Re: [Teep] [EXT] Re: Charter Text
Kaarthik Sivakumar <kaarthik.sk@gmail.com> Thu, 20 July 2017 11:05 UTC
Return-Path: <kaarthik.sk@gmail.com>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC9BA12EC13 for <teep@ietfa.amsl.com>; Thu, 20 Jul 2017 04:05:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.976
X-Spam-Level:
X-Spam-Status: No, score=-1.976 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.723, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yj-YuK6ULf0K for <teep@ietfa.amsl.com>; Thu, 20 Jul 2017 04:05:23 -0700 (PDT)
Received: from mail-wm0-x234.google.com (mail-wm0-x234.google.com [IPv6:2a00:1450:400c:c09::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9CE5A129AD1 for <teep@ietf.org>; Thu, 20 Jul 2017 04:05:22 -0700 (PDT)
Received: by mail-wm0-x234.google.com with SMTP id w191so23502140wmw.1 for <teep@ietf.org>; Thu, 20 Jul 2017 04:05:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=oauxan7tShhVCu6tfy+4gwxcZxSgAlz1rAeYXuNit8Y=; b=MBVIBRGSWGCZR20HoogBYCjVaGF/SHK1RpZIY2V5htmIwx9MN1ITkPPsSFUd8J05E5 gGcddfgUPF/8n5Vb9F3P0Shv3b/jZKZ3hRDss1OkjI7wfC/DbV/b4SSW9UnLmcngmYgv OsTIWu1HLM+5i4xw7/i7qgqUNU1Xbj+ogt0SysaYoWy5xZ5i0r5h9IJ/nV0pWJI/Z7r3 u9tnNyspWpb/SNwkV1qGajeMNEXpcSMFju595RbsihiLMf/Tvsma230Gd7WUwKrtMJrx 1sbCvt5T28MZPEygha9ACO6yt+r+XTqgn9LYFqFrxY2k0J4yi3RL+iM+BlR/AFUVvfMt jZYA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=oauxan7tShhVCu6tfy+4gwxcZxSgAlz1rAeYXuNit8Y=; b=Tfc0BpAfIVxq9pc1stsrRcX85WZVz/6Rkc2muce2CAN8oVd3/63V2MeyGyKkdT7mkF Cp1fWTYygoFGjunaR/x8T9MVPYt3ydMTQX3xM+5oXrsE9P/RG7eYHmfRu/kxx4ZDtcPs j7cbMm/b+5TmlkuZj5Ih8DIphueQ0QLbTNLJJtSmm2zc98StKKFuxzpcTUdzh0q9wRJ3 PTukAJRxEFZYEzs2XqOUQ36wSZT/Uxx2PCDEpMZskATOpr/dIaRMX89TAL6S9vjNjmok v8gfbV1OGpkuZPUwrgosuw0x8ZLU9TYGSWFnij+r6SLYR1IniNGzrxzyAg2vr8sbzsIy 5d/Q==
X-Gm-Message-State: AIVw1105ZDrWS9fsaqirQjrG4/1mliKzQsKeJvVrQjTBuX90KM/3pYpQ //Pw8pnpvF1oi9JuLp0=
X-Received: by 10.28.131.3 with SMTP id f3mr2178988wmd.181.1500548720852; Thu, 20 Jul 2017 04:05:20 -0700 (PDT)
Received: from ?IPv6:2001:420:c0c0:1007::194? ([2001:420:c0c0:1007::194]) by smtp.googlemail.com with ESMTPSA id j18sm3146612wrd.90.2017.07.20.04.05.19 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 20 Jul 2017 04:05:20 -0700 (PDT)
To: Mingliang Pei <Mingliang_Pei@symantec.com>
Cc: "Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com>, "teep@ietf.org" <teep@ietf.org>
References: <6EFD27BC-CE56-4112-AD20-C787520BEE87@cisco.com> <ec4426b9-3fdb-d58e-3c63-48db552dca69@gmail.com> <F34B91C6-EDBE-4F09-8302-19CECDDE781B@symantec.com>
From: Kaarthik Sivakumar <kaarthik.sk@gmail.com>
Message-ID: <de8e1f17-6ac5-1cbb-edaa-936e6761e02c@gmail.com>
Date: Thu, 20 Jul 2017 13:05:18 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.1.1
MIME-Version: 1.0
In-Reply-To: <F34B91C6-EDBE-4F09-8302-19CECDDE781B@symantec.com>
Content-Type: text/html; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/F1g8xzK7JzxIOKIGJA4suTIXV_k>
Subject: Re: [Teep] [EXT] Re: Charter Text
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Jul 2017 11:05:25 -0000
Yes, it does. Thanks.
-kaarthik-
Hi Kaarthik,
Thanks. I took your comment yesterday, and showed the architecture overview diagram that shows the device with TEE and remote TAM; I also recall multiple voice to say it as separate. It might get lost while the chat was fast. Let me try confirm and clarify here.
No, TEE is expected in device and TAM is expected to be remote. A TAM will generally manage many devices for one or more applications. The scope diagram intends to emphasize the TEE and TAM message exchange where the device icon is put below the TEE line. Thank you for pointing out the vague part of the picture. I took your comment and will revise the diagram to be explicit on this device and TAM host separation.
Does this help clarify the question 1? Thanks again,
Ming
Sent from iPhoneOne question. I was at the TEEP meeting yesterday and saw a (version of the) picture that showed TEE and TAM on the same hardware. The picture was later modified with a vertical bar between the TAM and TEE, but are they still expected to be in the same hardware device? Is that picture available somewhere?
I guess my answer to your first question is "not completely".
-kaarthik-
On 20/07/17 11:13 AM, Nancy Cam-Winget (ncamwing) wrote:
All,
Please provide feedback on the results of yesterday’s side meeting. In particular, we’d like to get feedback on whether this the right scope and if we have captured it appropriately. If it is not, also please comment and if possible, provide suggestions for improvement.
We would like to continue discussion over email and get consensus around the 2nd week of September so that we can have a path forward. In particular we would like to get answers for:
1) Do you understand what TEEP is trying to achieve?
2) Is this work that should be done in general?
3) Is this work that should be done in the IETF, or does it belong to somewhere else?
4) Should we form a WG with given charter to work on this?
Warm regards,
Nancy & Tero (TEEP BoF Chairs)
From: TEEP <teep-bounces@ietf.org> on behalf of Hannes Tschofenig <Hannes.Tschofenig@arm.com>
Date: Wednesday, July 19, 2017 at 5:56 AM
To: "teep@ietf.org" <teep@ietf.org>
Subject: [Teep] Charter Text
Here is the charter text we came up in the side-meeting today.
------
TEEP -- A Protocol for Dynamic Trusted Execution Environment Enablement Charter
The Trusted Execution Environment (TEE) is a secure area of a processor. The TEE provides security features, such as isolated execution, integrity of Trusted Applications along with confidentiality of their assets. In general terms, the TEE offers an execution space that provides a higher level of security than a "rich" operating system and more functionality than a secure element. For example, implementations of the TEE concept have been developed by ARM, and Intel using the TrustZone and the SGX technology, respectively.
To programmatically install, update, and delete applications running in the TEE, this protocol runs between a service running within the TEE, a relay application or service access point on the device's network stack and a server-side infrastructure that interacts with and optionally maintains the applications. Some tasks are security sensitive and the server side requires information about the device characteristics in form of attestation and the device-side may require information about the server.
Privacy considerations have to be taken into account with authentication features and attestation.
This working group aims to develop an application layer protocol providing TEEs with the following functionality,
* lifecycle management of trusted applications, and
* security domain management.
A security domain allows a service provider's applications to be isolated so that one security domain cannot be influenced by another, unless it exposes an API to allow it.
The solution approach must take a wide range of TEE and relevant technologies into account and will focus on the use of public key cryptography.
The group will produce the following deliverables. First, an architecture document describing the involved entities, their relationships, assumptions, the keying framework and relevant use cases. Second, a solution document that describes the above-described functionality. The choice of encoding format(s) will be decided in the working group. The group may document several attestation technologies considering the different hardware capabilities, performance, privacy and operational properties.
The group will maintain a close relationship with the GlobalPlatform, Trusted Computing Group, and other relevant standards to ensure proper use of existing TEE-relevant application layer interfaces.
Milestones
Dec 2017 Submit "TEEP Architecture" document as WG item.
Feb 2018 Submit "TEEP Protocol" document as WG item.
July 2018 Submit "TEEP Architecture" to the IESG for publication as an Informational RFC.
Feb 2019 Submit "TEEP Protocol" to the IESG for publication as a Proposed Standard.
Additional calendar items:
Nov 2017 IETF #100 Hackathon to work on TEEP protocol prototype implementations.
Mar 2018 1st interoperability event (at IETF #101).
Jul 2018 2nd interoperability event (at IETF #102).
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
_______________________________________________ TEEP mailing list TEEP@ietf.org https://www.ietf.org/mailman/listinfo/teep" rel="nofollow">https://www.ietf.org/mailman/listinfo/teep
_______________________________________________
TEEP mailing list
TEEP@ietf.org
https://www.ietf.org/mailman/listinfo/teep" rel="nofollow">https://www.ietf.org/mailman/listinfo/teep
- [Teep] Charter Text Hannes Tschofenig
- Re: [Teep] Charter Text Nancy Cam-Winget (ncamwing)
- Re: [Teep] Charter Text Petr Peterka
- Re: [Teep] Charter Text Kaarthik Sivakumar
- Re: [Teep] [EXT] Re: Charter Text Mingliang Pei
- Re: [Teep] [EXT] Re: Charter Text Kaarthik Sivakumar
- Re: [Teep] Charter Text Lubna Dajani
- Re: [Teep] Charter Text Nancy Cam-Winget (ncamwing)
- Re: [Teep] Charter Text 刘大鹏(鹏成)
- Re: [Teep] Charter Text Dapeng Liu
- Re: [Teep] Charter Text Nancy Cam-Winget (ncamwing)
- Re: [Teep] Charter Text Dapeng Liu
- Re: [Teep] Charter Text Mingliang Pei
- Re: [Teep] Charter Text Paczkowski, Lyle W [CTO]
- Re: [Teep] Charter Text zhoup@bjleisen.com
- Re: [Teep] [EXT] RE: Charter Text Mingliang Pei
- Re: [Teep] Charter Text Nancy Cam-Winget (ncamwing)
- Re: [Teep] Charter Text Jeremy O'Donoghue
- Re: [Teep] Charter Text Wheeler, David M
- Re: [Teep] Charter Text Jeremy O'Donoghue
- Re: [Teep] Charter Text Nancy Cam-Winget (ncamwing)
- Re: [Teep] [EXT] Re: Charter Text Brian Witten
- Re: [Teep] [EXT] Re: Charter Text Dave Thaler
- Re: [Teep] [EXT] Re: Charter Text 刘大鹏(鹏成)
- Re: [Teep] [EXT] Re: Charter Text Dave Thaler
- Re: [Teep] [EXT] Re: Charter Text 刘大鹏(鹏成)
- Re: [Teep] [EXT] Re: Charter Text Dave Thaler
- Re: [Teep] Charter Text Dave Thaler
- Re: [Teep] Charter Text Robert Broberg
- Re: [Teep] Charter Text Jeremy O'Donoghue
- Re: [Teep] Charter Text Hank Chavers