IETF Logo Mail Archive

Re: [Teep] Working Group Last Call for HTTP Transport for Trusted Execution Environment Provisioning: Agent-to-TAM Communication

"Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com> Mon, 06 April 2020 11:40 UTC

Return-Path: <tirumaleswarreddy_konda@mcafee.com>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4DAB23A0F50 for <teep@ietfa.amsl.com>; Mon, 6 Apr 2020 04:40:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.268
X-Spam-Level:
X-Spam-Status: No, score=-2.268 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.168, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mcafee.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7hHawf9Agzlw for <teep@ietfa.amsl.com>; Mon, 6 Apr 2020 04:40:39 -0700 (PDT)
Received: from us-smtp-delivery-140.mimecast.com (us-smtp-delivery-140.mimecast.com [216.205.24.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D5A7E3A0F51 for <teep@ietf.org>; Mon, 6 Apr 2020 04:40:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mcafee.com; s=mimecast20190606; t=1586173237; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=HvuytAiSjVajCUIChrVv93qKDcr+Hpp4fWnHAI3TaF0=; b=dbSc5UlAy+P52ixBQIHyfQe1B9ccfC2E6FDLmWdNl1y6l3qw+lrxCW/M9Ywp8ObHbpV+/T kTyyCMpQgjghFyf9UUWJ4qf2uJMbyBC/XLuJPvxqUJjNafWrD7j1FaFJjq8C/WD2yYpsht fikOGBd1XHULpW189wF0vxhuSJ3oEcQ=
Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11lp2170.outbound.protection.outlook.com [104.47.56.170]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-447-K30KfzQrN7amX51CRJuauQ-1; Mon, 06 Apr 2020 07:40:36 -0400
X-MC-Unique: K30KfzQrN7amX51CRJuauQ-1
Received: from CY4PR1601MB1254.namprd16.prod.outlook.com (2603:10b6:903:d4::12) by CY4PR1601MB1237.namprd16.prod.outlook.com (2603:10b6:903:d4::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2878.16; Mon, 6 Apr 2020 11:40:34 +0000
Received: from CY4PR1601MB1254.namprd16.prod.outlook.com ([fe80::8172:432c:9870:d8fc]) by CY4PR1601MB1254.namprd16.prod.outlook.com ([fe80::8172:432c:9870:d8fc%5]) with mapi id 15.20.2878.021; Mon, 6 Apr 2020 11:40:34 +0000
From: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>
To: Benjamin Kaduk <kaduk@mit.edu>, Dave Thaler <dthaler=40microsoft.com@dmarc.ietf.org>
CC: "teep@ietf.org" <teep@ietf.org>
Thread-Topic: [Teep] Working Group Last Call for HTTP Transport for Trusted Execution Environment Provisioning: Agent-to-TAM Communication
Thread-Index: AdXgu0iSExhAZRZISA2YiaXw3QSuswZ06BMAA04PiqAAMiKwgADd33mg
Date: Mon, 06 Apr 2020 11:40:34 +0000
Message-ID: <CY4PR1601MB12543F7452AF92D1BA431A1CEAC20@CY4PR1601MB1254.namprd16.prod.outlook.com>
References: <CY4PR1601MB12540E3731269EF636F9D5B1EA180@CY4PR1601MB1254.namprd16.prod.outlook.com> <CY4PR1601MB1254B12910386A4EB149D35EEAF80@CY4PR1601MB1254.namprd16.prod.outlook.com> <BL0PR2101MB1027EC4E9CBA532DEF0099E8A3C90@BL0PR2101MB1027.namprd21.prod.outlook.com> <20200402014031.GC50174@kduck.mit.edu>
In-Reply-To: <20200402014031.GC50174@kduck.mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.4.0.45
dlp-reaction: no-action
x-originating-ip: [185.221.69.46]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 5f847035-555d-41b7-9d53-08d7da1f51cf
x-ms-traffictypediagnostic: CY4PR1601MB1237:
x-microsoft-antispam-prvs: <CY4PR1601MB1237F2D4926D9421B3AD1791EAC20@CY4PR1601MB1237.namprd16.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:7691;
x-forefront-prvs: 0365C0E14B
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CY4PR1601MB1254.namprd16.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(10009020)(4636009)(346002)(366004)(396003)(39860400002)(136003)(376002)(32952001)(55016002)(478600001)(5660300002)(316002)(81166006)(2906002)(33656002)(66476007)(66556008)(66446008)(9686003)(110136005)(52536014)(81156014)(64756008)(76116006)(66946007)(71200400001)(8936002)(4326008)(8676002)(26005)(186003)(86362001)(7696005)(53546011)(6506007)(85282002); DIR:OUT; SFP:1101;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 3NOmG1ctoIlIoE9tpD58WPXOnwS7XterGnJ3q5CQV2chJgdpqCjyDHnp0dAKOe5if97eBonwzP8pfxUxViQfS6S+/QPEUc4dVIXEpQXlgA56R7ifEousozSIkw4XNvi1drnhLPsHPfiwaw0lsFDScATUoGM5FQKicKZKvojTlXOGp1jxNWK+89MDzn0KQ7V0SjbmrEcZJG8SQ3ENNJ4S5sClsGolnAAaulA62SiWOoJTl2/aOebUqBhWaMdAh64Slx7d/rW3sO26pbxW5C6xO2kynCDAimqzYea1KC5MMtZQZyqmNyeGelPF6We1xd9abVg5Nw+hizOjr3AuBaGFbNpkqzSMe/a68qE7uw6ShdxjwL3OjZ0qSuhJzdpM+fJqv8iCCjqZOGgaRqro9uhjMVfh21db+OhqtA7ezkiyuz0VRMpLQvjv3EMpyEVvUF6Eq1mh3L4Fr116L3hr1jw2qwjo72P4VuzzH/PBJyb2Se1YixL0Z7sHQHslR/R+r5qadmqeeHGS40c+Q2pyn2FSmQ==
x-ms-exchange-antispam-messagedata: u8cltDNLFl+Y2jvKvWPswaAS7wgOxueKjrxWOuvusANc7WY0tbsWTw4Gjukzc7R0WbSgn0y3SkGPgGau9tcm/EPDPLJ6bNaflp19Aejxlbbsrwq+GBd0siCrvYHTQ+kHngCaD8yEWL5ln2hZu9B9jg==
x-ms-exchange-transport-forked: True
MIME-Version: 1.0
X-OriginatorOrg: mcafee.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 5f847035-555d-41b7-9d53-08d7da1f51cf
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Apr 2020 11:40:34.6896 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4943e38c-6dd4-428c-886d-24932bc2d5de
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: meiee+L3txma+cKXFQtvkPNY/Viucnp0R8VRVbXAgo/p/tS8n7xbqSw03R6vdmKPGd6Myd0v+1sF4yrMHr4FTO37OtjGnxkojGINgubTKxEmfiZIGMojy8DhqplqfqIa
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR1601MB1237
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: mcafee.com
Content-Type: text/plain; charset="WINDOWS-1252"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/ZJFCvyfzJOVSX9QYobLwsPV-d-M>
Subject: Re: [Teep] Working Group Last Call for HTTP Transport for Trusted Execution Environment Provisioning: Agent-to-TAM Communication
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Apr 2020 11:40:40 -0000

Agree with Ben. I don't see a need to include debugging as a reason to discuss HTTP in the document. User-Agent, URL, HTTP version and other headers in clear text can be used for pervasive monitoring (for example, identifying the device, TAM provider etc.).  Further, the document discusses QUIC for future use and QUIC mandates TLS 1.3. 

-Tiru

> -----Original Message-----
> From: Benjamin Kaduk <kaduk@mit.edu>
> Sent: Thursday, April 2, 2020 7:11 AM
> To: Dave Thaler <dthaler=40microsoft.com@dmarc.ietf.org>
> Cc: Konda, Tirumaleswar Reddy <TirumaleswarReddy_Konda@McAfee.com>;
> teep@ietf.org
> Subject: Re: [Teep] Working Group Last Call for HTTP Transport for Trusted
> Execution Environment Provisioning: Agent-to-TAM Communication
> 
> CAUTION: External email. Do not click links or open attachments unless you
> recognize the sender and know the content is safe.
> 
> [quoting is a bit busted, since color doesn't make it into text/plain]
> 
> On Wed, Apr 01, 2020 at 02:37:52AM +0000, Dave Thaler wrote:
> >
> >
> >
> >
> >    From: TEEP <teep-bounces@ietf.org> On Behalf Of Konda, Tirumaleswar
> Reddy
> >    Sent: Saturday, March 14, 2020 11:05 PM
> >    To: teep@ietf.org
> >    Subject: Re: [Teep] Working Group Last Call for HTTP Transport for
> Trusted
> >    Execution Environment Provisioning: Agent-to-TAM Communication
> >
> >
> >    5)  HTTP is susceptible to several attacks including pervasive monitoring,
> >    any specific reason to support HTTP ?
> >
> >
> >
> >    For debugging purposes before putting it into production.
> 
> It's not really clear to me that we need to include something in the protocol
> spec that's just for debugging.  Do we really think people will not figure out
> that they can use non-TLS HTTP for locally debugging an HTTPS-based
> protocol?
> 
> >    Also some argue that since TEEP already does its own security layer
> >    inside, the value of multiple layers of security
> >
> >    Is diminished, especially if you're a constrained node looking to reduce
> >    code size.   The text in the security consideration
> 
> (IMO the multiple layers do different things and complement each other, in
> general.  I guess I haven't looked at this specific protocol in detail yet but
> there's a general theme across protocols.)
> 
> -Ben

v2.23.0 | Report a Bug | By Email