Re: [Teep] [EXT] Re: Call for adoption
Nicolae Paladi <n.paladi@gmail.com> Fri, 04 May 2018 09:35 UTC
Return-Path: <n.paladi@gmail.com>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 65E8712D7F0 for <teep@ietfa.amsl.com>; Fri, 4 May 2018 02:35:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rTFFQF0RLK2j for <teep@ietfa.amsl.com>; Fri, 4 May 2018 02:35:29 -0700 (PDT)
Received: from mail-lf0-x22e.google.com (mail-lf0-x22e.google.com [IPv6:2a00:1450:4010:c07::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AAFAC12D7EA for <teep@ietf.org>; Fri, 4 May 2018 02:35:28 -0700 (PDT)
Received: by mail-lf0-x22e.google.com with SMTP id h197-v6so29955842lfg.11 for <teep@ietf.org>; Fri, 04 May 2018 02:35:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc:message-id:references :to; bh=c9Htz4YQ9ymNdRIjxOnXZQTaTnsm/nX9ZP0d7WmNWcc=; b=LNj4RVOsDUyrrBpE2CE4i1iD/GYaaQ7nuQ7uT5KV3m9MJj9iHsGQx6iikzUMY7f6BH rnQc9AG3CixOv/tBbNzph8DhoYPwEaUI4ze317xCUd/D6lZGvsUbM1CP6+qppRLRtwY5 BnDuAohTD/1+NeemM5kVIFFmQGCtt2ThN86olcofrRUzSgKqwW0MXSobreLIFzFqttg/ dXSixOlq0Ax7ErDWijxAB4X3ZexfOKxguRO9bT9T/1EcQO2ktIA9r0r+mvlVsQjL5vHQ OmZChqQr0TYrdt9CtyWkl0eIZPGIt+8OHOtMi7rf5qvjPje+EwpmnpPkPZYPIpc1AF3D 23ng==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=c9Htz4YQ9ymNdRIjxOnXZQTaTnsm/nX9ZP0d7WmNWcc=; b=gmwwuy453qwiDfg3GMZ5Au1bNM56PQcU0kAuUe7B9eQcmZsIRxKrBi1jAD+Svv5Em7 c4w20PNCX8F1reQ/feI25R11DaE8MY3cvJRaFXc6KJ3j/o8+DrA49IfwO72050h+d3Wv BweLedDvmOXb7wCVCt90MpoJEJYOzM6RTi9JMdFNCJAUmpjjbeY0gVzBlo1PwLXlH5nW 3AD0Gua/fSgac0ffMMTU4aHxl4LffFQM4ZVLyGBHuPVTFLCg08bLJ6ArFaUIHXQe8PS1 /E4C1h2GdeBj1ysN8Ys8TTiPOCjigmcLs+dctpZuBQZnPhBpDblWWfdH+VIxNh5CfrEt LWig==
X-Gm-Message-State: ALQs6tC2qTXDyLSd1qzDj+VSuvGA+Oo1rw107uVmqD+nWVxmWnu33Gzu j5IV0UYCs3lJUxU3c662ORg=
X-Google-Smtp-Source: AB8JxZoCRPIupTm5cdFQlODq3SxPr/ckPaaF6zHw2Z63m1nIdqK8EoO8me8r7fxkSTJ3HlJT/97AiQ==
X-Received: by 2002:a2e:4394:: with SMTP id z20-v6mr19201096lje.103.1525426526914; Fri, 04 May 2018 02:35:26 -0700 (PDT)
Received: from ginger.sics.se (ginger.sics.se. [193.10.66.61]) by smtp.gmail.com with ESMTPSA id r5-v6sm3145682ljr.41.2018.05.04.02.35.25 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 04 May 2018 02:35:25 -0700 (PDT)
Content-Type: multipart/alternative; boundary="Apple-Mail=_09C443F9-2528-4579-8F37-4DA4C8B952E0"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
From: Nicolae Paladi <n.paladi@gmail.com>
In-Reply-To: <2F635C9F-199B-4118-9D80-CD35ADA74261@symantec.com>
Date: Fri, 04 May 2018 11:35:24 +0200
Cc: Dave Thaler <dthaler@microsoft.com>, "Wheeler, David M" <david.m.wheeler@intel.com>, "Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com>, "teep@ietf.org" <teep@ietf.org>
Message-Id: <6C77FC20-EB64-46B7-8D2D-69693E163D95@gmail.com>
References: <E3320980-A44F-4429-A255-16E17EB572FD@cisco.com> <38924978-1EB8-4E25-A8EE-55F85A5FD173@cisco.com> <6F8051FA-C7F7-4E53-B8F8-5F45290F8D7F@symantec.com> <0627F5240443D2498FAA65332EE46C84367D27EF@CRSMSX102.amr.corp.intel.com> <CY4PR21MB07749A26B6D0DAFC15231CB1A3800@CY4PR21MB0774.namprd21.prod.outlook.com> <2F635C9F-199B-4118-9D80-CD35ADA74261@symantec.com>
To: Mingliang Pei <Mingliang_Pei@symantec.com>
X-Mailer: Apple Mail (2.2104)
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/3FcmOUhWeILBw4cOOzGAJYkHbi0>
Subject: Re: [Teep] [EXT] Re: Call for adoption
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 May 2018 09:35:32 -0000
Hello, I have read through the 06 OTrP document; besides a list of miscellaneous omissions and minor misses (that can be addressed later), several points caught my eye: 1. In §5.2 the acronym “AIK” from "TEE SP anonymous key (AIK)” reads very similar to the concept of an “Attestation Identity Key” (e.g. from [1]). Is that the purpose? If yes, the key and its role should be introduced, otherwise a different acronym could be used. 2. In §6.3.1 the draft mentions that “It is important to ensure a legitimate OTrP Agent is installed”. However, it is not clear what a “legitimate” agent is and how one can ensure that a “legitimate” agent installed. Given that the agent runs in the REE where the applications are by definition un-trusted (as per 3.1), this paragraph leads to a dead end. What is the relation between a “legitimate” application and a “trusted” application? 3. §6.3.2 states twice (duplication) that only one OTrP agent is expected. However, given that “a user can dynamically download and install an OTrP Agent on demand” (as per §6.3.1), it is unclear what this expectation is based on. Moreover, the interaction is multiple OTrP agents on the platform is not discussed. Best regards, Nicolae ==== [1] Ernie Brickell, Jan Camenisch, and Liqun Chen. 2004. Direct anonymous attestation. In Proceedings of the 11th ACM conference on Computer and communications security (CCS '04). ACM, New York, NY, USA, 132-145. DOI=http://dx.doi.org/10.1145/1030083.1030103 > On 02 May 2018, at 20:23, Mingliang Pei <Mingliang_Pei@symantec.com> wrote: > > Thanks Dave T, that is correct. > > Hi Dave W, yes, I can confirm that it is exactly the same version as v06 OTrP except a few typo fixes. The plan is to rename the “adopted” version v06 first to WG named draft, and we work on revision from there with full continuity. > > Thanks, > > Ming > > From: Dave Thaler <dthaler@microsoft.com> > Date: Wednesday, May 2, 2018 at 10:13 AM > To: "Wheeler, David M" <david.m.wheeler@intel.com>, Mingliang Pei <Mingliang_Pei@symantec.com>, "Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com>, "teep@ietf.org" <teep@ietf.org> > Subject: RE: [Teep] [EXT] Re: Call for adoption > > You can see the diffs at > > I see that a number of typos were fixed, but there were no substantial differences. > > Dave > > From: TEEP <teep-bounces@ietf.org> On Behalf Of Wheeler, David M > Sent: Wednesday, May 2, 2018 7:14 AM > To: Mingliang Pei <Mingliang_Pei@symantec.com>; Nancy Cam-Winget (ncamwing) <ncamwing@cisco.com>; teep@ietf.org > Subject: Re: [Teep] [EXT] Re: Call for adoption > > Ming, > Can you just confirm that there are NO DIFFERENCES between the last released version and the 06 OTrP document? > If there are differences, can you give a short summary so I know where to look? > Much appreciated, > Dave Wheeler > > > <>From: TEEP [mailto:teep-bounces@ietf.org <mailto:teep-bounces@ietf.org>] On Behalf Of Mingliang Pei > Sent: Thursday, April 26, 2018 10:46 AM > To: Nancy Cam-Winget (ncamwing) <ncamwing@cisco.com <mailto:ncamwing@cisco.com>>; teep@ietf.org <mailto:teep@ietf.org> > Subject: Re: [Teep] [EXT] Re: Call for adoption > > Thank you Nancy, Dave and all for your support, comments and suggestions. > > Yes, I will rename the draft to “draft-ietf-teep-opentrustprotocol” and resubmit it very soon. > > Thanks, again, > > Ming > > From: TEEP <teep-bounces@ietf.org <mailto:teep-bounces@ietf.org>> on behalf of "Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com <mailto:ncamwing@cisco.com>> > Date: Thursday, April 26, 2018 at 8:58 AM > To: "teep@ietf.org <mailto:teep@ietf.org>" <teep@ietf.org <mailto:teep@ietf.org>> > Subject: [EXT] Re: [Teep] Call for adoption > > Hearing (or reading) no strong objections, “draft-pei-opentrustprotocol” is adopted by the WG. > > A few comments have already been provided that can be addressed in subsequent versions some can also be clarified in the architecture draft. > > Ming: when you get a chance, please submit the draft with the name: draft-ietf-teep-opentrustprotocol > > Your chairs, Dave and Nancy > > From: "ncamwing@cisco.com <mailto:ncamwing@cisco.com>" <ncamwing@cisco.com <mailto:ncamwing@cisco.com>> > Date: Monday, April 2, 2018 at 11:07 AM > To: "teep@ietf.org <mailto:teep@ietf.org>" <teep@ietf.org <mailto:teep@ietf.org>> > Subject: Call for adoption > > All, <> > > There was strong interest and consensus at the TEEP f2f IETF 101 meeting in London for adopting > https://datatracker.ietf.org/doc/draft-pei-opentrustprotocol/ <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fclicktime.symantec.com%2Fa%2F1%2FgRKJSsq7kQhfqIKwz5wHUYr68TvGP5gAqpJNYBP-b7k%3D%3Fd%3D8WYzqysvQkd-X_pG-TDgQWMOhCT_hZ1FSVct6-8Ei0YXDodJ-BlC1HRZVDivUH6gtXKkOaBplQ4cm5LXvKuOoc75nlsRDpZ0rTVUq3fI7jVSXjtiB2k5l62ztuPK_5u9S0O3mA7XFXurjMVspCv9uWGRny0TCxWJTwmktVrcQ-LZsoLDB69BN4KytF_Po_2Z2uln01QFKhgSZXUOR-YCo0fpFWZNBDKlXao5KGMKu-LMjD9wwhzQSXXsEgOk-r_0Vzw4CArYfYfPSqkGXkT1bJegLFfBHZZ6RGWMovT3TJ8Z2EohP6RQgIWuG16Z_L_WaaiTJKC75JKHUnWLAF4IObMDfaL4frUNdI7SaFJEk1Nym6ab%26u%3Dhttps%253A%252F%252Fdatatracker.ietf.org%252Fdoc%252Fdraft-pei-opentrustprotocol%252F&data=02%7C01%7Cdthaler%40microsoft.com%7C7a6910317f434c0cf7e508d5b036f02f%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C1%7C636608672364767599&sdata=4N1Xkn78OMBQeskfI6i%2FOe4R37Hw%2BcOELBqt06w6x%2FY%3D&reserved=0> as a draft protocol. > > This is a call for adoption as a working group draft . If you have any concerns or objections please respond > by April 16th. > > Warm regards, Nancy > _______________________________________________ > TEEP mailing list > TEEP@ietf.org > https://www.ietf.org/mailman/listinfo/teep
- Re: [Teep] [EXT] Re: Call for adoption Wheeler, David M
- [Teep] Call for adoption Nancy Cam-Winget (ncamwing)
- Re: [Teep] Call for adoption Nancy Cam-Winget (ncamwing)
- Re: [Teep] Call for adoption Nancy Cam-Winget (ncamwing)
- Re: [Teep] Call for adoption Dave Thaler
- Re: [Teep] [EXT] Re: Call for adoption Mingliang Pei
- Re: [Teep] Call for adoption Scott Kitterman
- Re: [Teep] Call for adoption Nancy Cam-Winget (ncamwing)
- Re: [Teep] [EXT] Re: Call for adoption Nancy Cam-Winget (ncamwing)
- Re: [Teep] [EXT] Re: Call for adoption Mingliang Pei
- Re: [Teep] Call for adoption Scott Kitterman
- Re: [Teep] Call for adoption Nancy Cam-Winget (ncamwing)
- Re: [Teep] [EXT] Re: Call for adoption Mingliang Pei
- Re: [Teep] Call for adoption Nancy Cam-Winget (ncamwing)
- Re: [Teep] [EXT] Re: Call for adoption Mingliang Pei
- Re: [Teep] [EXT] Re: Call for adoption Wheeler, David M
- Re: [Teep] [EXT] Re: Call for adoption Dave Thaler
- Re: [Teep] [EXT] Re: Call for adoption Mingliang Pei
- Re: [Teep] [EXT] Re: Call for adoption Nicolae Paladi
- Re: [Teep] [EXT] Re: Call for adoption Mingliang Pei
- Re: [Teep] [EXT] Re: Call for adoption Nicolae Paladi
- Re: [Teep] [EXT] Re: Call for adoption Dave Thaler
- Re: [Teep] [EXT] Re: Call for adoption Jeremy O'Donoghue
- Re: [Teep] [EXT] Re: Call for adoption Mingliang Pei