**Session Date/Time:** 09 Sep 2025 19:00

# [SUIT](../wg/suit.html)

## Summary

This interim meeting focused on recent updates to the SUIT Report draft, an important discussion regarding a known vulnerability in COSE-based firmware encryption, and the overall status of other SUIT working group drafts. Key changes to the SUIT Report included improved attestation terminology and verifier guidance. The firmware encryption discussion highlighted a potential downgrade attack in COSE and outlined a path forward involving COSE working group engagement and an informational reference from the SUIT firmware encryption draft. The chairs noted the dependencies between SUIT drafts and their impact on drafts in AD evaluation and the RFC editor queue.

## Key Discussion Points

*   **SUIT Report Draft (-15) Updates:** Brendan provided an overview of changes in the latest SUIT Report draft:
    *   **Attestation Terminology:** Updated to align with RATS architecture terminology, providing more detail on the use of attestation evidence and its integration into an EAT token.
    *   **Verifier Actions:** Added explanatory (non-normative) text detailing considerations for verifiers consuming a SUIT Report within an EAT token, including methods for identifying untrustworthy attestors.
    *   **EAT Claim Translation:** Clarified that EAT claims may require translation and reconstruction, recommending (but not mandating) that verifiers convert SUIT Reports into more consumable EAT claim versions.
    *   **CoAP/Media Type Registration Feedback:** Incorporated changes based on feedback from CoAP content type and media type registration forums, as well as an inconsistency noted by Francesca.
*   **Media Type Registration Status for SUIT Report:**
    *   Brendan confirmed the media type registration for `s-report+cbor` was submitted and is in the IESG ballot.
    *   The AD noted comments from Hansen (finding it reasonable) and Murray (questioning `required-parameter` and `optional-parameter` fields).
*   **Firmware Encryption Vulnerability:** Hannes summarized a known potential downgrade attack (GCM/AAD cipher to CBC) in COSE container formats, similar to one identified in LAMPS for CMS, which applies to COSE-based firmware encryption.
    *   A mitigation approach was developed (changing key derivation), but a generic COSE solution has not yet emerged.
    *   The discussion explored whether to address this directly in the SUIT firmware encryption document or in the COSE working group.
    *   The AD emphasized that this is fundamentally a COSE issue and should be fixed there.
    *   To avoid publication delays of the SUIT firmware encryption draft, it was suggested to use an *informational reference* to a COSE draft (even an expired individual draft) that describes the mitigation, rather than a normative reference.
    *   Hannes noted that the COSE group has developed a different solution for HPKE that might be generalized for other COSE algorithms, potentially simplifying agreement within COSE.
*   **SUIT Update Management Draft Status:**
    *   The `suit-update-management` draft (-09) is currently in AD evaluation.
    *   The AD stated that its progression, along with other SUIT drafts like `suit-manifest`, is dependent on the `suit-report` draft advancing through the IESG queue.
    *   The `suit-manifest` draft has a normative dependency on `suit-update-management`.
    *   Other dependent drafts, such as those related to the TE protocol, are also stalled awaiting SUIT documents.
*   **Implementation Updates:**
    *   Hannes reported on discussions at the Riot Summit, where the Riot OS community plans to update their SUIT implementation (potentially in Rust).
    *   There are commercial and company-internal implementations of SUIT.
    *   AI, a co-author of the SUIT Manifest, has an implementation for Nordic boards.
    *   A sense of those present indicates continued interest in interoperability testing and further implementations, which the updated SUIT Report's clarity on EAT integration is expected to facilitate.

## Decisions and Action Items

*   **Brendan:**
    *   Reply to Murray's comments on the `s-report+cbor` media type registration on the mailing list.
    *   Reply to Russ's and the Genart reviewer's comments on the SUIT Report draft.
*   **Hannes:**
    *   Engage with COSE chairs and the responsible AD (Paul Wouters) to push for a COSE solution to the identified downgrade attack vulnerability.
    *   Explore incorporating an informational reference in the SUIT firmware encryption draft, pointing to the appropriate COSE ID describing the mitigation.
    *   Update the meeting notes for the firmware encryption discussion.
*   **Deb (AD):**
    *   Once Brendan addresses the SUIT Report ballot comments, she will process the `suit-report` draft for an upcoming IESG telechat (potentially September 25th).
    *   Following the `suit-report`'s progression, she will move the `suit-update-management` and `suit-manifest` drafts forward.

## Next Steps

*   Brendan to complete the identified replies promptly.
*   Hannes to pursue the COSE solution and informational reference strategy for firmware encryption.
*   The AD will continue to shepherd the `suit-report` draft through the IESG process, unlocking the progression of other dependent SUIT drafts.
*   The working group encourages continued implementation efforts and interoperability testing.