Markdown Version | Session Recording

Session Date/Time: 30 Mar 2023 04:00

SUIT

Summary

This SUIT working group meeting covered several draft specifications, including Encrypted Payloads, Mandatory To Implement Algorithm, Manifest And Associated Resource Distribution, Trust Domains, SUIT Report, and Update Management. Discussions focused on updates to the drafts, dependencies between them, and readiness for working group last call. Several action items were identified to prepare the documents for advancement.

Key Discussion Points

• Encrypted Payloads: Discussion on replacing the HpKE algorithm with ECDHES in the draft and the need for describing the info and e-input parameters.
• Mandatory To Implement Algorithm (MTI): Clarification on the algorithms included in the draft and the need for an update to reflect the switch to ECDH. The connection to the T protocol was highlighted.
• Manifest And Associated Resource Distribution: Confirmation that the document is ready for working group last call.
• Trust Domains: Discussion on the additions to the draft and readiness for working group last call.
• SUIT Report: Discussion on including a content type, embedding in a MEE object, IANA considerations, and security considerations, including authentication and encryption, and how it interacts with the T protocol.
• Update Management: Discussion on adding permission and ownership management commands to this draft.
• Dependencies: An overview of the dependencies between drafts was provided.

Decisions and Action Items

• Encrypted Payloads:
  • Johannes to create a new issue on GitHub for the description of the info and e-input parameters.
  • Johannes to update the document with descriptions of info and e-input parameters.
  • David Brown to collaborate with Johannes on the implementation example.
• Mandatory To Implement Algorithm (MTI):
  • Brendan and co-author to update the draft to reflect the switch to ECDH this week.
• SUIT Report:
  • Brendan to evaluate if the UCc security considerations overlap with the SUIT Report security considerations.
  • Brendan to update the draft with the new Mt I and other algorithms.
• Update Management:
  • Brendan to add the permission and ownership management commands suggested by Ken to the draft.
• General:
  • Chairs to start working group last call for Trust Domains next week.
  • Send the dependency overview and plan to the mailing list

Next Steps

• The working group will proceed with updating the drafts based on the action items above.
• Trust Domains will be moved to working group last call.
• The other drafts will be considered for working group last call after the identified updates are implemented.