZO6LveonzSy8og>
Subject: Re: [Suit] Manifest Formats
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Nov 2017 06:13:08 -0000

--f403045fc0bae3e9e1055ec88f61
Content-Type: text/plain; charset="UTF-8"

>
> When you then update a fleet of devices, some of them may support foo and
> some bar. Imagine a vehicle that comes with many different processors and
> they require a mixture of different formats. The backend infrastructure
> then needs to know what format is supported by which device/processor.
>

The Uptane project <https://uptane.github.io/>, which handles secure
updates for automobiles intentionally doesn't standardize the format.  In a
car, the communication protocol used by the ECUs is effectively defined by
the Ford, GM, etc. even though most of the parts are made by vendors.  When
a vendor sells the same part to different automakers, they will change
their part to support the different formats needed.

In Uptane, we originally had the same goal of a standardized format which
Hannes mentioned.  However, when we started to work with the automakers, we
learned that a standardized format was a show stopper.  They wanted the
flexibility to customize things slightly for their environment because the
networks and existing toolchains are so different.

This has made testing implementations of Uptane a bit more difficult, but
it seems like we've had better adoption as a result.

Thanks,
Justin

--f403045fc0bae3e9e1055ec88f61
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div class=3D"gmail_extra"><div class=3D"gmail_quote"><blo=
ckquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left=
:1px solid rgb(204,204,204);padding-left:1ex">When you then update a fleet =
of devices, some of them may support foo and some bar. Imagine a vehicle th=
at comes with many different processors and they require a mixture of diffe=
rent formats. The backend infrastructure then needs to know what format is =
supported by which device/processor.<br></blockquote><div><br></div><div>Th=
e <a href=3D"https://uptane.github.io/" target=3D"_blank">Uptane project</a=
>, which handles secure updates for automobiles intentionally doesn&#39;t s=
tandardize the format.=C2=A0 In a car, the communication protocol used by t=
he ECUs is effectively defined by the Ford, GM, etc. even though most of th=
e parts are made by vendors.=C2=A0 When a vendor sells the same part to dif=
ferent automakers, they will change their part to support the different for=
mats needed.=C2=A0=C2=A0</div><div><br></div><div>In Uptane, we originally =
had the same goal of a standardized format which Hannes mentioned.=C2=A0 Ho=
wever, when we started to work with the automakers, we learned that a stand=
ardized format was a show stopper.=C2=A0 They wanted the flexibility to cus=
tomize things slightly for their environment because the networks and exist=
ing toolchains are so different.</div><div><br></div><div>This has made tes=
ting implementations of Uptane a bit more difficult, but it seems like we&#=
39;ve had better adoption as a result.</div><div><br></div><div>Thanks,</di=
v><div>Justin</div></div></div></div>

--f403045fc0bae3e9e1055ec88f61--


From nobody Sat Nov 25 03:36:33 2017
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B8621242EA for <suit@ietfa.amsl.com>; Sat, 25 Nov 2017 03:36:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.62
X-Spam-Level: 
X-Spam-Status: No, score=-2.62 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6A5FgMPEOS_D for <suit@ietfa.amsl.com>; Sat, 25 Nov 2017 03:36:30 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3D84E12009C for <suit@ietf.org>; Sat, 25 Nov 2017 03:36:30 -0800 (PST)
Received: from [192.168.91.210] ([80.92.114.7]) by mail.gmx.com (mrgmx002 [212.227.17.190]) with ESMTPSA (Nemesis) id 0Mfn88-1eWlir1lm0-00NEHQ; Sat, 25 Nov 2017 12:36:13 +0100
To: Justin Cappos <jcappos@nyu.edu>, Hannes Tschofenig <Hannes.Tschofenig@arm.com>
Cc: "suit@ietf.org" <suit@ietf.org>, Shikhar Sakhuja <ss9131@nyu.edu>, Ariella C Feuchtwanger <acf469@nyu.edu>, Suhas Nandakumar <suhasietf@gmail.com>, Sebastien Awwad <sebastienawwad@gmail.com>, Trishank Kuppusamy <trishank@nyu.edu>, Carsten Bormann <cabo@tzi.org>
References: <CAMRcRGQo_3ygGXeOEc0KR=E97Oax85p1L0UV62mMtv2E0zggaw@mail.gmail.com> <AM4PR0801MB270630DAF02E36407E12B79DFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <48439ED2-6618-4987-BC56-0D059F012890@tzi.org> <AM4PR0801MB2706CCE1F426621EC437FEE7FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <CAMVss_q23RXxQQPXm9AqugNUrSzDGxFbSDYxQLaS2g1BvSb9uw@mail.gmail.com>
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Openpgp: id=071A97A9ECBADCA8E31E678554D9CEEF4D776BC9
Message-ID: <e3dd35fd-5ccd-74d7-90b1-6fa869db2152@gmx.net>
Date: Sat, 25 Nov 2017 12:35:47 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <CAMVss_q23RXxQQPXm9AqugNUrSzDGxFbSDYxQLaS2g1BvSb9uw@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Provags-ID: V03:K0:phMFAHu48kLayVHgzB/khmdVx/zkGAnVv/wNrhOHlUuYAiECdgS CWgRRzMozLlh3Q3M/VY+D0c4YOEzIdMGkDDOaLYuFmG0F41RA/KRAGqOEtlHzdH4+1moGFF jfd5CAnxfNUnaliVtlFARxzkGMukjgnG+AieFX212hYWI63+BNhqW4AoTfNW4tbffSJJBf4 z83wq2ODViTPAV3wEtf0Q==
X-UI-Out-Filterresults: notjunk:1;V01:K0:6VV0XyFMRwQ=:AWJYYKkP99jISKWLIBRwKu N81JO2nlxPyKrltSykkWs+s/0YdQkz3TaN1CFc9qlxepdTw06NMURLZHku50QlObcywXkJya+ f2l/CswWJNkfqKRpT+C1Ra3Pf9zAOwFUQ9VO2IpVYY2wn0WqgD+myZZMaTR/hjHXc+zx+RLKS dXFTtaPUoJObQSdNXM3PFCP/WaMxinOy6bKUsi3lmRE0yYD6d2dR+8KT8E5Yq0djJ5QpJ/5US Iuxf/Aiwjcs+8zL29aTbyog9MTF01E5ugLq6/gnJc5GPS4cPbMXqCM6XMZsgL/Gm/TvjoqjPk 8BE+u9uVgrGTsgkCw+8oNRvrfiyH1imVrLdxZWtXey8VWbmYCdZJBxGV2K3OIIk/V/3k87iw/ qRdZW9Qyr/HFM73tVW9KSn3OdL39qAJDBenzYanQohl641tz4YHaFE2tEtujdLywbv2KWaOxC kFvgT15ESl+eS6mB3FsWRw2bKtnPScCmAkExQ2dN4mUbwyX8vnuYspblK2b+zbnk5cPLjfPdf +pmeUYs7KRNWgZkrCfD3/gbsY1y0Ww4wttkCjSkMkLtIq87IcwVZlwmm6UW2YMHC8EGDcWGKx J/LPcgaEI+lOZm8FjohAYpMgyF71xdcMeUuppPoEASfwbpQ/lDQg9brq2fbspCN8QZfImk4g8 /cmyMsbGu3Jf0neT0xMmkMojCryxbfEjQu779DRbatmr032q4Za2SRdugFlaVJniwqbY8dZJI Nsh3DIOEouG85r7mwG6Gi2ssKrwz/2bcMLdo66mQoedHPJK/id4tmKH3U9Pg1YAiDcD7qjC/y oGGednbJnwdZGBDBFO53YavZ5A1KNsjakBtEJwQTk8Jt4pUX7UUu9foEfCqvXpDevCWmqtf
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/SCbdXqlcJLUcLncXbGkpSqWD6JY>
Subject: Re: [Suit] Manifest Formats
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Nov 2017 11:36:32 -0000

Hi Justin,

I guess there is also a different interpretation about what format means
here.

If you look at draft-moran-suit-manifest-00 you will see that the
content maps to your terminology of "metadata" (for which you happen to
have used ASN.1).

Hence, I believe we are exactly on the same page as far as the goals and
values for standardization goes.

Ciao
Hannes

On 11/25/2017 07:12 AM, Justin Cappos wrote:
>     When you then update a fleet of devices, some of them may support
>     foo and some bar. Imagine a vehicle that comes with many different
>     processors and they require a mixture of different formats. The
>     backend infrastructure then needs to know what format is supported
>     by which device/processor.
> 
> 
> The Uptane project <https://uptane.github.io/>, which handles secure
> updates for automobiles intentionally doesn't standardize the format. 
> In a car, the communication protocol used by the ECUs is effectively
> defined by the Ford, GM, etc. even though most of the parts are made by
> vendors.  When a vendor sells the same part to different automakers,
> they will change their part to support the different formats needed.  
> 
> In Uptane, we originally had the same goal of a standardized format
> which Hannes mentioned.  However, when we started to work with the
> automakers, we learned that a standardized format was a show stopper. 
> They wanted the flexibility to customize things slightly for their
> environment because the networks and existing toolchains are so different.
> 
> This has made testing implementations of Uptane a bit more difficult,
> but it seems like we've had better adoption as a result.
> 
> Thanks,
> Justin
> 
> 
> _______________________________________________
> Suit mailing list
> Suit@ietf.org
> https://www.ietf.org/mailman/listinfo/suit
> 


From nobody Sat Nov 25 08:22:07 2017
Return-Path: <eckert@i4.informatik.uni-erlangen.de>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 35E381274A5 for <suit@ietfa.amsl.com>; Sat, 25 Nov 2017 08:22:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level: 
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0gftQyvST-WC for <suit@ietfa.amsl.com>; Sat, 25 Nov 2017 08:22:02 -0800 (PST)
Received: from faui40.informatik.uni-erlangen.de (faui40.informatik.uni-erlangen.de [131.188.34.40]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9763C120227 for <suit@ietf.org>; Sat, 25 Nov 2017 08:22:02 -0800 (PST)
Received: from faui40p.informatik.uni-erlangen.de (faui40p.informatik.uni-erlangen.de [IPv6:2001:638:a000:4134::ffff:77]) by faui40.informatik.uni-erlangen.de (Postfix) with ESMTP id A258E58C4FE; Sat, 25 Nov 2017 17:21:57 +0100 (CET)
Received: by faui40p.informatik.uni-erlangen.de (Postfix, from userid 10463) id 80AD7B0D29B; Sat, 25 Nov 2017 17:21:57 +0100 (CET)
Date: Sat, 25 Nov 2017 17:21:57 +0100
From: Toerless Eckert <tte@cs.fau.de>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: "suit@ietf.org" <suit@ietf.org>
Message-ID: <20171125162157.GW19390@faui40p.informatik.uni-erlangen.de>
References: <CAMRcRGQo_3ygGXeOEc0KR=E97Oax85p1L0UV62mMtv2E0zggaw@mail.gmail.com> <AM4PR0801MB270630DAF02E36407E12B79DFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <48439ED2-6618-4987-BC56-0D059F012890@tzi.org> <AM4PR0801MB2706CCE1F426621EC437FEE7FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <0F2EC7AB-A841-4219-B576-FE9131A2E500@tzi.org> <AM4PR0801MB27067F7EBCB4CDEE2AA6CC41FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <22956.1511459505@obiwan.sandelman.ca>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <22956.1511459505@obiwan.sandelman.ca>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/R5b116wrkEs4rKy37K8VQNKStkc>
Subject: Re: [Suit] Manifest Formats
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Nov 2017 16:22:05 -0000

1) +1, but let me rephase this with an ask:

IMHO the charter MUST make a statement whether the group is expected to
define ONE or multiple DATA MODELs for metadata/manifest. So far
i can not see the term data model in the charter text at all (-07).

Once that charter decision is aggreed on, it will become a lot less
controversial whether the scope of the WG should be restricted to one
set of (serialization) formats or not - and how to write that into the
charter.

2) Having been around the block arguing between different formats
and the pettiness by which different interest groups proliferate redundant
choices, the best i would hope for is that the charter could serialize
format RFCs: Do not make drafts for a second, redundant format option
WG adopted until the first set is in RFC editor queue. And if you do not like for
your format to be second in queue, think about how this can help you
improve on shortcomings made in the first format RFCs. Heck, you're
even given chance to do a -bis on the data format definition to improve
your formats results.

Toerless

On Thu, Nov 23, 2017 at 12:51:45PM -0500, Michael Richardson wrote:
> 
> Hannes Tschofenig <Hannes.Tschofenig@arm.com> wrote:
>     > Yes, there are lots of details to discuss but do you think that any of
>     > this should go into the charter (given that the current version of the
>     > charter already says that we will discuss this and pick one or multiple
>     > formats)?
> 
> The charter needs to say one of:
>      1) the format shall be X. (at one point it said to enhance 4108, so
>           ASN.1 was the data model and DER was the serialization).
> 
>      2) there shall be one format, please hold taste test.
>           (cf: http://www.redballoon.net/humor/alice.txt )
> 
>      3) there can be many serializations, but only one data model.
> 
>      4) whatever you want.
> 
> I prefer (3), btw.
> 
> I have good experience with YANG as the data model, and CBOR+COSE as the
> serialization using SID based keys.
> {I could live with CMS signed JSON if it wasn't the only possibility}
> 
> --
> Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
>  -= IPv6 IoT consulting =-
> 
> 
> 



> _______________________________________________
> Suit mailing list
> Suit@ietf.org
> https://www.ietf.org/mailman/listinfo/suit


-- 
---
tte@cs.fau.de


From nobody Mon Nov 27 10:57:51 2017
Return-Path: <david.waltermire@nist.gov>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C688A1293DB for <suit@ietfa.amsl.com>; Mon, 27 Nov 2017 10:57:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UurwAhpAB2C0 for <suit@ietfa.amsl.com>; Mon, 27 Nov 2017 10:57:47 -0800 (PST)
Received: from gcc01-dm2-obe.outbound.protection.outlook.com (mail-dm2gcc01on0105.outbound.protection.outlook.com [23.103.201.105]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 20D90128B88 for <suit@ietf.org>; Mon, 27 Nov 2017 10:57:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=kxBblQfWa/OlBH2vBTU73E1a0y++xxjYq7psrZBWVAA=; b=mdbw1IkbFDYQZJiJbKSb6juAlNHH1okZnhSuYRYWlT3BRE1gfqgg+w7BcezDWV/IKdfSPAvZZSKOYNtUR0JKRrabAXu8bOEO29cIFAOcFmN4Ae6MU195vmeN2mPZna493S6C79ptSDboxs7M9x/atkHJ4XE4xsdxlTSHt8DC09g=
Received: from CY4PR09MB1495.namprd09.prod.outlook.com (10.173.191.141) by CY4PR09MB1496.namprd09.prod.outlook.com (10.173.191.142) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.260.4; Mon, 27 Nov 2017 18:57:45 +0000
Received: from CY4PR09MB1495.namprd09.prod.outlook.com ([10.173.191.141]) by CY4PR09MB1495.namprd09.prod.outlook.com ([10.173.191.141]) with mapi id 15.20.0260.006; Mon, 27 Nov 2017 18:57:45 +0000
From: "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, Suhas Nandakumar <suhasietf@gmail.com>, "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] Suit Charter: WG Relationships to Others
Thread-Index: AQHTY+v4dReAiIKhAEqLwjoqOyimi6MhlBmAgAcCXrA=
Date: Mon, 27 Nov 2017 18:57:45 +0000
Message-ID: <CY4PR09MB149528FABF20A2ECD0AA4CFBF0250@CY4PR09MB1495.namprd09.prod.outlook.com>
References: <CAMRcRGQ=xrV8ybtVrfVc-=_A4-w2p+-UPZU7-3KoxMPAr+bDrg@mail.gmail.com> <AM4PR0801MB2706993E6B8A356EEB8412AFFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
In-Reply-To: <AM4PR0801MB2706993E6B8A356EEB8412AFFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: spf=none (sender IP is ) smtp.mailfrom=david.waltermire@nist.gov; 
x-originating-ip: [129.6.224.58]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; CY4PR09MB1496; 6:1xqhtVkIBTuqfvbChO1yH0OYtiAaifWCL3j07n3WaeW15PN1P4yw4n93di2sf/6FX/+ECoxYPqCqqZiUy7lPb1Zn/DsreFYyrnNL5QjccQeVSKAvj+XL0QiKpUCpFzeT5UTsbv607svhhkYgE+IEwLIyfUCD1Cadqze2D6JwYVySlNrj8G1HEV63iSvjmq0sy2L/WyYMKRtIZbkdAPA1MLgdRn52rxItwwBrFmoml+QakuGykDATzNuG0/Akjdz+n/MxnchoHvyO+44lGXQg4GaaUbSWOCvypo+1ynwoX6p1/Iu/Zo9WsH50SESQU6SNo3Co02ETtg6Zyh7n3Mmq+LD3mBf/HYmpZVDtU/LoWR0=; 5:JgD9kcdLil4izmis//3MoCw+Mk3E4ZV97/Vs8y0BxAI8eDeGKd0tlGflS0G6id4fv0Hu3Uwek22qRbCL26Up6zMumVwzamJCfU/+rF8/Y0UXJjzUhiRRFyhg0PD0umEDyzE+RkKVwPsoQH4vgZy16hC+xSdc9GQRYZquSzYrHHU=; 24:buo7QRNd8i2J/D4RH/UYXPSNTwLm5j0Oe6gbkOFKnhiCh8yj2AIPzZs+oNM8Dj5Hx1JK95FoVKiC5q6uLu5EItAR/ZtiLbRG5AD1Lkex830=; 7:Dm1KD4u7gCs22hkQx3Lf8smM3A+78fiDiJQq+HotpR5eMxGud6mO5e0NP7DfOmaAkxFxKF4kVPp5qwhNQwd/iML86wKgKgMAfBFIZoDdH5Vbb8IfdH4x8wdjumKgNviTPadfmECLx/WhPJYzWmIk5im4Hjpsd3zWoKFrF4IO0MXi2t/aTNoqvSbSCp4K3u/be7ZF15GKETyXpuuqmc3ij/AfIROLM3ivlfYIYjYwHgJ5heOlMnJqZlUy4JBuQ4wb
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: d65cb1a0-dea9-49a5-c8aa-08d535c8bf12
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(48565401081)(5600026)(4604075)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(2017052603199); SRVR:CY4PR09MB1496; 
x-ms-traffictypediagnostic: CY4PR09MB1496:
x-microsoft-antispam-prvs: <CY4PR09MB1496977A59724C40FB7CD496F0250@CY4PR09MB1496.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(227612066756510)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040450)(2401047)(5005006)(8121501046)(10201501046)(3002001)(93006095)(93001095)(3231022)(6055026)(6041248)(20161123555025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123564025)(20161123560025)(20161123562025)(20161123558100)(6072148)(201708071742011); SRVR:CY4PR09MB1496; BCL:0; PCL:0; RULEID:(100000803101)(100110400095); SRVR:CY4PR09MB1496; 
x-forefront-prvs: 0504F29D72
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(346002)(39860400002)(376002)(366004)(53754006)(189002)(199003)(40434004)(106356001)(81156014)(99286004)(5890100001)(2906002)(7696005)(33656002)(77096006)(229853002)(5660300001)(790700001)(6116002)(102836003)(3846002)(2501003)(55016002)(6436002)(6506006)(68736007)(53936002)(50986999)(7736002)(3660700001)(316002)(54356999)(76176999)(53546010)(86362001)(8936002)(74316002)(25786009)(8676002)(2950100002)(2900100001)(105586002)(81166006)(478600001)(9686003)(19609705001)(6306002)(66066001)(97736004)(54896002)(236005)(189998001)(39060400002)(101416001)(3280700002)(110136005)(14454004)(6246003); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR09MB1496; H:CY4PR09MB1495.namprd09.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords;  MX:1; A:1; LANG:en; 
received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_CY4PR09MB149528FABF20A2ECD0AA4CFBF0250CY4PR09MB1495namp_"
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-Network-Message-Id: d65cb1a0-dea9-49a5-c8aa-08d535c8bf12
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Nov 2017 18:57:45.6016 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR09MB1496
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/VI-UNj_xw91FwpDsqOovneXi9Mc>
Subject: Re: [Suit] Suit Charter: WG Relationships to Others
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Nov 2017 18:57:50 -0000

--_000_CY4PR09MB149528FABF20A2ECD0AA4CFBF0250CY4PR09MB1495namp_
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64

SGFubmVz4oCZIG5ldyB0ZXh0IGlzIHN0YXRpbmcgdGhhdCB0aGUgZ3JvdXAgd2lsbCB3b3JrIHRv
IGVuZ2FnZSBhbGwgc3Rha2Vob2xkZXJzIChlLmcuLCBvcGVyYXRpbmcgc3lzdGVtIGRldmVsb3Bl
cnMsIHNvbHV0aW9uIHByb3ZpZGVycywgY3VzdG9tZXJzKSBpbiB0aGUgSW9UIHNwYWNlLiBXaGls
ZSBJIGFtIG5vdCBhZ2FpbnN0IGluY2x1ZGluZyBzdWNoIHRleHQsIHRoaXMgaXMgc3RhdGluZyB3
aGF0IGFueSBzdGFuZGFyZHMgZ3JvdXAgbXVzdCBkbyB0byBiZSBzdWNjZXNzZnVsIGluIHRoZSBh
cmVhIGJlaW5nIHN0YW5kYXJkaXplZC4gQXMgYSByZXN1bHQsIEkgYW0gbm90IHN1cmUgdGhpcyBs
YW5ndWFnZSBhZGRzIG11Y2ggYWRkaXRpb25hbCB2YWx1ZSBpbiB0aGUgY2hhcnRlci4NCg0KU3Vo
YXMsIGRvIHlvdSBmZWVsIHN0cm9uZ2x5IHRoYXQgdGhlIGNoYXJ0ZXIgdGV4dCBuZWVkcyB0byBi
ZSBhZGp1c3RlZCB0byBhZGRyZXNzIHRoaXMgY29uY2Vybj8NCg0KVGhhbmtzLA0KRGF2ZQ0KDQpG
cm9tOiBTdWl0IFttYWlsdG86c3VpdC1ib3VuY2VzQGlldGYub3JnXSBPbiBCZWhhbGYgT2YgSGFu
bmVzIFRzY2hvZmVuaWcNClNlbnQ6IFRodXJzZGF5LCBOb3ZlbWJlciAyMywgMjAxNyAyOjM4IEFN
DQpUbzogU3VoYXMgTmFuZGFrdW1hciA8c3VoYXNpZXRmQGdtYWlsLmNvbT47IHN1aXRAaWV0Zi5v
cmcNClN1YmplY3Q6IFJlOiBbU3VpdF0gU3VpdCBDaGFydGVyOiBXRyBSZWxhdGlvbnNoaXBzIHRv
IE90aGVycw0KDQpIaSBTdWhhcywNCg0KV2hldGhlciBpdCBpcyBtb3JlIGltcG9ydGFudCB0byB0
YWxrIHRvIHRob3NlIHBlb3BsZSB0aGF0IGRlcGxveSB0aGUgc29sdXRpb24gdnMuIHRob3NlIHdo
byBuZWVkIHRvIGltcGxlbWVudCB0aGVtIGlzIHByb2JhYmx5IGluIHRoZSBleWUgb2YgdGhlIGJl
aG9sZGVyLg0KDQpJZiB5b3UgdGhpbmsgaXQgaGVscHMgd2UgY291bGQgcmVwaHJhc2UgdGhlIHNl
bnRlbmNlIGluIHRoZSBmb2xsb3dpbmcgd2F5Og0KDQoNCuKAnA0KDQpUaGlzIGdyb3VwIHdpbGwg
YWltIHRvIG1haW50YWluIGEgY2xvc2UgcmVsYXRpb25zaGlwIHdpdGggc2lsaWNvbiB2ZW5kb3Jz
IGFuZCBPRU1zIHRoYXQgZGV2ZWxvcCBJb1Qgb3BlcmF0aW5nIHN5c3RlbXMuIEFkZGl0aW9uYWxs
eSwgdGhlIGdyb3VwIHdpbGwgcmVhY2ggb3V0IHRvIGNvbXBhbmllcyB3aG8gYnVpbGQgYW5kIGRl
cGxveSBJb1QgZGV2aWNlcy4NCuKAnA0KDQpPZiBjb3Vyc2UsIGl0IHdvdWxkIGJlIGdyZWF0IGlm
IHlvdSBjb3VsZCBicmluZyBwZW9wbGUgd2hvIGJ1aWxkIGFuZCBkZXBsb3kgSW9UIGRldmljZXMg
dG8gdGhlIElFVEYuDQoNCkNpYW8NCkhhbm5lcw0KDQpGcm9tOiBTdWl0IFttYWlsdG86c3VpdC1i
b3VuY2VzQGlldGYub3JnXSBPbiBCZWhhbGYgT2YgU3VoYXMgTmFuZGFrdW1hcg0KU2VudDogMjMg
Tm92ZW1iZXIgMjAxNyAwMDo0NQ0KVG86IHN1aXRAaWV0Zi5vcmc8bWFpbHRvOnN1aXRAaWV0Zi5v
cmc+DQpTdWJqZWN0OiBbU3VpdF0gU3VpdCBDaGFydGVyOiBXRyBSZWxhdGlvbnNoaXBzIHRvIE90
aGVycw0KDQoNCkhlbGxvIEFsbA0KDQoNCg0KQ3VycmVudCBjaGFydGVyIHRleHQgc2F5cyB0aGUg
Zm9sbG93aW5nIG9uIHRoZSBtYXR0ZXIgaW4gdGhlIHN1YmplY3QNCg0KIiIiDQoNClRoaXMgZ3Jv
dXAgd2lsbCBhaW0gdG8gbWFpbnRhaW4gYSBjbG9zZSByZWxhdGlvbnNoaXAgd2l0aCBzaWxpY29u
IHZlbmRvcnMgYW5kIE9FTXMgdGhhdCBkZXZlbG9wIElvVCBvcGVyYXRpbmcgc3lzdGVtcy4NCg0K
IiIiDQoNCg0KDQpJIHN1Z2dlc3QgdGhhdCBpdCBpcyBtb3JlIGltcG9ydGFudCBmb3IgdGhpcyBn
cm91cOKAmXMgc3VjY2VzcyBpcyBhbHNvIHRvIG1haW50YWluIHJlbGF0aW9uc2hpcHMgd2l0aCB0
aGUgcGVvcGxlIHRoYXQgYWN0dWFsbHkgYnVpbGQgYW5kIGRlcGxveSBJT1QgZGV2aWNlcyBhbmQg
dGhlc2Ugc2hvdWxkIGFsc28gYmUgYWRkZWQgaGVyZS4NCg0KDQoNCkNoZWVycw0KDQpTdWhhcyBO
YW5kYWt1bWFyDQoNCklNUE9SVEFOVCBOT1RJQ0U6IFRoZSBjb250ZW50cyBvZiB0aGlzIGVtYWls
IGFuZCBhbnkgYXR0YWNobWVudHMgYXJlIGNvbmZpZGVudGlhbCBhbmQgbWF5IGFsc28gYmUgcHJp
dmlsZWdlZC4gSWYgeW91IGFyZSBub3QgdGhlIGludGVuZGVkIHJlY2lwaWVudCwgcGxlYXNlIG5v
dGlmeSB0aGUgc2VuZGVyIGltbWVkaWF0ZWx5IGFuZCBkbyBub3QgZGlzY2xvc2UgdGhlIGNvbnRl
bnRzIHRvIGFueSBvdGhlciBwZXJzb24sIHVzZSBpdCBmb3IgYW55IHB1cnBvc2UsIG9yIHN0b3Jl
IG9yIGNvcHkgdGhlIGluZm9ybWF0aW9uIGluIGFueSBtZWRpdW0uIFRoYW5rIHlvdS4NCg==

--_000_CY4PR09MB149528FABF20A2ECD0AA4CFBF0250CY4PR09MB1495namp_
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: base64

PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy
bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt
YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj
cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv
VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg
Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv
ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl
PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6
IkNhbWJyaWEgTWF0aCI7DQoJcGFub3NlLTE6MiA0IDUgMyA1IDQgNiAzIDIgNDt9DQpAZm9udC1m
YWNlDQoJe2ZvbnQtZmFtaWx5OkNhbGlicmk7DQoJcGFub3NlLTE6MiAxNSA1IDIgMiAyIDQgMyAy
IDQ7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseTpUYWhvbWE7DQoJcGFub3NlLTE6MiAxMSA2
IDQgMyA1IDQgNCAyIDQ7fQ0KLyogU3R5bGUgRGVmaW5pdGlvbnMgKi8NCnAuTXNvTm9ybWFsLCBs
aS5Nc29Ob3JtYWwsIGRpdi5Nc29Ob3JtYWwNCgl7bWFyZ2luOjBpbjsNCgltYXJnaW4tYm90dG9t
Oi4wMDAxcHQ7DQoJZm9udC1zaXplOjEyLjBwdDsNCglmb250LWZhbWlseToiVGltZXMgTmV3IFJv
bWFuIixzZXJpZjt9DQphOmxpbmssIHNwYW4uTXNvSHlwZXJsaW5rDQoJe21zby1zdHlsZS1wcmlv
cml0eTo5OTsNCgljb2xvcjpibHVlOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KYTp2
aXNpdGVkLCBzcGFuLk1zb0h5cGVybGlua0ZvbGxvd2VkDQoJe21zby1zdHlsZS1wcmlvcml0eTo5
OTsNCgljb2xvcjpwdXJwbGU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQpwLm1zb25v
cm1hbDAsIGxpLm1zb25vcm1hbDAsIGRpdi5tc29ub3JtYWwwDQoJe21zby1zdHlsZS1uYW1lOm1z
b25vcm1hbDsNCgltc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJbXNvLW1hcmdpbi10b3AtYWx0OmF1
dG87DQoJbWFyZ2luLXJpZ2h0OjBpbjsNCgltc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0bzsNCglt
YXJnaW4tbGVmdDowaW47DQoJZm9udC1zaXplOjEyLjBwdDsNCglmb250LWZhbWlseToiVGltZXMg
TmV3IFJvbWFuIixzZXJpZjt9DQpzcGFuLkVtYWlsU3R5bGUxOQ0KCXttc28tc3R5bGUtdHlwZTpw
ZXJzb25hbDsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjsNCgljb2xvcjojMUY0
OTdEO30NCnNwYW4uRW1haWxTdHlsZTIxDQoJe21zby1zdHlsZS10eXBlOnBlcnNvbmFsLXJlcGx5
Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmOw0KCWNvbG9yOndpbmRvd3RleHQ7
fQ0KLk1zb0NocERlZmF1bHQNCgl7bXNvLXN0eWxlLXR5cGU6ZXhwb3J0LW9ubHk7DQoJZm9udC1z
aXplOjEwLjBwdDt9DQpAcGFnZSBXb3JkU2VjdGlvbjENCgl7c2l6ZTo4LjVpbiAxMS4waW47DQoJ
bWFyZ2luOjEuMGluIDEuMGluIDEuMGluIDEuMGluO30NCmRpdi5Xb3JkU2VjdGlvbjENCgl7cGFn
ZTpXb3JkU2VjdGlvbjE7fQ0KLS0+PC9zdHlsZT48IS0tW2lmIGd0ZSBtc28gOV0+PHhtbD4NCjxv
OnNoYXBlZGVmYXVsdHMgdjpleHQ9ImVkaXQiIHNwaWRtYXg9IjEwMjYiIC8+DQo8L3htbD48IVtl
bmRpZl0tLT48IS0tW2lmIGd0ZSBtc28gOV0+PHhtbD4NCjxvOnNoYXBlbGF5b3V0IHY6ZXh0PSJl
ZGl0Ij4NCjxvOmlkbWFwIHY6ZXh0PSJlZGl0IiBkYXRhPSIxIiAvPg0KPC9vOnNoYXBlbGF5b3V0
PjwveG1sPjwhW2VuZGlmXS0tPg0KPC9oZWFkPg0KPGJvZHkgbGFuZz0iRU4tVVMiIGxpbms9ImJs
dWUiIHZsaW5rPSJwdXJwbGUiPg0KPGRpdiBjbGFzcz0iV29yZFNlY3Rpb24xIj4NCjxwIGNsYXNz
PSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZx
dW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZiI+SGFubmVz4oCZIG5ldyB0ZXh0IGlzIHN0YXRp
bmcgdGhhdCB0aGUgZ3JvdXAgd2lsbCB3b3JrIHRvIGVuZ2FnZSBhbGwgc3Rha2Vob2xkZXJzIChl
LmcuLCBvcGVyYXRpbmcgc3lzdGVtIGRldmVsb3BlcnMsIHNvbHV0aW9uIHByb3ZpZGVycywgY3Vz
dG9tZXJzKSBpbiB0aGUgSW9UIHNwYWNlLiBXaGlsZSBJDQogYW0gbm90IGFnYWluc3QgaW5jbHVk
aW5nIHN1Y2ggdGV4dCwgdGhpcyBpcyBzdGF0aW5nIHdoYXQgYW55IHN0YW5kYXJkcyBncm91cCBt
dXN0IGRvIHRvIGJlIHN1Y2Nlc3NmdWwgaW4gdGhlIGFyZWEgYmVpbmcgc3RhbmRhcmRpemVkLiBB
cyBhIHJlc3VsdCwgSSBhbSBub3Qgc3VyZSB0aGlzIGxhbmd1YWdlIGFkZHMgbXVjaCBhZGRpdGlv
bmFsIHZhbHVlIGluIHRoZSBjaGFydGVyLjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNz
PSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZx
dW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZiI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9w
Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9u
dC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmIj5TdWhhcywgZG8geW91IGZl
ZWwgc3Ryb25nbHkgdGhhdCB0aGUgY2hhcnRlciB0ZXh0IG5lZWRzIHRvIGJlIGFkanVzdGVkIHRv
IGFkZHJlc3MgdGhpcyBjb25jZXJuPzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJN
c29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90
O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZiI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0K
PHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1m
YW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmIj5UaGFua3MsPG86cD48L286cD48
L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTox
MS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmIj5EYXZlPG86
cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZv
bnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlm
Ij48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8ZGl2IHN0eWxlPSJib3JkZXI6bm9uZTti
b3JkZXItbGVmdDpzb2xpZCBibHVlIDEuNXB0O3BhZGRpbmc6MGluIDBpbiAwaW4gNC4wcHQiPg0K
PGRpdj4NCjxkaXYgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci10b3A6c29saWQgI0UxRTFFMSAx
LjBwdDtwYWRkaW5nOjMuMHB0IDBpbiAwaW4gMGluIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxi
PjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkm
cXVvdDssc2Fucy1zZXJpZiI+RnJvbTo8L3NwYW4+PC9iPjxzcGFuIHN0eWxlPSJmb250LXNpemU6
MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZiI+IFN1aXQg
W21haWx0bzpzdWl0LWJvdW5jZXNAaWV0Zi5vcmddDQo8Yj5PbiBCZWhhbGYgT2YgPC9iPkhhbm5l
cyBUc2Nob2ZlbmlnPGJyPg0KPGI+U2VudDo8L2I+IFRodXJzZGF5LCBOb3ZlbWJlciAyMywgMjAx
NyAyOjM4IEFNPGJyPg0KPGI+VG86PC9iPiBTdWhhcyBOYW5kYWt1bWFyICZsdDtzdWhhc2lldGZA
Z21haWwuY29tJmd0Ozsgc3VpdEBpZXRmLm9yZzxicj4NCjxiPlN1YmplY3Q6PC9iPiBSZTogW1N1
aXRdIFN1aXQgQ2hhcnRlcjogV0cgUmVsYXRpb25zaGlwcyB0byBPdGhlcnM8bzpwPjwvbzpwPjwv
c3Bhbj48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJz
cDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1HQiIgc3R5
bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5z
LXNlcmlmO2NvbG9yOiMxRjQ5N0QiPkhpIFN1aGFzLA0KPG86cD48L286cD48L3NwYW4+PC9wPg0K
PHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tR0IiIHN0eWxlPSJmb250LXNpemU6
MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjoj
MUY0OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFs
Ij48c3BhbiBsYW5nPSJFTi1HQiIgc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6
JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOiMxRjQ5N0QiPldoZXRoZXIgaXQg
aXMgbW9yZSBpbXBvcnRhbnQgdG8gdGFsayB0byB0aG9zZSBwZW9wbGUgdGhhdCBkZXBsb3kgdGhl
IHNvbHV0aW9uIHZzLiB0aG9zZSB3aG8gbmVlZCB0byBpbXBsZW1lbnQgdGhlbSBpcyBwcm9iYWJs
eSBpbiB0aGUgZXllIG9mIHRoZQ0KIGJlaG9sZGVyLiA8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8
cCBjbGFzcz0iTXNvTm9ybWFsIj48YSBuYW1lPSJfTWFpbEVuZENvbXBvc2UiPjwvYT48c3BhbiBs
YW5nPSJFTi1HQiIgc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2Fs
aWJyaSZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOiMxRjQ5N0QiPjxvOnA+Jm5ic3A7PC9vOnA+PC9z
cGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLUdCIiBzdHlsZT0i
Zm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2Vy
aWY7Y29sb3I6IzFGNDk3RCI+SWYgeW91IHRoaW5rIGl0IGhlbHBzIHdlIGNvdWxkIHJlcGhyYXNl
IHRoZSBzZW50ZW5jZSBpbiB0aGUgZm9sbG93aW5nIHdheToNCjxvOnA+PC9vOnA+PC9zcGFuPjwv
cD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLUdCIiBzdHlsZT0iZm9udC1z
aXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29s
b3I6IzFGNDk3RCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgc3R5bGU9Im1zby1t
YXJnaW4tdG9wLWFsdDowaW47bWFyZ2luLXJpZ2h0OjBpbjttYXJnaW4tYm90dG9tOjguMHB0O21h
cmdpbi1sZWZ0OjBpbiI+DQo8c3BhbiBsYW5nPSJFTi1HQiIgc3R5bGU9ImZvbnQtc2l6ZToxMS4w
cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOiMxRjQ5
N0QiPuKAnDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1h
bHQ6MGluO21hcmdpbi1yaWdodDowaW47bWFyZ2luLWJvdHRvbTo4LjBwdDttYXJnaW4tbGVmdDow
aW4iPg0KPHNwYW4gbGFuZz0iRU4tR0IiIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFt
aWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMUY0OTdEIj5UaGlzIGdy
b3VwIHdpbGwgYWltIHRvIG1haW50YWluIGEgY2xvc2UgcmVsYXRpb25zaGlwIHdpdGggc2lsaWNv
biB2ZW5kb3JzIGFuZCBPRU1zIHRoYXQgZGV2ZWxvcCBJb1Qgb3BlcmF0aW5nIHN5c3RlbXMuIEFk
ZGl0aW9uYWxseSwgdGhlIGdyb3VwIHdpbGwgcmVhY2ggb3V0IHRvIGNvbXBhbmllcw0KIHdobyBi
dWlsZCBhbmQgZGVwbG95IElvVCBkZXZpY2VzLiA8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBj
bGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1HQiIgc3R5bGU9ImZvbnQtc2l6ZToxMS4w
cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOiMxRjQ5
N0QiPuKAnDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFu
IGxhbmc9IkVOLUdCIiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtD
YWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6IzFGNDk3RCI+PG86cD4mbmJzcDs8L286cD48
L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tR0IiIHN0eWxl
PSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1z
ZXJpZjtjb2xvcjojMUY0OTdEIj5PZiBjb3Vyc2UsIGl0IHdvdWxkIGJlIGdyZWF0IGlmDQo8Yj55
b3U8L2I+IGNvdWxkIGJyaW5nIHBlb3BsZSB3aG8gYnVpbGQgYW5kIGRlcGxveSBJb1QgZGV2aWNl
cyB0byB0aGUgSUVURi4gPG86cD4NCjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9y
bWFsIj48c3BhbiBsYW5nPSJFTi1HQiIgc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1p
bHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOiMxRjQ5N0QiPjxvOnA+Jm5i
c3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVO
LUdCIiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1
b3Q7LHNhbnMtc2VyaWY7Y29sb3I6IzFGNDk3RCI+Q2lhbzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4N
CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLUdCIiBzdHlsZT0iZm9udC1zaXpl
OjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6
IzFGNDk3RCI+SGFubmVzPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1h
bCI+PHNwYW4gbGFuZz0iRU4tR0IiIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5
OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMUY0OTdEIj48bzpwPiZuYnNw
OzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48Yj48c3BhbiBzdHlsZT0i
Zm9udC1zaXplOjEwLjBwdDtmb250LWZhbWlseTomcXVvdDtUYWhvbWEmcXVvdDssc2Fucy1zZXJp
ZiI+RnJvbTo8L3NwYW4+PC9iPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFt
aWx5OiZxdW90O1RhaG9tYSZxdW90OyxzYW5zLXNlcmlmIj4gU3VpdCBbPGEgaHJlZj0ibWFpbHRv
OnN1aXQtYm91bmNlc0BpZXRmLm9yZyI+bWFpbHRvOnN1aXQtYm91bmNlc0BpZXRmLm9yZzwvYT5d
DQo8Yj5PbiBCZWhhbGYgT2YgPC9iPlN1aGFzIE5hbmRha3VtYXI8YnI+DQo8Yj5TZW50OjwvYj4g
MjMgTm92ZW1iZXIgMjAxNyAwMDo0NTxicj4NCjxiPlRvOjwvYj4gPGEgaHJlZj0ibWFpbHRvOnN1
aXRAaWV0Zi5vcmciPnN1aXRAaWV0Zi5vcmc8L2E+PGJyPg0KPGI+U3ViamVjdDo8L2I+IFtTdWl0
XSBTdWl0IENoYXJ0ZXI6IFdHIFJlbGF0aW9uc2hpcHMgdG8gT3RoZXJzPG86cD48L286cD48L3Nw
YW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tR0IiPjxvOnA+Jm5i
c3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxkaXY+DQo8cCBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0
OjBpbjttYXJnaW4tcmlnaHQ6MGluO21hcmdpbi1ib3R0b206OC4wcHQ7bWFyZ2luLWxlZnQ6MGlu
Ij4NCjxzcGFuIGxhbmc9IkVOLUdCIiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWls
eTomcXVvdDtBcmlhbCZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOmJsYWNrIj5IZWxsbyBBbGw8L3Nw
YW4+PHNwYW4gbGFuZz0iRU4tR0IiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIHN0eWxlPSJt
c28tbWFyZ2luLXRvcC1hbHQ6MGluO21hcmdpbi1yaWdodDowaW47bWFyZ2luLWJvdHRvbTo4LjBw
dDttYXJnaW4tbGVmdDowaW4iPg0KPHNwYW4gbGFuZz0iRU4tR0IiPjxvOnA+Jm5ic3A7PC9vOnA+
PC9zcGFuPjwvcD4NCjxwIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6MGluO21hcmdpbi1yaWdo
dDowaW47bWFyZ2luLWJvdHRvbTo4LjBwdDttYXJnaW4tbGVmdDowaW4iPg0KPHNwYW4gbGFuZz0i
RU4tR0IiIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0FyaWFsJnF1
b3Q7LHNhbnMtc2VyaWY7Y29sb3I6YmxhY2siPkN1cnJlbnQgY2hhcnRlciB0ZXh0IHNheXMgdGhl
IGZvbGxvd2luZyBvbiB0aGUgbWF0dGVyIGluIHRoZSBzdWJqZWN0PC9zcGFuPjxzcGFuIGxhbmc9
IkVOLUdCIj48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBzdHlsZT0ibXNvLW1hcmdpbi10b3At
YWx0OjBpbjttYXJnaW4tcmlnaHQ6MGluO21hcmdpbi1ib3R0b206OC4wcHQ7bWFyZ2luLWxlZnQ6
MGluIj4NCjxzcGFuIGxhbmc9IkVOLUdCIiBzdHlsZT0iZm9udC1mYW1pbHk6JnF1b3Q7QXJpYWwm
cXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMjQyOTJFIj4mcXVvdDsmcXVvdDsmcXVvdDs8L3NwYW4+
PHNwYW4gbGFuZz0iRU4tR0IiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIHN0eWxlPSJtc28t
bWFyZ2luLXRvcC1hbHQ6MGluO21hcmdpbi1yaWdodDowaW47bWFyZ2luLWJvdHRvbTo4LjBwdDtt
YXJnaW4tbGVmdDowaW4iPg0KPHNwYW4gbGFuZz0iRU4tR0IiIHN0eWxlPSJmb250LWZhbWlseTom
cXVvdDtBcmlhbCZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOiMyNDI5MkUiPlRoaXMgZ3JvdXAgd2ls
bCBhaW0gdG8gbWFpbnRhaW4gYSBjbG9zZSByZWxhdGlvbnNoaXAgd2l0aCBzaWxpY29uIHZlbmRv
cnMgYW5kIE9FTXMgdGhhdCBkZXZlbG9wIElvVCBvcGVyYXRpbmcgc3lzdGVtcy48L3NwYW4+PHNw
YW4gbGFuZz0iRU4tR0IiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIHN0eWxlPSJtc28tbWFy
Z2luLXRvcC1hbHQ6MGluO21hcmdpbi1yaWdodDowaW47bWFyZ2luLWJvdHRvbTo4LjBwdDttYXJn
aW4tbGVmdDowaW4iPg0KPHNwYW4gbGFuZz0iRU4tR0IiIHN0eWxlPSJmb250LWZhbWlseTomcXVv
dDtBcmlhbCZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOiMyNDI5MkUiPiZxdW90OyZxdW90OyZxdW90
Ozwvc3Bhbj48c3BhbiBsYW5nPSJFTi1HQiI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgc3R5
bGU9Im1zby1tYXJnaW4tdG9wLWFsdDowaW47bWFyZ2luLXJpZ2h0OjBpbjttYXJnaW4tYm90dG9t
OjguMHB0O21hcmdpbi1sZWZ0OjBpbiI+DQo8c3BhbiBsYW5nPSJFTi1HQiI+PG86cD4mbmJzcDs8
L286cD48L3NwYW4+PC9wPg0KPHAgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDowaW47bWFyZ2lu
LXJpZ2h0OjBpbjttYXJnaW4tYm90dG9tOjguMHB0O21hcmdpbi1sZWZ0OjBpbiI+DQo8c3BhbiBs
YW5nPSJFTi1HQiIgc3R5bGU9ImZvbnQtZmFtaWx5OiZxdW90O0FyaWFsJnF1b3Q7LHNhbnMtc2Vy
aWY7Y29sb3I6IzI0MjkyRSI+SSBzdWdnZXN0IHRoYXQgaXQgaXMgbW9yZSBpbXBvcnRhbnQgZm9y
IHRoaXMgZ3JvdXDigJlzIHN1Y2Nlc3MgaXMgYWxzbyB0byBtYWludGFpbiByZWxhdGlvbnNoaXBz
IHdpdGggdGhlIHBlb3BsZSB0aGF0IGFjdHVhbGx5IGJ1aWxkIGFuZCBkZXBsb3kgSU9UIGRldmlj
ZXMgYW5kIHRoZXNlIHNob3VsZCBhbHNvIGJlIGFkZGVkDQogaGVyZS48L3NwYW4+PHNwYW4gbGFu
Zz0iRU4tR0IiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIHN0eWxlPSJtc28tbWFyZ2luLXRv
cC1hbHQ6MGluO21hcmdpbi1yaWdodDowaW47bWFyZ2luLWJvdHRvbTo4LjBwdDttYXJnaW4tbGVm
dDowaW4iPg0KPHNwYW4gbGFuZz0iRU4tR0IiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4N
CjxwIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6MGluO21hcmdpbi1yaWdodDowaW47bWFyZ2lu
LWJvdHRvbTo4LjBwdDttYXJnaW4tbGVmdDowaW4iPg0KPHNwYW4gbGFuZz0iRU4tR0IiIHN0eWxl
PSJmb250LWZhbWlseTomcXVvdDtBcmlhbCZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOiMyNDI5MkUi
PkNoZWVyczwvc3Bhbj48c3BhbiBsYW5nPSJFTi1HQiI+PG86cD48L286cD48L3NwYW4+PC9wPg0K
PHAgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDowaW47bWFyZ2luLXJpZ2h0OjBpbjttYXJnaW4t
Ym90dG9tOjguMHB0O21hcmdpbi1sZWZ0OjBpbiI+DQo8c3BhbiBsYW5nPSJFTi1HQiIgc3R5bGU9
ImZvbnQtZmFtaWx5OiZxdW90O0FyaWFsJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6IzI0MjkyRSI+
U3VoYXMgTmFuZGFrdW1hcjwvc3Bhbj48c3BhbiBsYW5nPSJFTi1HQiI+PG86cD48L286cD48L3Nw
YW4+PC9wPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLUdCIj48
bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1z
b05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tR0IiIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQt
ZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZiI+SU1QT1JUQU5UIE5PVElDRTog
VGhlIGNvbnRlbnRzIG9mIHRoaXMgZW1haWwgYW5kIGFueSBhdHRhY2htZW50cyBhcmUgY29uZmlk
ZW50aWFsIGFuZCBtYXkgYWxzbyBiZSBwcml2aWxlZ2VkLiBJZiB5b3UgYXJlIG5vdCB0aGUgaW50
ZW5kZWQgcmVjaXBpZW50LCBwbGVhc2Ugbm90aWZ5DQogdGhlIHNlbmRlciBpbW1lZGlhdGVseSBh
bmQgZG8gbm90IGRpc2Nsb3NlIHRoZSBjb250ZW50cyB0byBhbnkgb3RoZXIgcGVyc29uLCB1c2Ug
aXQgZm9yIGFueSBwdXJwb3NlLCBvciBzdG9yZSBvciBjb3B5IHRoZSBpbmZvcm1hdGlvbiBpbiBh
bnkgbWVkaXVtLiBUaGFuayB5b3UuDQo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjwv
ZGl2Pg0KPC9ib2R5Pg0KPC9odG1sPg0K

--_000_CY4PR09MB149528FABF20A2ECD0AA4CFBF0250CY4PR09MB1495namp_--


From nobody Mon Nov 27 11:00:36 2017
Return-Path: <dthaler@microsoft.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 41D761241F3 for <suit@ietfa.amsl.com>; Mon, 27 Nov 2017 11:00:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.02
X-Spam-Level: 
X-Spam-Status: No, score=-2.02 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RAnwE6cAM41C for <suit@ietfa.amsl.com>; Mon, 27 Nov 2017 11:00:31 -0800 (PST)
Received: from NAM02-BL2-obe.outbound.protection.outlook.com (mail-bl2nam02on0119.outbound.protection.outlook.com [104.47.38.119]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9CBC6128B88 for <suit@ietf.org>; Mon, 27 Nov 2017 11:00:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=I/xFl7MxKah0AWHvxpmi+GWtMkT6u3db3M4BdYJcpRo=; b=Y23tikNl93X3LreMRMMM2XNGB6f8kx1iHYrh7Eg0ixX/IVUmqWszAaF4ZxnJdTbY2XJ17xgAZK3IpMz3zRYX/B4I4aDwHwDtEN8XE2A8dphtsWDFClu+dBL9s2vEiaAS5lkAJtQhkxXaA4vA9sDTJNQgue6WqJX10M8XR5g+WLA=
Received: from CY4PR21MB0856.namprd21.prod.outlook.com (10.173.192.145) by CY4PR21MB0744.namprd21.prod.outlook.com (10.173.189.10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.302.1; Mon, 27 Nov 2017 19:00:27 +0000
Received: from CY4PR21MB0856.namprd21.prod.outlook.com ([10.173.192.145]) by CY4PR21MB0856.namprd21.prod.outlook.com ([10.173.192.145]) with mapi id 15.20.0302.001; Mon, 27 Nov 2017 19:00:27 +0000
From: Dave Thaler <dthaler@microsoft.com>
To: "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>, "Hannes Tschofenig" <Hannes.Tschofenig@arm.com>, Suhas Nandakumar <suhasietf@gmail.com>, "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] Suit Charter: WG Relationships to Others
Thread-Index: AQHTY+vxychyIwKxE0y+4nkp/klXeaMhlBmAgAcHR4CAAACOkA==
Date: Mon, 27 Nov 2017 19:00:25 +0000
Message-ID: <CY4PR21MB0856A431B7A61967829E60EFA3250@CY4PR21MB0856.namprd21.prod.outlook.com>
References: <CAMRcRGQ=xrV8ybtVrfVc-=_A4-w2p+-UPZU7-3KoxMPAr+bDrg@mail.gmail.com> <AM4PR0801MB2706993E6B8A356EEB8412AFFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <CY4PR09MB149528FABF20A2ECD0AA4CFBF0250@CY4PR09MB1495.namprd09.prod.outlook.com>
In-Reply-To: <CY4PR09MB149528FABF20A2ECD0AA4CFBF0250@CY4PR09MB1495.namprd09.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [2001:4898:80e8:2::793]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; CY4PR21MB0744; 6:hCHS2MH3IiWnH9pX+OwUbVcC2F8mvWxqa/D/vYzBgv/R/Hey6PS9tI7b0v96dRUa2U44f6gebPjzm0vH14yGI5kcsE4GzqcGJruDUfFj+nHydHAdj7VHT6np34o+vO4f8G16OWYYoX/APgx8NBgOTZZWYwDcJ4RYn+yrgx/ttMDoZGjfw4dG+i23NtxJX7Cv20/QhhdarPySomSEobpRJDzAs/5trd0uHKxmDVbT9mNMrQWBSS3UAotq7UZsnxMdrnC4LcT14xFLFSDQlplmUzkHTD1d61Gtt2JXU1AqpL2fgE/OWYdweEO4V+Cvz5i3FntA3wpti21ACgZiui28M9BIQecnHBJeY8dmXBypvkg=; 5:W9FusN/COiC8SIfC/VHEoa7lyv/0B6qjoQSu6uL2tDuyplUNAcDBy2iYgU7jtJ/ARZgB2hPfSpsMH8Y1OAngwptuO+ZSe3uCYytzMMCmjvGHN9NKDHSkcvG0+TdgXtqyl9mUXT8zSV9HwkXoBaEooQb9MPX4t+Ngg63p7CAHZQw=; 24:CRIL9giVwZ0zhQRl5xDvs4miW9I4hQO2SvCl0scb21DYR228m644eLQHkc1fVHsSwMJ7gBhlZiz4g+Y/LptS92MqdwqJ8rWIvwRW/LT+Ypo=; 7:7F6xjT2C3NFpv2cGSPrhGT1kJZv0JUffMas++P7ptzxHFTxOCuqrYi6W8ysPkcqCZoGMwvwoDDaDQ1p9FeyWgPDq5FOQ9/wf2C6QqBwZvlDmdR9vl6zBB22oFCgY/2y6Yd8C+72E07t95g3g/LIXuAR8TkUbLM7neL6gpU4nzmOnjH3zS2DRfgFo0e3pFDOIunHbf/2yzhrxoVuMWgbkhYA0CgO6DM+98XZVGWvJ2MPtK7iYBcbYl89nhtQxyXg9
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 4b38a4ce-5a57-49e0-243b-08d535c91f34
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(5600026)(4604075)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603258); SRVR:CY4PR21MB0744; 
x-ms-traffictypediagnostic: CY4PR21MB0744:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=dthaler@microsoft.com; 
x-ld-processed: 72f988bf-86f1-41af-91ab-2d7cd011db47,ExtAddr
x-microsoft-antispam-prvs: <CY4PR21MB0744542E1F61817FC0FD577CA3250@CY4PR21MB0744.namprd21.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(180628864354917)(227612066756510)(21748063052155); 
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(6040450)(2401047)(8121501046)(5005006)(93006095)(93001095)(10201501046)(3231022)(3002001)(6055026)(61426038)(61427038)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123564025)(20161123558100)(20161123560025)(20161123555025)(20161123562025)(6072148)(201708071742011); SRVR:CY4PR21MB0744; BCL:0; PCL:0; RULEID:(100000803101)(100110400095); SRVR:CY4PR21MB0744; 
x-forefront-prvs: 0504F29D72
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(346002)(376002)(366004)(39860400002)(47760400005)(199003)(189002)(53754006)(40434004)(2501003)(10090500001)(81166006)(9686003)(76176999)(54356999)(2900100001)(81156014)(8676002)(7736002)(25786009)(50986999)(5890100001)(236005)(101416001)(55016002)(10290500003)(6246003)(8990500004)(22452003)(53546010)(74316002)(6306002)(316002)(39060400002)(110136005)(53936002)(54896002)(14454004)(478600001)(2906002)(189998001)(68736007)(19609705001)(105586002)(97736004)(86362001)(6116002)(229853002)(790700001)(102836003)(5660300001)(8936002)(99286004)(3280700002)(77096006)(33656002)(6436002)(106356001)(3660700001)(6506006)(8656006)(86612001)(2950100002)(7696005); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR21MB0744; H:CY4PR21MB0856.namprd21.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords;  A:1; MX:1; LANG:en; 
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_CY4PR21MB0856A431B7A61967829E60EFA3250CY4PR21MB0856namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 4b38a4ce-5a57-49e0-243b-08d535c91f34
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Nov 2017 19:00:25.9908 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR21MB0744
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/MbWugV2fOkHwSxekmLlbM2GZk5s>
Subject: Re: [Suit] Suit Charter: WG Relationships to Others
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Nov 2017 19:00:33 -0000

--_000_CY4PR21MB0856A431B7A61967829E60EFA3250CY4PR21MB0856namp_
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64

QWdyZWUgd2l0aCBEYXZlLCBpdOKAmXMgYSBnb29kIGdvYWwgb2YgY291cnNlLCBidXQgSSBkb27i
gJl0IHNlZSB3aHkgaXQgbmVlZHMgdG8gYmUgaW4gdGhlIGNoYXJ0ZXIgdGV4dC4NCg0KRnJvbTog
U3VpdCBbbWFpbHRvOnN1aXQtYm91bmNlc0BpZXRmLm9yZ10gT24gQmVoYWxmIE9mIFdhbHRlcm1p
cmUsIERhdmlkIEEuIChGZWQpDQpTZW50OiBNb25kYXksIE5vdmVtYmVyIDI3LCAyMDE3IDEwOjU4
IEFNDQpUbzogSGFubmVzIFRzY2hvZmVuaWcgPEhhbm5lcy5Uc2Nob2ZlbmlnQGFybS5jb20+OyBT
dWhhcyBOYW5kYWt1bWFyIDxzdWhhc2lldGZAZ21haWwuY29tPjsgc3VpdEBpZXRmLm9yZw0KU3Vi
amVjdDogUmU6IFtTdWl0XSBTdWl0IENoYXJ0ZXI6IFdHIFJlbGF0aW9uc2hpcHMgdG8gT3RoZXJz
DQoNCkhhbm5lc+KAmSBuZXcgdGV4dCBpcyBzdGF0aW5nIHRoYXQgdGhlIGdyb3VwIHdpbGwgd29y
ayB0byBlbmdhZ2UgYWxsIHN0YWtlaG9sZGVycyAoZS5nLiwgb3BlcmF0aW5nIHN5c3RlbSBkZXZl
bG9wZXJzLCBzb2x1dGlvbiBwcm92aWRlcnMsIGN1c3RvbWVycykgaW4gdGhlIElvVCBzcGFjZS4g
V2hpbGUgSSBhbSBub3QgYWdhaW5zdCBpbmNsdWRpbmcgc3VjaCB0ZXh0LCB0aGlzIGlzIHN0YXRp
bmcgd2hhdCBhbnkgc3RhbmRhcmRzIGdyb3VwIG11c3QgZG8gdG8gYmUgc3VjY2Vzc2Z1bCBpbiB0
aGUgYXJlYSBiZWluZyBzdGFuZGFyZGl6ZWQuIEFzIGEgcmVzdWx0LCBJIGFtIG5vdCBzdXJlIHRo
aXMgbGFuZ3VhZ2UgYWRkcyBtdWNoIGFkZGl0aW9uYWwgdmFsdWUgaW4gdGhlIGNoYXJ0ZXIuDQoN
ClN1aGFzLCBkbyB5b3UgZmVlbCBzdHJvbmdseSB0aGF0IHRoZSBjaGFydGVyIHRleHQgbmVlZHMg
dG8gYmUgYWRqdXN0ZWQgdG8gYWRkcmVzcyB0aGlzIGNvbmNlcm4/DQoNClRoYW5rcywNCkRhdmUN
Cg0KRnJvbTogU3VpdCBbbWFpbHRvOnN1aXQtYm91bmNlc0BpZXRmLm9yZ10gT24gQmVoYWxmIE9m
IEhhbm5lcyBUc2Nob2ZlbmlnDQpTZW50OiBUaHVyc2RheSwgTm92ZW1iZXIgMjMsIDIwMTcgMjoz
OCBBTQ0KVG86IFN1aGFzIE5hbmRha3VtYXIgPHN1aGFzaWV0ZkBnbWFpbC5jb208bWFpbHRvOnN1
aGFzaWV0ZkBnbWFpbC5jb20+Pjsgc3VpdEBpZXRmLm9yZzxtYWlsdG86c3VpdEBpZXRmLm9yZz4N
ClN1YmplY3Q6IFJlOiBbU3VpdF0gU3VpdCBDaGFydGVyOiBXRyBSZWxhdGlvbnNoaXBzIHRvIE90
aGVycw0KDQpIaSBTdWhhcywNCg0KV2hldGhlciBpdCBpcyBtb3JlIGltcG9ydGFudCB0byB0YWxr
IHRvIHRob3NlIHBlb3BsZSB0aGF0IGRlcGxveSB0aGUgc29sdXRpb24gdnMuIHRob3NlIHdobyBu
ZWVkIHRvIGltcGxlbWVudCB0aGVtIGlzIHByb2JhYmx5IGluIHRoZSBleWUgb2YgdGhlIGJlaG9s
ZGVyLg0KDQpJZiB5b3UgdGhpbmsgaXQgaGVscHMgd2UgY291bGQgcmVwaHJhc2UgdGhlIHNlbnRl
bmNlIGluIHRoZSBmb2xsb3dpbmcgd2F5Og0KDQoNCuKAnA0KDQpUaGlzIGdyb3VwIHdpbGwgYWlt
IHRvIG1haW50YWluIGEgY2xvc2UgcmVsYXRpb25zaGlwIHdpdGggc2lsaWNvbiB2ZW5kb3JzIGFu
ZCBPRU1zIHRoYXQgZGV2ZWxvcCBJb1Qgb3BlcmF0aW5nIHN5c3RlbXMuIEFkZGl0aW9uYWxseSwg
dGhlIGdyb3VwIHdpbGwgcmVhY2ggb3V0IHRvIGNvbXBhbmllcyB3aG8gYnVpbGQgYW5kIGRlcGxv
eSBJb1QgZGV2aWNlcy4NCuKAnA0KDQpPZiBjb3Vyc2UsIGl0IHdvdWxkIGJlIGdyZWF0IGlmIHlv
dSBjb3VsZCBicmluZyBwZW9wbGUgd2hvIGJ1aWxkIGFuZCBkZXBsb3kgSW9UIGRldmljZXMgdG8g
dGhlIElFVEYuDQoNCkNpYW8NCkhhbm5lcw0KDQpGcm9tOiBTdWl0IFttYWlsdG86c3VpdC1ib3Vu
Y2VzQGlldGYub3JnXSBPbiBCZWhhbGYgT2YgU3VoYXMgTmFuZGFrdW1hcg0KU2VudDogMjMgTm92
ZW1iZXIgMjAxNyAwMDo0NQ0KVG86IHN1aXRAaWV0Zi5vcmc8bWFpbHRvOnN1aXRAaWV0Zi5vcmc+
DQpTdWJqZWN0OiBbU3VpdF0gU3VpdCBDaGFydGVyOiBXRyBSZWxhdGlvbnNoaXBzIHRvIE90aGVy
cw0KDQoNCkhlbGxvIEFsbA0KDQoNCg0KQ3VycmVudCBjaGFydGVyIHRleHQgc2F5cyB0aGUgZm9s
bG93aW5nIG9uIHRoZSBtYXR0ZXIgaW4gdGhlIHN1YmplY3QNCg0KIiIiDQoNClRoaXMgZ3JvdXAg
d2lsbCBhaW0gdG8gbWFpbnRhaW4gYSBjbG9zZSByZWxhdGlvbnNoaXAgd2l0aCBzaWxpY29uIHZl
bmRvcnMgYW5kIE9FTXMgdGhhdCBkZXZlbG9wIElvVCBvcGVyYXRpbmcgc3lzdGVtcy4NCg0KIiIi
DQoNCg0KDQpJIHN1Z2dlc3QgdGhhdCBpdCBpcyBtb3JlIGltcG9ydGFudCBmb3IgdGhpcyBncm91
cOKAmXMgc3VjY2VzcyBpcyBhbHNvIHRvIG1haW50YWluIHJlbGF0aW9uc2hpcHMgd2l0aCB0aGUg
cGVvcGxlIHRoYXQgYWN0dWFsbHkgYnVpbGQgYW5kIGRlcGxveSBJT1QgZGV2aWNlcyBhbmQgdGhl
c2Ugc2hvdWxkIGFsc28gYmUgYWRkZWQgaGVyZS4NCg0KDQoNCkNoZWVycw0KDQpTdWhhcyBOYW5k
YWt1bWFyDQoNCklNUE9SVEFOVCBOT1RJQ0U6IFRoZSBjb250ZW50cyBvZiB0aGlzIGVtYWlsIGFu
ZCBhbnkgYXR0YWNobWVudHMgYXJlIGNvbmZpZGVudGlhbCBhbmQgbWF5IGFsc28gYmUgcHJpdmls
ZWdlZC4gSWYgeW91IGFyZSBub3QgdGhlIGludGVuZGVkIHJlY2lwaWVudCwgcGxlYXNlIG5vdGlm
eSB0aGUgc2VuZGVyIGltbWVkaWF0ZWx5IGFuZCBkbyBub3QgZGlzY2xvc2UgdGhlIGNvbnRlbnRz
IHRvIGFueSBvdGhlciBwZXJzb24sIHVzZSBpdCBmb3IgYW55IHB1cnBvc2UsIG9yIHN0b3JlIG9y
IGNvcHkgdGhlIGluZm9ybWF0aW9uIGluIGFueSBtZWRpdW0uIFRoYW5rIHlvdS4NCg==

--_000_CY4PR21MB0856A431B7A61967829E60EFA3250CY4PR21MB0856namp_
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: base64

PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy
bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt
YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj
cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv
VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg
Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv
ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl
PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6
IkNhbWJyaWEgTWF0aCI7DQoJcGFub3NlLTE6MiA0IDUgMyA1IDQgNiAzIDIgNDt9DQpAZm9udC1m
YWNlDQoJe2ZvbnQtZmFtaWx5OkNhbGlicmk7DQoJcGFub3NlLTE6MiAxNSA1IDIgMiAyIDQgMyAy
IDQ7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseTpUYWhvbWE7DQoJcGFub3NlLTE6MiAxMSA2
IDQgMyA1IDQgNCAyIDQ7fQ0KLyogU3R5bGUgRGVmaW5pdGlvbnMgKi8NCnAuTXNvTm9ybWFsLCBs
aS5Nc29Ob3JtYWwsIGRpdi5Nc29Ob3JtYWwNCgl7bWFyZ2luOjBpbjsNCgltYXJnaW4tYm90dG9t
Oi4wMDAxcHQ7DQoJZm9udC1zaXplOjEyLjBwdDsNCglmb250LWZhbWlseToiVGltZXMgTmV3IFJv
bWFuIixzZXJpZjt9DQphOmxpbmssIHNwYW4uTXNvSHlwZXJsaW5rDQoJe21zby1zdHlsZS1wcmlv
cml0eTo5OTsNCgljb2xvcjpibHVlOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KYTp2
aXNpdGVkLCBzcGFuLk1zb0h5cGVybGlua0ZvbGxvd2VkDQoJe21zby1zdHlsZS1wcmlvcml0eTo5
OTsNCgljb2xvcjpwdXJwbGU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQpwLm1zb25v
cm1hbDAsIGxpLm1zb25vcm1hbDAsIGRpdi5tc29ub3JtYWwwDQoJe21zby1zdHlsZS1uYW1lOm1z
b25vcm1hbDsNCgltc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJbXNvLW1hcmdpbi10b3AtYWx0OmF1
dG87DQoJbWFyZ2luLXJpZ2h0OjBpbjsNCgltc28tbWFyZ2luLWJvdHRvbS1hbHQ6YXV0bzsNCglt
YXJnaW4tbGVmdDowaW47DQoJZm9udC1zaXplOjEyLjBwdDsNCglmb250LWZhbWlseToiVGltZXMg
TmV3IFJvbWFuIixzZXJpZjt9DQpzcGFuLkVtYWlsU3R5bGUxOA0KCXttc28tc3R5bGUtdHlwZTpw
ZXJzb25hbDsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjsNCgljb2xvcjojMUY0
OTdEO30NCnNwYW4uRW1haWxTdHlsZTE5DQoJe21zby1zdHlsZS10eXBlOnBlcnNvbmFsOw0KCWZv
bnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmOw0KCWNvbG9yOndpbmRvd3RleHQ7fQ0Kc3Bh
bi5FbWFpbFN0eWxlMjINCgl7bXNvLXN0eWxlLXR5cGU6cGVyc29uYWwtcmVwbHk7DQoJZm9udC1m
YW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7DQoJY29sb3I6d2luZG93dGV4dDt9DQouTXNvQ2hw
RGVmYXVsdA0KCXttc28tc3R5bGUtdHlwZTpleHBvcnQtb25seTsNCglmb250LXNpemU6MTAuMHB0
O30NCkBwYWdlIFdvcmRTZWN0aW9uMQ0KCXtzaXplOjguNWluIDExLjBpbjsNCgltYXJnaW46MS4w
aW4gMS4waW4gMS4waW4gMS4waW47fQ0KZGl2LldvcmRTZWN0aW9uMQ0KCXtwYWdlOldvcmRTZWN0
aW9uMTt9DQotLT48L3N0eWxlPjwhLS1baWYgZ3RlIG1zbyA5XT48eG1sPg0KPG86c2hhcGVkZWZh
dWx0cyB2OmV4dD0iZWRpdCIgc3BpZG1heD0iMTAyNiIgLz4NCjwveG1sPjwhW2VuZGlmXS0tPjwh
LS1baWYgZ3RlIG1zbyA5XT48eG1sPg0KPG86c2hhcGVsYXlvdXQgdjpleHQ9ImVkaXQiPg0KPG86
aWRtYXAgdjpleHQ9ImVkaXQiIGRhdGE9IjEiIC8+DQo8L286c2hhcGVsYXlvdXQ+PC94bWw+PCFb
ZW5kaWZdLS0+DQo8L2hlYWQ+DQo8Ym9keSBsYW5nPSJFTi1VUyIgbGluaz0iYmx1ZSIgdmxpbms9
InB1cnBsZSI+DQo8ZGl2IGNsYXNzPSJXb3JkU2VjdGlvbjEiPg0KPHAgY2xhc3M9Ik1zb05vcm1h
bCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJy
aSZxdW90OyxzYW5zLXNlcmlmIj5BZ3JlZSB3aXRoIERhdmUsIGl04oCZcyBhIGdvb2QgZ29hbCBv
ZiBjb3Vyc2UsIGJ1dCBJIGRvbuKAmXQgc2VlIHdoeSBpdCBuZWVkcyB0byBiZSBpbiB0aGUgY2hh
cnRlciB0ZXh0LjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxh
IG5hbWU9Il9NYWlsRW5kQ29tcG9zZSI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9u
dC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmIj48bzpwPiZuYnNwOzwvbzpw
Pjwvc3Bhbj48L2E+PC9wPg0KPHNwYW4gc3R5bGU9Im1zby1ib29rbWFyazpfTWFpbEVuZENvbXBv
c2UiPjwvc3Bhbj4NCjxkaXY+DQo8ZGl2IHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItdG9wOnNv
bGlkICNFMUUxRTEgMS4wcHQ7cGFkZGluZzozLjBwdCAwaW4gMGluIDBpbiI+DQo8cCBjbGFzcz0i
TXNvTm9ybWFsIj48Yj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTom
cXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWYiPkZyb206PC9zcGFuPjwvYj48c3BhbiBzdHls
ZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMt
c2VyaWYiPiBTdWl0IFttYWlsdG86c3VpdC1ib3VuY2VzQGlldGYub3JnXQ0KPGI+T24gQmVoYWxm
IE9mIDwvYj5XYWx0ZXJtaXJlLCBEYXZpZCBBLiAoRmVkKTxicj4NCjxiPlNlbnQ6PC9iPiBNb25k
YXksIE5vdmVtYmVyIDI3LCAyMDE3IDEwOjU4IEFNPGJyPg0KPGI+VG86PC9iPiBIYW5uZXMgVHNj
aG9mZW5pZyAmbHQ7SGFubmVzLlRzY2hvZmVuaWdAYXJtLmNvbSZndDs7IFN1aGFzIE5hbmRha3Vt
YXIgJmx0O3N1aGFzaWV0ZkBnbWFpbC5jb20mZ3Q7OyBzdWl0QGlldGYub3JnPGJyPg0KPGI+U3Vi
amVjdDo8L2I+IFJlOiBbU3VpdF0gU3VpdCBDaGFydGVyOiBXRyBSZWxhdGlvbnNoaXBzIHRvIE90
aGVyczxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNv
Tm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFu
IHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDss
c2Fucy1zZXJpZiI+SGFubmVz4oCZIG5ldyB0ZXh0IGlzIHN0YXRpbmcgdGhhdCB0aGUgZ3JvdXAg
d2lsbCB3b3JrIHRvIGVuZ2FnZSBhbGwgc3Rha2Vob2xkZXJzIChlLmcuLCBvcGVyYXRpbmcgc3lz
dGVtIGRldmVsb3BlcnMsIHNvbHV0aW9uIHByb3ZpZGVycywgY3VzdG9tZXJzKSBpbiB0aGUgSW9U
IHNwYWNlLiBXaGlsZSBJDQogYW0gbm90IGFnYWluc3QgaW5jbHVkaW5nIHN1Y2ggdGV4dCwgdGhp
cyBpcyBzdGF0aW5nIHdoYXQgYW55IHN0YW5kYXJkcyBncm91cCBtdXN0IGRvIHRvIGJlIHN1Y2Nl
c3NmdWwgaW4gdGhlIGFyZWEgYmVpbmcgc3RhbmRhcmRpemVkLiBBcyBhIHJlc3VsdCwgSSBhbSBu
b3Qgc3VyZSB0aGlzIGxhbmd1YWdlIGFkZHMgbXVjaCBhZGRpdGlvbmFsIHZhbHVlIGluIHRoZSBj
aGFydGVyLjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFu
IHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDss
c2Fucy1zZXJpZiI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05v
cm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2Fs
aWJyaSZxdW90OyxzYW5zLXNlcmlmIj5TdWhhcywgZG8geW91IGZlZWwgc3Ryb25nbHkgdGhhdCB0
aGUgY2hhcnRlciB0ZXh0IG5lZWRzIHRvIGJlIGFkanVzdGVkIHRvIGFkZHJlc3MgdGhpcyBjb25j
ZXJuPzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0
eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fu
cy1zZXJpZiI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1h
bCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJy
aSZxdW90OyxzYW5zLXNlcmlmIj5UaGFua3MsPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xh
c3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6
JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmIj5EYXZlPG86cD48L286cD48L3NwYW4+PC9w
Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9u
dC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmIj48bzpwPiZuYnNwOzwvbzpw
Pjwvc3Bhbj48L3A+DQo8ZGl2IHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItbGVmdDpzb2xpZCBi
bHVlIDEuNXB0O3BhZGRpbmc6MGluIDBpbiAwaW4gNC4wcHQiPg0KPGRpdj4NCjxkaXYgc3R5bGU9
ImJvcmRlcjpub25lO2JvcmRlci10b3A6c29saWQgI0UxRTFFMSAxLjBwdDtwYWRkaW5nOjMuMHB0
IDBpbiAwaW4gMGluIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxiPjxzcGFuIHN0eWxlPSJmb250
LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZiI+
RnJvbTo8L3NwYW4+PC9iPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5
OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZiI+IFN1aXQgWzxhIGhyZWY9Im1haWx0bzpz
dWl0LWJvdW5jZXNAaWV0Zi5vcmciPm1haWx0bzpzdWl0LWJvdW5jZXNAaWV0Zi5vcmc8L2E+XQ0K
PGI+T24gQmVoYWxmIE9mIDwvYj5IYW5uZXMgVHNjaG9mZW5pZzxicj4NCjxiPlNlbnQ6PC9iPiBU
aHVyc2RheSwgTm92ZW1iZXIgMjMsIDIwMTcgMjozOCBBTTxicj4NCjxiPlRvOjwvYj4gU3VoYXMg
TmFuZGFrdW1hciAmbHQ7PGEgaHJlZj0ibWFpbHRvOnN1aGFzaWV0ZkBnbWFpbC5jb20iPnN1aGFz
aWV0ZkBnbWFpbC5jb208L2E+Jmd0OzsNCjxhIGhyZWY9Im1haWx0bzpzdWl0QGlldGYub3JnIj5z
dWl0QGlldGYub3JnPC9hPjxicj4NCjxiPlN1YmplY3Q6PC9iPiBSZTogW1N1aXRdIFN1aXQgQ2hh
cnRlcjogV0cgUmVsYXRpb25zaGlwcyB0byBPdGhlcnM8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8
L2Rpdj4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+
DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1HQiIgc3R5bGU9ImZvbnQtc2l6
ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmO2NvbG9y
OiMxRjQ5N0QiPkhpIFN1aGFzLA0KPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1z
b05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tR0IiIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQt
ZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMUY0OTdEIj48bzpw
PiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5n
PSJFTi1HQiIgc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJy
aSZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOiMxRjQ5N0QiPldoZXRoZXIgaXQgaXMgbW9yZSBpbXBv
cnRhbnQgdG8gdGFsayB0byB0aG9zZSBwZW9wbGUgdGhhdCBkZXBsb3kgdGhlIHNvbHV0aW9uIHZz
LiB0aG9zZSB3aG8gbmVlZCB0byBpbXBsZW1lbnQgdGhlbSBpcyBwcm9iYWJseSBpbiB0aGUgZXll
IG9mIHRoZQ0KIGJlaG9sZGVyLiA8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNv
Tm9ybWFsIj48c3BhbiBsYW5nPSJFTi1HQiIgc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1m
YW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOiMxRjQ5N0QiPjxvOnA+
Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9
IkVOLUdCIiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJp
JnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6IzFGNDk3RCI+SWYgeW91IHRoaW5rIGl0IGhlbHBzIHdl
IGNvdWxkIHJlcGhyYXNlIHRoZSBzZW50ZW5jZSBpbiB0aGUgZm9sbG93aW5nIHdheToNCjxvOnA+
PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLUdC
IiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7
LHNhbnMtc2VyaWY7Y29sb3I6IzFGNDk3RCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0K
PHAgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDowaW47bWFyZ2luLXJpZ2h0OjBpbjttYXJnaW4t
Ym90dG9tOjguMHB0O21hcmdpbi1sZWZ0OjBpbiI+DQo8c3BhbiBsYW5nPSJFTi1HQiIgc3R5bGU9
ImNvbG9yOiMxRjQ5N0QiPuKAnDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIHN0eWxlPSJtc28t
bWFyZ2luLXRvcC1hbHQ6MGluO21hcmdpbi1yaWdodDowaW47bWFyZ2luLWJvdHRvbTo4LjBwdDtt
YXJnaW4tbGVmdDowaW4iPg0KPHNwYW4gbGFuZz0iRU4tR0IiIHN0eWxlPSJjb2xvcjojMUY0OTdE
Ij5UaGlzIGdyb3VwIHdpbGwgYWltIHRvIG1haW50YWluIGEgY2xvc2UgcmVsYXRpb25zaGlwIHdp
dGggc2lsaWNvbiB2ZW5kb3JzIGFuZCBPRU1zIHRoYXQgZGV2ZWxvcCBJb1Qgb3BlcmF0aW5nIHN5
c3RlbXMuIEFkZGl0aW9uYWxseSwgdGhlIGdyb3VwIHdpbGwgcmVhY2ggb3V0IHRvIGNvbXBhbmll
cyB3aG8gYnVpbGQgYW5kIGRlcGxveSBJb1QgZGV2aWNlcy4NCjxvOnA+PC9vOnA+PC9zcGFuPjwv
cD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLUdCIiBzdHlsZT0iZm9udC1z
aXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29s
b3I6IzFGNDk3RCI+4oCcPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1h
bCI+PHNwYW4gbGFuZz0iRU4tR0IiIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5
OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMUY0OTdEIj48bzpwPiZuYnNw
OzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1H
QiIgc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90
OyxzYW5zLXNlcmlmO2NvbG9yOiMxRjQ5N0QiPk9mIGNvdXJzZSwgaXQgd291bGQgYmUgZ3JlYXQg
aWYNCjxiPnlvdTwvYj4gY291bGQgYnJpbmcgcGVvcGxlIHdobyBidWlsZCBhbmQgZGVwbG95IElv
VCBkZXZpY2VzIHRvIHRoZSBJRVRGLiA8bzpwPg0KPC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNz
PSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLUdCIiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtm
b250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6IzFGNDk3RCI+
PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4g
bGFuZz0iRU4tR0IiIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0Nh
bGlicmkmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMUY0OTdEIj5DaWFvPG86cD48L286cD48L3Nw
YW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tR0IiIHN0eWxlPSJm
b250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJp
Zjtjb2xvcjojMUY0OTdEIj5IYW5uZXM8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0i
TXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1HQiIgc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9u
dC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOiMxRjQ5N0QiPjxv
OnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxiPjxzcGFu
IHN0eWxlPSJmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O1RhaG9tYSZxdW90Oyxz
YW5zLXNlcmlmIj5Gcm9tOjwvc3Bhbj48L2I+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC4wcHQ7
Zm9udC1mYW1pbHk6JnF1b3Q7VGFob21hJnF1b3Q7LHNhbnMtc2VyaWYiPiBTdWl0IFs8YSBocmVm
PSJtYWlsdG86c3VpdC1ib3VuY2VzQGlldGYub3JnIj5tYWlsdG86c3VpdC1ib3VuY2VzQGlldGYu
b3JnPC9hPl0NCjxiPk9uIEJlaGFsZiBPZiA8L2I+U3VoYXMgTmFuZGFrdW1hcjxicj4NCjxiPlNl
bnQ6PC9iPiAyMyBOb3ZlbWJlciAyMDE3IDAwOjQ1PGJyPg0KPGI+VG86PC9iPiA8YSBocmVmPSJt
YWlsdG86c3VpdEBpZXRmLm9yZyI+c3VpdEBpZXRmLm9yZzwvYT48YnI+DQo8Yj5TdWJqZWN0Ojwv
Yj4gW1N1aXRdIFN1aXQgQ2hhcnRlcjogV0cgUmVsYXRpb25zaGlwcyB0byBPdGhlcnM8bzpwPjwv
bzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1HQiI+
PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPGRpdj4NCjxwIHN0eWxlPSJtc28tbWFyZ2lu
LXRvcC1hbHQ6MGluO21hcmdpbi1yaWdodDowaW47bWFyZ2luLWJvdHRvbTo4LjBwdDttYXJnaW4t
bGVmdDowaW4iPg0KPHNwYW4gbGFuZz0iRU4tR0IiIHN0eWxlPSJmb250LWZhbWlseTomcXVvdDtB
cmlhbCZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOmJsYWNrIj5IZWxsbyBBbGw8L3NwYW4+PHNwYW4g
bGFuZz0iRU4tR0IiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIHN0eWxlPSJtc28tbWFyZ2lu
LXRvcC1hbHQ6MGluO21hcmdpbi1yaWdodDowaW47bWFyZ2luLWJvdHRvbTo4LjBwdDttYXJnaW4t
bGVmdDowaW4iPg0KPHNwYW4gbGFuZz0iRU4tR0IiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwv
cD4NCjxwIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6MGluO21hcmdpbi1yaWdodDowaW47bWFy
Z2luLWJvdHRvbTo4LjBwdDttYXJnaW4tbGVmdDowaW4iPg0KPHNwYW4gbGFuZz0iRU4tR0IiIHN0
eWxlPSJmb250LWZhbWlseTomcXVvdDtBcmlhbCZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOmJsYWNr
Ij5DdXJyZW50IGNoYXJ0ZXIgdGV4dCBzYXlzIHRoZSBmb2xsb3dpbmcgb24gdGhlIG1hdHRlciBp
biB0aGUgc3ViamVjdDwvc3Bhbj48c3BhbiBsYW5nPSJFTi1HQiI+PG86cD48L286cD48L3NwYW4+
PC9wPg0KPHAgc3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDowaW47bWFyZ2luLXJpZ2h0OjBpbjtt
YXJnaW4tYm90dG9tOjguMHB0O21hcmdpbi1sZWZ0OjBpbiI+DQo8c3BhbiBsYW5nPSJFTi1HQiIg
c3R5bGU9ImZvbnQtZmFtaWx5OiZxdW90O0FyaWFsJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6IzI0
MjkyRSI+JnF1b3Q7JnF1b3Q7JnF1b3Q7PC9zcGFuPjxzcGFuIGxhbmc9IkVOLUdCIj48bzpwPjwv
bzpwPjwvc3Bhbj48L3A+DQo8cCBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OjBpbjttYXJnaW4t
cmlnaHQ6MGluO21hcmdpbi1ib3R0b206OC4wcHQ7bWFyZ2luLWxlZnQ6MGluIj4NCjxzcGFuIGxh
bmc9IkVOLUdCIiBzdHlsZT0iZm9udC1mYW1pbHk6JnF1b3Q7QXJpYWwmcXVvdDssc2Fucy1zZXJp
Zjtjb2xvcjojMjQyOTJFIj5UaGlzIGdyb3VwIHdpbGwgYWltIHRvIG1haW50YWluIGEgY2xvc2Ug
cmVsYXRpb25zaGlwIHdpdGggc2lsaWNvbiB2ZW5kb3JzIGFuZCBPRU1zIHRoYXQgZGV2ZWxvcCBJ
b1Qgb3BlcmF0aW5nIHN5c3RlbXMuPC9zcGFuPjxzcGFuIGxhbmc9IkVOLUdCIj48bzpwPjwvbzpw
Pjwvc3Bhbj48L3A+DQo8cCBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OjBpbjttYXJnaW4tcmln
aHQ6MGluO21hcmdpbi1ib3R0b206OC4wcHQ7bWFyZ2luLWxlZnQ6MGluIj4NCjxzcGFuIGxhbmc9
IkVOLUdCIiBzdHlsZT0iZm9udC1mYW1pbHk6JnF1b3Q7QXJpYWwmcXVvdDssc2Fucy1zZXJpZjtj
b2xvcjojMjQyOTJFIj4mcXVvdDsmcXVvdDsmcXVvdDs8L3NwYW4+PHNwYW4gbGFuZz0iRU4tR0Ii
PjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1hbHQ6MGlu
O21hcmdpbi1yaWdodDowaW47bWFyZ2luLWJvdHRvbTo4LjBwdDttYXJnaW4tbGVmdDowaW4iPg0K
PHNwYW4gbGFuZz0iRU4tR0IiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIHN0eWxl
PSJtc28tbWFyZ2luLXRvcC1hbHQ6MGluO21hcmdpbi1yaWdodDowaW47bWFyZ2luLWJvdHRvbTo4
LjBwdDttYXJnaW4tbGVmdDowaW4iPg0KPHNwYW4gbGFuZz0iRU4tR0IiIHN0eWxlPSJmb250LWZh
bWlseTomcXVvdDtBcmlhbCZxdW90OyxzYW5zLXNlcmlmO2NvbG9yOiMyNDI5MkUiPkkgc3VnZ2Vz
dCB0aGF0IGl0IGlzIG1vcmUgaW1wb3J0YW50IGZvciB0aGlzIGdyb3Vw4oCZcyBzdWNjZXNzIGlz
IGFsc28gdG8gbWFpbnRhaW4gcmVsYXRpb25zaGlwcyB3aXRoIHRoZSBwZW9wbGUgdGhhdCBhY3R1
YWxseSBidWlsZCBhbmQgZGVwbG95IElPVCBkZXZpY2VzIGFuZCB0aGVzZSBzaG91bGQgYWxzbyBi
ZSBhZGRlZA0KIGhlcmUuPC9zcGFuPjxzcGFuIGxhbmc9IkVOLUdCIj48bzpwPjwvbzpwPjwvc3Bh
bj48L3A+DQo8cCBzdHlsZT0ibXNvLW1hcmdpbi10b3AtYWx0OjBpbjttYXJnaW4tcmlnaHQ6MGlu
O21hcmdpbi1ib3R0b206OC4wcHQ7bWFyZ2luLWxlZnQ6MGluIj4NCjxzcGFuIGxhbmc9IkVOLUdC
Ij48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBzdHlsZT0ibXNvLW1hcmdpbi10b3At
YWx0OjBpbjttYXJnaW4tcmlnaHQ6MGluO21hcmdpbi1ib3R0b206OC4wcHQ7bWFyZ2luLWxlZnQ6
MGluIj4NCjxzcGFuIGxhbmc9IkVOLUdCIiBzdHlsZT0iZm9udC1mYW1pbHk6JnF1b3Q7QXJpYWwm
cXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMjQyOTJFIj5DaGVlcnM8L3NwYW4+PHNwYW4gbGFuZz0i
RU4tR0IiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIHN0eWxlPSJtc28tbWFyZ2luLXRvcC1h
bHQ6MGluO21hcmdpbi1yaWdodDowaW47bWFyZ2luLWJvdHRvbTo4LjBwdDttYXJnaW4tbGVmdDow
aW4iPg0KPHNwYW4gbGFuZz0iRU4tR0IiIHN0eWxlPSJmb250LWZhbWlseTomcXVvdDtBcmlhbCZx
dW90OyxzYW5zLXNlcmlmO2NvbG9yOiMyNDI5MkUiPlN1aGFzIE5hbmRha3VtYXI8L3NwYW4+PHNw
YW4gbGFuZz0iRU4tR0IiPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxkaXY+DQo8cCBjbGFzcz0i
TXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1HQiI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9w
Pg0KPC9kaXY+DQo8L2Rpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLUdC
IiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7
LHNhbnMtc2VyaWYiPklNUE9SVEFOVCBOT1RJQ0U6IFRoZSBjb250ZW50cyBvZiB0aGlzIGVtYWls
IGFuZCBhbnkgYXR0YWNobWVudHMgYXJlIGNvbmZpZGVudGlhbCBhbmQgbWF5IGFsc28gYmUgcHJp
dmlsZWdlZC4gSWYgeW91IGFyZSBub3QgdGhlIGludGVuZGVkIHJlY2lwaWVudCwgcGxlYXNlIG5v
dGlmeQ0KIHRoZSBzZW5kZXIgaW1tZWRpYXRlbHkgYW5kIGRvIG5vdCBkaXNjbG9zZSB0aGUgY29u
dGVudHMgdG8gYW55IG90aGVyIHBlcnNvbiwgdXNlIGl0IGZvciBhbnkgcHVycG9zZSwgb3Igc3Rv
cmUgb3IgY29weSB0aGUgaW5mb3JtYXRpb24gaW4gYW55IG1lZGl1bS4gVGhhbmsgeW91Lg0KPG86
cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjwvYm9keT4NCjwvaHRtbD4NCg==

--_000_CY4PR21MB0856A431B7A61967829E60EFA3250CY4PR21MB0856namp_--


From nobody Mon Nov 27 11:24:38 2017
Return-Path: <david.waltermire@nist.gov>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E8925126BFD; Mon, 27 Nov 2017 11:24:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level: 
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UrJOwBiDWJVx; Mon, 27 Nov 2017 11:24:34 -0800 (PST)
Received: from gcc01-CY1-obe.outbound.protection.outlook.com (mail-cy1gcc01on0122.outbound.protection.outlook.com [23.103.200.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CBBC01242F5; Mon, 27 Nov 2017 11:24:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=KmRdsC/maDwzbFlRBIoAFkuny2TJlxGzVXVnf7ZGg3E=; b=o+k4Q01w6+ULb+N+ZX+Uvf6K8paIeSGxXcQAvLFy+i1W77qlQUdCcFSoy7HTVe/uHNPdnngnxv02UWrlJv08m8qiu0JZuJhoByrdlZJ03m/iMOK0/H45ydq3cXb/ATz1SFRoll0j/gnb3mbxBKyBcETc3ikLPRpBer8B+y+aYZ0=
Received: from CY4PR09MB1495.namprd09.prod.outlook.com (10.173.191.141) by CY4PR09MB1493.namprd09.prod.outlook.com (10.173.191.139) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.239.5; Mon, 27 Nov 2017 19:24:32 +0000
Received: from CY4PR09MB1495.namprd09.prod.outlook.com ([10.173.191.141]) by CY4PR09MB1495.namprd09.prod.outlook.com ([10.173.191.141]) with mapi id 15.20.0260.006; Mon, 27 Nov 2017 19:24:33 +0000
From: "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>
To: Michael Richardson <mcr+ietf@sandelman.ca>, Suhas Nandakumar <suhasietf@gmail.com>
CC: "suit@ietf.org" <suit@ietf.org>, "suit-chairs@ietf.org" <suit-chairs@ietf.org>
Thread-Topic: [Suit] Suit Charter Updates Process Question
Thread-Index: AQHTY+ps2NnfCkDXrkOFGcxpIv1Q2qMiOyUAgAZiS+A=
Date: Mon, 27 Nov 2017 19:24:33 +0000
Message-ID: <CY4PR09MB149519CC288AFBB5AFA65571F0250@CY4PR09MB1495.namprd09.prod.outlook.com>
References: <CAMRcRGSgvrhD9Z86vZ9V8hP-xui=gFRuRW6oyO_7y4Jz=MgH1Q@mail.gmail.com> <19053.1511458544@obiwan.sandelman.ca>
In-Reply-To: <19053.1511458544@obiwan.sandelman.ca>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: spf=none (sender IP is ) smtp.mailfrom=david.waltermire@nist.gov; 
x-originating-ip: [129.6.224.58]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; CY4PR09MB1493; 6:Z2vj5R711rJPlUXQZmEiW7PoX+E1WIyuYnEUlOhgAvkVJYYxasyBSqZrcD+31MTqTzOfOXdglfFJGYbSHHQ/V4qN2uazGmhyirl6EoO4jK+ZE3axM+W7I0wxdpBBYY1WaPGJS1mJDd0fPgC4oeSzg4BxmJri9NhCFFJszBA4z0JR7kKzbZ+N3HrrPh8SRVhMZcETjQnniSepaM1+rAzZvIvfy/Kxz935ijzxmaEsZuAr8V8Ls5kGWy9Nu++QvYwSXmbk4oh0pIBlkIC2e6GRmSaCOd5kJb9MCGM4IA5HcStj4jggaEfswYAnuv6gNFk87u3NkMLDmB9hnQx4yrtEoXS5lK2W58lhD/m/3ezWlZg=; 5:lJnZjto0ZazPfJkef7GWlCWmDkgWLiUO6Q5+e9MteSa2rt7AulERvCg/gwwHv5KcVtFOOooHdQGvmQR24OCZ/Pk1uYkAcdqkxvnbZ4+Jck9c1MKUTetGVv71DSEUux1/ym7qROXZDUQn2ySjM1+wQIadv5xUSXbnTwyFl+Hdji4=; 24:muucOCfj/jL+xOX+SAq9IuewQ2U4HnnACpqNwm1nPC3TqgfqONe0hk9cJ3Nw9NJU09T5/iPJmg0I+6Kw3zgYGucHHxshXAbBXL3AAsd0w28=; 7:mwhH8fjH9kyFF9w87Hc710vPX022N20HzX4C/V8uQ5bato4EaJmaMtLybyJDEFDdsaxT+DIgNbsDm9cH3zZQPTtXajERkewrTOBwFH73bUqe9E9kenGPAahvvSeQZYeWMRPd7/yXzrYaH0BJBTuV8xDIs3HNTuVH1A17tKuo3aLGT61UfrxUi80Sn2p0hXkdasFzvXURvm5CsjlsodN0w64rBODDEmAgP7Dj8GjaJhB5wmjl+1Y0EmtplmD5et7j
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: fc9b2bec-d4da-4c4d-5042-08d535cc7d28
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(5600026)(4604075)(2017052603199); SRVR:CY4PR09MB1493; 
x-ms-traffictypediagnostic: CY4PR09MB1493:
x-microsoft-antispam-prvs: <CY4PR09MB1493F19FBA20C60111B3AAAEF0250@CY4PR09MB1493.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(120809045254105)(100405760836317);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040450)(2401047)(8121501046)(5005006)(3231022)(93006095)(93001095)(3002001)(10201501046)(6055026)(6041248)(20161123555025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123562025)(20161123558100)(20161123560025)(20161123564025)(6072148)(201708071742011); SRVR:CY4PR09MB1493; BCL:0; PCL:0; RULEID:(100000803101)(100110400095); SRVR:CY4PR09MB1493; 
x-forefront-prvs: 0504F29D72
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(366004)(39860400002)(346002)(376002)(199003)(24454002)(189002)(13464003)(51444003)(2900100001)(229853002)(2906002)(305945005)(25786009)(68736007)(77096006)(4326008)(50986999)(81166006)(8676002)(81156014)(6506006)(74316002)(54356999)(55016002)(101416001)(3280700002)(7736002)(76176999)(15650500001)(102836003)(3846002)(3660700001)(39060400002)(97736004)(6116002)(8936002)(53546010)(316002)(66066001)(6246003)(6436002)(5660300001)(105586002)(110136005)(478600001)(106356001)(53936002)(189998001)(2950100002)(54906003)(99286004)(33656002)(14454004)(7696005)(86362001)(9686003)(6306002)(966005); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR09MB1493; H:CY4PR09MB1495.namprd09.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords;  A:1; MX:1; LANG:en; 
received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-Network-Message-Id: fc9b2bec-d4da-4c4d-5042-08d535cc7d28
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Nov 2017 19:24:33.0625 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR09MB1493
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/BcSfPtWVijf7G1aQ8qUIptTUaqs>
Subject: Re: [Suit] Suit Charter Updates Process Question
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Nov 2017 19:24:37 -0000

DQpDb21tZW50cyBpbmxpbmUgYmVsb3cuDQoNCj4gLS0tLS1PcmlnaW5hbCBNZXNzYWdlLS0tLS0N
Cj4gRnJvbTogTWljaGFlbCBSaWNoYXJkc29uIFttYWlsdG86bWNyK2lldGZAc2FuZGVsbWFuLmNh
XQ0KPiBTZW50OiBUaHVyc2RheSwgTm92ZW1iZXIgMjMsIDIwMTcgMTI6MzYgUE0NCj4gVG86IFN1
aGFzIE5hbmRha3VtYXIgPHN1aGFzaWV0ZkBnbWFpbC5jb20+DQo+IENjOiBzdWl0QGlldGYub3Jn
OyBzdWl0LWNoYWlyc0BpZXRmLm9yZw0KPiBTdWJqZWN0OiBSZTogW1N1aXRdIFN1aXQgQ2hhcnRl
ciBVcGRhdGVzIFByb2Nlc3MgUXVlc3Rpb24NCj4gDQo+IA0KPiBTdWhhcyBOYW5kYWt1bWFyIDxz
dWhhc2lldGZAZ21haWwuY29tPiB3cm90ZToNCj4gICAgID4gSSBhbSBiaXQgY29uZnVzZWQgb24g
dGhlIGFjdHVhbCBwcm9jZXNzIGZvbGxvd2VkIGluIHVwZGF0aW5nIHRoZSBTdWl0DQo+ICAgICA+
IENoYXJ0ZXIuIEl0IGxvb2tzIGxpa2UgdGhlIGN1cnJlbnQgY2hhcnRlciBkb2VzbuKAmXQgc2Vl
bSB0byByZWZsZWN0DQo+ICAgICA+IGZ1bGx5IHRoZSBjb25zZW5zdXMgb3IgZGlzY3Vzc2lvbiBw
b2ludHMgZnJvbSB0aGUgQk9GLg0KPiANCj4gSSB0aGluayB0aGF0IHlvdSBzaG91bGQgY29uc2lk
ZXIgdGhhdCB0aGUgdGV4dCBnZXRzIHVwbG9hZGVkIG9uIGEgcXVhc2ktcGVyaW9kaWMNCj4gYmFz
aXMgc28gdGhhdCB3ZSBjYW4gYWxsIGJlIHRhbGtpbmcgYWJvdXQgdGhlIHNhbWUgdGhpbmcuDQoN
ClRoZSBsYXRlc3QgY2hhcnRlciB0ZXh0IGlzIHBvc3RlZCBvbiB0aGUgU1VJVCBEYXRhdHJhY2tl
ciBwYWdlIGhlcmU6DQoNCmh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2NoYXJ0ZXIt
aWV0Zi1zdWl0Lw0KDQpUaGlzIHRleHQgd2FzIHVwZGF0ZWQgYWZ0ZXIgdGhlIEJvRiBvbiBOb3Zl
bWJlciAxNXRoLg0KDQpUaGUgY2hhcnRlciB0ZXh0IGF0IHRoaXMgbGluayBpcyBpbnRlbmRlZCB0
byByZXByZXNlbnQgdGhlIGNvbnNlbnN1cyByZWFjaGVkIGZyb20gdGhlIGh1bXMgZHVyaW5nIEJv
Ri4gVG8gY29uZmlybSB0aGVzZSBjaGFuZ2VzIG9uIHRoZSBsaXN0LCB3ZSBoYXZlIHBvc3RlZCB1
cGRhdGVkIGNoYXJ0ZXIgdGV4dC4gSWYgYW55b25lIGJlbGlldmVzIHRoZXJlIGFyZSBjb25jZXJu
cyB3aXRoIHRoZSBjaGFydGVyIHRleHQgdGhhdCBoYXZlIG5vdCBiZWVuIGFkZXF1YXRlbHkgYWRk
cmVzc2VkLCBwbGVhc2UgcmFpc2UgdGhvc2UgY29uY2VybnMgQVNBUC4NCg0KPiAgICAgPiBBbHNv
IGl0IHdvdWxkIGhhdmUgYmVlbiBvZiBncmVhdCBoZWxwIGlmIHRoZSB1cGRhdGVkIGNoYXJ0ZXIg
d2FzIHNlbnQNCj4gICAgID4gdG8gdGhlIFNVSVQgbWFpbGluZyBsaXN0IGZvciBxdWVzdGlvbnMv
Y29uc2Vuc3VzIGJlZm9yZSBnZXR0aW5nDQo+ICAgICA+IHVwbG9hZGVkIHRvIHRoZSBkYXRhdHJh
Y2tlci4gSSBoYWQgdG8gYWNjaWRlbnRhbGx5IGZpbmQgaXQgZW1iZWRkZWQgaW4NCj4gICAgID4g
dGhlIEJPRiByZXBvcnQgc2VudCB0byBzYWFnIG1haWxpbmcgbGlzdC4NCj4gDQo+IFllcywgSSBh
Z3JlZSB0aGF0IHRoaXMgaXMgbGVzcyB0aGFuIGlkZWFsLg0KPiBCdXQsIGZvciBtYW55IHBlb3Bs
ZSB0aGlzIGlzIGEgZG93biB3ZWVrLCBib3RoIGJlY2F1c2Ugb2YgVVMgVGhhbmtzZ2l2aW5nIGFu
ZA0KPiBiZWNhdXNlIGl0J3MgdGhlIHdlZWsgYWZ0ZXIgdGhlIElFVEYgbWVldGluZywgYW5kIG1h
bnkgcGVvcGxlIG5lZWQgcmVjb3ZlcnkNCj4gdGltZSwgc28gcGxlYXNlIGJlIHBhdGllbnQuDQoN
Ck1pY2hhZWwsIHRoYW5rcyBmb3IgcmVzcG9uZGluZyB3aGlsZSBJIHdhcyBhd2F5IHJlY292ZXJp
bmcgZnJvbSBqZXQgbGFnIGFuZCBlbmpveWluZyB0aW1lIHdpdGggZmFtaWx5IG92ZXIgdGhlIFRo
YW5rc2dpdmluZyBob2xpZGF5LiANCg0KSSB3aWxsIHBvc3QgdG8gdGhlIGxpc3QgaWYgYW55IGNo
YW5nZXMgYXJlIG1hZGUgdG8gdGhlIGNoYXJ0ZXIgZ29pbmcgZm9yd2FyZC4NCg0KPiAgICAgPiBT
aG91bGQgcXVlc3Rpb25zL2NvbW1lbnRzIGFib3V0IHRoZSBjdXJyZW50IGNoYXJ0ZXIgc2VudCB0
byBTdWl0DQo+ICAgICA+IG1haWxpbmcgbGlzdCBiZSB0aGUgcmlnaHQgd2F5IHRvIGZvbGxvdyB1
cCA/DQoNClllcy4gUGxlYXNlIHNlbmQgYW55IGNvbmNlcm5zIHRvIHRoZSBsaXN0LiBBbHNvLCBw
bGVhc2UgcHJvdmlkZSBuZXcgc3VnZ2VzdGVkIGNoYXJ0ZXIgdGV4dCBmb3IgYW55IHByb3Bvc2Vk
IGNoYW5nZXMuIFRoaXMgd2lsbCBoZWxwIGV2ZXJ5b25lIGJldHRlciBjb25zaWRlciB0aGUgY2hh
bmdlLg0KDQo+ICAgICA+IEFsc28sIFdobyBpcyBhY3R1YWxseQ0KPiAgICAgPiB1cGRhdGluZyB0
aGUgY2hhcnRlcj8NCj4gDQo+IEdlbmVyYWxseSwgdGhlIEJPRiBjaGFpcnMgYW5kL29yIHByb3Bv
bmVudHMgZG8gdGhhdCBpbiBjb25zdWx0YXRpb24gd2l0aCB0aGUNCj4gc3BvbnNvcmluZyBBRCBh
bmQgdGhlIE1MLg0KDQpEYXZlIGFuZCBJIGFyZSB3b3JraW5nIHdpdGggS2F0aGxlZW4gdG8gZWRp
dCB0aGUgY2hhcnRlciBiYXNlZCBvbiB0aGUgb25nb2luZyBkaXNjdXNzaW9uIG9uIHRoZSBsaXN0
LiBLYXRobGVlbiBoYXMgYmVlbiBwb3N0aW5nIGNoYW5nZXMgYXMgdGhleSBoYXZlIG9jY3VycmVk
IHRvIHRoZSBEYXRhdHJhY2tlci4NCg0KPiANCj4gLS0NCj4gTWljaGFlbCBSaWNoYXJkc29uIDxt
Y3IrSUVURkBzYW5kZWxtYW4uY2E+LCBTYW5kZWxtYW4gU29mdHdhcmUgV29ya3MgIC0NCj4gPSBJ
UHY2IElvVCBjb25zdWx0aW5nID0tDQo+IA0KPiANCg0KUmVnYXJkcywNCkRhdmUNCg==


From nobody Mon Nov 27 17:45:49 2017
Return-Path: <adam@nostrum.com>
X-Original-To: suit@ietf.org
Delivered-To: suit@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id A33CE1200C1; Mon, 27 Nov 2017 17:45:44 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Adam Roach <adam@nostrum.com>
To: "The IESG" <iesg@ietf.org>
Cc: suit-chairs@ietf.org, suit@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.66.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <151183354464.13319.17996271116356933699.idtracker@ietfa.amsl.com>
Date: Mon, 27 Nov 2017 17:45:44 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/Lo9B5-9uIHtMfQnZfHDscO8iePM>
Subject: [Suit] Adam Roach's No Objection on charter-ietf-suit-00-07: (with COMMENT)
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Nov 2017 01:45:45 -0000

Adam Roach has entered the following ballot position for
charter-ietf-suit-00-07: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)



The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/charter-ietf-suit/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

This paragraph appears to be missing some line breaks:

> In particular this group aims to publish several documents, namely:
> - An IoT firmware update architecture that includes a description of the
> involved entities, security threats, and assumptions. - One or more manifest
> format specifications.



From nobody Tue Nov 28 00:04:49 2017
Return-Path: <suhasietf@gmail.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C91D3124B17; Tue, 28 Nov 2017 00:04:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Level: 
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GGN9irpDBvaH; Tue, 28 Nov 2017 00:04:45 -0800 (PST)
Received: from mail-vk0-x22a.google.com (mail-vk0-x22a.google.com [IPv6:2607:f8b0:400c:c05::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 580C91200CF; Tue, 28 Nov 2017 00:04:45 -0800 (PST)
Received: by mail-vk0-x22a.google.com with SMTP id t3so2108422vke.0; Tue, 28 Nov 2017 00:04:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;  h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ACS2OGXnlh4/xuaAoFnXI6KtfVIqRLPSwwNVwRIJZaA=; b=MUizePPSS/SdgKtfWCuMC/K2omhircO/97YBsf4lhuzDzTizSMJgdJ/kySI8raUc5T x/LkC9bdqYDiHT9rji9PRFhd/fQl/jk4g5jnt0HNJ8G8qwWkQx/7cjtxO69a0IkFh9zF mYHwQ0bbq2uar++NqdUmSVa7E3INYhSufoseS0PCoYA5PCFhBZ07/kRJ+CH4qnlKl7Mj 8wLhpr7wTkWW1D04IlPd8HKTbphJGJhFRlnoJsF9b3CWGteoaCYrC2HKllFWeWbUQ4M9 Oreb7Don3Qxv1MNkDymA3SzVpRPDSMYB2ijul+KKTA0HCeoN4AHsVYiOn2QEYWX5LUUg e+bw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ACS2OGXnlh4/xuaAoFnXI6KtfVIqRLPSwwNVwRIJZaA=; b=a+O/jdqn3cR8NJhH5bgITQCcq2IwvJKPSkE33xWu40hh/UOYa2ZmNaIoTMOnMV96Qe MkCN4ViCXj/SNjslrFRQmVd9lmU+1KT2jjOveNMSlDoYPuT/yKgjjliab6C7jKfnQC42 hdOIOIYFoVPD46YTrdAm/GmU6mGydHQSOaurcDTbNq4j08TaeCt5SxQS5ubZgpR8G5Zb yeOjxaEUGFTMRtdzWISe4gBL3jp4jyDedqlasLl77anp45u/81ajbxZxlOd7htS8JRp3 +dJOHkeSvqVpm1NdlW40OYEulhhws45qlnXJYQ56epGjBBEhY4CxM92OHCn635Hk+GDB ra8Q==
X-Gm-Message-State: AJaThX4HkuytsZNzYKonPO5GAVukGZ/n4z8Z6DuMN7Q+dxKKi58fVn29 RauIiNF5FVfkaIQhKjAjip3OHouFpsQ6cHvGGKQ=
X-Google-Smtp-Source: AGs4zMbInxiOKK49xsoyfG9SU9ZBsDONMD2gxA5x7EkUjoAt82AtFJg+iQ9Pjxmr8Opng6Y1cPuQq8rFBAjIfRT8dHw=
X-Received: by 10.31.56.10 with SMTP id f10mr28216022vka.106.1511856284330; Tue, 28 Nov 2017 00:04:44 -0800 (PST)
MIME-Version: 1.0
References: <CAMRcRGSgvrhD9Z86vZ9V8hP-xui=gFRuRW6oyO_7y4Jz=MgH1Q@mail.gmail.com> <19053.1511458544@obiwan.sandelman.ca> <CY4PR09MB149519CC288AFBB5AFA65571F0250@CY4PR09MB1495.namprd09.prod.outlook.com>
In-Reply-To: <CY4PR09MB149519CC288AFBB5AFA65571F0250@CY4PR09MB1495.namprd09.prod.outlook.com>
From: Suhas Nandakumar <suhasietf@gmail.com>
Date: Tue, 28 Nov 2017 08:04:33 +0000
Message-ID: <CAMRcRGQ_w_LW4_ESyz9dgf09yGCiYTwJ5UdQ4PkGzg-kwZg5tA@mail.gmail.com>
To: "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>
Cc: Michael Richardson <mcr+ietf@sandelman.ca>, "suit-chairs@ietf.org" <suit-chairs@ietf.org>,  "suit@ietf.org" <suit@ietf.org>
Content-Type: multipart/alternative; boundary="001a1143e9b6c77247055f06789b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/2mpIhtw1RL9nbubBge_ZObe0hCQ>
Subject: Re: [Suit] Suit Charter Updates Process Question
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Nov 2017 08:04:48 -0000

--001a1143e9b6c77247055f06789b
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Thanks David and Michael for the responses.  I have followed up with few
concerns/requests correspondences  via email to the list for charter
updates and scope of the WG.
Here is one on the charter text suggestions.
https://www.ietf.org/mail-archive/web/suit/current/msg00239.html

Hope this helps

Thanks
Suhas

On Mon, Nov 27, 2017 at 11:24 AM, Waltermire, David A. (Fed) <
david.waltermire@nist.gov> wrote:

>
> Comments inline below.
>
> > -----Original Message-----
> > From: Michael Richardson [mailto:mcr+ietf@sandelman.ca]
> > Sent: Thursday, November 23, 2017 12:36 PM
> > To: Suhas Nandakumar <suhasietf@gmail.com>
> > Cc: suit@ietf.org; suit-chairs@ietf.org
> > Subject: Re: [Suit] Suit Charter Updates Process Question
> >
> >
> > Suhas Nandakumar <suhasietf@gmail.com> wrote:
> >     > I am bit confused on the actual process followed in updating the
> Suit
> >     > Charter. It looks like the current charter doesn=E2=80=99t seem t=
o reflect
> >     > fully the consensus or discussion points from the BOF.
> >
> > I think that you should consider that the text gets uploaded on a
> quasi-periodic
> > basis so that we can all be talking about the same thing.
>
> The latest charter text is posted on the SUIT Datatracker page here:
>
> https://datatracker.ietf.org/doc/charter-ietf-suit/
>
> This text was updated after the BoF on November 15th.
>
> The charter text at this link is intended to represent the consensus
> reached from the hums during BoF. To confirm these changes on the list, w=
e
> have posted updated charter text. If anyone believes there are concerns
> with the charter text that have not been adequately addressed, please rai=
se
> those concerns ASAP.
>
> >     > Also it would have been of great help if the updated charter was
> sent
> >     > to the SUIT mailing list for questions/consensus before getting
> >     > uploaded to the datatracker. I had to accidentally find it
> embedded in
> >     > the BOF report sent to saag mailing list.
> >
> > Yes, I agree that this is less than ideal.
> > But, for many people this is a down week, both because of US
> Thanksgiving and
> > because it's the week after the IETF meeting, and many people need
> recovery
> > time, so please be patient.
>
> Michael, thanks for responding while I was away recovering from jet lag
> and enjoying time with family over the Thanksgiving holiday.
>
> I will post to the list if any changes are made to the charter going
> forward.
>
> >     > Should questions/comments about the current charter sent to Suit
> >     > mailing list be the right way to follow up ?
>
> Yes. Please send any concerns to the list. Also, please provide new
> suggested charter text for any proposed changes. This will help everyone
> better consider the change.
>
> >     > Also, Who is actually
> >     > updating the charter?
> >
> > Generally, the BOF chairs and/or proponents do that in consultation wit=
h
> the
> > sponsoring AD and the ML.
>
> Dave and I are working with Kathleen to edit the charter based on the
> ongoing discussion on the list. Kathleen has been posting changes as they
> have occurred to the Datatracker.
>
> >
> > --
> > Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works  -
> > =3D IPv6 IoT consulting =3D-
> >
> >
>
> Regards,
> Dave
>

--001a1143e9b6c77247055f06789b
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div><div>Thanks David and Michael for the responses.=C2=A0 I have followed=
 up with few concerns/requests correspondences=C2=A0 via email to the list =
for charter updates and scope of the WG.<div>Here is one on the charter tex=
t suggestions.=C2=A0</div><div><a href=3D"https://www.ietf.org/mail-archive=
/web/suit/current/msg00239.html" target=3D"_blank">https://www.ietf.org/mai=
l-archive/web/suit/current/msg00239.html</a><br></div><div><br></div></div>=
</div><div dir=3D"auto">Hope this helps</div><div dir=3D"auto"><br></div><d=
iv dir=3D"auto">Thanks=C2=A0</div><div dir=3D"auto">Suhas=C2=A0</div><div><=
div class=3D"gmail_extra"><br><div class=3D"gmail_quote">On Mon, Nov 27, 20=
17 at 11:24 AM, Waltermire, David A. (Fed) <span>&lt;<a href=3D"mailto:davi=
d.waltermire@nist.gov" target=3D"_blank">david.waltermire@nist.gov</a>&gt;<=
/span> wrote:<br><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8=
ex;border-left:1px #ccc solid;padding-left:1ex"><br>
Comments inline below.<br>
<span><br>
&gt; -----Original Message-----<br>
&gt; From: Michael Richardson [mailto:<a href=3D"mailto:mcr%2Bietf@sandelma=
n.ca" target=3D"_blank">mcr+ietf@sandelman.ca</a>]<br>
&gt; Sent: Thursday, November 23, 2017 12:36 PM<br>
&gt; To: Suhas Nandakumar &lt;<a href=3D"mailto:suhasietf@gmail.com" target=
=3D"_blank">suhasietf@gmail.com</a>&gt;<br>
&gt; Cc: <a href=3D"mailto:suit@ietf.org" target=3D"_blank">suit@ietf.org</=
a>; <a href=3D"mailto:suit-chairs@ietf.org" target=3D"_blank">suit-chairs@i=
etf.org</a><br>
&gt; Subject: Re: [Suit] Suit Charter Updates Process Question<br>
&gt;<br>
&gt;<br>
&gt; Suhas Nandakumar &lt;<a href=3D"mailto:suhasietf@gmail.com" target=3D"=
_blank">suhasietf@gmail.com</a>&gt; wrote:<br>
&gt;=C2=A0 =C2=A0 =C2=A0&gt; I am bit confused on the actual process follow=
ed in updating the Suit<br>
&gt;=C2=A0 =C2=A0 =C2=A0&gt; Charter. It looks like the current charter doe=
sn=E2=80=99t seem to reflect<br>
&gt;=C2=A0 =C2=A0 =C2=A0&gt; fully the consensus or discussion points from =
the BOF.<br>
&gt;<br>
&gt; I think that you should consider that the text gets uploaded on a quas=
i-periodic<br>
&gt; basis so that we can all be talking about the same thing.<br>
<br>
</span>The latest charter text is posted on the SUIT Datatracker page here:=
<br>
<br>
<a href=3D"https://datatracker.ietf.org/doc/charter-ietf-suit/" rel=3D"nore=
ferrer" target=3D"_blank">https://datatracker.ietf.org/doc/charter-ietf-sui=
t/</a><br>
<br>
This text was updated after the BoF on November 15th.<br>
<br>
The charter text at this link is intended to represent the consensus reache=
d from the hums during BoF. To confirm these changes on the list, we have p=
osted updated charter text. If anyone believes there are concerns with the =
charter text that have not been adequately addressed, please raise those co=
ncerns ASAP.<br>
<span><br>
&gt;=C2=A0 =C2=A0 =C2=A0&gt; Also it would have been of great help if the u=
pdated charter was sent<br>
&gt;=C2=A0 =C2=A0 =C2=A0&gt; to the SUIT mailing list for questions/consens=
us before getting<br>
&gt;=C2=A0 =C2=A0 =C2=A0&gt; uploaded to the datatracker. I had to accident=
ally find it embedded in<br>
&gt;=C2=A0 =C2=A0 =C2=A0&gt; the BOF report sent to saag mailing list.<br>
&gt;<br>
&gt; Yes, I agree that this is less than ideal.<br>
&gt; But, for many people this is a down week, both because of US Thanksgiv=
ing and<br>
&gt; because it&#39;s the week after the IETF meeting, and many people need=
 recovery<br>
&gt; time, so please be patient.<br>
<br>
</span>Michael, thanks for responding while I was away recovering from jet =
lag and enjoying time with family over the Thanksgiving holiday.<br>
<br>
I will post to the list if any changes are made to the charter going forwar=
d.<br>
<span><br>
&gt;=C2=A0 =C2=A0 =C2=A0&gt; Should questions/comments about the current ch=
arter sent to Suit<br>
&gt;=C2=A0 =C2=A0 =C2=A0&gt; mailing list be the right way to follow up ?<b=
r>
<br>
</span>Yes. Please send any concerns to the list. Also, please provide new =
suggested charter text for any proposed changes. This will help everyone be=
tter consider the change.<br>
<span><br>
&gt;=C2=A0 =C2=A0 =C2=A0&gt; Also, Who is actually<br>
&gt;=C2=A0 =C2=A0 =C2=A0&gt; updating the charter?<br>
&gt;<br>
&gt; Generally, the BOF chairs and/or proponents do that in consultation wi=
th the<br>
&gt; sponsoring AD and the ML.<br>
<br>
</span>Dave and I are working with Kathleen to edit the charter based on th=
e ongoing discussion on the list. Kathleen has been posting changes as they=
 have occurred to the Datatracker.<br>
<span><br>
&gt;<br>
&gt; --<br>
&gt; Michael Richardson &lt;<a href=3D"mailto:mcr%2BIETF@sandelman.ca" targ=
et=3D"_blank">mcr+IETF@sandelman.ca</a>&gt;, Sandelman Software Works=C2=A0=
 -<br>
&gt; =3D IPv6 IoT consulting =3D-<br>
&gt;<br>
&gt;<br>
<br>
</span>Regards,<br>
Dave<br>
</blockquote></div><br></div>
</div>

--001a1143e9b6c77247055f06789b--


From nobody Tue Nov 28 08:53:26 2017
Return-Path: <Brendan.Moran@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B99E21287A3 for <suit@ietfa.amsl.com>; Tue, 28 Nov 2017 08:53:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.92
X-Spam-Level: 
X-Spam-Status: No, score=-1.92 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2IxWQWGgE25r for <suit@ietfa.amsl.com>; Tue, 28 Nov 2017 08:53:22 -0800 (PST)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-db5eur01on0045.outbound.protection.outlook.com [104.47.2.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1D920126DED for <suit@ietf.org>; Tue, 28 Nov 2017 08:53:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=0K3iYvILPzE5EkGMKtFKyAY7AhCPiNahMBxc4iYk8z8=; b=noY65y+9j8QqjwOoYDgZQJPTtlMPH2sxjVD0twHnsesiScv0D53DhcEYYdZuQYPPz8n4tkQsHitOKPdfW4RRFi/yDmlsOxb08/0f0OLKaHvtzFObThbUb50b/Wl57oJUoTqXj/syLnP4VQASJTknr1kHlwD2jtKqWqP2BjTKfUc=
Received: from DB5PR08MB0615.eurprd08.prod.outlook.com (10.169.32.149) by DB5PR08MB0616.eurprd08.prod.outlook.com (10.169.32.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.260.4; Tue, 28 Nov 2017 16:53:18 +0000
Received: from DB5PR08MB0615.eurprd08.prod.outlook.com ([fe80::3d12:d7da:7dda:af22]) by DB5PR08MB0615.eurprd08.prod.outlook.com ([fe80::3d12:d7da:7dda:af22%14]) with mapi id 15.20.0260.006; Tue, 28 Nov 2017 16:53:18 +0000
From: Brendan Moran <Brendan.Moran@arm.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
CC: "Dr. Pala" <director@openca.org>, "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] Quantum resistance in firmware formats
Thread-Index: AQHTWjMbF/n5gxF7AUeqWeCW2Qgfi6MNz/4AgAAbNYCAAExiAIAAAgKAgADxXQCABpMcgIAASFaAgAEjwQCAAHFrgIASe3WA
Date: Tue, 28 Nov 2017 16:53:18 +0000
Message-ID: <12742109-B8BE-4E25-83A4-9637DE4A3C09@arm.com>
References: <21176.1510325360@obiwan.sandelman.ca> <74B896C8-2C93-4AEB-9508-69E8CE5CB7CE@vigilsec.com> <8387.1510337691@obiwan.sandelman.ca> <CGME20171110224828epcas2p4b29c2e1e0a6e9eaecc89e4c6c178256c@epcas2p4.samsung.com> <6FFC42C7-5049-432B-B608-598D2596B3A2@vigilsec.com> <D62B6E19.11193%m.nakhjiri@ssi.samsung.com> <F91D5062-E690-47CC-AD3C-9FA15017B485@tzi.org> <D631BC41.11484%m.nakhjiri@ssi.samsung.com> <3b157673-23d9-d804-86c4-c6b51a56b040@openca.org> <10A09BC4-0726-4E7A-B70C-8122F61308D7@arm.com> <7657.1510870347@obiwan.sandelman.ca>
In-Reply-To: <7657.1510870347@obiwan.sandelman.ca>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-mailer: Apple Mail (2.3273)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Brendan.Moran@arm.com; 
x-originating-ip: [81.101.7.188]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DB5PR08MB0616; 6:gRqCGO4+dK/SMxjNTArrjLUlvO5bN3ls0Fih+4+ePF0kfwwu1jydZ1UvViGoOTU3GyzdWC3ebhrsPsG8Y36qykX+hilzlkBVaYVFTJsNzDzibzTiQDa2eThzZCM8qQBow1CZ/5Nb/wOPqgr5bQJBdvpcuxBvDdRyEunijzF0krRuWeLFwc1FfO5HGtLRhbKAl5f0avthrl0dlInrzB0fi60ooQKmiWtdKyexsjouLdHUM2Y6UXcZOQVT2rYtGNRlFdLhrkcDyuXlOhZsvHxC9geoMvlmijbD4aUlQILGqVc2DkHQWkPkTNyvX0mlVTUAz0PcKpIE1z/KO0mLrRIhVATw4YEA3wRcOOL+J5SuOtQ=; 5:qHwoSQH6TAiWN1mTFMXiQgwYPsOMUtebnUtq1VzR+VxpWDTluJIq47kz+hsQdD6yuzoFZX89NDmB39LOlnSECcOFwp4yClqhc7I5tM8XRnIjMjrOw62B1VGEy4Q2HMKJhE/srk0gESF7T0F9drfuvYtSvLVr+g87kM0N+Ncq5nM=; 24:eSjbunEJSpgCqu22dngFggMH16h/yLgsliEFSWnLVUerANubyPFsnNpdYlM+U4R9t1+2EedXB2V2FzVwf++L7F5TK9LuvUQxsQfle6IXOKI=; 7:fMiyTq/3XLwBky4xKZkeEpcg+eRF2Tb2wwKwGwuE3glaZMHyNLp9Fo+UVXALhYiwrklonK3aloWnsZkOnb4Hduhrx18zFFYWUe7ybQfu26nSO5N6BvTUtvirLM5MvkF9ARac2p6sGuU0Dm8zJ78JdvksGWvL/dYg33WIRl/8eIrXl2DoKnkZq/Pm4PAh4YdH/X8++4slXSbJFLkf5WM5MtoEVVvUyD1YnyzRo/IzWFXJmEx/2FdNEL1sNnYv9edH
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: aaacdd7c-e88d-4342-969c-08d536808691
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(48565401081)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(5600026)(4604075)(2017052603258); SRVR:DB5PR08MB0616; 
x-ms-traffictypediagnostic: DB5PR08MB0616:
x-microsoft-antispam-prvs: <DB5PR08MB0616F95BE2788018894CE825EA3A0@DB5PR08MB0616.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(180628864354917);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040450)(2401047)(8121501046)(5005006)(93006095)(93001095)(3002001)(10201501046)(3231022)(6055026)(6041248)(20161123564025)(20161123558100)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(20161123562025)(20161123555025)(6072148)(201708071742011); SRVR:DB5PR08MB0616; BCL:0; PCL:0; RULEID:(100000803101)(100110400095); SRVR:DB5PR08MB0616; 
x-forefront-prvs: 0505147DDB
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(39860400002)(346002)(366004)(376002)(199003)(40434004)(189002)(24454002)(6116002)(2950100002)(102836003)(229853002)(7736002)(105586002)(305945005)(68736007)(478600001)(316002)(83716003)(5660300001)(72206003)(3846002)(3280700002)(5890100001)(66066001)(33656002)(8676002)(3660700001)(25786009)(81166006)(81156014)(54906003)(50986999)(76176999)(6506006)(101416001)(5250100002)(14454004)(6486002)(6246003)(53546010)(6512007)(93886005)(86362001)(189998001)(2906002)(50226002)(36756003)(97736004)(57306001)(106356001)(53936002)(82746002)(6436002)(4326008)(8936002)(2900100001)(99286004); DIR:OUT; SFP:1101; SCL:1; SRVR:DB5PR08MB0616; H:DB5PR08MB0615.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords;  A:1; MX:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <2D880C6914C51A4A8E9CD3744375D52B@eurprd08.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: aaacdd7c-e88d-4342-969c-08d536808691
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Nov 2017 16:53:18.3257 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB5PR08MB0616
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/-7-JRWdILaycWXnE4YZwBTCpsqA>
Subject: Re: [Suit] Quantum resistance in firmware formats
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Nov 2017 16:53:25 -0000

DQo+IE9uIDE2IE5vdiAyMDE3LCBhdCAyMjoxMiwgTWljaGFlbCBSaWNoYXJkc29uIDxtY3IraWV0
ZkBzYW5kZWxtYW4uY2E+IHdyb3RlOg0KPg0KPg0KPiBCcmVuZGFuIE1vcmFuIDxCcmVuZGFuLk1v
cmFuQGFybS5jb20+IHdyb3RlOg0KPj4gSeKAmXZlIGRpc2N1c3NlZCB0aGlzIG9wdGlvbiBhIGJp
dCBpbiB0aGUgcGFzdC4gVGhlIGNoYWxsZW5nZSBoZXJlIGlzDQo+PiB0aGF0IHRoZXJlIGFyZSB0
d28gc3RlcHMgaW4gdGhlIGNoYWluIG9mIHRydXN0LiBUaGUgYm9vdCBsb2FkZXIgdHJ1c3RzDQo+
PiB0aGUgdmVyaWZpZXIuIFRoZSB2ZXJpZmllciB0cnVzdHMgdGhlIHVwZGF0ZSBhdXRob3JpdHko
cykuIE5vdywgaWYgdGhlDQo+PiB2ZXJpZmllciBpcyBpbiB0aGUgYm9vdCBsb2FkZXIsIHRoaXMg
aXMgYSBzaW5nbGUgdHJ1c3QNCj4+IHJlbGF0aW9uc2hpcC4gSG93ZXZlciwgaWYgdGhlIHZlcmlm
aWVyIGxpdmVzIG91dHNpZGUgdGhlIGJvb3QgbG9hZGVyLA0KPj4gdGhlbiB0aGluZ3MgYXJlIG1v
cmUgY29tcGxleC4gVGhlIGJvb3QgbG9hZGVyIG11c3QgdHJ1c3QgdGhlDQo+PiBhcHBsaWNhdGlv
bi4gVGhpcyBzdWdnZXN0cyB0aGF0IHRoZSBhcHBsaWNhdGlvbiB3aWxsIHJlcXVpcmUgc29tZSBz
b3J0DQo+PiBvZiBzZWN1cmUgcHJvY2Vzc2luZyBlbnZpcm9ubWVudCBhbmQgc29tZSBmb3JtIG9m
IGF0dGVzdGF0aW9uLg0KPg0KPiBZb3UgZGVzY3JpYmUgdGhlIHNpdHVhdGlvbiB3ZWxsLg0KPg0K
PiBBcyBmYXIgYXMgSSBjYW4gc2VlLCB0aGlzIGhhcyBubyBhZmZlY3Qgb24gdGhlIHNoYXBlIG9m
IHRoZSBiaXRzIG9uIHdpcmUuDQo+IERvIHlvdSBhZ3JlZSB0aGF0IHRoaXMgaXMgYW4gaW1wbGVt
ZW50YXRpb24gaXNzdWUuICBOb3QgYSB0cml2aWFsIG9uZSwgYnV0DQo+IG5ldmVyLXRoZS1sZXNz
LCBub3QgIm91ciIgcHJvYmxlbS4NCg0KSSBhZ3JlZS4gVGhpcyBoYXMgbm8gYmVhcmluZyBvbiB0
aGUgZGVzaWduIG9mIHRoZSBtYW5pZmVzdCBmb3JtYXQuIEl0IG1heSBoYXZlIHNvbWUgYmVhcmlu
ZyBvbiB0aGUgYXJjaGl0ZWN0dXJlLCBidXQgaXTigJlzIGFuIG9wZW4gcXVlc3Rpb24gZm9yIHN5
c3RlbSBkZXNpZ25lcnMuIFRoZXkgY2FuIGNob29zZSB0aGUgdHJhZGUtb2ZmIHRoZXkgd2FudC4N
Cg0KPg0KPiAoQW5kIHllcywgaXQncyBwb3NzaWJsZSB0byBkbyBpdCB3cm9uZyBhbmQgd2luZCB1
cCBoYXZpbmcgdmVyeSBsb25nIGJvb3QNCj4gdGltZXMgYXMgYSByZXN1bHQpDQoNCkRlZmluaXRl
bHkuDQoNCj4gSXQgbWlnaHQgbWF0dGVyIGFzIHRvIGhvdyBtYW55IGZpcm13YXJlIHBhY2thZ2Vz
IGFyZSBzZW50LCBhcyBwZXJoYXBzIG9uZSBvZg0KPiB0aGVtIG5lZWRzIHRvIGJlIHNpZ25lZCBp
biBhIHRlZXAtaGFwcHkgd2F5IGVpdGhlciBpbi1hZGRpdGlvbi10bywgb3INCj4gaW5zdGVhZC1v
ZiwgdGhlIG90aGVyIHNpZ25hdHVyZS4NCj4NCj4gU28gaW4gdGhlIGVuZCwgdGhlIHJlcXVpcmVt
ZW50IGZvciBtdWx0aXBsZSBzaWduYXR1cmVzIHNlZW1zIHRvIGNhcHR1cmUgdGhpcw0KPiBzaXR1
YXRpb24/DQoNCkFncmVlZC4gTXVsdGktc2lnIGlzIHByb2JhYmx5IHRoZSByaWdodCBhbnN3ZXIu
DQoNCkJlc3QgUmVnYXJkcywNCkJyZW5kYW4NCg0KSU1QT1JUQU5UIE5PVElDRTogVGhlIGNvbnRl
bnRzIG9mIHRoaXMgZW1haWwgYW5kIGFueSBhdHRhY2htZW50cyBhcmUgY29uZmlkZW50aWFsIGFu
ZCBtYXkgYWxzbyBiZSBwcml2aWxlZ2VkLiBJZiB5b3UgYXJlIG5vdCB0aGUgaW50ZW5kZWQgcmVj
aXBpZW50LCBwbGVhc2Ugbm90aWZ5IHRoZSBzZW5kZXIgaW1tZWRpYXRlbHkgYW5kIGRvIG5vdCBk
aXNjbG9zZSB0aGUgY29udGVudHMgdG8gYW55IG90aGVyIHBlcnNvbiwgdXNlIGl0IGZvciBhbnkg
cHVycG9zZSwgb3Igc3RvcmUgb3IgY29weSB0aGUgaW5mb3JtYXRpb24gaW4gYW55IG1lZGl1bS4g
VGhhbmsgeW91Lg0K


From nobody Tue Nov 28 20:53:08 2017
Return-Path: <fluffy@iii.ca>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 295E71200F1 for <suit@ietfa.amsl.com>; Tue, 28 Nov 2017 20:53:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.701
X-Spam-Level: 
X-Spam-Status: No, score=-4.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OIYW9YiHqfpc for <suit@ietfa.amsl.com>; Tue, 28 Nov 2017 20:53:05 -0800 (PST)
Received: from smtp74.ord1c.emailsrvr.com (smtp74.ord1c.emailsrvr.com [108.166.43.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 708C61292D3 for <suit@ietf.org>; Tue, 28 Nov 2017 20:53:05 -0800 (PST)
Received: from smtp18.relay.ord1c.emailsrvr.com (localhost [127.0.0.1]) by smtp18.relay.ord1c.emailsrvr.com (SMTP Server) with ESMTP id 61BBCE0206; Tue, 28 Nov 2017 23:53:00 -0500 (EST)
X-Auth-ID: fluffy@iii.ca
Received: by smtp18.relay.ord1c.emailsrvr.com (Authenticated sender: fluffy-AT-iii.ca) with ESMTPSA id DB4E0E0204;  Tue, 28 Nov 2017 23:52:59 -0500 (EST)
X-Sender-Id: fluffy@iii.ca
Received: from [10.1.3.55] (S0106004268479ae3.cg.shawcable.net [70.77.44.153]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:587 (trex/5.7.12); Tue, 28 Nov 2017 23:53:00 -0500
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
From: Cullen Jennings <fluffy@iii.ca>
In-Reply-To: <CY4PR09MB149519CC288AFBB5AFA65571F0250@CY4PR09MB1495.namprd09.prod.outlook.com>
Date: Tue, 28 Nov 2017 21:52:59 -0700
Cc: Michael Richardson <mcr+ietf@sandelman.ca>, Suhas Nandakumar <suhasietf@gmail.com>, "suit-chairs@ietf.org" <suit-chairs@ietf.org>, "suit@ietf.org" <suit@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <991ECBD7-3005-48D9-A7C7-C79189D48284@iii.ca>
References: <CAMRcRGSgvrhD9Z86vZ9V8hP-xui=gFRuRW6oyO_7y4Jz=MgH1Q@mail.gmail.com> <19053.1511458544@obiwan.sandelman.ca> <CY4PR09MB149519CC288AFBB5AFA65571F0250@CY4PR09MB1495.namprd09.prod.outlook.com>
To: "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>, The IESG <iesg@ietf.org>
X-Mailer: Apple Mail (2.3259)
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/9KiQBGBzQx_lYWJX1DcTMJIHXnE>
Subject: Re: [Suit] Suit Charter Updates Process Question
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Nov 2017 04:53:07 -0000

> On Nov 27, 2017, at 12:24 PM, Waltermire, David A. (Fed) =
<david.waltermire@nist.gov> wrote:
>=20
>=20
> The charter text at this link is intended to represent the consensus =
reached from the hums during BoF. To confirm these changes on the list, =
we have posted updated charter text. If anyone believes there are =
concerns with the charter text that have not been adequately addressed, =
please raise those concerns ASAP.

Yep, I have concerns. I don't think what I see in the tracker is at all =
representing consensus from the list or the BOF.=20

Can we get an actual answer to who is editing this and who is deciding =
what has consensus or not? We also have an issue in that the =
charter-ietf-suit-00-07 in the data tracker and charter-ietf-suit-00-08 =
look identical to me. Is this a tracker bug? Do you think they changed?=20=


I think whoever is editing the charter should be emailing it to the suit =
list along with changes and explanation of what changed. There has been =
a lot of discussion and agreement on the list and I do not see any =
changes in the charter to reflect nor do I see discussion on the list to =
indicate what went in the charter and what people decided there was no =
consensus on.=20

Could someone on the IESG post the text they see for this and let me =
know if has changed since the BOF?


Thanks, Cullen=20





From nobody Tue Nov 28 20:58:21 2017
Return-Path: <fluffy@iii.ca>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 532EA1292D3 for <suit@ietfa.amsl.com>; Tue, 28 Nov 2017 20:58:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.701
X-Spam-Level: 
X-Spam-Status: No, score=-4.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OuSG5rF3o8Z8 for <suit@ietfa.amsl.com>; Tue, 28 Nov 2017 20:58:18 -0800 (PST)
Received: from smtp66.iad3a.emailsrvr.com (smtp66.iad3a.emailsrvr.com [173.203.187.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 154B01200F1 for <suit@ietf.org>; Tue, 28 Nov 2017 20:58:18 -0800 (PST)
Received: from smtp9.relay.iad3a.emailsrvr.com (localhost [127.0.0.1]) by smtp9.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id 195EA5811; Tue, 28 Nov 2017 23:58:17 -0500 (EST)
X-Auth-ID: fluffy@iii.ca
Received: by smtp9.relay.iad3a.emailsrvr.com (Authenticated sender: fluffy-AT-iii.ca) with ESMTPSA id 9B81556F5;  Tue, 28 Nov 2017 23:58:16 -0500 (EST)
X-Sender-Id: fluffy@iii.ca
Received: from [10.1.3.55] (S0106004268479ae3.cg.shawcable.net [70.77.44.153]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:587 (trex/5.7.12); Tue, 28 Nov 2017 23:58:17 -0500
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
From: Cullen Jennings <fluffy@iii.ca>
In-Reply-To: <589.1511394367@obiwan.sandelman.ca>
Date: Tue, 28 Nov 2017 21:58:16 -0700
Cc: Suhas Nandakumar <suhasietf@gmail.com>, suit@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <FF23F529-5116-4DA3-BB2F-E5D3061E0479@iii.ca>
References: <CAMRcRGQbXX5Cog=Jccgrkuz48oGnw0v3AAx-N20UaZhXbW=H5g@mail.gmail.com> <589.1511394367@obiwan.sandelman.ca>
To: Michael Richardson <mcr+ietf@sandelman.ca>
X-Mailer: Apple Mail (2.3259)
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/aAI50uLc5XbBNWuslkzno4IYaNo>
Subject: Re: [Suit] SUIT Charter: Firmware Server Discovery and Download Mechanism
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Nov 2017 04:58:19 -0000

> On Nov 22, 2017, at 4:46 PM, Michael Richardson =
<mcr+ietf@sandelman.ca> wrote:
>=20
>=20
> Suhas Nandakumar <suhasietf@gmail.com> wrote:
>> I would like to propose following addition to the above list
>=20
>> *   Mechanisms to discover new firmware is available and the location
>> to download it from
>=20
> I'm actually okay with this in the charter, provided that we don't =
invent
> anything new.   I can imagine doint this with CoAP OBSERVE, DNS-SD, =
HTTP requests,
> and I'm sure I'll think of four more in a minute.


I'm in favor of using one of those ( or one of the other likely =
candidates ). I think this is much more important for real world =
deployments than things like multiple signatures and we have lots of =
experience with actual systems that do this. This is also one of the =
areas that actually needs standardization to have interoperable systems =
vs something like the manifest which is more "here is a nice well =
reviewed design you can use".=20



From nobody Tue Nov 28 20:58:26 2017
Return-Path: <fluffy@iii.ca>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0BFE01200F1 for <suit@ietfa.amsl.com>; Tue, 28 Nov 2017 20:58:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.701
X-Spam-Level: 
X-Spam-Status: No, score=-4.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5j_N_BPyAbNa for <suit@ietfa.amsl.com>; Tue, 28 Nov 2017 20:58:18 -0800 (PST)
Received: from smtp66.iad3a.emailsrvr.com (smtp66.iad3a.emailsrvr.com [173.203.187.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 15C6A1201F2 for <suit@ietf.org>; Tue, 28 Nov 2017 20:58:18 -0800 (PST)
Received: from smtp9.relay.iad3a.emailsrvr.com (localhost [127.0.0.1]) by smtp9.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id 5C6EC5618; Tue, 28 Nov 2017 23:58:07 -0500 (EST)
X-Auth-ID: fluffy@iii.ca
Received: by smtp9.relay.iad3a.emailsrvr.com (Authenticated sender: fluffy-AT-iii.ca) with ESMTPSA id F2330577D;  Tue, 28 Nov 2017 23:58:06 -0500 (EST)
X-Sender-Id: fluffy@iii.ca
Received: from [10.1.3.55] (S0106004268479ae3.cg.shawcable.net [70.77.44.153]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:587 (trex/5.7.12); Tue, 28 Nov 2017 23:58:07 -0500
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
From: Cullen Jennings <fluffy@iii.ca>
In-Reply-To: <E1eF1IJ-0004Rb-Ic@rmmprod07.runbox>
Date: Tue, 28 Nov 2017 21:58:05 -0700
Cc: suit <suit@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <6366265A-3321-4CAA-97A4-BFCF6E6366AD@iii.ca>
References: <E1eF1IJ-0004Rb-Ic@rmmprod07.runbox>
To: "David A. Wheeler" <dwheeler@dwheeler.com>
X-Mailer: Apple Mail (2.3259)
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/gV3waUd7t0xr3URM2e24VIJQ4dE>
Subject: Re: [Suit] Make it clear that end-users MUST be able to NOT update
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Nov 2017 04:58:21 -0000

I don't think we can pick any absolute way this work. I think we have to =
have a framework flexible enough to require this and not require it. =
Many firmware updates of devices come along with accepting a new Terms =
Of Service. Some people run systems, be they in a home, factory, or =
large network, and they want to ensure upgrades don't happen unless if =
is a version that has been verified tow work with the rest of the =
system. I'm not keen on an upgrade to a device in my house that add =
analytics that impact my privacy.=20

So yes, some IoT device will be built to upgrade automatically whenever =
the vendor wants regardless of anyone else. But some other IoT device =
will allow for a model where someone other than the vendor can grant =
permission to install a certain upgrade. (I don't think this permission =
implies a need for second signature). I think what we do here needs to =
support both of these models.=20

Similarly there is a downgrade issue. Some vendors will want to be able =
to downgrade their devices and in particular may want to support a =
factor reset that takes the device back to the version of the firmware =
it had when it left the factory. Obviously in some cases this reduces =
the security so some device will not allow it but it can reduce the odds =
of bricking a few million devices. Again, I think we will need to =
support both models.=20




> On Nov 15, 2017, at 10:16 AM, David A. Wheeler <dwheeler@dwheeler.com> =
wrote:
>=20
> I think a vitally-important requirement is that end-users MUST be able =
to NOT update software.
>=20
> In many cases, it's valuable to automatically update software, and
> internet-connected devices make that relatively easy.
>=20
> But there are many situations where updates must NOT occur.
> There's a disturbing trend where people who own the devices are
> increasingly not allowed to control them.  In the end, the =
end-user/owner
> should be able to decide if updates are acceptable, and when.
>=20
> Thanks.
>=20
> --- David A. Wheeler
>=20
> _______________________________________________
> Suit mailing list
> Suit@ietf.org
> https://www.ietf.org/mailman/listinfo/suit


From nobody Tue Nov 28 21:06:47 2017
Return-Path: <fluffy@iii.ca>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EB31A1292D3 for <suit@ietfa.amsl.com>; Tue, 28 Nov 2017 21:06:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.701
X-Spam-Level: 
X-Spam-Status: No, score=-4.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g36vorcGcUPH for <suit@ietfa.amsl.com>; Tue, 28 Nov 2017 21:06:45 -0800 (PST)
Received: from smtp66.iad3a.emailsrvr.com (smtp66.iad3a.emailsrvr.com [173.203.187.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D9DBB1200F1 for <suit@ietf.org>; Tue, 28 Nov 2017 21:06:44 -0800 (PST)
Received: from smtp9.relay.iad3a.emailsrvr.com (localhost [127.0.0.1]) by smtp9.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id 3077D5853; Tue, 28 Nov 2017 23:58:59 -0500 (EST)
X-Auth-ID: fluffy@iii.ca
Received: by smtp9.relay.iad3a.emailsrvr.com (Authenticated sender: fluffy-AT-iii.ca) with ESMTPSA id A056957D0;  Tue, 28 Nov 2017 23:58:58 -0500 (EST)
X-Sender-Id: fluffy@iii.ca
Received: from [10.1.3.55] (S0106004268479ae3.cg.shawcable.net [70.77.44.153]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:587 (trex/5.7.12); Tue, 28 Nov 2017 23:58:59 -0500
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
From: Cullen Jennings <fluffy@iii.ca>
In-Reply-To: <AM4PR0801MB2706F3857B5B5B39BDED0B07FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
Date: Tue, 28 Nov 2017 21:58:58 -0700
Cc: Suhas Nandakumar <suhasietf@gmail.com>, Carsten Bormann <cabo@tzi.org>, "suit@ietf.org" <suit@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <4CE887C6-5DD4-4FC0-94BE-EF8A8F4FE5F8@iii.ca>
References: <CAMRcRGQo_3ygGXeOEc0KR=E97Oax85p1L0UV62mMtv2E0zggaw@mail.gmail.com> <AM4PR0801MB270630DAF02E36407E12B79DFA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <48439ED2-6618-4987-BC56-0D059F012890@tzi.org> <AM4PR0801MB2706CCE1F426621EC437FEE7FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com> <CAMRcRGTCMqmO8MT2m2_ZrU4UaUeV5dOrb+UM0AL9D_F8ry0raw@mail.gmail.com> <AM4PR0801MB2706F3857B5B5B39BDED0B07FA210@AM4PR0801MB2706.eurprd08.prod.outlook.com>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
X-Mailer: Apple Mail (2.3259)
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/41vUz1xukeYqw7fCLbo-8zqh7_M>
Subject: Re: [Suit] Manifest Formats
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Nov 2017 05:06:46 -0000

> On Nov 23, 2017, at 9:13 AM, Hannes Tschofenig =
<Hannes.Tschofenig@arm.com> wrote:
>=20
> Hi Suhas,
>=20
> =20
>=20
> The way we would like this to work is not to have the update server =
create these manifests in real-time, based on what the device asks for. =
Instead, the manifests are created and signed by the developer (using a =
tool or a web service). The update server is mainly a repository. This =
approach provides better security.
>=20
> =20

How would that work? Would the update server, an online computer on the =
internet, need have the private key to sign the manifests? I can assure =
you that many IoT vendors do not handle their software signing keys that =
way.=20

I imagine this working that a given vendor would likely only use one =
format but an update server could serve up manifests in any format. Sure =
one format would be nice but no matter which one you choose, a bunch of =
vendors will not like it and will do something else. The important part =
is the deciding the semantic level information and design choices. The =
syntax is really not the hard part of any of this yet different vendors =
have strong opinions about this often with very good reasons.=20







From nobody Tue Nov 28 22:05:19 2017
Return-Path: <adam@nostrum.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 936141292F5; Tue, 28 Nov 2017 22:05:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.88
X-Spam-Level: 
X-Spam-Status: No, score=-1.88 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yB6omwiHkEnU; Tue, 28 Nov 2017 22:05:11 -0800 (PST)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3AA35127601; Tue, 28 Nov 2017 22:05:11 -0800 (PST)
Received: from Orochi.local (99-152-146-228.lightspeed.dllstx.sbcglobal.net [99.152.146.228]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id vAT659s2035316 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Wed, 29 Nov 2017 00:05:10 -0600 (CST) (envelope-from adam@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host 99-152-146-228.lightspeed.dllstx.sbcglobal.net [99.152.146.228] claimed to be Orochi.local
To: Cullen Jennings <fluffy@iii.ca>, "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>, The IESG <iesg@ietf.org>
Cc: Michael Richardson <mcr+ietf@sandelman.ca>, "suit-chairs@ietf.org" <suit-chairs@ietf.org>, Suhas Nandakumar <suhasietf@gmail.com>, "suit@ietf.org" <suit@ietf.org>
References: <CAMRcRGSgvrhD9Z86vZ9V8hP-xui=gFRuRW6oyO_7y4Jz=MgH1Q@mail.gmail.com> <19053.1511458544@obiwan.sandelman.ca> <CY4PR09MB149519CC288AFBB5AFA65571F0250@CY4PR09MB1495.namprd09.prod.outlook.com> <991ECBD7-3005-48D9-A7C7-C79189D48284@iii.ca>
From: Adam Roach <adam@nostrum.com>
Message-ID: <97c9f8d9-7d8c-5d86-a87a-1807c82e5fd2@nostrum.com>
Date: Wed, 29 Nov 2017 00:05:04 -0600
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <991ECBD7-3005-48D9-A7C7-C79189D48284@iii.ca>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/cMrdFGzX_ndcya0AvUlRcHKRe64>
Subject: Re: [Suit] Suit Charter Updates Process Question
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Nov 2017 06:05:13 -0000

On 11/28/17 22:52, Cullen Jennings wrote:
> Could someone on the IESG post the text they see for this and let me know if has changed since the BOF?


This seems to capture the changes between the BOF version and the 
version that is up for approval:

https://www.ietf.org/rfcdiff?url1=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fcharter-ietf-suit%2Fwithmilestones-00-05.txt&url2=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fcharter-ietf-suit%2Fwithmilestones-00-08.txt

/a


From nobody Wed Nov 29 05:04:41 2017
Return-Path: <fluffy@iii.ca>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ABFAC127005 for <suit@ietfa.amsl.com>; Wed, 29 Nov 2017 05:04:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level: 
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fzNirl76XIaq for <suit@ietfa.amsl.com>; Wed, 29 Nov 2017 05:04:37 -0800 (PST)
Received: from smtp122.ord1d.emailsrvr.com (smtp122.ord1d.emailsrvr.com [184.106.54.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 36862120725 for <suit@ietf.org>; Wed, 29 Nov 2017 05:04:37 -0800 (PST)
Received: from smtp24.relay.ord1d.emailsrvr.com (localhost [127.0.0.1]) by smtp24.relay.ord1d.emailsrvr.com (SMTP Server) with ESMTP id 60D36A0074; Wed, 29 Nov 2017 08:04:36 -0500 (EST)
X-Auth-ID: fluffy@iii.ca
Received: by smtp24.relay.ord1d.emailsrvr.com (Authenticated sender: fluffy-AT-iii.ca) with ESMTPSA id B9F0CA006A;  Wed, 29 Nov 2017 08:04:35 -0500 (EST)
X-Sender-Id: fluffy@iii.ca
Received: from [10.1.3.55] (S0106004268479ae3.cg.shawcable.net [70.77.44.153]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:25 (trex/5.7.12); Wed, 29 Nov 2017 08:04:36 -0500
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
From: Cullen Jennings <fluffy@iii.ca>
In-Reply-To: <97c9f8d9-7d8c-5d86-a87a-1807c82e5fd2@nostrum.com>
Date: Wed, 29 Nov 2017 06:04:34 -0700
Cc: "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>, Michael Richardson <mcr+ietf@sandelman.ca>, "suit-chairs@ietf.org" <suit-chairs@ietf.org>, Suhas Nandakumar <suhasietf@gmail.com>, "suit@ietf.org" <suit@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <6E317EE9-1E83-4AC8-9973-58B544AA1E5A@iii.ca>
References: <CAMRcRGSgvrhD9Z86vZ9V8hP-xui=gFRuRW6oyO_7y4Jz=MgH1Q@mail.gmail.com> <19053.1511458544@obiwan.sandelman.ca> <CY4PR09MB149519CC288AFBB5AFA65571F0250@CY4PR09MB1495.namprd09.prod.outlook.com> <991ECBD7-3005-48D9-A7C7-C79189D48284@iii.ca> <97c9f8d9-7d8c-5d86-a87a-1807c82e5fd2@nostrum.com>
To: Adam Roach <adam@nostrum.com>, The IESG <iesg@ietf.org>
X-Mailer: Apple Mail (2.3259)
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/ETjlvIjq1Yuv2UJrGH1Hk--F5dY>
Subject: Re: [Suit] Suit Charter Updates Process Question
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Nov 2017 13:04:40 -0000

Thanks Adam.

OK, the text you are getting in that diff is different that what I got =
from the data tracker as the -08 version. Suhas also got the same thing =
as me.  Both Hannes and I have been surprised by what is in the tracker =
and I think it has become clear to me that the tracker is broken.  =46rom =
a procedural point of view, I think you need to email the charter, =
preferably with diffs, to the mailing list. I for one have not reviews =
this text in Adam's diff.   I'm sure other people have also not seen =
this. It seems reasonable to send a clear charter to the list and give =
people reasonable time to comment on that before the IESG makes a =
decision.=20

I don't believe this text in adams diff represents consensus on the list =
so back to question that no one seems to answer   ... Who is editing =
this text and who is deciding consensus on the list?


As FYI ... the text I got from data tracker for -08 was=20


Vulnerabilities in Internet of Things (IoT) devices have raised the need
for a secure firmware update mechanism that is also suitable for =
constrained
devices.  Security experts, researchers, and regulators recommend that =
all IoT
devices be equipped with such a mechanism.  While there are many =
proprietary
firmware update mechanisms in use today, there is a lack of a modern
interoperable approach of securely updating the firmware in IoT devices.

A firmware update solution consists of several components, including:
- A mechanism to transport firmware images to compatible devices.
- A manifest that provides meta-data about the firmware image (such as a
firmware package identifier, the hardware the package needs to run, and
dependencies on other firmware packages), as well as cryptographic =
information
for protecting the firmware image in an end-to-end fashion. - The =
firmware
image itself.

RFC 4108 provides a manifest format that uses the Cryptographic Message =
Syntax
(CMS) to protect firmware packages. More than ten years have passed =
since the
publication of RFC 4108, and greater experience with IoT deployments has =
led to
additional functionality, requiring a contemporary standardized solution =
to be
defined.

This group will focus on defining a firmware update solution that will =
be
usable on Class 1 (as defined in RFC 7228) devices, that is usable on =
devices
with ~10 KiB RAM and ~100 KiB flash.  The solution may apply to more =
capable
devices as well.  This group will not define any new transport or =
discovery
mechanisms, but may describe how to use existing mechanisms within the =
solution.

In June of 2016 the Internet Architecture Board organized a workshop on
'Internet of Things (IoT) Software Update (IOTSU)', which took place at =
Trinity
College in Dublin, Ireland.  The main goal of the workshop was to foster =
a
discussion on requirements, challenges, and solutions for bringing =
software and
firmware updates to IoT devices. This workshop also made clear that =
there are
challenges with misaligned incentives and complex value chains.  It is
nevertheless seen as important to create standard building blocks that =
help
interested parties implement and deploy a solid firmware update =
mechanism.

In particular this group aims to publish several documents, namely:
- An IoT firmware update architecture that includes a description of the
involved entities, security threats, and assumptions. - One or more =
manifest
format specifications.

The initial focus of this group will be development of the contents of a
manifest. Once there is general agreement on the contents, the group =
will pick
a small number of formats (and their associated cryptographic =
mechanisms) to
encode the manifest. A lower number of formats is preferred to reduce =
code size
for supporting decoders on devices receiving a manifest and to maximize
interoperability of solutions. To support a wide range of deployment =
scenarios,
the formats are expected to be expressive enough to allow the use of =
different
software sources and permission models.

This group does not aim to create a standard for a generic software =
update
mechanism for use by rich operating systems, like Linux, but instead =
this group
will focus on firmware development practices in the embedded industry.=20=

Software update solutions that target updating software other than the =
firmware
binaries are also out of scope.

This group will aim to maintain a close relationship with silicon =
vendors and
OEMs that develop IoT operating systems.





> On Nov 28, 2017, at 11:05 PM, Adam Roach <adam@nostrum.com> wrote:
>=20
> On 11/28/17 22:52, Cullen Jennings wrote:
>> Could someone on the IESG post the text they see for this and let me =
know if has changed since the BOF?
>=20
>=20
> This seems to capture the changes between the BOF version and the =
version that is up for approval:
>=20
> =
https://www.ietf.org/rfcdiff?url1=3Dhttps%3A%2F%2Fdatatracker.ietf.org%2Fd=
oc%2Fcharter-ietf-suit%2Fwithmilestones-00-05.txt&url2=3Dhttps%3A%2F%2Fdat=
atracker.ietf.org%2Fdoc%2Fcharter-ietf-suit%2Fwithmilestones-00-08.txt
>=20
> /a
>=20
> _______________________________________________
> Suit mailing list
> Suit@ietf.org
> https://www.ietf.org/mailman/listinfo/suit


From nobody Wed Nov 29 07:25:17 2017
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 30F1812869B; Wed, 29 Nov 2017 07:25:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level: 
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z3NiOCiry5X4; Wed, 29 Nov 2017 07:25:06 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 10BE8124B09; Wed, 29 Nov 2017 07:25:06 -0800 (PST)
Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id 03B9920008; Wed, 29 Nov 2017 10:27:35 -0500 (EST)
Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id BAB3C807CC; Wed, 29 Nov 2017 10:25:04 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: The IESG <iesg@ietf.org>, "suit\@ietf.org" <suit@ietf.org>
In-Reply-To: <97c9f8d9-7d8c-5d86-a87a-1807c82e5fd2@nostrum.com>
References: <CAMRcRGSgvrhD9Z86vZ9V8hP-xui=gFRuRW6oyO_7y4Jz=MgH1Q@mail.gmail.com> <19053.1511458544@obiwan.sandelman.ca> <CY4PR09MB149519CC288AFBB5AFA65571F0250@CY4PR09MB1495.namprd09.prod.outlook.com> <991ECBD7-3005-48D9-A7C7-C79189D48284@iii.ca> <97c9f8d9-7d8c-5d86-a87a-1807c82e5fd2@nostrum.com>
X-Mailer: MH-E 8.6; nmh 1.7-RC3; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature"
Date: Wed, 29 Nov 2017 10:25:04 -0500
Message-ID: <3395.1511969104@obiwan.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/A1f_vvB4uklliaSZtT3wyr8Hv-Y>
Subject: Re: [Suit] Suit Charter Updates Process Question
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Nov 2017 15:25:10 -0000

--=-=-=
Content-Type: text/plain


{trimming the CC list a bit}

Adam Roach <adam@nostrum.com> wrote:
    > On 11/28/17 22:52, Cullen Jennings wrote:
    >> Could someone on the IESG post the text they see for this and let me
    >> know if has changed since the BOF?


    > This seems to capture the changes between the BOF version and the
    > version that is up for approval:

    > https://www.ietf.org/rfcdiff?url1=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fcharter-ietf-suit%2Fwithmilestones-00-05.txt&url2=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fcharter-ietf-suit%2Fwithmilestones-00-08.txt

Adam: Given that Cullen has raised questions about whether the datatracker is
      returning the correct text, it would have been better to have posted
      the text to the list....  The side-by-side diff format wouldn't have
      worked, but rfcdiff has a unidiff format I think.

      {On this charter I wish that we had github-style pull requests that we could
      discuss in the mailing list....   I seem to see the same text Cullen saw, so
      that's good.}

Three minor editing suggestions for the chairs, or whomever is editing:
1) the bullet points were better off with *, and the third bullet point got
   wrapped.  Also the bullet points in "In particular this group aims..."
   have gotten wrapped and are hard to see.

2) I suggest that "In June of 2016 the "... be moved up.  I'd even make it
   the first intro paragraph, if not the second.  it's awkward where it is.

3) RFC 4108... More than... I'd have written, "While RFC4108...; in the ten
   years since, greater experience with..."
   But, this is also creates more complex sentence structure, which is often
   a bad thing.

On substantive comments about the -08 text:

many have pointed out that this makes no sense:

  A lower number of formats is preferred to reduce code size
  for supporting decoders on devices receiving a manifest and to maximize
  interoperability of solutions.

constrained devices are unlikely to support more than one format.
The reason to have fewer formats is so that tools to generate and audit
manifests will be easier to develop and interoperate.  Change to:

  A lower number of formats is preferred as it increases the likely hood
  that there will be widely available and complete tools for generating
  and auditing the manifests.
  The number of formats is unlikely to affect the devices receiving the
  updates and they are likely to support only a single format.

>This group does not aim to create a standard for a generic software update
>mechanism for use by rich operating systems, like Linux, but instead this group

I suggest maybe: "s/like Linux/like Linux, or Android/"

(I think it's worth marking Android which can upgrade via blob as out of
scope: at least for now. There are many other interactions involving other
OTA updates, and I think we all agree that APKs or applications are out of
scope. Apple iPhone iOS being a single vendor totally vertical integration, I
don't think will ever be in scope)

>Software update solutions that target updating software other than the firmware
>binaries are also out of scope.

I'm not sure what this means.  It seems like maybe it might be excluding an
embedded system from updating the firmware in it's wifi or 3G baseband
processor.   Maybe it has to do with software configuration stuff?

If Android or home routers that run Linux were in scope, would an update to
the DTS be in scope?  https://elinux.org/Device_Tree_Reference  I know that
there are other embedded operating systems that contain configuration data.

For instance, two identical actuators might run exactly the same code, yet
one of them controls a normally open valve on GPIO pin 12 and the other
controls a normally closed value on GPIO pin 9.  Is the update of what might
be considered configuration in scope?    It probably all looks like firmware
to the installers...

>This group will aim to maintain a close relationship with silicon vendors and
>OEMs that develop IoT operating systems.

It would be nice if someone could indicate how we are going to do that.
For instance, would having an interim meeting at some embedded conference be
within this scope?    Should have have some formal liason process?

Would the chairs be willing to maintain a set of canonical (having been
subject to a WG consensus call...) slides as to what we are doing, where we
are, such that participants in the WG would feel confident representing the
views of the WG in other fora?

--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-




--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAloe0VAACgkQgItw+93Q
3WVasAf/WjRcoyz96N3ELMskc73gBU0V8/YMd/md/WZOlfwPGUZvHUZR8kEVoj96
NIgez1jh8lg/5vFuVx6va6HM6dtcR3Wgp4uXKkUNBV22YNwvzilMyYqGUKZgQxiH
tOFNc+1k++8Ft0EUWBkOAMX7W7I7de6YtD62aBVBb0N0CLsbNG1rOBRtwhkDSVvF
HQ2SN1gm2kD2GlSmy8oY3JoUMOSH2grVDwyah9S8w2YxC62au2VSAsTBzVRxqHTv
WmdiMWhl48TyezrFAQVqOTIkvcYX6ADFFLGQzOVZU4jMyXhptmbXl7bxAJF85G9I
OvOQ03im3jFLmgnCF32zfYMGW/MuJw==
=Jwme
-----END PGP SIGNATURE-----
--=-=-=--


From nobody Wed Nov 29 07:30:50 2017
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC637127876 for <suit@ietfa.amsl.com>; Wed, 29 Nov 2017 07:30:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level: 
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0MM58pWfxYAT for <suit@ietfa.amsl.com>; Wed, 29 Nov 2017 07:30:46 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4763B127977 for <suit@ietf.org>; Wed, 29 Nov 2017 07:30:46 -0800 (PST)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 991A920008 for <suit@ietf.org>; Wed, 29 Nov 2017 10:33:15 -0500 (EST)
Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 5BA5B807CC for <suit@ietf.org>; Wed, 29 Nov 2017 10:30:45 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: suit <suit@ietf.org>
In-Reply-To: <6366265A-3321-4CAA-97A4-BFCF6E6366AD@iii.ca>
References: <E1eF1IJ-0004Rb-Ic@rmmprod07.runbox> <6366265A-3321-4CAA-97A4-BFCF6E6366AD@iii.ca>
X-Mailer: MH-E 8.6; nmh 1.7-RC3; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature"
Date: Wed, 29 Nov 2017 10:30:45 -0500
Message-ID: <4747.1511969445@obiwan.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/oyeLS31uOtSKbG_HYFgmfq9Nk6A>
Subject: Re: [Suit] Make it clear that end-users MUST be able to NOT update
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Nov 2017 15:30:48 -0000

--=-=-=
Content-Type: text/plain


Cullen Jennings <fluffy@iii.ca> wrote:
    > I don't think we can pick any absolute way this work. I think we have
    > to have a framework flexible enough to require this and not require
    > it. Many firmware updates of devices come along with accepting a new
    > Terms Of Service. Some people run systems, be they in a home, factory,
    > or large network, and they want to ensure upgrades don't happen unless
    > if is a version that has been verified tow work with the rest of the
    > system. I'm not keen on an upgrade to a device in my house that add
    > analytics that impact my privacy.

At the IOTSF NYC meeting, a speaker mentioned that the entertainment system
was upgraded in-flight.... and then... because it didn't work, they went back
to a version from 2008 or something, and as a result none of the certificates
worked!
So clearly the airline (device owner!) needs to control this, yet the
manufacturer has to release the fixes as quickly as they can so that those
who want to upgrade can do so.

    > So yes, some IoT device will be built to upgrade automatically whenever
    > the vendor wants regardless of anyone else. But some other IoT device
    > will allow for a model where someone other than the vendor can grant
    > permission to install a certain upgrade. (I don't think this permission
    > implies a need for second signature). I think what we do here needs to
    > support both of these models.

I agree: a second signature is only one way to do this. It does have nice
scaling properties.

{am I the only one writing down movie plots as we go?}

--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-




--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAloe0qUACgkQgItw+93Q
3WVBkAf+KSoDGUyWLkhpP8xC0geXmh2cGyqCZ/eeJobP8a7OZuePx+iIKFybjr6C
yFBlie+gLYoPpNRD+W9UbD0R9TWZwmR7+tBAOvlmBE/9gyhAurtMeoIOpPv5tFjL
2nx0AxFg+9kntrc/34PmONm7IgKTQ+00YjemX4EuHdDQIrGwj3aphW98LQ/HPgCe
kcfSUnSnaofAOMWRGNG+iib4y1V3195UxoPsgACOGQDo/9Kyffev4j9Dc8CEgAFw
zYrCv8dDS4NVKFimdlfthgF4DAuA5JXZqPxbtla6V9oqd13ttLO540weMQcbHaUN
lL512+auiv6K+faz3H+nW1l8spfkRA==
=BVVI
-----END PGP SIGNATURE-----
--=-=-=--


From nobody Wed Nov 29 07:42:02 2017
Return-Path: <lear@cisco.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E6E612711B; Wed, 29 Nov 2017 07:42:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.501
X-Spam-Level: 
X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VpKsVMm0uPLe; Wed, 29 Nov 2017 07:42:01 -0800 (PST)
Received: from aer-iport-4.cisco.com (aer-iport-4.cisco.com [173.38.203.54]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6F254124B18; Wed, 29 Nov 2017 07:42:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2628; q=dns/txt; s=iport; t=1511970120; x=1513179720; h=subject:to:references:from:message-id:date:mime-version: in-reply-to; bh=U4IMKyDsyQOXQxJ2iGLrSk7i8oRWq0AeG6klh5m8gbw=; b=CO7yE7yf5uU3GRXPYysRA/P55dUbzTtMnqj5GSF5NgUEa0H1FgCsgWos Ip6YzZ0TnJEmlukm3U5gb6FMNsluuvzFjHY9SaZnMlTmFkUYWG/hm7Xrs +PHzClCPEj9M2eUAhJim09hs1iGC1zJPl7dhzShIOYWxEBKt8A41KnjQ2 g=;
X-Files: signature.asc : 481
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0B5AQDa0x5a/xbLJq1bGQEBAQEBAQEBA?= =?us-ascii?q?QEBAQcBAQEBAYUQhCaLFI9KL5Z0ghEHA4U7AoVVFgEBAQEBAQEBAWsohSABBSN?= =?us-ascii?q?mCxgqAgJXBgEMCAEBih6nJIInimcBAQEBAQEEAQEBAQEBARIPg0GFcYMCiDWCY?= =?us-ascii?q?wWiTYRJgimOHIwIh0mWQoE6Jg4kgVEyGggbFYJkhFVAii0BAQE?=
X-IronPort-AV: E=Sophos;i="5.44,473,1505779200"; d="asc'?scan'208";a="499904"
Received: from aer-iport-nat.cisco.com (HELO aer-core-1.cisco.com) ([173.38.203.22]) by aer-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 29 Nov 2017 15:41:56 +0000
Received: from [10.61.205.15] ([10.61.205.15]) by aer-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id vATFfuS4022172; Wed, 29 Nov 2017 15:41:56 GMT
To: Michael Richardson <mcr+ietf@sandelman.ca>, The IESG <iesg@ietf.org>, "suit@ietf.org" <suit@ietf.org>
References: <CAMRcRGSgvrhD9Z86vZ9V8hP-xui=gFRuRW6oyO_7y4Jz=MgH1Q@mail.gmail.com> <19053.1511458544@obiwan.sandelman.ca> <CY4PR09MB149519CC288AFBB5AFA65571F0250@CY4PR09MB1495.namprd09.prod.outlook.com> <991ECBD7-3005-48D9-A7C7-C79189D48284@iii.ca> <97c9f8d9-7d8c-5d86-a87a-1807c82e5fd2@nostrum.com> <3395.1511969104@obiwan.sandelman.ca>
From: Eliot Lear <lear@cisco.com>
Message-ID: <fe249aa2-ad93-645f-c9b8-59926f864238@cisco.com>
Date: Wed, 29 Nov 2017 16:38:45 +0100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <3395.1511969104@obiwan.sandelman.ca>
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="AHGEUiqTaIXgiaGnufU1Pe2e0lPJlRH17"
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/rujoLjyf3N3DbgcVuXgMz-EayQ8>
Subject: Re: [Suit] Suit Charter Updates Process Question
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Nov 2017 15:42:02 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--AHGEUiqTaIXgiaGnufU1Pe2e0lPJlRH17
Content-Type: multipart/mixed; boundary="9EOQoJqD6FLjNGvjo00hsGk4na785PmTa";
 protected-headers="v1"
From: Eliot Lear <lear@cisco.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>, The IESG <iesg@ietf.org>,
 "suit@ietf.org" <suit@ietf.org>
Message-ID: <fe249aa2-ad93-645f-c9b8-59926f864238@cisco.com>
Subject: Re: [Suit] Suit Charter Updates Process Question
References: <CAMRcRGSgvrhD9Z86vZ9V8hP-xui=gFRuRW6oyO_7y4Jz=MgH1Q@mail.gmail.com>
 <19053.1511458544@obiwan.sandelman.ca>
 <CY4PR09MB149519CC288AFBB5AFA65571F0250@CY4PR09MB1495.namprd09.prod.outlook.com>
 <991ECBD7-3005-48D9-A7C7-C79189D48284@iii.ca>
 <97c9f8d9-7d8c-5d86-a87a-1807c82e5fd2@nostrum.com>
 <3395.1511969104@obiwan.sandelman.ca>
In-Reply-To: <3395.1511969104@obiwan.sandelman.ca>

--9EOQoJqD6FLjNGvjo00hsGk4na785PmTa
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Content-Language: en-US

Hi Michael,


On 11/29/17 4:25 PM, Michael Richardson wrote:
> I suggest maybe: "s/like Linux/like Linux, or Android/"
>
> (I think it's worth marking Android which can upgrade via blob as out o=
f
> scope: at least for now. There are many other interactions involving ot=
her
> OTA updates, and I think we all agree that APKs or applications are out=
 of
> scope. Apple iPhone iOS being a single vendor totally vertical integrat=
ion, I don't think will ever be in scope)

I don't mind one way or the other,=C2=A0 but in the new text, there is on=
e
aspect that confuses me:

> ... but instead this group=C2=A0 will focus on firmware development
practices in the embedded industry.=C2=A0=C2=A0=C2=A0

development practices or distribution mechanisms?

The former seems to be quite broad.

Eliot



--9EOQoJqD6FLjNGvjo00hsGk4na785PmTa--

--AHGEUiqTaIXgiaGnufU1Pe2e0lPJlRH17
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2

iQEcBAEBCAAGBQJaHtSGAAoJEIe2a0bZ0nozE9IIALht/hspmGk7zyfs8hj50zkb
HouULIJmDx15/p1eT3ixLKGqofmET38D5Pb1D7ZPJXWg7vh7PjEci6lFTfbkb2dB
jItVrr0V/ESMj5/ohCMChS00wMsgBl0d3cD5Gb+ucz0+lAZn8OY4gQrAP9QnMH7r
wbynyxrdBnd0cxjFMk14oICOSVNpyrbZAgcTk/Y0Q/h+jWhaGT8Kq2MRNonZ38BV
jsJ8a4ootK/QNEyeuEMj+v/S/IIZPrKvVQonh5KlpOArwNhUWpI/nml8GNKo23T3
EqqYwV4t+s0zjVyb/Hu7v1PeOSGWRsctimv9se6f774ak3gQe8RKlw9oPf/oYXE=
=bAgo
-----END PGP SIGNATURE-----

--AHGEUiqTaIXgiaGnufU1Pe2e0lPJlRH17--


From nobody Wed Nov 29 08:19:08 2017
Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D2D14129413; Wed, 29 Nov 2017 08:19:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level: 
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9,  DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bM8EnHvijbjS; Wed, 29 Nov 2017 08:19:05 -0800 (PST)
Received: from mail-pg0-x229.google.com (mail-pg0-x229.google.com [IPv6:2607:f8b0:400e:c05::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 835591275C5; Wed, 29 Nov 2017 08:19:05 -0800 (PST)
Received: by mail-pg0-x229.google.com with SMTP id k15so1697792pgr.7; Wed, 29 Nov 2017 08:19:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;  h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=NTVxHKAysieasXlafA+4pPRIAhe0udmzyTu+zqQsODg=; b=etH98UjMSsU7ihBu2z1acn8v+FIAQZhkjpbxukFvQHaohE9/atx+BStLb7Wj8Fx4f8 ssdggb5nGBwslGPZkBXuE7JJb5bZRysbEoth5kCI1qZvuw3hwXt+mVyX0gnFGW/duG4+ jOGZXa8r3qlsyiRsXydgKzrmiBf/aZebK70W9HohT680I5qDOx0hfNeXBadPG4gvv11/ oIQGH4H+IMideEHOaA4p856sTBmkDcoDERUf6klAhtSJ09NThVR/5qWfL582oqYd4T98 fN84kUbxreswoChf3q/lGEl0PzfwY7OehAkZBcOzCb3A/7YPcugwvv3gLTO6tKKHScBm 5K9w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=NTVxHKAysieasXlafA+4pPRIAhe0udmzyTu+zqQsODg=; b=mKj62LTp1Cvxrxf4lJ4cyop9X2gDCONJFtTbb+/qL7coF0pYV24su3zPFOyly8znGs 4zCsaRbBsHLg7B/Bd58JmjS5yx7Ty4ZaCN0QXeCrmSKywmFt2+ncn/Bz/rsfde+UqDgP E/DVV1ri+hazKlDAg4T4AmouFlC3UwbMVimrFxTzNRDdCHPBA4Q7rbNLTStGLGFWak8i qcZrltGTfR62+RqRvX3RTnl74bTLbnmCvUqzSLXhPteVQOI8XMFMTLxHFNuLiVnG+/VI CtC7SfTZKQ1WeQc52OTHFfub+r7Go2arWAaPsaWZwY3vFDUhPjBEImR8b5ebnj90ObqK abDw==
X-Gm-Message-State: AJaThX5GHl8/E/gThMsdNeJFJIKNqyYuVUc5GdXvHBaZHd1/c5Nu8zKF 4GMBK6K7Ejz7OkAYF9reutKOy59DA+H1prZlz3Q=
X-Google-Smtp-Source: AGs4zMYa8xOliJOdaf01Mqe9ZEtdhmd4S3r+CpfsQVStnN+9CPMTyfNZQKPhvOfraCVHhbqGnEcP3pngBDeF/OeUT7w=
X-Received: by 10.99.109.202 with SMTP id i193mr3284638pgc.443.1511972345029;  Wed, 29 Nov 2017 08:19:05 -0800 (PST)
MIME-Version: 1.0
Received: by 10.100.186.208 with HTTP; Wed, 29 Nov 2017 08:18:24 -0800 (PST)
In-Reply-To: <fe249aa2-ad93-645f-c9b8-59926f864238@cisco.com>
References: <CAMRcRGSgvrhD9Z86vZ9V8hP-xui=gFRuRW6oyO_7y4Jz=MgH1Q@mail.gmail.com> <19053.1511458544@obiwan.sandelman.ca> <CY4PR09MB149519CC288AFBB5AFA65571F0250@CY4PR09MB1495.namprd09.prod.outlook.com> <991ECBD7-3005-48D9-A7C7-C79189D48284@iii.ca> <97c9f8d9-7d8c-5d86-a87a-1807c82e5fd2@nostrum.com> <3395.1511969104@obiwan.sandelman.ca> <fe249aa2-ad93-645f-c9b8-59926f864238@cisco.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: Wed, 29 Nov 2017 11:18:24 -0500
Message-ID: <CAHbuEH4eGrWSPRB0QZUoUwzo3VvH0N8YZN5p+CuxGeh6Auowvw@mail.gmail.com>
To: Eliot Lear <lear@cisco.com>
Cc: Michael Richardson <mcr+ietf@sandelman.ca>, The IESG <iesg@ietf.org>,  "suit@ietf.org" <suit@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/8bjVuiLissYw50swGz9alYCyR4U>
Subject: Re: [Suit] Suit Charter Updates Process Question
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Nov 2017 16:19:07 -0000

To briefly answer some of the questions asked on process, I am
updating the charter, per the consensus decisions by the chairs.  The
chairs typically make the consensus calls for all working groups and
BoFs.  The calls were made in the meeting and reflected in the charter
text that was posted shortly after the meeting.  The charter review
text is separate from a working charter in how the tools handle it.
For a BOF, there should only be working text, so I am not sure what
happened to create working text.

The chairs will respond to the other questions asked.  I will wait for
their assessment before any changes are made to the text or to the
charter review since it has been posted for a couple of weeks.  If
there are just simple edits, there is no reason to postpone the
telechat date.  The WG decided some of the major decisions would
happen within the WG and not in the charter discussion, which should
alleviate some possible concerns.

Best regards,
Kathleen

On Wed, Nov 29, 2017 at 10:38 AM, Eliot Lear <lear@cisco.com> wrote:
> Hi Michael,
>
>
> On 11/29/17 4:25 PM, Michael Richardson wrote:
>> I suggest maybe: "s/like Linux/like Linux, or Android/"
>>
>> (I think it's worth marking Android which can upgrade via blob as out of
>> scope: at least for now. There are many other interactions involving other
>> OTA updates, and I think we all agree that APKs or applications are out of
>> scope. Apple iPhone iOS being a single vendor totally vertical integration, I don't think will ever be in scope)
>
> I don't mind one way or the other,  but in the new text, there is one
> aspect that confuses me:
>
>> ... but instead this group  will focus on firmware development
> practices in the embedded industry.
>
> development practices or distribution mechanisms?
>
> The former seems to be quite broad.
>
> Eliot
>
>



-- 

Best regards,
Kathleen


From nobody Wed Nov 29 08:33:04 2017
Return-Path: <spencerdawkins.ietf@gmail.com>
X-Original-To: suit@ietf.org
Delivered-To: suit@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 51ACF129432; Wed, 29 Nov 2017 08:33:02 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Spencer Dawkins <spencerdawkins.ietf@gmail.com>
To: "The IESG" <iesg@ietf.org>
Cc: suit-chairs@ietf.org, suit@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.66.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <151197318232.8017.13183815255997691336.idtracker@ietfa.amsl.com>
Date: Wed, 29 Nov 2017 08:33:02 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/FpEI0e9NSVxSO8YDPR1ck46s0Bc>
Subject: [Suit] Spencer Dawkins' Yes on charter-ietf-suit-00-08: (with COMMENT)
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Nov 2017 16:33:02 -0000

Spencer Dawkins has entered the following ballot position for
charter-ietf-suit-00-08: Yes

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)



The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/charter-ietf-suit/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

Thanks for doing this one.

For "While there are many proprietary firmware update mechanisms in use today,
there is a lack of a modern interoperable approach of securely updating the
firmware in IoT devices", perhaps "there is no modern interoperable approach
allowing secure updates to firmware in IoT devices" might be easier to read.

Since you mention IoTSU, perhaps it's worth providing a pointer to the workshop
report, now available as https://datatracker.ietf.org/doc/rfc8240/.

I wasn't able to connect "In particular this group aims to publish several
documents, namely: - An IoT firmware update architecture that includes a
description of the involved entities, security threats, and assumptions. - One
or more manifest format specifications"

with

"The initial focus of this group will be development of the contents of a
manifest".

So, the initial focus of the group is *not* to specify an architecture? I lack
comprehension.

As an aside, as Adam noted, if that's a bullet list with two list elements, it
would be clearer if it was formatted that way :-)



From nobody Wed Nov 29 08:41:08 2017
Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4A56212714F; Wed, 29 Nov 2017 08:41:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level: 
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9,  DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cG5uBv2Inqeo; Wed, 29 Nov 2017 08:41:00 -0800 (PST)
Received: from mail-pg0-x22f.google.com (mail-pg0-x22f.google.com [IPv6:2607:f8b0:400e:c05::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D0F3B128616; Wed, 29 Nov 2017 08:41:00 -0800 (PST)
Received: by mail-pg0-x22f.google.com with SMTP id k15so1725493pgr.7; Wed, 29 Nov 2017 08:41:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;  h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=eJPpXlTC9+XTI+rC63wDBWB67jhiYwzMgDv6ZqC69/U=; b=mBVA7rYVni5wDHBiCnYkuzZpqreJekC3KCIvfzWP+NdehFuYxIDvZPWFxVNUaXIdfH va0VT32EILneYCBix/MXmWNcHqWw6icYmms/7+IIIpzggZpONELURVLtMzADRg8Z2yMT tny8URVS1577fRpaCJPnkzBUp1gk+Vd8NN2Depa0oxNcrbSvXp2/q5nxMwNflvCqPiEZ ht+qj5g4BEwtsr9I7jEXjAwx3aRsHd7q/qoVHkXASsVAiuvqsZHtPLIEDX6PT3TxxhJT N2KFbl/yx64th7GKy04AihZaGgFuxr81mrKJoZhM0FfCVnHOZuupheOD7L5Vic08yYBf BsRQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=eJPpXlTC9+XTI+rC63wDBWB67jhiYwzMgDv6ZqC69/U=; b=GUkmncjuPmkc3aJys8Dekm1tgmCGygDRz/X0NcPaK+BLSpaPPjtZVu5bDGP6C8t7uB iWRuYMegF+YoPCgzgXeATyIgOgRS7/LN6VG0RpOWKXbq+Si+Xc9FN/iDPv3BwgO2IvXy XZ8YrUvnD1JkFPG/y722cVH3dGZLjnjA+8iS86w5QQOJkxRKNG2UZCsGZuHA50gSrLKF HNqMX1dOILhceRgTojilbtUKWaadfVNEYIpspfX5nNYvaGFSZY+SDcQk1LkrEJdeQKfu Ma2OO//xFe2njsXxqtohmoZLybzlbglI4yGcdXad9a+CwyBmxtpP+6z0GT47rkgb1UkZ 8+RQ==
X-Gm-Message-State: AJaThX5F7DZFZMzi4/OHKKHrdWGHge22/5IEeMADk4jEwY/sYx0+ttJH YkmSF5iIO8lb192EmM0Tg3Muxc068pFocq7cNho=
X-Google-Smtp-Source: AGs4zMYaqFobOSRX0Pr+fxWNcnvfOtH4n5gNWitBES8wNDboR+MeoAQvZfmSSGESDmeC39buchzLdCoZUAt710WUj/I=
X-Received: by 10.99.145.199 with SMTP id l190mr3373739pge.132.1511973660386;  Wed, 29 Nov 2017 08:41:00 -0800 (PST)
MIME-Version: 1.0
Received: by 10.100.186.208 with HTTP; Wed, 29 Nov 2017 08:40:19 -0800 (PST)
In-Reply-To: <CAHbuEH4eGrWSPRB0QZUoUwzo3VvH0N8YZN5p+CuxGeh6Auowvw@mail.gmail.com>
References: <CAMRcRGSgvrhD9Z86vZ9V8hP-xui=gFRuRW6oyO_7y4Jz=MgH1Q@mail.gmail.com> <19053.1511458544@obiwan.sandelman.ca> <CY4PR09MB149519CC288AFBB5AFA65571F0250@CY4PR09MB1495.namprd09.prod.outlook.com> <991ECBD7-3005-48D9-A7C7-C79189D48284@iii.ca> <97c9f8d9-7d8c-5d86-a87a-1807c82e5fd2@nostrum.com> <3395.1511969104@obiwan.sandelman.ca> <fe249aa2-ad93-645f-c9b8-59926f864238@cisco.com> <CAHbuEH4eGrWSPRB0QZUoUwzo3VvH0N8YZN5p+CuxGeh6Auowvw@mail.gmail.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: Wed, 29 Nov 2017 11:40:19 -0500
Message-ID: <CAHbuEH5saXiY=CDz5sD-R9yPWqC=pSbN7pF7VhAA1T9PuKmoig@mail.gmail.com>
To: Eliot Lear <lear@cisco.com>
Cc: Michael Richardson <mcr+ietf@sandelman.ca>, The IESG <iesg@ietf.org>,  "suit@ietf.org" <suit@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/9rZCVys0b__uEQHvNTcm8erJOog>
Subject: Re: [Suit] Suit Charter Updates Process Question
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Nov 2017 16:41:02 -0000

Also, the difference between 7 and 8 was an attempt to fix the wrap
around issue on bullets, but it was not successful.  This is just
editorial and can be adjusted at any time.

Best regards,
Kathleen

On Wed, Nov 29, 2017 at 11:18 AM, Kathleen Moriarty
<kathleen.moriarty.ietf@gmail.com> wrote:
> To briefly answer some of the questions asked on process, I am
> updating the charter, per the consensus decisions by the chairs.  The
> chairs typically make the consensus calls for all working groups and
> BoFs.  The calls were made in the meeting and reflected in the charter
> text that was posted shortly after the meeting.  The charter review
> text is separate from a working charter in how the tools handle it.
> For a BOF, there should only be working text, so I am not sure what
> happened to create working text.
>
> The chairs will respond to the other questions asked.  I will wait for
> their assessment before any changes are made to the text or to the
> charter review since it has been posted for a couple of weeks.  If
> there are just simple edits, there is no reason to postpone the
> telechat date.  The WG decided some of the major decisions would
> happen within the WG and not in the charter discussion, which should
> alleviate some possible concerns.
>
> Best regards,
> Kathleen
>
> On Wed, Nov 29, 2017 at 10:38 AM, Eliot Lear <lear@cisco.com> wrote:
>> Hi Michael,
>>
>>
>> On 11/29/17 4:25 PM, Michael Richardson wrote:
>>> I suggest maybe: "s/like Linux/like Linux, or Android/"
>>>
>>> (I think it's worth marking Android which can upgrade via blob as out of
>>> scope: at least for now. There are many other interactions involving other
>>> OTA updates, and I think we all agree that APKs or applications are out of
>>> scope. Apple iPhone iOS being a single vendor totally vertical integration, I don't think will ever be in scope)
>>
>> I don't mind one way or the other,  but in the new text, there is one
>> aspect that confuses me:
>>
>>> ... but instead this group  will focus on firmware development
>> practices in the embedded industry.
>>
>> development practices or distribution mechanisms?
>>
>> The former seems to be quite broad.
>>
>> Eliot
>>
>>
>
>
>
> --
>
> Best regards,
> Kathleen



-- 

Best regards,
Kathleen


From nobody Wed Nov 29 11:21:59 2017
Return-Path: <alissa@cooperw.in>
X-Original-To: suit@ietf.org
Delivered-To: suit@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id E554C12420B; Wed, 29 Nov 2017 11:21:51 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Alissa Cooper <alissa@cooperw.in>
To: "The IESG" <iesg@ietf.org>
Cc: suit-chairs@ietf.org, suit@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.66.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <151198331193.7984.4323886922842709646.idtracker@ietfa.amsl.com>
Date: Wed, 29 Nov 2017 11:21:51 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/kQ9sSe5xIAOpRA2Wp9z4QIhqXds>
Subject: [Suit] Alissa Cooper's Block on charter-ietf-suit-00-08: (with BLOCK and COMMENT)
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Nov 2017 19:21:52 -0000

Alissa Cooper has entered the following ballot position for
charter-ietf-suit-00-08: Block

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)



The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/charter-ietf-suit/



----------------------------------------------------------------------
BLOCK:
----------------------------------------------------------------------

>From reading the mailing list and doing my own review, there seem to be a bunch
of open issues with this charter that would benefit from further discussion by
interested participants before the WG gets chartered. Some of these might just
be the result of lack of precision in the language used, but I think that is
actually pretty important for clarity in a WG charter. The issues are:

1. On the list there seems to be disagreement about the interpretation of this
text: "A lower number of formats is preferred to reduce code size for
supporting decoders on devices receiving a manifest and to maximize
interoperability of solutions." I also find myself confused by this (lower than
what? is there some upper bound?).

2. Michael Richardson raised some good question about this text that seem like
they warrant clarification, or at least a consensus call: "Software update
solutions that target updating software other than the firmware binaries are
also out of scope."

3. The milestones seem to use the term "Manifest format" to refer to something
that the charter calls "the contents of a mainfest" (I think), in contrast to
the multiple "formats" discussed in the charter. Given that there has also been
discussion on the list about format vs. serialization and the absence of a data
model specification, I think the charter and milestones would benefit from
being crystal clear about what deliverables the WG is expected to produce and
should use the same language throughout to name those deliverables.

4. This charter changed in some pretty important ways in the middle of the
external review period, but was never re-sent to the new-work mailing list.
There was also an error in the original announcement sent to new-work that
could cause confusion (it said this was a re-charter). I asked for it to be
re-sent but it doesn't look like it was. Since this is an important part of
external review, I really don't think this step should be skipped.

I'm willing to move to ABSTAIN if no one agrees with me but I thought I would
check to see if folks would be willing to take the time to sort out these
issues.


----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

Some lesser issues:

5. The charter now talks about how the group may describe the use of existing
discovery and transport mechanisms, but there are not associated milestone(s)
for this work. Not sure if this is intentional or an oversight.

6. I agree with the folks on the list who have said that the background
material about the IAB workshop and RFC 4108 should either be removed
(preferably), or shifted around to the beginning of the text and edited so that
it's clear that it's there for background purposes and not to constrain what
the group does going forward.



From nobody Wed Nov 29 11:29:56 2017
Return-Path: <dthaler@microsoft.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5BE4C12896F; Wed, 29 Nov 2017 11:29:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3
X-Spam-Level: 
X-Spam-Status: No, score=-3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9,  DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=-1, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lbZpJuKa1L-h; Wed, 29 Nov 2017 11:29:47 -0800 (PST)
Received: from NAM03-CO1-obe.outbound.protection.outlook.com (mail-co1nam03on0110.outbound.protection.outlook.com [104.47.40.110]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2649B126C22; Wed, 29 Nov 2017 11:29:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=RBEBluk+gQfiYLYX/VkXKJ0IFsPFksQ8I9V2kGb1A78=; b=Ox2/ijxNbYI73j+vE9IlXsFPirMTn2f4JEVBGnvqzGFqy7j+0KCDG3VT4lPktRnbGcmqxN6yI+GH7KARqMSFbYiK5Plp4a+j8QEw1MwnSGsawkzS/4To3fn5bsxy5MeCUAp8LAdE0mIww7BBZ7L3VK4O0M2VI7cw261m2eEE2lw=
Received: from CY4PR21MB0856.namprd21.prod.outlook.com (10.173.192.145) by CY4PR21MB0471.namprd21.prod.outlook.com (10.172.121.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.302.1; Wed, 29 Nov 2017 19:29:44 +0000
Received: from CY4PR21MB0856.namprd21.prod.outlook.com ([10.173.192.145]) by CY4PR21MB0856.namprd21.prod.outlook.com ([10.173.192.145]) with mapi id 15.20.0302.001; Wed, 29 Nov 2017 19:29:44 +0000
From: Dave Thaler <dthaler@microsoft.com>
To: Alissa Cooper <alissa@cooperw.in>, The IESG <iesg@ietf.org>
CC: "suit-chairs@ietf.org" <suit-chairs@ietf.org>, "suit@ietf.org" <suit@ietf.org>
Thread-Topic: Alissa Cooper's Block on charter-ietf-suit-00-08: (with BLOCK and COMMENT)
Thread-Index: AQHTaUdRIo+CQ4xNkkCYmLJ7NDe8KqMrvFqg
Date: Wed, 29 Nov 2017 19:29:43 +0000
Message-ID: <CY4PR21MB08568FCF8D9EE00DAD98C0E3A33B0@CY4PR21MB0856.namprd21.prod.outlook.com>
References: <151198331193.7984.4323886922842709646.idtracker@ietfa.amsl.com>
In-Reply-To: <151198331193.7984.4323886922842709646.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [167.220.0.72]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; CY4PR21MB0471; 6:wUWsrHbh1jARdkNRjfacB3oL5+sVIK/GGJ1QQaHbnZAUi6TzBhXS9VyIOYdXUTbP5JCRsA129HNIV8+onmdkjPGmlxbTvCU0nQow1rVHRxRW4c2u5W1d88HQvcDLJNhuBX1AAuBgTfjUiiiMdSY4bsaDzNF03S2bczXaB/ONnxa3c1XmgjFunAKkYXfr/D1lz1lD5YuFUaDFEruceskURg7ASBVf1vbJH0WPV71t2BmqfTtOGIGB5kVGYF3Elje72M53OaqQvslISf4+tXEmbeA26pNMlvFwbkEJhP1HVV6U+9VuiAl5bQhGpQg9PQHN8Rf9EYYCPvut95aO9glukN9aOfUSk1e6DodL47ntc5s=; 5:dssiMabTszopAnrWsuCjDu6+/EGh5x8q6mkVBv+aQEH/vm6LI1X8crmlgWV49poHBe9aCCN//QcF3mihx3sr8Y9aiAxoLKYHGeDPVPuZIHaVGCKvbzNgLAGvd7Yxamc0+cpGEnORnHcNoHBHin6dKarlFvCYswecEUyI9Dgu9Rc=; 24:3HY2zH7uo5wP810DHEeTeCN5YL5aHT8YRwjjbTaHjafEzl68aOUDIcY3FHWS+uO+SSQyiu/WGCNjFW2t0/CfFzzHuzThWq+BkVJRXaRp3Gg=; 7:iUVpu+6I56k+pF+NZwhlK9AmjK2XX4rFFpiLbDPs8MVNgSgLXBvd0GIQJNvzQZVRGlubjWxhx/aZ+4Sl3Msna+d9Tbd+ywmuTFw6p1LZSKX8PfM/3nHzW6vN6A5i9ZtU8ufQ/BNXAtfFKmIFdqBfR0aTz8NdyrJiTJ//lwBw/75RMnjJDvCwckWLSrH4SR0CJh7TRn6AJJy45vQUO9Vci0tFP9lGPMVRz0n86lDImZKgRreKCUa58gUO7Yw6rrVo
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: af40f8bb-a2b6-4d85-8691-08d5375f8b50
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(48565401081)(5600026)(4604075)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(2017052603274); SRVR:CY4PR21MB0471; 
x-ms-traffictypediagnostic: CY4PR21MB0471:
x-microsoft-antispam-prvs: <CY4PR21MB04716C9B1E4C84FF4A7B4003A33B0@CY4PR21MB0471.namprd21.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(189930954265078)(100405760836317)(227612066756510)(219752817060721)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(6040450)(2401047)(5005006)(8121501046)(93006095)(93001095)(10201501046)(3231022)(3002001)(6055026)(61426038)(61427038)(6041248)(20161123560025)(20161123558100)(20161123564025)(20161123555025)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(6072148)(201708071742011); SRVR:CY4PR21MB0471; BCL:0; PCL:0; RULEID:(100000803101)(100110400095); SRVR:CY4PR21MB0471; 
x-forefront-prvs: 05066DEDBB
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(346002)(366004)(39860400002)(376002)(47760400005)(52314003)(51444003)(13464003)(199003)(189002)(77096006)(966005)(14454004)(478600001)(3280700002)(7696005)(97736004)(55016002)(110136005)(68736007)(86362001)(8990500004)(33656002)(54906003)(3660700001)(10290500003)(6506006)(53546010)(316002)(50986010)(76176010)(22452003)(54356010)(229853002)(86612001)(25786009)(66066001)(606006)(6436002)(6246003)(53936002)(230783001)(10090500001)(74316002)(5660300001)(101416001)(236005)(99286004)(2900100001)(9686003)(106356001)(2906002)(3846002)(4326008)(2950100002)(790700001)(8936002)(102836003)(6116002)(189998001)(105586002)(81166006)(81156014)(6306002)(54896002)(7736002)(8676002); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR21MB0471; H:CY4PR21MB0856.namprd21.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords;  A:1; MX:1; LANG:en; 
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=dthaler@microsoft.com; 
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_CY4PR21MB08568FCF8D9EE00DAD98C0E3A33B0CY4PR21MB0856namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: af40f8bb-a2b6-4d85-8691-08d5375f8b50
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Nov 2017 19:29:43.9805 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR21MB0471
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/xkFlZWk1gmegOF12eWYtup0s2-4>
Subject: Re: [Suit] Alissa Cooper's Block on charter-ietf-suit-00-08: (with BLOCK and COMMENT)
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Nov 2017 19:29:50 -0000

--_000_CY4PR21MB08568FCF8D9EE00DAD98C0E3A33B0CY4PR21MB0856namp_
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64

TXkgb3BpbmlvbiBpbmxpbmUgYmVsb3cuDQoNCg0KDQotLS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0t
LQ0KRnJvbTogQWxpc3NhIENvb3BlciBbbWFpbHRvOmFsaXNzYUBjb29wZXJ3LmluXQ0KU2VudDog
V2VkbmVzZGF5LCBOb3ZlbWJlciAyOSwgMjAxNyAxMToyMiBBTQ0KVG86IFRoZSBJRVNHIDxpZXNn
QGlldGYub3JnPg0KQ2M6IHN1aXQtY2hhaXJzQGlldGYub3JnOyBzdWl0QGlldGYub3JnDQpTdWJq
ZWN0OiBBbGlzc2EgQ29vcGVyJ3MgQmxvY2sgb24gY2hhcnRlci1pZXRmLXN1aXQtMDAtMDg6ICh3
aXRoIEJMT0NLIGFuZCBDT01NRU5UKQ0KDQoNCg0KQWxpc3NhIENvb3BlciBoYXMgZW50ZXJlZCB0
aGUgZm9sbG93aW5nIGJhbGxvdCBwb3NpdGlvbiBmb3INCg0KY2hhcnRlci1pZXRmLXN1aXQtMDAt
MDg6IEJsb2NrDQoNCg0KDQpXaGVuIHJlc3BvbmRpbmcsIHBsZWFzZSBrZWVwIHRoZSBzdWJqZWN0
IGxpbmUgaW50YWN0IGFuZCByZXBseSB0byBhbGwgZW1haWwgYWRkcmVzc2VzIGluY2x1ZGVkIGlu
IHRoZSBUbyBhbmQgQ0MgbGluZXMuIChGZWVsIGZyZWUgdG8gY3V0IHRoaXMgaW50cm9kdWN0b3J5
IHBhcmFncmFwaCwgaG93ZXZlci4pDQoNCg0KDQoNCg0KDQoNClRoZSBkb2N1bWVudCwgYWxvbmcg
d2l0aCBvdGhlciBiYWxsb3QgcG9zaXRpb25zLCBjYW4gYmUgZm91bmQgaGVyZToNCg0KaHR0cHM6
Ly9uYTAxLnNhZmVsaW5rcy5wcm90ZWN0aW9uLm91dGxvb2suY29tLz91cmw9aHR0cHMlM0ElMkYl
MkZkYXRhdHJhY2tlci5pZXRmLm9yZyUyRmRvYyUyRmNoYXJ0ZXItaWV0Zi1zdWl0JTJGJmRhdGE9
MDIlN0MwMSU3Q2R0aGFsZXIlNDBtaWNyb3NvZnQuY29tJTdDN2NlYzFkNGFhYjY1NGQ1MTc2YmQw
OGQ1Mzc1ZTcyN2IlN0M3MmY5ODhiZjg2ZjE0MWFmOTFhYjJkN2NkMDExZGI0NyU3QzElN0MwJTdD
NjM2NDc1ODAxMTUxNDI0NDk3JnNkYXRhPW9ZcnZMZFdzNnJiRUFYVm95eHFUM21idlNLNzFYRHpK
JTJCaXJkV1dtYW1CTSUzRCZyZXNlcnZlZD0wDQoNCg0KDQoNCg0KDQoNCi0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0N
Cg0KQkxPQ0s6DQoNCi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCg0KDQoNCj5Gcm9tIHJlYWRpbmcgdGhlIG1haWxp
bmcgbGlzdCBhbmQgZG9pbmcgbXkgb3duIHJldmlldywgdGhlcmUgc2VlbSB0byBiZQ0KDQo+YSBi
dW5jaA0KDQpvZiBvcGVuIGlzc3VlcyB3aXRoIHRoaXMgY2hhcnRlciB0aGF0IHdvdWxkIGJlbmVm
aXQgZnJvbSBmdXJ0aGVyIGRpc2N1c3Npb24gYnkgaW50ZXJlc3RlZCBwYXJ0aWNpcGFudHMgYmVm
b3JlIHRoZSBXRyBnZXRzIGNoYXJ0ZXJlZC4gU29tZSBvZiB0aGVzZSBtaWdodCBqdXN0IGJlIHRo
ZSByZXN1bHQgb2YgbGFjayBvZiBwcmVjaXNpb24gaW4gdGhlIGxhbmd1YWdlIHVzZWQsIGJ1dCBJ
IHRoaW5rIHRoYXQgaXMgYWN0dWFsbHkgcHJldHR5IGltcG9ydGFudCBmb3IgY2xhcml0eSBpbiBh
IFdHIGNoYXJ0ZXIuIFRoZSBpc3N1ZXMgYXJlOg0KDQoNCg0KMS4gT24gdGhlIGxpc3QgdGhlcmUg
c2VlbXMgdG8gYmUgZGlzYWdyZWVtZW50IGFib3V0IHRoZSBpbnRlcnByZXRhdGlvbiBvZiB0aGlz
DQoNCnRleHQ6ICJBIGxvd2VyIG51bWJlciBvZiBmb3JtYXRzIGlzIHByZWZlcnJlZCB0byByZWR1
Y2UgY29kZSBzaXplIGZvciBzdXBwb3J0aW5nIGRlY29kZXJzIG9uIGRldmljZXMgcmVjZWl2aW5n
IGEgbWFuaWZlc3QgYW5kIHRvIG1heGltaXplIGludGVyb3BlcmFiaWxpdHkgb2Ygc29sdXRpb25z
LiIgSSBhbHNvIGZpbmQgbXlzZWxmIGNvbmZ1c2VkIGJ5IHRoaXMgKGxvd2VyIHRoYW4gd2hhdD8g
aXMgdGhlcmUgc29tZSB1cHBlciBib3VuZD8pLg0KDQoNCg0KSSBiZWxpZXZlIHRoZSBpbnRlbnQg
d2FzIGp1c3QgdG8ga2VlcCBpdCB0byBzb21lIHNtYWxsIG51bWJlciwgYnV0IG5vdCBuZWNlc3Nh
cmlseSAxIGlmIHRoZSBXRyBhZ3JlZXMgdGhhdCBtdWx0aXBsZSBhcmUgbmVlZGVkLiAgIEJ1dCB3
ZSBkb27igJl0IHdhbnQgYSBwcm9saWZlcmF0aW9uIG9mIGh1bmRyZWRzIG9mIHRoZW0sIG9yIGV2
ZW4gcmVhbGx5IHRlbnMsIHNpbmNlIHRoZSBwcmVzdW1lZCBnb2FsIGlzIGZvciBhIG1hbmFnZW1l
bnQgdG9vbCBvciBzZXJ2aWNlIHRvIHN1cHBvcnQgYWxsIGZvcm1hdHMgbmVlZGVkIHRvIHVwZGF0
ZSBhIGhldGVyb2dlbmVvdXMgc2V0IG9mIGRldmljZXMuDQoNCg0KDQoNCg0KMi4gTWljaGFlbCBS
aWNoYXJkc29uIHJhaXNlZCBzb21lIGdvb2QgcXVlc3Rpb24gYWJvdXQgdGhpcyB0ZXh0IHRoYXQg
c2VlbSBsaWtlIHRoZXkgd2FycmFudCBjbGFyaWZpY2F0aW9uLCBvciBhdCBsZWFzdCBhIGNvbnNl
bnN1cyBjYWxsOiAiU29mdHdhcmUgdXBkYXRlIHNvbHV0aW9ucyB0aGF0IHRhcmdldCB1cGRhdGlu
ZyBzb2Z0d2FyZSBvdGhlciB0aGFuIHRoZSBmaXJtd2FyZSBiaW5hcmllcyBhcmUgYWxzbyBvdXQg
b2Ygc2NvcGUuIg0KDQoNCg0KVGhhdCB0ZXh0IChvciBhdCBsZWFzdCB0aGUgaW50ZW50IGJlaGlu
ZCBpdCkgcmVmbGVjdHMgdGhlIGNvbnNlbnN1cyBkdXJpbmcgdGhlIFNVSVQgQm9GLiAgIFRoYXQg
aXMsIHNvZnR3YXJlIOKAnHVzZWQgZm9yIGJvb3TigJ0gb3Igc29tZSBhcHByb3hpbWF0aW9uIHRo
ZXJlb2YsIGFuZCBub3Qg4oCcYXBwc+KAnSB0aGF0IGNvdWxkIGJlIGluc3RhbGxlZCBsYXRlciBv
bi4NCg0KDQoNCg0KDQozLiBUaGUgbWlsZXN0b25lcyBzZWVtIHRvIHVzZSB0aGUgdGVybSAiTWFu
aWZlc3QgZm9ybWF0IiB0byByZWZlciB0byBzb21ldGhpbmcgdGhhdCB0aGUgY2hhcnRlciBjYWxs
cyAidGhlIGNvbnRlbnRzIG9mIGEgbWFpbmZlc3QiIChJIHRoaW5rKSwgaW4gY29udHJhc3QgdG8g
dGhlIG11bHRpcGxlICJmb3JtYXRzIiBkaXNjdXNzZWQgaW4gdGhlIGNoYXJ0ZXIuIEdpdmVuIHRo
YXQgdGhlcmUgaGFzIGFsc28gYmVlbiBkaXNjdXNzaW9uIG9uIHRoZSBsaXN0IGFib3V0IGZvcm1h
dCB2cy4gc2VyaWFsaXphdGlvbiBhbmQgdGhlIGFic2VuY2Ugb2YgYSBkYXRhIG1vZGVsIHNwZWNp
ZmljYXRpb24sIEkgdGhpbmsgdGhlIGNoYXJ0ZXIgYW5kIG1pbGVzdG9uZXMgd291bGQgYmVuZWZp
dCBmcm9tIGJlaW5nIGNyeXN0YWwgY2xlYXIgYWJvdXQgd2hhdCBkZWxpdmVyYWJsZXMgdGhlIFdH
IGlzIGV4cGVjdGVkIHRvIHByb2R1Y2UgYW5kIHNob3VsZCB1c2UgdGhlIHNhbWUgbGFuZ3VhZ2Ug
dGhyb3VnaG91dCB0byBuYW1lIHRob3NlIGRlbGl2ZXJhYmxlcy4NCg0KDQoNCkkgdGhpbmsgdGhl
IGludGVudCB3YXMgdGhhdCB0aGV5IHdlcmUgc3lub255bW91cyBidXQgeWVhaCBwaWNraW5nIG9u
ZSB3b3VsZCBiZSBsZXNzIGNvbmZ1c2luZy4gICBQZXJzb25hbGx5IEkgdGhpbmsg4oCcbWFuaWZl
c3QgZm9ybWF0KHMp4oCdIGlzIGJldHRlciB0aGFuIOKAnHRoZSBjb250ZW50cyBvZiBhIG1hbmlm
ZXN04oCdLg0KDQoNCg0KDQoNCjQuIFRoaXMgY2hhcnRlciBjaGFuZ2VkIGluIHNvbWUgcHJldHR5
IGltcG9ydGFudCB3YXlzIGluIHRoZSBtaWRkbGUgb2YgdGhlIGV4dGVybmFsIHJldmlldyBwZXJp
b2QsIGJ1dCB3YXMgbmV2ZXIgcmUtc2VudCB0byB0aGUgbmV3LXdvcmsgbWFpbGluZyBsaXN0Lg0K
DQpUaGVyZSB3YXMgYWxzbyBhbiBlcnJvciBpbiB0aGUgb3JpZ2luYWwgYW5ub3VuY2VtZW50IHNl
bnQgdG8gbmV3LXdvcmsgdGhhdCBjb3VsZCBjYXVzZSBjb25mdXNpb24gKGl0IHNhaWQgdGhpcyB3
YXMgYSByZS1jaGFydGVyKS4gSSBhc2tlZCBmb3IgaXQgdG8gYmUgcmUtc2VudCBidXQgaXQgZG9l
c24ndCBsb29rIGxpa2UgaXQgd2FzLiBTaW5jZSB0aGlzIGlzIGFuIGltcG9ydGFudCBwYXJ0IG9m
IGV4dGVybmFsIHJldmlldywgSSByZWFsbHkgZG9uJ3QgdGhpbmsgdGhpcyBzdGVwIHNob3VsZCBi
ZSBza2lwcGVkLg0KDQoNCg0KSSdtIHdpbGxpbmcgdG8gbW92ZSB0byBBQlNUQUlOIGlmIG5vIG9u
ZSBhZ3JlZXMgd2l0aCBtZSBidXQgSSB0aG91Z2h0IEkgd291bGQgY2hlY2sgdG8gc2VlIGlmIGZv
bGtzIHdvdWxkIGJlIHdpbGxpbmcgdG8gdGFrZSB0aGUgdGltZSB0byBzb3J0IG91dCB0aGVzZSBp
c3N1ZXMuDQoNCg0KDQoNCg0KLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KDQpDT01NRU5UOg0KDQotLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tDQoNCg0KDQpTb21lIGxlc3NlciBpc3N1ZXM6DQoNCg0KDQo1LiBUaGUgY2hhcnRlciBub3cg
dGFsa3MgYWJvdXQgaG93IHRoZSBncm91cCBtYXkgZGVzY3JpYmUgdGhlIHVzZSBvZiBleGlzdGlu
ZyBkaXNjb3ZlcnkgYW5kIHRyYW5zcG9ydCBtZWNoYW5pc21zLCBidXQgdGhlcmUgYXJlIG5vdCBh
c3NvY2lhdGVkIG1pbGVzdG9uZShzKSBmb3IgdGhpcyB3b3JrLiBOb3Qgc3VyZSBpZiB0aGlzIGlz
IGludGVudGlvbmFsIG9yIGFuIG92ZXJzaWdodC4NCg0KDQoNCk15IG9waW5pb24gaXMgdGhhdCBJ
IGNvbnNpZGVyIGl0IHBhcnQgb2YgdGhlIGFyY2hpdGVjdHVyZSwgYnV0IG5vdCBzdXJlIHdoYXQg
b3RoZXJzIHRoaW5nLg0KDQoNCg0KDQoNCjYuIEkgYWdyZWUgd2l0aCB0aGUgZm9sa3Mgb24gdGhl
IGxpc3Qgd2hvIGhhdmUgc2FpZCB0aGF0IHRoZSBiYWNrZ3JvdW5kIG1hdGVyaWFsIGFib3V0IHRo
ZSBJQUIgd29ya3Nob3AgYW5kIFJGQyA0MTA4IHNob3VsZCBlaXRoZXIgYmUgcmVtb3ZlZCAocHJl
ZmVyYWJseSksIG9yIHNoaWZ0ZWQgYXJvdW5kIHRvIHRoZSBiZWdpbm5pbmcgb2YgdGhlIHRleHQg
YW5kIGVkaXRlZCBzbyB0aGF0IGl0J3MgY2xlYXIgdGhhdCBpdCdzIHRoZXJlIGZvciBiYWNrZ3Jv
dW5kIHB1cnBvc2VzIGFuZCBub3QgdG8gY29uc3RyYWluIHdoYXQgdGhlIGdyb3VwIGRvZXMgZ29p
bmcgZm9yd2FyZC4NCg0KDQoNClRoZSBjb25zZW5zdXMgYXQgdGhlIEJvRiB3YXMsIGZyb20gbXkg
cmVjb2xsZWN0aW9uIGFueXdheSwgaW5kZWVkIHRvIGRvIHNvIGZvciBSRkMgNDEwOC4gICBJIGRv
buKAmXQgcmVjYWxsIEJvRiBkaXNjdXNzaW9uIGFib3V0IGRvaW5nIHNvIGZvciB0aGUgSUFCIHdv
cmtzaG9wIHRvbywgYnV0IEkgYW0gb2sgd2l0aCB0aGF0IHN1Z2dlc3Rpb24uDQoNCg0KDQpEYXZl
DQo=

--_000_CY4PR21MB08568FCF8D9EE00DAD98C0E3A33B0CY4PR21MB0856namp_
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: base64

PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy
bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt
YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj
cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv
VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg
Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv
ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl
PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6
IkNhbWJyaWEgTWF0aCI7DQoJcGFub3NlLTE6MiA0IDUgMyA1IDQgNiAzIDIgNDt9DQpAZm9udC1m
YWNlDQoJe2ZvbnQtZmFtaWx5OkNhbGlicmk7DQoJcGFub3NlLTE6MiAxNSA1IDIgMiAyIDQgMyAy
IDQ7fQ0KLyogU3R5bGUgRGVmaW5pdGlvbnMgKi8NCnAuTXNvTm9ybWFsLCBsaS5Nc29Ob3JtYWws
IGRpdi5Nc29Ob3JtYWwNCgl7bWFyZ2luOjBpbjsNCgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJ
Zm9udC1zaXplOjExLjBwdDsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjt9DQph
OmxpbmssIHNwYW4uTXNvSHlwZXJsaW5rDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCgljb2xv
cjojMDU2M0MxOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KYTp2aXNpdGVkLCBzcGFu
Lk1zb0h5cGVybGlua0ZvbGxvd2VkDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCgljb2xvcjoj
OTU0RjcyOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KcC5Nc29QbGFpblRleHQsIGxp
Lk1zb1BsYWluVGV4dCwgZGl2Lk1zb1BsYWluVGV4dA0KCXttc28tc3R5bGUtcHJpb3JpdHk6OTk7
DQoJbXNvLXN0eWxlLWxpbms6IlBsYWluIFRleHQgQ2hhciI7DQoJbWFyZ2luOjBpbjsNCgltYXJn
aW4tYm90dG9tOi4wMDAxcHQ7DQoJZm9udC1zaXplOjExLjBwdDsNCglmb250LWZhbWlseToiQ2Fs
aWJyaSIsc2Fucy1zZXJpZjt9DQpzcGFuLlBsYWluVGV4dENoYXINCgl7bXNvLXN0eWxlLW5hbWU6
IlBsYWluIFRleHQgQ2hhciI7DQoJbXNvLXN0eWxlLXByaW9yaXR5Ojk5Ow0KCW1zby1zdHlsZS1s
aW5rOiJQbGFpbiBUZXh0IjsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjt9DQou
TXNvQ2hwRGVmYXVsdA0KCXttc28tc3R5bGUtdHlwZTpleHBvcnQtb25seTsNCglmb250LWZhbWls
eToiQ2FsaWJyaSIsc2Fucy1zZXJpZjt9DQpAcGFnZSBXb3JkU2VjdGlvbjENCgl7c2l6ZTo4LjVp
biAxMS4waW47DQoJbWFyZ2luOjEuMGluIDEuMGluIDEuMGluIDEuMGluO30NCmRpdi5Xb3JkU2Vj
dGlvbjENCgl7cGFnZTpXb3JkU2VjdGlvbjE7fQ0KLS0+PC9zdHlsZT48IS0tW2lmIGd0ZSBtc28g
OV0+PHhtbD4NCjxvOnNoYXBlZGVmYXVsdHMgdjpleHQ9ImVkaXQiIHNwaWRtYXg9IjEwMjYiIC8+
DQo8L3htbD48IVtlbmRpZl0tLT48IS0tW2lmIGd0ZSBtc28gOV0+PHhtbD4NCjxvOnNoYXBlbGF5
b3V0IHY6ZXh0PSJlZGl0Ij4NCjxvOmlkbWFwIHY6ZXh0PSJlZGl0IiBkYXRhPSIxIiAvPg0KPC9v
OnNoYXBlbGF5b3V0PjwveG1sPjwhW2VuZGlmXS0tPg0KPC9oZWFkPg0KPGJvZHkgbGFuZz0iRU4t
VVMiIGxpbms9IiMwNTYzQzEiIHZsaW5rPSIjOTU0RjcyIj4NCjxkaXYgY2xhc3M9IldvcmRTZWN0
aW9uMSI+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij5NeSBvcGluaW9uIGlubGluZSBiZWxvdy48
bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiIHN0eWxlPSJtYXJnaW4tbGVm
dDouNWluIj48YSBuYW1lPSJfTWFpbEVuZENvbXBvc2UiPjxvOnA+Jm5ic3A7PC9vOnA+PC9hPjwv
cD4NCjxzcGFuIHN0eWxlPSJtc28tYm9va21hcms6X01haWxFbmRDb21wb3NlIj48L3NwYW4+DQo8
cCBjbGFzcz0iTXNvUGxhaW5UZXh0IiBzdHlsZT0ibWFyZ2luLWxlZnQ6LjVpbiI+LS0tLS1Pcmln
aW5hbCBNZXNzYWdlLS0tLS08YnI+DQpGcm9tOiBBbGlzc2EgQ29vcGVyIFttYWlsdG86YWxpc3Nh
QGNvb3BlcncuaW5dIDxicj4NClNlbnQ6IFdlZG5lc2RheSwgTm92ZW1iZXIgMjksIDIwMTcgMTE6
MjIgQU08YnI+DQpUbzogVGhlIElFU0cgJmx0O2llc2dAaWV0Zi5vcmcmZ3Q7PGJyPg0KQ2M6IHN1
aXQtY2hhaXJzQGlldGYub3JnOyBzdWl0QGlldGYub3JnPGJyPg0KU3ViamVjdDogQWxpc3NhIENv
b3BlcidzIEJsb2NrIG9uIGNoYXJ0ZXItaWV0Zi1zdWl0LTAwLTA4OiAod2l0aCBCTE9DSyBhbmQg
Q09NTUVOVCk8L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0IiBzdHlsZT0ibWFyZ2luLWxlZnQ6
LjVpbiI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0IiBzdHls
ZT0ibWFyZ2luLWxlZnQ6LjVpbiI+QWxpc3NhIENvb3BlciBoYXMgZW50ZXJlZCB0aGUgZm9sbG93
aW5nIGJhbGxvdCBwb3NpdGlvbiBmb3I8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFp
blRleHQiIHN0eWxlPSJtYXJnaW4tbGVmdDouNWluIj5jaGFydGVyLWlldGYtc3VpdC0wMC0wODog
QmxvY2s8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiIHN0eWxlPSJtYXJn
aW4tbGVmdDouNWluIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRl
eHQiIHN0eWxlPSJtYXJnaW4tbGVmdDouNWluIj5XaGVuIHJlc3BvbmRpbmcsIHBsZWFzZSBrZWVw
IHRoZSBzdWJqZWN0IGxpbmUgaW50YWN0IGFuZCByZXBseSB0byBhbGwgZW1haWwgYWRkcmVzc2Vz
IGluY2x1ZGVkIGluIHRoZSBUbyBhbmQgQ0MgbGluZXMuIChGZWVsIGZyZWUgdG8gY3V0IHRoaXMg
aW50cm9kdWN0b3J5IHBhcmFncmFwaCwgaG93ZXZlci4pPG86cD48L286cD48L3A+DQo8cCBjbGFz
cz0iTXNvUGxhaW5UZXh0IiBzdHlsZT0ibWFyZ2luLWxlZnQ6LjVpbiI+PG86cD4mbmJzcDs8L286
cD48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0IiBzdHlsZT0ibWFyZ2luLWxlZnQ6LjVpbiI+
PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0IiBzdHlsZT0ibWFy
Z2luLWxlZnQ6LjVpbiI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5U
ZXh0IiBzdHlsZT0ibWFyZ2luLWxlZnQ6LjVpbiI+VGhlIGRvY3VtZW50LCBhbG9uZyB3aXRoIG90
aGVyIGJhbGxvdCBwb3NpdGlvbnMsIGNhbiBiZSBmb3VuZCBoZXJlOjxvOnA+PC9vOnA+PC9wPg0K
PHAgY2xhc3M9Ik1zb1BsYWluVGV4dCIgc3R5bGU9Im1hcmdpbi1sZWZ0Oi41aW4iPjxhIGhyZWY9
Imh0dHBzOi8vbmEwMS5zYWZlbGlua3MucHJvdGVjdGlvbi5vdXRsb29rLmNvbS8/dXJsPWh0dHBz
JTNBJTJGJTJGZGF0YXRyYWNrZXIuaWV0Zi5vcmclMkZkb2MlMkZjaGFydGVyLWlldGYtc3VpdCUy
RiZhbXA7ZGF0YT0wMiU3QzAxJTdDZHRoYWxlciU0MG1pY3Jvc29mdC5jb20lN0M3Y2VjMWQ0YWFi
NjU0ZDUxNzZiZDA4ZDUzNzVlNzI3YiU3QzcyZjk4OGJmODZmMTQxYWY5MWFiMmQ3Y2QwMTFkYjQ3
JTdDMSU3QzAlN0M2MzY0NzU4MDExNTE0MjQ0OTcmYW1wO3NkYXRhPW9ZcnZMZFdzNnJiRUFYVm95
eHFUM21idlNLNzFYRHpKJTJCaXJkV1dtYW1CTSUzRCZhbXA7cmVzZXJ2ZWQ9MCI+PHNwYW4gc3R5
bGU9ImNvbG9yOndpbmRvd3RleHQ7dGV4dC1kZWNvcmF0aW9uOm5vbmUiPmh0dHBzOi8vbmEwMS5z
YWZlbGlua3MucHJvdGVjdGlvbi5vdXRsb29rLmNvbS8/dXJsPWh0dHBzJTNBJTJGJTJGZGF0YXRy
YWNrZXIuaWV0Zi5vcmclMkZkb2MlMkZjaGFydGVyLWlldGYtc3VpdCUyRiZhbXA7ZGF0YT0wMiU3
QzAxJTdDZHRoYWxlciU0MG1pY3Jvc29mdC5jb20lN0M3Y2VjMWQ0YWFiNjU0ZDUxNzZiZDA4ZDUz
NzVlNzI3YiU3QzcyZjk4OGJmODZmMTQxYWY5MWFiMmQ3Y2QwMTFkYjQ3JTdDMSU3QzAlN0M2MzY0
NzU4MDExNTE0MjQ0OTcmYW1wO3NkYXRhPW9ZcnZMZFdzNnJiRUFYVm95eHFUM21idlNLNzFYRHpK
JTJCaXJkV1dtYW1CTSUzRCZhbXA7cmVzZXJ2ZWQ9MDwvc3Bhbj48L2E+PG86cD48L286cD48L3A+
DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0IiBzdHlsZT0ibWFyZ2luLWxlZnQ6LjVpbiI+PG86cD4m
bmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0IiBzdHlsZT0ibWFyZ2luLWxl
ZnQ6LjVpbiI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0IiBz
dHlsZT0ibWFyZ2luLWxlZnQ6LjVpbiI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0i
TXNvUGxhaW5UZXh0IiBzdHlsZT0ibWFyZ2luLWxlZnQ6LjVpbiI+LS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLTxvOnA+
PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCIgc3R5bGU9Im1hcmdpbi1sZWZ0Oi41
aW4iPkJMT0NLOjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCIgc3R5bGU9
Im1hcmdpbi1sZWZ0Oi41aW4iPi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS08bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNz
PSJNc29QbGFpblRleHQiIHN0eWxlPSJtYXJnaW4tbGVmdDouNWluIj48bzpwPiZuYnNwOzwvbzpw
PjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiIHN0eWxlPSJtYXJnaW4tbGVmdDouNWluIj4m
Z3Q7RnJvbSByZWFkaW5nIHRoZSBtYWlsaW5nIGxpc3QgYW5kIGRvaW5nIG15IG93biByZXZpZXcs
IHRoZXJlIHNlZW0gdG8gYmUNCjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4
dCIgc3R5bGU9Im1hcmdpbi1sZWZ0Oi41aW4iPiZndDthIGJ1bmNoPG86cD48L286cD48L3A+DQo8
cCBjbGFzcz0iTXNvUGxhaW5UZXh0IiBzdHlsZT0ibWFyZ2luLWxlZnQ6LjVpbiI+b2Ygb3BlbiBp
c3N1ZXMgd2l0aCB0aGlzIGNoYXJ0ZXIgdGhhdCB3b3VsZCBiZW5lZml0IGZyb20gZnVydGhlciBk
aXNjdXNzaW9uIGJ5IGludGVyZXN0ZWQgcGFydGljaXBhbnRzIGJlZm9yZSB0aGUgV0cgZ2V0cyBj
aGFydGVyZWQuIFNvbWUgb2YgdGhlc2UgbWlnaHQganVzdCBiZSB0aGUgcmVzdWx0IG9mIGxhY2sg
b2YgcHJlY2lzaW9uIGluIHRoZSBsYW5ndWFnZQ0KIHVzZWQsIGJ1dCBJIHRoaW5rIHRoYXQgaXMg
YWN0dWFsbHkgcHJldHR5IGltcG9ydGFudCBmb3IgY2xhcml0eSBpbiBhIFdHIGNoYXJ0ZXIuIFRo
ZSBpc3N1ZXMgYXJlOjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCIgc3R5
bGU9Im1hcmdpbi1sZWZ0Oi41aW4iPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1z
b1BsYWluVGV4dCIgc3R5bGU9Im1hcmdpbi1sZWZ0Oi41aW4iPjEuIE9uIHRoZSBsaXN0IHRoZXJl
IHNlZW1zIHRvIGJlIGRpc2FncmVlbWVudCBhYm91dCB0aGUgaW50ZXJwcmV0YXRpb24gb2YgdGhp
czxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCIgc3R5bGU9Im1hcmdpbi1s
ZWZ0Oi41aW4iPnRleHQ6ICZxdW90O0EgbG93ZXIgbnVtYmVyIG9mIGZvcm1hdHMgaXMgcHJlZmVy
cmVkIHRvIHJlZHVjZSBjb2RlIHNpemUgZm9yIHN1cHBvcnRpbmcgZGVjb2RlcnMgb24gZGV2aWNl
cyByZWNlaXZpbmcgYSBtYW5pZmVzdCBhbmQgdG8gbWF4aW1pemUgaW50ZXJvcGVyYWJpbGl0eSBv
ZiBzb2x1dGlvbnMuJnF1b3Q7IEkgYWxzbyBmaW5kIG15c2VsZiBjb25mdXNlZCBieSB0aGlzIChs
b3dlcg0KIHRoYW4gd2hhdD8gaXMgdGhlcmUgc29tZSB1cHBlciBib3VuZD8pLjxvOnA+PC9vOnA+
PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gc3R5bGU9ImNvbG9yOmJsYWNrIj48
bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3Bh
biBzdHlsZT0iY29sb3I6YmxhY2siPkkgYmVsaWV2ZSB0aGUgaW50ZW50IHdhcyBqdXN0IHRvIGtl
ZXAgaXQgdG8gc29tZSBzbWFsbCBudW1iZXIsIGJ1dCBub3QgbmVjZXNzYXJpbHkgMSBpZiB0aGUg
V0cgYWdyZWVzIHRoYXQgbXVsdGlwbGUgYXJlIG5lZWRlZC4gJm5ic3A7Jm5ic3A7QnV0IHdlIGRv
buKAmXQgd2FudCBhIHByb2xpZmVyYXRpb24gb2YgaHVuZHJlZHMgb2YgdGhlbSwgb3IgZXZlbiBy
ZWFsbHkgdGVucywgc2luY2UNCiB0aGUgcHJlc3VtZWQgZ29hbCBpcyBmb3IgYSBtYW5hZ2VtZW50
IHRvb2wgb3Igc2VydmljZSB0byBzdXBwb3J0IGFsbCBmb3JtYXRzIG5lZWRlZCB0byB1cGRhdGUg
YSBoZXRlcm9nZW5lb3VzIHNldCBvZiBkZXZpY2VzLjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxw
IGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIHN0eWxlPSJjb2xvcjpibGFjayI+PG86cD4mbmJz
cDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCIgc3R5bGU9Im1hcmdp
bi1sZWZ0Oi41aW4iPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4
dCIgc3R5bGU9Im1hcmdpbi1sZWZ0Oi41aW4iPjIuIE1pY2hhZWwgUmljaGFyZHNvbiByYWlzZWQg
c29tZSBnb29kIHF1ZXN0aW9uIGFib3V0IHRoaXMgdGV4dCB0aGF0IHNlZW0gbGlrZSB0aGV5IHdh
cnJhbnQgY2xhcmlmaWNhdGlvbiwgb3IgYXQgbGVhc3QgYSBjb25zZW5zdXMgY2FsbDogJnF1b3Q7
U29mdHdhcmUgdXBkYXRlIHNvbHV0aW9ucyB0aGF0IHRhcmdldCB1cGRhdGluZyBzb2Z0d2FyZSBv
dGhlciB0aGFuIHRoZQ0KIGZpcm13YXJlIGJpbmFyaWVzIGFyZSBhbHNvIG91dCBvZiBzY29wZS4m
cXVvdDs8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIHN0eWxl
PSJjb2xvcjpibGFjayI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1z
b1BsYWluVGV4dCI+PHNwYW4gc3R5bGU9ImNvbG9yOmJsYWNrIj5UaGF0IHRleHQgKG9yIGF0IGxl
YXN0IHRoZSBpbnRlbnQgYmVoaW5kIGl0KSByZWZsZWN0cyB0aGUgY29uc2Vuc3VzIGR1cmluZyB0
aGUgU1VJVCBCb0YuJm5ic3A7ICZuYnNwO1RoYXQgaXMsIHNvZnR3YXJlIOKAnHVzZWQgZm9yIGJv
b3TigJ0gb3Igc29tZSBhcHByb3hpbWF0aW9uIHRoZXJlb2YsIGFuZCBub3Qg4oCcYXBwc+KAnSB0
aGF0IGNvdWxkIGJlIGluc3RhbGxlZCBsYXRlciBvbi48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8
cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBzdHlsZT0iY29sb3I6YmxhY2siPjxvOnA+Jm5i
c3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiIHN0eWxlPSJtYXJn
aW4tbGVmdDouNWluIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRl
eHQiIHN0eWxlPSJtYXJnaW4tbGVmdDouNWluIj4zLiBUaGUgbWlsZXN0b25lcyBzZWVtIHRvIHVz
ZSB0aGUgdGVybSAmcXVvdDtNYW5pZmVzdCBmb3JtYXQmcXVvdDsgdG8gcmVmZXIgdG8gc29tZXRo
aW5nIHRoYXQgdGhlIGNoYXJ0ZXIgY2FsbHMgJnF1b3Q7dGhlIGNvbnRlbnRzIG9mIGEgbWFpbmZl
c3QmcXVvdDsgKEkgdGhpbmspLCBpbiBjb250cmFzdCB0byB0aGUgbXVsdGlwbGUgJnF1b3Q7Zm9y
bWF0cyZxdW90OyBkaXNjdXNzZWQgaW4gdGhlIGNoYXJ0ZXIuIEdpdmVuDQogdGhhdCB0aGVyZSBo
YXMgYWxzbyBiZWVuIGRpc2N1c3Npb24gb24gdGhlIGxpc3QgYWJvdXQgZm9ybWF0IHZzLiBzZXJp
YWxpemF0aW9uIGFuZCB0aGUgYWJzZW5jZSBvZiBhIGRhdGEgbW9kZWwgc3BlY2lmaWNhdGlvbiwg
SSB0aGluayB0aGUgY2hhcnRlciBhbmQgbWlsZXN0b25lcyB3b3VsZCBiZW5lZml0IGZyb20gYmVp
bmcgY3J5c3RhbCBjbGVhciBhYm91dCB3aGF0IGRlbGl2ZXJhYmxlcyB0aGUgV0cgaXMgZXhwZWN0
ZWQgdG8gcHJvZHVjZSBhbmQNCiBzaG91bGQgdXNlIHRoZSBzYW1lIGxhbmd1YWdlIHRocm91Z2hv
dXQgdG8gbmFtZSB0aG9zZSBkZWxpdmVyYWJsZXMuPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0i
TXNvUGxhaW5UZXh0Ij48c3BhbiBzdHlsZT0iY29sb3I6YmxhY2siPjxvOnA+Jm5ic3A7PC9vOnA+
PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIHN0eWxlPSJjb2xvcjpi
bGFjayI+SSB0aGluayB0aGUgaW50ZW50IHdhcyB0aGF0IHRoZXkgd2VyZSBzeW5vbnltb3VzIGJ1
dCB5ZWFoIHBpY2tpbmcgb25lIHdvdWxkIGJlIGxlc3MgY29uZnVzaW5nLiZuYnNwOyZuYnNwOyBQ
ZXJzb25hbGx5IEkgdGhpbmsg4oCcbWFuaWZlc3QgZm9ybWF0KHMp4oCdIGlzIGJldHRlciB0aGFu
IOKAnHRoZSBjb250ZW50cyBvZiBhIG1hbmlmZXN04oCdLjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4N
CjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIHN0eWxlPSJjb2xvcjpibGFjayI+PG86cD4m
bmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCIgc3R5bGU9Im1h
cmdpbi1sZWZ0Oi41aW4iPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWlu
VGV4dCIgc3R5bGU9Im1hcmdpbi1sZWZ0Oi41aW4iPjQuIFRoaXMgY2hhcnRlciBjaGFuZ2VkIGlu
IHNvbWUgcHJldHR5IGltcG9ydGFudCB3YXlzIGluIHRoZSBtaWRkbGUgb2YgdGhlIGV4dGVybmFs
IHJldmlldyBwZXJpb2QsIGJ1dCB3YXMgbmV2ZXIgcmUtc2VudCB0byB0aGUgbmV3LXdvcmsgbWFp
bGluZyBsaXN0LjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCIgc3R5bGU9
Im1hcmdpbi1sZWZ0Oi41aW4iPlRoZXJlIHdhcyBhbHNvIGFuIGVycm9yIGluIHRoZSBvcmlnaW5h
bCBhbm5vdW5jZW1lbnQgc2VudCB0byBuZXctd29yayB0aGF0IGNvdWxkIGNhdXNlIGNvbmZ1c2lv
biAoaXQgc2FpZCB0aGlzIHdhcyBhIHJlLWNoYXJ0ZXIpLiBJIGFza2VkIGZvciBpdCB0byBiZSBy
ZS1zZW50IGJ1dCBpdCBkb2Vzbid0IGxvb2sgbGlrZSBpdCB3YXMuIFNpbmNlIHRoaXMgaXMgYW4N
CiBpbXBvcnRhbnQgcGFydCBvZiBleHRlcm5hbCByZXZpZXcsIEkgcmVhbGx5IGRvbid0IHRoaW5r
IHRoaXMgc3RlcCBzaG91bGQgYmUgc2tpcHBlZC48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJN
c29QbGFpblRleHQiIHN0eWxlPSJtYXJnaW4tbGVmdDouNWluIj48bzpwPiZuYnNwOzwvbzpwPjwv
cD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiIHN0eWxlPSJtYXJnaW4tbGVmdDouNWluIj5JJ20g
d2lsbGluZyB0byBtb3ZlIHRvIEFCU1RBSU4gaWYgbm8gb25lIGFncmVlcyB3aXRoIG1lIGJ1dCBJ
IHRob3VnaHQgSSB3b3VsZCBjaGVjayB0byBzZWUgaWYgZm9sa3Mgd291bGQgYmUgd2lsbGluZyB0
byB0YWtlIHRoZSB0aW1lIHRvIHNvcnQgb3V0IHRoZXNlIGlzc3Vlcy48bzpwPjwvbzpwPjwvcD4N
CjxwIGNsYXNzPSJNc29QbGFpblRleHQiIHN0eWxlPSJtYXJnaW4tbGVmdDouNWluIj48bzpwPiZu
YnNwOzwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiIHN0eWxlPSJtYXJnaW4tbGVm
dDouNWluIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiIHN0
eWxlPSJtYXJnaW4tbGVmdDouNWluIj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tPG86cD48L286cD48L3A+DQo8cCBj
bGFzcz0iTXNvUGxhaW5UZXh0IiBzdHlsZT0ibWFyZ2luLWxlZnQ6LjVpbiI+Q09NTUVOVDo8bzpw
PjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiIHN0eWxlPSJtYXJnaW4tbGVmdDou
NWluIj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0
IiBzdHlsZT0ibWFyZ2luLWxlZnQ6LjVpbiI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFz
cz0iTXNvUGxhaW5UZXh0IiBzdHlsZT0ibWFyZ2luLWxlZnQ6LjVpbiI+U29tZSBsZXNzZXIgaXNz
dWVzOjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCIgc3R5bGU9Im1hcmdp
bi1sZWZ0Oi41aW4iPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4
dCIgc3R5bGU9Im1hcmdpbi1sZWZ0Oi41aW4iPjUuIFRoZSBjaGFydGVyIG5vdyB0YWxrcyBhYm91
dCBob3cgdGhlIGdyb3VwIG1heSBkZXNjcmliZSB0aGUgdXNlIG9mIGV4aXN0aW5nIGRpc2NvdmVy
eSBhbmQgdHJhbnNwb3J0IG1lY2hhbmlzbXMsIGJ1dCB0aGVyZSBhcmUgbm90IGFzc29jaWF0ZWQg
bWlsZXN0b25lKHMpIGZvciB0aGlzIHdvcmsuIE5vdCBzdXJlIGlmIHRoaXMgaXMgaW50ZW50aW9u
YWwgb3IgYW4NCiBvdmVyc2lnaHQuPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5U
ZXh0Ij48c3BhbiBzdHlsZT0iY29sb3I6YmxhY2siPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwv
cD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIHN0eWxlPSJjb2xvcjpibGFjayI+TXkg
b3BpbmlvbiBpcyB0aGF0IEkgY29uc2lkZXIgaXQgcGFydCBvZiB0aGUgYXJjaGl0ZWN0dXJlLCBi
dXQgbm90IHN1cmUgd2hhdCBvdGhlcnMgdGhpbmcuPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAg
Y2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gc3R5bGU9ImNvbG9yOmJsYWNrIj48bzpwPiZuYnNw
OzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0IiBzdHlsZT0ibWFyZ2lu
LWxlZnQ6LjVpbiI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0
IiBzdHlsZT0ibWFyZ2luLWxlZnQ6LjVpbiI+Ni4gSSBhZ3JlZSB3aXRoIHRoZSBmb2xrcyBvbiB0
aGUgbGlzdCB3aG8gaGF2ZSBzYWlkIHRoYXQgdGhlIGJhY2tncm91bmQgbWF0ZXJpYWwgYWJvdXQg
dGhlIElBQiB3b3Jrc2hvcCBhbmQgUkZDIDQxMDggc2hvdWxkIGVpdGhlciBiZSByZW1vdmVkIChw
cmVmZXJhYmx5KSwgb3Igc2hpZnRlZCBhcm91bmQgdG8gdGhlIGJlZ2lubmluZyBvZiB0aGUgdGV4
dCBhbmQgZWRpdGVkDQogc28gdGhhdCBpdCdzIGNsZWFyIHRoYXQgaXQncyB0aGVyZSBmb3IgYmFj
a2dyb3VuZCBwdXJwb3NlcyBhbmQgbm90IHRvIGNvbnN0cmFpbiB3aGF0IHRoZSBncm91cCBkb2Vz
IGdvaW5nIGZvcndhcmQuPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0IiBz
dHlsZT0ibWFyZ2luLWxlZnQ6LjVpbiI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0i
TXNvUGxhaW5UZXh0Ij5UaGUgY29uc2Vuc3VzIGF0IHRoZSBCb0Ygd2FzLCBmcm9tIG15IHJlY29s
bGVjdGlvbiBhbnl3YXksIGluZGVlZCB0byBkbyBzbyBmb3IgUkZDIDQxMDguJm5ic3A7Jm5ic3A7
IEkgZG9u4oCZdCByZWNhbGwgQm9GIGRpc2N1c3Npb24gYWJvdXQgZG9pbmcgc28gZm9yIHRoZSBJ
QUIgd29ya3Nob3AgdG9vLCBidXQgSSBhbSBvayB3aXRoIHRoYXQgc3VnZ2VzdGlvbi48bzpwPjwv
bzpwPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIHN0eWxlPSJjb2xvcjpibGFj
ayI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+
PHNwYW4gc3R5bGU9ImNvbG9yOmJsYWNrIj5EYXZlPG86cD48L286cD48L3NwYW4+PC9wPg0KPC9k
aXY+DQo8L2JvZHk+DQo8L2h0bWw+DQo=

--_000_CY4PR21MB08568FCF8D9EE00DAD98C0E3A33B0CY4PR21MB0856namp_--


From nobody Wed Nov 29 11:33:44 2017
Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE6C31289B5; Wed, 29 Nov 2017 11:33:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level: 
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9,  DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iZA03y-RBxGK; Wed, 29 Nov 2017 11:33:36 -0800 (PST)
Received: from mail-pl0-x22c.google.com (mail-pl0-x22c.google.com [IPv6:2607:f8b0:400e:c01::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E4FAF126C22; Wed, 29 Nov 2017 11:33:35 -0800 (PST)
Received: by mail-pl0-x22c.google.com with SMTP id bi12so2686152plb.6; Wed, 29 Nov 2017 11:33:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;  h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=pIcZszl4HvXJkaZt2McA5jyBioNKQ+97eIvoRmOf6IY=; b=gU2tqyfZa5v8I8J1y66nM8NuyE3SPA8PoQft6Hc9z/7mFKwAT6vX/ikrrtXKK4WQmG WBEyI/vFhTuO6+nFAyv3yA+GgjPLQOQFqzhXz6WNGNNBS65F3BcLf1ySBeOKdJQPktvh UrqaFbu4tC4qWS8M8edMGk+uhVExDUx5JwVgyGyH5PYkDg8ynXpQ9RjeziEHXzICydSc IVpwNkivttPHkHwyD9kvOnankOsfcNV8iynPvh1DPmMEyWC98K4kYHC59MfMGGfG6PDS 05LvOEm6+Br745sYOp3/3hUIEWaUp+K5OmitrH/t6xgDFVGTGLeoeT2p8E05z/zNa2pK v+HA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=pIcZszl4HvXJkaZt2McA5jyBioNKQ+97eIvoRmOf6IY=; b=pAMsye3mD6pSW7Clfb6IjBzr1FWi7zHL8FszCM83slR6rLh01Cm7SNcZAntdS2QOVC +kzU/+c9DfrmtCBMROEfmqGTD9gELg9Bg3Rl/3EbdliApwlspGeatX1+zaoYd/dhedgF dasFDYud4RWEmlGFPoLGBm5TsAX86Lcu+KItLRJT5aFfrv6a+wNifRdCsIZNfXSX7FXE 8L0TEulOXkeedLeRsjPj2lsK2iGlGeUdSYVRfQ+/dND6rHNy1VQGencLj/4pTQiOhSJ7 WbxTJGhfYhbTyQPCpY3vOP19FnZ4v+uzdsGhm3NO1Kby/yBQ44N61GxjESFxWy75uJfZ AyAA==
X-Gm-Message-State: AJaThX63xMmxq5idoW7/YRa3pn8fN7cHHyl2D1cz4qqmhgUNt1l+EQ6H 80g8nk1k3uL1QEvISFJQpLFdoRliG/M2JoE1nGw=
X-Google-Smtp-Source: AGs4zMZgxHwx9TlgZFSy2K3Zup3ZzoOpKgVgYD2uwSuUsZ9eIGgQ31tMpQ8IlQYDIu8XBO7JoNDTT/dl1bR58zOd8VU=
X-Received: by 10.84.132.35 with SMTP id 32mr3842709ple.225.1511984015352; Wed, 29 Nov 2017 11:33:35 -0800 (PST)
MIME-Version: 1.0
Received: by 10.100.186.208 with HTTP; Wed, 29 Nov 2017 11:32:54 -0800 (PST)
In-Reply-To: <151198331193.7984.4323886922842709646.idtracker@ietfa.amsl.com>
References: <151198331193.7984.4323886922842709646.idtracker@ietfa.amsl.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: Wed, 29 Nov 2017 14:32:54 -0500
Message-ID: <CAHbuEH75kjO9mwPd+c8nk9d3JM_Od4Jb59aXaZLyUT+C4d0KVg@mail.gmail.com>
To: Alissa Cooper <alissa@cooperw.in>
Cc: The IESG <iesg@ietf.org>, suit-chairs@ietf.org, suit@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/RfP3K_Vzb1LIrYdMRF-vxbtF-QE>
Subject: Re: [Suit] Alissa Cooper's Block on charter-ietf-suit-00-08: (with BLOCK and COMMENT)
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Nov 2017 19:33:38 -0000

The chairs wanted to respond to the questions on list, so I will leave
that to them, but need to make an important correction below.

On Wed, Nov 29, 2017 at 2:21 PM, Alissa Cooper <alissa@cooperw.in> wrote:
> Alissa Cooper has entered the following ballot position for
> charter-ietf-suit-00-08: Block
>
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
>
>
>
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/charter-ietf-suit/
>
>
>
> ----------------------------------------------------------------------
> BLOCK:
> ----------------------------------------------------------------------
>
> >From reading the mailing list and doing my own review, there seem to be a bunch
> of open issues with this charter that would benefit from further discussion by
> interested participants before the WG gets chartered. Some of these might just
> be the result of lack of precision in the language used, but I think that is
> actually pretty important for clarity in a WG charter. The issues are:
>
> 1. On the list there seems to be disagreement about the interpretation of this
> text: "A lower number of formats is preferred to reduce code size for
> supporting decoders on devices receiving a manifest and to maximize
> interoperability of solutions." I also find myself confused by this (lower than
> what? is there some upper bound?).
>
> 2. Michael Richardson raised some good question about this text that seem like
> they warrant clarification, or at least a consensus call: "Software update
> solutions that target updating software other than the firmware binaries are
> also out of scope."
>
> 3. The milestones seem to use the term "Manifest format" to refer to something
> that the charter calls "the contents of a mainfest" (I think), in contrast to
> the multiple "formats" discussed in the charter. Given that there has also been
> discussion on the list about format vs. serialization and the absence of a data
> model specification, I think the charter and milestones would benefit from
> being crystal clear about what deliverables the WG is expected to produce and
> should use the same language throughout to name those deliverables.
>
> 4. This charter changed in some pretty important ways in the middle of the
> external review period, but was never re-sent to the new-work mailing list.
> There was also an error in the original announcement sent to new-work that
> could cause confusion (it said this was a re-charter). I asked for it to be
> re-sent but it doesn't look like it was. Since this is an important part of
> external review, I really don't think this step should be skipped.

The charter did NOT change during the external review period.  The
charter was updated to version 7 prior to the start of the external
review, then the external review was requested.  The changes from
version 6 to 7 were a result of consensus calls during the BoF.  The
update to 8 was an attempt to fix a formatting issue, but the result
was no change. The BoF chairs were very clear with the consensus calls
in the room with the exact text being displayed and discussed.

The re-charter was likely because when the page was first created,
someone had put the charter text where charter text goes for an
established WG.

>
> I'm willing to move to ABSTAIN if no one agrees with me but I thought I would
> check to see if folks would be willing to take the time to sort out these
> issues.

The chairs will be responding on list and I said in an earlier email,
I would like to see the outcome before changing anything as I'd like
to follow our normal process and respect the chairs roll in the
process to assess consensus and drive the work forward.

Best regards,
Kathleen

>
>
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
>
> Some lesser issues:
>
> 5. The charter now talks about how the group may describe the use of existing
> discovery and transport mechanisms, but there are not associated milestone(s)
> for this work. Not sure if this is intentional or an oversight.
>
> 6. I agree with the folks on the list who have said that the background
> material about the IAB workshop and RFC 4108 should either be removed
> (preferably), or shifted around to the beginning of the text and edited so that
> it's clear that it's there for background purposes and not to constrain what
> the group does going forward.
>
>



-- 

Best regards,
Kathleen


From nobody Wed Nov 29 12:17:49 2017
Return-Path: <alissa@cooperw.in>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 16D351241F3; Wed, 29 Nov 2017 12:17:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.72
X-Spam-Level: 
X-Spam-Status: No, score=-2.72 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cooperw.in header.b=oy5Y+CGm; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=pDNJ7JB+
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cjdmZbcnlIsY; Wed, 29 Nov 2017 12:17:31 -0800 (PST)
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D5C631293E3; Wed, 29 Nov 2017 12:17:12 -0800 (PST)
Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id 1586A205A1; Wed, 29 Nov 2017 15:17:12 -0500 (EST)
Received: from frontend1 ([10.202.2.160]) by compute7.internal (MEProxy); Wed, 29 Nov 2017 15:17:12 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cooperw.in; h=cc :content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=kVZHEEb9yCJKb4MlxaSzhIkz5XllQ5QkbGn1x6Op1xs=; b=oy5Y+CGm F2leGhbTJzHJnfxUyboPzwh5pWI4Wugg8gI5u5aYToyqbeLLNKuDanOYS+Z04dJr oJqI/7mdBn0aHByD9MxbCUhzW5zJ1io0xn1DA/e+nrRba5ziUWoj0nQeksKzx5bt XefRZm8YoeWpkLGNQwojop+ii62t1B9dffCdIqVXh4xoVsRKb8Lf1x3JYi9EFDmz t61NP+3B1sjTAIPw82xYN2KUy6D1e6QnzMn6A52WBWAErJA2wRL0JHYEd2rDUMQ2 sh+NXKH+rHYr4mx+BMbjpe6NAnba4WwvHjcDIR8Wc6HO2ieXluZ6zMwXmR92pD9W 76vBg9EXHNsdKA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; bh=kVZHEEb9yCJKb4MlxaSzhIkz5XllQ 5QkbGn1x6Op1xs=; b=pDNJ7JB+eiUTzdgtlycTpWCfmLcZGJ7DLvzlYGEGfMRp+ Hil5eYTSwfcjv3jdXagtVPwFfxhTo/99QFu+ejmXgrUvK5y6jDRoUcfQliLpA7On 9tbZ5FD5sTALDS0mFQENxxhVTOG99CKER6sfSzbAeuyxnjTKzXzsBG1MEccYIafp 7sQnraeRTJLxoselNPB6ePJhZqHUwtnhDSU+QmiuZO+xltknbyOY1Q08xSLi61M2 06I/0mwEnx+0tvaT1SxtCZdbaeQ9rs7jY3N8GM6wQtijiJRCAjo8x+DG4KgqX24s LJoCSyWsjT2mllf3eyhs5l9X9cbihM/Izg0e3Jtww==
X-ME-Sender: <xms:yBUfWmDxIR0IppBzAtk_2VHbBuwEaQsaI6VxaYyI3tz9xKHKzIxvIQ>
Received: from sjc-alcoop-8816.cisco.com (unknown [128.107.241.191]) by mail.messagingengine.com (Postfix) with ESMTPA id 97EBF7E6B8; Wed, 29 Nov 2017 15:17:10 -0500 (EST)
Content-Type: multipart/alternative; boundary="Apple-Mail=_7E9A0B2D-4B56-4D8A-81E9-693037E7A43C"
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Alissa Cooper <alissa@cooperw.in>
In-Reply-To: <CAHbuEH75kjO9mwPd+c8nk9d3JM_Od4Jb59aXaZLyUT+C4d0KVg@mail.gmail.com>
Date: Wed, 29 Nov 2017 15:17:08 -0500
Cc: IESG <iesg@ietf.org>, suit-chairs@ietf.org, suit@ietf.org
Message-Id: <2063B475-1451-42F2-A627-B34A574B6A78@cooperw.in>
References: <151198331193.7984.4323886922842709646.idtracker@ietfa.amsl.com> <CAHbuEH75kjO9mwPd+c8nk9d3JM_Od4Jb59aXaZLyUT+C4d0KVg@mail.gmail.com>
To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/Va2f3IVG1R6YO9V9_s3InICYtyc>
Subject: Re: [Suit] Alissa Cooper's Block on charter-ietf-suit-00-08: (with BLOCK and COMMENT)
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Nov 2017 20:17:38 -0000

--Apple-Mail=_7E9A0B2D-4B56-4D8A-81E9-693037E7A43C
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii


> On Nov 29, 2017, at 2:32 PM, Kathleen Moriarty =
<kathleen.moriarty.ietf@gmail.com> wrote:
>>=20
>> 4. This charter changed in some pretty important ways in the middle =
of the
>> external review period, but was never re-sent to the new-work mailing =
list.
>> There was also an error in the original announcement sent to new-work =
that
>> could cause confusion (it said this was a re-charter). I asked for it =
to be
>> re-sent but it doesn't look like it was. Since this is an important =
part of
>> external review, I really don't think this step should be skipped.
>=20
> The charter did NOT change during the external review period. =20

In the datatracker I see that the external review period began 11/3/17 =
with the -04 version of the charter and the message to new-work went out =
that day. https://datatracker.ietf.org/doc/charter-ietf-suit/history/ =
<https://datatracker.ietf.org/doc/charter-ietf-suit/history/>

Perhaps folks disagree about whether the changes are material, but the =
charter certainly changed from -04 to -07/-08.

Alissa

> The
> charter was updated to version 7 prior to the start of the external
> review, then the external review was requested.  The changes from
> version 6 to 7 were a result of consensus calls during the BoF.  The
> update to 8 was an attempt to fix a formatting issue, but the result
> was no change. The BoF chairs were very clear with the consensus calls
> in the room with the exact text being displayed and discussed.
>=20
> The re-charter was likely because when the page was first created,
> someone had put the charter text where charter text goes for an
> established WG.
>=20
>>=20
>> I'm willing to move to ABSTAIN if no one agrees with me but I thought =
I would
>> check to see if folks would be willing to take the time to sort out =
these
>> issues.
>=20
> The chairs will be responding on list and I said in an earlier email,
> I would like to see the outcome before changing anything as I'd like
> to follow our normal process and respect the chairs roll in the
> process to assess consensus and drive the work forward.
>=20
> Best regards,
> Kathleen
>=20
>>=20
>>=20
>> =
----------------------------------------------------------------------
>> COMMENT:
>> =
----------------------------------------------------------------------
>>=20
>> Some lesser issues:
>>=20
>> 5. The charter now talks about how the group may describe the use of =
existing
>> discovery and transport mechanisms, but there are not associated =
milestone(s)
>> for this work. Not sure if this is intentional or an oversight.
>>=20
>> 6. I agree with the folks on the list who have said that the =
background
>> material about the IAB workshop and RFC 4108 should either be removed
>> (preferably), or shifted around to the beginning of the text and =
edited so that
>> it's clear that it's there for background purposes and not to =
constrain what
>> the group does going forward.
>>=20
>>=20
>=20
>=20
>=20
> --=20
>=20
> Best regards,
> Kathleen


--Apple-Mail=_7E9A0B2D-4B56-4D8A-81E9-693037E7A43C
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=us-ascii

<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html =
charset=3Dus-ascii"></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" =
class=3D""><br class=3D""><div><blockquote type=3D"cite" class=3D""><div =
class=3D"">On Nov 29, 2017, at 2:32 PM, Kathleen Moriarty &lt;<a =
href=3D"mailto:kathleen.moriarty.ietf@gmail.com" =
class=3D"">kathleen.moriarty.ietf@gmail.com</a>&gt; wrote:</div><div =
class=3D""><blockquote type=3D"cite" style=3D"font-family: Helvetica; =
font-size: 12px; font-style: normal; font-variant-caps: normal; =
font-weight: normal; letter-spacing: normal; orphans: auto; text-align: =
start; text-indent: 0px; text-transform: none; white-space: normal; =
widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" =
class=3D""><br class=3D"">4. This charter changed in some pretty =
important ways in the middle of the<br class=3D"">external review =
period, but was never re-sent to the new-work mailing list.<br =
class=3D"">There was also an error in the original announcement sent to =
new-work that<br class=3D"">could cause confusion (it said this was a =
re-charter). I asked for it to be<br class=3D"">re-sent but it doesn't =
look like it was. Since this is an important part of<br =
class=3D"">external review, I really don't think this step should be =
skipped.<br class=3D""></blockquote><br style=3D"font-family: Helvetica; =
font-size: 12px; font-style: normal; font-variant-caps: normal; =
font-weight: normal; letter-spacing: normal; orphans: auto; text-align: =
start; text-indent: 0px; text-transform: none; white-space: normal; =
widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" =
class=3D""><span style=3D"font-family: Helvetica; font-size: 12px; =
font-style: normal; font-variant-caps: normal; font-weight: normal; =
letter-spacing: normal; orphans: auto; text-align: start; text-indent: =
0px; text-transform: none; white-space: normal; widows: auto; =
word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: =
inline !important;" class=3D"">The charter did NOT change during the =
external review period. &nbsp;</span></div></blockquote><div><br =
class=3D""></div><div>In the datatracker I see that the external review =
period began 11/3/17 with the -04 version of the charter and the message =
to new-work went out that day.&nbsp;<a =
href=3D"https://datatracker.ietf.org/doc/charter-ietf-suit/history/" =
class=3D"">https://datatracker.ietf.org/doc/charter-ietf-suit/history/</a>=
</div><div><br class=3D""></div><div>Perhaps folks disagree about =
whether the changes are material, but the charter certainly changed from =
-04 to -07/-08.</div><div><br class=3D""></div><div>Alissa</div><br =
class=3D""><blockquote type=3D"cite" class=3D""><div class=3D""><span =
style=3D"font-family: Helvetica; font-size: 12px; font-style: normal; =
font-variant-caps: normal; font-weight: normal; letter-spacing: normal; =
orphans: auto; text-align: start; text-indent: 0px; text-transform: =
none; white-space: normal; widows: auto; word-spacing: 0px; =
-webkit-text-stroke-width: 0px; float: none; display: inline =
!important;" class=3D"">The</span><br style=3D"font-family: Helvetica; =
font-size: 12px; font-style: normal; font-variant-caps: normal; =
font-weight: normal; letter-spacing: normal; orphans: auto; text-align: =
start; text-indent: 0px; text-transform: none; white-space: normal; =
widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" =
class=3D""><span style=3D"font-family: Helvetica; font-size: 12px; =
font-style: normal; font-variant-caps: normal; font-weight: normal; =
letter-spacing: normal; orphans: auto; text-align: start; text-indent: =
0px; text-transform: none; white-space: normal; widows: auto; =
word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: =
inline !important;" class=3D"">charter was updated to version 7 prior to =
the start of the external</span><br style=3D"font-family: Helvetica; =
font-size: 12px; font-style: normal; font-variant-caps: normal; =
font-weight: normal; letter-spacing: normal; orphans: auto; text-align: =
start; text-indent: 0px; text-transform: none; white-space: normal; =
widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" =
class=3D""><span style=3D"font-family: Helvetica; font-size: 12px; =
font-style: normal; font-variant-caps: normal; font-weight: normal; =
letter-spacing: normal; orphans: auto; text-align: start; text-indent: =
0px; text-transform: none; white-space: normal; widows: auto; =
word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: =
inline !important;" class=3D"">review, then the external review was =
requested. &nbsp;The changes from</span><br style=3D"font-family: =
Helvetica; font-size: 12px; font-style: normal; font-variant-caps: =
normal; font-weight: normal; letter-spacing: normal; orphans: auto; =
text-align: start; text-indent: 0px; text-transform: none; white-space: =
normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: =
0px;" class=3D""><span style=3D"font-family: Helvetica; font-size: 12px; =
font-style: normal; font-variant-caps: normal; font-weight: normal; =
letter-spacing: normal; orphans: auto; text-align: start; text-indent: =
0px; text-transform: none; white-space: normal; widows: auto; =
word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: =
inline !important;" class=3D"">version 6 to 7 were a result of consensus =
calls during the BoF. &nbsp;The</span><br style=3D"font-family: =
Helvetica; font-size: 12px; font-style: normal; font-variant-caps: =
normal; font-weight: normal; letter-spacing: normal; orphans: auto; =
text-align: start; text-indent: 0px; text-transform: none; white-space: =
normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: =
0px;" class=3D""><span style=3D"font-family: Helvetica; font-size: 12px; =
font-style: normal; font-variant-caps: normal; font-weight: normal; =
letter-spacing: normal; orphans: auto; text-align: start; text-indent: =
0px; text-transform: none; white-space: normal; widows: auto; =
word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: =
inline !important;" class=3D"">update to 8 was an attempt to fix a =
formatting issue, but the result</span><br style=3D"font-family: =
Helvetica; font-size: 12px; font-style: normal; font-variant-caps: =
normal; font-weight: normal; letter-spacing: normal; orphans: auto; =
text-align: start; text-indent: 0px; text-transform: none; white-space: =
normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: =
0px;" class=3D""><span style=3D"font-family: Helvetica; font-size: 12px; =
font-style: normal; font-variant-caps: normal; font-weight: normal; =
letter-spacing: normal; orphans: auto; text-align: start; text-indent: =
0px; text-transform: none; white-space: normal; widows: auto; =
word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: =
inline !important;" class=3D"">was no change. The BoF chairs were very =
clear with the consensus calls</span><br style=3D"font-family: =
Helvetica; font-size: 12px; font-style: normal; font-variant-caps: =
normal; font-weight: normal; letter-spacing: normal; orphans: auto; =
text-align: start; text-indent: 0px; text-transform: none; white-space: =
normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: =
0px;" class=3D""><span style=3D"font-family: Helvetica; font-size: 12px; =
font-style: normal; font-variant-caps: normal; font-weight: normal; =
letter-spacing: normal; orphans: auto; text-align: start; text-indent: =
0px; text-transform: none; white-space: normal; widows: auto; =
word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: =
inline !important;" class=3D"">in the room with the exact text being =
displayed and discussed.</span><br style=3D"font-family: Helvetica; =
font-size: 12px; font-style: normal; font-variant-caps: normal; =
font-weight: normal; letter-spacing: normal; orphans: auto; text-align: =
start; text-indent: 0px; text-transform: none; white-space: normal; =
widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" =
class=3D""><br style=3D"font-family: Helvetica; font-size: 12px; =
font-style: normal; font-variant-caps: normal; font-weight: normal; =
letter-spacing: normal; orphans: auto; text-align: start; text-indent: =
0px; text-transform: none; white-space: normal; widows: auto; =
word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=3D""><span =
style=3D"font-family: Helvetica; font-size: 12px; font-style: normal; =
font-variant-caps: normal; font-weight: normal; letter-spacing: normal; =
orphans: auto; text-align: start; text-indent: 0px; text-transform: =
none; white-space: normal; widows: auto; word-spacing: 0px; =
-webkit-text-stroke-width: 0px; float: none; display: inline =
!important;" class=3D"">The re-charter was likely because when the page =
was first created,</span><br style=3D"font-family: Helvetica; font-size: =
12px; font-style: normal; font-variant-caps: normal; font-weight: =
normal; letter-spacing: normal; orphans: auto; text-align: start; =
text-indent: 0px; text-transform: none; white-space: normal; widows: =
auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=3D""><span=
 style=3D"font-family: Helvetica; font-size: 12px; font-style: normal; =
font-variant-caps: normal; font-weight: normal; letter-spacing: normal; =
orphans: auto; text-align: start; text-indent: 0px; text-transform: =
none; white-space: normal; widows: auto; word-spacing: 0px; =
-webkit-text-stroke-width: 0px; float: none; display: inline =
!important;" class=3D"">someone had put the charter text where charter =
text goes for an</span><br style=3D"font-family: Helvetica; font-size: =
12px; font-style: normal; font-variant-caps: normal; font-weight: =
normal; letter-spacing: normal; orphans: auto; text-align: start; =
text-indent: 0px; text-transform: none; white-space: normal; widows: =
auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=3D""><span=
 style=3D"font-family: Helvetica; font-size: 12px; font-style: normal; =
font-variant-caps: normal; font-weight: normal; letter-spacing: normal; =
orphans: auto; text-align: start; text-indent: 0px; text-transform: =
none; white-space: normal; widows: auto; word-spacing: 0px; =
-webkit-text-stroke-width: 0px; float: none; display: inline =
!important;" class=3D"">established WG.</span><br style=3D"font-family: =
Helvetica; font-size: 12px; font-style: normal; font-variant-caps: =
normal; font-weight: normal; letter-spacing: normal; orphans: auto; =
text-align: start; text-indent: 0px; text-transform: none; white-space: =
normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: =
0px;" class=3D""><br style=3D"font-family: Helvetica; font-size: 12px; =
font-style: normal; font-variant-caps: normal; font-weight: normal; =
letter-spacing: normal; orphans: auto; text-align: start; text-indent: =
0px; text-transform: none; white-space: normal; widows: auto; =
word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=3D""><blockquote=
 type=3D"cite" style=3D"font-family: Helvetica; font-size: 12px; =
font-style: normal; font-variant-caps: normal; font-weight: normal; =
letter-spacing: normal; orphans: auto; text-align: start; text-indent: =
0px; text-transform: none; white-space: normal; widows: auto; =
word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=3D""><br =
class=3D"">I'm willing to move to ABSTAIN if no one agrees with me but I =
thought I would<br class=3D"">check to see if folks would be willing to =
take the time to sort out these<br class=3D"">issues.<br =
class=3D""></blockquote><br style=3D"font-family: Helvetica; font-size: =
12px; font-style: normal; font-variant-caps: normal; font-weight: =
normal; letter-spacing: normal; orphans: auto; text-align: start; =
text-indent: 0px; text-transform: none; white-space: normal; widows: =
auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=3D""><span=
 style=3D"font-family: Helvetica; font-size: 12px; font-style: normal; =
font-variant-caps: normal; font-weight: normal; letter-spacing: normal; =
orphans: auto; text-align: start; text-indent: 0px; text-transform: =
none; white-space: normal; widows: auto; word-spacing: 0px; =
-webkit-text-stroke-width: 0px; float: none; display: inline =
!important;" class=3D"">The chairs will be responding on list and I said =
in an earlier email,</span><br style=3D"font-family: Helvetica; =
font-size: 12px; font-style: normal; font-variant-caps: normal; =
font-weight: normal; letter-spacing: normal; orphans: auto; text-align: =
start; text-indent: 0px; text-transform: none; white-space: normal; =
widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" =
class=3D""><span style=3D"font-family: Helvetica; font-size: 12px; =
font-style: normal; font-variant-caps: normal; font-weight: normal; =
letter-spacing: normal; orphans: auto; text-align: start; text-indent: =
0px; text-transform: none; white-space: normal; widows: auto; =
word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: =
inline !important;" class=3D"">I would like to see the outcome before =
changing anything as I'd like</span><br style=3D"font-family: Helvetica; =
font-size: 12px; font-style: normal; font-variant-caps: normal; =
font-weight: normal; letter-spacing: normal; orphans: auto; text-align: =
start; text-indent: 0px; text-transform: none; white-space: normal; =
widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" =
class=3D""><span style=3D"font-family: Helvetica; font-size: 12px; =
font-style: normal; font-variant-caps: normal; font-weight: normal; =
letter-spacing: normal; orphans: auto; text-align: start; text-indent: =
0px; text-transform: none; white-space: normal; widows: auto; =
word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: =
inline !important;" class=3D"">to follow our normal process and respect =
the chairs roll in the</span><br style=3D"font-family: Helvetica; =
font-size: 12px; font-style: normal; font-variant-caps: normal; =
font-weight: normal; letter-spacing: normal; orphans: auto; text-align: =
start; text-indent: 0px; text-transform: none; white-space: normal; =
widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" =
class=3D""><span style=3D"font-family: Helvetica; font-size: 12px; =
font-style: normal; font-variant-caps: normal; font-weight: normal; =
letter-spacing: normal; orphans: auto; text-align: start; text-indent: =
0px; text-transform: none; white-space: normal; widows: auto; =
word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: =
inline !important;" class=3D"">process to assess consensus and drive the =
work forward.</span><br style=3D"font-family: Helvetica; font-size: =
12px; font-style: normal; font-variant-caps: normal; font-weight: =
normal; letter-spacing: normal; orphans: auto; text-align: start; =
text-indent: 0px; text-transform: none; white-space: normal; widows: =
auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=3D""><br =
style=3D"font-family: Helvetica; font-size: 12px; font-style: normal; =
font-variant-caps: normal; font-weight: normal; letter-spacing: normal; =
orphans: auto; text-align: start; text-indent: 0px; text-transform: =
none; white-space: normal; widows: auto; word-spacing: 0px; =
-webkit-text-stroke-width: 0px;" class=3D""><span style=3D"font-family: =
Helvetica; font-size: 12px; font-style: normal; font-variant-caps: =
normal; font-weight: normal; letter-spacing: normal; orphans: auto; =
text-align: start; text-indent: 0px; text-transform: none; white-space: =
normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; =
float: none; display: inline !important;" class=3D"">Best =
regards,</span><br style=3D"font-family: Helvetica; font-size: 12px; =
font-style: normal; font-variant-caps: normal; font-weight: normal; =
letter-spacing: normal; orphans: auto; text-align: start; text-indent: =
0px; text-transform: none; white-space: normal; widows: auto; =
word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=3D""><span =
style=3D"font-family: Helvetica; font-size: 12px; font-style: normal; =
font-variant-caps: normal; font-weight: normal; letter-spacing: normal; =
orphans: auto; text-align: start; text-indent: 0px; text-transform: =
none; white-space: normal; widows: auto; word-spacing: 0px; =
-webkit-text-stroke-width: 0px; float: none; display: inline =
!important;" class=3D"">Kathleen</span><br style=3D"font-family: =
Helvetica; font-size: 12px; font-style: normal; font-variant-caps: =
normal; font-weight: normal; letter-spacing: normal; orphans: auto; =
text-align: start; text-indent: 0px; text-transform: none; white-space: =
normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: =
0px;" class=3D""><br style=3D"font-family: Helvetica; font-size: 12px; =
font-style: normal; font-variant-caps: normal; font-weight: normal; =
letter-spacing: normal; orphans: auto; text-align: start; text-indent: =
0px; text-transform: none; white-space: normal; widows: auto; =
word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=3D""><blockquote=
 type=3D"cite" style=3D"font-family: Helvetica; font-size: 12px; =
font-style: normal; font-variant-caps: normal; font-weight: normal; =
letter-spacing: normal; orphans: auto; text-align: start; text-indent: =
0px; text-transform: none; white-space: normal; widows: auto; =
word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=3D""><br =
class=3D""><br =
class=3D"">---------------------------------------------------------------=
-------<br class=3D"">COMMENT:<br =
class=3D"">---------------------------------------------------------------=
-------<br class=3D""><br class=3D"">Some lesser issues:<br class=3D""><br=
 class=3D"">5. The charter now talks about how the group may describe =
the use of existing<br class=3D"">discovery and transport mechanisms, =
but there are not associated milestone(s)<br class=3D"">for this work. =
Not sure if this is intentional or an oversight.<br class=3D""><br =
class=3D"">6. I agree with the folks on the list who have said that the =
background<br class=3D"">material about the IAB workshop and RFC 4108 =
should either be removed<br class=3D"">(preferably), or shifted around =
to the beginning of the text and edited so that<br class=3D"">it's clear =
that it's there for background purposes and not to constrain what<br =
class=3D"">the group does going forward.<br class=3D""><br class=3D""><br =
class=3D""></blockquote><br style=3D"font-family: Helvetica; font-size: =
12px; font-style: normal; font-variant-caps: normal; font-weight: =
normal; letter-spacing: normal; orphans: auto; text-align: start; =
text-indent: 0px; text-transform: none; white-space: normal; widows: =
auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=3D""><br =
style=3D"font-family: Helvetica; font-size: 12px; font-style: normal; =
font-variant-caps: normal; font-weight: normal; letter-spacing: normal; =
orphans: auto; text-align: start; text-indent: 0px; text-transform: =
none; white-space: normal; widows: auto; word-spacing: 0px; =
-webkit-text-stroke-width: 0px;" class=3D""><br style=3D"font-family: =
Helvetica; font-size: 12px; font-style: normal; font-variant-caps: =
normal; font-weight: normal; letter-spacing: normal; orphans: auto; =
text-align: start; text-indent: 0px; text-transform: none; white-space: =
normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: =
0px;" class=3D""><span style=3D"font-family: Helvetica; font-size: 12px; =
font-style: normal; font-variant-caps: normal; font-weight: normal; =
letter-spacing: normal; orphans: auto; text-align: start; text-indent: =
0px; text-transform: none; white-space: normal; widows: auto; =
word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: =
inline !important;" class=3D"">--<span =
class=3D"Apple-converted-space">&nbsp;</span></span><br =
style=3D"font-family: Helvetica; font-size: 12px; font-style: normal; =
font-variant-caps: normal; font-weight: normal; letter-spacing: normal; =
orphans: auto; text-align: start; text-indent: 0px; text-transform: =
none; white-space: normal; widows: auto; word-spacing: 0px; =
-webkit-text-stroke-width: 0px;" class=3D""><br style=3D"font-family: =
Helvetica; font-size: 12px; font-style: normal; font-variant-caps: =
normal; font-weight: normal; letter-spacing: normal; orphans: auto; =
text-align: start; text-indent: 0px; text-transform: none; white-space: =
normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: =
0px;" class=3D""><span style=3D"font-family: Helvetica; font-size: 12px; =
font-style: normal; font-variant-caps: normal; font-weight: normal; =
letter-spacing: normal; orphans: auto; text-align: start; text-indent: =
0px; text-transform: none; white-space: normal; widows: auto; =
word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: =
inline !important;" class=3D"">Best regards,</span><br =
style=3D"font-family: Helvetica; font-size: 12px; font-style: normal; =
font-variant-caps: normal; font-weight: normal; letter-spacing: normal; =
orphans: auto; text-align: start; text-indent: 0px; text-transform: =
none; white-space: normal; widows: auto; word-spacing: 0px; =
-webkit-text-stroke-width: 0px;" class=3D""><span style=3D"font-family: =
Helvetica; font-size: 12px; font-style: normal; font-variant-caps: =
normal; font-weight: normal; letter-spacing: normal; orphans: auto; =
text-align: start; text-indent: 0px; text-transform: none; white-space: =
normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; =
float: none; display: inline !important;" =
class=3D"">Kathleen</span></div></blockquote></div><br =
class=3D""></body></html>=

--Apple-Mail=_7E9A0B2D-4B56-4D8A-81E9-693037E7A43C--


From nobody Wed Nov 29 12:28:13 2017
Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 891FD1241F3; Wed, 29 Nov 2017 12:28:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level: 
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9,  DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T9hTLTCOw6i3; Wed, 29 Nov 2017 12:28:04 -0800 (PST)
Received: from mail-pl0-x231.google.com (mail-pl0-x231.google.com [IPv6:2607:f8b0:400e:c01::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 487451270A3; Wed, 29 Nov 2017 12:28:04 -0800 (PST)
Received: by mail-pl0-x231.google.com with SMTP id bd8so2777731plb.9; Wed, 29 Nov 2017 12:28:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;  h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=zF92Gzj+SEynKocrKPlhHFVn/E8QCYcek5hh1hMy3Jg=; b=D2ZqV48c5AOOLZ9eV0cFnYPFwuUjWHHlZnKzfdfSHqGlSGbAEI3DxCZZdk4qtgqJWf N+UWEpS5duxDSiHFTATqVaY9IU1FMkTj+2grLvrXLVD4LjzD/j7HKzKgaa/xkDXdaxT6 LgghSuwQO8f0nBKuCdopJpRiMRR+gK6RAbi0V8I5fMLfDj4M7sdFKbY+HtYzlyXcp+FS BpoxKIp9NSvLZzYuDu68cwma8R9WSHz/9lHGujO/CIVB6iWWPfLFvnQV+fQNQC2Zwy+O YhgDQAAa+E94KBsUy0KkNrN1TetXaSmeoqvJCQrmiwSB4gJ0GnWLI+9nIx80aPNKGqWd udvg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=zF92Gzj+SEynKocrKPlhHFVn/E8QCYcek5hh1hMy3Jg=; b=gj35wmvbnkTFDsQolGPW+fBavTMKalAg6WtbaNMOImDTqrfGlpAvHr3A2sjUVj0oQ/ m3Wkaoo3jl9DWiRR5L9B8nhHxvJWKHE3KKf18/+mI6poF3hWNEP6Ou9CzSYpDXrvv2d7 9UmWXEmHqvAmMPw2dpVNdLERXjDLawApL2IWOJ6quD50D0TcURShrkNFeabUtz0fKQOZ TERdDOx71yW75quwYSklGKJ4r01n7/0D9KkisjChJ0O3QAwDmCkMnOnIDIjVFWBxvVEx fhwhzpjXGdzJbvG/4BwBBkJjOO5Ynz4U2XIu0MU2vTlXvtRVfPizK5R+YMJ4B0mnFdH1 8xzg==
X-Gm-Message-State: AJaThX7fL8KKc7beo2GaM4LIUGi2Hwdx8VEFC/I4Ri5YQULv+/TESvS6 6A9JSHH4NyH72IjV5E0urxeFAqODeCJHzwR/yW0=
X-Google-Smtp-Source: AGs4zMbgu4Vi1GEkt2cCffhRj9aGccK5QqKrFpzO+CPexEbkbzhkVOxDmbnlyA8gF3aEN+5X/pQxAX0dsp1f1wDVy/c=
X-Received: by 10.84.172.195 with SMTP id n61mr126155plb.78.1511987283629; Wed, 29 Nov 2017 12:28:03 -0800 (PST)
MIME-Version: 1.0
Received: by 10.100.186.208 with HTTP; Wed, 29 Nov 2017 12:27:23 -0800 (PST)
In-Reply-To: <2063B475-1451-42F2-A627-B34A574B6A78@cooperw.in>
References: <151198331193.7984.4323886922842709646.idtracker@ietfa.amsl.com> <CAHbuEH75kjO9mwPd+c8nk9d3JM_Od4Jb59aXaZLyUT+C4d0KVg@mail.gmail.com> <2063B475-1451-42F2-A627-B34A574B6A78@cooperw.in>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: Wed, 29 Nov 2017 15:27:23 -0500
Message-ID: <CAHbuEH6OrsFn16VrD_bxnbkJ897Gd2shSEVCXehwEfWtEGKsqw@mail.gmail.com>
To: Alissa Cooper <alissa@cooperw.in>
Cc: IESG <iesg@ietf.org>, suit-chairs@ietf.org, suit@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/HyveJBrV-cQ4JiC4uGnAuPLWQXY>
Subject: Re: [Suit] Alissa Cooper's Block on charter-ietf-suit-00-08: (with BLOCK and COMMENT)
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Nov 2017 20:28:06 -0000

On Wed, Nov 29, 2017 at 3:17 PM, Alissa Cooper <alissa@cooperw.in> wrote:
>
> On Nov 29, 2017, at 2:32 PM, Kathleen Moriarty
> <kathleen.moriarty.ietf@gmail.com> wrote:
>
>
> 4. This charter changed in some pretty important ways in the middle of the
> external review period, but was never re-sent to the new-work mailing list.
> There was also an error in the original announcement sent to new-work that
> could cause confusion (it said this was a re-charter). I asked for it to be
> re-sent but it doesn't look like it was. Since this is an important part of
> external review, I really don't think this step should be skipped.
>
>
> The charter did NOT change during the external review period.
>
>
> In the datatracker I see that the external review period began 11/3/17 with
> the -04 version of the charter and the message to new-work went out that
> day. https://datatracker.ietf.org/doc/charter-ietf-suit/history/

Right, I forgot, however, the external review was set for an extended
period of time with the understanding that it could change from the
BoF, leaving 2 additional weeks for discussion after the changes were
made.

>
> Perhaps folks disagree about whether the changes are material, but the
> charter certainly changed from -04 to -07/-08.

The updates reflect consensus decisions of the BoF.  I was careful to
make sure they were posted 2 weeks prior to this telechat.

Regards,
Kathleen

>
> Alissa
>
> The
> charter was updated to version 7 prior to the start of the external
> review, then the external review was requested.  The changes from
> version 6 to 7 were a result of consensus calls during the BoF.  The
> update to 8 was an attempt to fix a formatting issue, but the result
> was no change. The BoF chairs were very clear with the consensus calls
> in the room with the exact text being displayed and discussed.
>
> The re-charter was likely because when the page was first created,
> someone had put the charter text where charter text goes for an
> established WG.
>
>
> I'm willing to move to ABSTAIN if no one agrees with me but I thought I
> would
> check to see if folks would be willing to take the time to sort out these
> issues.
>
>
> The chairs will be responding on list and I said in an earlier email,
> I would like to see the outcome before changing anything as I'd like
> to follow our normal process and respect the chairs roll in the
> process to assess consensus and drive the work forward.
>
> Best regards,
> Kathleen
>
>
>
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
>
> Some lesser issues:
>
> 5. The charter now talks about how the group may describe the use of
> existing
> discovery and transport mechanisms, but there are not associated
> milestone(s)
> for this work. Not sure if this is intentional or an oversight.
>
> 6. I agree with the folks on the list who have said that the background
> material about the IAB workshop and RFC 4108 should either be removed
> (preferably), or shifted around to the beginning of the text and edited so
> that
> it's clear that it's there for background purposes and not to constrain what
> the group does going forward.
>
>
>
>
>
> --
>
> Best regards,
> Kathleen
>
>



-- 

Best regards,
Kathleen


From nobody Wed Nov 29 12:34:36 2017
Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 76DE01270A3; Wed, 29 Nov 2017 12:34:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level: 
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9,  DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kr28D_TDwKfn; Wed, 29 Nov 2017 12:34:33 -0800 (PST)
Received: from mail-pg0-x233.google.com (mail-pg0-x233.google.com [IPv6:2607:f8b0:400e:c05::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 593FE1200CF; Wed, 29 Nov 2017 12:34:33 -0800 (PST)
Received: by mail-pg0-x233.google.com with SMTP id y6so2009406pgp.4; Wed, 29 Nov 2017 12:34:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;  h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=CA1R0enJ0n3xjnrDZZbaou49RjQOy6r7Y7ECTsX8GUY=; b=fZXzVs/4pjfqdq1kKoq/qF8zkslZXwca5ZBo0m+N4UzvlL8rD7F8qCbYnp7aHIVeLz KYivvbSHx3CWOnDucwMmpNT9gJepzH8zqPtAio9fZQM68gSolZFtmhw+DJ07L/VVoo5f 1KErykQGrprdQLmKeKJe9gxhreCQNg7qo6QnnNLqzulO+hHaiQbMZqjVVWP73Z55ksen ZnLvzjaK6oRyWvc1XitetiB/Il9foaO89osFhYrYid4pQ4C5XjMG5UalSYiOdiIH+mHk Kyyc9XPKL0pIX8zlYlPXtYjl/1o/O/OaRIRkU4FPQU9z3jN0h276HoCu7lRXzgLku70v QgPA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=CA1R0enJ0n3xjnrDZZbaou49RjQOy6r7Y7ECTsX8GUY=; b=kWGSPzDF1jmG6jSVQ8DXoMSxQY0J5I2Ma7nrWfcgtnCJ5QfvbH0YNfu3eR+3uglTF0 UYXOkrn8f+qDfmg2QLrYhkGhRt6SdMpRzrKHEj7slfUNpNbZkvWUqVGxSVDsBa08CdrI flggjxzGbMKIEOqSYczSSagtCO+w8QDjZcc0EfGtwFCf+PovoRfXCdWkd0ndFCvq8KoP t18sM6sqcOv0ATZX6rp2wzgAzNgZcUBZQMJ3XxjivmB+QJT/oFh0YhTROZjz1Hcy5gTZ te+x+teIEtAa/7Nch+cdb15iKpXzY4aRwkQOLLNOj7MdSVxYiW/hnNrl4uBq/ViT4/CJ rsfw==
X-Gm-Message-State: AJaThX6GykDk8fpBSh1Y2uU8GlDbmwG+MhaJQe/gCgy/9zh6vXL75e1m PvgHAk/wbLaVre0cW1XN/LKwVwEwV2nBQAqNJPw=
X-Google-Smtp-Source: AGs4zMbXItoski3kUYNQQ0j5ty36kAo9Bb1PA3invoIQ0MsrbKjKh8JxvBGp4Zla/yJ+et0s4cgeks9l4PaJlTe3lbI=
X-Received: by 10.99.50.69 with SMTP id y66mr114986pgy.217.1511987672808; Wed, 29 Nov 2017 12:34:32 -0800 (PST)
MIME-Version: 1.0
Received: by 10.100.186.208 with HTTP; Wed, 29 Nov 2017 12:33:52 -0800 (PST)
In-Reply-To: <CAHbuEH6OrsFn16VrD_bxnbkJ897Gd2shSEVCXehwEfWtEGKsqw@mail.gmail.com>
References: <151198331193.7984.4323886922842709646.idtracker@ietfa.amsl.com> <CAHbuEH75kjO9mwPd+c8nk9d3JM_Od4Jb59aXaZLyUT+C4d0KVg@mail.gmail.com> <2063B475-1451-42F2-A627-B34A574B6A78@cooperw.in> <CAHbuEH6OrsFn16VrD_bxnbkJ897Gd2shSEVCXehwEfWtEGKsqw@mail.gmail.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: Wed, 29 Nov 2017 15:33:52 -0500
Message-ID: <CAHbuEH7==dVRh=h18Hic3z_sFS6KG2LKCc8v4TRxkuQq5bhw3A@mail.gmail.com>
To: Alissa Cooper <alissa@cooperw.in>
Cc: IESG <iesg@ietf.org>, suit-chairs@ietf.org, suit@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/IqASFdYCr1Ev0DQgoM_k7n_TLaU>
Subject: Re: [Suit] Alissa Cooper's Block on charter-ietf-suit-00-08: (with BLOCK and COMMENT)
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Nov 2017 20:34:35 -0000

On Wed, Nov 29, 2017 at 3:27 PM, Kathleen Moriarty
<kathleen.moriarty.ietf@gmail.com> wrote:
> On Wed, Nov 29, 2017 at 3:17 PM, Alissa Cooper <alissa@cooperw.in> wrote:
>>
>> On Nov 29, 2017, at 2:32 PM, Kathleen Moriarty
>> <kathleen.moriarty.ietf@gmail.com> wrote:
>>
>>
>> 4. This charter changed in some pretty important ways in the middle of the
>> external review period, but was never re-sent to the new-work mailing list.
>> There was also an error in the original announcement sent to new-work that
>> could cause confusion (it said this was a re-charter). I asked for it to be
>> re-sent but it doesn't look like it was. Since this is an important part of
>> external review, I really don't think this step should be skipped.
>>
>>
>> The charter did NOT change during the external review period.
>>
>>
>> In the datatracker I see that the external review period began 11/3/17 with
>> the -04 version of the charter and the message to new-work went out that
>> day. https://datatracker.ietf.org/doc/charter-ietf-suit/history/
>
> Right, I forgot, however, the external review was set for an extended
> period of time with the understanding that it could change from the
> BoF, leaving 2 additional weeks for discussion after the changes were
> made.
>
>>
>> Perhaps folks disagree about whether the changes are material, but the
>> charter certainly changed from -04 to -07/-08.
>
> The updates reflect consensus decisions of the BoF.  I was careful to
> make sure they were posted 2 weeks prior to this telechat.

I do recall raising this point in one of the IESG/IAB joint
discussions on hot topics.

Regards,
Kathleen
>
> Regards,
> Kathleen
>
>>
>> Alissa
>>
>> The
>> charter was updated to version 7 prior to the start of the external
>> review, then the external review was requested.  The changes from
>> version 6 to 7 were a result of consensus calls during the BoF.  The
>> update to 8 was an attempt to fix a formatting issue, but the result
>> was no change. The BoF chairs were very clear with the consensus calls
>> in the room with the exact text being displayed and discussed.
>>
>> The re-charter was likely because when the page was first created,
>> someone had put the charter text where charter text goes for an
>> established WG.
>>
>>
>> I'm willing to move to ABSTAIN if no one agrees with me but I thought I
>> would
>> check to see if folks would be willing to take the time to sort out these
>> issues.
>>
>>
>> The chairs will be responding on list and I said in an earlier email,
>> I would like to see the outcome before changing anything as I'd like
>> to follow our normal process and respect the chairs roll in the
>> process to assess consensus and drive the work forward.
>>
>> Best regards,
>> Kathleen
>>
>>
>>
>> ----------------------------------------------------------------------
>> COMMENT:
>> ----------------------------------------------------------------------
>>
>> Some lesser issues:
>>
>> 5. The charter now talks about how the group may describe the use of
>> existing
>> discovery and transport mechanisms, but there are not associated
>> milestone(s)
>> for this work. Not sure if this is intentional or an oversight.
>>
>> 6. I agree with the folks on the list who have said that the background
>> material about the IAB workshop and RFC 4108 should either be removed
>> (preferably), or shifted around to the beginning of the text and edited so
>> that
>> it's clear that it's there for background purposes and not to constrain what
>> the group does going forward.
>>
>>
>>
>>
>>
>> --
>>
>> Best regards,
>> Kathleen
>>
>>
>
>
>
> --
>
> Best regards,
> Kathleen



-- 

Best regards,
Kathleen


From nobody Wed Nov 29 12:51:20 2017
Return-Path: <alissa@cooperw.in>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 95C621204DA; Wed, 29 Nov 2017 12:51:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.72
X-Spam-Level: 
X-Spam-Status: No, score=-2.72 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cooperw.in header.b=ihd989RN; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=kNDR/rfX
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NIv5rsIem6yL; Wed, 29 Nov 2017 12:51:11 -0800 (PST)
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 702F11200CF; Wed, 29 Nov 2017 12:51:11 -0800 (PST)
Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id A870F20984; Wed, 29 Nov 2017 15:51:10 -0500 (EST)
Received: from frontend1 ([10.202.2.160]) by compute7.internal (MEProxy); Wed, 29 Nov 2017 15:51:10 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cooperw.in; h=cc :content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=SPa8MPgocMMPjO5O6IeDWCVcgdaiO/JykTC+uTgx2pI=; b=ihd989RN lUPY47TELL0FyzfBAMSBo2BmFE4RvM1xBj8ApyxQqw/ODnOAIQXjeaaA3aVBUwzX qR++iK1eBrzng6JUmFyJcjEnvEeIo4G9lklTyDTaPnxIQAv1fbAo2XW5zcqzDKJ2 tY6urVsygN+YqpAp6l0ZhxVJb8vN8aDJ5E9uLCTv+On8JCB6DctUgIrKGhVoQDNi 1xZfTlfb9vn/rwjyEo3X/JOSuZiW88Rt9mJUz8MjkSUjl3J4gvqeeAaph7zotcOw 9eNFq+9nsKP9hK+6HJtXKMBors+OPlXV9TpgSIDjpvEyZIUUTgAf+j34O43BMzik poyME1ykwVCiZQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; bh=SPa8MPgocMMPjO5O6IeDWCVcgdaiO /JykTC+uTgx2pI=; b=kNDR/rfXpKneXoyc2iQb7oLj7a2pm9t0j8Nsot1YwoNQS nHIdGFCtJApJZ9jG5Kfp7S4DvhtP0rptfN/MkUKs8e9gfEsHu0kbjqOIsWALesjs /i4Fls0rcmr/fUhO1NyYjVuXtW7tVc6OcgQYjfUNE/j7DJ1XIFjnuO7fzjS1EVqK xTZPxQQ20bMNnj/0yU0OoHiB00aeAdhIEsRprRVUxCNdzcl2fkdBYN5qOKEZ2wnY BIEQNakQTsbE6yJJVI/nNHBlJIkjbYvZfWUTmJPl7a3PmMF+UE1ZVuRT8VZBZCoD 89TI8dZdkLGqslrGyiALh1qKKwy/ZbR3m4/WTrnWw==
X-ME-Sender: <xms:vh0fWnAjDIrNiU_KfUr4dw25KN60QGmnr0P-YliNV8NZKVOlxdiSwg>
Received: from sjc-alcoop-8816.cisco.com (unknown [128.107.241.191]) by mail.messagingengine.com (Postfix) with ESMTPA id 485097E6B8; Wed, 29 Nov 2017 15:51:09 -0500 (EST)
Content-Type: multipart/alternative; boundary="Apple-Mail=_60B4EF7C-8EDB-4650-8CC6-9546FDC2899B"
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Alissa Cooper <alissa@cooperw.in>
In-Reply-To: <CAHbuEH6OrsFn16VrD_bxnbkJ897Gd2shSEVCXehwEfWtEGKsqw@mail.gmail.com>
Date: Wed, 29 Nov 2017 15:51:07 -0500
Cc: IESG <iesg@ietf.org>, suit-chairs@ietf.org, suit@ietf.org
Message-Id: <6B113166-9C17-42B3-905C-539CAE3AED7A@cooperw.in>
References: <151198331193.7984.4323886922842709646.idtracker@ietfa.amsl.com> <CAHbuEH75kjO9mwPd+c8nk9d3JM_Od4Jb59aXaZLyUT+C4d0KVg@mail.gmail.com> <2063B475-1451-42F2-A627-B34A574B6A78@cooperw.in> <CAHbuEH6OrsFn16VrD_bxnbkJ897Gd2shSEVCXehwEfWtEGKsqw@mail.gmail.com>
To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/bsX7LT65xtxu6CAJtDNVmnqmBPk>
Subject: Re: [Suit] Alissa Cooper's Block on charter-ietf-suit-00-08: (with BLOCK and COMMENT)
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Nov 2017 20:51:18 -0000

--Apple-Mail=_60B4EF7C-8EDB-4650-8CC6-9546FDC2899B
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=utf-8


> On Nov 29, 2017, at 3:27 PM, Kathleen Moriarty =
<kathleen.moriarty.ietf@gmail.com> wrote:
>=20
> On Wed, Nov 29, 2017 at 3:17 PM, Alissa Cooper <alissa@cooperw.in =
<mailto:alissa@cooperw.in>> wrote:
>>=20
>> On Nov 29, 2017, at 2:32 PM, Kathleen Moriarty
>> <kathleen.moriarty.ietf@gmail.com> wrote:
>>=20
>>=20
>> 4. This charter changed in some pretty important ways in the middle =
of the
>> external review period, but was never re-sent to the new-work mailing =
list.
>> There was also an error in the original announcement sent to new-work =
that
>> could cause confusion (it said this was a re-charter). I asked for it =
to be
>> re-sent but it doesn't look like it was. Since this is an important =
part of
>> external review, I really don't think this step should be skipped.
>>=20
>>=20
>> The charter did NOT change during the external review period.
>>=20
>>=20
>> In the datatracker I see that the external review period began =
11/3/17 with
>> the -04 version of the charter and the message to new-work went out =
that
>> day. https://datatracker.ietf.org/doc/charter-ietf-suit/history/
>=20
> Right, I forgot, however, the external review was set for an extended
> period of time with the understanding that it could change from the
> BoF, leaving 2 additional weeks for discussion after the changes were
> made.

My point is that external review is, in part, targeted towards reviewers =
external to the IETF (i.e., folks participating in other SDOs). This is =
why we send proposed charters to new-work. Subscribers to that list saw =
an announcement of a charter (listed as a re-charter) on 11/3, asking =
for feedback by 11/13. Nothing further was sent to that list after the =
changes were made on 11/15, and there=E2=80=99s no reason why external =
reviewers subscribed to that list would know that the charter had =
changed or that the external review period was extended.

I think we need to act the way we would want other SDOs to act towards =
us.

>=20
>>=20
>> Perhaps folks disagree about whether the changes are material, but =
the
>> charter certainly changed from -04 to -07/-08.
>=20
> The updates reflect consensus decisions of the BoF.  I was careful to
> make sure they were posted 2 weeks prior to this telechat.

See above =E2=80=94 they were posted to the datatracker, but not to =
new-work.

Alissa

>=20
> Regards,
> Kathleen
>=20
>>=20
>> Alissa
>>=20
>> The
>> charter was updated to version 7 prior to the start of the external
>> review, then the external review was requested.  The changes from
>> version 6 to 7 were a result of consensus calls during the BoF.  The
>> update to 8 was an attempt to fix a formatting issue, but the result
>> was no change. The BoF chairs were very clear with the consensus =
calls
>> in the room with the exact text being displayed and discussed.
>>=20
>> The re-charter was likely because when the page was first created,
>> someone had put the charter text where charter text goes for an
>> established WG.
>>=20
>>=20
>> I'm willing to move to ABSTAIN if no one agrees with me but I thought =
I
>> would
>> check to see if folks would be willing to take the time to sort out =
these
>> issues.
>>=20
>>=20
>> The chairs will be responding on list and I said in an earlier email,
>> I would like to see the outcome before changing anything as I'd like
>> to follow our normal process and respect the chairs roll in the
>> process to assess consensus and drive the work forward.
>>=20
>> Best regards,
>> Kathleen
>>=20
>>=20
>>=20
>> =
----------------------------------------------------------------------
>> COMMENT:
>> =
----------------------------------------------------------------------
>>=20
>> Some lesser issues:
>>=20
>> 5. The charter now talks about how the group may describe the use of
>> existing
>> discovery and transport mechanisms, but there are not associated
>> milestone(s)
>> for this work. Not sure if this is intentional or an oversight.
>>=20
>> 6. I agree with the folks on the list who have said that the =
background
>> material about the IAB workshop and RFC 4108 should either be removed
>> (preferably), or shifted around to the beginning of the text and =
edited so
>> that
>> it's clear that it's there for background purposes and not to =
constrain what
>> the group does going forward.
>>=20
>>=20
>>=20
>>=20
>>=20
>> --
>>=20
>> Best regards,
>> Kathleen
>>=20
>>=20
>=20
>=20
>=20
> --=20
>=20
> Best regards,
> Kathleen


--Apple-Mail=_60B4EF7C-8EDB-4650-8CC6-9546FDC2899B
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=utf-8

<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html =
charset=3Dutf-8"></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" =
class=3D""><br class=3D""><div><blockquote type=3D"cite" class=3D""><div =
class=3D"">On Nov 29, 2017, at 3:27 PM, Kathleen Moriarty &lt;<a =
href=3D"mailto:kathleen.moriarty.ietf@gmail.com" =
class=3D"">kathleen.moriarty.ietf@gmail.com</a>&gt; wrote:</div><br =
class=3D"Apple-interchange-newline"><div class=3D""><span =
style=3D"font-family: Helvetica; font-size: 12px; font-style: normal; =
font-variant-caps: normal; font-weight: normal; letter-spacing: normal; =
orphans: auto; text-align: start; text-indent: 0px; text-transform: =
none; white-space: normal; widows: auto; word-spacing: 0px; =
-webkit-text-stroke-width: 0px; float: none; display: inline =
!important;" class=3D"">On Wed, Nov 29, 2017 at 3:17 PM, Alissa Cooper =
&lt;</span><a href=3D"mailto:alissa@cooperw.in" style=3D"font-family: =
Helvetica; font-size: 12px; font-style: normal; font-variant-caps: =
normal; font-weight: normal; letter-spacing: normal; orphans: auto; =
text-align: start; text-indent: 0px; text-transform: none; white-space: =
normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: =
0px;" class=3D"">alissa@cooperw.in</a><span style=3D"font-family: =
Helvetica; font-size: 12px; font-style: normal; font-variant-caps: =
normal; font-weight: normal; letter-spacing: normal; orphans: auto; =
text-align: start; text-indent: 0px; text-transform: none; white-space: =
normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; =
float: none; display: inline !important;" class=3D"">&gt; =
wrote:</span><br style=3D"font-family: Helvetica; font-size: 12px; =
font-style: normal; font-variant-caps: normal; font-weight: normal; =
letter-spacing: normal; orphans: auto; text-align: start; text-indent: =
0px; text-transform: none; white-space: normal; widows: auto; =
word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=3D""><blockquote=
 type=3D"cite" style=3D"font-family: Helvetica; font-size: 12px; =
font-style: normal; font-variant-caps: normal; font-weight: normal; =
letter-spacing: normal; orphans: auto; text-align: start; text-indent: =
0px; text-transform: none; white-space: normal; widows: auto; =
word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=3D""><br =
class=3D"">On Nov 29, 2017, at 2:32 PM, Kathleen Moriarty<br =
class=3D"">&lt;<a href=3D"mailto:kathleen.moriarty.ietf@gmail.com" =
class=3D"">kathleen.moriarty.ietf@gmail.com</a>&gt; wrote:<br =
class=3D""><br class=3D""><br class=3D"">4. This charter changed in some =
pretty important ways in the middle of the<br class=3D"">external review =
period, but was never re-sent to the new-work mailing list.<br =
class=3D"">There was also an error in the original announcement sent to =
new-work that<br class=3D"">could cause confusion (it said this was a =
re-charter). I asked for it to be<br class=3D"">re-sent but it doesn't =
look like it was. Since this is an important part of<br =
class=3D"">external review, I really don't think this step should be =
skipped.<br class=3D""><br class=3D""><br class=3D"">The charter did NOT =
change during the external review period.<br class=3D""><br class=3D""><br=
 class=3D"">In the datatracker I see that the external review period =
began 11/3/17 with<br class=3D"">the -04 version of the charter and the =
message to new-work went out that<br class=3D"">day. <a =
href=3D"https://datatracker.ietf.org/doc/charter-ietf-suit/history/" =
class=3D"">https://datatracker.ietf.org/doc/charter-ietf-suit/history/</a>=
<br class=3D""></blockquote><br style=3D"font-family: Helvetica; =
font-size: 12px; font-style: normal; font-variant-caps: normal; =
font-weight: normal; letter-spacing: normal; orphans: auto; text-align: =
start; text-indent: 0px; text-transform: none; white-space: normal; =
widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" =
class=3D""><span style=3D"font-family: Helvetica; font-size: 12px; =
font-style: normal; font-variant-caps: normal; font-weight: normal; =
letter-spacing: normal; orphans: auto; text-align: start; text-indent: =
0px; text-transform: none; white-space: normal; widows: auto; =
word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: =
inline !important;" class=3D"">Right, I forgot, however, the external =
review was set for an extended</span><br style=3D"font-family: =
Helvetica; font-size: 12px; font-style: normal; font-variant-caps: =
normal; font-weight: normal; letter-spacing: normal; orphans: auto; =
text-align: start; text-indent: 0px; text-transform: none; white-space: =
normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: =
0px;" class=3D""><span style=3D"font-family: Helvetica; font-size: 12px; =
font-style: normal; font-variant-caps: normal; font-weight: normal; =
letter-spacing: normal; orphans: auto; text-align: start; text-indent: =
0px; text-transform: none; white-space: normal; widows: auto; =
word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: =
inline !important;" class=3D"">period of time with the understanding =
that it could change from the</span><br style=3D"font-family: Helvetica; =
font-size: 12px; font-style: normal; font-variant-caps: normal; =
font-weight: normal; letter-spacing: normal; orphans: auto; text-align: =
start; text-indent: 0px; text-transform: none; white-space: normal; =
widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" =
class=3D""><span style=3D"font-family: Helvetica; font-size: 12px; =
font-style: normal; font-variant-caps: normal; font-weight: normal; =
letter-spacing: normal; orphans: auto; text-align: start; text-indent: =
0px; text-transform: none; white-space: normal; widows: auto; =
word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: =
inline !important;" class=3D"">BoF, leaving 2 additional weeks for =
discussion after the changes were</span><br style=3D"font-family: =
Helvetica; font-size: 12px; font-style: normal; font-variant-caps: =
normal; font-weight: normal; letter-spacing: normal; orphans: auto; =
text-align: start; text-indent: 0px; text-transform: none; white-space: =
normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: =
0px;" class=3D""><span style=3D"font-family: Helvetica; font-size: 12px; =
font-style: normal; font-variant-caps: normal; font-weight: normal; =
letter-spacing: normal; orphans: auto; text-align: start; text-indent: =
0px; text-transform: none; white-space: normal; widows: auto; =
word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: =
inline !important;" class=3D"">made.</span><br style=3D"font-family: =
Helvetica; font-size: 12px; font-style: normal; font-variant-caps: =
normal; font-weight: normal; letter-spacing: normal; orphans: auto; =
text-align: start; text-indent: 0px; text-transform: none; white-space: =
normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: =
0px;" class=3D""></div></blockquote><div><br class=3D""></div><div>My =
point is that external review is, in part, targeted towards reviewers =
external to the IETF (i.e., folks participating in other SDOs). This is =
why we send proposed charters to new-work. Subscribers to that list saw =
an announcement of a charter (listed as a re-charter) on 11/3, asking =
for feedback by 11/13. Nothing further was sent to that list after the =
changes were made on 11/15, and there=E2=80=99s no reason why external =
reviewers subscribed to that list would know that the charter had =
changed or that the external review period was extended.</div><div><br =
class=3D""></div><div>I think we need to act the way we would want other =
SDOs to act towards us.</div><br class=3D""><blockquote type=3D"cite" =
class=3D""><div class=3D""><br style=3D"font-family: Helvetica; =
font-size: 12px; font-style: normal; font-variant-caps: normal; =
font-weight: normal; letter-spacing: normal; orphans: auto; text-align: =
start; text-indent: 0px; text-transform: none; white-space: normal; =
widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" =
class=3D""><blockquote type=3D"cite" style=3D"font-family: Helvetica; =
font-size: 12px; font-style: normal; font-variant-caps: normal; =
font-weight: normal; letter-spacing: normal; orphans: auto; text-align: =
start; text-indent: 0px; text-transform: none; white-space: normal; =
widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" =
class=3D""><br class=3D"">Perhaps folks disagree about whether the =
changes are material, but the<br class=3D"">charter certainly changed =
from -04 to -07/-08.<br class=3D""></blockquote><br style=3D"font-family: =
Helvetica; font-size: 12px; font-style: normal; font-variant-caps: =
normal; font-weight: normal; letter-spacing: normal; orphans: auto; =
text-align: start; text-indent: 0px; text-transform: none; white-space: =
normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: =
0px;" class=3D""><span style=3D"font-family: Helvetica; font-size: 12px; =
font-style: normal; font-variant-caps: normal; font-weight: normal; =
letter-spacing: normal; orphans: auto; text-align: start; text-indent: =
0px; text-transform: none; white-space: normal; widows: auto; =
word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: =
inline !important;" class=3D"">The updates reflect consensus decisions =
of the BoF. &nbsp;I was careful to</span><br style=3D"font-family: =
Helvetica; font-size: 12px; font-style: normal; font-variant-caps: =
normal; font-weight: normal; letter-spacing: normal; orphans: auto; =
text-align: start; text-indent: 0px; text-transform: none; white-space: =
normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: =
0px;" class=3D""><span style=3D"font-family: Helvetica; font-size: 12px; =
font-style: normal; font-variant-caps: normal; font-weight: normal; =
letter-spacing: normal; orphans: auto; text-align: start; text-indent: =
0px; text-transform: none; white-space: normal; widows: auto; =
word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: =
inline !important;" class=3D"">make sure they were posted 2 weeks prior =
to this telechat.</span><br style=3D"font-family: Helvetica; font-size: =
12px; font-style: normal; font-variant-caps: normal; font-weight: =
normal; letter-spacing: normal; orphans: auto; text-align: start; =
text-indent: 0px; text-transform: none; white-space: normal; widows: =
auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" =
class=3D""></div></blockquote><div><br class=3D""></div><div>See above =
=E2=80=94 they were posted to the datatracker, but not to =
new-work.</div><div><br class=3D""></div><div>Alissa</div><br =
class=3D""><blockquote type=3D"cite" class=3D""><div class=3D""><br =
style=3D"font-family: Helvetica; font-size: 12px; font-style: normal; =
font-variant-caps: normal; font-weight: normal; letter-spacing: normal; =
orphans: auto; text-align: start; text-indent: 0px; text-transform: =
none; white-space: normal; widows: auto; word-spacing: 0px; =
-webkit-text-stroke-width: 0px;" class=3D""><span style=3D"font-family: =
Helvetica; font-size: 12px; font-style: normal; font-variant-caps: =
normal; font-weight: normal; letter-spacing: normal; orphans: auto; =
text-align: start; text-indent: 0px; text-transform: none; white-space: =
normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; =
float: none; display: inline !important;" class=3D"">Regards,</span><br =
style=3D"font-family: Helvetica; font-size: 12px; font-style: normal; =
font-variant-caps: normal; font-weight: normal; letter-spacing: normal; =
orphans: auto; text-align: start; text-indent: 0px; text-transform: =
none; white-space: normal; widows: auto; word-spacing: 0px; =
-webkit-text-stroke-width: 0px;" class=3D""><span style=3D"font-family: =
Helvetica; font-size: 12px; font-style: normal; font-variant-caps: =
normal; font-weight: normal; letter-spacing: normal; orphans: auto; =
text-align: start; text-indent: 0px; text-transform: none; white-space: =
normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; =
float: none; display: inline !important;" class=3D"">Kathleen</span><br =
style=3D"font-family: Helvetica; font-size: 12px; font-style: normal; =
font-variant-caps: normal; font-weight: normal; letter-spacing: normal; =
orphans: auto; text-align: start; text-indent: 0px; text-transform: =
none; white-space: normal; widows: auto; word-spacing: 0px; =
-webkit-text-stroke-width: 0px;" class=3D""><br style=3D"font-family: =
Helvetica; font-size: 12px; font-style: normal; font-variant-caps: =
normal; font-weight: normal; letter-spacing: normal; orphans: auto; =
text-align: start; text-indent: 0px; text-transform: none; white-space: =
normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: =
0px;" class=3D""><blockquote type=3D"cite" style=3D"font-family: =
Helvetica; font-size: 12px; font-style: normal; font-variant-caps: =
normal; font-weight: normal; letter-spacing: normal; orphans: auto; =
text-align: start; text-indent: 0px; text-transform: none; white-space: =
normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: =
0px;" class=3D""><br class=3D"">Alissa<br class=3D""><br class=3D"">The<br=
 class=3D"">charter was updated to version 7 prior to the start of the =
external<br class=3D"">review, then the external review was requested. =
&nbsp;The changes from<br class=3D"">version 6 to 7 were a result of =
consensus calls during the BoF. &nbsp;The<br class=3D"">update to 8 was =
an attempt to fix a formatting issue, but the result<br class=3D"">was =
no change. The BoF chairs were very clear with the consensus calls<br =
class=3D"">in the room with the exact text being displayed and =
discussed.<br class=3D""><br class=3D"">The re-charter was likely =
because when the page was first created,<br class=3D"">someone had put =
the charter text where charter text goes for an<br class=3D"">established =
WG.<br class=3D""><br class=3D""><br class=3D"">I'm willing to move to =
ABSTAIN if no one agrees with me but I thought I<br class=3D"">would<br =
class=3D"">check to see if folks would be willing to take the time to =
sort out these<br class=3D"">issues.<br class=3D""><br class=3D""><br =
class=3D"">The chairs will be responding on list and I said in an =
earlier email,<br class=3D"">I would like to see the outcome before =
changing anything as I'd like<br class=3D"">to follow our normal process =
and respect the chairs roll in the<br class=3D"">process to assess =
consensus and drive the work forward.<br class=3D""><br class=3D"">Best =
regards,<br class=3D"">Kathleen<br class=3D""><br class=3D""><br =
class=3D""><br =
class=3D"">---------------------------------------------------------------=
-------<br class=3D"">COMMENT:<br =
class=3D"">---------------------------------------------------------------=
-------<br class=3D""><br class=3D"">Some lesser issues:<br class=3D""><br=
 class=3D"">5. The charter now talks about how the group may describe =
the use of<br class=3D"">existing<br class=3D"">discovery and transport =
mechanisms, but there are not associated<br class=3D"">milestone(s)<br =
class=3D"">for this work. Not sure if this is intentional or an =
oversight.<br class=3D""><br class=3D"">6. I agree with the folks on the =
list who have said that the background<br class=3D"">material about the =
IAB workshop and RFC 4108 should either be removed<br =
class=3D"">(preferably), or shifted around to the beginning of the text =
and edited so<br class=3D"">that<br class=3D"">it's clear that it's =
there for background purposes and not to constrain what<br class=3D"">the =
group does going forward.<br class=3D""><br class=3D""><br class=3D""><br =
class=3D""><br class=3D""><br class=3D"">--<br class=3D""><br =
class=3D"">Best regards,<br class=3D"">Kathleen<br class=3D""><br =
class=3D""><br class=3D""></blockquote><br style=3D"font-family: =
Helvetica; font-size: 12px; font-style: normal; font-variant-caps: =
normal; font-weight: normal; letter-spacing: normal; orphans: auto; =
text-align: start; text-indent: 0px; text-transform: none; white-space: =
normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: =
0px;" class=3D""><br style=3D"font-family: Helvetica; font-size: 12px; =
font-style: normal; font-variant-caps: normal; font-weight: normal; =
letter-spacing: normal; orphans: auto; text-align: start; text-indent: =
0px; text-transform: none; white-space: normal; widows: auto; =
word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=3D""><br =
style=3D"font-family: Helvetica; font-size: 12px; font-style: normal; =
font-variant-caps: normal; font-weight: normal; letter-spacing: normal; =
orphans: auto; text-align: start; text-indent: 0px; text-transform: =
none; white-space: normal; widows: auto; word-spacing: 0px; =
-webkit-text-stroke-width: 0px;" class=3D""><span style=3D"font-family: =
Helvetica; font-size: 12px; font-style: normal; font-variant-caps: =
normal; font-weight: normal; letter-spacing: normal; orphans: auto; =
text-align: start; text-indent: 0px; text-transform: none; white-space: =
normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; =
float: none; display: inline !important;" class=3D"">--<span =
class=3D"Apple-converted-space">&nbsp;</span></span><br =
style=3D"font-family: Helvetica; font-size: 12px; font-style: normal; =
font-variant-caps: normal; font-weight: normal; letter-spacing: normal; =
orphans: auto; text-align: start; text-indent: 0px; text-transform: =
none; white-space: normal; widows: auto; word-spacing: 0px; =
-webkit-text-stroke-width: 0px;" class=3D""><br style=3D"font-family: =
Helvetica; font-size: 12px; font-style: normal; font-variant-caps: =
normal; font-weight: normal; letter-spacing: normal; orphans: auto; =
text-align: start; text-indent: 0px; text-transform: none; white-space: =
normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: =
0px;" class=3D""><span style=3D"font-family: Helvetica; font-size: 12px; =
font-style: normal; font-variant-caps: normal; font-weight: normal; =
letter-spacing: normal; orphans: auto; text-align: start; text-indent: =
0px; text-transform: none; white-space: normal; widows: auto; =
word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: =
inline !important;" class=3D"">Best regards,</span><br =
style=3D"font-family: Helvetica; font-size: 12px; font-style: normal; =
font-variant-caps: normal; font-weight: normal; letter-spacing: normal; =
orphans: auto; text-align: start; text-indent: 0px; text-transform: =
none; white-space: normal; widows: auto; word-spacing: 0px; =
-webkit-text-stroke-width: 0px;" class=3D""><span style=3D"font-family: =
Helvetica; font-size: 12px; font-style: normal; font-variant-caps: =
normal; font-weight: normal; letter-spacing: normal; orphans: auto; =
text-align: start; text-indent: 0px; text-transform: none; white-space: =
normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; =
float: none; display: inline !important;" =
class=3D"">Kathleen</span></div></blockquote></div><br =
class=3D""></body></html>=

--Apple-Mail=_60B4EF7C-8EDB-4650-8CC6-9546FDC2899B--


From nobody Wed Nov 29 13:08:53 2017
Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 16DFA127010; Wed, 29 Nov 2017 13:08:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level: 
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9,  DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KOJu3J-f2YSJ; Wed, 29 Nov 2017 13:08:31 -0800 (PST)
Received: from mail-pl0-x232.google.com (mail-pl0-x232.google.com [IPv6:2607:f8b0:400e:c01::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D0398126CF9; Wed, 29 Nov 2017 13:08:24 -0800 (PST)
Received: by mail-pl0-x232.google.com with SMTP id b12so2845496plm.3; Wed, 29 Nov 2017 13:08:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;  h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=3wYNh89I2lUsXALSKx6hCb+rANEg6MBGCFt+nPbzwcA=; b=MK+bLYf0tPuSpRYty2rWrSUY4UqlFLrXuHGErIzdkx4dS3WxipvF9VLxDf8Hsl/Ibq pkQNVH2JXOj2k0MW8hJCAe1S1YPmNUFgvFAzyNXJMXXak4AwHaK3wZedT/vwGZXUyR3c cXuY39cHHXukJj4BSldIYDfNozH/pEcSx+qBFRlEhsJ9wwXarArUR8uqMBvSaRwTfxGx dHmpvDOJ2Rkd3iivuhivo3b/GyU1PfC/+cqiSQMwfACoj4lQVzw4/WkPtI+0tMI6WtwE 2Nr8vvBfPjOccvO6OBgb9aAat0orh95Dw0m3BjcwzN1Oye3sEzy9N7358oi6SpW0B4Ni dogw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=3wYNh89I2lUsXALSKx6hCb+rANEg6MBGCFt+nPbzwcA=; b=SwEL9rFleimNT8ypoZMqIstYxDpyS2L0Zf+Hv8/WaEkd8dxE8MGp7Q98LXBwLzKdSh pwaqkF7VjBGXVZeV16k7apLQbIywYYJkivRu3v8ANZJpat3OMP8KjlHPNRriCS9IaBZM XeILRsq/eFdLR/i2KnbAykpKofraLnuaX3YrZpV3NK7QOB/QP6FYJmG2SH8VTkB3wyKI xj2thopmcdsgJpqX5KDSDyC1nXHh2mWJYr9HNEFQDkkx2JYHcEu/9+l6aSf4UXdMp2i5 /+ieE8o7WP7PtELp2XoQ48ksQfquVN88bSEb0lc3sn3zHDFn10ydg672NJJsaOIoECy6 /H2w==
X-Gm-Message-State: AJaThX4fNKvtBB1yaDWf8zQWxlW8gw981nEK2SGkM3btVn+PH2xc9/q+ UZrWrviNx2vbgfjy60nQ7UoeVbaKV62kpNiN7B4=
X-Google-Smtp-Source: AGs4zMZD9gZr4imAHhwKzxUiAM52fG1mpueEQxlZC4Dw9M9GntlKruX+1V6GQbJrsk7/4Fg5KLTCs71fHpyZhbuf8VI=
X-Received: by 10.84.132.35 with SMTP id 32mr191702ple.225.1511989704318; Wed, 29 Nov 2017 13:08:24 -0800 (PST)
MIME-Version: 1.0
Received: by 10.100.186.208 with HTTP; Wed, 29 Nov 2017 13:07:43 -0800 (PST)
In-Reply-To: <6B113166-9C17-42B3-905C-539CAE3AED7A@cooperw.in>
References: <151198331193.7984.4323886922842709646.idtracker@ietfa.amsl.com> <CAHbuEH75kjO9mwPd+c8nk9d3JM_Od4Jb59aXaZLyUT+C4d0KVg@mail.gmail.com> <2063B475-1451-42F2-A627-B34A574B6A78@cooperw.in> <CAHbuEH6OrsFn16VrD_bxnbkJ897Gd2shSEVCXehwEfWtEGKsqw@mail.gmail.com> <6B113166-9C17-42B3-905C-539CAE3AED7A@cooperw.in>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: Wed, 29 Nov 2017 16:07:43 -0500
Message-ID: <CAHbuEH6xm=C6SbkZPzFocGGNbMzfVB7ubPz0TtAWhj4rWRfF1w@mail.gmail.com>
To: Alissa Cooper <alissa@cooperw.in>
Cc: IESG <iesg@ietf.org>, suit-chairs@ietf.org, suit@ietf.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/AYxydPX1qhOOnYt1jRR5TvbCye8>
Subject: Re: [Suit] Alissa Cooper's Block on charter-ietf-suit-00-08: (with BLOCK and COMMENT)
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Nov 2017 21:08:43 -0000

On Wed, Nov 29, 2017 at 3:51 PM, Alissa Cooper <alissa@cooperw.in> wrote:
>
> On Nov 29, 2017, at 3:27 PM, Kathleen Moriarty
> <kathleen.moriarty.ietf@gmail.com> wrote:
>
> On Wed, Nov 29, 2017 at 3:17 PM, Alissa Cooper <alissa@cooperw.in> wrote:
>
>
> On Nov 29, 2017, at 2:32 PM, Kathleen Moriarty
> <kathleen.moriarty.ietf@gmail.com> wrote:
>
>
> 4. This charter changed in some pretty important ways in the middle of th=
e
> external review period, but was never re-sent to the new-work mailing lis=
t.
> There was also an error in the original announcement sent to new-work tha=
t
> could cause confusion (it said this was a re-charter). I asked for it to =
be
> re-sent but it doesn't look like it was. Since this is an important part =
of
> external review, I really don't think this step should be skipped.
>
>
> The charter did NOT change during the external review period.
>
>
> In the datatracker I see that the external review period began 11/3/17 wi=
th
> the -04 version of the charter and the message to new-work went out that
> day. https://datatracker.ietf.org/doc/charter-ietf-suit/history/
>
>
> Right, I forgot, however, the external review was set for an extended
> period of time with the understanding that it could change from the
> BoF, leaving 2 additional weeks for discussion after the changes were
> made.
>
>
> My point is that external review is, in part, targeted towards reviewers
> external to the IETF (i.e., folks participating in other SDOs). This is w=
hy
> we send proposed charters to new-work. Subscribers to that list saw an
> announcement of a charter (listed as a re-charter) on 11/3, asking for
> feedback by 11/13. Nothing further was sent to that list after the change=
s
> were made on 11/15, and there=E2=80=99s no reason why external reviewers =
subscribed
> to that list would know that the charter had changed or that the external
> review period was extended.
>
> I think we need to act the way we would want other SDOs to act towards us=
.

I didn't think it was a big deal with the extended phase since the
IESG changes charters in external review regularly prior to final
publication.  The external review notification is a polite
communication and we sometimes skip that step with recharters and
often have text changes from list or IESG discussion prior to final
publication. This is the first time I've seen this called out to block
a charter progressing.  I had mentioned putting it in external review
early to dredge up external comments sooner and progress this faster
in case external entities were alerted to the BoF and to the charter
discussions.  The discussions all took place on list where there was
major text replacements.  There were other text updates that were no
accepted since there wasn't much agreement.  I haven't seen any
external responses from the review.  An email with an updated charter
should have gone out to your point, but it was posted 2 weeks prior to
the telechat.

>
>
>
> Perhaps folks disagree about whether the changes are material, but the
> charter certainly changed from -04 to -07/-08.

This was based on discussions on list and supported by polls in the
BoF.  The last set of changes were made 2 weeks in advance of the
telechat.  This was mentioned in the joint IESG/IAB meetings.

>
>
> The updates reflect consensus decisions of the BoF.  I was careful to
> make sure they were posted 2 weeks prior to this telechat.
>
>
> See above =E2=80=94 they were posted to the datatracker, but not to new-w=
ork.

Noted, but that doesn't happen with other charters under review
either.  If you want to change process and tools, this shouldn't get
held up in that discussion.  The charter changes removed major
decisions from the charter to happen within the formed WG.  That alone
should alleviate concerns you might have.  If the chairs decide
additional changes are agreed, we'll update again as is normal in a
review phase.

Regards,
Kathleen

>
> Alissa
>
>
> Regards,
> Kathleen
>
>
> Alissa
>
> The
> charter was updated to version 7 prior to the start of the external
> review, then the external review was requested.  The changes from
> version 6 to 7 were a result of consensus calls during the BoF.  The
> update to 8 was an attempt to fix a formatting issue, but the result
> was no change. The BoF chairs were very clear with the consensus calls
> in the room with the exact text being displayed and discussed.
>
> The re-charter was likely because when the page was first created,
> someone had put the charter text where charter text goes for an
> established WG.
>
>
> I'm willing to move to ABSTAIN if no one agrees with me but I thought I
> would
> check to see if folks would be willing to take the time to sort out these
> issues.
>
>
> The chairs will be responding on list and I said in an earlier email,
> I would like to see the outcome before changing anything as I'd like
> to follow our normal process and respect the chairs roll in the
> process to assess consensus and drive the work forward.
>
> Best regards,
> Kathleen
>
>
>
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
>
> Some lesser issues:
>
> 5. The charter now talks about how the group may describe the use of
> existing
> discovery and transport mechanisms, but there are not associated
> milestone(s)
> for this work. Not sure if this is intentional or an oversight.
>
> 6. I agree with the folks on the list who have said that the background
> material about the IAB workshop and RFC 4108 should either be removed
> (preferably), or shifted around to the beginning of the text and edited s=
o
> that
> it's clear that it's there for background purposes and not to constrain w=
hat
> the group does going forward.
>
>
>
>
>
> --
>
> Best regards,
> Kathleen
>
>
>
>
>
> --
>
> Best regards,
> Kathleen
>
>



--=20

Best regards,
Kathleen


From nobody Wed Nov 29 15:32:09 2017
Return-Path: <suhasietf@gmail.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4D5C0126E3A for <suit@ietfa.amsl.com>; Wed, 29 Nov 2017 15:31:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.718
X-Spam-Level: 
X-Spam-Status: No, score=-1.718 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_FONT_FACE_BAD=0.981, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3FQD1Z6YwC_k for <suit@ietfa.amsl.com>; Wed, 29 Nov 2017 15:31:52 -0800 (PST)
Received: from mail-vk0-x229.google.com (mail-vk0-x229.google.com [IPv6:2607:f8b0:400c:c05::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 119F81201FA for <suit@ietf.org>; Wed, 29 Nov 2017 15:31:52 -0800 (PST)
Received: by mail-vk0-x229.google.com with SMTP id f73so2350805vki.3 for <suit@ietf.org>; Wed, 29 Nov 2017 15:31:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;  h=mime-version:from:date:message-id:subject:to; bh=mrr+ExGke30lMYgMNxaGsBlP1LZyxmpqmXhdKmTCLU8=; b=AXP7eBi/ea2oHkKsgj7H0FSa06uFiIkKWDgKQC78E3O08XtRUv6dbDRVgfMmRH2JN5 ZQSkrDE3vTscXDA/lcezoqNM42oD/A3ulYemMPdeynfMuzdpZEeLbUDEchBprqEfjFfD E5nwty3fVCMx5F16u617IwAIytu6fWBUKlZeFhPkSNWh1CetZnZ9/dJgQ/UnI5/dVQzn tdtYVeR2f/AWd5s+AqP3f3QetlIJkLk3erpsxgP1iE7E1UHR0SPpJRUSowJe4tIln2g3 IUT0sesG3cVkRV21JHDExckopmmSZsHtfdwTNOFfikMQwalE8aStBsM9CVsGWUZF2uU8 7Zig==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=mrr+ExGke30lMYgMNxaGsBlP1LZyxmpqmXhdKmTCLU8=; b=Q5Z6ZPHTEg4R4W/Tv8+1D54dNIggXJ946oWfQb0s5lvZbOtzuKQvSSJ+rschXFDrIJ rFgVdnaoBLB12x3dKvE4j215SgU6luOHxqx29D3TSVZDcU7xNhQBr6QX5gLAZe91kLPR 6OZNQdooVDEp8fJu4g+Zzh3CYzbEkTXpP0C2wncim+qMv/Akhfr46JL7qLSmLi4b3TvO TQW08ZUxPFfTF0k5TPOl4uiZM5SIOCE/9Ip6xibCL6eHdVTP2MA9vBhgIfi9nibL74wB R8J9/6j9EaY7sTYFDrzoAKH9jcmenfomgwmmN4M1izHJH5RDeiUIp53COxqFAcg9LxlZ XPyQ==
X-Gm-Message-State: AKGB3mKohTOm/MtnVP/TXII+Vg2QAzO/tFa5BlUkyFXedJHosp+petjb CYyiAiEuTtuwXq1HqFbih+cRbzx4DXUMazsXR2FGXA==
X-Google-Smtp-Source: AGs4zMazdbS0aTeOqEQzP5ai6lW8uXN+YLiehpzrWtAcZAmubGNM2IPDvQs/jYm2e01FSuz4J1kFoepHrkih46pVYtw=
X-Received: by 10.31.110.10 with SMTP id j10mr441726vkc.123.1511998310712; Wed, 29 Nov 2017 15:31:50 -0800 (PST)
MIME-Version: 1.0
Received: by 10.159.33.194 with HTTP; Wed, 29 Nov 2017 15:31:50 -0800 (PST)
From: Suhas Nandakumar <suhasietf@gmail.com>
Date: Wed, 29 Nov 2017 15:31:50 -0800
Message-ID: <CAMRcRGRnUr6rvxse+EbopY+=txkQZcBNS_-A1td_YRFWifqJyg@mail.gmail.com>
To: suit@ietf.org
Content-Type: multipart/alternative; boundary="94eb2c14ada6360907055f278ad4"
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/75NBS2-2gY9UiGV01SaaDXtv71k>
Subject: [Suit] Concerns about Charter and Process Followed
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Nov 2017 23:31:57 -0000

--94eb2c14ada6360907055f278ad4
Content-Type: text/plain; charset="UTF-8"

Hello Chairs

  Having spent sometime to browse through different lists and attempting to
sharer concerns to ensure that the charter text and consensus match, i
thought will share few points for us to ponder upon.

As a follow up from BOF,

   1. minutes are not published to the data-tracker or the SUIT mailing
   list. I discovered the following notes from the etherpad instead (
   https://etherpad.tools.ietf.org/p/notes-ietf-100-suit)

          Co-Chairs summarize concerns with current Charter text
               - Use of RFC4108

   -            - Hum on if we should remove 4108 - Stronger hum???


   -            - Hum on if we should leave 4108

            - Should we constrain this to Class 1
          - Clarification on text revolving around transport mechanisms

   -           - Hum: Should we avoid the development of new transport
   mechanisms - Yes is louder in the room

          - Should the charter have text to talk about capabilities

   -           - Hum: Charter needs text


   -          - Hum: Leave out of charter, but add to architecture

         - Should the charter restrict to one

   -         - Hum: Yes


   -        - Hum: No - Much Stronger

       - Do we need a charter text update or leave it to a discussion for
discovery

   -      - Hum: Stronger for leaving it to discussion


      - Cullen Jennings via Jabber text to add: The architecture should
provide a way to discover the firmware server

   -      - Hum: ???


   -

        - AD says we need to put this back on the list again

As requested by the AD (last bullet point), the consensus confirming email
never made to the list.

   1. From the above notes excerpt, the changes that had consensus in
   meeting are not reflected in charter


   1. None of this has has been sent to list. Not the minutes from the
   meeting. Not the charter.


   1. People have not had time to review or comment on it


What should be the plan forward in addressing the concerns here ?

Thanks
Suhas Nandakumar

--94eb2c14ada6360907055f278ad4
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Hello Chairs<div><br></div><div>=C2=A0 Having spent someti=
me to browse through different lists and attempting to sharer concerns to e=
nsure that the charter text and consensus match, i thought will share few p=
oints for us to ponder upon.</div><div><br></div><div>As a follow up from B=
OF,</div><div><div class=3D"gmail-sparkMessage gmail-hasAction" style=3D"li=
ne-height:16pt;margin-bottom:0px;width:813px;margin-top:3px;display:-webkit=
-flex;min-height:18pt"><div class=3D"gmail-msgContainer" style=3D"user-sele=
ct: auto; flex: 1 1 0px; cursor: text;"><ol style=3D"color:rgb(52,53,55);fo=
nt-family:-apple-system,&quot;Segoe UI Semilight&quot;,sans-serif;font-size=
:14px;padding-left:36pt"><li style=3D"user-select: auto;">minutes are not p=
ublished to the data-tracker or the SUIT mailing list. I discovered the fol=
lowing notes from the etherpad instead (<a href=3D"https://etherpad.tools.i=
etf.org/p/notes-ietf-100-suit">https://etherpad.tools.ietf.org/p/notes-ietf=
-100-suit</a>)</li></ol><div style=3D"color:rgb(52,53,55);font-family:-appl=
e-system,&quot;Segoe UI Semilight&quot;,sans-serif;font-size:14px">=C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0=C2=A0<span style=3D"background-color:rgb(227,25=
5,234);color:rgb(0,0,0);font-family:&quot;Helvetica Neue&quot;,Arial,sans-s=
erif;font-size:12px">Co-Chairs summarize concerns with current Charter text=
</span></div><div id=3D"gmail-magicdomid84" class=3D"gmail-" style=3D"color=
:rgb(0,0,0);font-family:&quot;Helvetica Neue&quot;,Arial,sans-serif;font-si=
ze:12px;margin:0px;padding:0px"><span class=3D"gmail-author-a-gsb63az71z3z8=
0zdz89zz72zz68zz75zqz89z" style=3D"margin:0px;padding:1px 0px;background-co=
lor:rgb(227,255,234)">=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0- Use of RFC4108</span></div><div id=3D"gmail-magicdomid85" class=3D"gma=
il-" style=3D"color:rgb(0,0,0);font-family:&quot;Helvetica Neue&quot;,Arial=
,sans-serif;font-size:12px;margin:0px;padding:0px"><ul class=3D"gmail-list-=
indent1" style=3D"margin:0px 0px 0px 1.5em;padding:0px;list-style-type:none=
"><li style=3D"margin:0px;padding:0px"><span class=3D"gmail-author-a-gsb63a=
z71z3z80zdz89zz72zz68zz75zqz89z" style=3D"margin:0px;padding:1px 0px;backgr=
ound-color:rgb(227,255,234)">=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0- Hum=
 on if we should remove 4108 - Stronger hum???</span></li></ul></div><div i=
d=3D"gmail-magicdomid86" class=3D"gmail-" style=3D"color:rgb(0,0,0);font-fa=
mily:&quot;Helvetica Neue&quot;,Arial,sans-serif;font-size:12px;margin:0px;=
padding:0px"><ul class=3D"gmail-list-indent1" style=3D"margin:0px 0px 0px 1=
.5em;padding:0px;list-style-type:none"><li style=3D"margin:0px;padding:0px"=
><span class=3D"gmail-author-a-gsb63az71z3z80zdz89zz72zz68zz75zqz89z" style=
=3D"margin:0px;padding:1px 0px;background-color:rgb(227,255,234)">=C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0- Hum on if we should leave 4108</span></=
li></ul></div><div id=3D"gmail-magicdomid87" class=3D"gmail-" style=3D"colo=
r:rgb(0,0,0);font-family:&quot;Helvetica Neue&quot;,Arial,sans-serif;font-s=
ize:12px;margin:0px;padding:0px"><span class=3D"gmail-author-a-gsb63az71z3z=
80zdz89zz72zz68zz75zqz89z" style=3D"margin:0px;padding:1px 0px;background-c=
olor:rgb(227,255,234)">=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 - Should w=
e constrain this to Class 1</span></div><div id=3D"gmail-magicdomid88" clas=
s=3D"gmail-" style=3D"color:rgb(0,0,0);font-family:&quot;Helvetica Neue&quo=
t;,Arial,sans-serif;font-size:12px;margin:0px;padding:0px"><span class=3D"g=
mail-author-a-gsb63az71z3z80zdz89zz72zz68zz75zqz89z" style=3D"margin:0px;pa=
dding:1px 0px;background-color:rgb(227,255,234)">=C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 - Clarification on text revolving around transport mechanisms</s=
pan></div><div id=3D"gmail-magicdomid89" class=3D"gmail-" style=3D"color:rg=
b(0,0,0);font-family:&quot;Helvetica Neue&quot;,Arial,sans-serif;font-size:=
12px;margin:0px;padding:0px"><ul class=3D"gmail-list-indent1" style=3D"marg=
in:0px 0px 0px 1.5em;padding:0px;list-style-type:none"><li style=3D"margin:=
0px;padding:0px"><span class=3D"gmail-author-a-gsb63az71z3z80zdz89zz72zz68z=
z75zqz89z" style=3D"margin:0px;padding:1px 0px;background-color:rgb(227,255=
,234)">=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 - Hum: Should we avoid the develo=
pment of new transport mechanisms - Yes is louder in the room</span></li></=
ul></div><div id=3D"gmail-magicdomid90" class=3D"gmail-" style=3D"color:rgb=
(0,0,0);font-family:&quot;Helvetica Neue&quot;,Arial,sans-serif;font-size:1=
2px;margin:0px;padding:0px"><span class=3D"gmail-author-a-gsb63az71z3z80zdz=
89zz72zz68zz75zqz89z" style=3D"margin:0px;padding:1px 0px;background-color:=
rgb(227,255,234)">=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 - Should the charter h=
ave text to talk about capabilities</span></div><div id=3D"gmail-magicdomid=
91" class=3D"gmail-" style=3D"color:rgb(0,0,0);font-family:&quot;Helvetica =
Neue&quot;,Arial,sans-serif;font-size:12px;margin:0px;padding:0px"><ul clas=
s=3D"gmail-list-indent1" style=3D"margin:0px 0px 0px 1.5em;padding:0px;list=
-style-type:none"><li style=3D"margin:0px;padding:0px"><span class=3D"gmail=
-author-a-gsb63az71z3z80zdz89zz72zz68zz75zqz89z" style=3D"margin:0px;paddin=
g:1px 0px;background-color:rgb(227,255,234)">=C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 - Hum: Charter needs text</span></li></ul></div><div id=3D"gmail-mag=
icdomid92" class=3D"gmail-" style=3D"color:rgb(0,0,0);font-family:&quot;Hel=
vetica Neue&quot;,Arial,sans-serif;font-size:12px;margin:0px;padding:0px"><=
ul class=3D"gmail-list-indent1" style=3D"margin:0px 0px 0px 1.5em;padding:0=
px;list-style-type:none"><li style=3D"margin:0px;padding:0px"><span class=
=3D"gmail-author-a-gsb63az71z3z80zdz89zz72zz68zz75zqz89z" style=3D"margin:0=
px;padding:1px 0px;background-color:rgb(227,255,234)">=C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0- Hum: Leave out of charter, but add to architecture</span></l=
i></ul></div><div id=3D"gmail-magicdomid93" class=3D"gmail-" style=3D"color=
:rgb(0,0,0);font-family:&quot;Helvetica Neue&quot;,Arial,sans-serif;font-si=
ze:12px;margin:0px;padding:0px"><span class=3D"gmail-author-a-gsb63az71z3z8=
0zdz89zz72zz68zz75zqz89z" style=3D"margin:0px;padding:1px 0px;background-co=
lor:rgb(227,255,234)">=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0- Should the charte=
r restrict to one</span></div><div id=3D"gmail-magicdomid94" class=3D"gmail=
-" style=3D"color:rgb(0,0,0);font-family:&quot;Helvetica Neue&quot;,Arial,s=
ans-serif;font-size:12px;margin:0px;padding:0px"><ul class=3D"gmail-list-in=
dent1" style=3D"margin:0px 0px 0px 1.5em;padding:0px;list-style-type:none">=
<li style=3D"margin:0px;padding:0px"><span class=3D"gmail-author-a-gsb63az7=
1z3z80zdz89zz72zz68zz75zqz89z" style=3D"margin:0px;padding:1px 0px;backgrou=
nd-color:rgb(227,255,234)">=C2=A0 =C2=A0 =C2=A0 =C2=A0 - Hum: Yes</span></l=
i></ul></div><div id=3D"gmail-magicdomid95" class=3D"gmail-" style=3D"color=
:rgb(0,0,0);font-family:&quot;Helvetica Neue&quot;,Arial,sans-serif;font-si=
ze:12px;margin:0px;padding:0px"><ul class=3D"gmail-list-indent1" style=3D"m=
argin:0px 0px 0px 1.5em;padding:0px;list-style-type:none"><li style=3D"marg=
in:0px;padding:0px"><span class=3D"gmail-author-a-gsb63az71z3z80zdz89zz72zz=
68zz75zqz89z" style=3D"margin:0px;padding:1px 0px;background-color:rgb(227,=
255,234)">=C2=A0 =C2=A0 =C2=A0 =C2=A0- Hum: No - Much Stronger</span></li><=
/ul></div><div id=3D"gmail-magicdomid96" class=3D"gmail-" style=3D"color:rg=
b(0,0,0);font-family:&quot;Helvetica Neue&quot;,Arial,sans-serif;font-size:=
12px;margin:0px;padding:0px"><span class=3D"gmail-author-a-gsb63az71z3z80zd=
z89zz72zz68zz75zqz89z" style=3D"margin:0px;padding:1px 0px;background-color=
:rgb(227,255,234)">=C2=A0 =C2=A0 =C2=A0 =C2=A0- Do we need a charter text u=
pdate or leave it to a discussion for discovery</span></div><div id=3D"gmai=
l-magicdomid97" class=3D"gmail-" style=3D"color:rgb(0,0,0);font-family:&quo=
t;Helvetica Neue&quot;,Arial,sans-serif;font-size:12px;margin:0px;padding:0=
px"><ul class=3D"gmail-list-indent1" style=3D"margin:0px 0px 0px 1.5em;padd=
ing:0px;list-style-type:none"><li style=3D"margin:0px;padding:0px"><span cl=
ass=3D"gmail-author-a-gsb63az71z3z80zdz89zz72zz68zz75zqz89z" style=3D"margi=
n:0px;padding:1px 0px;background-color:rgb(227,255,234)">=C2=A0 =C2=A0 =C2=
=A0- Hum: Stronger for leaving it to discussion</span></li></ul></div><div =
id=3D"gmail-magicdomid98" class=3D"gmail-" style=3D"color:rgb(0,0,0);font-f=
amily:&quot;Helvetica Neue&quot;,Arial,sans-serif;font-size:12px;margin:0px=
;padding:0px"><br style=3D"margin:0px;padding:0px"></div><div id=3D"gmail-m=
agicdomid99" class=3D"gmail-" style=3D"color:rgb(0,0,0);font-family:&quot;H=
elvetica Neue&quot;,Arial,sans-serif;font-size:12px;margin:0px;padding:0px"=
><span class=3D"gmail-author-a-gsb63az71z3z80zdz89zz72zz68zz75zqz89z" style=
=3D"margin:0px;padding:1px 0px;background-color:rgb(227,255,234)">=C2=A0 =
=C2=A0 =C2=A0 - Cullen Jennings via Jabber text to add: The architecture sh=
ould provide a way to discover the firmware server</span></div><div id=3D"g=
mail-magicdomid100" class=3D"gmail-" style=3D"color:rgb(0,0,0);font-family:=
&quot;Helvetica Neue&quot;,Arial,sans-serif;font-size:12px;margin:0px;paddi=
ng:0px"><ul class=3D"gmail-list-indent1" style=3D"margin:0px 0px 0px 1.5em;=
padding:0px;list-style-type:none"><li style=3D"margin:0px;padding:0px"><spa=
n class=3D"gmail-author-a-gsb63az71z3z80zdz89zz72zz68zz75zqz89z" style=3D"m=
argin:0px;padding:1px 0px;background-color:rgb(227,255,234)">=C2=A0 =C2=A0 =
=C2=A0- Hum: ???</span></li></ul></div><div id=3D"gmail-magicdomid101" clas=
s=3D"gmail-" style=3D"color:rgb(0,0,0);font-family:&quot;Helvetica Neue&quo=
t;,Arial,sans-serif;font-size:12px;margin:0px;padding:0px"><ul class=3D"gma=
il-list-indent1" style=3D"margin:0px 0px 0px 1.5em;padding:0px;list-style-t=
ype:none"><li style=3D"margin:0px;padding:0px"><br style=3D"margin:0px;padd=
ing:0px"></li></ul></div><div id=3D"gmail-magicdomid102" class=3D"gmail-" s=
tyle=3D"color:rgb(0,0,0);font-family:&quot;Helvetica Neue&quot;,Arial,sans-=
serif;font-size:12px;margin:0px;padding:0px"><span class=3D"gmail-author-a-=
gsb63az71z3z80zdz89zz72zz68zz75zqz89z" style=3D"margin:0px;padding:1px 0px;=
background-color:rgb(227,255,234)">=C2=A0 =C2=A0 =C2=A0 =C2=A0 - AD says we=
 need to put this back on the list again</span></div><div id=3D"gmail-magic=
domid102" class=3D"gmail-" style=3D"color:rgb(0,0,0);font-family:&quot;Helv=
etica Neue&quot;,Arial,sans-serif;font-size:12px;margin:0px;padding:0px"><b=
r></div><div id=3D"gmail-magicdomid102" class=3D"gmail-" style=3D"margin:0p=
x;padding:0px"><font color=3D"#343537" face=3D"-apple-system, Segoe UI Semi=
light, sans-serif"><span style=3D"font-size:14px">As requested by the AD (l=
ast bullet point), the consensus confirming email never made to the list.</=
span></font></div></div><div class=3D"gmail-actionContainer" style=3D"color=
:rgb(52,53,55);font-family:-apple-system,&quot;Segoe UI Semilight&quot;,san=
s-serif;font-size:14px;width:68px;max-height:18pt;overflow-y:visible;margin=
:0px;padding:0px"><span class=3D"gmail-sparkTTHolder gmail-sparkTT-small" s=
tyle=3D"margin:0px;padding:0px;border:0px;display:inline-block"></span></di=
v></div><div class=3D"gmail-sparkMessage gmail-hasAction" style=3D"line-hei=
ght:16pt;color:rgb(52,53,55);margin-bottom:0px;width:813px;margin-top:3px;d=
isplay:-webkit-flex;min-height:18pt;font-family:-apple-system,&quot;Segoe U=
I Semilight&quot;,sans-serif;font-size:14px"><div class=3D"gmail-msgContain=
er" style=3D"user-select: auto; flex: 1 1 0px; cursor: text;"><ol start=3D"=
2" style=3D"padding-left:36pt"><li style=3D"user-select: auto;">From the ab=
ove notes excerpt, the changes that had consensus in meeting are not reflec=
ted in charter=C2=A0=C2=A0</li></ol></div><div class=3D"gmail-actionContain=
er" style=3D"width:68px;max-height:18pt;overflow-y:visible;margin:0px;paddi=
ng:0px"><span class=3D"gmail-sparkTTHolder gmail-sparkTT-small" style=3D"ma=
rgin:0px;padding:0px;border:0px;display:inline-block"></span></div></div><d=
iv class=3D"gmail-sparkMessage gmail-hasAction" style=3D"line-height:16pt;c=
olor:rgb(52,53,55);margin-bottom:0px;width:813px;margin-top:3px;display:-we=
bkit-flex;min-height:18pt;font-family:-apple-system,&quot;Segoe UI Semiligh=
t&quot;,sans-serif;font-size:14px"><div class=3D"gmail-msgContainer" style=
=3D"user-select: auto; flex: 1 1 0px; cursor: text;"><ol start=3D"3" style=
=3D"padding-left:36pt"><li style=3D"user-select: auto;">None of this has ha=
s been sent to list. Not the minutes from the meeting. Not the charter.</li=
></ol></div><div class=3D"gmail-actionContainer" style=3D"width:68px;max-he=
ight:18pt;overflow-y:visible;margin:0px;padding:0px"><span class=3D"gmail-s=
parkTTHolder gmail-sparkTT-small" style=3D"margin:0px;padding:0px;border:0p=
x;display:inline-block"></span></div></div><div class=3D"gmail-sparkMessage=
 gmail-hasAction" style=3D"line-height:16pt;color:rgb(52,53,55);margin-bott=
om:0px;width:813px;margin-top:3px;display:-webkit-flex;min-height:18pt;font=
-family:-apple-system,&quot;Segoe UI Semilight&quot;,sans-serif;font-size:1=
4px"><div class=3D"gmail-msgContainer" style=3D"user-select: auto; flex: 1 =
1 0px; cursor: text;"><ol start=3D"4" style=3D"padding-left:36pt"><li style=
=3D"user-select: auto;">People have not had time to review or comment on it=
</li></ol><div><br></div><div>What should be the plan forward in addressing=
 the concerns here ?</div><div><br></div><div>Thanks</div><div>Suhas Nandak=
umar</div><div><br></div></div></div></div></div>

--94eb2c14ada6360907055f278ad4--


From nobody Wed Nov 29 15:58:20 2017
Return-Path: <ben@nostrum.com>
X-Original-To: suit@ietf.org
Delivered-To: suit@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 80169126E3A; Wed, 29 Nov 2017 15:58:18 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Ben Campbell <ben@nostrum.com>
To: "The IESG" <iesg@ietf.org>
Cc: suit-chairs@ietf.org, suit@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.66.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <151199989848.4805.16847403443008510445.idtracker@ietfa.amsl.com>
Date: Wed, 29 Nov 2017 15:58:18 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/x-oCxOvyOqiKONp9Pgg5T8fLlqU>
Subject: [Suit] Ben Campbell's No Objection on charter-ietf-suit-00-08: (with COMMENT)
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Nov 2017 23:58:18 -0000

Ben Campbell has entered the following ballot position for
charter-ietf-suit-00-08: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)



The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/charter-ietf-suit/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

I support Alissa's block position points.

I believe this work is critically important, and I hope we charter it. But it's
the day before the telechat, and there are still ongoing questions on the SUIT
list about the process and correct charter text. I suspect starting external
review prior to the BoF, then making material changes has cause confusion. I
think this would benefit from more time to work out the various elements of
confusion. It might help to defer to the next telechat.



From nobody Wed Nov 29 15:59:12 2017
Return-Path: <david.waltermire@nist.gov>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 986D712773A for <suit@ietfa.amsl.com>; Wed, 29 Nov 2017 15:59:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.07
X-Spam-Level: *
X-Spam-Status: No, score=1.07 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_FONT_FACE_BAD=0.981, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nwXW1cHSh7pC for <suit@ietfa.amsl.com>; Wed, 29 Nov 2017 15:59:08 -0800 (PST)
Received: from gcc01-dm2-obe.outbound.protection.outlook.com (mail-dm2gcc01on0095.outbound.protection.outlook.com [23.103.201.95]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3F3041201FA for <suit@ietf.org>; Wed, 29 Nov 2017 15:59:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=BK2SjK+ub4VYJLfv7M7zZslNaX7vLUhyh+eXF9uZSsY=; b=cp+r4RWeo0W9hjbo6H/+PJpjmWV+WPWCS0dvivpp1VDB+81+091PqgiyVYxIe9wJVdMb0T3kEyVX6slAU1aEBBqXku15+926QVuTEgsx/n/v/SlSQdxxzZOPQNzxk9tX62JHF5V0YfqZvLuNWDPZKXdpIEV5ufAhxTEegw7UfqI=
Received: from CY4PR09MB1495.namprd09.prod.outlook.com (10.173.191.141) by CY4PR09MB1496.namprd09.prod.outlook.com (10.173.191.142) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.282.5; Wed, 29 Nov 2017 23:59:06 +0000
Received: from CY4PR09MB1495.namprd09.prod.outlook.com ([10.173.191.141]) by CY4PR09MB1495.namprd09.prod.outlook.com ([10.173.191.141]) with mapi id 15.20.0282.006; Wed, 29 Nov 2017 23:59:06 +0000
From: "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>
To: Suhas Nandakumar <suhasietf@gmail.com>, "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] Concerns about Charter and Process Followed
Thread-Index: AQHTaWpJOt2Pt7uKJESr+xUhnSXN1aMsCT/m
Date: Wed, 29 Nov 2017 23:59:06 +0000
Message-ID: <s7nkptckpnl1rxbia0cxm23y.1511999943689@email.android.com>
References: <CAMRcRGRnUr6rvxse+EbopY+=txkQZcBNS_-A1td_YRFWifqJyg@mail.gmail.com>
In-Reply-To: <CAMRcRGRnUr6rvxse+EbopY+=txkQZcBNS_-A1td_YRFWifqJyg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: spf=none (sender IP is ) smtp.mailfrom=david.waltermire@nist.gov; 
x-originating-ip: [2600:1003:b023:4cb0:ec6a:6fd4:30e6:6b44]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; CY4PR09MB1496; 6:PcAkdFitEqWGm9eVDk+x5Rn+rRlw1b7zdwpuM7xPzfn3lXDbW0pCOHV17y/uWjWuMloJCdnRJQZX5nq9fsJJSU32aJgxR+CfJWUu+yNlx2rT8eDE4l83+t2o/UVt8R6GrbIfaykE4alV+NnaUQv5SZqSLEI5oI4gcjab3z3h5B+d1GvgnPImK99rKfrAtwlQYIS5VjbsvCtDB2MoBXxnz48KOvsj+TB0uKoPoIECXLWreL9v2qb/2yu6Pg7x3LwwJGjiEvXFgMFrMpWeOqJJX7vSDbtCazvBZzKzrFJ8ugL1roQI1zudXK6NOPtpAbh1p9q+fhfsP+U2kgm4qdCGexRv2Qgus4UovaUMDAVS13s=; 5:+YR75m87zpjDIv3Hl0vYsOb9ABwS1dbbahhrNE1d6AcBVPTyxzrusNvu5VNdpzvUzyn4eBWyQ9QKoOhhFC0EnEIh/bz7xdNWpP13QPSr4FHREqJKXM4KU6b6CwVEAAU8r/xqdemPQEDRu9E4h0FqOM76ldit8o2JkhnF3tHGhdw=; 24:GwxCDr8XW1u7y4+tUJ/KtOJfAyM1lMVIk5dZtuXPErFb6ojyWpcE2LDoH+CplG7Ek5O6PECTwa7orC+zQ7FRRzIDakhycYhF/JbSfVG0+7U=; 7:6fFzI+ywSxKw0HkdckhYIDjk/eup0Mkvg9oW/DQLCm7FcHHJbquuXcyEvnvRXp9TeCSDPzseaUXyrS93lU4I1zP5rCdlCdENIAu8wS3eyf05ndY2NUlQBSrmwzGzaaW9jSDOWHsJeWqVKmN8FVF82K72+5bQv9bejqR3Lo8BWHtdtu5p/qPNOizjMjKeDHZLd9vzqRM14JmexiFwsqtjPw+j26flX9lD9s1Z9jYu2bX1ynhfmt+1uN2sUeijjPWs
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 5225f60a-9976-47f7-e2e9-08d537852cb6
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(5600026)(4604075)(2017052603277); SRVR:CY4PR09MB1496; 
x-ms-traffictypediagnostic: CY4PR09MB1496:
x-microsoft-antispam-prvs: <CY4PR09MB14968D64E079EF3FC0ED926BF03B0@CY4PR09MB1496.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(189930954265078)(100405760836317)(219752817060721); 
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040450)(2401047)(8121501046)(5005006)(3002001)(3231022)(10201501046)(93006095)(93001095)(6055026)(6041248)(20161123564025)(20161123562025)(20161123555025)(20161123560025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123558100)(6072148)(201708071742011); SRVR:CY4PR09MB1496; BCL:0; PCL:0; RULEID:(100000803101)(100110400095); SRVR:CY4PR09MB1496; 
x-forefront-prvs: 05066DEDBB
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39860400002)(366004)(376002)(346002)(189002)(57704003)(199003)(13464003)(229853002)(6506006)(53546010)(3280700002)(345774005)(6436002)(2950100002)(7736002)(14454004)(8676002)(6486002)(68736007)(606006)(25786009)(2906002)(517774005)(97736004)(81166006)(81156014)(2900100001)(478600001)(99286004)(77096006)(6512007)(54896002)(9686003)(236005)(6306002)(6246003)(102836003)(106356001)(110136005)(2501003)(189998001)(7520500002)(33646002)(6116002)(316002)(51650200002)(63666004)(105586002)(86362001)(53936002)(8936002)(5660300001)(3660700001)(95246002)(39060400002)(101416001)(54356010)(50986010)(76176010); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR09MB1496; H:CY4PR09MB1495.namprd09.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords;  MX:1; A:1; LANG:en; 
received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_s7nkptckpnl1rxbia0cxm23y1511999943689emailandroidcom_"
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-Network-Message-Id: 5225f60a-9976-47f7-e2e9-08d537852cb6
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Nov 2017 23:59:06.1435 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR09MB1496
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/gnQ84QBEnIMJjr-tiexfT7nv4rc>
Subject: Re: [Suit] Concerns about Charter and Process Followed
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Nov 2017 23:59:11 -0000

--_000_s7nkptckpnl1rxbia0cxm23y1511999943689emailandroidcom_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Thank you for raising these concerns, I plan to spend time tomorrow reviewi=
ng the meetecho recording from the BoF, reviewing the recent mailing list d=
iscuaaion, the BoF notes (which I'll post), and the current charter. Once t=
he chairs have had a chance to review and discuss these materials we will c=
ome back to the list with a plan to move forward.

We want to make sure the charter reflects the consensus of the group and ad=
dresses any concerns raised by the IESG. Please give us some time to make s=
ure this happens in a productive way forward.

Thanks,
Dave

-------- Original Message --------
From: Suit <suit-bounces@ietf.org> on behalf of Suhas Nandakumar <suhasietf=
@gmail.com>
Date: Wed, November 29, 2017 6:32 PM -0500
To: suit@ietf.org
Subject: [Suit] Concerns about Charter and Process Followed

Hello Chairs

  Having spent sometime to browse through different lists and attempting to=
 sharer concerns to ensure that the charter text and consensus match, i tho=
ught will share few points for us to ponder upon.

As a follow up from BOF,

  1.  minutes are not published to the data-tracker or the SUIT mailing lis=
t. I discovered the following notes from the etherpad instead (https://ethe=
rpad.tools.ietf.org/p/notes-ietf-100-suit<https://na01.safelinks.protection=
.outlook.com/?url=3Dhttps%3A%2F%2Fetherpad.tools.ietf.org%2Fp%2Fnotes-ietf-=
100-suit&data=3D02%7C01%7Cdavid.waltermire%40nist.gov%7Cf7e484ae40ac48d72b1=
308d537816346%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C6364759512284616=
40&sdata=3D%2BoqSVEWQ5%2BGnd45OKxgANL04jRfgbXipHxpowGQ0cUQ%3D&reserved=3D0>=
)

          Co-Chairs summarize concerns with current Charter text
               - Use of RFC4108

  *              - Hum on if we should remove 4108 - Stronger hum???

  *              - Hum on if we should leave 4108

            - Should we constrain this to Class 1
          - Clarification on text revolving around transport mechanisms

  *             - Hum: Should we avoid the development of new transport mec=
hanisms - Yes is louder in the room

          - Should the charter have text to talk about capabilities

  *             - Hum: Charter needs text

  *            - Hum: Leave out of charter, but add to architecture

         - Should the charter restrict to one

  *           - Hum: Yes

  *          - Hum: No - Much Stronger

       - Do we need a charter text update or leave it to a discussion for d=
iscovery

  *        - Hum: Stronger for leaving it to discussion

      - Cullen Jennings via Jabber text to add: The architecture should pro=
vide a way to discover the firmware server

  *        - Hum: ???

  *

        - AD says we need to put this back on the list again

As requested by the AD (last bullet point), the consensus confirming email =
never made to the list.

  1.  From the above notes excerpt, the changes that had consensus in meeti=
ng are not reflected in charter

  1.  None of this has has been sent to list. Not the minutes from the meet=
ing. Not the charter.

  1.  People have not had time to review or comment on it

What should be the plan forward in addressing the concerns here ?

Thanks
Suhas Nandakumar


--_000_s7nkptckpnl1rxbia0cxm23y1511999943689emailandroidcom_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
<meta content=3D"text/html; charset=3Dutf-8">
</head>
<body>
Thank you for raising these concerns, I plan to spend time tomorrow reviewi=
ng the meetecho recording from the BoF, reviewing the recent mailing list d=
iscuaaion, the BoF notes (which I'll post), and the current charter. Once t=
he chairs have had a chance to review
 and discuss these materials we will come back to the list with a plan to m=
ove forward.<br>
<br>
We want to make sure the charter reflects the consensus of the group and ad=
dresses any concerns raised by the IESG. Please give us some time to make s=
ure this happens in a productive way forward.<br>
<br>
Thanks,<br>
Dave<br>
<br>
-------- Original Message --------<br>
From: Suit &lt;suit-bounces@ietf.org&gt; on behalf of Suhas Nandakumar &lt;=
suhasietf@gmail.com&gt;<br>
Date: Wed, November 29, 2017 6:32 PM -0500<br>
To: suit@ietf.org<br>
Subject: [Suit] Concerns about Charter and Process Followed<br>
<br>
<div>
<div dir=3D"ltr">Hello Chairs
<div><br>
</div>
<div>&nbsp; Having spent sometime to browse through different lists and att=
empting to sharer concerns to ensure that the charter text and consensus ma=
tch, i thought will share few points for us to ponder upon.</div>
<div><br>
</div>
<div>As a follow up from BOF,</div>
<div>
<div class=3D"gmail-sparkMessage gmail-hasAction" style=3D"line-height:16pt=
; margin-bottom:0px; width:813px; margin-top:3px; min-height:18pt">
<div class=3D"gmail-msgContainer" style=3D"">
<ol style=3D"color:rgb(52,53,55); font-size:14px; padding-left:36pt">
<li style=3D"">minutes are not published to the data-tracker or the SUIT ma=
iling list. I discovered the following notes from the etherpad instead (<a =
href=3D"https://na01.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2F=
etherpad.tools.ietf.org%2Fp%2Fnotes-ietf-100-suit&amp;data=3D02%7C01%7Cdavi=
d.waltermire%40nist.gov%7Cf7e484ae40ac48d72b1308d537816346%7C2ab5d82fd8fa47=
97a93e054655c61dec%7C1%7C0%7C636475951228461640&amp;sdata=3D%2BoqSVEWQ5%2BG=
nd45OKxgANL04jRfgbXipHxpowGQ0cUQ%3D&amp;reserved=3D0">https://etherpad.tool=
s.ietf.org/p/notes-ietf-100-suit</a>)</li></ol>
<div style=3D"color:rgb(52,53,55); font-size:14px">&nbsp; &nbsp; &nbsp; &nb=
sp; &nbsp;&nbsp;<span style=3D"background-color:rgb(227,255,234); color:rgb=
(0,0,0); font-family:&quot;Helvetica Neue&quot;,Arial,sans-serif; font-size=
:12px">Co-Chairs summarize concerns with current Charter text</span></div>
<div id=3D"gmail-magicdomid84" class=3D"gmail-" style=3D"color:rgb(0,0,0); =
font-family:&quot;Helvetica Neue&quot;,Arial,sans-serif; font-size:12px; ma=
rgin:0px; padding:0px">
<span class=3D"gmail-author-a-gsb63az71z3z80zdz89zz72zz68zz75zqz89z" style=
=3D"margin:0px; padding:1px 0px; background-color:rgb(227,255,234)">&nbsp; =
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;- Use of RFC4108</span></di=
v>
<div id=3D"gmail-magicdomid85" class=3D"gmail-" style=3D"color:rgb(0,0,0); =
font-family:&quot;Helvetica Neue&quot;,Arial,sans-serif; font-size:12px; ma=
rgin:0px; padding:0px">
<ul class=3D"gmail-list-indent1" style=3D"margin:0px 0px 0px 1.5em; padding=
:0px; list-style-type:none">
<li style=3D"margin:0px; padding:0px"><span class=3D"gmail-author-a-gsb63az=
71z3z80zdz89zz72zz68zz75zqz89z" style=3D"margin:0px; padding:1px 0px; backg=
round-color:rgb(227,255,234)">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;- Hu=
m on if we should remove 4108 - Stronger hum???</span></li></ul>
</div>
<div id=3D"gmail-magicdomid86" class=3D"gmail-" style=3D"color:rgb(0,0,0); =
font-family:&quot;Helvetica Neue&quot;,Arial,sans-serif; font-size:12px; ma=
rgin:0px; padding:0px">
<ul class=3D"gmail-list-indent1" style=3D"margin:0px 0px 0px 1.5em; padding=
:0px; list-style-type:none">
<li style=3D"margin:0px; padding:0px"><span class=3D"gmail-author-a-gsb63az=
71z3z80zdz89zz72zz68zz75zqz89z" style=3D"margin:0px; padding:1px 0px; backg=
round-color:rgb(227,255,234)">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;- Hu=
m on if we should leave 4108</span></li></ul>
</div>
<div id=3D"gmail-magicdomid87" class=3D"gmail-" style=3D"color:rgb(0,0,0); =
font-family:&quot;Helvetica Neue&quot;,Arial,sans-serif; font-size:12px; ma=
rgin:0px; padding:0px">
<span class=3D"gmail-author-a-gsb63az71z3z80zdz89zz72zz68zz75zqz89z" style=
=3D"margin:0px; padding:1px 0px; background-color:rgb(227,255,234)">&nbsp; =
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; - Should we constrain this to Class 1</s=
pan></div>
<div id=3D"gmail-magicdomid88" class=3D"gmail-" style=3D"color:rgb(0,0,0); =
font-family:&quot;Helvetica Neue&quot;,Arial,sans-serif; font-size:12px; ma=
rgin:0px; padding:0px">
<span class=3D"gmail-author-a-gsb63az71z3z80zdz89zz72zz68zz75zqz89z" style=
=3D"margin:0px; padding:1px 0px; background-color:rgb(227,255,234)">&nbsp; =
&nbsp; &nbsp; &nbsp; &nbsp; - Clarification on text revolving around transp=
ort mechanisms</span></div>
<div id=3D"gmail-magicdomid89" class=3D"gmail-" style=3D"color:rgb(0,0,0); =
font-family:&quot;Helvetica Neue&quot;,Arial,sans-serif; font-size:12px; ma=
rgin:0px; padding:0px">
<ul class=3D"gmail-list-indent1" style=3D"margin:0px 0px 0px 1.5em; padding=
:0px; list-style-type:none">
<li style=3D"margin:0px; padding:0px"><span class=3D"gmail-author-a-gsb63az=
71z3z80zdz89zz72zz68zz75zqz89z" style=3D"margin:0px; padding:1px 0px; backg=
round-color:rgb(227,255,234)">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; - Hum: Sho=
uld we avoid the development of new transport mechanisms - Yes
 is louder in the room</span></li></ul>
</div>
<div id=3D"gmail-magicdomid90" class=3D"gmail-" style=3D"color:rgb(0,0,0); =
font-family:&quot;Helvetica Neue&quot;,Arial,sans-serif; font-size:12px; ma=
rgin:0px; padding:0px">
<span class=3D"gmail-author-a-gsb63az71z3z80zdz89zz72zz68zz75zqz89z" style=
=3D"margin:0px; padding:1px 0px; background-color:rgb(227,255,234)">&nbsp; =
&nbsp; &nbsp; &nbsp; &nbsp; - Should the charter have text to talk about ca=
pabilities</span></div>
<div id=3D"gmail-magicdomid91" class=3D"gmail-" style=3D"color:rgb(0,0,0); =
font-family:&quot;Helvetica Neue&quot;,Arial,sans-serif; font-size:12px; ma=
rgin:0px; padding:0px">
<ul class=3D"gmail-list-indent1" style=3D"margin:0px 0px 0px 1.5em; padding=
:0px; list-style-type:none">
<li style=3D"margin:0px; padding:0px"><span class=3D"gmail-author-a-gsb63az=
71z3z80zdz89zz72zz68zz75zqz89z" style=3D"margin:0px; padding:1px 0px; backg=
round-color:rgb(227,255,234)">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; - Hum: Cha=
rter needs text</span></li></ul>
</div>
<div id=3D"gmail-magicdomid92" class=3D"gmail-" style=3D"color:rgb(0,0,0); =
font-family:&quot;Helvetica Neue&quot;,Arial,sans-serif; font-size:12px; ma=
rgin:0px; padding:0px">
<ul class=3D"gmail-list-indent1" style=3D"margin:0px 0px 0px 1.5em; padding=
:0px; list-style-type:none">
<li style=3D"margin:0px; padding:0px"><span class=3D"gmail-author-a-gsb63az=
71z3z80zdz89zz72zz68zz75zqz89z" style=3D"margin:0px; padding:1px 0px; backg=
round-color:rgb(227,255,234)">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;- Hum: Leav=
e out of charter, but add to architecture</span></li></ul>
</div>
<div id=3D"gmail-magicdomid93" class=3D"gmail-" style=3D"color:rgb(0,0,0); =
font-family:&quot;Helvetica Neue&quot;,Arial,sans-serif; font-size:12px; ma=
rgin:0px; padding:0px">
<span class=3D"gmail-author-a-gsb63az71z3z80zdz89zz72zz68zz75zqz89z" style=
=3D"margin:0px; padding:1px 0px; background-color:rgb(227,255,234)">&nbsp; =
&nbsp; &nbsp; &nbsp; &nbsp;- Should the charter restrict to one</span></div=
>
<div id=3D"gmail-magicdomid94" class=3D"gmail-" style=3D"color:rgb(0,0,0); =
font-family:&quot;Helvetica Neue&quot;,Arial,sans-serif; font-size:12px; ma=
rgin:0px; padding:0px">
<ul class=3D"gmail-list-indent1" style=3D"margin:0px 0px 0px 1.5em; padding=
:0px; list-style-type:none">
<li style=3D"margin:0px; padding:0px"><span class=3D"gmail-author-a-gsb63az=
71z3z80zdz89zz72zz68zz75zqz89z" style=3D"margin:0px; padding:1px 0px; backg=
round-color:rgb(227,255,234)">&nbsp; &nbsp; &nbsp; &nbsp; - Hum: Yes</span>=
</li></ul>
</div>
<div id=3D"gmail-magicdomid95" class=3D"gmail-" style=3D"color:rgb(0,0,0); =
font-family:&quot;Helvetica Neue&quot;,Arial,sans-serif; font-size:12px; ma=
rgin:0px; padding:0px">
<ul class=3D"gmail-list-indent1" style=3D"margin:0px 0px 0px 1.5em; padding=
:0px; list-style-type:none">
<li style=3D"margin:0px; padding:0px"><span class=3D"gmail-author-a-gsb63az=
71z3z80zdz89zz72zz68zz75zqz89z" style=3D"margin:0px; padding:1px 0px; backg=
round-color:rgb(227,255,234)">&nbsp; &nbsp; &nbsp; &nbsp;- Hum: No - Much S=
tronger</span></li></ul>
</div>
<div id=3D"gmail-magicdomid96" class=3D"gmail-" style=3D"color:rgb(0,0,0); =
font-family:&quot;Helvetica Neue&quot;,Arial,sans-serif; font-size:12px; ma=
rgin:0px; padding:0px">
<span class=3D"gmail-author-a-gsb63az71z3z80zdz89zz72zz68zz75zqz89z" style=
=3D"margin:0px; padding:1px 0px; background-color:rgb(227,255,234)">&nbsp; =
&nbsp; &nbsp; &nbsp;- Do we need a charter text update or leave it to a dis=
cussion for discovery</span></div>
<div id=3D"gmail-magicdomid97" class=3D"gmail-" style=3D"color:rgb(0,0,0); =
font-family:&quot;Helvetica Neue&quot;,Arial,sans-serif; font-size:12px; ma=
rgin:0px; padding:0px">
<ul class=3D"gmail-list-indent1" style=3D"margin:0px 0px 0px 1.5em; padding=
:0px; list-style-type:none">
<li style=3D"margin:0px; padding:0px"><span class=3D"gmail-author-a-gsb63az=
71z3z80zdz89zz72zz68zz75zqz89z" style=3D"margin:0px; padding:1px 0px; backg=
round-color:rgb(227,255,234)">&nbsp; &nbsp; &nbsp;- Hum: Stronger for leavi=
ng it to discussion</span></li></ul>
</div>
<div id=3D"gmail-magicdomid98" class=3D"gmail-" style=3D"color:rgb(0,0,0); =
font-family:&quot;Helvetica Neue&quot;,Arial,sans-serif; font-size:12px; ma=
rgin:0px; padding:0px">
<br style=3D"margin:0px; padding:0px">
</div>
<div id=3D"gmail-magicdomid99" class=3D"gmail-" style=3D"color:rgb(0,0,0); =
font-family:&quot;Helvetica Neue&quot;,Arial,sans-serif; font-size:12px; ma=
rgin:0px; padding:0px">
<span class=3D"gmail-author-a-gsb63az71z3z80zdz89zz72zz68zz75zqz89z" style=
=3D"margin:0px; padding:1px 0px; background-color:rgb(227,255,234)">&nbsp; =
&nbsp; &nbsp; - Cullen Jennings via Jabber text to add: The architecture sh=
ould provide a way to discover the firmware server</span></div>
<div id=3D"gmail-magicdomid100" class=3D"gmail-" style=3D"color:rgb(0,0,0);=
 font-family:&quot;Helvetica Neue&quot;,Arial,sans-serif; font-size:12px; m=
argin:0px; padding:0px">
<ul class=3D"gmail-list-indent1" style=3D"margin:0px 0px 0px 1.5em; padding=
:0px; list-style-type:none">
<li style=3D"margin:0px; padding:0px"><span class=3D"gmail-author-a-gsb63az=
71z3z80zdz89zz72zz68zz75zqz89z" style=3D"margin:0px; padding:1px 0px; backg=
round-color:rgb(227,255,234)">&nbsp; &nbsp; &nbsp;- Hum: ???</span></li></u=
l>
</div>
<div id=3D"gmail-magicdomid101" class=3D"gmail-" style=3D"color:rgb(0,0,0);=
 font-family:&quot;Helvetica Neue&quot;,Arial,sans-serif; font-size:12px; m=
argin:0px; padding:0px">
<ul class=3D"gmail-list-indent1" style=3D"margin:0px 0px 0px 1.5em; padding=
:0px; list-style-type:none">
<li style=3D"margin:0px; padding:0px"><br style=3D"margin:0px; padding:0px"=
>
</li></ul>
</div>
<div id=3D"gmail-magicdomid102" class=3D"gmail-" style=3D"color:rgb(0,0,0);=
 font-family:&quot;Helvetica Neue&quot;,Arial,sans-serif; font-size:12px; m=
argin:0px; padding:0px">
<span class=3D"gmail-author-a-gsb63az71z3z80zdz89zz72zz68zz75zqz89z" style=
=3D"margin:0px; padding:1px 0px; background-color:rgb(227,255,234)">&nbsp; =
&nbsp; &nbsp; &nbsp; - AD says we need to put this back on the list again</=
span></div>
<div id=3D"gmail-magicdomid102" class=3D"gmail-" style=3D"color:rgb(0,0,0);=
 font-family:&quot;Helvetica Neue&quot;,Arial,sans-serif; font-size:12px; m=
argin:0px; padding:0px">
<br>
</div>
<div id=3D"gmail-magicdomid102" class=3D"gmail-" style=3D"margin:0px; paddi=
ng:0px"><font color=3D"#343537" face=3D"-apple-system, Segoe UI Semilight, =
sans-serif"><span style=3D"font-size:14px">As requested by the AD (last bul=
let point), the consensus confirming email never
 made to the list.</span></font></div>
</div>
<div class=3D"gmail-actionContainer" style=3D"color:rgb(52,53,55); font-siz=
e:14px; width:68px; max-height:18pt; overflow-y:visible; margin:0px; paddin=
g:0px">
<span class=3D"gmail-sparkTTHolder gmail-sparkTT-small" style=3D"margin:0px=
; padding:0px; border:0px; display:inline-block"></span></div>
</div>
<div class=3D"gmail-sparkMessage gmail-hasAction" style=3D"line-height:16pt=
; color:rgb(52,53,55); margin-bottom:0px; width:813px; margin-top:3px; min-=
height:18pt; font-size:14px">
<div class=3D"gmail-msgContainer" style=3D"">
<ol start=3D"2" style=3D"padding-left:36pt">
<li style=3D"">From the above notes excerpt, the changes that had consensus=
 in meeting are not reflected in charter&nbsp;&nbsp;</li></ol>
</div>
<div class=3D"gmail-actionContainer" style=3D"width:68px; max-height:18pt; =
overflow-y:visible; margin:0px; padding:0px">
<span class=3D"gmail-sparkTTHolder gmail-sparkTT-small" style=3D"margin:0px=
; padding:0px; border:0px; display:inline-block"></span></div>
</div>
<div class=3D"gmail-sparkMessage gmail-hasAction" style=3D"line-height:16pt=
; color:rgb(52,53,55); margin-bottom:0px; width:813px; margin-top:3px; min-=
height:18pt; font-size:14px">
<div class=3D"gmail-msgContainer" style=3D"">
<ol start=3D"3" style=3D"padding-left:36pt">
<li style=3D"">None of this has has been sent to list. Not the minutes from=
 the meeting. Not the charter.</li></ol>
</div>
<div class=3D"gmail-actionContainer" style=3D"width:68px; max-height:18pt; =
overflow-y:visible; margin:0px; padding:0px">
<span class=3D"gmail-sparkTTHolder gmail-sparkTT-small" style=3D"margin:0px=
; padding:0px; border:0px; display:inline-block"></span></div>
</div>
<div class=3D"gmail-sparkMessage gmail-hasAction" style=3D"line-height:16pt=
; color:rgb(52,53,55); margin-bottom:0px; width:813px; margin-top:3px; min-=
height:18pt; font-size:14px">
<div class=3D"gmail-msgContainer" style=3D"">
<ol start=3D"4" style=3D"padding-left:36pt">
<li style=3D"">People have not had time to review or comment on it</li></ol=
>
<div><br>
</div>
<div>What should be the plan forward in addressing the concerns here ?</div=
>
<div><br>
</div>
<div>Thanks</div>
<div>Suhas Nandakumar</div>
<div><br>
</div>
</div>
</div>
</div>
</div>
</div>
</body>
</html>

--_000_s7nkptckpnl1rxbia0cxm23y1511999943689emailandroidcom_--


From nobody Wed Nov 29 16:13:47 2017
Return-Path: <david.waltermire@nist.gov>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CD0501272E1; Wed, 29 Nov 2017 16:13:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level: 
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LxsRe5kmPuby; Wed, 29 Nov 2017 16:13:37 -0800 (PST)
Received: from gcc01-CY1-obe.outbound.protection.outlook.com (mail-cy1gcc01on0097.outbound.protection.outlook.com [23.103.200.97]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 057AC124D6C; Wed, 29 Nov 2017 16:13:36 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=clTpyoQHkx/lrxwWDJge8LhNu61eRplRpR+hoz9m814=; b=PWeLhlh9jtRC1alsYElX2ihyeoqPWTR5J4DVId0fuBysQzVToqXyGduTmNHQhbRmeSwoVgkTlwSnf3TKiIlacF1XwTcLcUCy0ICAPJYGeOyvKbYBGQth1dLnreDVvNCa343wevxptQPKhbGc+c3hZrmCmU/xpfGR9wUvxYcHkgM=
Received: from CY4PR09MB1495.namprd09.prod.outlook.com (10.173.191.141) by CY4PR09MB1495.namprd09.prod.outlook.com (10.173.191.141) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.282.5; Thu, 30 Nov 2017 00:13:35 +0000
Received: from CY4PR09MB1495.namprd09.prod.outlook.com ([10.173.191.141]) by CY4PR09MB1495.namprd09.prod.outlook.com ([10.173.191.141]) with mapi id 15.20.0282.006; Thu, 30 Nov 2017 00:13:35 +0000
From: "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>
To: Ben Campbell <ben@nostrum.com>, The IESG <iesg@ietf.org>
CC: "suit-chairs@ietf.org" <suit-chairs@ietf.org>, "suit@ietf.org" <suit@ietf.org>
Thread-Topic: Ben Campbell's No Objection on charter-ietf-suit-00-08: (with COMMENT)
Thread-Index: AQHTaW32GySUkRMUkkatlmXaulwKaaMsDUMb
Date: Thu, 30 Nov 2017 00:13:34 +0000
Message-ID: <7cvbal5uxtcrgi98cyespa69.1512000812603@email.android.com>
References: <151199989848.4805.16847403443008510445.idtracker@ietfa.amsl.com>
In-Reply-To: <151199989848.4805.16847403443008510445.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: spf=none (sender IP is ) smtp.mailfrom=david.waltermire@nist.gov; 
x-originating-ip: [2600:1003:b023:4cb0:ec6a:6fd4:30e6:6b44]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; CY4PR09MB1495; 6:cCbsgewN78dgSVUHcbrSUJnDfKtPbN7W+t59KqWfAsrg14yW65cwhLdTSEYjqdq1p45Kt2locWU9FUZtnbsxG65Fw1Nn9Nz6Gx/4hSUJI+AN/lHXcoD2YWSJBm0hOk6L4WHDh2MV4LO6kH9COVs7qXwZNmqUjNy84qFQIteg4Ehl3S7sngy4HiPk2Oe5Hvp2ItgcY4vov2Mn7W9W9kRZvHVACY/oC2cwaUZxoCOZQVRSMWFJU78OO6h81BFPAlKjJ0vwUVBcykRvyJ/VMz+fg5TvBBoBep73MfX/qPZOZp7wXO6jHU+5D0RqeF0IjnaCMyJQQiWC/O7q+1CYquOTmgRfwUT2sgHx2kbduviZ0kE=; 5:ySTMYRG2+xhy37zfSQ1bZ14ckS8QzGFw7YO7Mj0cTmFyg0twcqrWltCRTpTZGTGczwazUx0RPw0No8maGhOimq/WbjT9eQHqqwDgcbi5X35GlTR0fow9p77MKLvTGX8gHulcUXu0oZUclR5PP5fHub+v22+gSnFFyWsFHfrD7Yk=; 24:swHu7PP6ReFtMs9ild0c3Bg+7CC6bJEYFCIdRREfB4PK3kK446aDp78NnYcsyBDpJODlhENFrskX673WQ1d5GcPTq3ptldaOkoqXb0Fh/74=; 7:qBMkLv7X50R+TkueUKhxHErr3EzcS6tqaBYIJ20U9GCNc7IU9AXalgCS9F6G5MewMMGGVgaCLkvu0xqgGBQ4zPYmZwAKOhHt5VpIt4Wr1HIT2c9oq4qayA1gB7j1tg29sH+wxR2Q7ptOh0ydXWG4QhzujlCnJMuGEavELgo4S9MWz2tXPXjBlmKtE6tfJ+rxXHo5Q181WTO0wjNi4ygAGSublRM5E9naYJn9y5EPkWmzbpDzURVcRebv2Pqp6w9B
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 24395f2a-54d1-495b-9dc5-08d537873287
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(5600026)(4604075)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603277); SRVR:CY4PR09MB1495; 
x-ms-traffictypediagnostic: CY4PR09MB1495:
x-microsoft-antispam-prvs: <CY4PR09MB1495E3F341F993052CE2E6ADF0380@CY4PR09MB1495.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(189930954265078)(131327999870524)(219752817060721); 
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040450)(2401047)(5005006)(8121501046)(93006095)(93001095)(3002001)(10201501046)(3231022)(6055026)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123558100)(20161123560025)(20161123555025)(20161123562025)(20161123564025)(6072148)(201708071742011); SRVR:CY4PR09MB1495; BCL:0; PCL:0; RULEID:(100000803101)(100110400095); SRVR:CY4PR09MB1495; 
x-forefront-prvs: 05079D8470
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(346002)(366004)(39860400002)(199003)(13464003)(189002)(6306002)(54896002)(99286004)(101416001)(8936002)(6512007)(105586002)(54906003)(229853002)(25786009)(9686003)(2906002)(316002)(81156014)(81166006)(606006)(8676002)(95246002)(3660700001)(3280700002)(6246003)(53936002)(110136005)(2900100001)(53546010)(2950100002)(4326008)(236005)(5660300001)(86362001)(189998001)(45080400002)(966005)(230783001)(478600001)(33646002)(14454004)(63666004)(7736002)(97736004)(68736007)(102836003)(6436002)(106356001)(6116002)(6506006)(77096006)(6486002)(51650200002)(76176010)(54356010)(50986010); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR09MB1495; H:CY4PR09MB1495.namprd09.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords;  A:1; MX:1; LANG:en; 
received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_7cvbal5uxtcrgi98cyespa691512000812603emailandroidcom_"
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-Network-Message-Id: 24395f2a-54d1-495b-9dc5-08d537873287
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Nov 2017 00:13:34.9091 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR09MB1495
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/nELP8zTE84D8DT3obXdH781vVTo>
Subject: Re: [Suit] Ben Campbell's No Objection on charter-ietf-suit-00-08: (with COMMENT)
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Nov 2017 00:13:40 -0000

--_000_7cvbal5uxtcrgi98cyespa691512000812603emailandroidcom_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

I just sent an email to the list suggesting that the chairs need to huddle =
to organize a way forward to resolve the confusion and drive discussion of =
the charter to a conclusion. We will need to defer the telechat for now as =
you and Alissa have suggested. We will work with Kathleen to set a new tele=
chat date one we resolve the current issues.

Thanks,
Dave


-------- Original Message --------
From: Ben Campbell <ben@nostrum.com>
Date: Wed, November 29, 2017 6:58 PM -0500
To: The IESG <iesg@ietf.org>
CC: suit-chairs@ietf.org, suit@ietf.org
Subject: Ben Campbell's No Objection on charter-ietf-suit-00-08: (with COMM=
ENT)

Ben Campbell has entered the following ballot position for
charter-ietf-suit-00-08: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)



The document, along with other ballot positions, can be found here:
https://na01.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fdatatrac=
ker.ietf.org%2Fdoc%2Fcharter-ietf-suit%2F&data=3D02%7C01%7Cdavid.waltermire=
%40nist.gov%7C17e03c990cca4888fff408d537851103%7C2ab5d82fd8fa4797a93e054655=
c61dec%7C1%7C0%7C636475967026699331&sdata=3DntK1mo%2BVxvKr9bzv%2BuGJAtyWB6R=
8%2FaOQXC7WCbO6iPs%3D&reserved=3D0



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

I support Alissa's block position points.

I believe this work is critically important, and I hope we charter it. But =
it's
the day before the telechat, and there are still ongoing questions on the S=
UIT
list about the process and correct charter text. I suspect starting externa=
l
review prior to the BoF, then making material changes has cause confusion. =
I
think this would benefit from more time to work out the various elements of
confusion. It might help to defer to the next telechat.



--_000_7cvbal5uxtcrgi98cyespa691512000812603emailandroidcom_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
<meta name=3D"Generator" content=3D"Microsoft Exchange Server">
<!-- converted from text --><style><!-- .EmailQuote { margin-left: 1pt; pad=
ding-left: 4pt; border-left: #800000 2px solid; } --></style>
</head>
<body>
<div>
<div id=3D"x_CFMaaS360ARState">I just sent an email to the list suggesting =
that the chairs need to huddle to organize a way forward to resolve the con=
fusion and drive discussion of the charter to a conclusion. We will need to=
 defer the telechat for now as you
 and Alissa have suggested. We will work with Kathleen to set a new telecha=
t date one we resolve the current issues.</div>
<div><br>
</div>
<div>Thanks,</div>
<div id=3D"" dir=3D"ltr">Dave</div>
<br>
<br>
-------- Original Message --------<br>
From: Ben Campbell &lt;ben@nostrum.com&gt;<br>
Date: Wed, November 29, 2017 6:58 PM -0500<br>
To: The IESG &lt;iesg@ietf.org&gt;<br>
CC: suit-chairs@ietf.org, suit@ietf.org<br>
Subject: Ben Campbell's No Objection on charter-ietf-suit-00-08: (with COMM=
ENT)<br>
<br>
</div>
<font size=3D"2"><span style=3D"font-size:10pt;">
<div class=3D"PlainText">Ben Campbell has entered the following ballot posi=
tion for<br>
charter-ietf-suit-00-08: No Objection<br>
<br>
When responding, please keep the subject line intact and reply to all<br>
email addresses included in the To and CC lines. (Feel free to cut this<br>
introductory paragraph, however.)<br>
<br>
<br>
<br>
The document, along with other ballot positions, can be found here:<br>
<a href=3D"https://na01.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F=
%2Fdatatracker.ietf.org%2Fdoc%2Fcharter-ietf-suit%2F&amp;data=3D02%7C01%7Cd=
avid.waltermire%40nist.gov%7C17e03c990cca4888fff408d537851103%7C2ab5d82fd8f=
a4797a93e054655c61dec%7C1%7C0%7C636475967026699331&amp;sdata=3DntK1mo%2BVxv=
Kr9bzv%2BuGJAtyWB6R8%2FaOQXC7WCbO6iPs%3D&amp;reserved=3D0">https://na01.saf=
elinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fdatatracker.ietf.org%2Fd=
oc%2Fcharter-ietf-suit%2F&amp;data=3D02%7C01%7Cdavid.waltermire%40nist.gov%=
7C17e03c990cca4888fff408d537851103%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7=
C0%7C636475967026699331&amp;sdata=3DntK1mo%2BVxvKr9bzv%2BuGJAtyWB6R8%2FaOQX=
C7WCbO6iPs%3D&amp;reserved=3D0</a><br>
<br>
<br>
<br>
----------------------------------------------------------------------<br>
COMMENT:<br>
----------------------------------------------------------------------<br>
<br>
I support Alissa's block position points.<br>
<br>
I believe this work is critically important, and I hope we charter it. But =
it's<br>
the day before the telechat, and there are still ongoing questions on the S=
UIT<br>
list about the process and correct charter text. I suspect starting externa=
l<br>
review prior to the BoF, then making material changes has cause confusion. =
I<br>
think this would benefit from more time to work out the various elements of=
<br>
confusion. It might help to defer to the next telechat.<br>
<br>
<br>
</div>
</span></font>
</body>
</html>

--_000_7cvbal5uxtcrgi98cyespa691512000812603emailandroidcom_--


From nobody Wed Nov 29 16:37:16 2017
Return-Path: <ben@nostrum.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D6BB1286B1; Wed, 29 Nov 2017 16:37:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.879
X-Spam-Level: 
X-Spam-Status: No, score=-1.879 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4TbFZ_VIdzlR; Wed, 29 Nov 2017 16:37:13 -0800 (PST)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4F742124B0A; Wed, 29 Nov 2017 16:37:13 -0800 (PST)
Received: from [10.0.1.92] (cpe-66-25-7-22.tx.res.rr.com [66.25.7.22]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id vAU0bCgs062236 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Wed, 29 Nov 2017 18:37:12 -0600 (CST) (envelope-from ben@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host cpe-66-25-7-22.tx.res.rr.com [66.25.7.22] claimed to be [10.0.1.92]
From: Ben Campbell <ben@nostrum.com>
Message-Id: <DD3E80F6-2DA3-416A-9F63-B1696DFF9BCA@nostrum.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_BFB0F93C-0A88-433D-8E55-18A8C4037936"; protocol="application/pgp-signature"; micalg=pgp-sha512
Mime-Version: 1.0 (Mac OS X Mail 11.1 \(3445.4.7\))
Date: Wed, 29 Nov 2017 18:37:11 -0600
In-Reply-To: <7cvbal5uxtcrgi98cyespa69.1512000812603@email.android.com>
Cc: The IESG <iesg@ietf.org>, "suit-chairs@ietf.org" <suit-chairs@ietf.org>, "suit@ietf.org" <suit@ietf.org>
To: "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>
References: <151199989848.4805.16847403443008510445.idtracker@ietfa.amsl.com> <7cvbal5uxtcrgi98cyespa69.1512000812603@email.android.com>
X-Mailer: Apple Mail (2.3445.4.7)
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/FFBbOavlgxZc_f2uSf0wGIJE_TI>
Subject: Re: [Suit] Ben Campbell's No Objection on charter-ietf-suit-00-08: (with COMMENT)
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Nov 2017 00:37:15 -0000

--Apple-Mail=_BFB0F93C-0A88-433D-8E55-18A8C4037936
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=utf-8

Hi Dave,

I think that=E2=80=99s the right approach. Again, I think this is =
critically important work, but that just makes it even more important to =
get the charter details right.

Thanks!

Ben.

> On Nov 29, 2017, at 6:13 PM, Waltermire, David A. (Fed) =
<david.waltermire@nist.gov> wrote:
>=20
> I just sent an email to the list suggesting that the chairs need to =
huddle to organize a way forward to resolve the confusion and drive =
discussion of the charter to a conclusion. We will need to defer the =
telechat for now as you and Alissa have suggested. We will work with =
Kathleen to set a new telechat date one we resolve the current issues.
>=20
> Thanks,
> Dave
>=20
>=20
> -------- Original Message --------
> From: Ben Campbell <ben@nostrum.com>
> Date: Wed, November 29, 2017 6:58 PM -0500
> To: The IESG <iesg@ietf.org>
> CC: suit-chairs@ietf.org, suit@ietf.org
> Subject: Ben Campbell's No Objection on charter-ietf-suit-00-08: (with =
COMMENT)
>=20
> Ben Campbell has entered the following ballot position for
> charter-ietf-suit-00-08: No Objection
>=20
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut =
this
> introductory paragraph, however.)
>=20
>=20
>=20
> The document, along with other ballot positions, can be found here:
> =
https://na01.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fdatatra=
cker.ietf.org%2Fdoc%2Fcharter-ietf-suit%2F&data=3D02%7C01%7Cdavid.waltermi=
re%40nist.gov%7C17e03c990cca4888fff408d537851103%7C2ab5d82fd8fa4797a93e054=
655c61dec%7C1%7C0%7C636475967026699331&sdata=3DntK1mo%2BVxvKr9bzv%2BuGJAty=
WB6R8%2FaOQXC7WCbO6iPs%3D&reserved=3D0
>=20
>=20
>=20
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
>=20
> I support Alissa's block position points.
>=20
> I believe this work is critically important, and I hope we charter it. =
But it's
> the day before the telechat, and there are still ongoing questions on =
the SUIT
> list about the process and correct charter text. I suspect starting =
external
> review prior to the BoF, then making material changes has cause =
confusion. I
> think this would benefit from more time to work out the various =
elements of
> confusion. It might help to defer to the next telechat.


--Apple-Mail=_BFB0F93C-0A88-433D-8E55-18A8C4037936
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename=signature.asc
Content-Type: application/pgp-signature;
	name=signature.asc
Content-Description: Message signed with OpenPGP

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIzBAEBCgAdFiEExW9rpd7ez4DexOFOgFZKbJXz1A0FAlofUrcACgkQgFZKbJXz
1A1TIg/9GdHJYtCcKnYmvbiRmdUyoOHPYw9qFl5SlJilHbGlX4C93vLJ4exi9vha
5YKAFeNiOcYRaf+kDYoeheRTZPypKRm/FgDSJb4+QAX8xu/5eXzSTfhwD4wu5R05
nRXo79/9cGq8pUk/6/BAmdnISKuF8khUIpCPslDIcdkqq3IolGZf0syp5IaLwF20
+L4eIHTJaKHDibbyQHpoouLU0VqWMgxxdfW3P0sOWy2CAqEnmzjcJnhWnmmZsUk+
cN1vlsO5sTzOM2ZpHK3yBHBDMPtWWs8/LMAQX+uggh00XVDjjNKPRNXx4RghZhBH
S0MWUh7m+KRdVZ6kMCQuQgnkNdnr2n9nb8ZPJ7aTei6jg8MaVhilPWJtdRZ3NCCa
yEFRIklZUbTzpxgxj83L7yFHPEzBm/H09iIU0wk/bIxSKQNU5s23jRTPY1+aH+rt
+eJ3yEg5OmUgyIKGwHtMxNxgy3nxQQVKRYbfn/T+X6dKI3Y/1hB0ss+Z/3qZJFNL
9TEFrs5unJywFvlwsjBgbiU0ywSKPkuD0TCbu8cigtuWXZ3BQweW/RVb26sOSqLK
5Y3OsaEHCHizEGkF4uDmZXWyAythR5fP7l3eNx0IDw6/FQdN6u4esuV/n++GbVBK
788aQ0r4LZ+D/fV4WvgxvEZscepASc2NWHZY5O7dyPBBhEGE2xM=
=6qZt
-----END PGP SIGNATURE-----

--Apple-Mail=_BFB0F93C-0A88-433D-8E55-18A8C4037936--


From nobody Wed Nov 29 16:53:44 2017
Return-Path: <suhasietf@gmail.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5F9641286B1 for <suit@ietfa.amsl.com>; Wed, 29 Nov 2017 16:53:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.717
X-Spam-Level: 
X-Spam-Status: No, score=-1.717 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_FONT_FACE_BAD=0.981, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id za8ZEz2AXQ_j for <suit@ietfa.amsl.com>; Wed, 29 Nov 2017 16:53:39 -0800 (PST)
Received: from mail-vk0-x22a.google.com (mail-vk0-x22a.google.com [IPv6:2607:f8b0:400c:c05::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 53EAE124D6C for <suit@ietf.org>; Wed, 29 Nov 2017 16:53:39 -0800 (PST)
Received: by mail-vk0-x22a.google.com with SMTP id j126so2451851vke.1 for <suit@ietf.org>; Wed, 29 Nov 2017 16:53:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;  h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=aQIuIV47u13hb0cZsrDajf58mSKEy7N94drRIGy32nw=; b=dDWQKPmRETs2JZUXNB9ygaRVX/iP1DkOYiJhO44KU/awrsiT+esSNx92VVV5jsoh9U 1P5llCCLuJZ5UyY6N3bQ9CXCuum77wzpaRQE85BJPVjtFA/bSydj7ihguL36/52PE3/Y wH4pSJXB9+XoHyNGBe3pf8FOSBhul8vhMimwKX1GF0bcmXmhKgsNVSgN9aV3yNHSAqcu AjvRn0fcpqavXSkSpu8c5/umgopaZsvYAg7j9uuVTlEUt450aUnFrS6As1i4My7KWzv6 X3sSWyykf8hUuc217J0DqnuTzSCM2uuahmNZV4qzolI3uHeN4wbsGzPS+fbvlZ9bme9H 3XlQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=aQIuIV47u13hb0cZsrDajf58mSKEy7N94drRIGy32nw=; b=EYWGNRLgjWr/ex58SUtRWIIgi+1Oi8F3vWaP0Ojv8HueKArfie3Drn8bidfVJMBQKZ B82XC86ibWP71H3CKf37xW/haMWbUBQRH6yAsBHQDoGi9adeCZ7ETzBT+68hzFUpCO04 m1S9rQaLK7OxyH+6u7okX1/VgS+4PG0KQToIpgwozlxTlb1p1IREp0s0mklSn3lh0lpd 2EMa4961HehJPfNMr22vI7Nje3CSemdEMAh5ZqfmdnwWkZZIC+3FwWIP8NsjRDi6fS7j q5ogU9tP6R6aDskswwvkfUVzOVB0fOzqoxXa8ww3iVHibeEjDXM4+8cZi0beaeaLkh6B CBUg==
X-Gm-Message-State: AKGB3mJLsQwxhcGJdyeirQJyVGTdpPjleR7r3G85QGZDr3gSmjBixHmq 4JCl2MbVXXKYWtvPs/RC4G4wVDzMRiVNlJSaVeU=
X-Google-Smtp-Source: AGs4zMaAi9Clm9ZWu2UHJcVaZmyTPjS8nW3tfXRvMZQCjEJliLZG2Jk4ABKTGRPy7jGEBG7yI4hQ/q2sv3blOo6cIQo=
X-Received: by 10.31.110.10 with SMTP id j10mr562062vkc.123.1512003218404; Wed, 29 Nov 2017 16:53:38 -0800 (PST)
MIME-Version: 1.0
Received: by 10.159.33.194 with HTTP; Wed, 29 Nov 2017 16:53:38 -0800 (PST)
In-Reply-To: <s7nkptckpnl1rxbia0cxm23y.1511999943689@email.android.com>
References: <CAMRcRGRnUr6rvxse+EbopY+=txkQZcBNS_-A1td_YRFWifqJyg@mail.gmail.com> <s7nkptckpnl1rxbia0cxm23y.1511999943689@email.android.com>
From: Suhas Nandakumar <suhasietf@gmail.com>
Date: Wed, 29 Nov 2017 16:53:38 -0800
Message-ID: <CAMRcRGTNmOWBzWU2Y6A11NAcivW0DGOszNzzomA4ho+_EY619Q@mail.gmail.com>
To: "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>
Cc: "suit@ietf.org" <suit@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c14ada6bb7a6c055f28ae6c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/HG9MkS_tyj2_PHP0LVheCAYPaYA>
Subject: Re: [Suit] Concerns about Charter and Process Followed
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Nov 2017 00:53:42 -0000

--94eb2c14ada6bb7a6c055f28ae6c
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Thanks Dave for the response and considering the concerns.

Also i was wondering, would it makes sense to have the charter on the
github, so people can comment and generate pull requests if needed

Thanks
Suhas

On Wed, Nov 29, 2017 at 3:59 PM, Waltermire, David A. (Fed) <
david.waltermire@nist.gov> wrote:

> Thank you for raising these concerns, I plan to spend time tomorrow
> reviewing the meetecho recording from the BoF, reviewing the recent maili=
ng
> list discuaaion, the BoF notes (which I'll post), and the current charter=
.
> Once the chairs have had a chance to review and discuss these materials w=
e
> will come back to the list with a plan to move forward.
>
> We want to make sure the charter reflects the consensus of the group and
> addresses any concerns raised by the IESG. Please give us some time to ma=
ke
> sure this happens in a productive way forward.
>
> Thanks,
> Dave
>
>
> -------- Original Message --------
> From: Suit <suit-bounces@ietf.org> on behalf of Suhas Nandakumar <
> suhasietf@gmail.com>
> Date: Wed, November 29, 2017 6:32 PM -0500
> To: suit@ietf.org
> Subject: [Suit] Concerns about Charter and Process Followed
>
> Hello Chairs
>
>   Having spent sometime to browse through different lists and attempting
> to sharer concerns to ensure that the charter text and consensus match, i
> thought will share few points for us to ponder upon.
>
> As a follow up from BOF,
>
>    1. minutes are not published to the data-tracker or the SUIT mailing
>    list. I discovered the following notes from the etherpad instead (
>    https://etherpad.tools.ietf.org/p/notes-ietf-100-suit
>    <https://na01.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fet=
herpad.tools.ietf.org%2Fp%2Fnotes-ietf-100-suit&data=3D02%7C01%7Cdavid.walt=
ermire%40nist.gov%7Cf7e484ae40ac48d72b1308d537816346%7C2ab5d82fd8fa4797a93e=
054655c61dec%7C1%7C0%7C636475951228461640&sdata=3D%2BoqSVEWQ5%2BGnd45OKxgAN=
L04jRfgbXipHxpowGQ0cUQ%3D&reserved=3D0>
>    )
>
>           Co-Chairs summarize concerns with current Charter text
>                - Use of RFC4108
>
>    -            - Hum on if we should remove 4108 - Stronger hum???
>
>
>    -            - Hum on if we should leave 4108
>
>             - Should we constrain this to Class 1
>           - Clarification on text revolving around transport mechanisms
>
>    -           - Hum: Should we avoid the development of new transport
>    mechanisms - Yes is louder in the room
>
>           - Should the charter have text to talk about capabilities
>
>    -           - Hum: Charter needs text
>
>
>    -          - Hum: Leave out of charter, but add to architecture
>
>          - Should the charter restrict to one
>
>    -         - Hum: Yes
>
>
>    -        - Hum: No - Much Stronger
>
>        - Do we need a charter text update or leave it to a discussion for
> discovery
>
>    -      - Hum: Stronger for leaving it to discussion
>
>
>       - Cullen Jennings via Jabber text to add: The architecture should
> provide a way to discover the firmware server
>
>    -      - Hum: ???
>
>
>    -
>
>         - AD says we need to put this back on the list again
>
> As requested by the AD (last bullet point), the consensus confirming emai=
l
> never made to the list.
>
>    1. From the above notes excerpt, the changes that had consensus in
>    meeting are not reflected in charter
>
>
>    1. None of this has has been sent to list. Not the minutes from the
>    meeting. Not the charter.
>
>
>    1. People have not had time to review or comment on it
>
>
> What should be the plan forward in addressing the concerns here ?
>
> Thanks
> Suhas Nandakumar
>
>

--94eb2c14ada6bb7a6c055f28ae6c
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Thanks Dave for the response and considering the concerns.=
=C2=A0<div><br></div><div>Also i was wondering, would it makes sense to hav=
e the charter on the github, so people can comment and generate pull reques=
ts if needed<div><br></div><div>Thanks</div><div>Suhas</div></div></div><di=
v class=3D"gmail_extra"><br><div class=3D"gmail_quote">On Wed, Nov 29, 2017=
 at 3:59 PM, Waltermire, David A. (Fed) <span dir=3D"ltr">&lt;<a href=3D"ma=
ilto:david.waltermire@nist.gov" target=3D"_blank">david.waltermire@nist.gov=
</a>&gt;</span> wrote:<br><blockquote class=3D"gmail_quote" style=3D"margin=
:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">




<div>
Thank you for raising these concerns, I plan to spend time tomorrow reviewi=
ng the meetecho recording from the BoF, reviewing the recent mailing list d=
iscuaaion, the BoF notes (which I&#39;ll post), and the current charter. On=
ce the chairs have had a chance to review
 and discuss these materials we will come back to the list with a plan to m=
ove forward.<br>
<br>
We want to make sure the charter reflects the consensus of the group and ad=
dresses any concerns raised by the IESG. Please give us some time to make s=
ure this happens in a productive way forward.<br>
<br>
Thanks,<br>
Dave<div><div class=3D"h5"><br>
<br>
-------- Original Message --------<br>
From: Suit &lt;<a href=3D"mailto:suit-bounces@ietf.org" target=3D"_blank">s=
uit-bounces@ietf.org</a>&gt; on behalf of Suhas Nandakumar &lt;<a href=3D"m=
ailto:suhasietf@gmail.com" target=3D"_blank">suhasietf@gmail.com</a>&gt;<br=
>
Date: Wed, November 29, 2017 6:32 PM -0500<br>
To: <a href=3D"mailto:suit@ietf.org" target=3D"_blank">suit@ietf.org</a><br=
>
Subject: [Suit] Concerns about Charter and Process Followed<br>
<br>
<div>
<div dir=3D"ltr">Hello Chairs
<div><br>
</div>
<div>=C2=A0 Having spent sometime to browse through different lists and att=
empting to sharer concerns to ensure that the charter text and consensus ma=
tch, i thought will share few points for us to ponder upon.</div>
<div><br>
</div>
<div>As a follow up from BOF,</div>
<div>
<div class=3D"m_6043357652331740356gmail-sparkMessage m_6043357652331740356=
gmail-hasAction" style=3D"line-height:16pt;margin-bottom:0px;width:813px;ma=
rgin-top:3px;min-height:18pt">
<div class=3D"m_6043357652331740356gmail-msgContainer">
<ol style=3D"color:rgb(52,53,55);font-size:14px;padding-left:36pt">
<li>minutes are not published to the data-tracker or the SUIT mailing list.=
 I discovered the following notes from the etherpad instead (<a href=3D"htt=
ps://na01.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fetherpad.to=
ols.ietf.org%2Fp%2Fnotes-ietf-100-suit&amp;data=3D02%7C01%7Cdavid.waltermir=
e%40nist.gov%7Cf7e484ae40ac48d72b1308d537816346%7C2ab5d82fd8fa4797a93e05465=
5c61dec%7C1%7C0%7C636475951228461640&amp;sdata=3D%2BoqSVEWQ5%2BGnd45OKxgANL=
04jRfgbXipHxpowGQ0cUQ%3D&amp;reserved=3D0" target=3D"_blank">https://etherp=
ad.tools.ietf.<wbr>org/p/notes-ietf-100-suit</a>)</li></ol>
<div style=3D"color:rgb(52,53,55);font-size:14px">=C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0=C2=A0<span style=3D"background-color:rgb(227,255,234);color:rgb(=
0,0,0);font-family:&quot;Helvetica Neue&quot;,Arial,sans-serif;font-size:12=
px">Co-Chairs summarize concerns with current Charter text</span></div>
<div id=3D"m_6043357652331740356gmail-magicdomid84" class=3D"m_604335765233=
1740356gmail-" style=3D"color:rgb(0,0,0);font-family:&quot;Helvetica Neue&q=
uot;,Arial,sans-serif;font-size:12px;margin:0px;padding:0px">
<span class=3D"m_6043357652331740356gmail-author-a-gsb63az71z3z80zdz89zz72z=
z68zz75zqz89z" style=3D"margin:0px;padding:1px 0px;background-color:rgb(227=
,255,234)">=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0- Use of =
RFC4108</span></div>
<div id=3D"m_6043357652331740356gmail-magicdomid85" class=3D"m_604335765233=
1740356gmail-" style=3D"color:rgb(0,0,0);font-family:&quot;Helvetica Neue&q=
uot;,Arial,sans-serif;font-size:12px;margin:0px;padding:0px">
<ul class=3D"m_6043357652331740356gmail-list-indent1" style=3D"margin:0px 0=
px 0px 1.5em;padding:0px;list-style-type:none">
<li style=3D"margin:0px;padding:0px"><span class=3D"m_6043357652331740356gm=
ail-author-a-gsb63az71z3z80zdz89zz72zz68zz75zqz89z" style=3D"margin:0px;pad=
ding:1px 0px;background-color:rgb(227,255,234)">=C2=A0 =C2=A0 =C2=A0 =C2=A0=
 =C2=A0 =C2=A0- Hum on if we should remove 4108 - Stronger hum???</span></l=
i></ul>
</div>
<div id=3D"m_6043357652331740356gmail-magicdomid86" class=3D"m_604335765233=
1740356gmail-" style=3D"color:rgb(0,0,0);font-family:&quot;Helvetica Neue&q=
uot;,Arial,sans-serif;font-size:12px;margin:0px;padding:0px">
<ul class=3D"m_6043357652331740356gmail-list-indent1" style=3D"margin:0px 0=
px 0px 1.5em;padding:0px;list-style-type:none">
<li style=3D"margin:0px;padding:0px"><span class=3D"m_6043357652331740356gm=
ail-author-a-gsb63az71z3z80zdz89zz72zz68zz75zqz89z" style=3D"margin:0px;pad=
ding:1px 0px;background-color:rgb(227,255,234)">=C2=A0 =C2=A0 =C2=A0 =C2=A0=
 =C2=A0 =C2=A0- Hum on if we should leave 4108</span></li></ul>
</div>
<div id=3D"m_6043357652331740356gmail-magicdomid87" class=3D"m_604335765233=
1740356gmail-" style=3D"color:rgb(0,0,0);font-family:&quot;Helvetica Neue&q=
uot;,Arial,sans-serif;font-size:12px;margin:0px;padding:0px">
<span class=3D"m_6043357652331740356gmail-author-a-gsb63az71z3z80zdz89zz72z=
z68zz75zqz89z" style=3D"margin:0px;padding:1px 0px;background-color:rgb(227=
,255,234)">=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 - Should we constrain =
this to Class 1</span></div>
<div id=3D"m_6043357652331740356gmail-magicdomid88" class=3D"m_604335765233=
1740356gmail-" style=3D"color:rgb(0,0,0);font-family:&quot;Helvetica Neue&q=
uot;,Arial,sans-serif;font-size:12px;margin:0px;padding:0px">
<span class=3D"m_6043357652331740356gmail-author-a-gsb63az71z3z80zdz89zz72z=
z68zz75zqz89z" style=3D"margin:0px;padding:1px 0px;background-color:rgb(227=
,255,234)">=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 - Clarification on text revol=
ving around transport mechanisms</span></div>
<div id=3D"m_6043357652331740356gmail-magicdomid89" class=3D"m_604335765233=
1740356gmail-" style=3D"color:rgb(0,0,0);font-family:&quot;Helvetica Neue&q=
uot;,Arial,sans-serif;font-size:12px;margin:0px;padding:0px">
<ul class=3D"m_6043357652331740356gmail-list-indent1" style=3D"margin:0px 0=
px 0px 1.5em;padding:0px;list-style-type:none">
<li style=3D"margin:0px;padding:0px"><span class=3D"m_6043357652331740356gm=
ail-author-a-gsb63az71z3z80zdz89zz72zz68zz75zqz89z" style=3D"margin:0px;pad=
ding:1px 0px;background-color:rgb(227,255,234)">=C2=A0 =C2=A0 =C2=A0 =C2=A0=
 =C2=A0 - Hum: Should we avoid the development of new transport mechanisms =
- Yes
 is louder in the room</span></li></ul>
</div>
<div id=3D"m_6043357652331740356gmail-magicdomid90" class=3D"m_604335765233=
1740356gmail-" style=3D"color:rgb(0,0,0);font-family:&quot;Helvetica Neue&q=
uot;,Arial,sans-serif;font-size:12px;margin:0px;padding:0px">
<span class=3D"m_6043357652331740356gmail-author-a-gsb63az71z3z80zdz89zz72z=
z68zz75zqz89z" style=3D"margin:0px;padding:1px 0px;background-color:rgb(227=
,255,234)">=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 - Should the charter have tex=
t to talk about capabilities</span></div>
<div id=3D"m_6043357652331740356gmail-magicdomid91" class=3D"m_604335765233=
1740356gmail-" style=3D"color:rgb(0,0,0);font-family:&quot;Helvetica Neue&q=
uot;,Arial,sans-serif;font-size:12px;margin:0px;padding:0px">
<ul class=3D"m_6043357652331740356gmail-list-indent1" style=3D"margin:0px 0=
px 0px 1.5em;padding:0px;list-style-type:none">
<li style=3D"margin:0px;padding:0px"><span class=3D"m_6043357652331740356gm=
ail-author-a-gsb63az71z3z80zdz89zz72zz68zz75zqz89z" style=3D"margin:0px;pad=
ding:1px 0px;background-color:rgb(227,255,234)">=C2=A0 =C2=A0 =C2=A0 =C2=A0=
 =C2=A0 - Hum: Charter needs text</span></li></ul>
</div>
<div id=3D"m_6043357652331740356gmail-magicdomid92" class=3D"m_604335765233=
1740356gmail-" style=3D"color:rgb(0,0,0);font-family:&quot;Helvetica Neue&q=
uot;,Arial,sans-serif;font-size:12px;margin:0px;padding:0px">
<ul class=3D"m_6043357652331740356gmail-list-indent1" style=3D"margin:0px 0=
px 0px 1.5em;padding:0px;list-style-type:none">
<li style=3D"margin:0px;padding:0px"><span class=3D"m_6043357652331740356gm=
ail-author-a-gsb63az71z3z80zdz89zz72zz68zz75zqz89z" style=3D"margin:0px;pad=
ding:1px 0px;background-color:rgb(227,255,234)">=C2=A0 =C2=A0 =C2=A0 =C2=A0=
 =C2=A0- Hum: Leave out of charter, but add to architecture</span></li></ul=
>
</div>
<div id=3D"m_6043357652331740356gmail-magicdomid93" class=3D"m_604335765233=
1740356gmail-" style=3D"color:rgb(0,0,0);font-family:&quot;Helvetica Neue&q=
uot;,Arial,sans-serif;font-size:12px;margin:0px;padding:0px">
<span class=3D"m_6043357652331740356gmail-author-a-gsb63az71z3z80zdz89zz72z=
z68zz75zqz89z" style=3D"margin:0px;padding:1px 0px;background-color:rgb(227=
,255,234)">=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0- Should the charter restrict =
to one</span></div>
<div id=3D"m_6043357652331740356gmail-magicdomid94" class=3D"m_604335765233=
1740356gmail-" style=3D"color:rgb(0,0,0);font-family:&quot;Helvetica Neue&q=
uot;,Arial,sans-serif;font-size:12px;margin:0px;padding:0px">
<ul class=3D"m_6043357652331740356gmail-list-indent1" style=3D"margin:0px 0=
px 0px 1.5em;padding:0px;list-style-type:none">
<li style=3D"margin:0px;padding:0px"><span class=3D"m_6043357652331740356gm=
ail-author-a-gsb63az71z3z80zdz89zz72zz68zz75zqz89z" style=3D"margin:0px;pad=
ding:1px 0px;background-color:rgb(227,255,234)">=C2=A0 =C2=A0 =C2=A0 =C2=A0=
 - Hum: Yes</span></li></ul>
</div>
<div id=3D"m_6043357652331740356gmail-magicdomid95" class=3D"m_604335765233=
1740356gmail-" style=3D"color:rgb(0,0,0);font-family:&quot;Helvetica Neue&q=
uot;,Arial,sans-serif;font-size:12px;margin:0px;padding:0px">
<ul class=3D"m_6043357652331740356gmail-list-indent1" style=3D"margin:0px 0=
px 0px 1.5em;padding:0px;list-style-type:none">
<li style=3D"margin:0px;padding:0px"><span class=3D"m_6043357652331740356gm=
ail-author-a-gsb63az71z3z80zdz89zz72zz68zz75zqz89z" style=3D"margin:0px;pad=
ding:1px 0px;background-color:rgb(227,255,234)">=C2=A0 =C2=A0 =C2=A0 =C2=A0=
- Hum: No - Much Stronger</span></li></ul>
</div>
<div id=3D"m_6043357652331740356gmail-magicdomid96" class=3D"m_604335765233=
1740356gmail-" style=3D"color:rgb(0,0,0);font-family:&quot;Helvetica Neue&q=
uot;,Arial,sans-serif;font-size:12px;margin:0px;padding:0px">
<span class=3D"m_6043357652331740356gmail-author-a-gsb63az71z3z80zdz89zz72z=
z68zz75zqz89z" style=3D"margin:0px;padding:1px 0px;background-color:rgb(227=
,255,234)">=C2=A0 =C2=A0 =C2=A0 =C2=A0- Do we need a charter text update or=
 leave it to a discussion for discovery</span></div>
<div id=3D"m_6043357652331740356gmail-magicdomid97" class=3D"m_604335765233=
1740356gmail-" style=3D"color:rgb(0,0,0);font-family:&quot;Helvetica Neue&q=
uot;,Arial,sans-serif;font-size:12px;margin:0px;padding:0px">
<ul class=3D"m_6043357652331740356gmail-list-indent1" style=3D"margin:0px 0=
px 0px 1.5em;padding:0px;list-style-type:none">
<li style=3D"margin:0px;padding:0px"><span class=3D"m_6043357652331740356gm=
ail-author-a-gsb63az71z3z80zdz89zz72zz68zz75zqz89z" style=3D"margin:0px;pad=
ding:1px 0px;background-color:rgb(227,255,234)">=C2=A0 =C2=A0 =C2=A0- Hum: =
Stronger for leaving it to discussion</span></li></ul>
</div>
<div id=3D"m_6043357652331740356gmail-magicdomid98" class=3D"m_604335765233=
1740356gmail-" style=3D"color:rgb(0,0,0);font-family:&quot;Helvetica Neue&q=
uot;,Arial,sans-serif;font-size:12px;margin:0px;padding:0px">
<br style=3D"margin:0px;padding:0px">
</div>
<div id=3D"m_6043357652331740356gmail-magicdomid99" class=3D"m_604335765233=
1740356gmail-" style=3D"color:rgb(0,0,0);font-family:&quot;Helvetica Neue&q=
uot;,Arial,sans-serif;font-size:12px;margin:0px;padding:0px">
<span class=3D"m_6043357652331740356gmail-author-a-gsb63az71z3z80zdz89zz72z=
z68zz75zqz89z" style=3D"margin:0px;padding:1px 0px;background-color:rgb(227=
,255,234)">=C2=A0 =C2=A0 =C2=A0 - Cullen Jennings via Jabber text to add: T=
he architecture should provide a way to discover the firmware server</span>=
</div>
<div id=3D"m_6043357652331740356gmail-magicdomid100" class=3D"m_60433576523=
31740356gmail-" style=3D"color:rgb(0,0,0);font-family:&quot;Helvetica Neue&=
quot;,Arial,sans-serif;font-size:12px;margin:0px;padding:0px">
<ul class=3D"m_6043357652331740356gmail-list-indent1" style=3D"margin:0px 0=
px 0px 1.5em;padding:0px;list-style-type:none">
<li style=3D"margin:0px;padding:0px"><span class=3D"m_6043357652331740356gm=
ail-author-a-gsb63az71z3z80zdz89zz72zz68zz75zqz89z" style=3D"margin:0px;pad=
ding:1px 0px;background-color:rgb(227,255,234)">=C2=A0 =C2=A0 =C2=A0- Hum: =
???</span></li></ul>
</div>
<div id=3D"m_6043357652331740356gmail-magicdomid101" class=3D"m_60433576523=
31740356gmail-" style=3D"color:rgb(0,0,0);font-family:&quot;Helvetica Neue&=
quot;,Arial,sans-serif;font-size:12px;margin:0px;padding:0px">
<ul class=3D"m_6043357652331740356gmail-list-indent1" style=3D"margin:0px 0=
px 0px 1.5em;padding:0px;list-style-type:none">
<li style=3D"margin:0px;padding:0px"><br style=3D"margin:0px;padding:0px">
</li></ul>
</div>
<div id=3D"m_6043357652331740356gmail-magicdomid102" class=3D"m_60433576523=
31740356gmail-" style=3D"color:rgb(0,0,0);font-family:&quot;Helvetica Neue&=
quot;,Arial,sans-serif;font-size:12px;margin:0px;padding:0px">
<span class=3D"m_6043357652331740356gmail-author-a-gsb63az71z3z80zdz89zz72z=
z68zz75zqz89z" style=3D"margin:0px;padding:1px 0px;background-color:rgb(227=
,255,234)">=C2=A0 =C2=A0 =C2=A0 =C2=A0 - AD says we need to put this back o=
n the list again</span></div>
<div id=3D"m_6043357652331740356gmail-magicdomid102" class=3D"m_60433576523=
31740356gmail-" style=3D"color:rgb(0,0,0);font-family:&quot;Helvetica Neue&=
quot;,Arial,sans-serif;font-size:12px;margin:0px;padding:0px">
<br>
</div>
<div id=3D"m_6043357652331740356gmail-magicdomid102" class=3D"m_60433576523=
31740356gmail-" style=3D"margin:0px;padding:0px"><font color=3D"#343537" fa=
ce=3D"-apple-system, Segoe UI Semilight, sans-serif"><span style=3D"font-si=
ze:14px">As requested by the AD (last bullet point), the consensus confirmi=
ng email never
 made to the list.</span></font></div>
</div>
<div class=3D"m_6043357652331740356gmail-actionContainer" style=3D"color:rg=
b(52,53,55);font-size:14px;width:68px;max-height:18pt;overflow-y:visible;ma=
rgin:0px;padding:0px">
<span class=3D"m_6043357652331740356gmail-sparkTTHolder m_60433576523317403=
56gmail-sparkTT-small" style=3D"margin:0px;padding:0px;border:0px;display:i=
nline-block"></span></div>
</div>
<div class=3D"m_6043357652331740356gmail-sparkMessage m_6043357652331740356=
gmail-hasAction" style=3D"line-height:16pt;color:rgb(52,53,55);margin-botto=
m:0px;width:813px;margin-top:3px;min-height:18pt;font-size:14px">
<div class=3D"m_6043357652331740356gmail-msgContainer">
<ol start=3D"2" style=3D"padding-left:36pt">
<li>From the above notes excerpt, the changes that had consensus in meeting=
 are not reflected in charter=C2=A0=C2=A0</li></ol>
</div>
<div class=3D"m_6043357652331740356gmail-actionContainer" style=3D"width:68=
px;max-height:18pt;overflow-y:visible;margin:0px;padding:0px">
<span class=3D"m_6043357652331740356gmail-sparkTTHolder m_60433576523317403=
56gmail-sparkTT-small" style=3D"margin:0px;padding:0px;border:0px;display:i=
nline-block"></span></div>
</div>
<div class=3D"m_6043357652331740356gmail-sparkMessage m_6043357652331740356=
gmail-hasAction" style=3D"line-height:16pt;color:rgb(52,53,55);margin-botto=
m:0px;width:813px;margin-top:3px;min-height:18pt;font-size:14px">
<div class=3D"m_6043357652331740356gmail-msgContainer">
<ol start=3D"3" style=3D"padding-left:36pt">
<li>None of this has has been sent to list. Not the minutes from the meetin=
g. Not the charter.</li></ol>
</div>
<div class=3D"m_6043357652331740356gmail-actionContainer" style=3D"width:68=
px;max-height:18pt;overflow-y:visible;margin:0px;padding:0px">
<span class=3D"m_6043357652331740356gmail-sparkTTHolder m_60433576523317403=
56gmail-sparkTT-small" style=3D"margin:0px;padding:0px;border:0px;display:i=
nline-block"></span></div>
</div>
<div class=3D"m_6043357652331740356gmail-sparkMessage m_6043357652331740356=
gmail-hasAction" style=3D"line-height:16pt;color:rgb(52,53,55);margin-botto=
m:0px;width:813px;margin-top:3px;min-height:18pt;font-size:14px">
<div class=3D"m_6043357652331740356gmail-msgContainer">
<ol start=3D"4" style=3D"padding-left:36pt">
<li>People have not had time to review or comment on it</li></ol>
<div><br>
</div>
<div>What should be the plan forward in addressing the concerns here ?</div=
>
<div><br>
</div>
<div>Thanks</div>
<div>Suhas Nandakumar</div>
<div><br>
</div>
</div>
</div>
</div>
</div>
</div>
</div></div></div>

</blockquote></div><br></div>

--94eb2c14ada6bb7a6c055f28ae6c--


From nobody Wed Nov 29 18:38:41 2017
Return-Path: <alissa@cooperw.in>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A127120454; Wed, 29 Nov 2017 18:38:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.72
X-Spam-Level: 
X-Spam-Status: No, score=-2.72 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cooperw.in header.b=eIri2WPj; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=BubO/ZOS
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yVXKYE6rZ0kt; Wed, 29 Nov 2017 18:38:32 -0800 (PST)
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2CDF9128990; Wed, 29 Nov 2017 18:38:32 -0800 (PST)
Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id 90EE620C31; Wed, 29 Nov 2017 21:38:31 -0500 (EST)
Received: from frontend1 ([10.202.2.160]) by compute7.internal (MEProxy); Wed, 29 Nov 2017 21:38:31 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cooperw.in; h=cc :content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; bh=kstVWYkJ8x3LKVelC+f4D8sVPbSji p79U+3TkFgv268=; b=eIri2WPjqsqftCIo0jo5edgPgnrcxu64BzGa8eQoSC/kb vIccrJ0LHZo5ovFQt3PAXIY4HSx37sZs727rk5AHsDU3bpX5ogjBFhDirZVowzCv IVgaTTa5JRcpEhm3AEizDpI2+3MfqJ87eJbXgxTgcNNhaQ98nhCtHWOwbRVTvqO2 HJW2UK5eFU1VHLF4oEubC2pz+4q0uz/e4bZgAT6BzHnAgJK7hsRzX7qG2j8dAMsV F55m/6bTmwhmYefReXLuH2eUHud+eVMbwRuOLESXAoLykIRx6P7yLlYjRLGQonyX Gn717ZNKIrvy/HtbNiQonUyny506Xq1DPxVC9RHVA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=kstVWY kJ8x3LKVelC+f4D8sVPbSjip79U+3TkFgv268=; b=BubO/ZOS64L3A14iFrMrmr 3w/7YrMnRhDiYHz5BSeJoqyFpbJZTidRTTHQ5gHBde8Icg1aiBD1O8KJ0N/ybMaI LJfVkI3pyhaSmlQ/pmQlPmE1Nqkjo9k28EWBV82TY1B/EuhDWy/meBNVtelhu5u9 KKc2APRaLVXEDHbGXRYdSVrYIU80dI72wqnIevt2w+kh1PRi4l6TCgINyHcbjJH1 xYBpLjTmvm3u6yyNxCrCdBYz2IKKZz2GYJ8o0btHuFDiQKH6m0G/X11mfxUq9jNZ Tg4XXIGlkrgbB5Mo4bYXhYOJimD45IG8sYehSPTendTBvrGOTqEm872+6pQl/Bwg ==
X-ME-Sender: <xms:J28fWhFjbfk5LPk20PHiTlQLk27_Z2Yf0W3fTPME114dcPva9-TaMg>
Received: from sjc-alcoop-8816.cisco.com (unknown [128.107.241.191]) by mail.messagingengine.com (Postfix) with ESMTPA id 73D687FAD5; Wed, 29 Nov 2017 21:38:30 -0500 (EST)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Alissa Cooper <alissa@cooperw.in>
In-Reply-To: <DD3E80F6-2DA3-416A-9F63-B1696DFF9BCA@nostrum.com>
Date: Wed, 29 Nov 2017 21:38:28 -0500
Cc: "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>, "suit-chairs@ietf.org" <suit-chairs@ietf.org>, "suit@ietf.org" <suit@ietf.org>, IESG <iesg@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <CF912345-7CE0-4F0D-A608-1FD6F3F04343@cooperw.in>
References: <151199989848.4805.16847403443008510445.idtracker@ietfa.amsl.com> <7cvbal5uxtcrgi98cyespa69.1512000812603@email.android.com> <DD3E80F6-2DA3-416A-9F63-B1696DFF9BCA@nostrum.com>
To: Ben Campbell <ben@nostrum.com>
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/P3X5zaLDgTRXCCpE9xhG1C4s2Zw>
Subject: Re: [Suit] Ben Campbell's No Objection on charter-ietf-suit-00-08: (with COMMENT)
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Nov 2017 02:38:35 -0000

> On Nov 29, 2017, at 7:37 PM, Ben Campbell <ben@nostrum.com> wrote:
>=20
> Hi Dave,
>=20
> I think that=E2=80=99s the right approach. Again, I think this is =
critically important work, but that just makes it even more important to =
get the charter details right.

+1

Thanks,
Alissa

>=20
> Thanks!
>=20
> Ben.
>=20
>> On Nov 29, 2017, at 6:13 PM, Waltermire, David A. (Fed) =
<david.waltermire@nist.gov> wrote:
>>=20
>> I just sent an email to the list suggesting that the chairs need to =
huddle to organize a way forward to resolve the confusion and drive =
discussion of the charter to a conclusion. We will need to defer the =
telechat for now as you and Alissa have suggested. We will work with =
Kathleen to set a new telechat date one we resolve the current issues.
>>=20
>> Thanks,
>> Dave
>>=20
>>=20
>> -------- Original Message --------
>> From: Ben Campbell <ben@nostrum.com>
>> Date: Wed, November 29, 2017 6:58 PM -0500
>> To: The IESG <iesg@ietf.org>
>> CC: suit-chairs@ietf.org, suit@ietf.org
>> Subject: Ben Campbell's No Objection on charter-ietf-suit-00-08: =
(with COMMENT)
>>=20
>> Ben Campbell has entered the following ballot position for
>> charter-ietf-suit-00-08: No Objection
>>=20
>> When responding, please keep the subject line intact and reply to all
>> email addresses included in the To and CC lines. (Feel free to cut =
this
>> introductory paragraph, however.)
>>=20
>>=20
>>=20
>> The document, along with other ballot positions, can be found here:
>> =
https://na01.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fdatatra=
cker.ietf.org%2Fdoc%2Fcharter-ietf-suit%2F&data=3D02%7C01%7Cdavid.waltermi=
re%40nist.gov%7C17e03c990cca4888fff408d537851103%7C2ab5d82fd8fa4797a93e054=
655c61dec%7C1%7C0%7C636475967026699331&sdata=3DntK1mo%2BVxvKr9bzv%2BuGJAty=
WB6R8%2FaOQXC7WCbO6iPs%3D&reserved=3D0
>>=20
>>=20
>>=20
>> =
----------------------------------------------------------------------
>> COMMENT:
>> =
----------------------------------------------------------------------
>>=20
>> I support Alissa's block position points.
>>=20
>> I believe this work is critically important, and I hope we charter =
it. But it's
>> the day before the telechat, and there are still ongoing questions on =
the SUIT
>> list about the process and correct charter text. I suspect starting =
external
>> review prior to the BoF, then making material changes has cause =
confusion. I
>> think this would benefit from more time to work out the various =
elements of
>> confusion. It might help to defer to the next telechat.
>=20
> _______________________________________________
> Suit mailing list
> Suit@ietf.org
> https://www.ietf.org/mailman/listinfo/suit


From nobody Wed Nov 29 18:51:56 2017
Return-Path: <alissa@cooperw.in>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 053EC124BFA; Wed, 29 Nov 2017 18:51:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.72
X-Spam-Level: 
X-Spam-Status: No, score=-2.72 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cooperw.in header.b=qA7my5Hf; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=poyTaUcl
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CiXQI3xK-nfb; Wed, 29 Nov 2017 18:51:47 -0800 (PST)
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B548D120454; Wed, 29 Nov 2017 18:51:47 -0800 (PST)
Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id E2A3D20AA9; Wed, 29 Nov 2017 21:51:46 -0500 (EST)
Received: from frontend1 ([10.202.2.160]) by compute7.internal (MEProxy); Wed, 29 Nov 2017 21:51:46 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cooperw.in; h=cc :content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; bh=kfEFWFhS/bszlQwvdYRFbwhMXFeaJ BevDPNY+iivPgk=; b=qA7my5HfmyQiQtKDXKr9j+2Vtt71R10oAo+ZJHSrcCwsa MiHWItct1Zu3lLDqwOnDGvFKqhnN01UBOXAuYPWUqVCU7jyNkYjoeYA39QujwlUp MRNLYU76L/fKXNsrlGGo1WJw/+TXgquFFUpad4xnZiFrJSgkfhfzjIeEEXFMy7FE QU12ZeiE1ZkP1zz9pho8y0eL2AvT7KHFvHDLVL2ftQlSALpTzBB1yQRN/9BXNj91 LzbfJH36L/E2dM9MPGgJ0soAEEeakdMvngWhwUqiPBf8Is9S0odE6nOyZzksLsKP SfilkhlVfB99G+YlCW1OJC5LlFX6mlDckdeyxPKNQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=kfEFWF hS/bszlQwvdYRFbwhMXFeaJBevDPNY+iivPgk=; b=poyTaUcl0flFGtat3U5eVS vdGXknAa6m1jBwBdE7HjLx3Q7cs+RHQ4A8n7QaMwHbNrdLhTzybxBnWJrIIwcmtQ COyv+gmbgDjM1VEb3wz+CtILh+KShMzQx8cxNsJoaDk4dQYKT+m8phKEBTJ+9n+4 U5TBAJln7fIdhEEugaFdcoORCJjZKy/rcZjomW7VRfCM8tDEHeRQTo4Qxm/zufov onZDUE6WPNT6nbvbeUal+K1KqSsVmo6kwQmYtzARRhRCHa6wRFkdQGIBD0PILIXu izqGfdFteVQeUDrwJUCiHsjjumZLZ7rPB8XjcDQXs8XHZIdQWHs5mQYUtFptgkSA ==
X-ME-Sender: <xms:QnIfWpDTcBQnH_NaCaR4wP4Yq3Gx2w0EDisWbx20JlJhERQhHCM4KQ>
Received: from sjc-alcoop-8816.cisco.com (unknown [128.107.241.191]) by mail.messagingengine.com (Postfix) with ESMTPA id C4DF17E6B8; Wed, 29 Nov 2017 21:51:45 -0500 (EST)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Alissa Cooper <alissa@cooperw.in>
In-Reply-To: <CAHbuEH6xm=C6SbkZPzFocGGNbMzfVB7ubPz0TtAWhj4rWRfF1w@mail.gmail.com>
Date: Wed, 29 Nov 2017 21:51:43 -0500
Cc: IESG <iesg@ietf.org>, suit-chairs@ietf.org, suit@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <3F743DF0-FC58-49CF-8552-D04B0722C018@cooperw.in>
References: <151198331193.7984.4323886922842709646.idtracker@ietfa.amsl.com> <CAHbuEH75kjO9mwPd+c8nk9d3JM_Od4Jb59aXaZLyUT+C4d0KVg@mail.gmail.com> <2063B475-1451-42F2-A627-B34A574B6A78@cooperw.in> <CAHbuEH6OrsFn16VrD_bxnbkJ897Gd2shSEVCXehwEfWtEGKsqw@mail.gmail.com> <6B113166-9C17-42B3-905C-539CAE3AED7A@cooperw.in> <CAHbuEH6xm=C6SbkZPzFocGGNbMzfVB7ubPz0TtAWhj4rWRfF1w@mail.gmail.com>
To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/jvOftA-71ZsrBtCDCnlQRmyt0ck>
Subject: Re: [Suit] Alissa Cooper's Block on charter-ietf-suit-00-08: (with BLOCK and COMMENT)
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Nov 2017 02:51:50 -0000

Since the IESG evaluation of this will be delayed, I think it would be =
beneficial to circulate an updated charter notification to new-work.

I think what is unusual here is running the external review process in =
parallel with the BoF process, rather than running the BoF first. I =
can=E2=80=99t recall another working group that has followed that path =
in recent memory.

Alissa


> On Nov 29, 2017, at 4:07 PM, Kathleen Moriarty =
<kathleen.moriarty.ietf@gmail.com> wrote:
>=20
> On Wed, Nov 29, 2017 at 3:51 PM, Alissa Cooper <alissa@cooperw.in> =
wrote:
>>=20
>> On Nov 29, 2017, at 3:27 PM, Kathleen Moriarty
>> <kathleen.moriarty.ietf@gmail.com> wrote:
>>=20
>> On Wed, Nov 29, 2017 at 3:17 PM, Alissa Cooper <alissa@cooperw.in> =
wrote:
>>=20
>>=20
>> On Nov 29, 2017, at 2:32 PM, Kathleen Moriarty
>> <kathleen.moriarty.ietf@gmail.com> wrote:
>>=20
>>=20
>> 4. This charter changed in some pretty important ways in the middle =
of the
>> external review period, but was never re-sent to the new-work mailing =
list.
>> There was also an error in the original announcement sent to new-work =
that
>> could cause confusion (it said this was a re-charter). I asked for it =
to be
>> re-sent but it doesn't look like it was. Since this is an important =
part of
>> external review, I really don't think this step should be skipped.
>>=20
>>=20
>> The charter did NOT change during the external review period.
>>=20
>>=20
>> In the datatracker I see that the external review period began =
11/3/17 with
>> the -04 version of the charter and the message to new-work went out =
that
>> day. https://datatracker.ietf.org/doc/charter-ietf-suit/history/
>>=20
>>=20
>> Right, I forgot, however, the external review was set for an extended
>> period of time with the understanding that it could change from the
>> BoF, leaving 2 additional weeks for discussion after the changes were
>> made.
>>=20
>>=20
>> My point is that external review is, in part, targeted towards =
reviewers
>> external to the IETF (i.e., folks participating in other SDOs). This =
is why
>> we send proposed charters to new-work. Subscribers to that list saw =
an
>> announcement of a charter (listed as a re-charter) on 11/3, asking =
for
>> feedback by 11/13. Nothing further was sent to that list after the =
changes
>> were made on 11/15, and there=E2=80=99s no reason why external =
reviewers subscribed
>> to that list would know that the charter had changed or that the =
external
>> review period was extended.
>>=20
>> I think we need to act the way we would want other SDOs to act =
towards us.
>=20
> I didn't think it was a big deal with the extended phase since the
> IESG changes charters in external review regularly prior to final
> publication.  The external review notification is a polite
> communication and we sometimes skip that step with recharters and
> often have text changes from list or IESG discussion prior to final
> publication. This is the first time I've seen this called out to block
> a charter progressing.  I had mentioned putting it in external review
> early to dredge up external comments sooner and progress this faster
> in case external entities were alerted to the BoF and to the charter
> discussions.  The discussions all took place on list where there was
> major text replacements.  There were other text updates that were no
> accepted since there wasn't much agreement.  I haven't seen any
> external responses from the review.  An email with an updated charter
> should have gone out to your point, but it was posted 2 weeks prior to
> the telechat.
>=20
>>=20
>>=20
>>=20
>> Perhaps folks disagree about whether the changes are material, but =
the
>> charter certainly changed from -04 to -07/-08.
>=20
> This was based on discussions on list and supported by polls in the
> BoF.  The last set of changes were made 2 weeks in advance of the
> telechat.  This was mentioned in the joint IESG/IAB meetings.
>=20
>>=20
>>=20
>> The updates reflect consensus decisions of the BoF.  I was careful to
>> make sure they were posted 2 weeks prior to this telechat.
>>=20
>>=20
>> See above =E2=80=94 they were posted to the datatracker, but not to =
new-work.
>=20
> Noted, but that doesn't happen with other charters under review
> either.  If you want to change process and tools, this shouldn't get
> held up in that discussion.  The charter changes removed major
> decisions from the charter to happen within the formed WG.  That alone
> should alleviate concerns you might have.  If the chairs decide
> additional changes are agreed, we'll update again as is normal in a
> review phase.
>=20
> Regards,
> Kathleen
>=20
>>=20
>> Alissa
>>=20
>>=20
>> Regards,
>> Kathleen
>>=20
>>=20
>> Alissa
>>=20
>> The
>> charter was updated to version 7 prior to the start of the external
>> review, then the external review was requested.  The changes from
>> version 6 to 7 were a result of consensus calls during the BoF.  The
>> update to 8 was an attempt to fix a formatting issue, but the result
>> was no change. The BoF chairs were very clear with the consensus =
calls
>> in the room with the exact text being displayed and discussed.
>>=20
>> The re-charter was likely because when the page was first created,
>> someone had put the charter text where charter text goes for an
>> established WG.
>>=20
>>=20
>> I'm willing to move to ABSTAIN if no one agrees with me but I thought =
I
>> would
>> check to see if folks would be willing to take the time to sort out =
these
>> issues.
>>=20
>>=20
>> The chairs will be responding on list and I said in an earlier email,
>> I would like to see the outcome before changing anything as I'd like
>> to follow our normal process and respect the chairs roll in the
>> process to assess consensus and drive the work forward.
>>=20
>> Best regards,
>> Kathleen
>>=20
>>=20
>>=20
>> =
----------------------------------------------------------------------
>> COMMENT:
>> =
----------------------------------------------------------------------
>>=20
>> Some lesser issues:
>>=20
>> 5. The charter now talks about how the group may describe the use of
>> existing
>> discovery and transport mechanisms, but there are not associated
>> milestone(s)
>> for this work. Not sure if this is intentional or an oversight.
>>=20
>> 6. I agree with the folks on the list who have said that the =
background
>> material about the IAB workshop and RFC 4108 should either be removed
>> (preferably), or shifted around to the beginning of the text and =
edited so
>> that
>> it's clear that it's there for background purposes and not to =
constrain what
>> the group does going forward.
>>=20
>>=20
>>=20
>>=20
>>=20
>> --
>>=20
>> Best regards,
>> Kathleen
>>=20
>>=20
>>=20
>>=20
>>=20
>> --
>>=20
>> Best regards,
>> Kathleen
>>=20
>>=20
>=20
>=20
>=20
> --=20
>=20
> Best regards,
> Kathleen


From nobody Wed Nov 29 18:54:44 2017
Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F164B128AB0; Wed, 29 Nov 2017 18:54:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level: 
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Wz9vl744_SqW; Wed, 29 Nov 2017 18:54:36 -0800 (PST)
Received: from mail-pf0-x22b.google.com (mail-pf0-x22b.google.com [IPv6:2607:f8b0:400e:c00::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1D71B127843; Wed, 29 Nov 2017 18:54:36 -0800 (PST)
Received: by mail-pf0-x22b.google.com with SMTP id u25so2491865pfg.5; Wed, 29 Nov 2017 18:54:36 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;  h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=kz8mAoqaGqVAQwm5rqWRRc34pBqNaKZQumvcD3qj3MM=; b=tF093fGVkq5iYBYnSIGVk0CZ88YhRYX0e83tCNX3LGshMGfKTeGeDrJ2X7Uq324WXV /Tv6Sgkxw+QixjmcttZoqIHUJ8I1tc3bo/amBYD9Xsj/Cfz/eauvCrh4YjqIr1QwZnhG fpjsfRuEEWSBDV7wim3RDQjcnDDXN13H7/NmxVGx28AD3R4e8zzkzkNxdWNl2SCAEJo8 6PTIjhmY9SFKUbovSksO5HhVg4+wjKjNj0408ixkm9eQdoZF2KoSVfgtIU0e9x8Z9lwO 6uDobu1+Xh7T+IcGUqIsLKhivKoXYj4hVjd2VNkIiU3GnEIBFs0xNyJLPHPuveWAmKgd nwVg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=kz8mAoqaGqVAQwm5rqWRRc34pBqNaKZQumvcD3qj3MM=; b=doVFPXO6cfGFjyjaKE8DdcyjyI/ybfCl59/tmGOSxMi9mDXmJrRqr542A2VK9+4AFO 0nf8Yj5r9Wy68yMRgdQeaqm07vKhjvVFsDUfXFSqhp0eWLmxNNWCbY0rTw4We8Etoxk1 ULpj6J8jwhyf6kl9KDeQTzQ2w94RBWJgwPvJf/UJtIVN2qPGkmulATITyZbG8D+eKLaj 7i54Me0ysPThOBGDolqSQsvKCFG87zn9bGuCdox78EB2905hdGzBp/Uzw4ZMzl43eKyH ORlllD/on7hr2KrphEY90nj4VSYlK4WpdjlEGQAxopuM2e8N936MrPiK/AS9JNV2R5Hv SDFw==
X-Gm-Message-State: AJaThX6tVYJZt5gFaToGtUQyrI6+VDuKzUigOPR7FdhY+LGVANa7IXV/ IsrM7d05qH+Q0YqDdhogEyZ9Y2mIiKtBsJoPDqc=
X-Google-Smtp-Source: AGs4zMau9gZ/yWlnzJlcw4UjHke8jH+EGgAEsbA3HvFPODuv+jZNAuUIFlImoNiROvp65Kf2s9GorK7w22N4QJEwMBw=
X-Received: by 10.98.72.69 with SMTP id v66mr5077657pfa.135.1512010475533; Wed, 29 Nov 2017 18:54:35 -0800 (PST)
MIME-Version: 1.0
Received: by 10.100.186.208 with HTTP; Wed, 29 Nov 2017 18:53:55 -0800 (PST)
In-Reply-To: <3F743DF0-FC58-49CF-8552-D04B0722C018@cooperw.in>
References: <151198331193.7984.4323886922842709646.idtracker@ietfa.amsl.com> <CAHbuEH75kjO9mwPd+c8nk9d3JM_Od4Jb59aXaZLyUT+C4d0KVg@mail.gmail.com> <2063B475-1451-42F2-A627-B34A574B6A78@cooperw.in> <CAHbuEH6OrsFn16VrD_bxnbkJ897Gd2shSEVCXehwEfWtEGKsqw@mail.gmail.com> <6B113166-9C17-42B3-905C-539CAE3AED7A@cooperw.in> <CAHbuEH6xm=C6SbkZPzFocGGNbMzfVB7ubPz0TtAWhj4rWRfF1w@mail.gmail.com> <3F743DF0-FC58-49CF-8552-D04B0722C018@cooperw.in>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: Wed, 29 Nov 2017 21:53:55 -0500
Message-ID: <CAHbuEH4to4Trkp6Exd7ERPAr1uKWrfpcHxMczS0dT4RWi8R3LQ@mail.gmail.com>
To: Alissa Cooper <alissa@cooperw.in>
Cc: IESG <iesg@ietf.org>, suit-chairs@ietf.org, suit@ietf.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/35btUTMnKXMKJt4K4s8gjvAF_T8>
Subject: Re: [Suit] Alissa Cooper's Block on charter-ietf-suit-00-08: (with BLOCK and COMMENT)
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Nov 2017 02:54:39 -0000

On Wed, Nov 29, 2017 at 9:51 PM, Alissa Cooper <alissa@cooperw.in> wrote:
> Since the IESG evaluation of this will be delayed, I think it would be be=
neficial to circulate an updated charter notification to new-work.
>
> I think what is unusual here is running the external review process in pa=
rallel with the BoF process, rather than running the BoF first. I can=E2=80=
=99t recall another working group that has followed that path in recent mem=
ory.

Sure, I thought it would be helpful to get the discussion all at once
rather than the external review possibly revisiting discussion points
that had been made.  The external review was set for a longer than
normal time period as well.  Since this work is bringing in new people
to the IETF and possibly interest from other SDOs, I thought this
would be helpful to further the work in a positive and collaborative
way.

Kathleen

>
> Alissa
>
>
>> On Nov 29, 2017, at 4:07 PM, Kathleen Moriarty <kathleen.moriarty.ietf@g=
mail.com> wrote:
>>
>> On Wed, Nov 29, 2017 at 3:51 PM, Alissa Cooper <alissa@cooperw.in> wrote=
:
>>>
>>> On Nov 29, 2017, at 3:27 PM, Kathleen Moriarty
>>> <kathleen.moriarty.ietf@gmail.com> wrote:
>>>
>>> On Wed, Nov 29, 2017 at 3:17 PM, Alissa Cooper <alissa@cooperw.in> wrot=
e:
>>>
>>>
>>> On Nov 29, 2017, at 2:32 PM, Kathleen Moriarty
>>> <kathleen.moriarty.ietf@gmail.com> wrote:
>>>
>>>
>>> 4. This charter changed in some pretty important ways in the middle of =
the
>>> external review period, but was never re-sent to the new-work mailing l=
ist.
>>> There was also an error in the original announcement sent to new-work t=
hat
>>> could cause confusion (it said this was a re-charter). I asked for it t=
o be
>>> re-sent but it doesn't look like it was. Since this is an important par=
t of
>>> external review, I really don't think this step should be skipped.
>>>
>>>
>>> The charter did NOT change during the external review period.
>>>
>>>
>>> In the datatracker I see that the external review period began 11/3/17 =
with
>>> the -04 version of the charter and the message to new-work went out tha=
t
>>> day. https://datatracker.ietf.org/doc/charter-ietf-suit/history/
>>>
>>>
>>> Right, I forgot, however, the external review was set for an extended
>>> period of time with the understanding that it could change from the
>>> BoF, leaving 2 additional weeks for discussion after the changes were
>>> made.
>>>
>>>
>>> My point is that external review is, in part, targeted towards reviewer=
s
>>> external to the IETF (i.e., folks participating in other SDOs). This is=
 why
>>> we send proposed charters to new-work. Subscribers to that list saw an
>>> announcement of a charter (listed as a re-charter) on 11/3, asking for
>>> feedback by 11/13. Nothing further was sent to that list after the chan=
ges
>>> were made on 11/15, and there=E2=80=99s no reason why external reviewer=
s subscribed
>>> to that list would know that the charter had changed or that the extern=
al
>>> review period was extended.
>>>
>>> I think we need to act the way we would want other SDOs to act towards =
us.
>>
>> I didn't think it was a big deal with the extended phase since the
>> IESG changes charters in external review regularly prior to final
>> publication.  The external review notification is a polite
>> communication and we sometimes skip that step with recharters and
>> often have text changes from list or IESG discussion prior to final
>> publication. This is the first time I've seen this called out to block
>> a charter progressing.  I had mentioned putting it in external review
>> early to dredge up external comments sooner and progress this faster
>> in case external entities were alerted to the BoF and to the charter
>> discussions.  The discussions all took place on list where there was
>> major text replacements.  There were other text updates that were no
>> accepted since there wasn't much agreement.  I haven't seen any
>> external responses from the review.  An email with an updated charter
>> should have gone out to your point, but it was posted 2 weeks prior to
>> the telechat.
>>
>>>
>>>
>>>
>>> Perhaps folks disagree about whether the changes are material, but the
>>> charter certainly changed from -04 to -07/-08.
>>
>> This was based on discussions on list and supported by polls in the
>> BoF.  The last set of changes were made 2 weeks in advance of the
>> telechat.  This was mentioned in the joint IESG/IAB meetings.
>>
>>>
>>>
>>> The updates reflect consensus decisions of the BoF.  I was careful to
>>> make sure they were posted 2 weeks prior to this telechat.
>>>
>>>
>>> See above =E2=80=94 they were posted to the datatracker, but not to new=
-work.
>>
>> Noted, but that doesn't happen with other charters under review
>> either.  If you want to change process and tools, this shouldn't get
>> held up in that discussion.  The charter changes removed major
>> decisions from the charter to happen within the formed WG.  That alone
>> should alleviate concerns you might have.  If the chairs decide
>> additional changes are agreed, we'll update again as is normal in a
>> review phase.
>>
>> Regards,
>> Kathleen
>>
>>>
>>> Alissa
>>>
>>>
>>> Regards,
>>> Kathleen
>>>
>>>
>>> Alissa
>>>
>>> The
>>> charter was updated to version 7 prior to the start of the external
>>> review, then the external review was requested.  The changes from
>>> version 6 to 7 were a result of consensus calls during the BoF.  The
>>> update to 8 was an attempt to fix a formatting issue, but the result
>>> was no change. The BoF chairs were very clear with the consensus calls
>>> in the room with the exact text being displayed and discussed.
>>>
>>> The re-charter was likely because when the page was first created,
>>> someone had put the charter text where charter text goes for an
>>> established WG.
>>>
>>>
>>> I'm willing to move to ABSTAIN if no one agrees with me but I thought I
>>> would
>>> check to see if folks would be willing to take the time to sort out the=
se
>>> issues.
>>>
>>>
>>> The chairs will be responding on list and I said in an earlier email,
>>> I would like to see the outcome before changing anything as I'd like
>>> to follow our normal process and respect the chairs roll in the
>>> process to assess consensus and drive the work forward.
>>>
>>> Best regards,
>>> Kathleen
>>>
>>>
>>>
>>> ----------------------------------------------------------------------
>>> COMMENT:
>>> ----------------------------------------------------------------------
>>>
>>> Some lesser issues:
>>>
>>> 5. The charter now talks about how the group may describe the use of
>>> existing
>>> discovery and transport mechanisms, but there are not associated
>>> milestone(s)
>>> for this work. Not sure if this is intentional or an oversight.
>>>
>>> 6. I agree with the folks on the list who have said that the background
>>> material about the IAB workshop and RFC 4108 should either be removed
>>> (preferably), or shifted around to the beginning of the text and edited=
 so
>>> that
>>> it's clear that it's there for background purposes and not to constrain=
 what
>>> the group does going forward.
>>>
>>>
>>>
>>>
>>>
>>> --
>>>
>>> Best regards,
>>> Kathleen
>>>
>>>
>>>
>>>
>>>
>>> --
>>>
>>> Best regards,
>>> Kathleen
>>>
>>>
>>
>>
>>
>> --
>>
>> Best regards,
>> Kathleen
>



--=20

Best regards,
Kathleen


From nobody Thu Nov 30 01:21:32 2017
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC0CF127337; Thu, 30 Nov 2017 01:21:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.91
X-Spam-Level: 
X-Spam-Status: No, score=-2.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=-1, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sYeiR9kW3QEw; Thu, 30 Nov 2017 01:21:23 -0800 (PST)
Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-eopbgr50069.outbound.protection.outlook.com [40.107.5.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EDDC0126BF7; Thu, 30 Nov 2017 01:21:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=ljSlBCSdwrmDcIeLCUkcV7Xti/Hqf++PbUHoNCCiJ7Q=; b=h7BpPt8FI44ILFp1KBktI4AtwOlHd97q0tRVGbWOTG+bKNxb8q8595rjeU1oLMKCSeGLs57LC9cPB6vIYGyJnWgvo6KWHN60sKmySzMfvbYRJwB8H3Ss07np4++cSHSFpqBSaTv7WSYPMArT3OZkLBKjO9hPe46tIiHAOKwJAgo=
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com (10.167.90.148) by AM4PR0801MB2708.eurprd08.prod.outlook.com (10.167.90.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.282.5; Thu, 30 Nov 2017 09:21:19 +0000
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::edae:da33:a0c9:fe3f]) by AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::edae:da33:a0c9:fe3f%13]) with mapi id 15.20.0282.006; Thu, 30 Nov 2017 09:21:19 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Alissa Cooper <alissa@cooperw.in>, The IESG <iesg@ietf.org>
CC: "suit-chairs@ietf.org" <suit-chairs@ietf.org>, "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] Alissa Cooper's Block on charter-ietf-suit-00-08: (with BLOCK and COMMENT)
Thread-Index: AQHTaUdTFLrs8bVZk0upM6Eo9kv88aMsm4NA
Date: Thu, 30 Nov 2017 09:21:18 +0000
Message-ID: <AM4PR0801MB2706FD546EAA1343872C431FFA380@AM4PR0801MB2706.eurprd08.prod.outlook.com>
References: <151198331193.7984.4323886922842709646.idtracker@ietfa.amsl.com>
In-Reply-To: <151198331193.7984.4323886922842709646.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com; 
x-originating-ip: [80.92.114.8]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM4PR0801MB2708; 6:8Z+YJnyzpxulkrnuhlP6K6u4nPFS1Ft/+3AoSEnVS7zcbm3ibSMmQwBToh+Jt+KfsTSLDwwk+kyRSawl8MaI5gUYVtu2EWeosprh2dvGEKnGtEtDfNaP+wznzLr0lmdc9CIjdOq3Okr3PDHDPim4N0MPZ7zMkkPgFsiGROxugS3t8ca0UJbXcM0l34/wH6xi2kwUJ8OrhC5Uq+qpMVBhnW11vxFFrBC3wNt94GvocBoNcYBot1RFxY0vug/DggcKwPXgFpkLjt/Jq7bgTID85ZInZc45IDkKgWJUpdwImyukEWhnY6DKXszB9rURsND+BCKcTGQhiRSR2P2RSsqVlsRYiI9a7TpcVOecrT3GSik=; 5:wpK6IEjyOf/ZHDU0EE1/cL3W4r5J9aAIc6E4CViF4k7Q7OOr/9ZCI1bkrItgsoNIdJxKoonZgC/pEXFke3lOYk8SX3H06sb6cvXZ5NJIFW/pYuzDtAbwYi3ycCZj2dt3a8lik0BrjyPzHIDtAfvceLk7BqQUwbTNMgvTFDa8by0=; 24:xKK9tGTHI4YxfL5ThB/shDS0gCTE5PSqOdtvaMr3+mN5iw6C5lGtEaYH+k6Z/ApOPkj5tZHKwT9PkHF4ikQMWIreZOby0thOky8SZvFeMUY=; 7:ztvFvFXj01BX3HMmWJLn34VINVOhV2L2lJypFymdSZpt+g4XCBKNlN4qdmnDqhVwHs2U6z+qFiEd0xrT7VwcZA3/RUkzMh2D9LlTulaueDzAO3D6JYq83oKA5/rg/PnpE1vorS66epg1/zVIItoQ6O7IPNCq5pbP7GjJCPy5jpXBqZyk3vCHVax+Ex1B04v/PTP3IIe9PTqPZi5d/CUGzoH3zYTE2Pl9sH88KRHcmGD198+0IGx0MPURqjJpU2Bo
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 7b2b7a60-8774-4f17-095b-08d537d3b734
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(5600026)(4604075)(2017052603283); SRVR:AM4PR0801MB2708; 
x-ms-traffictypediagnostic: AM4PR0801MB2708:
x-microsoft-antispam-prvs: <AM4PR0801MB2708CC8A3486D41FDBBE86D7FA380@AM4PR0801MB2708.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(120809045254105)(100405760836317);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040450)(2401047)(5005006)(8121501046)(3231022)(10201501046)(3002001)(93006095)(93001095)(6055026)(6041248)(20161123564025)(20161123555025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123558100)(20161123560025)(20161123562025)(6072148)(201708071742011); SRVR:AM4PR0801MB2708; BCL:0; PCL:0; RULEID:(100000803101)(100110400095); SRVR:AM4PR0801MB2708; 
x-forefront-prvs: 05079D8470
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(366004)(376002)(346002)(39860400002)(40434004)(199003)(51444003)(189002)(13464003)(8676002)(6116002)(102836003)(3846002)(25786009)(5250100002)(5890100001)(55016002)(6246003)(229853002)(101416001)(3280700002)(66066001)(2906002)(9686003)(81166006)(33656002)(6506006)(53936002)(81156014)(3660700001)(6306002)(4326008)(110136005)(6436002)(53546010)(72206003)(316002)(2950100002)(2900100001)(68736007)(478600001)(305945005)(966005)(7696005)(97736004)(14454004)(54906003)(86362001)(74316002)(106356001)(8936002)(7736002)(230783001)(105586002)(189998001)(99286004)(5660300001)(76176010)(50986010)(54356010); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR0801MB2708; H:AM4PR0801MB2706.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 7b2b7a60-8774-4f17-095b-08d537d3b734
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Nov 2017 09:21:18.9217 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0801MB2708
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/1XL7g5N6--aHv0bjvSHYZqI4BuY>
Subject: Re: [Suit] Alissa Cooper's Block on charter-ietf-suit-00-08: (with BLOCK and COMMENT)
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Nov 2017 09:21:26 -0000

My 5 cents.

Since the chartering work on this effort took so long there are obviously d=
iscussions ongoing already on the list that should actually better be done =
in a working group rather than on the charter itself.

I understand that you all want to have this charter to be as precise as pos=
sible. But, based on earlier discussions, we wanted to postpone some decisi=
ons to a later phase when those have been investigated in the group. For th=
is reason I believe it is not possible to say how many formats we want to s=
tandardize other than stating the intention that the number ideally be smal=
l. The same is true for the actual data model/serialization format. Needles=
s to say that different formats have different properties and offer more or=
 less flexibility regarding the serialization format. Everyone seems to hav=
e a different preference for a format and the serialization. This is quite =
natural given that we are engineers and that's pretty much the only things =
we care about in life (besides the name of the group, of course).

Maybe we can, at this point in time, just say that the group will decide on=
 the format. I am sure it is not the first time in the IETF history that th=
ere have been disagreements about formats. I am convinced that the IESG is =
actually very experienced in finding the most diplomatic wording for such a=
 situation.

Since charters can be updated later I prefer to have the group figure out t=
he technical pieces and that they are not captured in the charter yet. This=
 should also remove the chicken-and-egg situation.

Ciao
Hannes

-----Original Message-----
From: Suit [mailto:suit-bounces@ietf.org] On Behalf Of Alissa Cooper
Sent: 29 November 2017 20:22
To: The IESG
Cc: suit-chairs@ietf.org; suit@ietf.org
Subject: [Suit] Alissa Cooper's Block on charter-ietf-suit-00-08: (with BLO=
CK and COMMENT)

Alissa Cooper has entered the following ballot position for
charter-ietf-suit-00-08: Block

When responding, please keep the subject line intact and reply to all email=
 addresses included in the To and CC lines. (Feel free to cut this introduc=
tory paragraph, however.)



The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/charter-ietf-suit/



----------------------------------------------------------------------
BLOCK:
----------------------------------------------------------------------

>From reading the mailing list and doing my own review, there seem to be
>a bunch
of open issues with this charter that would benefit from further discussion=
 by interested participants before the WG gets chartered. Some of these mig=
ht just be the result of lack of precision in the language used, but I thin=
k that is actually pretty important for clarity in a WG charter. The issues=
 are:

1. On the list there seems to be disagreement about the interpretation of t=
his
text: "A lower number of formats is preferred to reduce code size for suppo=
rting decoders on devices receiving a manifest and to maximize interoperabi=
lity of solutions." I also find myself confused by this (lower than what? i=
s there some upper bound?).

2. Michael Richardson raised some good question about this text that seem l=
ike they warrant clarification, or at least a consensus call: "Software upd=
ate solutions that target updating software other than the firmware binarie=
s are also out of scope."

3. The milestones seem to use the term "Manifest format" to refer to someth=
ing that the charter calls "the contents of a mainfest" (I think), in contr=
ast to the multiple "formats" discussed in the charter. Given that there ha=
s also been discussion on the list about format vs. serialization and the a=
bsence of a data model specification, I think the charter and milestones wo=
uld benefit from being crystal clear about what deliverables the WG is expe=
cted to produce and should use the same language throughout to name those d=
eliverables.

4. This charter changed in some pretty important ways in the middle of the =
external review period, but was never re-sent to the new-work mailing list.
There was also an error in the original announcement sent to new-work that =
could cause confusion (it said this was a re-charter). I asked for it to be=
 re-sent but it doesn't look like it was. Since this is an important part o=
f external review, I really don't think this step should be skipped.

I'm willing to move to ABSTAIN if no one agrees with me but I thought I wou=
ld check to see if folks would be willing to take the time to sort out thes=
e issues.


----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

Some lesser issues:

5. The charter now talks about how the group may describe the use of existi=
ng discovery and transport mechanisms, but there are not associated milesto=
ne(s) for this work. Not sure if this is intentional or an oversight.

6. I agree with the folks on the list who have said that the background mat=
erial about the IAB workshop and RFC 4108 should either be removed (prefera=
bly), or shifted around to the beginning of the text and edited so that it'=
s clear that it's there for background purposes and not to constrain what t=
he group does going forward.


_______________________________________________
Suit mailing list
Suit@ietf.org
https://www.ietf.org/mailman/listinfo/suit
IMPORTANT NOTICE: The contents of this email and any attachments are confid=
ential and may also be privileged. If you are not the intended recipient, p=
lease notify the sender immediately and do not disclose the contents to any=
 other person, use it for any purpose, or store or copy the information in =
any medium. Thank you.


From nobody Thu Nov 30 01:55:38 2017
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E09D1292D3 for <suit@ietfa.amsl.com>; Thu, 30 Nov 2017 01:55:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.07
X-Spam-Level: 
X-Spam-Status: No, score=0.07 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nAe_MAbZJkXx for <suit@ietfa.amsl.com>; Thu, 30 Nov 2017 01:55:33 -0800 (PST)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-db5eur01on0071.outbound.protection.outlook.com [104.47.2.71]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4CFE91200C5 for <suit@ietf.org>; Thu, 30 Nov 2017 01:55:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;  s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=/mBn+/ZYImPwyL909z6XLg7cdWeFR2vRJF0fIgJ5/RY=; b=Vk1swFpcS5ypJy8SJi0nekJv1YRRz4bKvC3sezLNX1XoELiu2bP42YINL+Ezmo1SlhOoIzmp7gSoLKR3VTpLVwdov4N2zxftl0aQfFcd9DHfTYQTOGpYZM0y4brBzhNDNyuiucfIl0tf4E82DnoWAb/uRzjyAO6m+ykkMgiexX4=
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com (10.167.90.148) by AM4PR0801MB2707.eurprd08.prod.outlook.com (10.167.90.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.282.5; Thu, 30 Nov 2017 09:55:29 +0000
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::edae:da33:a0c9:fe3f]) by AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::edae:da33:a0c9:fe3f%13]) with mapi id 15.20.0282.006; Thu, 30 Nov 2017 09:55:29 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Suhas Nandakumar <suhasietf@gmail.com>, "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>
CC: "suit@ietf.org" <suit@ietf.org>
Thread-Topic: Github? RE: [Suit] Concerns about Charter and Process Followed
Thread-Index: AdNpwSAnNpMogsZaSWOmskMRdWiB0g==
Date: Thu, 30 Nov 2017 09:55:29 +0000
Message-ID: <AM4PR0801MB2706337FD41759AD4D45E87FFA380@AM4PR0801MB2706.eurprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [80.92.114.8]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM4PR0801MB2707; 6:Cz4KtRKN3t7PGPUHDbWehK0xp0kjRGOlRD0ibRndq4f4vwujdEvlxbybqR9PX0RTUBRixE19PYHshPomHrkboKny6FtXAmAX2W9TTgsde4Hl1cYL9HGHHBOs2hFAFyTcM5Ca6yyN5r5aTgkxOt4axC3fxO5E8EfVP5TJKg9XfmMIqxayxzVCcpXJG2JOJ2zVoxdbVCXivFJyjNpT/XiILa7nwBnY/6rTvhAPDKnIb75ipzZFjrsJW/6U5fVu9ATALaBXGD9lMyrGyNhDGoGlI4myiqInXh9Kfo8Lmwiq6fASTYR8EM9aMAz5ef7EzwnT9lhoQjaaacTBe7DDtvpYEyQhbrM1W9le5MO8nEBGPjQ=; 5:7l1jB6UaNf2ANIxVruF82O1yJ8liPB3ovshYkYN1Yzc9A24So1JXnyb6h3cXitls+mLOHt+q8tAkQeJ1IayEeCmkOhvONlsJgnaO6S1fiQcYFT5QrLYpC6W1lgNhBzFPwzH9q79vvHx0F9BjFQjEeQBDUXpl48KwCR8Xqmmp3yE=; 24:1KR/YvqL3GGPDGhWXdsawgQiJWnpcg2QSFMj0spvcI4+IvivSV2aAnBUbXnlecnDzH5sZ2hhSAE4g/+kYKpN2xJ0MffCBWtSTS8EYos0iZI=; 7:ibEAiql6PGJFuye9/wKofmEHLCFYDxRhoqBOJp+73KeS7G2DD80p++KPeJjYSIOA9+HgG+OU54GUFk0eOqaDTYfA1h6/cS0iX5Xloi3A+21ew6Q2lwtJnT30LDps8li3boKYr0aK3FoCiwLO2Jy2ckHsEMnbZlmKharr6KVTxIVzgfbRcixHiJQqhGwyW4XybHJhNE5/KSgk0q+qDvBwYE/1sdM9Pis2sLwSORsV8XIriOHoQrF3fXd9rqzqBpWc
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 84f041ec-4ee4-40b5-c8ca-08d537d87d01
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(5600026)(4604075)(2017052603284); SRVR:AM4PR0801MB2707; 
x-ms-traffictypediagnostic: AM4PR0801MB2707:
x-microsoft-antispam-prvs: <AM4PR0801MB270717AC9DAA7FBB426BCD30FA380@AM4PR0801MB2707.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(65766998875637)(189930954265078)(100405760836317)(227612066756510)(219752817060721)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040450)(2401047)(8121501046)(5005006)(3231022)(93006095)(93001095)(3002001)(10201501046)(6055026)(6041248)(20161123562025)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123558100)(20161123555025)(20161123560025)(6072148)(201708071742011); SRVR:AM4PR0801MB2707; BCL:0; PCL:0; RULEID:(100000803101)(100110400095); SRVR:AM4PR0801MB2707; 
x-forefront-prvs: 05079D8470
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(346002)(39860400002)(376002)(366004)(13464003)(24454002)(199003)(57704003)(189002)(40434004)(3660700001)(7520500002)(606006)(5890100001)(53546010)(189998001)(86362001)(7736002)(6506006)(316002)(345774005)(2906002)(2900100001)(9326002)(39060400002)(97736004)(3280700002)(5250100002)(68736007)(4326008)(6306002)(6116002)(5660300001)(8936002)(53946003)(8676002)(81156014)(101416001)(66066001)(6436002)(102836003)(3846002)(110136005)(790700001)(74316002)(8656006)(81166006)(14454004)(55016002)(33656002)(478600001)(72206003)(7696005)(25786009)(53936002)(236005)(54896002)(99286004)(105586002)(54356010)(50986010)(106356001)(9686003)(579004); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR0801MB2707; H:AM4PR0801MB2706.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; 
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com; 
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_AM4PR0801MB2706337FD41759AD4D45E87FFA380AM4PR0801MB2706_"
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 84f041ec-4ee4-40b5-c8ca-08d537d87d01
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Nov 2017 09:55:29.2213 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0801MB2707
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/GsgEfNwij5ooZ4k0f5641zBoMtQ>
Subject: [Suit] Github? RE:  Concerns about Charter and Process Followed
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Nov 2017 09:55:36 -0000

--_000_AM4PR0801MB2706337FD41759AD4D45E87FFA380AM4PR0801MB2706_
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64

SGkgU3VoYXMsDQoNClNvbWV0aW1lcyB0b29scyBhcmUgbm90IHRoZSBzb2x1dGlvbiB0byB0aGUg
cHJvYmxlbS4gVGhlIElFU0cgc2hvdWxkIG1ha2UgdGhlc2Ugc21hbGwgY2xhcmlmaWNhdGlvbnMg
bmVlZGVkIHRvIGdldCB0aGUgY2hhcnRlciBmaW5hbGl6ZWQuDQoNCkNpYW8NCkhhbm5lcw0KDQoN
CkZyb206IFN1aXQgW21haWx0bzpzdWl0LWJvdW5jZXNAaWV0Zi5vcmddIE9uIEJlaGFsZiBPZiBT
dWhhcyBOYW5kYWt1bWFyDQpTZW50OiAzMCBOb3ZlbWJlciAyMDE3IDAxOjU0DQpUbzogV2FsdGVy
bWlyZSwgRGF2aWQgQS4gKEZlZCkNCkNjOiBzdWl0QGlldGYub3JnDQpTdWJqZWN0OiBSZTogW1N1
aXRdIENvbmNlcm5zIGFib3V0IENoYXJ0ZXIgYW5kIFByb2Nlc3MgRm9sbG93ZWQNCg0KVGhhbmtz
IERhdmUgZm9yIHRoZSByZXNwb25zZSBhbmQgY29uc2lkZXJpbmcgdGhlIGNvbmNlcm5zLg0KDQpB
bHNvIGkgd2FzIHdvbmRlcmluZywgd291bGQgaXQgbWFrZXMgc2Vuc2UgdG8gaGF2ZSB0aGUgY2hh
cnRlciBvbiB0aGUgZ2l0aHViLCBzbyBwZW9wbGUgY2FuIGNvbW1lbnQgYW5kIGdlbmVyYXRlIHB1
bGwgcmVxdWVzdHMgaWYgbmVlZGVkDQoNClRoYW5rcw0KU3VoYXMNCg0KT24gV2VkLCBOb3YgMjks
IDIwMTcgYXQgMzo1OSBQTSwgV2FsdGVybWlyZSwgRGF2aWQgQS4gKEZlZCkgPGRhdmlkLndhbHRl
cm1pcmVAbmlzdC5nb3Y8bWFpbHRvOmRhdmlkLndhbHRlcm1pcmVAbmlzdC5nb3Y+PiB3cm90ZToN
ClRoYW5rIHlvdSBmb3IgcmFpc2luZyB0aGVzZSBjb25jZXJucywgSSBwbGFuIHRvIHNwZW5kIHRp
bWUgdG9tb3Jyb3cgcmV2aWV3aW5nIHRoZSBtZWV0ZWNobyByZWNvcmRpbmcgZnJvbSB0aGUgQm9G
LCByZXZpZXdpbmcgdGhlIHJlY2VudCBtYWlsaW5nIGxpc3QgZGlzY3VhYWlvbiwgdGhlIEJvRiBu
b3RlcyAod2hpY2ggSSdsbCBwb3N0KSwgYW5kIHRoZSBjdXJyZW50IGNoYXJ0ZXIuIE9uY2UgdGhl
IGNoYWlycyBoYXZlIGhhZCBhIGNoYW5jZSB0byByZXZpZXcgYW5kIGRpc2N1c3MgdGhlc2UgbWF0
ZXJpYWxzIHdlIHdpbGwgY29tZSBiYWNrIHRvIHRoZSBsaXN0IHdpdGggYSBwbGFuIHRvIG1vdmUg
Zm9yd2FyZC4NCg0KV2Ugd2FudCB0byBtYWtlIHN1cmUgdGhlIGNoYXJ0ZXIgcmVmbGVjdHMgdGhl
IGNvbnNlbnN1cyBvZiB0aGUgZ3JvdXAgYW5kIGFkZHJlc3NlcyBhbnkgY29uY2VybnMgcmFpc2Vk
IGJ5IHRoZSBJRVNHLiBQbGVhc2UgZ2l2ZSB1cyBzb21lIHRpbWUgdG8gbWFrZSBzdXJlIHRoaXMg
aGFwcGVucyBpbiBhIHByb2R1Y3RpdmUgd2F5IGZvcndhcmQuDQoNClRoYW5rcywNCkRhdmUNCg0K
DQotLS0tLS0tLSBPcmlnaW5hbCBNZXNzYWdlIC0tLS0tLS0tDQpGcm9tOiBTdWl0IDxzdWl0LWJv
dW5jZXNAaWV0Zi5vcmc8bWFpbHRvOnN1aXQtYm91bmNlc0BpZXRmLm9yZz4+IG9uIGJlaGFsZiBv
ZiBTdWhhcyBOYW5kYWt1bWFyIDxzdWhhc2lldGZAZ21haWwuY29tPG1haWx0bzpzdWhhc2lldGZA
Z21haWwuY29tPj4NCkRhdGU6IFdlZCwgTm92ZW1iZXIgMjksIDIwMTcgNjozMiBQTSAtMDUwMA0K
VG86IHN1aXRAaWV0Zi5vcmc8bWFpbHRvOnN1aXRAaWV0Zi5vcmc+DQpTdWJqZWN0OiBbU3VpdF0g
Q29uY2VybnMgYWJvdXQgQ2hhcnRlciBhbmQgUHJvY2VzcyBGb2xsb3dlZA0KSGVsbG8gQ2hhaXJz
DQoNCiAgSGF2aW5nIHNwZW50IHNvbWV0aW1lIHRvIGJyb3dzZSB0aHJvdWdoIGRpZmZlcmVudCBs
aXN0cyBhbmQgYXR0ZW1wdGluZyB0byBzaGFyZXIgY29uY2VybnMgdG8gZW5zdXJlIHRoYXQgdGhl
IGNoYXJ0ZXIgdGV4dCBhbmQgY29uc2Vuc3VzIG1hdGNoLCBpIHRob3VnaHQgd2lsbCBzaGFyZSBm
ZXcgcG9pbnRzIGZvciB1cyB0byBwb25kZXIgdXBvbi4NCg0KQXMgYSBmb2xsb3cgdXAgZnJvbSBC
T0YsDQoNCiAgMS4gIG1pbnV0ZXMgYXJlIG5vdCBwdWJsaXNoZWQgdG8gdGhlIGRhdGEtdHJhY2tl
ciBvciB0aGUgU1VJVCBtYWlsaW5nIGxpc3QuIEkgZGlzY292ZXJlZCB0aGUgZm9sbG93aW5nIG5v
dGVzIGZyb20gdGhlIGV0aGVycGFkIGluc3RlYWQgKGh0dHBzOi8vZXRoZXJwYWQudG9vbHMuaWV0
Zi5vcmcvcC9ub3Rlcy1pZXRmLTEwMC1zdWl0PGh0dHBzOi8vbmEwMS5zYWZlbGlua3MucHJvdGVj
dGlvbi5vdXRsb29rLmNvbS8/dXJsPWh0dHBzJTNBJTJGJTJGZXRoZXJwYWQudG9vbHMuaWV0Zi5v
cmclMkZwJTJGbm90ZXMtaWV0Zi0xMDAtc3VpdCZkYXRhPTAyJTdDMDElN0NkYXZpZC53YWx0ZXJt
aXJlJTQwbmlzdC5nb3YlN0NmN2U0ODRhZTQwYWM0OGQ3MmIxMzA4ZDUzNzgxNjM0NiU3QzJhYjVk
ODJmZDhmYTQ3OTdhOTNlMDU0NjU1YzYxZGVjJTdDMSU3QzAlN0M2MzY0NzU5NTEyMjg0NjE2NDAm
c2RhdGE9JTJCb3FTVkVXUTUlMkJHbmQ0NU9LeGdBTkwwNGpSZmdiWGlwSHhwb3dHUTBjVVElM0Qm
cmVzZXJ2ZWQ9MD4pDQogICAgICAgICAgQ28tQ2hhaXJzIHN1bW1hcml6ZSBjb25jZXJucyB3aXRo
IGN1cnJlbnQgQ2hhcnRlciB0ZXh0DQogICAgICAgICAgICAgICAtIFVzZSBvZiBSRkM0MTA4DQrC
tyAgICAgICAgICAgICAgICAgIC0gSHVtIG9uIGlmIHdlIHNob3VsZCByZW1vdmUgNDEwOCAtIFN0
cm9uZ2VyIGh1bT8/Pw0KwrcgICAgICAgICAgICAgICAgICAtIEh1bSBvbiBpZiB3ZSBzaG91bGQg
bGVhdmUgNDEwOA0KICAgICAgICAgICAgLSBTaG91bGQgd2UgY29uc3RyYWluIHRoaXMgdG8gQ2xh
c3MgMQ0KICAgICAgICAgIC0gQ2xhcmlmaWNhdGlvbiBvbiB0ZXh0IHJldm9sdmluZyBhcm91bmQg
dHJhbnNwb3J0IG1lY2hhbmlzbXMNCsK3ICAgICAgICAgICAgICAgICAtIEh1bTogU2hvdWxkIHdl
IGF2b2lkIHRoZSBkZXZlbG9wbWVudCBvZiBuZXcgdHJhbnNwb3J0IG1lY2hhbmlzbXMgLSBZZXMg
aXMgbG91ZGVyIGluIHRoZSByb29tDQogICAgICAgICAgLSBTaG91bGQgdGhlIGNoYXJ0ZXIgaGF2
ZSB0ZXh0IHRvIHRhbGsgYWJvdXQgY2FwYWJpbGl0aWVzDQrCtyAgICAgICAgICAgICAgICAgLSBI
dW06IENoYXJ0ZXIgbmVlZHMgdGV4dA0KwrcgICAgICAgICAgICAgICAgLSBIdW06IExlYXZlIG91
dCBvZiBjaGFydGVyLCBidXQgYWRkIHRvIGFyY2hpdGVjdHVyZQ0KICAgICAgICAgLSBTaG91bGQg
dGhlIGNoYXJ0ZXIgcmVzdHJpY3QgdG8gb25lDQrCtyAgICAgICAgICAgICAgIC0gSHVtOiBZZXMN
CsK3ICAgICAgICAgICAgICAtIEh1bTogTm8gLSBNdWNoIFN0cm9uZ2VyDQogICAgICAgLSBEbyB3
ZSBuZWVkIGEgY2hhcnRlciB0ZXh0IHVwZGF0ZSBvciBsZWF2ZSBpdCB0byBhIGRpc2N1c3Npb24g
Zm9yIGRpc2NvdmVyeQ0KwrcgICAgICAgICAgICAtIEh1bTogU3Ryb25nZXIgZm9yIGxlYXZpbmcg
aXQgdG8gZGlzY3Vzc2lvbg0KDQogICAgICAtIEN1bGxlbiBKZW5uaW5ncyB2aWEgSmFiYmVyIHRl
eHQgdG8gYWRkOiBUaGUgYXJjaGl0ZWN0dXJlIHNob3VsZCBwcm92aWRlIGEgd2F5IHRvIGRpc2Nv
dmVyIHRoZSBmaXJtd2FyZSBzZXJ2ZXINCsK3ICAgICAgICAgICAgLSBIdW06ID8/Pw0KwrcNCiAg
ICAgICAgLSBBRCBzYXlzIHdlIG5lZWQgdG8gcHV0IHRoaXMgYmFjayBvbiB0aGUgbGlzdCBhZ2Fp
bg0KDQpBcyByZXF1ZXN0ZWQgYnkgdGhlIEFEIChsYXN0IGJ1bGxldCBwb2ludCksIHRoZSBjb25z
ZW5zdXMgY29uZmlybWluZyBlbWFpbCBuZXZlciBtYWRlIHRvIHRoZSBsaXN0Lg0KDQogIDEuICBG
cm9tIHRoZSBhYm92ZSBub3RlcyBleGNlcnB0LCB0aGUgY2hhbmdlcyB0aGF0IGhhZCBjb25zZW5z
dXMgaW4gbWVldGluZyBhcmUgbm90IHJlZmxlY3RlZCBpbiBjaGFydGVyDQoNCiAgMS4gIE5vbmUg
b2YgdGhpcyBoYXMgaGFzIGJlZW4gc2VudCB0byBsaXN0LiBOb3QgdGhlIG1pbnV0ZXMgZnJvbSB0
aGUgbWVldGluZy4gTm90IHRoZSBjaGFydGVyLg0KDQogIDEuICBQZW9wbGUgaGF2ZSBub3QgaGFk
IHRpbWUgdG8gcmV2aWV3IG9yIGNvbW1lbnQgb24gaXQNCg0KV2hhdCBzaG91bGQgYmUgdGhlIHBs
YW4gZm9yd2FyZCBpbiBhZGRyZXNzaW5nIHRoZSBjb25jZXJucyBoZXJlID8NCg0KVGhhbmtzDQpT
dWhhcyBOYW5kYWt1bWFyDQoNCg0KSU1QT1JUQU5UIE5PVElDRTogVGhlIGNvbnRlbnRzIG9mIHRo
aXMgZW1haWwgYW5kIGFueSBhdHRhY2htZW50cyBhcmUgY29uZmlkZW50aWFsIGFuZCBtYXkgYWxz
byBiZSBwcml2aWxlZ2VkLiBJZiB5b3UgYXJlIG5vdCB0aGUgaW50ZW5kZWQgcmVjaXBpZW50LCBw
bGVhc2Ugbm90aWZ5IHRoZSBzZW5kZXIgaW1tZWRpYXRlbHkgYW5kIGRvIG5vdCBkaXNjbG9zZSB0
aGUgY29udGVudHMgdG8gYW55IG90aGVyIHBlcnNvbiwgdXNlIGl0IGZvciBhbnkgcHVycG9zZSwg
b3Igc3RvcmUgb3IgY29weSB0aGUgaW5mb3JtYXRpb24gaW4gYW55IG1lZGl1bS4gVGhhbmsgeW91
Lg0K

--_000_AM4PR0801MB2706337FD41759AD4D45E87FFA380AM4PR0801MB2706_
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: base64

PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy
bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt
YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj
cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv
VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg
Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv
ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTQgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl
PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6
V2luZ2RpbmdzOw0KCXBhbm9zZS0xOjUgMCAwIDAgMCAwIDAgMCAwIDA7fQ0KQGZvbnQtZmFjZQ0K
CXtmb250LWZhbWlseTpXaW5nZGluZ3M7DQoJcGFub3NlLTE6NSAwIDAgMCAwIDAgMCAwIDAgMDt9
DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OkNhbGlicmk7DQoJcGFub3NlLTE6MiAxNSA1IDIg
MiAyIDQgMyAyIDQ7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseTpUYWhvbWE7DQoJcGFub3Nl
LTE6MiAxMSA2IDQgMyA1IDQgNCAyIDQ7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseToiU2Vn
b2UgVUkgU2VtaWxpZ2h0IjsNCglwYW5vc2UtMToyIDExIDQgMiA0IDIgNCAyIDIgMzt9DQovKiBT
dHlsZSBEZWZpbml0aW9ucyAqLw0KcC5Nc29Ob3JtYWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1zb05v
cm1hbA0KCXttYXJnaW46MGNtOw0KCW1hcmdpbi1ib3R0b206LjAwMDFwdDsNCglmb250LXNpemU6
MTIuMHB0Ow0KCWZvbnQtZmFtaWx5OiJUaW1lcyBOZXcgUm9tYW4iLCJzZXJpZiI7fQ0KYTpsaW5r
LCBzcGFuLk1zb0h5cGVybGluaw0KCXttc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6Ymx1
ZTsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lO30NCmE6dmlzaXRlZCwgc3Bhbi5Nc29IeXBl
cmxpbmtGb2xsb3dlZA0KCXttc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJY29sb3I6cHVycGxlOw0K
CXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KcC5Nc29BY2V0YXRlLCBsaS5Nc29BY2V0YXRl
LCBkaXYuTXNvQWNldGF0ZQ0KCXttc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJbXNvLXN0eWxlLWxp
bms6IkJhbGxvb24gVGV4dCBDaGFyIjsNCgltYXJnaW46MGNtOw0KCW1hcmdpbi1ib3R0b206LjAw
MDFwdDsNCglmb250LXNpemU6OC4wcHQ7DQoJZm9udC1mYW1pbHk6IlRhaG9tYSIsInNhbnMtc2Vy
aWYiO30NCnNwYW4ubTYwNDMzNTc2NTIzMzE3NDAzNTZnbWFpbC1hdXRob3ItYS1nc2I2M2F6NzF6
M3o4MHpkejg5eno3Mnp6Njh6ejc1enF6ODl6DQoJe21zby1zdHlsZS1uYW1lOm1fNjA0MzM1NzY1
MjMzMTc0MDM1NmdtYWlsLWF1dGhvci1hLWdzYjYzYXo3MXozejgwemR6ODl6ejcyeno2OHp6NzV6
cXo4OXo7fQ0Kc3Bhbi5tNjA0MzM1NzY1MjMzMTc0MDM1NmdtYWlsLXNwYXJrdHRob2xkZXINCgl7
bXNvLXN0eWxlLW5hbWU6bV82MDQzMzU3NjUyMzMxNzQwMzU2Z21haWwtc3Bhcmt0dGhvbGRlcjt9
DQpzcGFuLkJhbGxvb25UZXh0Q2hhcg0KCXttc28tc3R5bGUtbmFtZToiQmFsbG9vbiBUZXh0IENo
YXIiOw0KCW1zby1zdHlsZS1wcmlvcml0eTo5OTsNCgltc28tc3R5bGUtbGluazoiQmFsbG9vbiBU
ZXh0IjsNCglmb250LWZhbWlseToiVGFob21hIiwic2Fucy1zZXJpZiI7DQoJbXNvLWZhcmVhc3Qt
bGFuZ3VhZ2U6RU4tR0I7fQ0Kc3Bhbi5FbWFpbFN0eWxlMjENCgl7bXNvLXN0eWxlLXR5cGU6cGVy
c29uYWwtcmVwbHk7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLCJzYW5zLXNlcmlmIjsNCgljb2xv
cjojMUY0OTdEO30NCi5Nc29DaHBEZWZhdWx0DQoJe21zby1zdHlsZS10eXBlOmV4cG9ydC1vbmx5
Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIiwic2Fucy1zZXJpZiI7DQoJbXNvLWZhcmVhc3QtbGFu
Z3VhZ2U6RU4tVVM7fQ0KQHBhZ2UgV29yZFNlY3Rpb24xDQoJe3NpemU6NjEyLjBwdCA3OTIuMHB0
Ow0KCW1hcmdpbjo3Mi4wcHQgNzIuMHB0IDcyLjBwdCA3Mi4wcHQ7fQ0KZGl2LldvcmRTZWN0aW9u
MQ0KCXtwYWdlOldvcmRTZWN0aW9uMTt9DQovKiBMaXN0IERlZmluaXRpb25zICovDQpAbGlzdCBs
MA0KCXttc28tbGlzdC1pZDozOTQ5MzM1MTA7DQoJbXNvLWxpc3QtdGVtcGxhdGUtaWRzOi01NjA5
MzgzNjg7fQ0KQGxpc3QgbDENCgl7bXNvLWxpc3QtaWQ6NDE5ODM0NTc4Ow0KCW1zby1saXN0LXRl
bXBsYXRlLWlkczotNjM1Nzc5NDk2O30NCkBsaXN0IGwxOmxldmVsMQ0KCXttc28tbGV2ZWwtbnVt
YmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWIt
c3RvcDozNi4wcHQ7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5k
ZW50Oi0xOC4wcHQ7DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpT
eW1ib2w7fQ0KQGxpc3QgbDE6bGV2ZWwyDQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxl
dDsNCgltc28tbGV2ZWwtdGV4dDpvOw0KCW1zby1sZXZlbC10YWItc3RvcDo3Mi4wcHQ7DQoJbXNv
LWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7DQoJbXNv
LWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseToiQ291cmllciBOZXciOw0KCW1z
by1iaWRpLWZvbnQtZmFtaWx5OiJUaW1lcyBOZXcgUm9tYW4iO30NCkBsaXN0IGwxOmxldmVsMw0K
CXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674KnOw0K
CW1zby1sZXZlbC10YWItc3RvcDoxMDguMHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246
bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7
DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCkBsaXN0IGwxOmxldmVsNA0KCXttc28tbGV2ZWwt
bnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674KnOw0KCW1zby1sZXZlbC10
YWItc3RvcDoxNDQuMHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0
LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1p
bHk6V2luZ2RpbmdzO30NCkBsaXN0IGwxOmxldmVsNQ0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1h
dDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674KnOw0KCW1zby1sZXZlbC10YWItc3RvcDoxODAu
MHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTgu
MHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6V2luZ2Rpbmdz
O30NCkBsaXN0IGwxOmxldmVsNg0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJ
bXNvLWxldmVsLXRleHQ674KnOw0KCW1zby1sZXZlbC10YWItc3RvcDoyMTYuMHB0Ow0KCW1zby1s
ZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1h
bnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCkBsaXN0IGwx
OmxldmVsNw0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRl
eHQ674KnOw0KCW1zby1sZXZlbC10YWItc3RvcDoyNTIuMHB0Ow0KCW1zby1sZXZlbC1udW1iZXIt
cG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6
ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCkBsaXN0IGwxOmxldmVsOA0KCXtt
c28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674KnOw0KCW1z
by1sZXZlbC10YWItc3RvcDoyODguMHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVm
dDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJ
Zm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCkBsaXN0IGwxOmxldmVsOQ0KCXttc28tbGV2ZWwtbnVt
YmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674KnOw0KCW1zby1sZXZlbC10YWIt
c3RvcDozMjQuMHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWlu
ZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6
V2luZ2RpbmdzO30NCkBsaXN0IGwyDQoJe21zby1saXN0LWlkOjQyODE2MjgxMzsNCgltc28tbGlz
dC10ZW1wbGF0ZS1pZHM6MTUyMzM2MDQxMDt9DQpAbGlzdCBsMjpsZXZlbDENCgl7bXNvLWxldmVs
LW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CtzsNCgltc28tbGV2ZWwt
dGFiLXN0b3A6MzYuMHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0
LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1p
bHk6U3ltYm9sO30NCkBsaXN0IGwyOmxldmVsMg0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpi
dWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ6bzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6NzIuMHB0Ow0K
CW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0K
CW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6IkNvdXJpZXIgTmV3IjsN
Cgltc28tYmlkaS1mb250LWZhbWlseToiVGltZXMgTmV3IFJvbWFuIjt9DQpAbGlzdCBsMjpsZXZl
bDMNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+C
pzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6MTA4LjBwdDsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0
aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCgltc28tYW5zaS1mb250LXNpemU6MTAu
MHB0Ow0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczt9DQpAbGlzdCBsMjpsZXZlbDQNCgl7bXNvLWxl
dmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CpzsNCgltc28tbGV2
ZWwtdGFiLXN0b3A6MTQ0LjBwdDsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJ
dGV4dC1pbmRlbnQ6LTE4LjBwdDsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQt
ZmFtaWx5OldpbmdkaW5nczt9DQpAbGlzdCBsMjpsZXZlbDUNCgl7bXNvLWxldmVsLW51bWJlci1m
b3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CpzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6
MTgwLjBwdDsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6
LTE4LjBwdDsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5Oldpbmdk
aW5nczt9DQpAbGlzdCBsMjpsZXZlbDYNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0
Ow0KCW1zby1sZXZlbC10ZXh0Ou+CpzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6MjE2LjBwdDsNCglt
c28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCglt
c28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczt9DQpAbGlz
dCBsMjpsZXZlbDcNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZl
bC10ZXh0Ou+CpzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6MjUyLjBwdDsNCgltc28tbGV2ZWwtbnVt
YmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCgltc28tYW5zaS1mb250
LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczt9DQpAbGlzdCBsMjpsZXZlbDgN
Cgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CpzsN
Cgltc28tbGV2ZWwtdGFiLXN0b3A6Mjg4LjBwdDsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9u
OmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0
Ow0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczt9DQpAbGlzdCBsMjpsZXZlbDkNCgl7bXNvLWxldmVs
LW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CpzsNCgltc28tbGV2ZWwt
dGFiLXN0b3A6MzI0LjBwdDsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4
dC1pbmRlbnQ6LTE4LjBwdDsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFt
aWx5OldpbmdkaW5nczt9DQpAbGlzdCBsMw0KCXttc28tbGlzdC1pZDo2NjY5MDg2OTc7DQoJbXNv
LWxpc3QtdGVtcGxhdGUtaWRzOi0xOTA4NzU3MDgyO30NCkBsaXN0IGwzOmxldmVsMQ0KCXttc28t
bGV2ZWwtc3RhcnQtYXQ6NDsNCgltc28tbGV2ZWwtdGFiLXN0b3A6MzYuMHB0Ow0KCW1zby1sZXZl
bC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0O30NCkBsaXN0IGw0
DQoJe21zby1saXN0LWlkOjcwNDkwNjcwNTsNCgltc28tbGlzdC10ZW1wbGF0ZS1pZHM6LTE2NDUz
MzM5NjQ7fQ0KQGxpc3QgbDQ6bGV2ZWwxDQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxl
dDsNCgltc28tbGV2ZWwtdGV4dDrvgrc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjM2LjBwdDsNCglt
c28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCglt
c28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OlN5bWJvbDt9DQpAbGlzdCBs
NDpsZXZlbDINCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10
ZXh0Om87DQoJbXNvLWxldmVsLXRhYi1zdG9wOjcyLjBwdDsNCgltc28tbGV2ZWwtbnVtYmVyLXBv
c2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCgltc28tYW5zaS1mb250LXNpemU6
MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDb3VyaWVyIE5ldyI7DQoJbXNvLWJpZGktZm9udC1mYW1p
bHk6IlRpbWVzIE5ldyBSb21hbiI7fQ0KQGxpc3QgbDQ6bGV2ZWwzDQoJe21zby1sZXZlbC1udW1i
ZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxldmVsLXRhYi1z
dG9wOjEwOC4wcHQ7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5k
ZW50Oi0xOC4wcHQ7DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpX
aW5nZGluZ3M7fQ0KQGxpc3QgbDQ6bGV2ZWw0DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1
bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjE0NC4wcHQ7
DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7
DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0K
QGxpc3QgbDQ6bGV2ZWw1DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28t
bGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjE4MC4wcHQ7DQoJbXNvLWxldmVs
LW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7DQoJbXNvLWFuc2kt
Zm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxpc3QgbDQ6bGV2
ZWw2DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrv
gqc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjIxNi4wcHQ7DQoJbXNvLWxldmVsLW51bWJlci1wb3Np
dGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7DQoJbXNvLWFuc2ktZm9udC1zaXplOjEw
LjBwdDsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxpc3QgbDQ6bGV2ZWw3DQoJe21zby1s
ZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxl
dmVsLXRhYi1zdG9wOjI1Mi4wcHQ7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0K
CXRleHQtaW5kZW50Oi0xOC4wcHQ7DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250
LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxpc3QgbDQ6bGV2ZWw4DQoJe21zby1sZXZlbC1udW1iZXIt
Zm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxldmVsLXRhYi1zdG9w
OjI4OC4wcHQ7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50
Oi0xOC4wcHQ7DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpXaW5n
ZGluZ3M7fQ0KQGxpc3QgbDQ6bGV2ZWw5DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxl
dDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjMyNC4wcHQ7DQoJ
bXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7DQoJ
bXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxp
c3QgbDUNCgl7bXNvLWxpc3QtaWQ6ODAwMDcxNDE0Ow0KCW1zby1saXN0LXRlbXBsYXRlLWlkczot
NjQ4MzU4MzU2O30NCkBsaXN0IGw1OmxldmVsMQ0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpi
dWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDozNi4wcHQ7
DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7
DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpTeW1ib2w7fQ0KQGxp
c3QgbDU6bGV2ZWwyDQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2
ZWwtdGV4dDpvOw0KCW1zby1sZXZlbC10YWItc3RvcDo3Mi4wcHQ7DQoJbXNvLWxldmVsLW51bWJl
ci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7DQoJbXNvLWFuc2ktZm9udC1z
aXplOjEwLjBwdDsNCglmb250LWZhbWlseToiQ291cmllciBOZXciOw0KCW1zby1iaWRpLWZvbnQt
ZmFtaWx5OiJUaW1lcyBOZXcgUm9tYW4iO30NCkBsaXN0IGw1OmxldmVsMw0KCXttc28tbGV2ZWwt
bnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674KnOw0KCW1zby1sZXZlbC10
YWItc3RvcDoxMDguMHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0
LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1p
bHk6V2luZ2RpbmdzO30NCkBsaXN0IGw1OmxldmVsNA0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1h
dDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674KnOw0KCW1zby1sZXZlbC10YWItc3RvcDoxNDQu
MHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTgu
MHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6V2luZ2Rpbmdz
O30NCkBsaXN0IGw1OmxldmVsNQ0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJ
bXNvLWxldmVsLXRleHQ674KnOw0KCW1zby1sZXZlbC10YWItc3RvcDoxODAuMHB0Ow0KCW1zby1s
ZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1h
bnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCkBsaXN0IGw1
OmxldmVsNg0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRl
eHQ674KnOw0KCW1zby1sZXZlbC10YWItc3RvcDoyMTYuMHB0Ow0KCW1zby1sZXZlbC1udW1iZXIt
cG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6
ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCkBsaXN0IGw1OmxldmVsNw0KCXtt
c28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674KnOw0KCW1z
by1sZXZlbC10YWItc3RvcDoyNTIuMHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVm
dDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJ
Zm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCkBsaXN0IGw1OmxldmVsOA0KCXttc28tbGV2ZWwtbnVt
YmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674KnOw0KCW1zby1sZXZlbC10YWIt
c3RvcDoyODguMHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWlu
ZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6
V2luZ2RpbmdzO30NCkBsaXN0IGw1OmxldmVsOQ0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpi
dWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674KnOw0KCW1zby1sZXZlbC10YWItc3RvcDozMjQuMHB0
Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0
Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzO30N
CkBsaXN0IGw2DQoJe21zby1saXN0LWlkOjg5MjI3OTYyODsNCgltc28tbGlzdC10ZW1wbGF0ZS1p
ZHM6LTM3Mjc0NjYyMjt9DQpAbGlzdCBsNjpsZXZlbDENCgl7bXNvLWxldmVsLW51bWJlci1mb3Jt
YXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CtzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6MzYu
MHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTgu
MHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6U3ltYm9sO30N
CkBsaXN0IGw2OmxldmVsMg0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNv
LWxldmVsLXRleHQ6bzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6NzIuMHB0Ow0KCW1zby1sZXZlbC1u
dW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZv
bnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6IkNvdXJpZXIgTmV3IjsNCgltc28tYmlkaS1m
b250LWZhbWlseToiVGltZXMgTmV3IFJvbWFuIjt9DQpAbGlzdCBsNjpsZXZlbDMNCgl7bXNvLWxl
dmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CpzsNCgltc28tbGV2
ZWwtdGFiLXN0b3A6MTA4LjBwdDsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJ
dGV4dC1pbmRlbnQ6LTE4LjBwdDsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQt
ZmFtaWx5OldpbmdkaW5nczt9DQpAbGlzdCBsNjpsZXZlbDQNCgl7bXNvLWxldmVsLW51bWJlci1m
b3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CpzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6
MTQ0LjBwdDsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6
LTE4LjBwdDsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5Oldpbmdk
aW5nczt9DQpAbGlzdCBsNjpsZXZlbDUNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0
Ow0KCW1zby1sZXZlbC10ZXh0Ou+CpzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6MTgwLjBwdDsNCglt
c28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCglt
c28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczt9DQpAbGlz
dCBsNjpsZXZlbDYNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZl
bC10ZXh0Ou+CpzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6MjE2LjBwdDsNCgltc28tbGV2ZWwtbnVt
YmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCgltc28tYW5zaS1mb250
LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczt9DQpAbGlzdCBsNjpsZXZlbDcN
Cgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CpzsN
Cgltc28tbGV2ZWwtdGFiLXN0b3A6MjUyLjBwdDsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9u
OmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0
Ow0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczt9DQpAbGlzdCBsNjpsZXZlbDgNCgl7bXNvLWxldmVs
LW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CpzsNCgltc28tbGV2ZWwt
dGFiLXN0b3A6Mjg4LjBwdDsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4
dC1pbmRlbnQ6LTE4LjBwdDsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFt
aWx5OldpbmdkaW5nczt9DQpAbGlzdCBsNjpsZXZlbDkNCgl7bXNvLWxldmVsLW51bWJlci1mb3Jt
YXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CpzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6MzI0
LjBwdDsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4
LjBwdDsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OldpbmdkaW5n
czt9DQpAbGlzdCBsNw0KCXttc28tbGlzdC1pZDo5NDA3MjQwNDM7DQoJbXNvLWxpc3QtdGVtcGxh
dGUtaWRzOjEyNDkwMjA3MDY7fQ0KQGxpc3QgbDc6bGV2ZWwxDQoJe21zby1sZXZlbC1udW1iZXIt
Zm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgrc7DQoJbXNvLWxldmVsLXRhYi1zdG9w
OjM2LjBwdDsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6
LTE4LjBwdDsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OlN5bWJv
bDt9DQpAbGlzdCBsNzpsZXZlbDINCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0K
CW1zby1sZXZlbC10ZXh0Om87DQoJbXNvLWxldmVsLXRhYi1zdG9wOjcyLjBwdDsNCgltc28tbGV2
ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCgltc28tYW5z
aS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDb3VyaWVyIE5ldyI7DQoJbXNvLWJp
ZGktZm9udC1mYW1pbHk6IlRpbWVzIE5ldyBSb21hbiI7fQ0KQGxpc3QgbDc6bGV2ZWwzDQoJe21z
by1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNv
LWxldmVsLXRhYi1zdG9wOjEwOC4wcHQ7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0
Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglm
b250LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxpc3QgbDc6bGV2ZWw0DQoJe21zby1sZXZlbC1udW1i
ZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxldmVsLXRhYi1z
dG9wOjE0NC4wcHQ7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5k
ZW50Oi0xOC4wcHQ7DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpX
aW5nZGluZ3M7fQ0KQGxpc3QgbDc6bGV2ZWw1DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1
bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjE4MC4wcHQ7
DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7
DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0K
QGxpc3QgbDc6bGV2ZWw2DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28t
bGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjIxNi4wcHQ7DQoJbXNvLWxldmVs
LW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7DQoJbXNvLWFuc2kt
Zm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxpc3QgbDc6bGV2
ZWw3DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrv
gqc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjI1Mi4wcHQ7DQoJbXNvLWxldmVsLW51bWJlci1wb3Np
dGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7DQoJbXNvLWFuc2ktZm9udC1zaXplOjEw
LjBwdDsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxpc3QgbDc6bGV2ZWw4DQoJe21zby1s
ZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxl
dmVsLXRhYi1zdG9wOjI4OC4wcHQ7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0K
CXRleHQtaW5kZW50Oi0xOC4wcHQ7DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250
LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxpc3QgbDc6bGV2ZWw5DQoJe21zby1sZXZlbC1udW1iZXIt
Zm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxldmVsLXRhYi1zdG9w
OjMyNC4wcHQ7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50
Oi0xOC4wcHQ7DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpXaW5n
ZGluZ3M7fQ0KQGxpc3QgbDgNCgl7bXNvLWxpc3QtaWQ6MTE2MTIzNzk2ODsNCgltc28tbGlzdC10
ZW1wbGF0ZS1pZHM6Mzk3ODA4MzM0O30NCkBsaXN0IGw4OmxldmVsMQ0KCXttc28tbGV2ZWwtc3Rh
cnQtYXQ6MjsNCgltc28tbGV2ZWwtdGFiLXN0b3A6MzYuMHB0Ow0KCW1zby1sZXZlbC1udW1iZXIt
cG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0O30NCkBsaXN0IGw5DQoJe21zby1s
aXN0LWlkOjE0NzgzNzUyMzg7DQoJbXNvLWxpc3QtdGVtcGxhdGUtaWRzOjEyMjkxMDkzNjg7fQ0K
QGxpc3QgbDk6bGV2ZWwxDQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28t
bGV2ZWwtdGV4dDrvgrc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjM2LjBwdDsNCgltc28tbGV2ZWwt
bnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCgltc28tYW5zaS1m
b250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OlN5bWJvbDt9DQpAbGlzdCBsOTpsZXZlbDIN
Cgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Om87DQoJ
bXNvLWxldmVsLXRhYi1zdG9wOjcyLjBwdDsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxl
ZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0K
CWZvbnQtZmFtaWx5OiJDb3VyaWVyIE5ldyI7DQoJbXNvLWJpZGktZm9udC1mYW1pbHk6IlRpbWVz
IE5ldyBSb21hbiI7fQ0KQGxpc3QgbDk6bGV2ZWwzDQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0
OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjEwOC4w
cHQ7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0xOC4w
cHQ7DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7
fQ0KQGxpc3QgbDk6bGV2ZWw0DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCglt
c28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjE0NC4wcHQ7DQoJbXNvLWxl
dmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7DQoJbXNvLWFu
c2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxpc3QgbDk6
bGV2ZWw1DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4
dDrvgqc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjE4MC4wcHQ7DQoJbXNvLWxldmVsLW51bWJlci1w
b3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7DQoJbXNvLWFuc2ktZm9udC1zaXpl
OjEwLjBwdDsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxpc3QgbDk6bGV2ZWw2DQoJe21z
by1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNv
LWxldmVsLXRhYi1zdG9wOjIxNi4wcHQ7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0
Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglm
b250LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxpc3QgbDk6bGV2ZWw3DQoJe21zby1sZXZlbC1udW1i
ZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxldmVsLXRhYi1z
dG9wOjI1Mi4wcHQ7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5k
ZW50Oi0xOC4wcHQ7DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpX
aW5nZGluZ3M7fQ0KQGxpc3QgbDk6bGV2ZWw4DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1
bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjI4OC4wcHQ7
DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7
DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0K
QGxpc3QgbDk6bGV2ZWw5DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28t
bGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjMyNC4wcHQ7DQoJbXNvLWxldmVs
LW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7DQoJbXNvLWFuc2kt
Zm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxpc3QgbDEwDQoJ
e21zby1saXN0LWlkOjE1ODM4MzcyMDk7DQoJbXNvLWxpc3QtdGVtcGxhdGUtaWRzOjE4NzE3MjY5
MTA7fQ0KQGxpc3QgbDEwOmxldmVsMQ0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7
DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDozNi4wcHQ7DQoJbXNv
LWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7DQoJbXNv
LWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpTeW1ib2w7fQ0KQGxpc3QgbDEw
OmxldmVsMg0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRl
eHQ6bzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6NzIuMHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9z
aXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZTox
MC4wcHQ7DQoJZm9udC1mYW1pbHk6IkNvdXJpZXIgTmV3IjsNCgltc28tYmlkaS1mb250LWZhbWls
eToiVGltZXMgTmV3IFJvbWFuIjt9DQpAbGlzdCBsMTA6bGV2ZWwzDQoJe21zby1sZXZlbC1udW1i
ZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxldmVsLXRhYi1z
dG9wOjEwOC4wcHQ7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5k
ZW50Oi0xOC4wcHQ7DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpX
aW5nZGluZ3M7fQ0KQGxpc3QgbDEwOmxldmVsNA0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpi
dWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674KnOw0KCW1zby1sZXZlbC10YWItc3RvcDoxNDQuMHB0
Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0
Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzO30N
CkBsaXN0IGwxMDpsZXZlbDUNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1z
by1sZXZlbC10ZXh0Ou+CpzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6MTgwLjBwdDsNCgltc28tbGV2
ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCgltc28tYW5z
aS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczt9DQpAbGlzdCBsMTA6
bGV2ZWw2DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4
dDrvgqc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjIxNi4wcHQ7DQoJbXNvLWxldmVsLW51bWJlci1w
b3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7DQoJbXNvLWFuc2ktZm9udC1zaXpl
OjEwLjBwdDsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxpc3QgbDEwOmxldmVsNw0KCXtt
c28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674KnOw0KCW1z
by1sZXZlbC10YWItc3RvcDoyNTIuMHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVm
dDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJ
Zm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCkBsaXN0IGwxMDpsZXZlbDgNCgl7bXNvLWxldmVsLW51
bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CpzsNCgltc28tbGV2ZWwtdGFi
LXN0b3A6Mjg4LjBwdDsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1p
bmRlbnQ6LTE4LjBwdDsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5
OldpbmdkaW5nczt9DQpAbGlzdCBsMTA6bGV2ZWw5DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0
OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjMyNC4w
cHQ7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0xOC4w
cHQ7DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7
fQ0KQGxpc3QgbDExDQoJe21zby1saXN0LWlkOjE2MTg4MzI3MTk7DQoJbXNvLWxpc3QtdGVtcGxh
dGUtaWRzOjE5MjYxNTY0MjQ7fQ0KQGxpc3QgbDExOmxldmVsMQ0KCXttc28tbGV2ZWwtbnVtYmVy
LWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWItc3Rv
cDozNi4wcHQ7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50
Oi0xOC4wcHQ7DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpTeW1i
b2w7fQ0KQGxpc3QgbDExOmxldmVsMg0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7
DQoJbXNvLWxldmVsLXRleHQ6bzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6NzIuMHB0Ow0KCW1zby1s
ZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1h
bnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6IkNvdXJpZXIgTmV3IjsNCgltc28t
YmlkaS1mb250LWZhbWlseToiVGltZXMgTmV3IFJvbWFuIjt9DQpAbGlzdCBsMTE6bGV2ZWwzDQoJ
e21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJ
bXNvLWxldmVsLXRhYi1zdG9wOjEwOC4wcHQ7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjps
ZWZ0Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsN
Cglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxpc3QgbDExOmxldmVsNA0KCXttc28tbGV2ZWwt
bnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674KnOw0KCW1zby1sZXZlbC10
YWItc3RvcDoxNDQuMHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0
LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1p
bHk6V2luZ2RpbmdzO30NCkBsaXN0IGwxMTpsZXZlbDUNCgl7bXNvLWxldmVsLW51bWJlci1mb3Jt
YXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CpzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6MTgw
LjBwdDsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4
LjBwdDsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OldpbmdkaW5n
czt9DQpAbGlzdCBsMTE6bGV2ZWw2DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsN
Cgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjIxNi4wcHQ7DQoJbXNv
LWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7DQoJbXNv
LWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxpc3Qg
bDExOmxldmVsNw0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVs
LXRleHQ674KnOw0KCW1zby1sZXZlbC10YWItc3RvcDoyNTIuMHB0Ow0KCW1zby1sZXZlbC1udW1i
ZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQt
c2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCkBsaXN0IGwxMTpsZXZlbDgN
Cgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CpzsN
Cgltc28tbGV2ZWwtdGFiLXN0b3A6Mjg4LjBwdDsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9u
OmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0
Ow0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczt9DQpAbGlzdCBsMTE6bGV2ZWw5DQoJe21zby1sZXZl
bC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxldmVs
LXRhYi1zdG9wOjMyNC4wcHQ7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRl
eHQtaW5kZW50Oi0xOC4wcHQ7DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250LWZh
bWlseTpXaW5nZGluZ3M7fQ0KQGxpc3QgbDEyDQoJe21zby1saXN0LWlkOjE3Mzk1OTQ0MDQ7DQoJ
bXNvLWxpc3QtdGVtcGxhdGUtaWRzOi0xNzA1MzIwMDM2O30NCkBsaXN0IGwxMjpsZXZlbDENCgl7
bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CtzsNCglt
c28tbGV2ZWwtdGFiLXN0b3A6MzYuMHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVm
dDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJ
Zm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGwxMjpsZXZlbDINCgl7bXNvLWxldmVsLW51bWJl
ci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Om87DQoJbXNvLWxldmVsLXRhYi1zdG9w
OjcyLjBwdDsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6
LTE4LjBwdDsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDb3Vy
aWVyIE5ldyI7DQoJbXNvLWJpZGktZm9udC1mYW1pbHk6IlRpbWVzIE5ldyBSb21hbiI7fQ0KQGxp
c3QgbDEyOmxldmVsMw0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxl
dmVsLXRleHQ674KnOw0KCW1zby1sZXZlbC10YWItc3RvcDoxMDguMHB0Ow0KCW1zby1sZXZlbC1u
dW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZv
bnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCkBsaXN0IGwxMjpsZXZl
bDQNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+C
pzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6MTQ0LjBwdDsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0
aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCgltc28tYW5zaS1mb250LXNpemU6MTAu
MHB0Ow0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczt9DQpAbGlzdCBsMTI6bGV2ZWw1DQoJe21zby1s
ZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxl
dmVsLXRhYi1zdG9wOjE4MC4wcHQ7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0K
CXRleHQtaW5kZW50Oi0xOC4wcHQ7DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBwdDsNCglmb250
LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxpc3QgbDEyOmxldmVsNg0KCXttc28tbGV2ZWwtbnVtYmVy
LWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674KnOw0KCW1zby1sZXZlbC10YWItc3Rv
cDoyMTYuMHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVu
dDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6V2lu
Z2RpbmdzO30NCkBsaXN0IGwxMjpsZXZlbDcNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVs
bGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CpzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6MjUyLjBwdDsN
Cgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsN
Cgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczt9DQpA
bGlzdCBsMTI6bGV2ZWw4DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28t
bGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOjI4OC4wcHQ7DQoJbXNvLWxldmVs
LW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7DQoJbXNvLWFuc2kt
Zm9udC1zaXplOjEwLjBwdDsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxpc3QgbDEyOmxl
dmVsOQ0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ6
74KnOw0KCW1zby1sZXZlbC10YWItc3RvcDozMjQuMHB0Ow0KCW1zby1sZXZlbC1udW1iZXItcG9z
aXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCW1zby1hbnNpLWZvbnQtc2l6ZTox
MC4wcHQ7DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCkBsaXN0IGwxMw0KCXttc28tbGlzdC1p
ZDoxODUyMzM2Mzg5Ow0KCW1zby1saXN0LXRlbXBsYXRlLWlkczotMjEzMzMxMTQyNDt9DQpAbGlz
dCBsMTM6bGV2ZWwxDQoJe21zby1sZXZlbC1zdGFydC1hdDozOw0KCW1zby1sZXZlbC10YWItc3Rv
cDozNi4wcHQ7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50
Oi0xOC4wcHQ7fQ0Kb2wNCgl7bWFyZ2luLWJvdHRvbTowY207fQ0KdWwNCgl7bWFyZ2luLWJvdHRv
bTowY207fQ0KLS0+PC9zdHlsZT48IS0tW2lmIGd0ZSBtc28gOV0+PHhtbD4NCjxvOnNoYXBlZGVm
YXVsdHMgdjpleHQ9ImVkaXQiIHNwaWRtYXg9IjEwMjYiIC8+DQo8L3htbD48IVtlbmRpZl0tLT48
IS0tW2lmIGd0ZSBtc28gOV0+PHhtbD4NCjxvOnNoYXBlbGF5b3V0IHY6ZXh0PSJlZGl0Ij4NCjxv
OmlkbWFwIHY6ZXh0PSJlZGl0IiBkYXRhPSIxIiAvPg0KPC9vOnNoYXBlbGF5b3V0PjwveG1sPjwh
W2VuZGlmXS0tPg0KPC9oZWFkPg0KPGJvZHkgbGFuZz0iRU4tR0IiIGxpbms9ImJsdWUiIHZsaW5r
PSJwdXJwbGUiPg0KPGRpdiBjbGFzcz0iV29yZFNlY3Rpb24xIj4NCjxwIGNsYXNzPSJNc29Ob3Jt
YWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGli
cmkmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojMUY0OTdEIj5IaSBTdWhhcywN
CjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxl
PSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssJnF1b3Q7
c2Fucy1zZXJpZiZxdW90Oztjb2xvcjojMUY0OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48
L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtm
b250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29s
b3I6IzFGNDk3RCI+U29tZXRpbWVzIHRvb2xzIGFyZSBub3QgdGhlIHNvbHV0aW9uIHRvIHRoZSBw
cm9ibGVtLiBUaGUgSUVTRyBzaG91bGQgbWFrZSB0aGVzZSBzbWFsbCBjbGFyaWZpY2F0aW9ucyBu
ZWVkZWQgdG8gZ2V0IHRoZSBjaGFydGVyIGZpbmFsaXplZC48bzpwPjwvbzpwPjwvc3Bhbj48L3A+
DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250
LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6
IzFGNDk3RCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1h
bCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJy
aSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9yOiMxRjQ5N0QiPkNpYW88bzpwPjwv
bzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1z
aXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LCZxdW90O3NhbnMtc2Vy
aWYmcXVvdDs7Y29sb3I6IzFGNDk3RCI+SGFubmVzPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAg
Y2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1p
bHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9yOiMxRjQ5
N0QiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxh
IG5hbWU9Il9NYWlsRW5kQ29tcG9zZSI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9u
dC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9y
OiMxRjQ5N0QiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvYT48L3A+DQo8cCBjbGFzcz0iTXNv
Tm9ybWFsIj48Yj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9ImZvbnQtc2l6ZToxMC4wcHQ7Zm9u
dC1mYW1pbHk6JnF1b3Q7VGFob21hJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPkZyb206
PC9zcGFuPjwvYj48c3BhbiBsYW5nPSJFTi1VUyIgc3R5bGU9ImZvbnQtc2l6ZToxMC4wcHQ7Zm9u
dC1mYW1pbHk6JnF1b3Q7VGFob21hJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDsiPiBTdWl0
IFttYWlsdG86c3VpdC1ib3VuY2VzQGlldGYub3JnXQ0KPGI+T24gQmVoYWxmIE9mIDwvYj5TdWhh
cyBOYW5kYWt1bWFyPGJyPg0KPGI+U2VudDo8L2I+IDMwIE5vdmVtYmVyIDIwMTcgMDE6NTQ8YnI+
DQo8Yj5Ubzo8L2I+IFdhbHRlcm1pcmUsIERhdmlkIEEuIChGZWQpPGJyPg0KPGI+Q2M6PC9iPiBz
dWl0QGlldGYub3JnPGJyPg0KPGI+U3ViamVjdDo8L2I+IFJlOiBbU3VpdF0gQ29uY2VybnMgYWJv
dXQgQ2hhcnRlciBhbmQgUHJvY2VzcyBGb2xsb3dlZDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxw
IGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPGRpdj4NCjxwIGNsYXNz
PSJNc29Ob3JtYWwiPlRoYW5rcyBEYXZlIGZvciB0aGUgcmVzcG9uc2UgYW5kIGNvbnNpZGVyaW5n
IHRoZSBjb25jZXJucy4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjxkaXY+DQo8cCBjbGFzcz0iTXNv
Tm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJN
c29Ob3JtYWwiPkFsc28gaSB3YXMgd29uZGVyaW5nLCB3b3VsZCBpdCBtYWtlcyBzZW5zZSB0byBo
YXZlIHRoZSBjaGFydGVyIG9uIHRoZSBnaXRodWIsIHNvIHBlb3BsZSBjYW4gY29tbWVudCBhbmQg
Z2VuZXJhdGUgcHVsbCByZXF1ZXN0cyBpZiBuZWVkZWQ8bzpwPjwvbzpwPjwvcD4NCjxkaXY+DQo8
cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4N
CjxwIGNsYXNzPSJNc29Ob3JtYWwiPlRoYW5rczxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2
Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+U3VoYXM8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPC9k
aXY+DQo8L2Rpdj4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpw
PjwvcD4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5PbiBXZWQsIE5vdiAyOSwgMjAxNyBh
dCAzOjU5IFBNLCBXYWx0ZXJtaXJlLCBEYXZpZCBBLiAoRmVkKSAmbHQ7PGEgaHJlZj0ibWFpbHRv
OmRhdmlkLndhbHRlcm1pcmVAbmlzdC5nb3YiIHRhcmdldD0iX2JsYW5rIj5kYXZpZC53YWx0ZXJt
aXJlQG5pc3QuZ292PC9hPiZndDsgd3JvdGU6PG86cD48L286cD48L3A+DQo8ZGl2Pg0KPHAgY2xh
c3M9Ik1zb05vcm1hbCI+VGhhbmsgeW91IGZvciByYWlzaW5nIHRoZXNlIGNvbmNlcm5zLCBJIHBs
YW4gdG8gc3BlbmQgdGltZSB0b21vcnJvdyByZXZpZXdpbmcgdGhlIG1lZXRlY2hvIHJlY29yZGlu
ZyBmcm9tIHRoZSBCb0YsIHJldmlld2luZyB0aGUgcmVjZW50IG1haWxpbmcgbGlzdCBkaXNjdWFh
aW9uLCB0aGUgQm9GIG5vdGVzICh3aGljaCBJJ2xsIHBvc3QpLCBhbmQgdGhlIGN1cnJlbnQgY2hh
cnRlci4gT25jZSB0aGUgY2hhaXJzIGhhdmUNCiBoYWQgYSBjaGFuY2UgdG8gcmV2aWV3IGFuZCBk
aXNjdXNzIHRoZXNlIG1hdGVyaWFscyB3ZSB3aWxsIGNvbWUgYmFjayB0byB0aGUgbGlzdCB3aXRo
IGEgcGxhbiB0byBtb3ZlIGZvcndhcmQuPGJyPg0KPGJyPg0KV2Ugd2FudCB0byBtYWtlIHN1cmUg
dGhlIGNoYXJ0ZXIgcmVmbGVjdHMgdGhlIGNvbnNlbnN1cyBvZiB0aGUgZ3JvdXAgYW5kIGFkZHJl
c3NlcyBhbnkgY29uY2VybnMgcmFpc2VkIGJ5IHRoZSBJRVNHLiBQbGVhc2UgZ2l2ZSB1cyBzb21l
IHRpbWUgdG8gbWFrZSBzdXJlIHRoaXMgaGFwcGVucyBpbiBhIHByb2R1Y3RpdmUgd2F5IGZvcndh
cmQuPGJyPg0KPGJyPg0KVGhhbmtzLDxicj4NCkRhdmU8bzpwPjwvbzpwPjwvcD4NCjxkaXY+DQo8
ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1ib3R0b206MTIuMHB0Ij48
YnI+DQo8YnI+DQotLS0tLS0tLSBPcmlnaW5hbCBNZXNzYWdlIC0tLS0tLS0tPGJyPg0KRnJvbTog
U3VpdCAmbHQ7PGEgaHJlZj0ibWFpbHRvOnN1aXQtYm91bmNlc0BpZXRmLm9yZyIgdGFyZ2V0PSJf
YmxhbmsiPnN1aXQtYm91bmNlc0BpZXRmLm9yZzwvYT4mZ3Q7IG9uIGJlaGFsZiBvZiBTdWhhcyBO
YW5kYWt1bWFyICZsdDs8YSBocmVmPSJtYWlsdG86c3VoYXNpZXRmQGdtYWlsLmNvbSIgdGFyZ2V0
PSJfYmxhbmsiPnN1aGFzaWV0ZkBnbWFpbC5jb208L2E+Jmd0Ozxicj4NCkRhdGU6IFdlZCwgTm92
ZW1iZXIgMjksIDIwMTcgNjozMiBQTSAtMDUwMDxicj4NClRvOiA8YSBocmVmPSJtYWlsdG86c3Vp
dEBpZXRmLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPnN1aXRAaWV0Zi5vcmc8L2E+PGJyPg0KU3ViamVj
dDogW1N1aXRdIENvbmNlcm5zIGFib3V0IENoYXJ0ZXIgYW5kIFByb2Nlc3MgRm9sbG93ZWQ8bzpw
PjwvbzpwPjwvcD4NCjxkaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+SGVsbG8gQ2hh
aXJzIDxvOnA+PC9vOnA+PC9wPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5i
c3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+Jm5ic3A7
IEhhdmluZyBzcGVudCBzb21ldGltZSB0byBicm93c2UgdGhyb3VnaCBkaWZmZXJlbnQgbGlzdHMg
YW5kIGF0dGVtcHRpbmcgdG8gc2hhcmVyIGNvbmNlcm5zIHRvIGVuc3VyZSB0aGF0IHRoZSBjaGFy
dGVyIHRleHQgYW5kIGNvbnNlbnN1cyBtYXRjaCwgaSB0aG91Z2h0IHdpbGwgc2hhcmUgZmV3IHBv
aW50cyBmb3IgdXMgdG8gcG9uZGVyIHVwb24uPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxkaXY+
DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRp
dj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPkFzIGEgZm9sbG93IHVwIGZyb20gQk9GLDxvOnA+PC9v
OnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPGRpdiBzdHlsZT0ibWFyZ2luLXRvcDoyLjI1cHQ7bWlu
LWhlaWdodDoxOHB0Ij4NCjxkaXY+DQo8b2wgc3RhcnQ9IjEiIHR5cGU9IjEiPg0KPGxpIGNsYXNz
PSJNc29Ob3JtYWwiIHN0eWxlPSJjb2xvcjojMzQzNTM3O21zby1tYXJnaW4tdG9wLWFsdDphdXRv
O21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRvO2xpbmUtaGVpZ2h0OjE2LjBwdDttc28tbGlzdDps
MCBsZXZlbDEgbGZvMSI+DQo8c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdCI+bWludXRlcyBh
cmUgbm90IHB1Ymxpc2hlZCB0byB0aGUgZGF0YS10cmFja2VyIG9yIHRoZSBTVUlUIG1haWxpbmcg
bGlzdC4gSSBkaXNjb3ZlcmVkIHRoZSBmb2xsb3dpbmcgbm90ZXMgZnJvbSB0aGUgZXRoZXJwYWQg
aW5zdGVhZCAoPGEgaHJlZj0iaHR0cHM6Ly9uYTAxLnNhZmVsaW5rcy5wcm90ZWN0aW9uLm91dGxv
b2suY29tLz91cmw9aHR0cHMlM0ElMkYlMkZldGhlcnBhZC50b29scy5pZXRmLm9yZyUyRnAlMkZu
b3Rlcy1pZXRmLTEwMC1zdWl0JmFtcDtkYXRhPTAyJTdDMDElN0NkYXZpZC53YWx0ZXJtaXJlJTQw
bmlzdC5nb3YlN0NmN2U0ODRhZTQwYWM0OGQ3MmIxMzA4ZDUzNzgxNjM0NiU3QzJhYjVkODJmZDhm
YTQ3OTdhOTNlMDU0NjU1YzYxZGVjJTdDMSU3QzAlN0M2MzY0NzU5NTEyMjg0NjE2NDAmYW1wO3Nk
YXRhPSUyQm9xU1ZFV1E1JTJCR25kNDVPS3hnQU5MMDRqUmZnYlhpcEh4cG93R1EwY1VRJTNEJmFt
cDtyZXNlcnZlZD0wIiB0YXJnZXQ9Il9ibGFuayI+aHR0cHM6Ly9ldGhlcnBhZC50b29scy5pZXRm
Lm9yZy9wL25vdGVzLWlldGYtMTAwLXN1aXQ8L2E+KTxvOnA+PC9vOnA+PC9zcGFuPjwvbGk+PC9v
bD4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibGluZS1oZWlnaHQ6MTYuMHB0
Ij48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdDtjb2xvcjojMzQzNTM3Ij4mbmJzcDsgJm5i
c3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7Jm5ic3A7PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNp
emU6OS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7QXJpYWwmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZx
dW90Oztjb2xvcjpibGFjaztiYWNrZ3JvdW5kOiNFM0ZGRUEiPkNvLUNoYWlycyBzdW1tYXJpemUg
Y29uY2VybnMgd2l0aCBjdXJyZW50IENoYXJ0ZXIgdGV4dDwvc3Bhbj48c3BhbiBzdHlsZT0iZm9u
dC1zaXplOjEwLjVwdDtjb2xvcjojMzQzNTM3Ij48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rp
dj4NCjxkaXYgaWQ9Im1fNjA0MzM1NzY1MjMzMTc0MDM1NmdtYWlsLW1hZ2ljZG9taWQ4NCI+DQo8
cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibGluZS1oZWlnaHQ6MTYuMHB0Ij48c3BhbiBjbGFz
cz0ibTYwNDMzNTc2NTIzMzE3NDAzNTZnbWFpbC1hdXRob3ItYS1nc2I2M2F6NzF6M3o4MHpkejg5
eno3Mnp6Njh6ejc1enF6ODl6Ij48c3BhbiBzdHlsZT0iZm9udC1zaXplOjkuMHB0O2ZvbnQtZmFt
aWx5OiZxdW90O0FyaWFsJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6YmxhY2s7
YmFja2dyb3VuZDojRTNGRkVBIj4mbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZu
YnNwOyAmbmJzcDsgJm5ic3A7LSBVc2Ugb2YgUkZDNDEwODwvc3Bhbj48L3NwYW4+PHNwYW4gc3R5
bGU9ImZvbnQtc2l6ZTo5LjBwdDtmb250LWZhbWlseTomcXVvdDtBcmlhbCZxdW90OywmcXVvdDtz
YW5zLXNlcmlmJnF1b3Q7O2NvbG9yOmJsYWNrIj48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rp
dj4NCjxkaXYgaWQ9Im1fNjA0MzM1NzY1MjMzMTc0MDM1NmdtYWlsLW1hZ2ljZG9taWQ4NSI+DQo8
cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6MTguMHB0O3RleHQtaW5kZW50
Oi0xOC4wcHQ7bGluZS1oZWlnaHQ6MTYuMHB0O21zby1saXN0Omw3IGxldmVsMSBsZm8yIj4NCjwh
W2lmICFzdXBwb3J0TGlzdHNdPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFt
aWx5OlN5bWJvbDtjb2xvcjpibGFjayI+PHNwYW4gc3R5bGU9Im1zby1saXN0Oklnbm9yZSI+wrc8
c3BhbiBzdHlsZT0iZm9udDo3LjBwdCAmcXVvdDtUaW1lcyBOZXcgUm9tYW4mcXVvdDsiPiZuYnNw
OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOw0KPC9zcGFuPjwvc3Bhbj48L3NwYW4+PCFb
ZW5kaWZdPjxzcGFuIGNsYXNzPSJtNjA0MzM1NzY1MjMzMTc0MDM1NmdtYWlsLWF1dGhvci1hLWdz
YjYzYXo3MXozejgwemR6ODl6ejcyeno2OHp6NzV6cXo4OXoiPjxzcGFuIHN0eWxlPSJmb250LXNp
emU6OS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7QXJpYWwmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZx
dW90Oztjb2xvcjpibGFjaztiYWNrZ3JvdW5kOiNFM0ZGRUEiPiZuYnNwOyAmbmJzcDsgJm5ic3A7
ICZuYnNwOyAmbmJzcDsgJm5ic3A7LSBIdW0gb24gaWYgd2Ugc2hvdWxkIHJlbW92ZSA0MTA4DQog
LSBTdHJvbmdlciBodW0/Pz88L3NwYW4+PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6OS4w
cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7QXJpYWwmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztj
b2xvcjpibGFjayI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2IGlkPSJtXzYw
NDMzNTc2NTIzMzE3NDAzNTZnbWFpbC1tYWdpY2RvbWlkODYiPg0KPHAgY2xhc3M9Ik1zb05vcm1h
bCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjE4LjBwdDt0ZXh0LWluZGVudDotMTguMHB0O2xpbmUtaGVp
Z2h0OjE2LjBwdDttc28tbGlzdDpsMTAgbGV2ZWwxIGxmbzMiPg0KPCFbaWYgIXN1cHBvcnRMaXN0
c10+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6U3ltYm9sO2NvbG9y
OmJsYWNrIj48c3BhbiBzdHlsZT0ibXNvLWxpc3Q6SWdub3JlIj7CtzxzcGFuIHN0eWxlPSJmb250
OjcuMHB0ICZxdW90O1RpbWVzIE5ldyBSb21hbiZxdW90OyI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i
c3A7Jm5ic3A7Jm5ic3A7DQo8L3NwYW4+PC9zcGFuPjwvc3Bhbj48IVtlbmRpZl0+PHNwYW4gY2xh
c3M9Im02MDQzMzU3NjUyMzMxNzQwMzU2Z21haWwtYXV0aG9yLWEtZ3NiNjNhejcxejN6ODB6ZHo4
OXp6NzJ6ejY4eno3NXpxejg5eiI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTo5LjBwdDtmb250LWZh
bWlseTomcXVvdDtBcmlhbCZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9yOmJsYWNr
O2JhY2tncm91bmQ6I0UzRkZFQSI+Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAm
bmJzcDstIEh1bSBvbiBpZiB3ZSBzaG91bGQgbGVhdmUgNDEwODwvc3Bhbj48L3NwYW4+PHNwYW4g
c3R5bGU9ImZvbnQtc2l6ZTo5LjBwdDtmb250LWZhbWlseTomcXVvdDtBcmlhbCZxdW90OywmcXVv
dDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9yOmJsYWNrIj48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8
L2Rpdj4NCjxkaXYgaWQ9Im1fNjA0MzM1NzY1MjMzMTc0MDM1NmdtYWlsLW1hZ2ljZG9taWQ4NyI+
DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibGluZS1oZWlnaHQ6MTYuMHB0Ij48c3BhbiBj
bGFzcz0ibTYwNDMzNTc2NTIzMzE3NDAzNTZnbWFpbC1hdXRob3ItYS1nc2I2M2F6NzF6M3o4MHpk
ejg5eno3Mnp6Njh6ejc1enF6ODl6Ij48c3BhbiBzdHlsZT0iZm9udC1zaXplOjkuMHB0O2ZvbnQt
ZmFtaWx5OiZxdW90O0FyaWFsJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6Ymxh
Y2s7YmFja2dyb3VuZDojRTNGRkVBIj4mbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7
ICZuYnNwOyAtIFNob3VsZCB3ZSBjb25zdHJhaW4NCiB0aGlzIHRvIENsYXNzIDE8L3NwYW4+PC9z
cGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6OS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7QXJpYWwm
cXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjpibGFjayI+PG86cD48L286cD48L3Nw
YW4+PC9wPg0KPC9kaXY+DQo8ZGl2IGlkPSJtXzYwNDMzNTc2NTIzMzE3NDAzNTZnbWFpbC1tYWdp
Y2RvbWlkODgiPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9ImxpbmUtaGVpZ2h0OjE2LjBw
dCI+PHNwYW4gY2xhc3M9Im02MDQzMzU3NjUyMzMxNzQwMzU2Z21haWwtYXV0aG9yLWEtZ3NiNjNh
ejcxejN6ODB6ZHo4OXp6NzJ6ejY4eno3NXpxejg5eiI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTo5
LjBwdDtmb250LWZhbWlseTomcXVvdDtBcmlhbCZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7
O2NvbG9yOmJsYWNrO2JhY2tncm91bmQ6I0UzRkZFQSI+Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5i
c3A7ICZuYnNwOyAtIENsYXJpZmljYXRpb24gb24NCiB0ZXh0IHJldm9sdmluZyBhcm91bmQgdHJh
bnNwb3J0IG1lY2hhbmlzbXM8L3NwYW4+PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNpemU6OS4w
cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7QXJpYWwmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztj
b2xvcjpibGFjayI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2IGlkPSJtXzYw
NDMzNTc2NTIzMzE3NDAzNTZnbWFpbC1tYWdpY2RvbWlkODkiPg0KPHAgY2xhc3M9Ik1zb05vcm1h
bCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjE4LjBwdDt0ZXh0LWluZGVudDotMTguMHB0O2xpbmUtaGVp
Z2h0OjE2LjBwdDttc28tbGlzdDpsMTIgbGV2ZWwxIGxmbzQiPg0KPCFbaWYgIXN1cHBvcnRMaXN0
c10+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6U3ltYm9sO2NvbG9y
OmJsYWNrIj48c3BhbiBzdHlsZT0ibXNvLWxpc3Q6SWdub3JlIj7CtzxzcGFuIHN0eWxlPSJmb250
OjcuMHB0ICZxdW90O1RpbWVzIE5ldyBSb21hbiZxdW90OyI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i
c3A7Jm5ic3A7Jm5ic3A7DQo8L3NwYW4+PC9zcGFuPjwvc3Bhbj48IVtlbmRpZl0+PHNwYW4gY2xh
c3M9Im02MDQzMzU3NjUyMzMxNzQwMzU2Z21haWwtYXV0aG9yLWEtZ3NiNjNhejcxejN6ODB6ZHo4
OXp6NzJ6ejY4eno3NXpxejg5eiI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTo5LjBwdDtmb250LWZh
bWlseTomcXVvdDtBcmlhbCZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9yOmJsYWNr
O2JhY2tncm91bmQ6I0UzRkZFQSI+Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAt
IEh1bTogU2hvdWxkIHdlIGF2b2lkIHRoZSBkZXZlbG9wbWVudA0KIG9mIG5ldyB0cmFuc3BvcnQg
bWVjaGFuaXNtcyAtIFllcyBpcyBsb3VkZXIgaW4gdGhlIHJvb208L3NwYW4+PC9zcGFuPjxzcGFu
IHN0eWxlPSJmb250LXNpemU6OS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7QXJpYWwmcXVvdDssJnF1
b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjpibGFjayI+PG86cD48L286cD48L3NwYW4+PC9wPg0K
PC9kaXY+DQo8ZGl2IGlkPSJtXzYwNDMzNTc2NTIzMzE3NDAzNTZnbWFpbC1tYWdpY2RvbWlkOTAi
Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9ImxpbmUtaGVpZ2h0OjE2LjBwdCI+PHNwYW4g
Y2xhc3M9Im02MDQzMzU3NjUyMzMxNzQwMzU2Z21haWwtYXV0aG9yLWEtZ3NiNjNhejcxejN6ODB6
ZHo4OXp6NzJ6ejY4eno3NXpxejg5eiI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTo5LjBwdDtmb250
LWZhbWlseTomcXVvdDtBcmlhbCZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9yOmJs
YWNrO2JhY2tncm91bmQ6I0UzRkZFQSI+Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNw
OyAtIFNob3VsZCB0aGUgY2hhcnRlcg0KIGhhdmUgdGV4dCB0byB0YWxrIGFib3V0IGNhcGFiaWxp
dGllczwvc3Bhbj48L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTo5LjBwdDtmb250LWZhbWls
eTomcXVvdDtBcmlhbCZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9yOmJsYWNrIj48
bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXYgaWQ9Im1fNjA0MzM1NzY1MjMzMTc0
MDM1NmdtYWlsLW1hZ2ljZG9taWQ5MSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFy
Z2luLWxlZnQ6MTguMHB0O3RleHQtaW5kZW50Oi0xOC4wcHQ7bGluZS1oZWlnaHQ6MTYuMHB0O21z
by1saXN0Omw1IGxldmVsMSBsZm81Ij4NCjwhW2lmICFzdXBwb3J0TGlzdHNdPjxzcGFuIHN0eWxl
PSJmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OlN5bWJvbDtjb2xvcjpibGFjayI+PHNwYW4g
c3R5bGU9Im1zby1saXN0Oklnbm9yZSI+wrc8c3BhbiBzdHlsZT0iZm9udDo3LjBwdCAmcXVvdDtU
aW1lcyBOZXcgUm9tYW4mcXVvdDsiPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw
Ow0KPC9zcGFuPjwvc3Bhbj48L3NwYW4+PCFbZW5kaWZdPjxzcGFuIGNsYXNzPSJtNjA0MzM1NzY1
MjMzMTc0MDM1NmdtYWlsLWF1dGhvci1hLWdzYjYzYXo3MXozejgwemR6ODl6ejcyeno2OHp6NzV6
cXo4OXoiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6OS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7QXJp
YWwmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjpibGFjaztiYWNrZ3JvdW5kOiNF
M0ZGRUEiPiZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgLSBIdW06IENoYXJ0ZXIg
bmVlZHMgdGV4dDwvc3Bhbj48L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTo5LjBwdDtmb250
LWZhbWlseTomcXVvdDtBcmlhbCZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9yOmJs
YWNrIj48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXYgaWQ9Im1fNjA0MzM1NzY1
MjMzMTc0MDM1NmdtYWlsLW1hZ2ljZG9taWQ5MiI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHls
ZT0ibWFyZ2luLWxlZnQ6MTguMHB0O3RleHQtaW5kZW50Oi0xOC4wcHQ7bGluZS1oZWlnaHQ6MTYu
MHB0O21zby1saXN0Omw5IGxldmVsMSBsZm82Ij4NCjwhW2lmICFzdXBwb3J0TGlzdHNdPjxzcGFu
IHN0eWxlPSJmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OlN5bWJvbDtjb2xvcjpibGFjayI+
PHNwYW4gc3R5bGU9Im1zby1saXN0Oklnbm9yZSI+wrc8c3BhbiBzdHlsZT0iZm9udDo3LjBwdCAm
cXVvdDtUaW1lcyBOZXcgUm9tYW4mcXVvdDsiPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw
OyZuYnNwOw0KPC9zcGFuPjwvc3Bhbj48L3NwYW4+PCFbZW5kaWZdPjxzcGFuIGNsYXNzPSJtNjA0
MzM1NzY1MjMzMTc0MDM1NmdtYWlsLWF1dGhvci1hLWdzYjYzYXo3MXozejgwemR6ODl6ejcyeno2
OHp6NzV6cXo4OXoiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6OS4wcHQ7Zm9udC1mYW1pbHk6JnF1
b3Q7QXJpYWwmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjpibGFjaztiYWNrZ3Jv
dW5kOiNFM0ZGRUEiPiZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDstIEh1bTogTGVh
dmUgb3V0IG9mIGNoYXJ0ZXIsIGJ1dCBhZGQNCiB0byBhcmNoaXRlY3R1cmU8L3NwYW4+PC9zcGFu
PjxzcGFuIHN0eWxlPSJmb250LXNpemU6OS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7QXJpYWwmcXVv
dDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjpibGFjayI+PG86cD48L286cD48L3NwYW4+
PC9wPg0KPC9kaXY+DQo8ZGl2IGlkPSJtXzYwNDMzNTc2NTIzMzE3NDAzNTZnbWFpbC1tYWdpY2Rv
bWlkOTMiPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9ImxpbmUtaGVpZ2h0OjE2LjBwdCI+
PHNwYW4gY2xhc3M9Im02MDQzMzU3NjUyMzMxNzQwMzU2Z21haWwtYXV0aG9yLWEtZ3NiNjNhejcx
ejN6ODB6ZHo4OXp6NzJ6ejY4eno3NXpxejg5eiI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTo5LjBw
dDtmb250LWZhbWlseTomcXVvdDtBcmlhbCZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2Nv
bG9yOmJsYWNrO2JhY2tncm91bmQ6I0UzRkZFQSI+Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7
ICZuYnNwOy0gU2hvdWxkIHRoZSBjaGFydGVyDQogcmVzdHJpY3QgdG8gb25lPC9zcGFuPjwvc3Bh
bj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjkuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0FyaWFsJnF1
b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6YmxhY2siPjxvOnA+PC9vOnA+PC9zcGFu
PjwvcD4NCjwvZGl2Pg0KPGRpdiBpZD0ibV82MDQzMzU3NjUyMzMxNzQwMzU2Z21haWwtbWFnaWNk
b21pZDk0Ij4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDoxOC4wcHQ7
dGV4dC1pbmRlbnQ6LTE4LjBwdDtsaW5lLWhlaWdodDoxNi4wcHQ7bXNvLWxpc3Q6bDQgbGV2ZWwx
IGxmbzciPg0KPCFbaWYgIXN1cHBvcnRMaXN0c10+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC4w
cHQ7Zm9udC1mYW1pbHk6U3ltYm9sO2NvbG9yOmJsYWNrIj48c3BhbiBzdHlsZT0ibXNvLWxpc3Q6
SWdub3JlIj7CtzxzcGFuIHN0eWxlPSJmb250OjcuMHB0ICZxdW90O1RpbWVzIE5ldyBSb21hbiZx
dW90OyI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7DQo8L3NwYW4+PC9zcGFu
Pjwvc3Bhbj48IVtlbmRpZl0+PHNwYW4gY2xhc3M9Im02MDQzMzU3NjUyMzMxNzQwMzU2Z21haWwt
YXV0aG9yLWEtZ3NiNjNhejcxejN6ODB6ZHo4OXp6NzJ6ejY4eno3NXpxejg5eiI+PHNwYW4gc3R5
bGU9ImZvbnQtc2l6ZTo5LjBwdDtmb250LWZhbWlseTomcXVvdDtBcmlhbCZxdW90OywmcXVvdDtz
YW5zLXNlcmlmJnF1b3Q7O2NvbG9yOmJsYWNrO2JhY2tncm91bmQ6I0UzRkZFQSI+Jm5ic3A7ICZu
YnNwOyAmbmJzcDsgJm5ic3A7IC0gSHVtOiBZZXM8L3NwYW4+PC9zcGFuPjxzcGFuIHN0eWxlPSJm
b250LXNpemU6OS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7QXJpYWwmcXVvdDssJnF1b3Q7c2Fucy1z
ZXJpZiZxdW90Oztjb2xvcjpibGFjayI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8
ZGl2IGlkPSJtXzYwNDMzNTc2NTIzMzE3NDAzNTZnbWFpbC1tYWdpY2RvbWlkOTUiPg0KPHAgY2xh
c3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjE4LjBwdDt0ZXh0LWluZGVudDotMTgu
MHB0O2xpbmUtaGVpZ2h0OjE2LjBwdDttc28tbGlzdDpsMiBsZXZlbDEgbGZvOCI+DQo8IVtpZiAh
c3VwcG9ydExpc3RzXT48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjBwdDtmb250LWZhbWlseTpT
eW1ib2w7Y29sb3I6YmxhY2siPjxzcGFuIHN0eWxlPSJtc28tbGlzdDpJZ25vcmUiPsK3PHNwYW4g
c3R5bGU9ImZvbnQ6Ny4wcHQgJnF1b3Q7VGltZXMgTmV3IFJvbWFuJnF1b3Q7Ij4mbmJzcDsmbmJz
cDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsNCjwvc3Bhbj48L3NwYW4+PC9zcGFuPjwhW2VuZGlm
XT48c3BhbiBjbGFzcz0ibTYwNDMzNTc2NTIzMzE3NDAzNTZnbWFpbC1hdXRob3ItYS1nc2I2M2F6
NzF6M3o4MHpkejg5eno3Mnp6Njh6ejc1enF6ODl6Ij48c3BhbiBzdHlsZT0iZm9udC1zaXplOjku
MHB0O2ZvbnQtZmFtaWx5OiZxdW90O0FyaWFsJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7
Y29sb3I6YmxhY2s7YmFja2dyb3VuZDojRTNGRkVBIj4mbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJz
cDstIEh1bTogTm8gLSBNdWNoIFN0cm9uZ2VyPC9zcGFuPjwvc3Bhbj48c3BhbiBzdHlsZT0iZm9u
dC1zaXplOjkuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0FyaWFsJnF1b3Q7LCZxdW90O3NhbnMtc2Vy
aWYmcXVvdDs7Y29sb3I6YmxhY2siPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRp
diBpZD0ibV82MDQzMzU3NjUyMzMxNzQwMzU2Z21haWwtbWFnaWNkb21pZDk2Ij4NCjxwIGNsYXNz
PSJNc29Ob3JtYWwiIHN0eWxlPSJsaW5lLWhlaWdodDoxNi4wcHQiPjxzcGFuIGNsYXNzPSJtNjA0
MzM1NzY1MjMzMTc0MDM1NmdtYWlsLWF1dGhvci1hLWdzYjYzYXo3MXozejgwemR6ODl6ejcyeno2
OHp6NzV6cXo4OXoiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6OS4wcHQ7Zm9udC1mYW1pbHk6JnF1
b3Q7QXJpYWwmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xvcjpibGFjaztiYWNrZ3Jv
dW5kOiNFM0ZGRUEiPiZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOy0gRG8gd2UgbmVlZCBhIGNo
YXJ0ZXINCiB0ZXh0IHVwZGF0ZSBvciBsZWF2ZSBpdCB0byBhIGRpc2N1c3Npb24gZm9yIGRpc2Nv
dmVyeTwvc3Bhbj48L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTo5LjBwdDtmb250LWZhbWls
eTomcXVvdDtBcmlhbCZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9yOmJsYWNrIj48
bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXYgaWQ9Im1fNjA0MzM1NzY1MjMzMTc0
MDM1NmdtYWlsLW1hZ2ljZG9taWQ5NyI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFy
Z2luLWxlZnQ6MTguMHB0O3RleHQtaW5kZW50Oi0xOC4wcHQ7bGluZS1oZWlnaHQ6MTYuMHB0O21z
by1saXN0OmwxMSBsZXZlbDEgbGZvOSI+DQo8IVtpZiAhc3VwcG9ydExpc3RzXT48c3BhbiBzdHls
ZT0iZm9udC1zaXplOjEwLjBwdDtmb250LWZhbWlseTpTeW1ib2w7Y29sb3I6YmxhY2siPjxzcGFu
IHN0eWxlPSJtc28tbGlzdDpJZ25vcmUiPsK3PHNwYW4gc3R5bGU9ImZvbnQ6Ny4wcHQgJnF1b3Q7
VGltZXMgTmV3IFJvbWFuJnF1b3Q7Ij4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz
cDsNCjwvc3Bhbj48L3NwYW4+PC9zcGFuPjwhW2VuZGlmXT48c3BhbiBjbGFzcz0ibTYwNDMzNTc2
NTIzMzE3NDAzNTZnbWFpbC1hdXRob3ItYS1nc2I2M2F6NzF6M3o4MHpkejg5eno3Mnp6Njh6ejc1
enF6ODl6Ij48c3BhbiBzdHlsZT0iZm9udC1zaXplOjkuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0Fy
aWFsJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6YmxhY2s7YmFja2dyb3VuZDoj
RTNGRkVBIj4mbmJzcDsgJm5ic3A7ICZuYnNwOy0gSHVtOiBTdHJvbmdlciBmb3IgbGVhdmluZyBp
dCB0byBkaXNjdXNzaW9uPC9zcGFuPjwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjkuMHB0
O2ZvbnQtZmFtaWx5OiZxdW90O0FyaWFsJnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29s
b3I6YmxhY2siPjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdiBpZD0ibV82MDQz
MzU3NjUyMzMxNzQwMzU2Z21haWwtbWFnaWNkb21pZDk4Ij4NCjxwIGNsYXNzPSJNc29Ob3JtYWwi
IHN0eWxlPSJsaW5lLWhlaWdodDoxNi4wcHQiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6OS4wcHQ7
Zm9udC1mYW1pbHk6JnF1b3Q7QXJpYWwmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztjb2xv
cjpibGFjayI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2IGlkPSJt
XzYwNDMzNTc2NTIzMzE3NDAzNTZnbWFpbC1tYWdpY2RvbWlkOTkiPg0KPHAgY2xhc3M9Ik1zb05v
cm1hbCIgc3R5bGU9ImxpbmUtaGVpZ2h0OjE2LjBwdCI+PHNwYW4gY2xhc3M9Im02MDQzMzU3NjUy
MzMxNzQwMzU2Z21haWwtYXV0aG9yLWEtZ3NiNjNhejcxejN6ODB6ZHo4OXp6NzJ6ejY4eno3NXpx
ejg5eiI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTo5LjBwdDtmb250LWZhbWlseTomcXVvdDtBcmlh
bCZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9yOmJsYWNrO2JhY2tncm91bmQ6I0Uz
RkZFQSI+Jm5ic3A7ICZuYnNwOyAmbmJzcDsgLSBDdWxsZW4gSmVubmluZ3MgdmlhDQogSmFiYmVy
IHRleHQgdG8gYWRkOiBUaGUgYXJjaGl0ZWN0dXJlIHNob3VsZCBwcm92aWRlIGEgd2F5IHRvIGRp
c2NvdmVyIHRoZSBmaXJtd2FyZSBzZXJ2ZXI8L3NwYW4+PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250
LXNpemU6OS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7QXJpYWwmcXVvdDssJnF1b3Q7c2Fucy1zZXJp
ZiZxdW90Oztjb2xvcjpibGFjayI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2
IGlkPSJtXzYwNDMzNTc2NTIzMzE3NDAzNTZnbWFpbC1tYWdpY2RvbWlkMTAwIj4NCjxwIGNsYXNz
PSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tbGVmdDoxOC4wcHQ7dGV4dC1pbmRlbnQ6LTE4LjBw
dDtsaW5lLWhlaWdodDoxNi4wcHQ7bXNvLWxpc3Q6bDEgbGV2ZWwxIGxmbzEwIj4NCjwhW2lmICFz
dXBwb3J0TGlzdHNdPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuMHB0O2ZvbnQtZmFtaWx5OlN5
bWJvbDtjb2xvcjpibGFjayI+PHNwYW4gc3R5bGU9Im1zby1saXN0Oklnbm9yZSI+wrc8c3BhbiBz
dHlsZT0iZm9udDo3LjBwdCAmcXVvdDtUaW1lcyBOZXcgUm9tYW4mcXVvdDsiPiZuYnNwOyZuYnNw
OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOw0KPC9zcGFuPjwvc3Bhbj48L3NwYW4+PCFbZW5kaWZd
PjxzcGFuIGNsYXNzPSJtNjA0MzM1NzY1MjMzMTc0MDM1NmdtYWlsLWF1dGhvci1hLWdzYjYzYXo3
MXozejgwemR6ODl6ejcyeno2OHp6NzV6cXo4OXoiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6OS4w
cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7QXJpYWwmcXVvdDssJnF1b3Q7c2Fucy1zZXJpZiZxdW90Oztj
b2xvcjpibGFjaztiYWNrZ3JvdW5kOiNFM0ZGRUEiPiZuYnNwOyAmbmJzcDsgJm5ic3A7LSBIdW06
ID8/Pzwvc3Bhbj48L3NwYW4+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTo5LjBwdDtmb250LWZhbWls
eTomcXVvdDtBcmlhbCZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9yOmJsYWNrIj48
bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXYgaWQ9Im1fNjA0MzM1NzY1MjMzMTc0
MDM1NmdtYWlsLW1hZ2ljZG9taWQxMDEiPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1h
cmdpbi1sZWZ0OjE4LjBwdDt0ZXh0LWluZGVudDotMTguMHB0O2xpbmUtaGVpZ2h0OjE2LjBwdDtt
c28tbGlzdDpsNiBsZXZlbDEgbGZvMTEiPg0KPCFbaWYgIXN1cHBvcnRMaXN0c10+PHNwYW4gc3R5
bGU9ImZvbnQtc2l6ZToxMC4wcHQ7Zm9udC1mYW1pbHk6U3ltYm9sO2NvbG9yOmJsYWNrIj48c3Bh
biBzdHlsZT0ibXNvLWxpc3Q6SWdub3JlIj7CtzxzcGFuIHN0eWxlPSJmb250OjcuMHB0ICZxdW90
O1RpbWVzIE5ldyBSb21hbiZxdW90OyI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i
c3A7DQo8L3NwYW4+PC9zcGFuPjwvc3Bhbj48IVtlbmRpZl0+PHNwYW4gc3R5bGU9ImZvbnQtc2l6
ZTo5LjBwdDtmb250LWZhbWlseTomcXVvdDtBcmlhbCZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1
b3Q7O2NvbG9yOmJsYWNrIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxk
aXYgaWQ9Im1fNjA0MzM1NzY1MjMzMTc0MDM1NmdtYWlsLW1hZ2ljZG9taWQxMDIiPg0KPHAgY2xh
c3M9Ik1zb05vcm1hbCIgc3R5bGU9ImxpbmUtaGVpZ2h0OjE2LjBwdCI+PHNwYW4gY2xhc3M9Im02
MDQzMzU3NjUyMzMxNzQwMzU2Z21haWwtYXV0aG9yLWEtZ3NiNjNhejcxejN6ODB6ZHo4OXp6NzJ6
ejY4eno3NXpxejg5eiI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTo5LjBwdDtmb250LWZhbWlseTom
cXVvdDtBcmlhbCZxdW90OywmcXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9yOmJsYWNrO2JhY2tn
cm91bmQ6I0UzRkZFQSI+Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7IC0gQUQgc2F5cyB3ZSBu
ZWVkIHRvDQogcHV0IHRoaXMgYmFjayBvbiB0aGUgbGlzdCBhZ2Fpbjwvc3Bhbj48L3NwYW4+PHNw
YW4gc3R5bGU9ImZvbnQtc2l6ZTo5LjBwdDtmb250LWZhbWlseTomcXVvdDtBcmlhbCZxdW90Oywm
cXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9yOmJsYWNrIj48bzpwPjwvbzpwPjwvc3Bhbj48L3A+
DQo8L2Rpdj4NCjxkaXYgaWQ9Im1fNjA0MzM1NzY1MjMzMTc0MDM1NmdtYWlsLW1hZ2ljZG9taWQx
MDIiPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9ImxpbmUtaGVpZ2h0OjE2LjBwdCI+PHNw
YW4gc3R5bGU9ImZvbnQtc2l6ZTo5LjBwdDtmb250LWZhbWlseTomcXVvdDtBcmlhbCZxdW90Oywm
cXVvdDtzYW5zLXNlcmlmJnF1b3Q7O2NvbG9yOmJsYWNrIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bh
bj48L3A+DQo8L2Rpdj4NCjxkaXYgaWQ9Im1fNjA0MzM1NzY1MjMzMTc0MDM1NmdtYWlsLW1hZ2lj
ZG9taWQxMDIiPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9ImxpbmUtaGVpZ2h0OjE2LjBw
dCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Zm9udC1mYW1pbHk6JnF1b3Q7U2Vnb2Ug
VUkgU2VtaWxpZ2h0JnF1b3Q7LCZxdW90O3NhbnMtc2VyaWYmcXVvdDs7Y29sb3I6IzM0MzUzNyI+
QXMgcmVxdWVzdGVkIGJ5IHRoZSBBRCAobGFzdCBidWxsZXQgcG9pbnQpLCB0aGUgY29uc2Vuc3Vz
IGNvbmZpcm1pbmcgZW1haWwgbmV2ZXIgbWFkZSB0byB0aGUgbGlzdC48L3NwYW4+PG86cD48L286
cD48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW4tdG9wOjIu
MjVwdDttaW4taGVpZ2h0OjE4cHQiPg0KPGRpdj4NCjxvbCBzdGFydD0iMiIgdHlwZT0iMSI+DQo8
bGkgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9ImNvbG9yOiMzNDM1Mzc7bXNvLW1hcmdpbi10b3At
YWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG87bGluZS1oZWlnaHQ6MTYuMHB0O21z
by1saXN0Omw4IGxldmVsMSBsZm8xMiI+DQo8c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVwdCI+
RnJvbSB0aGUgYWJvdmUgbm90ZXMgZXhjZXJwdCwgdGhlIGNoYW5nZXMgdGhhdCBoYWQgY29uc2Vu
c3VzIGluIG1lZXRpbmcgYXJlIG5vdCByZWZsZWN0ZWQgaW4gY2hhcnRlciZuYnNwOyZuYnNwOzxv
OnA+PC9vOnA+PC9zcGFuPjwvbGk+PC9vbD4NCjwvZGl2Pg0KPC9kaXY+DQo8ZGl2IHN0eWxlPSJt
YXJnaW4tdG9wOjIuMjVwdDttaW4taGVpZ2h0OjE4cHQiPg0KPGRpdj4NCjxvbCBzdGFydD0iMyIg
dHlwZT0iMSI+DQo8bGkgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9ImNvbG9yOiMzNDM1Mzc7bXNv
LW1hcmdpbi10b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG87bGluZS1oZWln
aHQ6MTYuMHB0O21zby1saXN0OmwxMyBsZXZlbDEgbGZvMTMiPg0KPHNwYW4gc3R5bGU9ImZvbnQt
c2l6ZToxMC41cHQiPk5vbmUgb2YgdGhpcyBoYXMgaGFzIGJlZW4gc2VudCB0byBsaXN0LiBOb3Qg
dGhlIG1pbnV0ZXMgZnJvbSB0aGUgbWVldGluZy4gTm90IHRoZSBjaGFydGVyLjxvOnA+PC9vOnA+
PC9zcGFuPjwvbGk+PC9vbD4NCjwvZGl2Pg0KPC9kaXY+DQo8ZGl2IHN0eWxlPSJtYXJnaW4tdG9w
OjIuMjVwdDttaW4taGVpZ2h0OjE4cHQiPg0KPGRpdj4NCjxvbCBzdGFydD0iNCIgdHlwZT0iMSI+
DQo8bGkgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9ImNvbG9yOiMzNDM1Mzc7bXNvLW1hcmdpbi10
b3AtYWx0OmF1dG87bXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG87bGluZS1oZWlnaHQ6MTYuMHB0
O21zby1saXN0OmwzIGxldmVsMSBsZm8xNCI+DQo8c3BhbiBzdHlsZT0iZm9udC1zaXplOjEwLjVw
dCI+UGVvcGxlIGhhdmUgbm90IGhhZCB0aW1lIHRvIHJldmlldyBvciBjb21tZW50IG9uIGl0PG86
cD48L286cD48L3NwYW4+PC9saT48L29sPg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0
eWxlPSJsaW5lLWhlaWdodDoxNi4wcHQiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTAuNXB0O2Nv
bG9yOiMzNDM1MzciPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4N
CjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJsaW5lLWhlaWdodDoxNi4wcHQiPjxzcGFuIHN0
eWxlPSJmb250LXNpemU6MTAuNXB0O2NvbG9yOiMzNDM1MzciPldoYXQgc2hvdWxkIGJlIHRoZSBw
bGFuIGZvcndhcmQgaW4gYWRkcmVzc2luZyB0aGUgY29uY2VybnMgaGVyZSA/PG86cD48L286cD48
L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Imxp
bmUtaGVpZ2h0OjE2LjBwdCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Y29sb3I6IzM0
MzUzNyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xh
c3M9Ik1zb05vcm1hbCIgc3R5bGU9ImxpbmUtaGVpZ2h0OjE2LjBwdCI+PHNwYW4gc3R5bGU9ImZv
bnQtc2l6ZToxMC41cHQ7Y29sb3I6IzM0MzUzNyI+VGhhbmtzPG86cD48L286cD48L3NwYW4+PC9w
Pg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9ImxpbmUtaGVpZ2h0
OjE2LjBwdCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQ7Y29sb3I6IzM0MzUzNyI+U3Vo
YXMgTmFuZGFrdW1hcjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNs
YXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJsaW5lLWhlaWdodDoxNi4wcHQiPjxzcGFuIHN0eWxlPSJm
b250LXNpemU6MTAuNXB0O2NvbG9yOiMzNDM1MzciPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwv
cD4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2
Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJz
cDs8L286cD48L3A+DQo8L2Rpdj4NCjwvZGl2Pg0KSU1QT1JUQU5UIE5PVElDRTogVGhlIGNvbnRl
bnRzIG9mIHRoaXMgZW1haWwgYW5kIGFueSBhdHRhY2htZW50cyBhcmUgY29uZmlkZW50aWFsIGFu
ZCBtYXkgYWxzbyBiZSBwcml2aWxlZ2VkLiBJZiB5b3UgYXJlIG5vdCB0aGUgaW50ZW5kZWQgcmVj
aXBpZW50LCBwbGVhc2Ugbm90aWZ5IHRoZSBzZW5kZXIgaW1tZWRpYXRlbHkgYW5kIGRvIG5vdCBk
aXNjbG9zZSB0aGUgY29udGVudHMgdG8gYW55IG90aGVyIHBlcnNvbiwgdXNlIGl0IGZvciBhbnkg
cHVycG9zZSwNCiBvciBzdG9yZSBvciBjb3B5IHRoZSBpbmZvcm1hdGlvbiBpbiBhbnkgbWVkaXVt
LiBUaGFuayB5b3UuDQo8L2JvZHk+DQo8L2h0bWw+DQo=

--_000_AM4PR0801MB2706337FD41759AD4D45E87FFA380AM4PR0801MB2706_--


From nobody Thu Nov 30 02:11:22 2017
Return-Path: <henk.birkholz@sit.fraunhofer.de>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D0DED1293D6 for <suit@ietfa.amsl.com>; Thu, 30 Nov 2017 02:11:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.218
X-Spam-Level: 
X-Spam-Status: No, score=-3.218 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_FONT_FACE_BAD=0.981, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iy92dZKQszYE for <suit@ietfa.amsl.com>; Thu, 30 Nov 2017 02:11:02 -0800 (PST)
Received: from mail-edgeKA27.fraunhofer.de (mail-edgeka27.fraunhofer.de [153.96.1.27]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C59D31292F4 for <suit@ietf.org>; Thu, 30 Nov 2017 02:10:32 -0800 (PST)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A2EfAgBp299Z/xoHYZleGQEBAQEBAQEBAQEBBwEBAQEBgm9uZG4nB4NzmVGBVCKIRY1qDoFBQwoigXeDIgKEP0AXAQIBAQEBAQEBA2gogmpGJzEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBDQIlGSwBAQEEI0sLDAQJAhEBAgECASAKAgIhKAYIBgENBYgxBIFRAxQFDI17nWeCJ4dAAwqDbwEBAQEBAQEBAQEBAQEBAQEBAQEBARgFgy2CB4FRgWorC4FADYEngl5UgSABEQIBCBYggnMvgjIFih6WajyBCIEmhTCIE4cNhXSDVYcziiGCID+IPgIEBgUCGQGBOSECNRRvC1MmXRIBgj6CEII9dQEBAQGKQgGBEAEBAQ
X-IPAS-Result: A2EfAgBp299Z/xoHYZleGQEBAQEBAQEBAQEBBwEBAQEBgm9uZG4nB4NzmVGBVCKIRY1qDoFBQwoigXeDIgKEP0AXAQIBAQEBAQEBA2gogmpGJzEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBDQIlGSwBAQEEI0sLDAQJAhEBAgECASAKAgIhKAYIBgENBYgxBIFRAxQFDI17nWeCJ4dAAwqDbwEBAQEBAQEBAQEBAQEBAQEBAQEBARgFgy2CB4FRgWorC4FADYEngl5UgSABEQIBCBYggnMvgjIFih6WajyBCIEmhTCIE4cNhXSDVYcziiGCID+IPgIEBgUCGQGBOSECNRRvC1MmXRIBgj6CEII9dQEBAQGKQgGBEAEBAQ
X-IronPort-AV: E=Sophos;i="5.43,368,1503352800"; d="scan'208,217";a="1627443"
Received: from mail-mtas26.fraunhofer.de ([153.97.7.26]) by mail-edgeKA27.fraunhofer.de with ESMTP/TLS/DHE-RSA-AES256-SHA; 30 Nov 2017 11:10:29 +0100
X-IronPort-AV: E=Sophos;i="5.45,341,1508796000"; d="scan'208,217";a="4721376"
X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown
Received: from mailext.sit.fraunhofer.de ([141.12.72.89]) by mail-mtaS26.fraunhofer.de with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 30 Nov 2017 11:10:28 +0100
Received: from mail.sit.fraunhofer.de (mail.sit.fraunhofer.de [141.12.84.171]) by mailext.sit.fraunhofer.de (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id vAUAARdo024607 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 30 Nov 2017 11:10:28 +0100
Received: from android-86100a6c0956de20.local (93.215.159.15) by mail.sit.fraunhofer.de (141.12.84.171) with Microsoft SMTP Server (TLS) id 14.3.361.1; Thu, 30 Nov 2017 11:10:21 +0100
Date: Thu, 30 Nov 2017 11:10:20 +0100
User-Agent: K-9 Mail for Android
In-Reply-To: <CAMRcRGTNmOWBzWU2Y6A11NAcivW0DGOszNzzomA4ho+_EY619Q@mail.gmail.com>
References: <CAMRcRGRnUr6rvxse+EbopY+=txkQZcBNS_-A1td_YRFWifqJyg@mail.gmail.com> <s7nkptckpnl1rxbia0cxm23y.1511999943689@email.android.com> <CAMRcRGTNmOWBzWU2Y6A11NAcivW0DGOszNzzomA4ho+_EY619Q@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----MV770T7Z73CGCX1PPT1ZSFC986KIWE"
Content-Transfer-Encoding: 7bit
To: <suit@ietf.org>, Suhas Nandakumar <suhasietf@gmail.com>, "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>
CC: "suit@ietf.org" <suit@ietf.org>
From: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
Message-ID: <1C4B75E7-3720-4321-9046-2F8C75710FC7@sit.fraunhofer.de>
X-Originating-IP: [93.215.159.15]
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/8WIltukx_fjOMOKvuYmVmUEME9g>
Subject: Re: [Suit] Concerns about Charter and Process Followed
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Nov 2017 10:11:13 -0000

------MV770T7Z73CGCX1PPT1ZSFC986KIWE
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

A happy, wholehearted, +1 with 100% support=2E

Viele Gr=C3=BC=C3=9Fe,

Henk

On November 30, 2017 1:53:38 AM GMT+01:00, Suhas Nandakumar <suhasietf@gma=
il=2Ecom> wrote:
>Thanks Dave for the response and considering the concerns=2E
>
>Also i was wondering, would it makes sense to have the charter on the
>github, so people can comment and generate pull requests if needed
>
>Thanks
>Suhas
>
>On Wed, Nov 29, 2017 at 3:59 PM, Waltermire, David A=2E (Fed) <
>david=2Ewaltermire@nist=2Egov> wrote:
>
>> Thank you for raising these concerns, I plan to spend time tomorrow
>> reviewing the meetecho recording from the BoF, reviewing the recent
>mailing
>> list discuaaion, the BoF notes (which I'll post), and the current
>charter=2E
>> Once the chairs have had a chance to review and discuss these
>materials we
>> will come back to the list with a plan to move forward=2E
>>
>> We want to make sure the charter reflects the consensus of the group
>and
>> addresses any concerns raised by the IESG=2E Please give us some time
>to make
>> sure this happens in a productive way forward=2E
>>
>> Thanks,
>> Dave
>>
>>
>> -------- Original Message --------
>> From: Suit <suit-bounces@ietf=2Eorg> on behalf of Suhas Nandakumar <
>> suhasietf@gmail=2Ecom>
>> Date: Wed, November 29, 2017 6:32 PM -0500
>> To: suit@ietf=2Eorg
>> Subject: [Suit] Concerns about Charter and Process Followed
>>
>> Hello Chairs
>>
>>   Having spent sometime to browse through different lists and
>attempting
>> to sharer concerns to ensure that the charter text and consensus
>match, i
>> thought will share few points for us to ponder upon=2E
>>
>> As a follow up from BOF,
>>
>>    1=2E minutes are not published to the data-tracker or the SUIT
>mailing
>>    list=2E I discovered the following notes from the etherpad instead (
>>    https://etherpad=2Etools=2Eietf=2Eorg/p/notes-ietf-100-suit
>>  =20
><https://na01=2Esafelinks=2Eprotection=2Eoutlook=2Ecom/?url=3Dhttps%3A%2F=
%2Fetherpad=2Etools=2Eietf=2Eorg%2Fp%2Fnotes-ietf-100-suit&data=3D02%7C01%7=
Cdavid=2Ewaltermire%40nist=2Egov%7Cf7e484ae40ac48d72b1308d537816346%7C2ab5d=
82fd8fa4797a93e054655c61dec%7C1%7C0%7C636475951228461640&sdata=3D%2BoqSVEWQ=
5%2BGnd45OKxgANL04jRfgbXipHxpowGQ0cUQ%3D&reserved=3D0>
>>    )
>>
>>           Co-Chairs summarize concerns with current Charter text
>>                - Use of RFC4108
>>
>>    -            - Hum on if we should remove 4108 - Stronger hum???
>>
>>
>>    -            - Hum on if we should leave 4108
>>
>>             - Should we constrain this to Class 1
>>           - Clarification on text revolving around transport
>mechanisms
>>
>>    -           - Hum: Should we avoid the development of new
>transport
>>    mechanisms - Yes is louder in the room
>>
>>           - Should the charter have text to talk about capabilities
>>
>>    -           - Hum: Charter needs text
>>
>>
>>    -          - Hum: Leave out of charter, but add to architecture
>>
>>          - Should the charter restrict to one
>>
>>    -         - Hum: Yes
>>
>>
>>    -        - Hum: No - Much Stronger
>>
>>        - Do we need a charter text update or leave it to a discussion
>for
>> discovery
>>
>>    -      - Hum: Stronger for leaving it to discussion
>>
>>
>>       - Cullen Jennings via Jabber text to add: The architecture
>should
>> provide a way to discover the firmware server
>>
>>    -      - Hum: ???
>>
>>
>>    -
>>
>>         - AD says we need to put this back on the list again
>>
>> As requested by the AD (last bullet point), the consensus confirming
>email
>> never made to the list=2E
>>
>>    1=2E From the above notes excerpt, the changes that had consensus in
>>    meeting are not reflected in charter
>>
>>
>>    1=2E None of this has has been sent to list=2E Not the minutes from
>the
>>    meeting=2E Not the charter=2E
>>
>>
>>    1=2E People have not had time to review or comment on it
>>
>>
>> What should be the plan forward in addressing the concerns here ?
>>
>> Thanks
>> Suhas Nandakumar
>>
>>

--=20
Sent from my Android device with K-9 Mail=2E Please excuse my brevity=2E
------MV770T7Z73CGCX1PPT1ZSFC986KIWE
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

<html><head></head><body>A happy, wholehearted, +1 with 100% support=2E<br>
<br>
Viele Gr=C3=BC=C3=9Fe,<br>
<br>
Henk<br><br><div class=3D"gmail_quote">On November 30, 2017 1:53:38 AM GMT=
+01:00, Suhas Nandakumar &lt;suhasietf@gmail=2Ecom&gt; wrote:<blockquote cl=
ass=3D"gmail_quote" style=3D"margin: 0pt 0pt 0pt 0=2E8ex; border-left: 1px =
solid rgb(204, 204, 204); padding-left: 1ex;">
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dutf-8" /=
><div dir=3D"ltr">Thanks Dave for the response and considering the concerns=
=2E&nbsp;<div><br /></div><div>Also i was wondering, would it makes sense t=
o have the charter on the github, so people can comment and generate pull r=
equests if needed<div><br /></div><div>Thanks</div><div>Suhas</div></div></=
div><div class=3D"gmail_extra"><br /><div class=3D"gmail_quote">On Wed, Nov=
 29, 2017 at 3:59 PM, Waltermire, David A=2E (Fed) <span dir=3D"ltr">&lt;<a=
 href=3D"mailto:david=2Ewaltermire@nist=2Egov" target=3D"_blank">david=2Ewa=
ltermire@nist=2Egov</a>&gt;</span> wrote:<br /><blockquote class=3D"gmail_q=
uote" style=3D"margin:0 0 0 =2E8ex;border-left:1px #ccc solid;padding-left:=
1ex">




<div>
Thank you for raising these concerns, I plan to spend time tomorrow review=
ing the meetecho recording from the BoF, reviewing the recent mailing list =
discuaaion, the BoF notes (which I'll post), and the current charter=2E Onc=
e the chairs have had a chance to review
 and discuss these materials we will come back to the list with a plan to =
move forward=2E<br />
<br />
We want to make sure the charter reflects the consensus of the group and a=
ddresses any concerns raised by the IESG=2E Please give us some time to mak=
e sure this happens in a productive way forward=2E<br />
<br />
Thanks,<br />
Dave<div><div class=3D"h5"><br />
<br />
-------- Original Message --------<br />
From: Suit &lt;<a href=3D"mailto:suit-bounces@ietf=2Eorg" target=3D"_blank=
">suit-bounces@ietf=2Eorg</a>&gt; on behalf of Suhas Nandakumar &lt;<a href=
=3D"mailto:suhasietf@gmail=2Ecom" target=3D"_blank">suhasietf@gmail=2Ecom</=
a>&gt;<br />
Date: Wed, November 29, 2017 6:32 PM -0500<br />
To: <a href=3D"mailto:suit@ietf=2Eorg" target=3D"_blank">suit@ietf=2Eorg</=
a><br />
Subject: [Suit] Concerns about Charter and Process Followed<br />
<br />
<div>
<div dir=3D"ltr">Hello Chairs
<div><br />
</div>
<div>&nbsp; Having spent sometime to browse through different lists and at=
tempting to sharer concerns to ensure that the charter text and consensus m=
atch, i thought will share few points for us to ponder upon=2E</div>
<div><br />
</div>
<div>As a follow up from BOF,</div>
<div>
<div class=3D"m_6043357652331740356gmail-sparkMessage m_604335765233174035=
6gmail-hasAction" style=3D"line-height:16pt;margin-bottom:0px;width:813px;m=
argin-top:3px;min-height:18pt">
<div class=3D"m_6043357652331740356gmail-msgContainer">
<ol style=3D"color:rgb(52,53,55);font-size:14px;padding-left:36pt">
<li>minutes are not published to the data-tracker or the SUIT mailing list=
=2E I discovered the following notes from the etherpad instead (<a href=3D"=
https://na01=2Esafelinks=2Eprotection=2Eoutlook=2Ecom/?url=3Dhttps%3A%2F%2F=
etherpad=2Etools=2Eietf=2Eorg%2Fp%2Fnotes-ietf-100-suit&amp;data=3D02%7C01%=
7Cdavid=2Ewaltermire%40nist=2Egov%7Cf7e484ae40ac48d72b1308d537816346%7C2ab5=
d82fd8fa4797a93e054655c61dec%7C1%7C0%7C636475951228461640&amp;sdata=3D%2Boq=
SVEWQ5%2BGnd45OKxgANL04jRfgbXipHxpowGQ0cUQ%3D&amp;reserved=3D0" target=3D"_=
blank">https://etherpad=2Etools=2Eietf=2E<wbr />org/p/notes-ietf-100-suit</=
a>)</li></ol>
<div style=3D"color:rgb(52,53,55);font-size:14px">&nbsp; &nbsp; &nbsp; &nb=
sp; &nbsp;&nbsp;<span style=3D"background-color:rgb(227,255,234);color:rgb(=
0,0,0);font-family:&quot;Helvetica Neue&quot;,Arial,sans-serif;font-size:12=
px">Co-Chairs summarize concerns with current Charter text</span></div>
<div id=3D"m_6043357652331740356gmail-magicdomid84" class=3D"m_60433576523=
31740356gmail-" style=3D"color:rgb(0,0,0);font-family:&quot;Helvetica Neue&=
quot;,Arial,sans-serif;font-size:12px;margin:0px;padding:0px">
<span class=3D"m_6043357652331740356gmail-author-a-gsb63az71z3z80zdz89zz72=
zz68zz75zqz89z" style=3D"margin:0px;padding:1px 0px;background-color:rgb(22=
7,255,234)">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;- Use of=
 RFC4108</span></div>
<div id=3D"m_6043357652331740356gmail-magicdomid85" class=3D"m_60433576523=
31740356gmail-" style=3D"color:rgb(0,0,0);font-family:&quot;Helvetica Neue&=
quot;,Arial,sans-serif;font-size:12px;margin:0px;padding:0px">
<ul class=3D"m_6043357652331740356gmail-list-indent1" style=3D"margin:0px =
0px 0px 1=2E5em;padding:0px;list-style-type:none">
<li style=3D"margin:0px;padding:0px"><span class=3D"m_6043357652331740356g=
mail-author-a-gsb63az71z3z80zdz89zz72zz68zz75zqz89z" style=3D"margin:0px;pa=
dding:1px 0px;background-color:rgb(227,255,234)">&nbsp; &nbsp; &nbsp; &nbsp=
; &nbsp; &nbsp;- Hum on if we should remove 4108 - Stronger hum???</span></=
li></ul>
</div>
<div id=3D"m_6043357652331740356gmail-magicdomid86" class=3D"m_60433576523=
31740356gmail-" style=3D"color:rgb(0,0,0);font-family:&quot;Helvetica Neue&=
quot;,Arial,sans-serif;font-size:12px;margin:0px;padding:0px">
<ul class=3D"m_6043357652331740356gmail-list-indent1" style=3D"margin:0px =
0px 0px 1=2E5em;padding:0px;list-style-type:none">
<li style=3D"margin:0px;padding:0px"><span class=3D"m_6043357652331740356g=
mail-author-a-gsb63az71z3z80zdz89zz72zz68zz75zqz89z" style=3D"margin:0px;pa=
dding:1px 0px;background-color:rgb(227,255,234)">&nbsp; &nbsp; &nbsp; &nbsp=
; &nbsp; &nbsp;- Hum on if we should leave 4108</span></li></ul>
</div>
<div id=3D"m_6043357652331740356gmail-magicdomid87" class=3D"m_60433576523=
31740356gmail-" style=3D"color:rgb(0,0,0);font-family:&quot;Helvetica Neue&=
quot;,Arial,sans-serif;font-size:12px;margin:0px;padding:0px">
<span class=3D"m_6043357652331740356gmail-author-a-gsb63az71z3z80zdz89zz72=
zz68zz75zqz89z" style=3D"margin:0px;padding:1px 0px;background-color:rgb(22=
7,255,234)">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; - Should we constrain=
 this to Class 1</span></div>
<div id=3D"m_6043357652331740356gmail-magicdomid88" class=3D"m_60433576523=
31740356gmail-" style=3D"color:rgb(0,0,0);font-family:&quot;Helvetica Neue&=
quot;,Arial,sans-serif;font-size:12px;margin:0px;padding:0px">
<span class=3D"m_6043357652331740356gmail-author-a-gsb63az71z3z80zdz89zz72=
zz68zz75zqz89z" style=3D"margin:0px;padding:1px 0px;background-color:rgb(22=
7,255,234)">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; - Clarification on text revo=
lving around transport mechanisms</span></div>
<div id=3D"m_6043357652331740356gmail-magicdomid89" class=3D"m_60433576523=
31740356gmail-" style=3D"color:rgb(0,0,0);font-family:&quot;Helvetica Neue&=
quot;,Arial,sans-serif;font-size:12px;margin:0px;padding:0px">
<ul class=3D"m_6043357652331740356gmail-list-indent1" style=3D"margin:0px =
0px 0px 1=2E5em;padding:0px;list-style-type:none">
<li style=3D"margin:0px;padding:0px"><span class=3D"m_6043357652331740356g=
mail-author-a-gsb63az71z3z80zdz89zz72zz68zz75zqz89z" style=3D"margin:0px;pa=
dding:1px 0px;background-color:rgb(227,255,234)">&nbsp; &nbsp; &nbsp; &nbsp=
; &nbsp; - Hum: Should we avoid the development of new transport mechanisms=
 - Yes
 is louder in the room</span></li></ul>
</div>
<div id=3D"m_6043357652331740356gmail-magicdomid90" class=3D"m_60433576523=
31740356gmail-" style=3D"color:rgb(0,0,0);font-family:&quot;Helvetica Neue&=
quot;,Arial,sans-serif;font-size:12px;margin:0px;padding:0px">
<span class=3D"m_6043357652331740356gmail-author-a-gsb63az71z3z80zdz89zz72=
zz68zz75zqz89z" style=3D"margin:0px;padding:1px 0px;background-color:rgb(22=
7,255,234)">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; - Should the charter have te=
xt to talk about capabilities</span></div>
<div id=3D"m_6043357652331740356gmail-magicdomid91" class=3D"m_60433576523=
31740356gmail-" style=3D"color:rgb(0,0,0);font-family:&quot;Helvetica Neue&=
quot;,Arial,sans-serif;font-size:12px;margin:0px;padding:0px">
<ul class=3D"m_6043357652331740356gmail-list-indent1" style=3D"margin:0px =
0px 0px 1=2E5em;padding:0px;list-style-type:none">
<li style=3D"margin:0px;padding:0px"><span class=3D"m_6043357652331740356g=
mail-author-a-gsb63az71z3z80zdz89zz72zz68zz75zqz89z" style=3D"margin:0px;pa=
dding:1px 0px;background-color:rgb(227,255,234)">&nbsp; &nbsp; &nbsp; &nbsp=
; &nbsp; - Hum: Charter needs text</span></li></ul>
</div>
<div id=3D"m_6043357652331740356gmail-magicdomid92" class=3D"m_60433576523=
31740356gmail-" style=3D"color:rgb(0,0,0);font-family:&quot;Helvetica Neue&=
quot;,Arial,sans-serif;font-size:12px;margin:0px;padding:0px">
<ul class=3D"m_6043357652331740356gmail-list-indent1" style=3D"margin:0px =
0px 0px 1=2E5em;padding:0px;list-style-type:none">
<li style=3D"margin:0px;padding:0px"><span class=3D"m_6043357652331740356g=
mail-author-a-gsb63az71z3z80zdz89zz72zz68zz75zqz89z" style=3D"margin:0px;pa=
dding:1px 0px;background-color:rgb(227,255,234)">&nbsp; &nbsp; &nbsp; &nbsp=
; &nbsp;- Hum: Leave out of charter, but add to architecture</span></li></u=
l>
</div>
<div id=3D"m_6043357652331740356gmail-magicdomid93" class=3D"m_60433576523=
31740356gmail-" style=3D"color:rgb(0,0,0);font-family:&quot;Helvetica Neue&=
quot;,Arial,sans-serif;font-size:12px;margin:0px;padding:0px">
<span class=3D"m_6043357652331740356gmail-author-a-gsb63az71z3z80zdz89zz72=
zz68zz75zqz89z" style=3D"margin:0px;padding:1px 0px;background-color:rgb(22=
7,255,234)">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;- Should the charter restrict=
 to one</span></div>
<div id=3D"m_6043357652331740356gmail-magicdomid94" class=3D"m_60433576523=
31740356gmail-" style=3D"color:rgb(0,0,0);font-family:&quot;Helvetica Neue&=
quot;,Arial,sans-serif;font-size:12px;margin:0px;padding:0px">
<ul class=3D"m_6043357652331740356gmail-list-indent1" style=3D"margin:0px =
0px 0px 1=2E5em;padding:0px;list-style-type:none">
<li style=3D"margin:0px;padding:0px"><span class=3D"m_6043357652331740356g=
mail-author-a-gsb63az71z3z80zdz89zz72zz68zz75zqz89z" style=3D"margin:0px;pa=
dding:1px 0px;background-color:rgb(227,255,234)">&nbsp; &nbsp; &nbsp; &nbsp=
; - Hum: Yes</span></li></ul>
</div>
<div id=3D"m_6043357652331740356gmail-magicdomid95" class=3D"m_60433576523=
31740356gmail-" style=3D"color:rgb(0,0,0);font-family:&quot;Helvetica Neue&=
quot;,Arial,sans-serif;font-size:12px;margin:0px;padding:0px">
<ul class=3D"m_6043357652331740356gmail-list-indent1" style=3D"margin:0px =
0px 0px 1=2E5em;padding:0px;list-style-type:none">
<li style=3D"margin:0px;padding:0px"><span class=3D"m_6043357652331740356g=
mail-author-a-gsb63az71z3z80zdz89zz72zz68zz75zqz89z" style=3D"margin:0px;pa=
dding:1px 0px;background-color:rgb(227,255,234)">&nbsp; &nbsp; &nbsp; &nbsp=
;- Hum: No - Much Stronger</span></li></ul>
</div>
<div id=3D"m_6043357652331740356gmail-magicdomid96" class=3D"m_60433576523=
31740356gmail-" style=3D"color:rgb(0,0,0);font-family:&quot;Helvetica Neue&=
quot;,Arial,sans-serif;font-size:12px;margin:0px;padding:0px">
<span class=3D"m_6043357652331740356gmail-author-a-gsb63az71z3z80zdz89zz72=
zz68zz75zqz89z" style=3D"margin:0px;padding:1px 0px;background-color:rgb(22=
7,255,234)">&nbsp; &nbsp; &nbsp; &nbsp;- Do we need a charter text update o=
r leave it to a discussion for discovery</span></div>
<div id=3D"m_6043357652331740356gmail-magicdomid97" class=3D"m_60433576523=
31740356gmail-" style=3D"color:rgb(0,0,0);font-family:&quot;Helvetica Neue&=
quot;,Arial,sans-serif;font-size:12px;margin:0px;padding:0px">
<ul class=3D"m_6043357652331740356gmail-list-indent1" style=3D"margin:0px =
0px 0px 1=2E5em;padding:0px;list-style-type:none">
<li style=3D"margin:0px;padding:0px"><span class=3D"m_6043357652331740356g=
mail-author-a-gsb63az71z3z80zdz89zz72zz68zz75zqz89z" style=3D"margin:0px;pa=
dding:1px 0px;background-color:rgb(227,255,234)">&nbsp; &nbsp; &nbsp;- Hum:=
 Stronger for leaving it to discussion</span></li></ul>
</div>
<div id=3D"m_6043357652331740356gmail-magicdomid98" class=3D"m_60433576523=
31740356gmail-" style=3D"color:rgb(0,0,0);font-family:&quot;Helvetica Neue&=
quot;,Arial,sans-serif;font-size:12px;margin:0px;padding:0px">
<br style=3D"margin:0px;padding:0px" />
</div>
<div id=3D"m_6043357652331740356gmail-magicdomid99" class=3D"m_60433576523=
31740356gmail-" style=3D"color:rgb(0,0,0);font-family:&quot;Helvetica Neue&=
quot;,Arial,sans-serif;font-size:12px;margin:0px;padding:0px">
<span class=3D"m_6043357652331740356gmail-author-a-gsb63az71z3z80zdz89zz72=
zz68zz75zqz89z" style=3D"margin:0px;padding:1px 0px;background-color:rgb(22=
7,255,234)">&nbsp; &nbsp; &nbsp; - Cullen Jennings via Jabber text to add: =
The architecture should provide a way to discover the firmware server</span=
></div>
<div id=3D"m_6043357652331740356gmail-magicdomid100" class=3D"m_6043357652=
331740356gmail-" style=3D"color:rgb(0,0,0);font-family:&quot;Helvetica Neue=
&quot;,Arial,sans-serif;font-size:12px;margin:0px;padding:0px">
<ul class=3D"m_6043357652331740356gmail-list-indent1" style=3D"margin:0px =
0px 0px 1=2E5em;padding:0px;list-style-type:none">
<li style=3D"margin:0px;padding:0px"><span class=3D"m_6043357652331740356g=
mail-author-a-gsb63az71z3z80zdz89zz72zz68zz75zqz89z" style=3D"margin:0px;pa=
dding:1px 0px;background-color:rgb(227,255,234)">&nbsp; &nbsp; &nbsp;- Hum:=
 ???</span></li></ul>
</div>
<div id=3D"m_6043357652331740356gmail-magicdomid101" class=3D"m_6043357652=
331740356gmail-" style=3D"color:rgb(0,0,0);font-family:&quot;Helvetica Neue=
&quot;,Arial,sans-serif;font-size:12px;margin:0px;padding:0px">
<ul class=3D"m_6043357652331740356gmail-list-indent1" style=3D"margin:0px =
0px 0px 1=2E5em;padding:0px;list-style-type:none">
<li style=3D"margin:0px;padding:0px"><br style=3D"margin:0px;padding:0px" =
/>
</li></ul>
</div>
<div id=3D"m_6043357652331740356gmail-magicdomid102" class=3D"m_6043357652=
331740356gmail-" style=3D"color:rgb(0,0,0);font-family:&quot;Helvetica Neue=
&quot;,Arial,sans-serif;font-size:12px;margin:0px;padding:0px">
<span class=3D"m_6043357652331740356gmail-author-a-gsb63az71z3z80zdz89zz72=
zz68zz75zqz89z" style=3D"margin:0px;padding:1px 0px;background-color:rgb(22=
7,255,234)">&nbsp; &nbsp; &nbsp; &nbsp; - AD says we need to put this back =
on the list again</span></div>
<div id=3D"m_6043357652331740356gmail-magicdomid102" class=3D"m_6043357652=
331740356gmail-" style=3D"color:rgb(0,0,0);font-family:&quot;Helvetica Neue=
&quot;,Arial,sans-serif;font-size:12px;margin:0px;padding:0px">
<br />
</div>
<div id=3D"m_6043357652331740356gmail-magicdomid102" class=3D"m_6043357652=
331740356gmail-" style=3D"margin:0px;padding:0px"><font color=3D"#343537" f=
ace=3D"-apple-system, Segoe UI Semilight, sans-serif"><span style=3D"font-s=
ize:14px">As requested by the AD (last bullet point), the consensus confirm=
ing email never
 made to the list=2E</span></font></div>
</div>
<div class=3D"m_6043357652331740356gmail-actionContainer" style=3D"color:r=
gb(52,53,55);font-size:14px;width:68px;max-height:18pt;overflow-y:visible;m=
argin:0px;padding:0px">
<span class=3D"m_6043357652331740356gmail-sparkTTHolder m_6043357652331740=
356gmail-sparkTT-small" style=3D"margin:0px;padding:0px;border:0px;display:=
inline-block"></span></div>
</div>
<div class=3D"m_6043357652331740356gmail-sparkMessage m_604335765233174035=
6gmail-hasAction" style=3D"line-height:16pt;color:rgb(52,53,55);margin-bott=
om:0px;width:813px;margin-top:3px;min-height:18pt;font-size:14px">
<div class=3D"m_6043357652331740356gmail-msgContainer">
<ol start=3D"2" style=3D"padding-left:36pt">
<li>From the above notes excerpt, the changes that had consensus in meetin=
g are not reflected in charter&nbsp;&nbsp;</li></ol>
</div>
<div class=3D"m_6043357652331740356gmail-actionContainer" style=3D"width:6=
8px;max-height:18pt;overflow-y:visible;margin:0px;padding:0px">
<span class=3D"m_6043357652331740356gmail-sparkTTHolder m_6043357652331740=
356gmail-sparkTT-small" style=3D"margin:0px;padding:0px;border:0px;display:=
inline-block"></span></div>
</div>
<div class=3D"m_6043357652331740356gmail-sparkMessage m_604335765233174035=
6gmail-hasAction" style=3D"line-height:16pt;color:rgb(52,53,55);margin-bott=
om:0px;width:813px;margin-top:3px;min-height:18pt;font-size:14px">
<div class=3D"m_6043357652331740356gmail-msgContainer">
<ol start=3D"3" style=3D"padding-left:36pt">
<li>None of this has has been sent to list=2E Not the minutes from the mee=
ting=2E Not the charter=2E</li></ol>
</div>
<div class=3D"m_6043357652331740356gmail-actionContainer" style=3D"width:6=
8px;max-height:18pt;overflow-y:visible;margin:0px;padding:0px">
<span class=3D"m_6043357652331740356gmail-sparkTTHolder m_6043357652331740=
356gmail-sparkTT-small" style=3D"margin:0px;padding:0px;border:0px;display:=
inline-block"></span></div>
</div>
<div class=3D"m_6043357652331740356gmail-sparkMessage m_604335765233174035=
6gmail-hasAction" style=3D"line-height:16pt;color:rgb(52,53,55);margin-bott=
om:0px;width:813px;margin-top:3px;min-height:18pt;font-size:14px">
<div class=3D"m_6043357652331740356gmail-msgContainer">
<ol start=3D"4" style=3D"padding-left:36pt">
<li>People have not had time to review or comment on it</li></ol>
<div><br />
</div>
<div>What should be the plan forward in addressing the concerns here ?</di=
v>
<div><br />
</div>
<div>Thanks</div>
<div>Suhas Nandakumar</div>
<div><br />
</div>
</div>
</div>
</div>
</div>
</div>
</div></div></div>

</blockquote></div><br /></div>
</blockquote></div><br>
-- <br>
Sent from my Android device with K-9 Mail=2E Please excuse my brevity=2E</=
body></html>
------MV770T7Z73CGCX1PPT1ZSFC986KIWE--


From nobody Thu Nov 30 06:39:46 2017
Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB3A312948D for <suit@ietfa.amsl.com>; Thu, 30 Nov 2017 06:39:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level: 
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m9zP9CDELdUu for <suit@ietfa.amsl.com>; Thu, 30 Nov 2017 06:39:42 -0800 (PST)
Received: from mail-pl0-x235.google.com (mail-pl0-x235.google.com [IPv6:2607:f8b0:400e:c01::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B8A5E129486 for <suit@ietf.org>; Thu, 30 Nov 2017 06:39:42 -0800 (PST)
Received: by mail-pl0-x235.google.com with SMTP id x4so4364596plv.10 for <suit@ietf.org>; Thu, 30 Nov 2017 06:39:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;  h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=JEH2aazrDcwzOw5lmTGh3cvHm8kTGRXTBhC01ZBOu6Q=; b=bPS06CkQ0d+YnxP2e7Iroj1Y11p4/i7/gxHzXkB4PVdkN9A5vqujHzwhaY0oLTBbLn ciflBCxasgzguSMSLu3zBhhkeWYsog70ZVNNyW6pISU9evGWe6YUXIIGma8s9MyRDzZZ mminRdCLRmonzDGhfRMoEEJV16ykFxYGTKVnFKjKRRd7sZmlmoeoaMBzgAZ3Levii7YV t2+CsF6+jeYQ2/rsWjtLo0kUrSInSWEvl9CZV9gZFdlJdU3H/b/0W6Zz4gPP2+D5e4qq Q0MN1qNTNMG3ICOtiiu3U0MVk4Pdg/UgjawH5Pm6RTgXZ5CXNuG1XoYM/d9Sj8h/tk6h RuZg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=JEH2aazrDcwzOw5lmTGh3cvHm8kTGRXTBhC01ZBOu6Q=; b=ot+icc9P6l3+FfGAvdp6QhwTpHpqxXsfxWDAyndxthLBTE2RZN3QskNoosqpg22s73 FmtbXhFEqL7r20rURPMh2tIlo2hOmRseJ+WK2Vfe9TsakYV07KDVVT2yRWCV+7eq7+QX tDlaIQ5QAPKg9MNVPqA4yPv6PSe1hQg8hmGtQ36CrnovC2Qw8huklqjfIM0XzsE6+kOI 1vvPpsYtEJ+flMJRZjtmapQ+gh5PPskFlUwiW7MGwDWfZqydkNgAvE+E2DhsUg4Tz8Vj yCU5pTNl0j/ujJsDVi59WfZUmZRwDnKgEYIyYcuBxL0R8WVHCKB7eQBHskZmISEAuYuT VzJQ==
X-Gm-Message-State: AJaThX4ZlqMh1HE4NyHIHjQmrIauGqnYYkCewlEf/uGpofPn5lfs2cHJ wHXCoYA22jt2Xq5hWdb2buTtp8E0VfBjZgbYAJg=
X-Google-Smtp-Source: AGs4zMbpZQlQYJ2vj6FVhXfUmG3t8jatsLx3qTHkRpaz2tk2/NjVrUN4cCwtwEJJ9Ixb3OaylbG3o8H8lnngRmpqnq8=
X-Received: by 10.84.242.9 with SMTP id ba9mr2812210plb.305.1512052782351; Thu, 30 Nov 2017 06:39:42 -0800 (PST)
MIME-Version: 1.0
Received: by 10.100.186.208 with HTTP; Thu, 30 Nov 2017 06:39:01 -0800 (PST)
In-Reply-To: <AM4PR0801MB2706337FD41759AD4D45E87FFA380@AM4PR0801MB2706.eurprd08.prod.outlook.com>
References: <AM4PR0801MB2706337FD41759AD4D45E87FFA380@AM4PR0801MB2706.eurprd08.prod.outlook.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: Thu, 30 Nov 2017 09:39:01 -0500
Message-ID: <CAHbuEH6GzSALDUE1_47tmSY4cyhvHFZkkpdy7jLG=az1S8stfw@mail.gmail.com>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
Cc: Suhas Nandakumar <suhasietf@gmail.com>,  "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>, "suit@ietf.org" <suit@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/EmJXL2AW1B0UJbAsvQERXOFuhbY>
Subject: Re: [Suit] Github? RE: Concerns about Charter and Process Followed
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Nov 2017 14:39:45 -0000

Hello all,

On Thu, Nov 30, 2017 at 4:55 AM, Hannes Tschofenig
<Hannes.Tschofenig@arm.com> wrote:
> Hi Suhas,
>
>
>
> Sometimes tools are not the solution to the problem. The IESG should make
> these small clarifications needed to get the charter finalized.


I agree that tools are not the answer here.  The chairs will be
following up on list to the discussions over the past few days.  The
updated text will be discussed and moved to a future telechat (very
soon, likely in 2 weeks) for review.  As the sponsoring AD, I will
continue to follow the discussions and ensure points have been
considered.  The charter has changed mostly to move decisions out of
the charter and to the WG, so I think we'll be able to wrap this up
soon and get started on the work.

Thank you,
Kathleen

>
>
>
> Ciao
>
> Hannes
>
>
>
>
>
> From: Suit [mailto:suit-bounces@ietf.org] On Behalf Of Suhas Nandakumar
> Sent: 30 November 2017 01:54
> To: Waltermire, David A. (Fed)
> Cc: suit@ietf.org
> Subject: Re: [Suit] Concerns about Charter and Process Followed
>
>
>
> Thanks Dave for the response and considering the concerns.
>
>
>
> Also i was wondering, would it makes sense to have the charter on the
> github, so people can comment and generate pull requests if needed
>
>
>
> Thanks
>
> Suhas
>
>
>
> On Wed, Nov 29, 2017 at 3:59 PM, Waltermire, David A. (Fed)
> <david.waltermire@nist.gov> wrote:
>
> Thank you for raising these concerns, I plan to spend time tomorrow
> reviewing the meetecho recording from the BoF, reviewing the recent maili=
ng
> list discuaaion, the BoF notes (which I'll post), and the current charter=
.
> Once the chairs have had a chance to review and discuss these materials w=
e
> will come back to the list with a plan to move forward.
>
> We want to make sure the charter reflects the consensus of the group and
> addresses any concerns raised by the IESG. Please give us some time to ma=
ke
> sure this happens in a productive way forward.
>
> Thanks,
> Dave
>
>
>
> -------- Original Message --------
> From: Suit <suit-bounces@ietf.org> on behalf of Suhas Nandakumar
> <suhasietf@gmail.com>
> Date: Wed, November 29, 2017 6:32 PM -0500
> To: suit@ietf.org
> Subject: [Suit] Concerns about Charter and Process Followed
>
> Hello Chairs
>
>
>
>   Having spent sometime to browse through different lists and attempting =
to
> sharer concerns to ensure that the charter text and consensus match, i
> thought will share few points for us to ponder upon.
>
>
>
> As a follow up from BOF,
>
> minutes are not published to the data-tracker or the SUIT mailing list. I
> discovered the following notes from the etherpad instead
> (https://etherpad.tools.ietf.org/p/notes-ietf-100-suit)
>
>           Co-Chairs summarize concerns with current Charter text
>
>                - Use of RFC4108
>
> =C2=B7                  - Hum on if we should remove 4108 - Stronger hum?=
??
>
> =C2=B7                  - Hum on if we should leave 4108
>
>             - Should we constrain this to Class 1
>
>           - Clarification on text revolving around transport mechanisms
>
> =C2=B7                 - Hum: Should we avoid the development of new tran=
sport
> mechanisms - Yes is louder in the room
>
>           - Should the charter have text to talk about capabilities
>
> =C2=B7                 - Hum: Charter needs text
>
> =C2=B7                - Hum: Leave out of charter, but add to architectur=
e
>
>          - Should the charter restrict to one
>
> =C2=B7               - Hum: Yes
>
> =C2=B7              - Hum: No - Much Stronger
>
>        - Do we need a charter text update or leave it to a discussion for
> discovery
>
> =C2=B7            - Hum: Stronger for leaving it to discussion
>
>
>
>       - Cullen Jennings via Jabber text to add: The architecture should
> provide a way to discover the firmware server
>
> =C2=B7            - Hum: ???
>
> =C2=B7
>
>         - AD says we need to put this back on the list again
>
>
>
> As requested by the AD (last bullet point), the consensus confirming emai=
l
> never made to the list.
>
> From the above notes excerpt, the changes that had consensus in meeting a=
re
> not reflected in charter
>
> None of this has has been sent to list. Not the minutes from the meeting.
> Not the charter.
>
> People have not had time to review or comment on it
>
>
>
> What should be the plan forward in addressing the concerns here ?
>
>
>
> Thanks
>
> Suhas Nandakumar
>
>
>
>
>
> IMPORTANT NOTICE: The contents of this email and any attachments are
> confidential and may also be privileged. If you are not the intended
> recipient, please notify the sender immediately and do not disclose the
> contents to any other person, use it for any purpose, or store or copy th=
e
> information in any medium. Thank you.
>
> _______________________________________________
> Suit mailing list
> Suit@ietf.org
> https://www.ietf.org/mailman/listinfo/suit
>



--=20

Best regards,
Kathleen


From nobody Thu Nov 30 07:16:38 2017
Return-Path: <henk.birkholz@sit.fraunhofer.de>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 42EFA1288A9 for <suit@ietfa.amsl.com>; Thu, 30 Nov 2017 07:16:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yyYbBsLtDYC6 for <suit@ietfa.amsl.com>; Thu, 30 Nov 2017 07:16:33 -0800 (PST)
Received: from mail-edgeKA24.fraunhofer.de (mail-edgeka24.fraunhofer.de [153.96.1.24]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2DC8D120724 for <suit@ietf.org>; Thu, 30 Nov 2017 07:16:31 -0800 (PST)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A2FnAQCh299Z/xoHYZleGwEBAQMBAQEJAQEBg11kbicHg3OKH48ygUsriEWNag6CBAoYC4UYAoQ/PxgBAgEBAQEBAQEDaChCDoIaRiwBAQEBAQEmAQEBAQEBIwI+LAEBAQMBAQEbBg8BBTYCFQQJAhEBAgEBAQECAiMDAgIhBh8BAgYIBg0GAgEBF4lrAw0HAQQMjXqdZ4Inh0ANg28BAQEBAQEBAwEBAQEBAQEBAQEZBYEOgh+CB4FRgWorgViBJ4JegXQBEgEJQoJngmEFoQg8gQiBJoUwh0NQhw0bhVmDVQWHLoohgl+IPgIEBgUCGQGBOR85gQMLUyZdhx51AYVAg2GBJAGBEAEBAQ
X-IPAS-Result: A2FnAQCh299Z/xoHYZleGwEBAQMBAQEJAQEBg11kbicHg3OKH48ygUsriEWNag6CBAoYC4UYAoQ/PxgBAgEBAQEBAQEDaChCDoIaRiwBAQEBAQEmAQEBAQEBIwI+LAEBAQMBAQEbBg8BBTYCFQQJAhEBAgEBAQECAiMDAgIhBh8BAgYIBg0GAgEBF4lrAw0HAQQMjXqdZ4Inh0ANg28BAQEBAQEBAwEBAQEBAQEBAQEZBYEOgh+CB4FRgWorgViBJ4JegXQBEgEJQoJngmEFoQg8gQiBJoUwh0NQhw0bhVmDVQWHLoohgl+IPgIEBgUCGQGBOR85gQMLUyZdhx51AYVAg2GBJAGBEAEBAQ
X-IronPort-AV: E=Sophos;i="5.43,368,1503352800";  d="scan'208";a="1675700"
Received: from mail-mtas26.fraunhofer.de ([153.97.7.26]) by mail-edgeKA24.fraunhofer.de with ESMTP/TLS/DHE-RSA-AES256-SHA; 30 Nov 2017 16:16:28 +0100
X-IronPort-AV: E=Sophos;i="5.45,341,1508796000";  d="scan'208";a="4795679"
X-IronPort-Outbreak-Status: No, level 0, Unknown - Unknown
Received: from mailext.sit.fraunhofer.de ([141.12.72.89]) by mail-mtaS26.fraunhofer.de with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 30 Nov 2017 16:16:23 +0100
Received: from mail.sit.fraunhofer.de (mail.sit.fraunhofer.de [141.12.84.171]) by mailext.sit.fraunhofer.de (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id vAUFGMhq017442 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <suit@ietf.org>; Thu, 30 Nov 2017 16:16:23 +0100
Received: from [134.102.167.95] (134.102.167.95) by mail.sit.fraunhofer.de (141.12.84.171) with Microsoft SMTP Server (TLS) id 14.3.361.1; Thu, 30 Nov 2017 16:16:17 +0100
To: <suit@ietf.org>
References: <AM4PR0801MB2706337FD41759AD4D45E87FFA380@AM4PR0801MB2706.eurprd08.prod.outlook.com> <CAHbuEH6GzSALDUE1_47tmSY4cyhvHFZkkpdy7jLG=az1S8stfw@mail.gmail.com>
From: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
Message-ID: <89a707e4-8f3a-2a28-8dd3-16f539c9af05@sit.fraunhofer.de>
Date: Thu, 30 Nov 2017 16:16:16 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <CAHbuEH6GzSALDUE1_47tmSY4cyhvHFZkkpdy7jLG=az1S8stfw@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Originating-IP: [134.102.167.95]
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/wLBnpE9eOtuktyOsWB87OotPx3k>
Subject: Re: [Suit] Github? RE: Concerns about Charter and Process Followed
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Nov 2017 15:16:37 -0000

Hello all,

if the visibility problem of current state/version of charter and its 
review, open AI that require call for consensus on the list, and update 
proposals to the charter can be improved as is, I would agree that this 
is not a "tool question".

I would like to highlight an example I kept tracking:

On 11/23/2017 11:22 AM, Hannes Tschofenig wrote:
> If the BOF chairs feel that the RFC 4108 reference upsets readers too much then I will not fight for it.

This seemed to be one of the hot topics. There were suggestions on the 
lists including ballot positions and to quote Dave on removing RFC 4108 
content from charter:

On 11/29/2017 08:29 PM, Dave Thaler wrote:
> The consensus at the BoF was, from my recollection anyway, indeed to do so for RFC 4108.

Alas, it still feels like this is an open topic still. And I think 
Hannes saw that one coming:

On 11/23/2017 11:48 AM, Hannes Tschofenig wrote:
> Let us finish the charter and start the real work.

And I am totally with him :)


Viele Grüße,

Henk



On 11/30/2017 03:39 PM, Kathleen Moriarty wrote:
> Hello all,
> 
> On Thu, Nov 30, 2017 at 4:55 AM, Hannes Tschofenig
> <Hannes.Tschofenig@arm.com> wrote:
>> Hi Suhas,
>>
>>
>>
>> Sometimes tools are not the solution to the problem. The IESG should make
>> these small clarifications needed to get the charter finalized.
> 
> 
> I agree that tools are not the answer here.  The chairs will be
> following up on list to the discussions over the past few days.  The
> updated text will be discussed and moved to a future telechat (very
> soon, likely in 2 weeks) for review.  As the sponsoring AD, I will
> continue to follow the discussions and ensure points have been
> considered.  The charter has changed mostly to move decisions out of
> the charter and to the WG, so I think we'll be able to wrap this up
> soon and get started on the work.
> 
> Thank you,
> Kathleen
> 
>>
>>
>>
>> Ciao
>>
>> Hannes
>>
>>
>>
>>
>>
>> From: Suit [mailto:suit-bounces@ietf.org] On Behalf Of Suhas Nandakumar
>> Sent: 30 November 2017 01:54
>> To: Waltermire, David A. (Fed)
>> Cc: suit@ietf.org
>> Subject: Re: [Suit] Concerns about Charter and Process Followed
>>
>>
>>
>> Thanks Dave for the response and considering the concerns.
>>
>>
>>
>> Also i was wondering, would it makes sense to have the charter on the
>> github, so people can comment and generate pull requests if needed
>>
>>
>>
>> Thanks
>>
>> Suhas
>>
>>
>>
>> On Wed, Nov 29, 2017 at 3:59 PM, Waltermire, David A. (Fed)
>> <david.waltermire@nist.gov> wrote:
>>
>> Thank you for raising these concerns, I plan to spend time tomorrow
>> reviewing the meetecho recording from the BoF, reviewing the recent mailing
>> list discuaaion, the BoF notes (which I'll post), and the current charter.
>> Once the chairs have had a chance to review and discuss these materials we
>> will come back to the list with a plan to move forward.
>>
>> We want to make sure the charter reflects the consensus of the group and
>> addresses any concerns raised by the IESG. Please give us some time to make
>> sure this happens in a productive way forward.
>>
>> Thanks,
>> Dave
>>
>>
>>
>> -------- Original Message --------
>> From: Suit <suit-bounces@ietf.org> on behalf of Suhas Nandakumar
>> <suhasietf@gmail.com>
>> Date: Wed, November 29, 2017 6:32 PM -0500
>> To: suit@ietf.org
>> Subject: [Suit] Concerns about Charter and Process Followed
>>
>> Hello Chairs
>>
>>
>>
>>    Having spent sometime to browse through different lists and attempting to
>> sharer concerns to ensure that the charter text and consensus match, i
>> thought will share few points for us to ponder upon.
>>
>>
>>
>> As a follow up from BOF,
>>
>> minutes are not published to the data-tracker or the SUIT mailing list. I
>> discovered the following notes from the etherpad instead
>> (https://etherpad.tools.ietf.org/p/notes-ietf-100-suit)
>>
>>            Co-Chairs summarize concerns with current Charter text
>>
>>                 - Use of RFC4108
>>
>> ·                  - Hum on if we should remove 4108 - Stronger hum???
>>
>> ·                  - Hum on if we should leave 4108
>>
>>              - Should we constrain this to Class 1
>>
>>            - Clarification on text revolving around transport mechanisms
>>
>> ·                 - Hum: Should we avoid the development of new transport
>> mechanisms - Yes is louder in the room
>>
>>            - Should the charter have text to talk about capabilities
>>
>> ·                 - Hum: Charter needs text
>>
>> ·                - Hum: Leave out of charter, but add to architecture
>>
>>           - Should the charter restrict to one
>>
>> ·               - Hum: Yes
>>
>> ·              - Hum: No - Much Stronger
>>
>>         - Do we need a charter text update or leave it to a discussion for
>> discovery
>>
>> ·            - Hum: Stronger for leaving it to discussion
>>
>>
>>
>>        - Cullen Jennings via Jabber text to add: The architecture should
>> provide a way to discover the firmware server
>>
>> ·            - Hum: ???
>>
>> ·
>>
>>          - AD says we need to put this back on the list again
>>
>>
>>
>> As requested by the AD (last bullet point), the consensus confirming email
>> never made to the list.
>>
>>  From the above notes excerpt, the changes that had consensus in meeting are
>> not reflected in charter
>>
>> None of this has has been sent to list. Not the minutes from the meeting.
>> Not the charter.
>>
>> People have not had time to review or comment on it
>>
>>
>>
>> What should be the plan forward in addressing the concerns here ?
>>
>>
>>
>> Thanks
>>
>> Suhas Nandakumar
>>
>>
>>
>>
>>
>> IMPORTANT NOTICE: The contents of this email and any attachments are
>> confidential and may also be privileged. If you are not the intended
>> recipient, please notify the sender immediately and do not disclose the
>> contents to any other person, use it for any purpose, or store or copy the
>> information in any medium. Thank you.
>>
>> _______________________________________________
>> Suit mailing list
>> Suit@ietf.org
>> https://www.ietf.org/mailman/listinfo/suit
>>
> 
> 
> 


From nobody Thu Nov 30 08:50:14 2017
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A46A912714F; Thu, 30 Nov 2017 08:50:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M3ks_G7DJUJ3; Thu, 30 Nov 2017 08:50:05 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 68DF51200FC; Thu, 30 Nov 2017 08:50:05 -0800 (PST)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 8393F20008; Thu, 30 Nov 2017 11:52:38 -0500 (EST)
Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 9754380683; Thu, 30 Nov 2017 11:50:04 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
cc: Alissa Cooper <alissa@cooperw.in>, The IESG <iesg@ietf.org>, "suit-chairs\@ietf.org" <suit-chairs@ietf.org>, "suit\@ietf.org" <suit@ietf.org>
In-Reply-To: <AM4PR0801MB2706FD546EAA1343872C431FFA380@AM4PR0801MB2706.eurprd08.prod.outlook.com>
References: <151198331193.7984.4323886922842709646.idtracker@ietfa.amsl.com> <AM4PR0801MB2706FD546EAA1343872C431FFA380@AM4PR0801MB2706.eurprd08.prod.outlook.com>
X-Mailer: MH-E 8.6; nmh 1.7-RC3; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature"
Date: Thu, 30 Nov 2017 11:50:04 -0500
Message-ID: <28409.1512060604@obiwan.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/95FFkXo-NH5YpVsRC-4CyItAtKA>
Subject: Re: [Suit] Alissa Cooper's Block on charter-ietf-suit-00-08: (with BLOCK and COMMENT)
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Nov 2017 16:50:07 -0000

--=-=-=
Content-Type: text/plain


Hannes Tschofenig <Hannes.Tschofenig@arm.com> wrote:
    > I understand that you all want to have this charter to be as precise as
    > possible. But, based on earlier discussions, we wanted to postpone some
    > decisions to a later phase when those have been investigated in the
    > group. For this reason I believe it is not possible to say how many
    > formats we want to standardize other than stating the intention that
    > the number ideally be small. The same is true for the actual data
    > model/serialization format. Needless to say that different formats have
    > different properties and offer more or less flexibility regarding the
    > serialization format. Everyone seems to have a different preference for
    > a format and the serialization. This is quite natural given that we are
    > engineers and that's pretty much the only things we care about in life
    > (besides the name of the group, of course).

+1

    > Since charters can be updated later I prefer to have the group figure
    > out the technical pieces and that they are not captured in the charter
    > yet. This should also remove the chicken-and-egg situation.

Agreed.

    alissa> 2. Michael Richardson raised some good question about this text
    alissa> that seem like they warrant clarification, or at least a
    alissa> consensus call: "Software update solutions that target updating
    alissa> software other than the  firmware binaries are also out of scope."

BTW, this would not be a blocking comment from me.
I can live with the text as is, I'd just prefer clarification.


--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-




--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAlogNrwACgkQgItw+93Q
3WUsUAf9HgL0zsBfB3FsRDZj4/K9tSsfUPEIuLihv9naF0QlP3ZCFKlXKbce5Jql
68PhOQDDXHqq2HzMojj5PL20db1vbXsWK+H/+49NADcS+QXwS5a4dnU9UWlUfTwx
75EZYb40YaqOzQH1UPZ/NYVxrbYOP8JVvSpq/xpVZ3S6Gg4VhF//TqbwLlpcAkRP
GsDFlOcQ49zA3BglIaOmh7MR8BQrmXAUNA1sJnIJ+9rEn8OuDhrEwBvkjestm0ZW
BoBHcfyEszu3q2gj4Hk2P9a5jcYw31DhydVSmazWCDi1qM30W+ivCyb8JC0xq5Rm
mhnPzhJ1wNUAnm2UZ43KFW1wo58ACw==
=smeR
-----END PGP SIGNATURE-----
--=-=-=--