Re: [Gen-art] [art] [Last-Call] Artart last call review of draft-ietf-teep-architecture-16
Paul Kyzivat <paul.kyzivat@comcast.net> Mon, 11 April 2022 22:56 UTC
Return-Path: <paul.kyzivat@comcast.net>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4283F3A0BD3 for <gen-art@ietfa.amsl.com>; Mon, 11 Apr 2022 15:56:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.108
X-Spam-Level:
X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=comcast.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G-memnN5vifF for <gen-art@ietfa.amsl.com>; Mon, 11 Apr 2022 15:56:08 -0700 (PDT)
Received: from resqmta-h1p-028595.sys.comcast.net (resqmta-h1p-028595.sys.comcast.net [IPv6:2001:558:fd02:2446::3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F2DEC3A0BD6 for <gen-art@ietf.org>; Mon, 11 Apr 2022 15:56:07 -0700 (PDT)
Received: from resomta-h1p-028509.sys.comcast.net ([96.102.179.194]) by resqmta-h1p-028595.sys.comcast.net with ESMTP id dsP1nuY9EKA4xe2x4nrWks; Mon, 11 Apr 2022 22:56:06 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=20190202a; t=1649717766; bh=fFQt35r5KNjRhdTSEOVXhSvcy8PsbfYRmJU15ne646U=; h=Received:Received:Message-ID:Date:MIME-Version:Subject:To:From: Content-Type; b=wl/MWeyxDxzQ8ZxA4ZFJSBJFB4UtOsqf4IvO2tMEP2uMN7AIhHb8iervy/BESBnHz zIv/Peznzv5826wkSH5iu+iX/skzfxMGEk2+v8yJ+HcupSJdxqwZ9q5v40BfZ7SOlZ 3EaTbu3FwbMIJudcFE3jvF35EvybKtJqsZ4y8vgQlMD/rdREn6SHPpy9GewvkzgQyR cRjEE3FPqS3hRcK/gU6K2Dh2MTdvP5rDterr5MhgiCPW+rjyw8+i5VMT8kG77chvWC JrMDp8B/rgXFYe3ppQm0AFvaAxvP+lzrXDMjD8JXf2YG+oH4mBOwGHdWwd6u0S1Le+ GF8EKVXW1FXgw==
Received: from [192.168.1.52] ([24.62.227.142]) by resomta-h1p-028509.sys.comcast.net with ESMTPA id e2whnnhVyIKjle2wincPfV; Mon, 11 Apr 2022 22:55:45 +0000
X-Xfinity-VAAS: gggruggvucftvghtrhhoucdtuddrgedvvddrudekjedgudegucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuvehomhgtrghsthdqtfgvshhipdfqfgfvpdfpqffurfetoffkrfenuceurghilhhouhhtmecufedtudenucenucfjughrpefkffggfgfuvfhfhfgjtgfgsehtkeertddtfeejnecuhfhrohhmpefrrghulhcumfihiihivhgrthcuoehprghulhdrkhihiihivhgrthestghomhgtrghsthdrnhgvtheqnecuggftrfgrthhtvghrnhepkeeiudfhkeeigffhteelffekveelueekgffhveegkeekleetjeejveefieegvdeinecuffhomhgrihhnpehgihhthhhusgdrtghomhdpihgvthhfrdhorhhgnecukfhppedvgedriedvrddvvdejrddugedvnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehhvghloheplgduledvrdduieekrddurdehvdgnpdhinhgvthepvdegrdeivddrvddvjedrudegvddpmhgrihhlfhhrohhmpehprghulhdrkhihiihivhgrthestghomhgtrghsthdrnhgvthdpnhgspghrtghpthhtohepvddprhgtphhtthhopegrrhhtsehivghtfhdrohhrghdprhgtphhtthhopehgvghnqdgrrhhtsehivghtfhdrohhrgh
X-Xfinity-VMeta: sc=0.00;st=legit
Message-ID: <8d83be20-9c5e-5d2f-0472-23a6c0cd2b33@comcast.net>
Date: Mon, 11 Apr 2022 18:55:42 -0400
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Thunderbird/91.7.0
Content-Language: en-US
To: art@ietf.org, General Area Review Team <gen-art@ietf.org>
References: <164850526406.21554.6982960206540476351@ietfa.amsl.com> <DBBPR08MB5915B3398715EE22DF06BEBFFA1E9@DBBPR08MB5915.eurprd08.prod.outlook.com> <CABDGos6QOEabsz1YfQ_X2uQkQm+9L1WdynksTsTD+T26y_UNXQ@mail.gmail.com> <F88F6DC2-B2AE-45AF-B68E-1A1C75C575EA@vigilsec.com> <CABDGos4QOf+GS5JFbK50D6PORFb=UqpfAzjxSp5xcQLCSoub6Q@mail.gmail.com>
From: Paul Kyzivat <paul.kyzivat@comcast.net>
In-Reply-To: <CABDGos4QOf+GS5JFbK50D6PORFb=UqpfAzjxSp5xcQLCSoub6Q@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/igScQ7BUOUuG91fqVQMWXK7UBo0>
Subject: Re: [Gen-art] [art] [Last-Call] Artart last call review of draft-ietf-teep-architecture-16
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Apr 2022 22:56:15 -0000
I've been seeing this discussion of Russ' artart review. But I have seen no discussion of my genart review of it. Did you perhaps not get it? Thanks, Paul On 4/7/22 4:52 PM, Mingliang Pei wrote: > Hi Russ, > > Great, thank you. Please see inline. I will update RFC with the two > points agreed. > > Best, > > Ming > > > On Thu, Apr 7, 2022 at 12:31 PM Russ Housley <housley@vigilsec.com > <mailto:housley@vigilsec.com>> wrote: > > Please see below. > >> On Apr 6, 2022, at 8:54 PM, Mingliang Pei >> <mingliang.pei=40broadcom.com@dmarc.ietf.org >> <mailto:mingliang.pei=40broadcom.com@dmarc.ietf.org>> wrote: >> >> Thanks Russ for your comments. Thanks Hannes for the PR. I made a >> minor comment on the PR. The changes look good overall. >> >> Please see my comments inline about "trust anchor" and "app store". >> >> Best, >> >> Ming >> >> On Mon, Mar 28, 2022 at 11:06 PM Hannes Tschofenig >> <Hannes.Tschofenig@arm.com <mailto:Hannes.Tschofenig@arm.com>> wrote: >> >> Hi Russ, >> >> Thanks for the review. >> >> I have created a few PR based on your comments: >> https://github.com/ietf-teep/architecture/pull/234 >> <https://github.com/ietf-teep/architecture/pull/234> >> >> I have added a few remarks below (mainly agreeing with your >> observations). >> >> Ciao >> Hannes >> >> >> -----Original Message----- >> From: Russ Housley via Datatracker <noreply@ietf.org >> <mailto:noreply@ietf.org>> >> Sent: Tuesday, March 29, 2022 12:08 AM >> To: art@ietf.org <mailto:art@ietf.org> >> Cc: draft-ietf-teep-architecture.all@ietf.org >> <mailto:draft-ietf-teep-architecture.all@ietf.org>; >> last-call@ietf.org <mailto:last-call@ietf.org>; teep@ietf.org >> <mailto:teep@ietf.org> >> Subject: Artart last call review of >> draft-ietf-teep-architecture-16 >> >> Reviewer: Russ Housley >> Review result: Almost Ready >> >> I am the assigned ARTART reviewer for this Internet-Draft. >> >> Document: draft-ietf-teep-architecture-16 >> Reviewer: Russ Housley >> Review Date: 2022-03-28 >> IETF LC End Date: 2022-04-07 >> IESG Telechat date: unknown >> >> Summary: Almost Ready >> >> Major Concerns: None. >> >> >> Minor Concerns: >> >> Section 3.3 says: >> >> Weak security in Internet of Things (IoT) devices has been >> posing >> threats to critical infrastructure that relies upon such >> devices. >> >> I'm a bit confused by this opening sentence. IoT devices >> usually depend upon an infrastructure. This seems to be >> talking about an infrastructure that depends upon a collection >> of IoT devices. I suggest a minor edits to help the reader >> understand that this sentence is not talking about network >> infrastructure. >> >> [Hannes] I have changed the sentence to improve the wording. >> >> Section 9.3 says that a compromised REE "might drop or delay >> messages". >> This discussion should be expanded to include the replay of >> messages. >> >> [Hannes] Agree. >> >> Section 9.4 says: >> >> A root CA for TAM certificates might get compromised or its >> certificate might expire, or a Trust Anchor other than a >> root CA >> certificate may also expire or be compromised. >> >> I do not understand the difference between a Root CA and a >> Trust Anchor. >> These are usually used a synonyms. Please explain the >> difference that in intended here. >> >> [Hannes] Good point. I removed part of the sentence. >> >> >> [Ming] Trust Anchor definition says "The Trust Anchor may be a >> certificate or it may be a raw public key.".When it is a >> certificate, it doesn't have to be the root certificate. It could >> be an issuing CA while it isn't a common practice. Do we limit it >> to a self-signed root CA? I am fine with this, and update accordingly. > > I think the point about not a "Root Certificate" in all situations > is very helpful. Please add that to the document. > > > Ming: will add a clarification line in the definition of "Trust Anchor" > that a "A Trust Anchor can be a non-root certificate when it is a > certificate.", and keep the original statement above. > >> Nits: >> >> Section 1 says: >> >> ... The problems in the bullets above, on the >> other hand, require a new protocol, i.e., the TEEP >> protocol, for TEEs >> that can install and enumerate TAs in a TEE-secured >> location and >> where another domain-specific protocol standard (e.g., [GSMA], >> [OTRP]) that meets the needs is not already in use. >> >> Recommend breaking this long sentence up into at least two >> sentences. >> There are two points. First, the need for a protocol to >> address the items listed earlier. Second, where an existing >> domain-specific protocol does not already exist, a new more >> general protocol is needed. >> >> [Hannes] Splitting the sentence improves readability. >> >> Section 4.4 says: >> >> ... Implementations must support encryption of >> such Personalization Data to preserve the confidentiality of >> potentially sensitive data contained within it, and must >> support >> integrity protection of the Personalization Data. >> >> Why not say that implementation must support mechanisms for >> the confidentiality and integrity protection of such >> Personalization Data? >> Also, it seems like draft-ietf-suit-firmware-encryption offers >> one mechanism for such protection. Should it be referenced here? >> >> [Hannes] Agree that the sentence should be simplified. You are >> also right by saying that a solution is available. I am not >> sure we should reference the solution in this document or in >> the protocol spec. >> >> Section 4: Is an "App Store" a place where apps are stored, or >> is it a place where apps a purchased? The term seems to be >> used both ways, and in one place, the document is very general >> by saying, "an app store or other app repository". Elsewhere, >> the term "Trust Anchor Store" is clearly a place for storage >> of trust anchors. >> >> [Hannes] I am not entirely sure what do about this one. I hope >> for input from my co-authors. >> >> >> [Ming] "app store" intends to mean "where apps are stored and can >> be acquired (such as Apple App Store / Google Play)". "Trust >> Anchor Store" means some storage within a device to keep a list of >> Trust Anchors. How about add a definition of "App Store" that was >> depicted in the diagram under Section "Entity Relations" to say >> the following? > > Definitions would resolve this comment. > > > Ming: thanks > >> >> App Store: a service provider where an Untrusted Application may >> be downloaded. > > Suggestion: App Store: an online location from which Untrusted > Applications can be downloaded. > > > Ming: looks better. I will use your version. > > >> Section 9.7: Please consider changing the section title to be >> something >> like: "TEE Certificate Expiry and Renewal". There is an >> earlier section that talks about expiration of Root CA >> certificates. >> >> [Hannes] Makes sense. >> >> IMPORTANT NOTICE: The contents of this email and any >> attachments are confidential and may also be privileged. If >> you are not the intended recipient, please notify the sender >> immediately and do not disclose the contents to any other >> person, use it for any purpose, or store or copy the >> information in any medium. Thank you. >> >> >> This electronic communication and the information and any files >> transmitted with it, or attached to it, are confidential and are >> intended solely for the use of the individual or entity to whom it >> is addressed and may contain information that is confidential, >> legally privileged, protected by privacy laws, or otherwise >> restricted from disclosure to anyone else. If you are not the >> intended recipient or the person responsible for delivering the >> e-mail to the intended recipient, you are hereby notified that any >> use, copying, distributing, dissemination, forwarding, printing, >> or copying of this e-mail is strictly prohibited. If you received >> this e-mail in error, please return the e-mail to the sender, >> delete it from your computer, and destroy any printed copy of it.-- >> last-call mailing list >> last-call@ietf.org <mailto:last-call@ietf.org> >> https://www.ietf.org/mailman/listinfo/last-call >> <https://www.ietf.org/mailman/listinfo/last-call> > > > This electronic communication and the information and any files > transmitted with it, or attached to it, are confidential and are > intended solely for the use of the individual or entity to whom it is > addressed and may contain information that is confidential, legally > privileged, protected by privacy laws, or otherwise restricted from > disclosure to anyone else. If you are not the intended recipient or the > person responsible for delivering the e-mail to the intended recipient, > you are hereby notified that any use, copying, distributing, > dissemination, forwarding, printing, or copying of this e-mail is > strictly prohibited. If you received this e-mail in error, please return > the e-mail to the sender, delete it from your computer, and destroy any > printed copy of it. > > _______________________________________________ > art mailing list > art@ietf.org > https://www.ietf.org/mailman/listinfo/art
- Re: [Gen-art] [art] [Last-Call] Artart last call … Paul Kyzivat