IETF Logo Mail Archive

Re: [Teep] BoF call Mar 15th 7am PST (3pm CET, 10pm CST)

Mingliang Pei <Mingliang_Pei@symantec.com> Wed, 15 March 2017 21:41 UTC

Return-Path: <Mingliang_Pei@symantec.com>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 42619129C2A for <teep@ietfa.amsl.com>; Wed, 15 Mar 2017 14:41:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.22
X-Spam-Level:
X-Spam-Status: No, score=-4.22 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=symc.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jr1ckKqFC4-X for <teep@ietfa.amsl.com>; Wed, 15 Mar 2017 14:41:56 -0700 (PDT)
Received: from asbsmtoutape01.symantec.com (asbsmtoutape01.symantec.com [155.64.138.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ECAAC129C21 for <teep@ietf.org>; Wed, 15 Mar 2017 14:41:52 -0700 (PDT)
Received: from asbsmtmtaapi01.symc.symantec.com (asb1-f5-symc-ext-prd-snat3.net.symantec.com [10.90.75.3]) by asbsmtoutape01.symantec.com (Symantec Messaging Gateway) with SMTP id 8F.2A.36325.F15B9C85; Wed, 15 Mar 2017 21:41:51 +0000 (GMT)
X-AuditID: 0a5af819-428639a000008de5-ba-58c9b51f34c9
Received: from tus3xchcaspin01.SYMC.SYMANTEC.COM (asb1-f5-symc-ext-prd-snat7.net.symantec.com [10.90.75.7]) by asbsmtmtaapi01.symc.symantec.com (Symantec Messaging Gateway) with SMTP id F7.86.04315.F15B9C85; Wed, 15 Mar 2017 21:41:51 +0000 (GMT)
Received: from tus3xchcaspin01.SYMC.SYMANTEC.COM (10.44.91.13) by tus3xchcaspin01.SYMC.SYMANTEC.COM (10.44.91.13) with Microsoft SMTP Server (TLS) id 15.0.1236.3; Wed, 15 Mar 2017 14:41:50 -0700
Received: from NAM02-CY1-obe.outbound.protection.outlook.com (10.44.128.9) by tus3xchcaspin01.SYMC.SYMANTEC.COM (10.44.91.13) with Microsoft SMTP Server (TLS) id 15.0.1236.3 via Frontend Transport; Wed, 15 Mar 2017 14:41:49 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=symc.onmicrosoft.com; s=selector1-symantec-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=qjHQ2Z31CoUlmye/jWFYVPcWh7iTT/Vk+ko0Ravr5pA=; b=CVrhoTeKVwRSIQXPzIyGIX/3J7dh/tUDf5BIVdj8vxD77dUrg6bEv1YWB8Bau/5IlhIHYxsAoaXvr5TMtpUefKIzGH0v62jbAfSCZBwknbanFofZLml/phGWUV9XOgyxbzjXPWDezmwGf80LkzG+5Gu0fyuZppCO5J6qLU0PmQw=
Received: from DM3PR16MB0554.namprd16.prod.outlook.com (10.164.245.138) by DM3PR16MB0554.namprd16.prod.outlook.com (10.164.245.138) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.977.11; Wed, 15 Mar 2017 21:41:48 +0000
Received: from DM3PR16MB0554.namprd16.prod.outlook.com ([10.164.245.138]) by DM3PR16MB0554.namprd16.prod.outlook.com ([10.164.245.138]) with mapi id 15.01.0977.010; Wed, 15 Mar 2017 21:41:48 +0000
From: Mingliang Pei <Mingliang_Pei@symantec.com>
To: "Wheeler, David M" <david.m.wheeler@intel.com>, "teep@ietf.org" <teep@ietf.org>
Thread-Topic: [Teep] BoF call Mar 15th 7am PST (3pm CET, 10pm CST)
Thread-Index: AQHSnZWt9ZSn/XlMHESjbbYmkOl/GaGVpjyAgACbqID//7d7AA==
Date: Wed, 15 Mar 2017 21:41:48 +0000
Message-ID: <D4EEFE71.30D07%mingliang_pei@symantec.com>
References: <BE9BF4AF-46B1-486F-8C1D-77E730998309@cisco.com> <D4EEBD32.30C6D%mingliang_pei@symantec.com> <0627F5240443D2498FAA65332EE46C84366D4380@CRSMSX102.amr.corp.intel.com>
In-Reply-To: <0627F5240443D2498FAA65332EE46C84366D4380@CRSMSX102.amr.corp.intel.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.7.0.161029
authentication-results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=symantec.com;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [155.64.23.3]
x-microsoft-exchange-diagnostics: 1; DM3PR16MB0554; 7:7FWkXjXYOWBPNhI9FWhU5Cbhyh4DjLYMQX0QUGIs4/3KnDLcMbIL4PdOgz+AuINoCAFYSxk8JSEhhhav8WS09SVxqOzl9DFcSCyC58z2Pglc//jTbQpAnYGCd00oIm9yIkZjJJyAlGurmggtsSy26xoR56MY5IUwMWmtZP8zBiYUWO4HpHseDd1ig0HM2ZztB9RFL/DCofijdumWRuOEv+QV/x3Mp8u655fd8HqptTVFVqcAPBRFeH4Ae0DahPgPMqQhlUhCjXKiEg+WDOT+jdWGVN2pfQL6wXNIiK7lcdrKLajdIZ1dqSKq2L8KTSsIio52C7nrXq4i2N7ZWJMiyg==
x-ms-office365-filtering-correlation-id: 9ed4d494-9524-473e-43ed-08d46bec15d6
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001);SRVR:DM3PR16MB0554;
x-microsoft-antispam-prvs: <DM3PR16MB05548476277972AC045464FBEC270@DM3PR16MB0554.namprd16.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(278428928389397)(192374486261705)(118321135141591)(94707916325470)(95692535739014)(198313997877955)(21748063052155)(228905959029699);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040375)(601004)(2401047)(5005006)(8121501046)(10201501046)(3002001)(6041248)(20161123560025)(20161123564025)(20161123562025)(20161123555025)(20161123558025)(6072148); SRVR:DM3PR16MB0554; BCL:0; PCL:0; RULEID:; SRVR:DM3PR16MB0554;
x-forefront-prvs: 02475B2A01
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39450400003)(377454003)(45984002)(86362001)(2906002)(54356999)(54896002)(6486002)(4001350100001)(53946003)(66066001)(77096006)(50986999)(3846002)(76176999)(6512007)(102836003)(236005)(6306002)(6116002)(6506006)(790700001)(53936002)(6436002)(99286003)(25786008)(551544002)(606005)(80792005)(8676002)(81166006)(15187005004)(38730400002)(6246003)(16799955002)(7906003)(229853002)(122556002)(3280700002)(36756003)(7736002)(2950100002)(3660700001)(53546007)(2501003)(5660300001)(189998001)(2900100001)(10290500002)(8936002)(83506001); DIR:OUT; SFP:1101; SCL:1; SRVR:DM3PR16MB0554; H:DM3PR16MB0554.namprd16.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_D4EEFE7130D07mingliangpeisymanteccom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Mar 2017 21:41:48.6556 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 3b217a9b-6c58-428b-b022-5ad741ce2016
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM3PR16MB0554
X-OriginatorOrg: symantec.com
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrKKsWRmVeSWpSXmKPExsXCFeXNrCu/9WSEwZTjahZNF0+xWSz9843Z gcljyZKfTB6L97xkCmCK4rJJSc3JLEst0rdL4MpYuv4Qe8GvO0wVv2c0szcwPtjC1MXIySEh YCJxdeUV5i5GLg4hgY+MEt+v/WOFSaw8/pcRIvGdUeLTjLXsEM4xRon2e01QzktGiY+3e1hB HBaBTmaJ1/NaoYbNYJKYcvU5C4RzglHixO6nQBkODjYBA4kLd/JATBGBUImdH7hB9gkLOErM +7kG7CgRASeJ+Q+vs8DYK7f2s4HYLAKqEm8nHwGL8wqYS9zrmsUOYgsJbGGUuPfTAMTmFAiR aN7QA1bPKCAm8f0UxExmAXGJW0/mQz0tILFkz3lmCFtU4uVjiJ9FBfQkZk9pAPuMUaAX6M0d F9kginQkzl5/wghhy0ucvd0I9peEQA+zxL5151ggEr4SO5tms8LY9zr3QcWzJY7/ucAG0bCe UeLl6+mMEM4sJom52zrZJjDqzUJyIoQdIzFx2gnmWWCvCkqcnPmEBSJuIPH+3HxmCFtbYtnC 11C2vsTGL2cZIWwPiSeHNjMhq1nAyLGKUSGxOKk4tyS/tCSxINXAUK+4MjcZRCQCk1ayXnJ+ 7iZGcOL6IbmD8cgJn0OMAhyMSjy8qqtPRgixJpYBVR5ilOBgVhLhzV8FFOJNSaysSi3Kjy8q zUktPsQozcGiJM777tnaCCGB9MSS1OzU1ILUIpgsEwenVAOjNu9U7fOMmmd+1Yq/uCT210q+ eC7rjdggUd5rnzTdPU8Xzpx3KnOTz++dCc9qTaLnPThhI/jaqeP/3r+7zxw5tu/y1IKpibpv vzG8cEz8eOa66YFFXhOLl77p2rbiye7j6Sue1isfC0vpfuq1bW7xVmPzlWZpnoH5B1a++555 t+5uFXe/7fF3YkosxRmJhlrMRcWJAAuOnPJYAwAA
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrFKsWRmVeSWpSXmKPExsXCFeXNriu/9WSEwc8FshZNF0+xWSz9843Z gcljyZKfTB6L97xkCmCK4rJJSc3JLEst0rdL4MpYuv4Qe8GvO0wVv2c0szcwPtjC1MXIySEh YCKx8vhfxi5GLg4hge+MEp9mrGWHcI4xSrTfa4JyXjJKfLzdwwrisAh0Mku8ntfKDJGZwSQx 5epzFgjnBKPEid1PgTIcHGwCBhIX7uSBmCICoRI7P3CD7BMWcJSY93MN2G4RASeJ+Q+vs8DY K7f2s4HYLAKqEm8nHwGL8wqYS9zrmsUOYgsJbGGUuPfTAMTmFAiRaN7QA1bPKCAm8f0UxExm AXGJW0/mQ/0mILFkz3lmCFtU4uXjf6wgtqiAnsTsKQ1gnzEK9AK9ueMiG0SRjsTZ608YIWx5 ibO3G8H+khDoYZbYt+4cC0TCV2Jn02xWGPte5z6oeLbE8T8X2CAa1jNKvHw9nRHCmcUkMXdb J9QKGYm/d66wQiR2sEosOPSBbQKj1iwkt0PYMRITp51gngUOA0GJkzOfsEDEDSTen5vPDGFr Syxb+BrK1pfY+OUsI4TtIfHk0GYmZDULGDlWMSokFicV55bkliQmFmQaGOoVV+Ymg4hEYNJK 1kvOz93ECE5cv8V2MB7443OIUYCDUYmHNyHvZIQQa2IZUOUhRmkOFiVx3huGmyKEBNITS1Kz U1MLUovii0pzUosPMTJxcEo1MJ4Pv9lh7vVvcrNk8iQHN7ZTHu6nnr/dsOU7Q+xcI+vipn2b 3VuZVQ1FjvxZ2SDrdsvNRHq39w9Tkw6xfWbi2dvcd2ZIKViZXr46cbtW/YFvjYYrHLvauCsZ 73LO+NxgFjLPO1tnR+BhXbmoiWtrpNNr92fzzgqP+57zpKnuS+yuB5/eWrWsVWIpzkg01GIu Kk4EAAD6sCw9AwAA
X-CFilter-Loop: ASB02
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/01FKCGNNWhLDtLwOwYFtoWozAz8>
Subject: Re: [Teep] BoF call Mar 15th 7am PST (3pm CET, 10pm CST)
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Mar 2017 21:41:59 -0000

Hi Dave,

Thank you very much for your clarification. It is great to have your precise elaboration :) I see the subtle difference you meant here. The root of trust should be detached from secure boot, allowing certain flexibility for different TEE models. We should and will consider this good point in the spec update. Thank you again for helping on the view point.

Ming

From: TEEP <teep-bounces@ietf.org<mailto:teep-bounces@ietf.org>> on behalf of "Wheeler, David M" <david.m.wheeler@intel.com<mailto:david.m.wheeler@intel.com>>
Date: Wednesday, March 15, 2017 at 12:14 PM
To: "teep@ietf.org<mailto:teep@ietf.org>" <teep@ietf.org<mailto:teep@ietf.org>>
Subject: Re: [Teep] BoF call Mar 15th 7am PST (3pm CET, 10pm CST)

Mingliang,
Thanks for taking the notes. It is so hard to do so while also participating in the conversation.
I have a correction to the minutes for the statement:
> Dave from Intel indicated that SGX won’t have a root of trust at firmware level. Current OTrP > > assumes a trust from firmware to above. We will need to adjust on this as part of the IETF work.

Apologies for not being clear. SGX does in fact have attestation root in the Silicon/Hardware. At some level one would attest to the microcode on the CPU.
However, the OTrP specification ties attestation to the Secure Boot firmware of the device. This is very specific, and very different from SGX (and other TEEs).

See definition “Secure Boot Module” (SBM) page 7, section 3.1

In TrustZone, it is important that the boot of the device be trusted so that the security monitor and (if there is one) the RTOS in the security world, is trusted. This trust is established during boot of the device, and such trust in the TEE is inextricably linked to the boot of the device. This is perfectly fine. Intel has some hypervisor TEEs that work in exactly the same way.

However, this is not the only way a TEE can be established, and there are different trusted execution environments that are not burdened with trust linked to the boot of the device. The definition of trusted firmware and the root of trust being linked to the secure boot of the device is implementation-specific, and should be changed. We need a broader definition of root-of-trust.

Thanks for allowing me to better explain my position.

Dave Wheeler

From: TEEP [mailto:teep-bounces@ietf.org] On Behalf Of Mingliang Pei
Sent: Wednesday, March 15, 2017 9:44 AM
To: Nancy Cam-Winget (ncamwing) <ncamwing@cisco.com<mailto:ncamwing@cisco.com>>; teep@ietf.org<mailto:teep@ietf.org>
Subject: Re: [Teep] BoF call Mar 15th 7am PST (3pm CET, 10pm CST)

Meeting minutes for today’s call. Please correct or update if I have missed some major points. Thanks, Ming

————

TEEP meeting
03/14/2017

Participants: Nancy Cam-Winget, Kathleen Moriarty, Brian Witten, Dave Wheeler, Nick Cook, Mingliang Pei, Rashid Sangi, Tero Kivinen, Jeremy O’Donoghue, Tirumaleswar Reddy, Dapeng Liu, Michael Richardson

Nancy hosted the meeting. Ming started to give a summary of use cases and comments by Michael in the mailing list.

Michael clarified that he wants to know why a smart door lock needs this where only a trusted environment is there. We (Brian, Hannes, Ming etc.) discussed that there are still needs to define trust where application injects TA from insecure side, being network, remote, or update.

The discussion indicates that we need to better see what the problem the charter tries to solve, who are stakeholders etc.

Dave suggested that we don’t put use cases too close to implementation. Some resource constraint devices don’t have full TEE.

Jeremy noted that some audiences don’t all know TEE. Hannes will introduce TEE in the BoF. To this note, Hannes prefers someone from Intel to introduce Intel SGX.

Nancy summarized two asks so far: introduction of TEE to set stage, and secondly show why the work needs to be done in IETF.

Nancy raised a personal view that we shouldn’t prescribe hardware architecture, and even there must be a hardware required to isolate. Some research has been using SW for isolation. People agree that this should be independent of hardware, ARM or Intel (SGX). On the requirement of hardware, this is generally considered yet – some isolation done by hardware and scope of assumption. We don’t want to get into a research project for the IETF work.

Dave from Intel indicated that SGX won’t have a root of trust at firmware level. Current OTrP assumes a trust from firmware to above. We will need to adjust on this as part of the IETF work.

Ming noted that we should work to define the scope of the spec this charter tries to address. We cannot leave it too open to solve everything. The current assumption of TEE presence is one. The assumption of hardware presence is one. Multiple different TEEs support and hardware independence are basic in scope assumption etc.

Jeremy raised a need to ensure specific interests should be guarded away from this work, and some kind of gate keeper (?). Brian commented to fully concur, and our work wants multiple TEEs, CAs etc. for competition and development. This doesn’t fully address Jeremy’s question, and we can think more.

Nick suggested that we also name sample applications that may make use the work while describing use cases.

To summarize, we came away with the following several planning work for BoF session candidates:


-        Clarify charter statement during BoF. From the call, not all people agree or have the same background with TEE, SGX and so on.

-        Introduction of TEE (Hannes, Dave on Intel SGX). A colleague of Dave will be attending BoF. Dave may join remotely.

-        Drive to define problem scope.

-        Discuss use cases that are in scope and those may be not

o   Discuss applications that may make use of the work of this charter, which can provide more concrete context.

-        Discuss stakeholders and protocol architecture

Action items:

-        Dave Wheeler from Intel provides SGX introduction slide, and prepare to present at BoF by his colleague, and him remotely

-        Discuss in mailing list to clarify charter and problem domain scope, use cases.

-        Discuss offline to clarify concerns Jeremy raised for openness / gate keepers (?)


From: TEEP <teep-bounces@ietf.org<mailto:teep-bounces@ietf.org>> on behalf of "Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com<mailto:ncamwing@cisco.com>>
Date: Wednesday, March 15, 2017 at 7:08 AM
To: "teep@ietf.org<mailto:teep@ietf.org>" <teep@ietf.org<mailto:teep@ietf.org>>
Subject: Re: [Teep] BoF call Mar 15th 7am PST (3pm CET, 10pm CST)

All,

We are about to start the BoF now….please join the webex if you want to participate.

Thanks!  Nancy

From: TEEP <teep-bounces@ietf.org<mailto:teep-bounces@ietf.org>> on behalf of "ncamwing@cisco.com<mailto:ncamwing@cisco.com>" <ncamwing@cisco.com<mailto:ncamwing@cisco.com>>
Date: Saturday, March 11, 2017 at 5:10 PM
To: "teep@ietf.org<mailto:teep@ietf.org>" <teep@ietf.org<mailto:teep@ietf.org>>
Subject: [Teep] BoF call Mar 15th 7am PST (3pm CET, 10pm CST)

All,
We had a good majority for Mar 15th 7am PST (3pm CET, 10pm CST);  I’ve setup a webex for that time slot
Please see info below.

Please send us agenda items for the upcoming call.

Thanks, Nancy



JOIN WEBEX MEETING
https://cisco.webex.com/ciscosales/j.php?MTID=me9216d73c5905ad78110499a8c7c12bf
Meeting number (access code): 207 779 570
Meeting password: KEQ52p3W (53752739 from phones)



JOIN FROM A VIDEO SYSTEM OR APPLICATION
Dial sip:207779570@cisco.webex.com<mailto:207779570@cisco.webex.com>
>From the Cisco internal network, dial *267* and the 9-digit meeting number.  If you are the host, enter your PIN when prompted.


JOIN BY PHONE
+1-408-525-6800 Call-in toll number (US/Canada)
+1-866-432-9903 Call-in toll-free number (US/Canada)

Global call-in numbers:
https://cisco.webex.com/ciscosales/globalcallin.php?serviceType=MC&ED=379001592&tollFree=1

Toll-free dialing restrictions:
https://www.webex.com/pdf/tollfree_restrictions.pdf



Can't join the meeting?
https://help.webex.com/docs/DOC-5412


IMPORTANT NOTICE: Please note that this WebEx service allows audio and other information sent during the session to be recorded, which may be discoverable in a legal matter. By joining this session, you automatically consent to such recordings. If you do not consent to being recorded, discuss your concerns with the host or do not join the session.

v2.23.0 | Report a Bug | By Email