[Teep] draft-tschofenig-teep-otrp-v2-00

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Tue, 09 July 2019 08:46 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AD5391203A1 for <teep@ietfa.amsl.com>; Tue, 9 Jul 2019 01:46:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wNiV1IJe6yxn for <teep@ietfa.amsl.com>; Tue, 9 Jul 2019 01:46:47 -0700 (PDT)
Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-eopbgr10041.outbound.protection.outlook.com [40.107.1.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 387F3120413 for <teep@ietf.org>; Tue, 9 Jul 2019 01:46:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XD8oiWFaWRtUfS/ZjofIUF7yEnSbvNos7J9Q4wkNfQk=; b=2JLWIz9Dg9WGFqVtTmgIactsQBk+lACXjcMq2WnbM7B/pglFVlprWUxo8SxRmhfk6qPZKDEwfPxJHFA2daXTIzUEJt5GYiMkqFgLNl6V4mDewRcxVjq+rzFj76aGmCukV5pEM8pPkwgkt+QNpiQ9dRtvbrP9Q5JQ2BAslHobkgk=
Received: from VI1PR08MB5360.eurprd08.prod.outlook.com (52.133.244.88) by VI1PR08MB3278.eurprd08.prod.outlook.com (52.134.30.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2052.20; Tue, 9 Jul 2019 08:46:42 +0000
Received: from VI1PR08MB5360.eurprd08.prod.outlook.com ([fe80::9ce0:faf4:980d:dc77]) by VI1PR08MB5360.eurprd08.prod.outlook.com ([fe80::9ce0:faf4:980d:dc77%3]) with mapi id 15.20.2052.020; Tue, 9 Jul 2019 08:46:42 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: "teep@ietf.org" <teep@ietf.org>
Thread-Topic: draft-tschofenig-teep-otrp-v2-00
Thread-Index: AdU2MM7rokbHdeT7SSOyoNhR4EHtYA==
Date: Tue, 09 Jul 2019 08:46:42 +0000
Message-ID: <VI1PR08MB536037A16BACD104800B358FFAF10@VI1PR08MB5360.eurprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ts-tracking-id: 59deb844-e3cb-407f-9031-a06971a75a97.0
x-checkrecipientchecked: true
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com;
x-originating-ip: [80.92.119.152]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: a4aeda35-3d78-4fac-a65f-08d70449f779
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:VI1PR08MB3278;
x-ms-traffictypediagnostic: VI1PR08MB3278:
x-microsoft-antispam-prvs: <VI1PR08MB327855C2B2409F1D5CF6F8E3FAF10@VI1PR08MB3278.eurprd08.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-forefront-prvs: 0093C80C01
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(136003)(366004)(396003)(39860400002)(346002)(376002)(40434004)(53754006)(199004)(189003)(72206003)(55016002)(74316002)(53936002)(2906002)(45080400002)(478600001)(7736002)(554214002)(99286004)(790700001)(25786009)(6916009)(7696005)(66066001)(3846002)(5640700003)(6116002)(86362001)(316002)(186003)(256004)(14444005)(102836004)(486006)(71190400001)(81166006)(52536014)(81156014)(1730700003)(8676002)(14454004)(26005)(6306002)(54896002)(2351001)(5660300002)(6506007)(33656002)(476003)(9686003)(64756008)(6436002)(2501003)(66446008)(66946007)(68736007)(76116006)(66476007)(73956011)(66556008)(8936002)(71200400001)(5024004); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR08MB3278; H:VI1PR08MB5360.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: WyfNq6MjCsKmLSjO8K0Tj0VhM+J0o5gEScgVltfCydG2agvhw9I9o2shVQ5ASMqkU5X4W856Vr2/PVhHtm/Vl+CVA7gyu/W/8+wEqgMeJC9VgTVTm7P8n4wRM0FLJxPIpmxCtfdrdvN+P56StrjXYZ/71krloRsk/6ltLGuTH/WU41GW+GtYZImHLdvS2rpXzYy9MqyU+/Ux0Ket2qXt37wqfZHrSoNW34rsovqRzL8Z6CmEcVqOffRxKwYQFJb+QFArZJjpElBjTvoHa0I8R1Xa/iazAC3SHlAGjLtaAeV2RiIytQEGq5BIJ58lb8XW8y3GNvRgf/Fyaqykr1ZU7O+6vPB/lda56/9mVtD7zKVVzjjjn5diPGRtIdnF+1uL7YAjUXh2jjbAloQsmtkbnbeL1VcX1iO0M92/dL+NzKs=
Content-Type: multipart/alternative; boundary="_000_VI1PR08MB536037A16BACD104800B358FFAF10VI1PR08MB5360eurp_"
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a4aeda35-3d78-4fac-a65f-08d70449f779
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Jul 2019 08:46:42.5541 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Hannes.Tschofenig@arm.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR08MB3278
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/0l-BRrrMaBtvZuu8UA0bz7pYL7o>
Subject: [Teep] draft-tschofenig-teep-otrp-v2-00
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jul 2019 08:46:51 -0000

Hi all,

We put together a draft about what I would call version 2 of the OTrP protocol. Why version 2?

As you know, there is some work in Global Platform standardizing the version we have been working on so far in the group.
However, based on the design decisions made so far we are breaking backwards compatibility. We need to distinguish the two versions somehow.

Did we just create a problem with this approach? Not really! We are trying to cover a much broader set of use cases than envisioned with the initial version of OTrP.
When the work on OTrP started the primary use case was about mobile phones and tablets. We added other types of TEEs, such as SGX and at the last hackathon people talked about RISC-V-based TEEs. We now also want to cover IoT scenarios.
Technology has also evolved with the work by Microsoft on their Open Enclave SDK and with TrustZone for v8-M. The IETF has also started various standardization activities, which we are leveraging.

So, what's in that new draft - an individual submission at this point in time:


  *   Removal of the security domain management concept (although this can be added as an extension)
  *   Encoding agnostic description using CDDL (although it focuses on CBOR/COSE because of my limited understanding of CDDL)
  *   Added CBOR/COSE encoding (the earlier version of OTrP only supported JSON/JOSE)
  *   Terminology alignment with the TEEP architecture draft
  *   Support of attestation via the RATS/EAT specification
  *   Support for software management via the SUIT manifest
  *   Added better extension management
  *   Removed a lot of redundant text (the text is already in the architecture document and there is no point in repeating it again)

Re-using other IETF specifications and removing features and optimizations made this new version much simpler. I also believe it will be much, much easier to implement.

There are some questions that surfaced during the work on this draft, such as whether we want to support multiple encodings for this protocol. I plan to discuss these topics at the upcoming IETF meeting (if I get a presentation slot)

I hope you find this interesting and I am looking forward to see your feedback!

Ciao
Hannes
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.