Re: [Teep] AD review of draft-ietf-teep-architecture-15
Benjamin Kaduk <kaduk@mit.edu> Thu, 17 March 2022 19:59 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 534E83A155D; Thu, 17 Mar 2022 12:59:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.906
X-Spam-Level:
X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J0zTEMMk0vcM; Thu, 17 Mar 2022 12:59:50 -0700 (PDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 762113A158D; Thu, 17 Mar 2022 12:59:49 -0700 (PDT)
Received: from kduck.mit.edu (c-73-169-244-254.hsd1.wa.comcast.net [73.169.244.254]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 22HJxeic010691 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 17 Mar 2022 15:59:46 -0400
Date: Thu, 17 Mar 2022 12:59:40 -0700
From: Benjamin Kaduk <kaduk@mit.edu>
To: Dave Thaler <dthaler@microsoft.com>
Cc: "draft-ietf-teep-architecture.all@ietf.org" <draft-ietf-teep-architecture.all@ietf.org>, "teep@ietf.org" <teep@ietf.org>
Message-ID: <20220317195940.GF13021@kduck.mit.edu>
References: <20220107200159.GP11486@mit.edu> <CH2PR21MB146471B9235CD854338D952FA3029@CH2PR21MB1464.namprd21.prod.outlook.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CH2PR21MB146471B9235CD854338D952FA3029@CH2PR21MB1464.namprd21.prod.outlook.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/CBYhmKyfjG6JXoAf6WiArWqDOiI>
Subject: Re: [Teep] AD review of draft-ietf-teep-architecture-15
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Mar 2022 19:59:55 -0000
Hi Dave, Thanks for the updates to this and the HTTP transport. Everything looks good, so I'll go kick off the IETF LC (which will be extended a week as it overlaps IETF 113). On Tue, Mar 01, 2022 at 12:13:38AM +0000, Dave Thaler wrote: > Ok, I've now addressed the comments on this document and will submit an update soon. Responses with [DT] below. [...] > Section 9.4 > > > > certificate. Such validation includes checking for certificate > > revocation. See Section 6 of [RFC5280] for details. > > > > Might OCSP (including stapling) or other non-CRL mechanisms be in scope? Is it worth mentioning RFC 6960 or 6961 as well as 5280 here? > > > > [DT] At IETF 111, the TEEP WG got consensus to not depend on OCSP and remove such references from the protocol spec. Meeting discussion is documented in https://datatracker.ietf.org/meeting/111/materials/minutes-111-teep-00 which says > > among other things: > > * Russ made the argument that OCSP stappling might be difficult for constrained node. He was arguing that there are more lightweight solutions. > * Ben: OCSP does not really make sense with COSE. You might just be using hard-coded keys and you might be updating keys with software updates. It is probably still worth to mention that there is a need for revocation. Haha, I guess my memory is going :) Thanks for the reminder. -Ben
- [Teep] AD review of draft-ietf-teep-architecture-… Benjamin Kaduk
- Re: [Teep] AD review of draft-ietf-teep-architect… Dave Thaler
- Re: [Teep] AD review of draft-ietf-teep-architect… Benjamin Kaduk
- Re: [Teep] AD review of draft-ietf-teep-architect… Dave Thaler
- Re: [Teep] AD review of draft-ietf-teep-architect… Mingliang Pei