IETF Logo Mail Archive

Re: [Teep] Comments on I-D Action: draft-ietf-teep-architecture-00.txt

"faibish, sorin" <Faibish.Sorin@dell.com> Sat, 07 July 2018 14:54 UTC

Return-Path: <Faibish.Sorin@dell.com>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 95709130E4F for <teep@ietfa.amsl.com>; Sat, 7 Jul 2018 07:54:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.711
X-Spam-Level:
X-Spam-Status: No, score=-2.711 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=dell.com header.b=PbR2vE78; dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=emc.com header.b=kjBDDSmK
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MwDSkAdcNi9q for <teep@ietfa.amsl.com>; Sat, 7 Jul 2018 07:54:46 -0700 (PDT)
Received: from esa2.dell-outbound.iphmx.com (esa2.dell-outbound.iphmx.com [68.232.149.220]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C34681277BB for <teep@ietf.org>; Sat, 7 Jul 2018 07:54:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=dell.com; i=@dell.com; q=dns/txt; s=smtpout; t=1530975285; x=1562511285; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=tBt0cGfyHxwA0Qk+18m6q4vXHZTeGyb/OBd6eXHGBTw=; b=PbR2vE78mo/JqxrkgR9l69eMuwqAyi/IPnoKNH3iLouF2sz5SjxIhvm4 tdd1SFizyhTwoNch7R8G23XZpTqQASY/Itw8GXgEJ0lbeeS7ri6DP/2KR ZgX3IQqiMX0JF7LceuneCC0YyTJL6kHX7TGD6UVdlbrs5FlqLIqGJTcbj c=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A2EEAQAn00BbmGKa6ERcHAEBAQQBAQoBAYJ1JgR+Dn8oCpgogSJllUaBKxchAwsYCwuBA0YXgl4Cgi4hOBQBAgEBAgEBAgEBAhABAQEBAQgLCwYpIwyCNSQBDg4hAgICFi8IAQUBAQEBAQEBAQEjAQEBAQEBAQEBAQEBAQEBAQEBARcCDwoOHAESAQEYAQEBAQIBAQEYJgklAgIIBAcCAgIBCBEBAwEBAQodBxYRCxQDBggCBAESCBKDAQQBAYFnAw0IAQ6rVoJ4hBoDgTiBMggFhjSBBSZtHYFWP4EOAYMPgxgBAQIBF4ETARIBCQIHDwUfBgyCeoIkh0slhR+MQgcCAoYGgmSCd4UDHiWDS4gNh32CO4RLgmYCBAIEBQIUgVgvVHFwLyGCaQmCGw4JegECgkiFFIU+bwEBAQmNSwENFweBATBqAQE
X-IPAS-Result: A2EEAQAn00BbmGKa6ERcHAEBAQQBAQoBAYJ1JgR+Dn8oCpgogSJllUaBKxchAwsYCwuBA0YXgl4Cgi4hOBQBAgEBAgEBAgEBAhABAQEBAQgLCwYpIwyCNSQBDg4hAgICFi8IAQUBAQEBAQEBAQEjAQEBAQEBAQEBAQEBAQEBAQEBARcCDwoOHAESAQEYAQEBAQIBAQEYJgklAgIIBAcCAgIBCBEBAwEBAQodBxYRCxQDBggCBAESCBKDAQQBAYFnAw0IAQ6rVoJ4hBoDgTiBMggFhjSBBSZtHYFWP4EOAYMPgxgBAQIBF4ETARIBCQIHDwUfBgyCeoIkh0slhR+MQgcCAoYGgmSCd4UDHiWDS4gNh32CO4RLgmYCBAIEBQIUgVgvVHFwLyGCaQmCGw4JegECgkiFFIU+bwEBAQmNSwENFweBATBqAQE
Received: from esa4.dell-outbound2.iphmx.com ([68.232.154.98]) by esa2.dell-outbound.iphmx.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 07 Jul 2018 09:54:43 -0500
From: "faibish, sorin" <Faibish.Sorin@dell.com>
Received: from mailuogwdur.emc.com ([128.221.224.79]) by esa4.dell-outbound2.iphmx.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 07 Jul 2018 20:54:42 +0600
Received: from maildlpprd52.lss.emc.com (maildlpprd52.lss.emc.com [10.106.48.156]) by mailuogwprd52.lss.emc.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.0) with ESMTP id w67Esd8Z030033 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Sat, 7 Jul 2018 10:54:39 -0400
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd52.lss.emc.com w67Esd8Z030033
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=emc.com; s=jan2013; t=1530975281; bh=guUbEYdbveJ5aXUt3xeYneUtnHA=; h=From:To:Subject:Date:Message-ID:References:In-Reply-To: Content-Type:Content-Transfer-Encoding:MIME-Version; b=kjBDDSmKAblc+5fvbG0WdOFTwHx5P4t7cGY9eBvH62BOjRcfv45879lzjQqSeXkAM y4nFwKvnm9b1kMZY8feILWaTOkC0fGWdXDixH5sMx5Hqe2bXSFsusjuhmsMrPeYrbo 3q9MCDKccTNsNQ8c+yLbTRV/HiE+L/s9CbA1OZ0c=
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd52.lss.emc.com w67Esd8Z030033
Received: from mailusrhubprd01.lss.emc.com (mailusrhubprd01.lss.emc.com [10.253.24.19]) by maildlpprd52.lss.emc.com (RSA Interceptor); Sat, 7 Jul 2018 10:54:05 -0400
Received: from MXHUB306.corp.emc.com (MXHUB306.corp.emc.com [10.146.3.32]) by mailusrhubprd01.lss.emc.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.0) with ESMTP id w67EsKZj021507 (version=TLSv1.2 cipher=AES128-SHA256 bits=128 verify=FAIL); Sat, 7 Jul 2018 10:54:21 -0400
Received: from MX304CL01.corp.emc.com ([fe80::2d21:ebf8:dc15:2b07]) by MXHUB306.corp.emc.com ([10.146.3.32]) with mapi id 14.03.0382.000; Sat, 7 Jul 2018 10:54:20 -0400
To: "Wheeler, David M" <david.m.wheeler@intel.com>, Henk Birkholz <henk.birkholz@sit.fraunhofer.de>, Dave Thaler <dthaler=40microsoft.com@dmarc.ietf.org>, Hannes Tschofenig <Hannes.Tschofenig@arm.com>, Andrew Atyeo <Andrew.Atyeo@intercede.com>, "'Wiseman, Monty (GE Global Research, US)'" <monty.wiseman@ge.com>, "teep@ietf.org" <teep@ietf.org>
Thread-Topic: [Teep] Comments on I-D Action: draft-ietf-teep-architecture-00.txt
Thread-Index: AdQUl6anjuGXP1amTk2tMyFIInlwdwAAFmrwAAjHMQAAAYsuAAAZPGaAAAWyYAAABtRbgAABN7uAAAFBuAAAJ2JPMA==
Date: Sat, 07 Jul 2018 14:54:19 +0000
Message-ID: <2313358402DBCC4DB2F2DC03CB08BBFE0128C3FA@MX304CL01.corp.emc.com>
References: <0627F5240443D2498FAA65332EE46C843B66A086@CRSMSX102.amr.corp.intel.com> <VI1PR0801MB211222B3C051193B9594F747FA400@VI1PR0801MB2112.eurprd08.prod.outlook.com> <0627F5240443D2498FAA65332EE46C843B66A0C5@CRSMSX102.amr.corp.intel.com> <DM5PR2101MB08052F44EAA3331CE6DB3324A3400@DM5PR2101MB0805.namprd21.prod.outlook.com> <HE1PR06MB3147C0F424CE98CA7F3AE12795470@HE1PR06MB3147.eurprd06.prod.outlook.com> <VI1PR0801MB2112AD0899D6B23E0942E927FA470@VI1PR0801MB2112.eurprd08.prod.outlook.com> <DM5PR2101MB0805340C8B626F36956ABC87A3470@DM5PR2101MB0805.namprd21.prod.outlook.com> <c68a65af-c9e4-a1b7-e3c5-55248037d0a3@sit.fraunhofer.de> <0627F5240443D2498FAA65332EE46C843B66B434@CRSMSX102.amr.corp.intel.com>
In-Reply-To: <0627F5240443D2498FAA65332EE46C843B66B434@CRSMSX102.amr.corp.intel.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.97.20.125]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Sentrion-Hostname: mailusrhubprd01.lss.emc.com
X-RSA-Classifications: public
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/2lRsKXUd82_-o2WN-PaDE3qk0kg>
Subject: Re: [Teep] Comments on I-D Action: draft-ietf-teep-architecture-00.txt
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Jul 2018 14:54:51 -0000

Hannes,

After reviewing the definitions again I realized that the 2 definitions of RTC and TA - trust anchors are representing to different functions. Same as Dave I would like to see what definition and usage were intented by the draft as well as the specific use in the protocol of each definition in order to clarify the similarities/differences between the 2 definitions.

On another note, while reviewing the draft, I was wondering if it shouldn't also define the minimum OS requirements for IoT devices which will allow the implementation of the trusted protocols. I was looking at several types of IoT used in the industry and I came up to this list including:
      No-OS, RT-OS, language-runtime OS, full-OS, application-OS, server OS and container OS.  

According to some publications the minimum OS requirements to support the security of IoT devices is Language-runtime OS that according to the sources is capable of TFW upgrades and implementation of full security of TEE. My recommendation is to add such a definition/requirements for IoT TA. 

./Sorin

-----Original Message-----
From: TEEP [mailto:teep-bounces@ietf.org] On Behalf Of Wheeler, David M
Sent: Friday, July 6, 2018 11:48 AM
To: Henk Birkholz; Dave Thaler; Hannes Tschofenig; Andrew Atyeo; 'Wiseman, Monty (GE Global Research, US)'; teep@ietf.org
Subject: Re: [Teep] Comments on I-D Action: draft-ietf-teep-architecture-00.txt

Henk,
I quickly reviewed the NIST document, and did not find a
	RTC - Root of Trust for Confidentiality

Can you provide a reference and a short definition?
Thanks,
Dave Wheeler

-----Original Message-----
From: Henk Birkholz [mailto:henk.birkholz@sit.fraunhofer.de]
Sent: Friday, July 6, 2018 8:12 AM
To: Dave Thaler <dthaler=40microsoft.com@dmarc.ietf.org>; Hannes Tschofenig <Hannes.Tschofenig@arm.com>; Andrew Atyeo <Andrew.Atyeo@intercede.com>; Wheeler, David M <david.m.wheeler@intel.com>; 'Wiseman, Monty (GE Global Research, US)' <monty.wiseman@ge.com>; teep@ietf.org
Subject: Re: [Teep] Comments on I-D Action: draft-ietf-teep-architecture-00..txt

Hi all,

the TCG's definition of RoT is:

> A component that performs one or more security specific functions, such as measurement, storage, reporting, verification, and/or update. It is trusted always to behave in the expected manner, because its misbehavior cannot be detected (such as by measurement) under normal operation.

This term is disconnected from the quality of being "securely stored". 
The TCG defines Shielded Location:

> A place (memory, register, etc.) where it is safe to operate on sensitive data; data locations that can be accessed only by Protected Capabilities.

Trust Anchor is defined by RFC494 already (and therefore difficult to redefine, I think):

> An established point of trust (usually based on the authority of some person, office, or organization) from which a certificate user begins the validation of a certification path.

Corresponding to the definition above, in the TCG context it is also common to define these "favors" of RoT:

> RTC - Root of Trust for Confidentiality RTI - Root of Trust for 
> Integrity RTM - Root of Trust for Measurement RTR - Root of Trust for 
> Reporting RTS - Root of Trust for Storage RTV - Root of Trust for 
> Verification

Maybe it can be of use to define a "flavor" here also? Arbitrary use of one single shielded secret for multiple uses might enable a variety of attack vectors.


Viele Grüße,

Henk




On 07/06/2018 04:37 PM, Dave Thaler wrote:
> [speaking as an individual participant]
> 
> The WG charter says "The group will maintain a close relationship with 
> the . Trusted Computing Group, and other relevant standards groups..."
> and I think part of that is to use consistent terminology.  Hence my 
> recommendation that David Wheeler already incorporated into his 
> proposed text.  (Thanks David)
> 
> Dave
> 
> *From:* Hannes Tschofenig <Hannes.Tschofenig@arm.com>
> *Sent:* Friday, July 6, 2018 4:22 AM
> *To:* Andrew Atyeo <Andrew.Atyeo@intercede.com>; Dave Thaler 
> <dthaler@microsoft.com>; Wheeler, David M <david.m.wheeler@intel.com>; 
> teep@ietf.org
> *Subject:* RE: [Teep] Comments on I-D Action: 
> draft-ietf-teep-architecture-00.txt
> 
> The problem is only that "root of trust" is not a well defined term in 
> the IETF, at least as far as I know. Trust anchor, on the other hand, 
> is well defined.
> 
> The definition currently in the document for root of trust seems to be 
> similar to trust anchor. However, I agree with both Andy and with 
> David that we need to find out whether we want to point out certain 
> usages of the key (such as for the purpose of the attestation).
> Whether this justifies the introduction of another term is yet another 
> discussion
> 
> Ciao
> 
> Hannes
> 
> *From:*Andrew Atyeo [mailto:Andrew.Atyeo@intercede.com]
> *Sent:* 06 July 2018 10:38
> *To:* Dave Thaler; Wheeler, David M; Hannes Tschofenig; teep@ietf.org 
> <mailto:teep@ietf.org>
> *Subject:* RE: [Teep] Comments on I-D Action: 
> draft-ietf-teep-architecture-00.txt
> 
> In OTrP, I believe "root of trust" and "trust anchor" are currently 
> referring to 2 different things in the OTrP spec.
> 
> ·*Root of trust*
> 
> Excerpt from OTrP: "This specification assumes that an applicable 
> device is equipped with
> 
>     a TEE and is pre-provisioned with a device-unique public/private 
> key
> 
>     pair, which is securely stored.  This key pair is referred as the
> 
>     'root of trust'.  An entity that uses such a device to run Trusted
> 
>     Applications (TAs) is known as a Service Provider (SP)."
> 
> Here, "Root of Trust" must be talking about either the TEE/TFW private 
> key, so "root of trust" is referring to the process of secure boot 
> that results in a TAM being able to use a signature from this key to 
> know whether to trust the TEE
> 
> ·*Trust Anchor*
> 
> There is a problem this refers to 2 completely different concepts:
> 
> "Setup trust anchors in devices
> 
>     1.  [TFW/TEE] Store the key and certificate encrypted with the 
> eFuse
> 
>         key
> 
>     2.  [TEE vendor or OEM] Store trusted CA certificate list into
> 
>         devices"
> 
> Here, "Trust Anchor" is referring to both the TFW private key and the 
> TAM CA root certificate store
> 
> BUT later on in the spec:
> 
> "The root CA certificates for a TAM, which are
> 
> embedded into the trust anchor store in a device, should have long
> 
> lifetimes that don't require device trust anchor update."
> 
> And
> 
> "Trust Anchor: A root certificate that can be used to validate its
> 
> children certificates. It is usually embedded in a device or
> 
> configured by a TAM for validating the trust of a remote entity's
> 
> certificate."
> 
> Here, "Trust Anchor" refers to the TAM root CA whitelist that is 
> embedded in the TEE in order to allow the TEE to chain TAM 
> certificates to the root CA certs (to determine what certs to trust)
> 
> .So it is best if we can remove the term "trust anchor" wherever it 
> refers to the concept of root CA certs, and refer to "TAM root CA 
> certificate store" (or something like that)
> 
> , and for everywhere else that uses "trust anchor" to refer to the 
> concept of secureboot/attestation etc, we need to settle on some other 
> term. In some cases
> 
> e.g. "pair, which is securely stored in the TEE. This key pair is 
> referred to as the 'root of trust'."
> 
> we can simply refer to the TFW key (since in places 'root of trust' is 
> used to describe the TFW key).
> 
> Andrew Atyeo
> 
> Security Architect
> 
> Intercede
> 
> Digital trust    people | devices | apps
> 
> Office: +44 (0) 1455 558 111
> 
> www.intercede.com <http://www.intercede.com>
> 
> -----Original Message-----
> From: TEEP [mailto:teep-bounces@ietf.org] On Behalf Of Dave Thaler
> Sent: 05 July 2018 21:36
> To: Wheeler, David M <david..m.wheeler@intel.com 
> <mailto:david.m.wheeler@intel.com>>; Hannes Tschofenig 
> <Hannes.Tschofenig@arm.com <mailto:Hannes.Tschofenig@arm.com>>;
> teep@ietf.org <mailto:teep@ietf.org>
> Subject: Re: [Teep] Comments on I-D Action: 
> draft-ietf-teep-architecture-00...txt
> 
> [speaking as an individual]
> 
> As David says, there's more than one type of "Root-of-Trust" aka 
> "trust anchor".
> 
> There are industry terms of art for the different types.
> 
> One example article that gives a decent summary is 
> https://healthitsecurity.com/news/nist-roots-of-trust-for-healthcare-m
> obile-devices
> <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fheal
> thitsecurity.com%2Fnews%2Fnist-roots-of-trust-for-healthcare-mobile-de
> vices&data=02%7C01%7Cdthaler%40microsoft.com%7Ca9986e033e9a4df8bb3608d
> 5e332b1a0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636664729240700
> 830&sdata=nWEwUiwplWo%2F2ikoHBR6mg6s3vI7vKr0YywPjl8Nuz4%3D&reserved=0>
> 
> In particular, the industry terms (from NIST SP 800-164, potentially 
> among others) are:
> 
> Roof of Trust for Storage (RTS)
> 
> Root of Trust for Verification (RTV)
> 
> Root of Trust for Integrity (RTI)
> 
> Root of Trust for Reporting (RTR)
> 
> Root of Trust for Measurement (RTM)
> 
> I would recommend using the above terms and not using "trust anchor" 
> or the unqualified "root of trust" term.
> 
> Dave
> 
> -----Original Message-----
> 
> From: TEEP <teep-bounces@ietf.org <mailto:teep-bounces@ietf.org>> On 
> Behalf Of Wheeler, David M
> 
> Sent: Thursday, July 5, 2018 12:52 PM
> 
> To: Hannes Tschofenig <Hannes.Tschofenig@arm.com 
> <mailto:Hannes.Tschofenig@arm.com>>; teep@ietf.org 
> <mailto:teep@ietf.org>
> 
> Subject: Re: [Teep] Comments on I-D Action: 
> draft-ietf-teep-architecture-00.txt
> 
> Hannes,
> 
> If that is the case (trust root and trust anchors are the same), then 
> I have a concern regarding crypto separation.
> 
> In one definition the Trust Anchor signs certificates, in the other 
> definition a Root-of-Trust signs attestations.
> 
> If these are in fact the same key, then they are being used for two 
> different functions, which is not recommended for cryptographic keys.
> 
> Further, it seems to me (though I may be misunderstanding the intended 
> function), the private key of the Trust Anchor resides outside the 
> device, in a separate entity, like a CA or a TAM.
> 
> However, the private key of a Root-of-Trust resides in the TEE (or is 
> accessible only to the TEE).
> 
> Can you pick apart my understanding of the two definitions of keys, 
> and help me understand where I got thrown off?
> 
> Thanks,
> 
> Dave Wheeler
> 
> -----Original Message-----
> 
> From: Hannes Tschofenig [mailto:Hannes.Tschofenig@arm.com 
> <mailto:Hannes..Tschofenig@arm.com>]
> 
> Sent: Thursday, July 5, 2018 12:41 PM
> 
> To: Wheeler, David M <david.m.wheeler@intel.com 
> <mailto:david.m.wheeler@intel.com>>; teep@ietf.org 
> <mailto:teep@ietf.org>
> 
> Subject: RE: [Teep] Comments on I-D Action: 
> draft-ietf-teep-architecture-00.txt
> 
> Just a quick remark: IMHO root of trust and trust anchor are the same 
> thing. I believe we should update the text to only talk about trust 
> anchors and forget the root of trust terminology.
> 
> -----Original Message-----
> 
> From: TEEP [mailto:teep-bounces@ietf.org] On Behalf Of Wheeler, David 
> M
> 
> Sent: 05 July 2018 21:38
> 
> To: teep@ietf.org <mailto:teep@ietf.org>
> 
> Subject: [Teep] Comments on I-D Action: 
> draft-ietf-teep-architecture-00.txt
> 
> I have several comments on the new architecture draft.
> 
> The first comment has to do with the definition of the "Trust Anchor" 
> (page 4)
> 
> The definition states:
> 
> Trust Anchor: A root certificate that can be used to validate its
> 
>                              certificates. It is usually embedded in a 
> device or
> 
>                              configured by a TAM for validating the 
> trust of a remote entity's
> 
>                              certificate.
> 
> Then later in section 3 (page 6)
> 
> This specification assumes that an applicable device is equipped with 
> one or more TEEs and each TEE is pre-provisioned with a device-unique 
> public/private key pair, which is securely stored. This key pair is 
> referred to as the 'root of trust' for remote attestation of the 
> associated TEE in a device by an TAM.
> 
> It is not clear whether the "Trust Anchor" is the same as the 
> "root-of-trust" key pair, since the "root-of-trust" is not included in 
> the definitions..
> 
> If they are intended to be different (which is what I believe), then I 
> suggest we add the "root-of-trust" to the definitions, and explain the 
> difference. Oftentimes, in my experience, these terms are used 
> interchangeably.
> 
> Here is my attempt to create definitions for these two types of keys:
> 
> Trust Anchor: A trust anchor is public asymmetric key, preferably 
> contained in a certificate
> 
>                              that represents a trusted entity to a 
> device. This public key may be used by
> 
>                              the holder of the corresponding private 
> key to sign other certificates,
> 
>                              thereby communicating the signed 
> certificate may also be trusted.
> 
>                              The trust anchor is usually embedded in a 
> device or configured by a TAM
> 
>                               and used by the device to validate the 
> trust of a remote entity by
> 
>                              verifying that entity's certificate is 
> signed by a trust anchor.
> 
>                               Trust anchors must be stored in a way 
> that prevents or strongly resists
> 
>                               modification by unauthorized software 
> and hardware adversaries.
> 
>            An example of a trust anchor is the public key of a TAM or 
> SP which is
> 
>                            "pinned" or securely stored inside the 
> device, and that trust anchor is used
> 
>                              like a CA certificate to validate the 
> trust in other keys/certificates.
> 
>                             A trust anchor may be viewed by both 
> trusted and untrusted entities on the device,
> 
>                            But may only be modified or deleted by a 
> trusted entity.
> 
> Root-of-Trust Key:  A device-unique key generated at device 
> manufacturing or at
> 
>                              TEE provisioning, which is securely 
> stored and only accessible to the TEE.
> 
>                              The Root-of-Trust Key is used for 
> attestation signing which proves the signed
> 
>                              message originated or was approved by the 
> TEE, and may be trusted to the same
> 
>                             degree as the TEE.
> 
> -----Original Message-----
> 
> From: TEEP [mailto:teep-bounces@ietf.org] On Behalf Of 
> internet-drafts@ietf.org <mailto:internet-drafts@ietf.org>
> 
> Sent: Wednesday, July 4, 2018 7:49 AM
> 
> To: i-d-announce@ietf.org <mailto:i-d-announce@ietf.org>
> 
> Cc: teep@ietf.org <mailto:teep@ietf.org>
> 
> Subject: [Teep] I-D Action: draft-ietf-teep-architecture-00.txt
> 
> A New Internet-Draft is available from the on-line Internet-Drafts 
> directories.
> 
> This draft is a work item of the Trusted Execution Environment 
> Provisioning WG of the IETF.
> 
>          Title           : Trusted Execution Environment Provisioning
> (TEEP) Architecture
> 
>          Authors         : Mingliang Pei
> 
>                            Hannes Tschofenig
> 
>                            Andrew Atyeo
> 
>                            Dapeng
> 
> Filename        : draft-ietf-teep-architecture-00.txt
> 
> Pages           : 24
> 
> Date            : 2018-07-02
> 
> Abstract:
> 
>     A Trusted Execution Environment (TEE) was designed to provide a
> 
>     hardware-isolation mechanism to separate a regular operating 
> system
> 
>     from security- sensitive applications.
> 
>     This architecture document motivates the design and 
> standardization
> 
>     of a protocol for managing the lifecyle of trusted applications
> 
>     running inside a TEE.
> 
> The IETF datatracker status page for this draft is:
> 
> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatat
> racker.ietf.org%2Fdoc%2Fdraft-ietf-teep-architecture%2F&amp;data=02%7C
> 01%7Cdthaler%40microsoft.com%7C96a47856ba6549e9926f08d5e2b0c5fc%7C72f9
> 88bf86f141af91ab2d7cd011db47%7C1%7C0%7C636664171223541902&amp;sdata=XB
> uTlsiV5OjkxkcqULdsmroTnWRZqApH3fBokJGvkTE%3D&amp;reserved=0
> <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdata
> tracker.ietf.org%2Fdoc%2Fdraft-ietf-teep-architecture%2F&data=02%7C01%
> 7Cdthaler%40microsoft.com%7Ca9986e033e9a4df8bb3608d5e332b1a0%7C72f988b
> f86f141af91ab2d7cd011db47%7C1%7C0%7C636664729240700830&sdata=QgHpEQ6cq
> PzjNSNAXlOBVJfmbHzpDogVNJNpWI6uPzg%3D&reserved=0>
> 
> There are also htmlized versions available at:
> 
> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools
> .ietf.org%2Fhtml%2Fdraft-ietf-teep-architecture-00&amp;data=02%7C01%7C
> dthaler%40microsoft.com%7C96a47856ba6549e9926f08d5e2b0c5fc%7C72f988bf8
> 6f141af91ab2d7cd011db47%7C1%7C0%7C636664171223541902&amp;sdata=heO1xlx
> frVZyyzYziQy8V2P0vxiEbTVSF8sFdNaw8sc%3D&amp;reserved=0
> <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftool
> s.ietf.org%2Fhtml%2Fdraft-ietf-teep-architecture-00&data=02%7C01%7Cdth
> aler%40microsoft.com%7Ca9986e033e9a4df8bb3608d5e332b1a0%7C72f988bf86f1
> 41af91ab2d7cd011db47%7C1%7C0%7C636664729240710835&sdata=yLbkguKNpWobGS
> QbfCI3XTLaLJPHO5pX7y0uzM5aQpI%3D&reserved=0>
> 
> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatat
> racker.ietf.org%2Fdoc%2Fhtml%2Fdraft-ietf-teep-architecture-00&amp;dat
> a=02%7C01%7Cdthaler%40microsoft.com%7C96a47856ba6549e9926f08d5e2b0c5fc
> %7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636664171223541902&amp;s
> data=aoKW%2FFnlzzLxpOwEpmKZ6IsOvg8Tji8Gw4YabXAcS54%3D&amp;reserved=0
> <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdata
> tracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-ietf-teep-architecture-00&data=0
> 2%7C01%7Cdthaler%40microsoft.com%7Ca9986e033e9a4df8bb3608d5e332b1a0%7C
> 72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636664729240720840&sdata=iz
> EKpdtjJPah2dorUbEc7ZdJZJAvPITE9iop%2BtuFrms%3D&reserved=0>
> 
> Please note that it may take a couple of minutes from the time of 
> submission until the htmlized version and diff are available at 
> tools.ietf.org.
> 
> Internet-Drafts are also available by anonymous FTP at:
> 
> ftp://ftp.ietf.org/internet-drafts/
> 
> _______________________________________________
> 
> TEEP mailing list
> 
> TEEP@ietf.org <mailto:TEEP@ietf.org>
> 
> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.i
> etf.org%2Fmailman%2Flistinfo%2Fteep&amp;data=02%7C01%7Cdthaler%40micro
> soft.com%7C96a47856ba6549e9926f08d5e2b0c5fc%7C72f988bf86f141af91ab2d7c
> d011db47%7C1%7C0%7C636664171223541902&amp;sdata=7x7cgTvWZOsnWEDD9hQuRR
> vwGvB4TTpl0okIPShXtd0%3D&amp;reserved=0
> <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.
> ietf.org%2Fmailman%2Flistinfo%2Fteep&data=02%7C01%7Cdthaler%40microsof
> t.com%7Ca9986e033e9a4df8bb3608d5e332b1a0%7C72f988bf86f141af91ab2d7cd01
> 1db47%7C1%7C0%7C636664729240730849&sdata=vxedecEwOXML1kDDEvCVOmZWyVp7J
> F6jky%2BnGgZeU5w%3D&reserved=0>
> 
> _______________________________________________
> 
> TEEP mailing list
> 
> TEEP@ietf.org <mailto:TEEP@ietf.org>
> 
> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.i
> etf.org%2Fmailman%2Flistinfo%2Fteep&amp;data=02%7C01%7Cdthaler%40micro
> soft.com%7C96a47856ba6549e9926f08d5e2b0c5fc%7C72f988bf86f141af91ab2d7c
> d011db47%7C1%7C0%7C636664171223541902&amp;sdata=7x7cgTvWZOsnWEDD9hQuRR
> vwGvB4TTpl0okIPShXtd0%3D&amp;reserved=0
> <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.
> ietf.org%2Fmailman%2Flistinfo%2Fteep&data=02%7C01%7Cdthaler%40microsof
> t.com%7Ca9986e033e9a4df8bb3608d5e332b1a0%7C72f988bf86f141af91ab2d7cd01
> 1db47%7C1%7C0%7C636664729240730849&sdata=vxedecEwOXML1kDDEvCVOmZWyVp7J
> F6jky%2BnGgZeU5w%3D&reserved=0>
> 
> IMPORTANT NOTICE: The contents of this email and any attachments are 
> confidential and may also be privileged. If you are not the intended 
> recipient, please notify the sender immediately and do not disclose 
> the contents to any other person, use it for any purpose, or store or 
> copy the information in any medium. Thank you.
> 
> _______________________________________________
> 
> TEEP mailing list
> 
> TEEP@ietf.org <mailto:TEEP@ietf.org>
> 
> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.i
> etf.org%2Fmailman%2Flistinfo%2Fteep&amp;data=02%7C01%7Cdthaler%40micro
> soft.com%7C96a47856ba6549e9926f08d5e2b0c5fc%7C72f988bf86f141af91ab2d7c
> d011db47%7C1%7C0%7C636664171223541902&amp;sdata=7x7cgTvWZOsnWEDD9hQuRR
> vwGvB4TTpl0okIPShXtd0%3D&amp;reserved=0
> <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.
> ietf.org%2Fmailman%2Flistinfo%2Fteep&data=02%7C01%7Cdthaler%40microsof
> t.com%7Ca9986e033e9a4df8bb3608d5e332b1a0%7C72f988bf86f141af91ab2d7cd01
> 1db47%7C1%7C0%7C636664729240740862&sdata=BM3CGgYe99eqU3Cr9j8CZ3R9LIxD0
> ycKnT8%2FEMwUqjU%3D&reserved=0>
> 
> _______________________________________________
> 
> TEEP mailing list
> 
> TEEP@ietf.org <mailto:TEEP@ietf.org>
> 
> https://www.ietf.org/mailman/listinfo/teep
> <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.
> ietf.org%2Fmailman%2Flistinfo%2Fteep&data=02%7C01%7Cdthaler%40microsof
> t.com%7Ca9986e033e9a4df8bb3608d5e332b1a0%7C72f988bf86f141af91ab2d7cd01
> 1db47%7C1%7C0%7C636664729240750863&sdata=KuTTsAhETZCmCGwo1Y3rmgkhCM8w5
> Mq8JkxxcLL26N8%3D&reserved=0>
> 
> IMPORTANT NOTICE: The contents of this email and any attachments are 
> confidential and may also be privileged.. If you are not the intended 
> recipient, please notify the sender immediately and do not disclose 
> the contents to any other person, use it for any purpose, or store or 
> copy the information in any medium. Thank you.
> 
> 
> 
> _______________________________________________
> TEEP mailing list
> TEEP@ietf.org
> https://www.ietf.org/mailman/listinfo/teep
> 

_______________________________________________
TEEP mailing list
TEEP@ietf.org
https://www.ietf.org/mailman/listinfo/teep

v2.23.0 | Report a Bug | By Email