Re: [Teep] AD review of draft-ietf-teep-architecture-15
Dave Thaler <dthaler@microsoft.com> Thu, 17 March 2022 22:22 UTC
Return-Path: <dthaler@microsoft.com>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE87F3A16A4; Thu, 17 Mar 2022 15:22:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.111
X-Spam-Level:
X-Spam-Status: No, score=-2.111 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rlmxobSixhc0; Thu, 17 Mar 2022 15:22:00 -0700 (PDT)
Received: from na01-obe.outbound.protection.outlook.com (mail-eus2azlp170100001.outbound.protection.outlook.com [IPv6:2a01:111:f403:c110::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1CC9F3A16A3; Thu, 17 Mar 2022 15:21:59 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=DrAc/l9SiUy5nWCrdSyYwUJXlzFouhGKRS5KzviE9BmM0rs8S111ft40ba2UTeQy/3hIJSVimXR5pnp9wX/xlqbJluSmBKv46VQEsjX9vDGDC+5s5pE10ecPcef+F+cLL6UnMJ60gR8tHzENKzVC3W3v9sYafib+Mkgv6DxHQHWW4osissQYkPSYGI0C+5TdHmQ58Ysa07nbZYpTWYLb9kEE6jU9UlcYwJwfEcVZJr9B+MXZ8NccHplxmJjXgxWjuEqkoa5IPDR47xiYljnr+bwIzM7wTbFn6YbG6FdlPMdNOID2M8AutO9fkUdtF1Q60KesiNWuZ5ZNizUltdiWPQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=HuScDZOsVvRZumeS1dcUDrw1SBwyXv+9CfKjV9giuYw=; b=W3BU/995BRDELw2OHABRWC0SA7pYd7YiwTgeKFGVRpFuXg0bHF6XeFTiGfPzkPbukLXKc3T66+CTVPBCxitScSmd2aMi1duKbvZXmNH7dlwExgR0j8PvByaeKIH0V4OAIQWA+qDIl7WwbyXjnciB8/G7wA6JNerICJqzTD8TDSLIPg9Y7/rjKLQjB5UbXS/oh9mZpf7sKyoDR8RExDxBitFOPrWwfkZ81Vy1McKEkItipJj5gu8YWDBMAiZExB3qm31LkVRzw3HD2gIfjzvUUdS+2XvAeLInkHNsotqePXRneO4AzGUtK7TYBV8cX1jl5Qb0oAGaBjukNfAG0cejtg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HuScDZOsVvRZumeS1dcUDrw1SBwyXv+9CfKjV9giuYw=; b=MIhIkoSgXC2Lme8+TfS3EIkpT9xEDo7cyWEGEj0RJMYcvyRCTzWzR6xqBqSb+9FlaDLuyGVx997eBlseNqvvvkTtKMYrclruLicD7BLgOOW9c7Hxmf7LPR4zsYSQU6NeDUrLvLk9A1FMiEY8BomG2R3lZu1cc3UsodnZ8SpeBo8=
Received: from CH2PR21MB1464.namprd21.prod.outlook.com (2603:10b6:610:89::16) by BY5PR21MB1410.namprd21.prod.outlook.com (2603:10b6:a03:232::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5102.8; Thu, 17 Mar 2022 22:21:54 +0000
Received: from CH2PR21MB1464.namprd21.prod.outlook.com ([fe80::90e9:8eaa:9e3b:4629]) by CH2PR21MB1464.namprd21.prod.outlook.com ([fe80::90e9:8eaa:9e3b:4629%4]) with mapi id 15.20.5102.008; Thu, 17 Mar 2022 22:21:53 +0000
From: Dave Thaler <dthaler@microsoft.com>
To: Benjamin Kaduk <kaduk@mit.edu>
CC: "draft-ietf-teep-architecture.all@ietf.org" <draft-ietf-teep-architecture.all@ietf.org>, "teep@ietf.org" <teep@ietf.org>
Thread-Topic: [Teep] AD review of draft-ietf-teep-architecture-15
Thread-Index: AQHYBAGA/MYbdOXJiUmFXtLtO0oCOKyp87jwgBp3VwCAACes8A==
Date: Thu, 17 Mar 2022 22:21:53 +0000
Message-ID: <CH2PR21MB1464D727615D20682E835C13A3129@CH2PR21MB1464.namprd21.prod.outlook.com>
References: <20220107200159.GP11486@mit.edu> <CH2PR21MB146471B9235CD854338D952FA3029@CH2PR21MB1464.namprd21.prod.outlook.com> <20220317195940.GF13021@kduck.mit.edu>
In-Reply-To: <20220317195940.GF13021@kduck.mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=b187444e-106c-42cf-be29-6a9f414e3bb9; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2022-03-17T22:21:39Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=microsoft.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 45a1bd6c-43c8-412d-de92-08da08648a7e
x-ms-traffictypediagnostic: BY5PR21MB1410:EE_
x-ms-exchange-atpmessageproperties: SA|SL
x-microsoft-antispam-prvs: <BY5PR21MB14104389DD09FB8017A91678A3129@BY5PR21MB1410.namprd21.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: nvodLeYinCaCXr5ToD6NgSLseFrlXiQ5FTHv66AulzgOryxXdq+MHXeNoZ94Lsj2luIUyAV013oglv0eLf1mt5kUhwxNjyI/nsI6VDqhDJDltGzX/51FzkHaijTqpMzd0/Yo5i2EOjS9yuI2SrPMQB/fGYEzSJ/W6CBS+PYyPNViMB9folKWS4Vlfic2VshHeS+8+ntHNerdpdPxxljWaENnKJ7X0hSU1odvAa5HvZVyX912x8vmybm4a96MqwEelGw8AfVb90edPb8TS48yhnUPTtVFgv9MBQXzg6eqojduBbmJLd5EYfenIH6roUnDsoOGkL09LuFU3Wrdx9ELF9J3peQrwJQ7oEkzLnF1f6biRy2P1T8RQDWkhIzBNEzeT0k/K8JdkJVyHLgJU+gSh9FIgMdTTVWr3C9TaE26aK9frVzDVKoFGXogzmbF2OpLzhnQ+VmAHX5DG7qAqv6i1Fn+QpDkV28PYwdoI1ewDSU4Lz/eEl4N5y2UkL6rvN7YEBpjlhxUPgnJdWeLaHD7fbVm7jGD4ZdPRU8MedvAc7rHE51kI5lgoNk8jTgUJc7fpppY1GJV0lXFb3TBZBOY26Rgau3LXGF/Z6FWB0yjkVTJ3xVvbIpv80qHu3X/ci1xycP1SjmTVdgs+js9+hXY33IE9J84qf5Up3mvASFFi36rjHe7gEnnIz8fjPp6COwdsOe28kH3ElVgqLETLi029+f8uITnozFxLjQGZTeb6SS8G3uuIVYFPacxyL8J2pojz9A8qL3ReIL8lMagobddGw1jmK8GjjAJTUbdKWOXYphvLaKub2+XM/sbIpQRG4016/cOmAZXyR0hf+5Ouxnlsx89JuzP6I/Zhgg85nn3WxXd1+ns5kW33bM+jPpqIkP3
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH2PR21MB1464.namprd21.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(451199009)(8676002)(4326008)(83380400001)(8990500004)(64756008)(66946007)(66556008)(66476007)(66446008)(76116006)(38100700002)(122000001)(52536014)(8936002)(9686003)(33656002)(82950400001)(82960400001)(5660300002)(2906002)(38070700005)(6916009)(71200400001)(316002)(54906003)(508600001)(55016003)(10290500003)(53546011)(966005)(86362001)(7696005)(6506007)(186003); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: CJZkiL1q0wrXv6TtqFhBzcO0EB4ebmAthBeO5Z8jKXxIV+EeophNZ0d/CNAFcQev/jY3PP9nDAYp7/kPeKOv8ZOycJvFmkQfwNu2trBt/L50M4tShbYgaf2wu7/ICnU7u5Batr98tgolv8g6HTx5kU0UKxzDdK6Oi6gX+uEYaRHRViUQGm+LMOylgpoy2tKWDYG0nwTI2+BzwXRh/jqENU651+dk5i+DXhXMJ3A8gAThAWD04a11mpAni2qDVH54KV+9jmhFOBahowwBoPY9pu5VhgZ5zfUy8bSYE6rVILnxvyOu7978EfTyoG8q9ja5Onoy/fDYlIIcboNmjmMnU9l1l6qUEgl3oEKdTDMxEhmLpEqt2AvSE+9HNvfr7jEMWwTTbD2PWedKa5vEGYYuDUawmjxYfLYP1eZmKbotS4g+MmokQBkS2V70qFcZq+n4DiJ2ZVFow9zTrSWtM63Df5vbHMIOYTR1UiUHnkz1GHmuFjUr9I9j8e0Jpzuup4iism1y14tXY/f+4ZYqrYx1Cbb6Dk//LW5Q1ZRz9vlPc0dkBK3pP0GSgRdK/CabfmiwFXhIRE7SevO/72gUASPuk7znA6Ne78XBRT8+AHarI6Spi5PYNizXzJKuJQug5PZ/FxidFFrR76rgQgxAEJQNK/vmEEvYvfkQkEKOzePq2RYr1vgyOdSnsoBhLEoqMXYA6Slg7giKS942/FI9xT0esHDaNogf2luJJYQzH7w3+qQzdOyxDk4K7BB1kd3G7YTw79CNogGcxbXiXLLHIRGGfSz0e7IqowM66+Xhdn7RFEcMu5xW1RrPPJzRrVloHyhY+bJnWJRch1hjXeSHNbuN0eBwvOA+3J3iY40FO1on2LIgVpDDBGaBiqsmFT8uqnksMp3RxdznRW/DRgDudt9K01l2JAclXrJ547ph1PR1/OSUIZ3dYBYdtROkCF3rXSA1guqPZxdl6rdXe+yZoj9C+OBZNMCrZkphC5n1Xwz0VlZ6rx+1y6qFxUS3PFZ1OdQcI6X8ueEB+dOjBmzzaNcauc6lXbNrme0vv0oEjunz8kMT6GF8BcSz35TrqynaHESaiBmdrRCXU7e2TA96QY9YaIl2Qf7A1CvbtWUhnOYIDoEsG2EPahAvUObjuCQByv/JFPakuI1URTdJkMOZz7j8b9iMQzuFX5X8JplG8kvFoAoHmIX/CsG0qbyuc6xNJIbx/Mz79QndM3O6d2bEkvUJMsCH+xF0qnTG2kyjIID8eLU1tQnWxFXY2fOKIZdtL5jYL4tq63Q9rpvSHqU6HfvfzXxjeR0rtWJouYu9uUcs8wZ5x4RVMEiUy5kTGdPult4532Z7RwU/oIp8MNUuUF4bbZCmZo3itHjMIKHbhuDljJ19He/6dNPa9RWl0rTYVrIFPirT4mmD6T3OWdk4lZxRiQb4KlaaDF2tNcJZjYYu4e2XNEYpZCImTaoLNFz1uFo9S/i0KwVmIZZqC/wo2a6dcl2cXXNknzx5lnjTSSgcWTQnSQyFhh4YCXEQWKu+N6VUjNQAXCzEiGTCckdvkBMpzA==
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH2PR21MB1464.namprd21.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 45a1bd6c-43c8-412d-de92-08da08648a7e
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Mar 2022 22:21:53.8867 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: OIokKk5GeWB/+gprC7Lj8u/BQdJKMaWfvHQ03AOL+MrVAPuCsZnkzB9m7cZjxPZVprP9Wezz36LGyWwkkKuGnKfplZt/o2WXZS5f9rEqf7k=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR21MB1410
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/5ePZMoBh-HHAF3oV8Imo1-1yhj8>
Subject: Re: [Teep] AD review of draft-ietf-teep-architecture-15
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Mar 2022 22:22:03 -0000
Great, thanks Ben! -----Original Message----- From: TEEP <teep-bounces@ietf.org> On Behalf Of Benjamin Kaduk Sent: Thursday, March 17, 2022 1:00 PM To: Dave Thaler <dthaler@microsoft.com> Cc: draft-ietf-teep-architecture.all@ietf.org; teep@ietf.org Subject: Re: [Teep] AD review of draft-ietf-teep-architecture-15 Hi Dave, Thanks for the updates to this and the HTTP transport. Everything looks good, so I'll go kick off the IETF LC (which will be extended a week as it overlaps IETF 113). On Tue, Mar 01, 2022 at 12:13:38AM +0000, Dave Thaler wrote: > Ok, I've now addressed the comments on this document and will submit an update soon. Responses with [DT] below. [...] > Section 9.4 > > > > certificate. Such validation includes checking for certificate > > revocation. See Section 6 of [RFC5280] for details. > > > > Might OCSP (including stapling) or other non-CRL mechanisms be in scope? Is it worth mentioning RFC 6960 or 6961 as well as 5280 here? > > > > [DT] At IETF 111, the TEEP WG got consensus to not depend on OCSP and remove such references from the protocol spec. Meeting discussion is documented in https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fmeeting%2F111%2Fmaterials%2Fminutes-111-teep-00&data=04%7C01%7Cdthaler%40microsoft.com%7C924fe8bc1853401cbf7808da0850b862%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637831440480799292%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=rR%2FCcLrVFTEAsZTEkxzl%2BU6YCs3HUkgykfWo9nWbnqM%3D&reserved=0 which says > > among other things: > > * Russ made the argument that OCSP stappling might be difficult for constrained node. He was arguing that there are more lightweight solutions. > * Ben: OCSP does not really make sense with COSE. You might just be using hard-coded keys and you might be updating keys with software updates. It is probably still worth to mention that there is a need for revocation. Haha, I guess my memory is going :) Thanks for the reminder. -Ben _______________________________________________ TEEP mailing list TEEP@ietf.org https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fteep&data=04%7C01%7Cdthaler%40microsoft.com%7C924fe8bc1853401cbf7808da0850b862%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637831440480799292%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=yahJQJJyIjusTeF%2B12E3nobDFrvVlqXO3xgcZAhKObA%3D&reserved=0
- [Teep] AD review of draft-ietf-teep-architecture-… Benjamin Kaduk
- Re: [Teep] AD review of draft-ietf-teep-architect… Dave Thaler
- Re: [Teep] AD review of draft-ietf-teep-architect… Benjamin Kaduk
- Re: [Teep] AD review of draft-ietf-teep-architect… Dave Thaler
- Re: [Teep] AD review of draft-ietf-teep-architect… Mingliang Pei