[Teep] Re: comments on draft-ietf-teep-usecase-for-cc-in-network-09
Meiling Chen <chenmeiling@chinamobile.com> Mon, 26 May 2025 01:09 UTC
Return-Path: <chenmeiling@chinamobile.com>
X-Original-To: teep@mail2.ietf.org
Delivered-To: teep@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 876202CD457D for <teep@mail2.ietf.org>; Sun, 25 May 2025 18:09:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_FONT_FACE_BAD=0.001, HTML_MESSAGE=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YE9h-W83-jRz for <teep@mail2.ietf.org>; Sun, 25 May 2025 18:09:42 -0700 (PDT)
Received: from cmccmta2.chinamobile.com (cmccmta8.chinamobile.com [111.22.67.151]) by mail2.ietf.org (Postfix) with ESMTP id 821A32CD4576 for <teep@ietf.org>; Sun, 25 May 2025 18:09:36 -0700 (PDT)
X-RM-TagInfo: emlType=0
X-RM-SPAM-FLAG: 00000000
Received: from spf.mail.chinamobile.com (unknown[10.188.0.87]) by rmmx-syy-dmz-app06-12006 (RichMail) with SMTP id 2ee66833bf4d697-f1fae; Mon, 26 May 2025 09:09:34 +0800 (CST)
X-RM-TRANSID: 2ee66833bf4d697-f1fae
X-RM-TagInfo: emlType=0
X-RM-SPAM-FLAG: 00000000
Received: from cmcc-PC (unknown[10.2.53.48]) by rmsmtp-syy-appsvr06-12006 (RichMail) with SMTP id 2ee66833bf4dbd3-81a41; Mon, 26 May 2025 09:09:34 +0800 (CST)
X-RM-TRANSID: 2ee66833bf4dbd3-81a41
Date: Mon, 26 May 2025 09:09:33 +0800
From: Meiling Chen <chenmeiling@chinamobile.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>, "teep@ietf.org" <teep@ietf.org>
References: <2025051310074115914617@chinamobile.com>, <2075067.1747386727@dyas>
X-Priority: 3
X-Has-Attach: no
X-Mailer: Foxmail 7.2.9.115[cn]
Mime-Version: 1.0
Message-ID: <202505260909328368232@chinamobile.com>
Content-Type: multipart/alternative; boundary="----=_001_NextPart480388456822_=----"
Message-ID-Hash: SENYKQBZC2VGDRZNGOFLBZ2OBF6K4WU7
X-Message-ID-Hash: SENYKQBZC2VGDRZNGOFLBZ2OBF6K4WU7
X-MailFrom: chenmeiling@chinamobile.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-teep.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: ypl_ietf <ypl_ietf@163.com>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Teep] Re: comments on draft-ietf-teep-usecase-for-cc-in-network-09
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/4hHl5D_e-V5eX5fo4RsSnx6DCO8>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Owner: <mailto:teep-owner@ietf.org>
List-Post: <mailto:teep@ietf.org>
List-Subscribe: <mailto:teep-join@ietf.org>
List-Unsubscribe: <mailto:teep-leave@ietf.org>
Hi Michael,
A:agreed
B:In section 3 declared “The connection between Network User and Network M/OC depends on the implementation of specific network.”, which means this step is not part of teep protocol.
"Network User requests for confidential computing resource", is for explaining the usecase.
In fact from step 1 to step 5 are the specific steps of how to use confidential computing in different environment and hardware architecture. So my personal opinion is to keep these steps for clear description.
In case2, the UA and TA are packaged as one package. And the PD is a separate package. The reason to classify the package like section 4 is that different package mode has different remote attestation sequence. In 4.2, the TA and UA are bundled as one package, which means before transfer PD to TA in TEE environment the remote attestation to TA must be executed first. From section 4.1 to 4.5, the steps are all have different load sequences to adapt different package model and different hardware architectures.
C: see the above response.
D: the appendix is used to explain submodules in TEEP Agent. The submodules are mainly for providing a middleware or API for TEE hardware. This appendix is only for explanation, the TEEP Agent does not “manage” submodules, it could contains different submodules.
Editorial Nits: thanks for your suggestions, I agree with you.
Best,
Meiling
From: Michael Richardson
Date: 2025-05-16 17:12
To: Meiling Chen; teep
Subject: comments on draft-ietf-teep-usecase-for-cc-in-network-09
I read draft-ietf-teep-usecase-for-cc-in-network-09 today.
A. The reference [CCC-White-Paper]
Confidential Computing Consortium, "Confidential
Computing: Hardware-Based Trusted Execution for
Applications and Data", January 2021,
<https://confidentialcomputing.io/white-papers-reports/>.
Could point directly at:
https://confidentialcomputing.io/wp-content/uploads/sites/10/2023/03/CCC_outreach_whitepaper_updated_November_2022.pdf
except that it's likely to be broken by marketing people who don't understand
the Internet. The /white-papers-reports link felt kind of vague, and I
thought at first that the paper was gone.
That's a terribly formatted white paper... fonts too small, 2/3 of each page blank.
B. I liked that the use cases explained the flow, but is it useful to write
all of the stuff down (like in section 4.1), when the protocols are not specified?
Like in step 1 "Network User requests for confidential computing resource"
how is this done? I think it matters if this is a new protocol needed (a
gap), or an existing one, or if this is really part of the TEEP protocol?
Steps 3,4,5 would seem to be the ordinate TEEP flow, so is it worth repeating
here?
In eample 4.2, 3/4/5 are slightly different, in that the UA/TA are provided
by the user, and there seems to be no PD. Is that really that different?
Given that no protocol is specified for the transfer, is this really
different?
C. I found the tables in Figure 2,3,4,5 to be very busy, and I could't really
gleam any real understanding from them. Perhaps the critical substantive
difference between the use cases is embedded in the tables, but I'm not
seeing it easily.
D. I'm not sure what I'm supposed to understand from the submodule Appendix.
What I got is that if there are more modules, the TEEP Agent will manage them.
Editorial Nits:
1. "could" used in abstract... maybe be more definite :-)
2. expand MEC before using it. I guess: Multi-access Edge Computing.
s/For example in MEC/For example in a MEC/
3. I have asked for a git(hub), then I could send grammar/typos directly to
the authors.
--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
-= IPv6 IoT consulting =- *I*LIKE*TRAINS*
- [Teep] comments on draft-ietf-teep-usecase-for-cc… Michael Richardson
- [Teep] Re: comments on draft-ietf-teep-usecase-fo… Meiling Chen
- [Teep] Re: comments on draft-ietf-teep-usecase-fo… Meiling Chen
- [Teep] Re: comments on draft-ietf-teep-usecase-fo… Michael Richardson