IETF Logo Mail Archive

Re: [Teep] IETF 101 agenda requests

"Wheeler, David M" <david.m.wheeler@intel.com> Tue, 27 March 2018 15:43 UTC

Return-Path: <david.m.wheeler@intel.com>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D91CE12DA6A; Tue, 27 Mar 2018 08:43:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.21
X-Spam-Level:
X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w4I7d21rWg86; Tue, 27 Mar 2018 08:43:55 -0700 (PDT)
Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C540612DA51; Tue, 27 Mar 2018 08:43:55 -0700 (PDT)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 27 Mar 2018 08:43:55 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.48,367,1517904000"; d="scan'208";a="27962163"
Received: from fmsmsx108.amr.corp.intel.com ([10.18.124.206]) by fmsmga008.fm.intel.com with ESMTP; 27 Mar 2018 08:43:54 -0700
Received: from fmsmsx115.amr.corp.intel.com (10.18.116.19) by FMSMSX108.amr.corp.intel.com (10.18.124.206) with Microsoft SMTP Server (TLS) id 14.3.319.2; Tue, 27 Mar 2018 08:43:54 -0700
Received: from crsmsx101.amr.corp.intel.com (172.18.63.136) by fmsmsx115.amr.corp.intel.com (10.18.116.19) with Microsoft SMTP Server (TLS) id 14.3.319.2; Tue, 27 Mar 2018 08:43:54 -0700
Received: from crsmsx102.amr.corp.intel.com ([169.254.2.248]) by CRSMSX101.amr.corp.intel.com ([169.254.1.143]) with mapi id 14.03.0319.002; Tue, 27 Mar 2018 09:43:52 -0600
From: "Wheeler, David M" <david.m.wheeler@intel.com>
To: Benjamin Kaduk <kaduk@mit.edu>, "faibish, sorin" <Faibish.Sorin@dell.com>
CC: teep <teep@ietf.org>, Dave Thaler <dthaler@microsoft.com>, "teep-chairs@ietf.org" <teep-chairs@ietf.org>
Thread-Topic: [Teep] IETF 101 agenda requests
Thread-Index: AdO9Xdcov18dMzNFTtSIcGlRK17eigEYdluQAEWk84AArP0PgAAE50aAABCON7A=
Date: Tue, 27 Mar 2018 15:43:52 +0000
Message-ID: <0627F5240443D2498FAA65332EE46C84367A64B7@CRSMSX102.amr.corp.intel.com>
References: <MWHPR21MB078111616FCDCF87134B0FC0A3D70@MWHPR21MB0781.namprd21.prod.outlook.com> <2313358402DBCC4DB2F2DC03CB08BBFEFF050A@MX304CL01.corp.emc.com> <20180323123925.GD25919@kduck.kaduk.org> <2313358402DBCC4DB2F2DC03CB08BBFE0100C5FE@MX304CL01.corp.emc.com> <20180327013301.GN44086@kduck.kaduk.org>
In-Reply-To: <20180327013301.GN44086@kduck.kaduk.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiOTJiNmZiMjktZjQwYy00Y2U4LWI3ZmQtODk3Y2M0YmU5ZmViIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE2LjUuOS4zIiwiVHJ1c3RlZExhYmVsSGFzaCI6Ind5UURCdCtSMTFOVVByM3pQbFlCbXJMR0VOdFFPT2ZkNFlVQlBrZjlnVVk9In0=
x-ctpclassification: CTP_NT
dlp-product: dlpe-windows
dlp-version: 11.0.0.116
dlp-reaction: no-action
x-originating-ip: [172.18.205.10]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/AvHvPbm4XfyT6aA7pDia7DECMt0>
Subject: Re: [Teep] IETF 101 agenda requests
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Mar 2018 15:43:58 -0000

Ben,
I agree with you regarding the question of charter, however, I think (please correct if I misunderstand) what Sorin is proposing is to use the DDoS example as a use case to evaluate if OTrP has considered the appropriate relationships and entities within the protocol that would allow the proposed DDoS solution to be implemented.

Our charter does state that "the solution approach must take a wide range of TEE and relevant technologies" and the architecture document includes "relevant use cases." Since the DDoS proposal includes an implementation where a TEE application implements a set of filtering policies, I believe it is relevant.

I think it is a very interesting use case, since it expands beyond a simple Device-User to Service-Provider situation, and creates a more complex interaction for the application - especially the interaction of the trusted application to aspects of the device itself (i.e. filtering outgoing packets). Is our policy for accepting TEE applications rich enough (or at least extensible enough) to enable a device/user to implement controls on what applications are allowed to do, perhaps even based on the service provider installing those applications.

I believe it is in our best interest to evaluate it, and the implications of such TEE applications. We can still come to the conclusion that some aspects of supporting such a use case may be out-of-scope, but it will give us concrete information to point to regarding what is exactly out-of-scope, why it breeches our scope, and perhaps direct future additions/expansions to the protocol.

Thanks,
Dave Wheeler


-----Original Message-----
From: TEEP [mailto:teep-bounces@ietf.org] On Behalf Of Benjamin Kaduk
Sent: Monday, March 26, 2018 6:33 PM
To: faibish, sorin <Faibish.Sorin@dell.com>
Cc: teep <teep@ietf.org>; Dave Thaler <dthaler@microsoft.com>; teep-chairs@ietf.org
Subject: Re: [Teep] IETF 101 agenda requests

On Mon, Mar 26, 2018 at 11:12:37PM +0000, faibish, sorin wrote:
> We discussed the DDoS in Singapore and we had a presentation on the DDoS:
> https://datatracker.ietf.org/meeting/100/materials/slides-100-saag-int
> er-domain-ddos-mitigations-potentials-challenges-and-solutions-min-suk
> -kang/
> 
> So, I would like to include this usecase as a target for the WG. I 
> will write a draft related to this usecase. Thanks

Wanting it to be a target and writing a draft are both orthogonal to the question of whether the work is in-charter.  (Rechartering to include it would of course be possible, through the normal
procedure...)

-Ben

> ../Sorin
> 
> -----Original Message-----
> From: Benjamin Kaduk [mailto:kaduk@mit.edu]
> Sent: Friday, March 23, 2018 8:39 AM
> To: faibish, sorin <faibish_sorin@emc.com>
> Cc: Dave Thaler <dthaler@microsoft.com>; teep <teep@ietf.org>; 
> teep-chairs@ietf.org
> Subject: Re: [Teep] IETF 101 agenda requests
> 
> Hi Sorin,
> 
> On Thu, Mar 22, 2018 at 09:26:22AM +0000, faibish, sorin wrote:
> > New proposed usecase for TEEP WG.
> > 
> > Most recently the frequency and intensity of DDoS attacks from IoT devices increased with attacks almost every day. The reason of the proliferation of DDoS attacks from IoT devices is a result of the lower and maybe inexistent security protection of cheap IoT devices that have no security features implemented as this would increase the cost of such devices using any security HW. In the current charter of TEEP there sre 3 usecases and I would like to add the protectioin against DDoS of IoT as a new usecase:
> 
> On a quick read of the charter, I don't see how this topic would be in scope -- am I missing something that would allow it?
> 
> Thanks,
> 
> Ben
> 
> _______________________________________________
> TEEP mailing list
> TEEP@ietf.org
> https://www.ietf.org/mailman/listinfo/teep

_______________________________________________
TEEP mailing list
TEEP@ietf.org
https://www.ietf.org/mailman/listinfo/teep

v2.23.0 | Report a Bug | By Email