Text overly prescriptive

[hannestschofenig]

Stephen Farrell wrote:

The draft seems overly prescriptive in some places. I think that's ok though as it's the CBOR spec that'd affect interop so is where such issues should be addressed. Is that right? If so, that's fine. If however, the MUSTs in this draft are supposed to be slavishly followed then I think a non-trivial number of then are wrong. Just to pick out a couple of examples:

4.3.1: "Devices MUST reject manifests with sequence numbers smaller than any onboard sequence number." I'm not sure it's ok to rule out rollback without a new manifest in all cases. Is there evidence that that is ok?

4.3.6: Why MUST that location be explicit in the manifest? It could be an installation parameter in some cases, e.g. use SD card if present, else use on-board flash, and all might depend on space available and boot order settings.

[hannestschofenig]

Addressed by version -10 of the draft.