idnits 2.17.1 draft-birkholz-suit-coswid-manifest-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** There are 4 instances of too long lines in the document, the longest one being 40 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (July 18, 2018) is 2102 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-24) exists of draft-ietf-sacm-coswid-06 == Outdated reference: A later version (-16) exists of draft-ietf-suit-architecture-01 ** Downref: Normative reference to an Informational draft: draft-ietf-suit-architecture (ref. 'I-D.ietf-suit-architecture') == Outdated reference: A later version (-13) exists of draft-ietf-suit-information-model-01 ** Downref: Normative reference to an Informational draft: draft-ietf-suit-information-model (ref. 'I-D.ietf-suit-information-model') Summary: 4 errors (**), 0 flaws (~~), 4 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 SUIT Working Group H. Birkholz 3 Internet-Draft Fraunhofer SIT 4 Intended status: Standards Track July 18, 2018 5 Expires: January 19, 2019 7 A SUIT Manifest Extension for Concise Software Identifiers 8 draft-birkholz-suit-coswid-manifest-00 10 Abstract 12 This document defines a resource extension for Concise Software 13 Identifiers (CoSWID) that represents a SUIT firmware manifest. This 14 extension combines the information elements of the SUIT information 15 model with the semantic expressiveness of Software Identifiers. In 16 consequence, this composite enables the integration of Firmware 17 Updates for the Internet of Things (SUIT) in existing work-flows for 18 updates of software components in general. 20 Status of This Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current Internet- 28 Drafts is at https://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 This Internet-Draft will expire on January 19, 2019. 37 Copyright Notice 39 Copyright (c) 2018 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents 44 (https://trustee.ietf.org/license-info) in effect on the date of 45 publication of this document. Please review these documents 46 carefully, as they describe your rights and restrictions with respect 47 to this document. Code Components extracted from this document must 48 include Simplified BSD License text as described in Section 4.e of 49 the Trust Legal Provisions and are provided without warranty as 50 described in the Simplified BSD License. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 55 2. SUIT Manifest Extension . . . . . . . . . . . . . . . . . . . 2 56 3. SUIT Manifest Resource Data Definition . . . . . . . . . . . 3 57 4. Future Updates . . . . . . . . . . . . . . . . . . . . . . . 5 58 5. Security Considerations . . . . . . . . . . . . . . . . . . . 5 59 6. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 5 60 7. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . 5 61 8. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 5 62 9. Normative References . . . . . . . . . . . . . . . . . . . . 5 63 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 6 65 1. Introduction 67 Firmware updates are quite similar to software update of applications 68 - composites of software components - for example, servers or user- 69 devices. Attributes and semantic dependencies as defined by Concise 70 Software Identifies [I-D.ietf-sacm-coswid] are equivalent. In 71 contrast, location and target definitions as well as the 72 characteristics that are specific to an update campaign of a SUIT 73 require a specific set of addiction information elements. The 74 semantics regarding SUIT specific information elements are defined by 75 the SUIT Information Model [I-D.ietf-suit-information-model]. 76 Correspondingly, the CoSWID extension defined in this document uses 77 CDDL extension points to add SUIT information elements to the 78 standard Concise Software Identifiers. 80 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 81 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 82 "OPTIONAL" in this document are to be interpreted as described in 83 BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all 84 capitals, as shown here. 86 2. SUIT Manifest Extension 88 The following CDDL data definition is intended to be used as an 89 extension to the CoSWID CDDL data definition. Corresponding terms, 90 such as Resources, Processors and Targets of input nodes and output 91 nodes are covered by the SUIT Information Model and Architecture 92 [I-D.ietf-suit-architecture]. 94 3. SUIT Manifest Resource Data Definition 96 The following CDDL data definition MUST be added to Payload or 97 Evidence Resources via CDDL extension points in order to express SUIT 98 Manifests in Concise Software Identifiers. 100 $$payload-extension //= (suit.manifest-entry,) 101 $$evidence-extension //= (suit.manifest-entry,) 103 suit-manifest = { 104 suit.manifest-version, 105 suit.digest-info, 106 suit.text-reference, 107 suit.nonce, 108 suit.sequence-number, 109 ? suit.pre-condition, 110 ? suit.post-condition, 111 ? suit.directives, 112 ? suit.resources, 113 ? suit.processors, 114 ? suit.targets, 115 ? suit.extensions, 116 } 118 suit.manifest-entry = (59: suit-manifest / [ 2* suit-manifest ] ) 119 suit.manifest-version = (60: 1) 120 suit.digest-info = (61: [ suit.digest-algorithm, 121 ? suit.digest-parameters, 122 ] 123 ) 124 suit.digest-algorithm = uint 125 suit.digest-parameters = bytes 126 suit.text-reference = (62: bytes) 127 suit.nonce = (63: bytes) 128 suit.sequence-number = (64: uint) 129 suit.pre-condition = (suit.id-condition // suit.time-condition // suit.image-condition // suit.custom-condition) 130 suit.post-condition = (suit.image-condition // suit.custom-condition) 131 suit.id-condition = (65: [ + [ suit.vendor / suit.class / suit.device, 132 suit.uuid, 133 ] 134 ] 135 ) 136 suit.vendor = 0 137 suit.class = 1 138 suit.device = 2 139 suit.uuid = bstr .size 16 140 suit.time-condition = (66: [ + [ suit.install-after / suit.best-before, 141 suit.timestamp, 143 ] 144 ] 145 ) 146 suit.install-after = 0 147 suit.best-before = 1 148 suit.timestamp = uint .size 8 149 suit.image-condition = (67: [ + [ suit.current-content / suit.not-current-content, 150 suit.storage-identifier, 151 ? suit.digest, 152 ] 153 ] 154 ) 155 suit.current-content = 0 156 suit.not-current-content = 1 157 suit.digest = bytes 158 suit.storage-identifier = bytes 159 suit.custom-condition = (68: [ nint, 160 suit.condition-parameters, 161 ] 162 ) 163 suit.condition-parameters = bytes 164 suit.directives = (69: { + int => bytes } ) 165 suit.resources = (70: [ + [ suit.resource-type, 166 suit.uri-list, 167 suit.digest, 168 suit.onode, 169 ? suit.size, 170 ] 171 ] 172 ) 173 suit.resource-type = suit.payload / suit.dependency / suit.key / suit.alias 174 suit.payload = 0 175 suit.dependency = 1 176 suit.key = 2 177 suit.alias = 3 178 suit.uri-list = { + int => text } 179 suit.size = uint 180 suit.onode = bytes 181 suit.processors = (71: [ + [ suit.decrypt / suit.decompress / suit.undiff / suit.relocate / suit.unrelocate, 182 suit.parameters, 183 suit.inode, 184 suit.onode, 185 ] 186 ] 187 ) 188 suit.decrypt = 0 189 suit.decompress = 1 190 suit.undiff = 2 191 suit.relocate = 3 192 suit.unrelocate = 4 193 suit.parameters = bytes 194 suit.inode = bytes 195 suit.targets = (72: [ + [ suit.component-id, 196 suit.storage-identifier, 197 suit.inode, 198 ? suit.encoding, 199 ] 200 ] 201 ) 202 suit.component-id = [ + bytes ] 203 suit.encoding = bytes 204 suit.extensions = (73: { + int => bytes } ) 206 4. Future Updates 208 This draft is intended to incorporate the extension registry that 209 will be defined by Concise Software Identifiers. Until then, a 210 consecutive numbering system in alignment to the labels used in 211 Concise Software Identifiers is applied. 213 5. Security Considerations 215 TBD 217 6. Acknowledgments 219 TBD 221 7. Change Log 223 Initial Contribution 225 8. Contributors 227 TBD 229 9. Normative References 231 [I-D.ietf-sacm-coswid] 232 Birkholz, H., Fitzgerald-McKay, J., Schmidt, C., and D. 233 Waltermire, "Concise Software Identifiers", draft-ietf- 234 sacm-coswid-06 (work in progress), July 2018. 236 [I-D.ietf-suit-architecture] 237 Moran, B., Meriac, M., Tschofenig, H., and D. Brown, "A 238 Firmware Update Architecture for Internet of Things 239 Devices", draft-ietf-suit-architecture-01 (work in 240 progress), July 2018. 242 [I-D.ietf-suit-information-model] 243 Moran, B., Tschofenig, H., and H. Birkholz, "Firmware 244 Updates for Internet of Things Devices - An Information 245 Model for Manifests", draft-ietf-suit-information-model-01 246 (work in progress), July 2018. 248 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 249 Requirement Levels", BCP 14, RFC 2119, 250 DOI 10.17487/RFC2119, March 1997, 251 . 253 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 254 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 255 May 2017, . 257 Author's Address 259 Henk Birkholz 260 Fraunhofer SIT 261 Rheinstrasse 75 262 Darmstadt 64295 263 Germany 265 Email: henk.birkholz@sit.fraunhofer.de