Re: [Teep] [EXT] Overcoming other limitations in the TEE landscape
Brian Witten <brian_witten@symantec.com> Mon, 05 June 2017 13:21 UTC
Return-Path: <brian_witten@symantec.com>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 92CC31286D6 for <teep@ietfa.amsl.com>; Mon, 5 Jun 2017 06:21:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.22
X-Spam-Level:
X-Spam-Status: No, score=-4.22 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=symc.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0dVVqdYCFuYC for <teep@ietfa.amsl.com>; Mon, 5 Jun 2017 06:21:04 -0700 (PDT)
Received: from tussmtoutape02.symantec.com (tussmtoutape02.symantec.com [155.64.38.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0AFF11243F3 for <teep@ietf.org>; Mon, 5 Jun 2017 06:21:03 -0700 (PDT)
Received: from tussmtmtaapi01.symc.symantec.com (tus3-f5-symc-ext-prd-snat4.net.symantec.com [10.44.130.4]) by tussmtoutape02.symantec.com (Symantec Messaging Gateway) with SMTP id 99.9C.57663.FBA55395; Mon, 5 Jun 2017 13:21:03 +0000 (GMT)
X-AuditID: 0a2c7e32-32aa39a00000e13f-42-59355abf3d5d
Received: from tus3xchcaspin01.SYMC.SYMANTEC.COM (tus3-f5-symc-ext-prd-snat3.net.symantec.com [10.44.130.3]) by tussmtmtaapi01.symc.symantec.com (Symantec Messaging Gateway) with SMTP id AD.26.61790.FBA55395; Mon, 5 Jun 2017 13:21:03 +0000 (GMT)
Received: from TUSXCHMBXWPI02.SYMC.SYMANTEC.COM (10.44.91.34) by tus3xchcaspin01.SYMC.SYMANTEC.COM (10.44.91.13) with Microsoft SMTP Server (TLS) id 15.0.1236.3; Mon, 5 Jun 2017 06:21:02 -0700
Received: from NAM03-DM3-obe.outbound.protection.outlook.com (10.44.128.10) by TUSXCHMBXWPI02.SYMC.SYMANTEC.COM (10.44.91.34) with Microsoft SMTP Server (TLS) id 15.0.1236.3 via Frontend Transport; Mon, 5 Jun 2017 06:21:02 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=symc.onmicrosoft.com; s=selector1-symantec-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=emByQlfH0dKuhFGw0X1jNjJ50R6bOwazs/MATFrbDro=; b=i3CViOiDwoi+p657cB8S/XLvHF0p2X1gKXhDCLBqZJyTPnPyG8sIEzXRIoCllZqminQ2LNmRkaxUfw46Ta5Bm/XFiECh2uMQY3COlJK6gdLIY2aryZULtCIJYIkhPGw2CWvINrSC7qFrmvOpjCrq70r1p5GSEJwuWW/5wpNBiIk=
Received: from MWHPR16MB1488.namprd16.prod.outlook.com (10.175.4.146) by MWHPR16MB1487.namprd16.prod.outlook.com (10.175.4.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1124.9; Mon, 5 Jun 2017 13:21:00 +0000
Received: from MWHPR16MB1488.namprd16.prod.outlook.com ([10.175.4.146]) by MWHPR16MB1488.namprd16.prod.outlook.com ([10.175.4.146]) with mapi id 15.01.1124.021; Mon, 5 Jun 2017 13:21:00 +0000
From: Brian Witten <brian_witten@symantec.com>
To: Anders Rundgren <anders.rundgren.net@gmail.com>, "teep@ietf.org" <teep@ietf.org>
Thread-Topic: [EXT] [Teep] Overcoming other limitations in the TEE landscape
Thread-Index: AQHS3Pp6uX95I5AnmUKAJvFvdIxMe6IWQHBd
Date: Mon, 05 Jun 2017 13:21:00 +0000
Message-ID: <MWHPR16MB14886572B0AB1BBD5CCE187E93CA0@MWHPR16MB1488.namprd16.prod.outlook.com>
References: <e25cdc3c-96f7-6507-8115-c3f16574519b@gmail.com>
In-Reply-To: <e25cdc3c-96f7-6507-8115-c3f16574519b@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=symantec.com;
x-originating-ip: [2603:10b6:300:3b:cafe::7b]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; MWHPR16MB1487; 7:B5WQruwWUesyO0+s7urS86QxDoUvI/RAYlux8+IoPwFlZg6TMuc/gZsFFFAiojItjvouEKk+ufDgHy9ZK8g4JUkp2FFcthA9gGFCWhRzPCa3zUMrXbltEL+/qGYg8kOxLBiOyES6uZOjGhT6LAKmuePl4nTm8Zkq6fZKZlWBmGbshCbQFzXxfFT/taJCuud/5UQeeAXl+DLPAiDaQPM+3Xcnp+DApUWDsKpPjYHExZ6FP3JrmstBzLhU8yUoIlaaipOX/DC0+mO00HgTHvgvFYcPXoAG7DDYfDFKILL+sdfUBpH3Rws6JPl7fzJdx50hwGeG51LKl+oretFspaJjvQ==
x-ms-traffictypediagnostic: MWHPR16MB1487:
x-ms-office365-filtering-correlation-id: 41c5f835-87d7-4c75-1f76-08d4ac15b549
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(201703131423075)(201703031133081); SRVR:MWHPR16MB1487;
x-microsoft-antispam-prvs: <MWHPR16MB1487477FF3C99974D35B64DA93CA0@MWHPR16MB1487.namprd16.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(192374486261705)(116415991822766)(128460861657000)(81160342030619);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(5005006)(8121501046)(93006095)(93001095)(100000703101)(100105400095)(3002001)(10201501046)(6041248)(20161123560025)(20161123562025)(20161123558100)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123555025)(20161123564025)(6072148)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:MWHPR16MB1487; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:MWHPR16MB1487;
x-forefront-prvs: 0329B15C8A
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39450400003)(39400400002)(39840400002)(39410400002)(377454003)(606005)(2906002)(77096006)(39060400002)(6506006)(33656002)(7696004)(76176999)(122556002)(8936002)(966005)(14454004)(50986999)(478600001)(6116002)(54356999)(102836003)(38730400002)(3280700002)(8676002)(3660700001)(236005)(45080400002)(25786009)(53546009)(9686003)(6306002)(54896002)(55016002)(2950100002)(6246003)(10290500003)(53936002)(7736002)(5660300001)(99286003)(6436002)(86362001)(7906003)(2501003)(2900100001)(229853002)(74316002)(189998001)(81166006)(9010500006); DIR:OUT; SFP:1101; SCL:1; SRVR:MWHPR16MB1487; H:MWHPR16MB1488.namprd16.prod.outlook.com; FPR:; SPF:None; MLV:ovrnspm; PTR:InfoNoRecords; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_MWHPR16MB14886572B0AB1BBD5CCE187E93CA0MWHPR16MB1488namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Jun 2017 13:21:00.0279 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 3b217a9b-6c58-428b-b022-5ad741ce2016
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR16MB1487
X-OriginatorOrg: symantec.com
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrMKsWRmVeSWpSXmKPExsXCpdPEors/yjTSYOYpVYuHr5awWiz9843Z gclj56y77B5LlvxkCmCK4rJJSc3JLEst0rdL4Mr4/nMDa8FnjYofV94xNzDOVO5i5OCQEDCR WHfSv4uRi0NI4BOjxOYD09m7GDnB4jN6X7NAJH4wSsw+0gHlHGGUmPSxnxmkSkjgBaPE3J9s IAkWgU5miZeHYBKTmSSO9dpCdBxmlJjxvR0swSagJ3H07x1WEFtEIEyi/0cDWFxYwFvi7LE3 zBBxH4mOLbuYIGwjiQ/f1oHFWQRUJJb/u8sKcjevQIzEpI1pELtsJDq6ZjGC2JwCthJLfp9l A7EZBcQkvp9aAzaGWUBc4taT+UwQrwlILNlznhnCFpV4+fgfK8idjAK9jBJLpn5nhUjoSqzc c4IFwpaVuDS/mxGkSEKgh1li6YcjUAkticM925kgAekrsWKaKkS4TmLisW/QcMyWOL7sGBNM /P3UHSwQcw6xSjzecJJ5AqPeLCQHQtj5Eh8fNTCD2LwCghInZz5hgYjrSCzY/YkNwtaWWLbw NTOMfebAYyZk8QWM7KsYFUpKi4tzS/JLSxILUg2M9Iorc5NBRCIwISXrJefnbmIEJ6U6ox2M nzb4HGIU4GBU4uE9xmYaKcSaWAZUeYhRgoNZSYS3+LpJpBBvSmJlVWpRfnxRaU5q8SFGaQ4W JXFe4Rr9SCGB9MSS1OzU1ILUIpgsEwenVANjiMK1TCf7+przonvjnu/a3xixyj75/mnpRQ2p rpxWTssW5bv8Wq3fxHfXoONPLLtUkfjRDQuOXLwvrl9ZZ7p9NruUcJzur812QcxPj1VOKQwq YXxyw2WTuXHB5Zygkjnbgi40/pp4OunDQe/67zHxjd+jTmeGdfG8EHlpnvD9nOKCf8e2ezxT YinOSDTUYi4qTgQAbAhtGEYDAAA=
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprBKsWRmVeSWpSXmKPExsXCpdPErLs/yjTS4P09EYuHr5awWiz9843Z gclj56y77B5LlvxkCmCK4rJJSc3JLEst0rdL4Mr4/nMDa8FnjYofV94xNzDOVO5i5OSQEDCR mNH7mqWLkYtDSOAHo8TsIx1QzhFGiUkf+5lBqoQEXjBKzP3JBpJgEehklnh5CCYxmUniWK8t RMdhRokZ39vBEmwCehJH/95hBbFFBMIk+n80gMWFBbwlzh57wwwR95Ho2LKLCcI2kvjwbR1Y nEVARWL5v7tAvRwcvAIxEpM2pkHsspHo6JrFCGJzCthKLPl9lg3EZhQQk/h+ag3YGGYBcYlb T+YzQbwmILFkz3lmCFtU4uXjf6wgdzIK9DJKLJn6nRUioSuxcs8JFghbVuLS/G5GkCIJgR5m iaUfjkAltCQO92xnAjlIQsBXYsU0VYhwncTEY9/YIexsiePLjjHBxN9P3cECMecQq8TjDSeh rpCRWPT1CCOEfYlV4sxb5wmMWrOQHA5h50t8fNTADGLzCghKnJz5hAUiriOxYPcnNghbW2LZ wtfMMPaZA4+ZkMUXMLKvYlQoKS0uzi3JLUlMLMg0MNQrrsxNBhGJwISUrJecn7uJEZyUnCV2 MO7743OIUYCDUYmHVyLTJFKINbEMqPIQozQHi5I4r8kqkUghgfTEktTs1NSC1KL4otKc1OJD jEwcnFINjIFnNmjuKpCRiZXn/W96YcPbwGX/nqbzOElKFy7cwNPjo/FoN0N18n2uQ8efZey5 2sh16YLiLC5l1lSbFQzJzAujs/RTXq19JHhq66OaOVM8vr3lzWdoc9wmsXVxicep/SYfzvqo 89m/6xc3SDde/mvF+k5dCaHTb9fYePGwngpysYlWTnaSVWIpzkg01GIuKk4EAInpdGArAwAA
X-CFilter-Loop: TUS02
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/6MNyq9mojfyp7PzG2nywCda6Vmg>
Subject: Re: [Teep] [EXT] Overcoming other limitations in the TEE landscape
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Jun 2017 13:21:06 -0000
Thanks! IMHO active RFID (keys & crypto embedded in the tag, executed in the tag for strong authentication, private keys never leaving the tag, several schemes leverage PKI like this embedded in RFID tags with just enough crypto/computing power) ... active RFID (like that) helps break past the "easily copied" challenges of QR codes, mag-stripe credit cards, SSN's and the like, and does so at a price not too far from QR stickers/physical-printing. However, the TEE in a mobile device (and TEE in IOT devices such as smart-glasses, badge-scanners, and nearly anything else) with more compute than an RFID "tag" helps add similar "hardware backed" security for such devices who might be not only interrogating such tags, but might also be collaborating with such tags in talking with cloud based services. At least that's my view, but I'm very open to others - ________________________________ From: TEEP <teep-bounces@ietf.org> on behalf of Anders Rundgren <anders.rundgren.net@gmail.com> Sent: Saturday, June 3, 2017 11:18:31 PM To: teep@ietf.org Subject: [EXT] [Teep] Overcoming other limitations in the TEE landscape F.Y.I. We all agree that TEEs are great, right? However, TEEs are no better than the environments they are supposed to be used in: https://www.linkedin.com/pulse/motives-better-qr-anders-rundgren (you don't need a LinkedIn account to read this short writeup) Anders _______________________________________________ TEEP mailing list TEEP@ietf.org https://www.ietf.org/mailman/listinfo/teep
- [Teep] Overcoming other limitations in the TEE la… Anders Rundgren
- Re: [Teep] [EXT] Overcoming other limitations in … Brian Witten
- Re: [Teep] Overcoming other limitations in the TE… Anders Rundgren