Reviewer: Tobias Gondrom Review result: Ready Overall, looks good. One nit: Page 5 s/not the MUD file primarily to due/ not the MUD file primarily due to Comments: I have some mixed views about the MUD URL reference to the MUD file in the SUIT manifest, it could lead to inconsistent security postures if one signature works and the MUD signature doesn’t verify and the complexity might make it difficult to get consistent behavior across implementations. Also loading the MUD file for a difference source may lead to issues if the source can not be reached. Having said that, I can understand why the authors have chosen this approach to extend the SUIT manifest in a more flexible manner. The draft could specify more explicitly the rules (MUST/MUST NOT) how a network shall react if either the URL can not be found or if the MUD file signature does not verify. Also some concern with regards to how the MUD file will work together if a SBOM would be present and whether overlap may occur and potentially cause confusion by the management consoles. Just my 2 cents. Best regards, Tobias |
-- last-call mailing list -- last-call@xxxxxxxx To unsubscribe send an email to last-call-leave@xxxxxxxx
