IETF Logo Mail Archive

Re: [Teep] draft-tschofenig-teep-otrp-v2-00

Anders Rundgren <anders.rundgren.net@gmail.com> Tue, 09 July 2019 13:56 UTC

Return-Path: <anders.rundgren.net@gmail.com>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E774C120168 for <teep@ietfa.amsl.com>; Tue, 9 Jul 2019 06:56:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.703
X-Spam-Level:
X-Spam-Status: No, score=-0.703 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, PDS_NO_HELO_DNS=1.295, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id so7igh19pIvQ for <teep@ietfa.amsl.com>; Tue, 9 Jul 2019 06:56:58 -0700 (PDT)
Received: from mail-lj1-x22c.google.com (mail-lj1-x22c.google.com [IPv6:2a00:1450:4864:20::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EA72B120141 for <teep@ietf.org>; Tue, 9 Jul 2019 06:56:57 -0700 (PDT)
Received: by mail-lj1-x22c.google.com with SMTP id t28so19644604lje.9 for <teep@ietf.org>; Tue, 09 Jul 2019 06:56:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=BUvTPvSsP2wL+l1cgwFpESHl5UoFfbo4kLklWbNt044=; b=XP1k7nWXKszYK6sURJBbnCek4zAnTbnBTt28iqemdwyfcHrGjDwjb4VtZ0FgpihdfK a05V6nwoRzDDnfA4RH//CYywZga1DHeAo4rEYo9vva7W21DjJ8cfGFgNwE6iyDKDmyUL x4On5F1nGaJsEkQhOTWnteU9ZAEgQBD59Jbc40XnleP0LXoz+vTi8RHa4Y+jWnmF2TJw pWHb/XhOlO/uhNORKtKLwUDrVnP1aNuLojSkBEJOsxJrySskpXjyBYzahTfI+Ruw/pib DcfRqOnFXKmXFLbyTeIipFaq9nk9H0mA/CWMSVzL/W7e0Vfybu5hfFdA4jl//L285dRi DDSw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=BUvTPvSsP2wL+l1cgwFpESHl5UoFfbo4kLklWbNt044=; b=GcE9pbyVcT3mh0bZMS73hdPZK1LPirH9aRLQWV0H3MPYccn1Pq7MSfb4dksW0KAAmI 6z5grj6z91v/Y1R8uQ+vS0cSe9cQGfhAa1dC2pN8l9WYI7SGPcpIMSTwZdxkJOOqIibO gWD4JftmlOc/eOKO9q1TFmrLR/746RiE9lA0R0haLIn1nArSlWUkkaQokKyiamu3Xgz1 sbgHzUigfYKzhulLCU5gUYjBtAP2CNQVnMf1bh2/TtwJIm1pCs2IcRnnSM8gsUNojtDf 3m3FzyeYkYsI4/5UzsSG6aVOPh0D67RgVus3OP2iZ7QshLGG15epLC+lBRA7ZJCYffFg 0gAQ==
X-Gm-Message-State: APjAAAWI1KrvpAr2jKanPqdtNaHQ7R4C0UhfV++fEYEW5/eh7sFy40rz vm2gAjBXrXMz4SiqCECE4TBeTaFs98M=
X-Google-Smtp-Source: APXvYqyHqgWtkGTdDxF1gKAmXJxVqdLeHQeQH6VlQKbQL4fEu+p/3G7uZ0VmU/XgIlARacGt6LOdFA==
X-Received: by 2002:a2e:8495:: with SMTP id b21mr13750892ljh.149.1562680616218; Tue, 09 Jul 2019 06:56:56 -0700 (PDT)
Received: from [192.168.0.101] (212-107-132-189.customers.ownit.se. [212.107.132.189]) by smtp.googlemail.com with ESMTPSA id v86sm4330195lje.74.2019.07.09.06.56.55 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 09 Jul 2019 06:56:55 -0700 (PDT)
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, "teep@ietf.org" <teep@ietf.org>
References: <VI1PR08MB536037A16BACD104800B358FFAF10@VI1PR08MB5360.eurprd08.prod.outlook.com>
From: Anders Rundgren <anders.rundgren.net@gmail.com>
Message-ID: <da0a237b-58ed-ffc7-02c2-ca00d1797955@gmail.com>
Date: Tue, 09 Jul 2019 15:56:51 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.7.2
MIME-Version: 1.0
In-Reply-To: <VI1PR08MB536037A16BACD104800B358FFAF10@VI1PR08MB5360.eurprd08.prod.outlook.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/-solcwUSSWDV_wOszFs8zsQVRc4>
Subject: Re: [Teep] draft-tschofenig-teep-otrp-v2-00
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jul 2019 13:57:00 -0000

On 2019-07-09 10:46, Hannes Tschofenig wrote:
> Hi all,
> 
> We put together a draft about what I would call version 2 of the OTrP protocol. Why version 2?
> 
> As you know, there is some work in Global Platform standardizing the version we have been working on so far in the group.
> 
> However, based on the design decisions made so far we are breaking backwards compatibility. We need to distinguish the two versions somehow.

A wise decision!  BTW, I never understood the point making an IETF copy (it was?) of another standard.

<snip>
> There are some questions that surfaced during the work on this draft, such as whether we want to support multiple encodings for this protocol. I plan to discuss these topics at the upcoming IETF meeting (if I get a presentation slot)

I have said it before and I say it again: By separating the API from the Protocol and rather use a session-based scheme you get a cleaner and more powerful system [*] in the end.  Yeah, the initial task will be 30-50% bigger but that difference is zeroed out when you have both protocol encodings in place.

"Executive Level" description: https://cyberphone.github.io/doc/research/session-based-remote-attestation.pdf

> 
> I hope you find this interesting and I am looking forward to see your feedback!

It was indeed quite interesting :-)

Anders

*] The long-term plan with the mentioned SKS/KeyGen2 (API/Protocol) scheme is making remotely provisioned cryptographic keys first class OS objects similar to Users, Files, Processes, etc.

> 
> Ciao
> 
> Hannes
> 
> IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
> 
> _______________________________________________
> TEEP mailing list
> TEEP@ietf.org
> https://www.ietf.org/mailman/listinfo/teep
>

v2.23.0 | Report a Bug | By Email