Re: [Suit] [Teep] Unique Identifier of TA_ID in TA_LIST for TEEP_QueryResponse

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Tue, 12 May 2020 09:13 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 053773A0D06; Tue, 12 May 2020 02:13:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=tJd4HGDC; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=tJd4HGDC
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id idCZJFfruSZN; Tue, 12 May 2020 02:13:51 -0700 (PDT)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60040.outbound.protection.outlook.com [40.107.6.40]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 614C93A0D00; Tue, 12 May 2020 02:13:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zqumsYCa7b0dekCyXOmdmvrN4ZGhdACJ4xfRY9PGg2Q=; b=tJd4HGDCC25LkU2rYA1FW1pjzZEcg6s5bilRkDr2jWUqKc6zBtEHP4hsCk+UnYbroy1mhvbQSrxS349nAzd9WgBCYLjitwDQ4WUQC+dDwIjGgEoeD/ECm0srTdmBR6zSp0H3jLUWJpc8JsET19mMJ9+33XkvzNjmpbYf34m3/ck=
Received: from DB7PR05CA0051.eurprd05.prod.outlook.com (2603:10a6:10:2e::28) by HE1PR08MB2684.eurprd08.prod.outlook.com (2603:10a6:7:2c::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2979.33; Tue, 12 May 2020 09:13:07 +0000
Received: from DB5EUR03FT052.eop-EUR03.prod.protection.outlook.com (2603:10a6:10:2e:cafe::f5) by DB7PR05CA0051.outlook.office365.com (2603:10a6:10:2e::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2979.28 via Frontend Transport; Tue, 12 May 2020 09:13:07 +0000
Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=bestguesspass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by DB5EUR03FT052.mail.protection.outlook.com (10.152.21.82) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2979.27 via Frontend Transport; Tue, 12 May 2020 09:13:07 +0000
Received: ("Tessian outbound fb9de21a7e90:v54"); Tue, 12 May 2020 09:13:07 +0000
X-CR-MTA-TID: 64aa7808
Received: from 0666189ff1e5.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id AFC4EC06-FF25-4ECD-B6DE-27E6961438A7.1; Tue, 12 May 2020 09:13:02 +0000
Received: from EUR03-AM5-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 0666189ff1e5.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Tue, 12 May 2020 09:13:02 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=I86fRQ/ur5W1wIpDno5VbdzTT3+qb82G23Exric91cZIsf+T6sD4Y7XVZWtB35HgpBds3mn7GR54DHVC6rY/CLNuPbTwFRubeme28t56KATXkevLdestxaivGFZZo6wHBToiAFsztNK3g+QVBAbkUpQc2ddiT2TQml2GHR3dhks6Zc2aMjubDmvJMmcpkd+eiBTvDXZox0Or5SdTeTggOcT3FJoyWjgLWzd7JXXwfi7+JnIWZWa8ct/90iRiNSAS8BhZquOWCdP9Zw08QT8Csy/WfEfvCMBj4PNIKMYW/DmvurlgnW/BS7v84AqGSwjcerl6oy9Lt6p6fSG1L9qIJw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zqumsYCa7b0dekCyXOmdmvrN4ZGhdACJ4xfRY9PGg2Q=; b=nDwWtrWfl5igNKCUoXucpBrp+jkPgbF5DROTTBXKYp9Az3xGAFnBiG25efuBtQw/EhbuvWATDbt8ppgDO+Wr/emmr3f8O2TA99bGuU/Mx/5CX0X7DMt30ouDF0ICnc54f/B6l8s8vgJn6Xvi47gHo2DHY208TaElRaC4fXKjxhhWV45T0fPn5JKUL6/Giv3osXa2Q9dS0DCAh+g1kWyYZB0HEPDrEOvB9HC6RlHJvbnZEhKBAyNxDjCZZ0FpK3ANWty/81eFeLRCIpki+dzHf9FIdj4M9oWCeeS+kAKh9Om5DrofYhLJfE6G0/M58EkU838TGeHuRFRdKp4YrwYu1g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zqumsYCa7b0dekCyXOmdmvrN4ZGhdACJ4xfRY9PGg2Q=; b=tJd4HGDCC25LkU2rYA1FW1pjzZEcg6s5bilRkDr2jWUqKc6zBtEHP4hsCk+UnYbroy1mhvbQSrxS349nAzd9WgBCYLjitwDQ4WUQC+dDwIjGgEoeD/ECm0srTdmBR6zSp0H3jLUWJpc8JsET19mMJ9+33XkvzNjmpbYf34m3/ck=
Received: from AM0PR08MB3716.eurprd08.prod.outlook.com (2603:10a6:208:106::13) by AM0PR08MB5235.eurprd08.prod.outlook.com (2603:10a6:208:163::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2979.28; Tue, 12 May 2020 09:13:01 +0000
Received: from AM0PR08MB3716.eurprd08.prod.outlook.com ([fe80::f501:c93e:1c20:8bee]) by AM0PR08MB3716.eurprd08.prod.outlook.com ([fe80::f501:c93e:1c20:8bee%6]) with mapi id 15.20.2979.033; Tue, 12 May 2020 09:13:01 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Akira Tsukamoto <akira.tsukamoto@aist.go.jp>, teep <teep@ietf.org>, "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Teep] Unique Identifier of TA_ID in TA_LIST for TEEP_QueryResponse
Thread-Index: AQHWEVbXFgYm+cwGsUmvssVwMd+QFqikRL8A
Date: Tue, 12 May 2020 09:13:01 +0000
Message-ID: <AM0PR08MB37161FA69D215123ACBC632FFABE0@AM0PR08MB3716.eurprd08.prod.outlook.com>
References: <7526678c-9ebc-e265-514c-435dce7595bc@aist.go.jp>
In-Reply-To: <7526678c-9ebc-e265-514c-435dce7595bc@aist.go.jp>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ts-tracking-id: f1494f5d-ef7e-4f35-9593-8a428c3690c0.0
x-checkrecipientchecked: true
Authentication-Results-Original: aist.go.jp; dkim=none (message not signed) header.d=none;aist.go.jp; dmarc=none action=none header.from=arm.com;
x-originating-ip: [80.92.122.242]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: ffd21ac8-36db-4ad6-9f99-08d7f654af53
x-ms-traffictypediagnostic: AM0PR08MB5235:|HE1PR08MB2684:
X-Microsoft-Antispam-PRVS: <HE1PR08MB2684080BA0EAA993FE4ED6B9FABE0@HE1PR08MB2684.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:9508;OLM:10000;
x-forefront-prvs: 0401647B7F
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: iYr+ki+zJRSGfntojQCj9rzoGjRfQguy1dmyMc/sE+sNJeR4QHSUWuJGllhnqNKAYuRou6TXLxFBSy5wrBNZzcTvw8Om/YZ46inZKsa1Izm2Sj61DuDk65Z8/5mM1sIF5Qr4jobmTM8nG3rVC4hCASIPwhBJXktQK4riusaYt3j87nuCbpWfQ/jZ/eMQ1E3tNtz4wEplh6VeQzP0BmCoetQAAyF27Y9vIibBR7Ux7q1BHe/148w9Irnz4gBpkiSipfEOAR9tXuV9eux685iEvqY6brXZEoLHigAjI28zP1H5ehSOtDyH6xGXU33Ru2JNVGgVNxi5XV6mAJG1gMIyGXOdw0X9dVFF43jE//6Y0k6uX5bgI110o78sLkRO+pRXN35uTiTcNVKtGgw0v128xZHpi4kaXxZeAfpd1iuHOZLMdTHd16fqZSOwqAozlSiQplZhSY6Ns0oYYSGmYa+NC1JG7dXM4EMBEYwnXHTTnq2o8WVOBtSnUlLru56XIOyLSNHWHPxx+MY64YTvVCYkdAUMPXpHRh2Pxi28sIMrQX7UhD7gIOqI85Q6+ftC5wPAKtYwkjoOM47OZuKP5Q/1RVhSLnqwihv5RBxi0Ioa0MVWYcOafghy+1MYWQxU2tXc
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR08MB3716.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(396003)(366004)(136003)(376002)(346002)(39860400002)(33430700001)(9686003)(7696005)(55016002)(33656002)(76116006)(66556008)(66946007)(86362001)(64756008)(66476007)(2906002)(66446008)(52536014)(966005)(26005)(8936002)(8676002)(6506007)(478600001)(186003)(71200400001)(5660300002)(33440700001)(53546011)(316002)(110136005)(222643001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: 2WxFC6TYz8K8uQkvt78N0tc6GhU/uvGZQzqpJl5gL3Ee+DqrcqWFxcjpxgQIeWDxy4Ujo9f4HeThisiTPfcGISziCLPlBTE152KtS0aLBnrHnwikB/17+ZqfmbpmRQ5UtE9VioStycAcilJtSdmTqSWYwhIHxqnz8DYEkM1assJWsajmxfZZ5Pn6d6/U7GBLrxqiYn6IvXwsm6JWcZQ9mqbuyLq8FD8gqNsGZDEm1WBqNeBgDsMctady3cRbo2jSMD9ZZacs0TUQ1gLnPpZ86n2n85T3i22cJhXGu03GR5pW7h4ueTyLynlp8sflr4DXjbQHbx93D+wKRhXdu88o0iVLGn1tzln5T2ROxaiECHC9XU7QX0b04l71WXnW6+bpvoUhTvy06D1xi+Y3z0FCSmOPn8FS05I/RVGadIahpXbZYJVVB6lVQ0aCDcbKvn19I5Xv6k7GR0k0XmnEuH+XHFOXEuAuH3+mzG4filKyhZQlhyunVIEHdc6xYoS9zb8q
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR08MB5235
Original-Authentication-Results: aist.go.jp; dkim=none (message not signed) header.d=none;aist.go.jp; dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: DB5EUR03FT052.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFTY:; SFS:(4636009)(136003)(39860400002)(396003)(376002)(346002)(46966005)(33430700001)(70586007)(52536014)(8676002)(5660300002)(478600001)(82310400002)(8936002)(33440700001)(356005)(316002)(2906002)(70206006)(9686003)(86362001)(110136005)(33656002)(81166007)(7696005)(55016002)(966005)(26005)(53546011)(47076004)(336012)(6506007)(186003)(82740400003)(450100002)(222643001); DIR:OUT; SFP:1101;
X-MS-Office365-Filtering-Correlation-Id-Prvs: b10cf131-dc47-41bf-5070-08d7f654ab98
X-Forefront-PRVS: 0401647B7F
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: HFMwNOZGvYDqBVzt+BM+XFmZv3c/TsuHWp7IJPnWycsYkfVUGAzp02t58DqKcv4hjgEtCbXfodbodnTS2AO0xdzyy6E0SSVYicJJABxL48QskbFh2pPpWVWLb7bHGr/ddT6vefNDJx/8URdEWlCkqygWpbeXXRPDEH6zn2arg+c3D/BgqGUDp+gmDzA8LnztiVcFOyfiaB83pibutCmPJdWzehil1m66CL6+hlQcfOCnAg1nLVouDFMAcjvT74YA8ofQNrMCKwv8KPNLKonL4pRT265Ca4iJt9QQHoTSfYZjTHw7NscWyGs7uCRoLWnShxwsLiaEVQ+x911hEFAQRDQCGsWEjA5cW6mQBX/ww6+r4deqVEqA/sHSWiIkYium3KqqQdey2wZbuCeeinbguYIkNwUUQe+hZl1Gb8KZPDDb0wzeUf5LZv0OKt8p9BM+2HqC1sMSZg4yv8TNGjpzGRbHvHRNIs/2WnRZ4EqSTdziau8NKaqRe4H6u5xUdX0mAqUYKeDBvhCsPrdK9nDHWx3BgSDSSM3KPyZxEMi1AmmZxfiSfjVJnJnAmmhGXULWrn3apSKgI7JXIPthi/6oU9CyvdtIzTzTztVEKH3GECY+XP+6krqbSAL3KbNnY+P5JssewQJ3cPSXwGxtgjqm1q+iSkr1u4fYPRUXbXYD6tzs24Y0iJZ/USyd/BJWrpoO
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 May 2020 09:13:07.5293 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: ffd21ac8-36db-4ad6-9f99-08d7f654af53
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR08MB2684
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/wQSEqZtT7YHeNFMEBssOx02PjoQ>
Subject: Re: [Suit] [Teep] Unique Identifier of TA_ID in TA_LIST for TEEP_QueryResponse
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 May 2020 09:13:53 -0000

Hi Akira,

I had a chat with Brendan about this topic.

In the SUIT model there is a manifest somewhere and it provides a pointer to where the binary, and other data is.
That pointer is a URI. This is used to fetch the information from some repository.

The vendor id and class id are identifiers used by the device to determine whether it is looking at a manifest that can be applied to itself. A device must not install software/firmware it is not supposed to because otherwise you can quickly DoS the device.

For me, the question is what information should the device report when it is asked what software it runs. Brendan suggested to use the Component ID and we would make recommendations regarding the construction and the uniqueness we would like to have. For example, we could say that the component id for a TA should be a UUID and the same TA binary would have the same UUID. Note that this component ID could subsequently also be used as a filename but we could also keep it separate.

What do you think?

Ciao
Hannes

-----Original Message-----
From: TEEP <teep-bounces@ietf.org> On Behalf Of Akira Tsukamoto
Sent: Monday, April 13, 2020 7:46 AM
To: teep <teep@ietf.org>rg>; suit@ietf.org
Subject: [Teep] Unique Identifier of TA_ID in TA_LIST for TEEP_QueryResponse

Hi all,

I would like to restart the discussion of Unique Identifier of TA_ID in TEEP's QueryResponse which was one of the item came up at TEEP interim meeting last week.

The discussion started between the Hackathon in Singapore and Berlin.

This is the link to the github.
https://github.com/ietf-teep/teep-protocol/issues/4

After going though again, I started to have my preference.

The usage of TA_ID in TEEP message is to distinguish the required TA in the device by parsing of identification id.
The it will be good to be able to match the TA with one bstr for one TA.

I started to think hash value might work.
Using the hash value from the properties of Parameters in Section 5.4.1 in SUIT CBOR Manifest for each TA.

The generating hash from adding all the properties.
These are the requited parameters.
    -  Vendor ID.
    -  Class ID. # Could be file name for SGX, uuid for op-tee. uuid is used
                   as file name in op-tee anyway
    -  Image Digest. # This is version of TA It is up to the user who would like to add optional parameters for the seed.

We have to consider which hash function to use too, and easiest to come up is probably sha256.
The hash value of sha256 is 32 bytes which is still going to be second largest member than NONCE in TEEP message.
I prefer smaller bytes to reduce the teep message size but raw parameters of all three above would be larger than 32bytes, so it may be acceptable.

The purpose of the hash value here is mainly for prevent colliding between different TAs or different version in the TAM server.

-Akira

_______________________________________________
TEEP mailing list
TEEP@ietf.org
https://www.ietf.org/mailman/listinfo/teep
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.