IETF Logo Mail Archive

Re: [Teep] IETF 101 agenda requests

Dave Thaler <dthaler@microsoft.com> Tue, 27 March 2018 16:33 UTC

Return-Path: <dthaler@microsoft.com>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B47012D77A; Tue, 27 Mar 2018 09:33:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PyPfpLvf3KSA; Tue, 27 Mar 2018 09:33:43 -0700 (PDT)
Received: from NAM03-CO1-obe.outbound.protection.outlook.com (mail-co1nam03on0123.outbound.protection.outlook.com [104.47.40.123]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9D1FA127863; Tue, 27 Mar 2018 09:33:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=PNRcUQfVQKfPFEXS1+VqAcxqTXpl/9NQdYWGlXfcwhc=; b=FOyJS0D5jrye1naRcZmyoBVZG/le1NcUwDFdmQobb0bsuDK+A+ei5zrwZkdPUuCm1YAh6Ta1Nwjg6zgLgdCJVv9cjEvul6rt8cGn+aywfUo8InaJbCIumWzP+9ufgGiodVfwoCxrb3NZeJHKllmCsU3IUA3YN8D93sKTg4B1gEw=
Received: from CY4PR21MB0774.namprd21.prod.outlook.com (10.173.192.20) by CY4PR21MB0151.namprd21.prod.outlook.com (10.173.189.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.653.0; Tue, 27 Mar 2018 16:33:41 +0000
Received: from CY4PR21MB0774.namprd21.prod.outlook.com ([fe80::41f5:f274:8793:f7b1]) by CY4PR21MB0774.namprd21.prod.outlook.com ([fe80::41f5:f274:8793:f7b1%8]) with mapi id 15.20.0653.002; Tue, 27 Mar 2018 16:33:41 +0000
From: Dave Thaler <dthaler@microsoft.com>
To: "Wheeler, David M" <david.m.wheeler@intel.com>, Benjamin Kaduk <kaduk@mit.edu>, "faibish, sorin" <Faibish.Sorin@dell.com>
CC: teep <teep@ietf.org>, "teep-chairs@ietf.org" <teep-chairs@ietf.org>
Thread-Topic: [Teep] IETF 101 agenda requests
Thread-Index: AdO9Xdcov18dMzNFTtSIcGlRK17eigEYdluQADkSTYAArP0PgAAE50aAAB23MQAAAJWuwA==
Date: Tue, 27 Mar 2018 16:33:41 +0000
Message-ID: <CY4PR21MB0774D423B19953CE1F8A21ECA3AC0@CY4PR21MB0774.namprd21.prod.outlook.com>
References: <MWHPR21MB078111616FCDCF87134B0FC0A3D70@MWHPR21MB0781.namprd21.prod.outlook.com> <2313358402DBCC4DB2F2DC03CB08BBFEFF050A@MX304CL01.corp.emc.com> <20180323123925.GD25919@kduck.kaduk.org> <2313358402DBCC4DB2F2DC03CB08BBFE0100C5FE@MX304CL01.corp.emc.com> <20180327013301.GN44086@kduck.kaduk.org> <0627F5240443D2498FAA65332EE46C84367A64B7@CRSMSX102.amr.corp.intel.com>
In-Reply-To: <0627F5240443D2498FAA65332EE46C84367A64B7@CRSMSX102.amr.corp.intel.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Owner=dthaler@ntdev.microsoft.com; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2018-03-27T16:33:40.2818318Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Application=Microsoft Azure Information Protection; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Extended_MSFT_Method=Automatic; Sensitivity=General
x-originating-ip: [73.59.106.235]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; CY4PR21MB0151; 7:i6Rk0kOvXBfkzTkR+PkOnDEQW+J5ydtcggSmanZmHdmo0628s9CQKRfJNYmyLlzVOPLJsq19aeeOZiXhLFTHV9biblkVQ8DQmpmSP7OMaxYkvyjT2n9KGVyz1+4DIrq8AB5lBHm9v4NqKIYALT8GHHUg6bke4rN5dmQmQ7XB1Pg6q9Z7Miyxf3oHcgW0Mt4GdIuUCW9w+PnyPFrkw3D/Ug+mCdW0L2rQOTq6jfhsLc4sfXeDOmNauRpUK9+kfW2a; 20:h3I0C/LPydzwfyMZM4z9VISjbMUUD9INKUV3+DsMbZN+Qj7DkgwJlcpOrziY0u3skH4vPGDP/1aPMEFsOVeOkYK7toCmNhmBHdOYi8R0D0MvCGDoRZTsj46VdXfTcyb2MHN9WXHsWO4fiwVLzj4QasfaK7Tdjuosb+uy+DgtHE8=
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 30d44dab-4a7b-4708-fbbe-08d594008038
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(3008032)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:CY4PR21MB0151;
x-ms-traffictypediagnostic: CY4PR21MB0151:
x-microsoft-antispam-prvs: <CY4PR21MB0151DC00BDD17DE58172C789A3AC0@CY4PR21MB0151.namprd21.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(278428928389397)(89211679590171)(192374486261705)(189930954265078)(219752817060721)(240460790083961)(56004941905204)(228905959029699);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(61425038)(6040522)(2401047)(5005006)(8121501046)(3231221)(944501327)(52105095)(3002001)(93006095)(93001095)(10201501046)(6055026)(61426038)(61427038)(6041310)(20161123560045)(20161123558120)(20161123564045)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011); SRVR:CY4PR21MB0151; BCL:0; PCL:0; RULEID:; SRVR:CY4PR21MB0151;
x-forefront-prvs: 0624A2429E
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39380400002)(366004)(376002)(39860400002)(396003)(346002)(189003)(199004)(13464003)(3846002)(53936002)(6116002)(105586002)(102836004)(5660300001)(106356001)(7696005)(33656002)(86612001)(81166006)(25786009)(561944003)(2906002)(59450400001)(81156014)(8676002)(4326008)(3280700002)(6506007)(76176011)(97736004)(53546011)(10290500003)(6246003)(3660700001)(8936002)(486005)(22452003)(446003)(6436002)(11346002)(229853002)(99286004)(486005)(10090500001)(476003)(9686003)(6306002)(74316002)(316002)(110136005)(66066001)(5250100002)(478600001)(966005)(14454004)(54906003)(8990500004)(8666007)(305945005)(93886005)(55016002)(7736002)(186003)(2171002)(86362001)(68736007)(575784001)(26005)(2900100001)(6346003); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR21MB0151; H:CY4PR21MB0774.namprd21.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=dthaler@microsoft.com;
x-microsoft-antispam-message-info: QStSUffKeo9LUycpDSDibdNmWKH+zOowitqLFIg+722iw6WXxD13nBCaQpAuW0lalCUdIvAYFxnfY/GVkZCjNJ++qFlT/WrMkpiC37+sUc7NJrRJae374toBE0QBisdYMneXzrxKe8Dx/4zSN9RSdetil/XtOtm5Jl5aWtQkt0FpwA2E4pt/W9GMCTSvZKu02PqwqXp2GYw35pHw7KN8GUluuotwxnVA5oxBa+hATwCJCMcGAU4ROAN7oz0Q16QdnarAtSzeyQ1kttKvULJ6Wf2R5tnTwoLrj3QOCA9bk2yZDJ5Pz3SmBMXBZbJYICQSDlP0gb9N+X769EJRtNn3+g==
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 30d44dab-4a7b-4708-fbbe-08d594008038
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Mar 2018 16:33:41.3450 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR21MB0151
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/FhifqvRUMJdflt4AXPFU6FLCbqU>
Subject: Re: [Teep] IETF 101 agenda requests
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Mar 2018 16:33:47 -0000

On slide 6 of the "Problem Statement" slides there were three use cases for Trusted Applications
(as opposed to use cases for OTrP or TEEP per se), of which one was IoT. 

The Mirai botnet attack used the REE (not a TEE) of devices to conduct attacks against an external entity.  Since
TEEP is about TEE provisioning, not REE provisioning, TEEP is not directly applicable to controlling how/whether
malware can be installed in the REE.

I think what David's saying is that a provisioned TEE application could have functionality to detect/mitigate something
malicious that it detects an REE app is doing.  That's true, just like the TEE application could do anything else
(compute pi, etc.) but we shouldn't try to enumerate every operation that a TEE application might try to do, just 
things that introduce requirements on OTrP.

In the "TEEP Use Cases" slides for IETF 101, these are use cases for OTrP (as opposed to use cases for Trusted Apps in general).
In the discussion around slide 6, we agreed that Rich Apps are largely orthogonal because they don't introduce
new requirements on the OTrP protocol.   I think Ben's saying this is similarly orthogonal.

For it to not be orthogonal, one would have to argue how/why it affects the OTrP protocol itself.  If there is such
an argument, that would be a good way to continue this discussion.  If not, or if we don't know if there is,
then it's orthogonal until such an argument is provided.

Dave

-----Original Message-----
From: Wheeler, David M <david.m.wheeler@intel.com> 
Sent: Tuesday, March 27, 2018 8:44 AM
To: Benjamin Kaduk <kaduk@mit.edu>; faibish, sorin <Faibish.Sorin@dell.com>
Cc: teep <teep@ietf.org>; Dave Thaler <dthaler@microsoft.com>; teep-chairs@ietf.org
Subject: RE: [Teep] IETF 101 agenda requests

Ben,
I agree with you regarding the question of charter, however, I think (please correct if I misunderstand) what Sorin is proposing is to use the DDoS example as a use case to evaluate if OTrP has considered the appropriate relationships and entities within the protocol that would allow the proposed DDoS solution to be implemented.

Our charter does state that "the solution approach must take a wide range of TEE and relevant technologies" and the architecture document includes "relevant use cases." Since the DDoS proposal includes an implementation where a TEE application implements a set of filtering policies, I believe it is relevant.

I think it is a very interesting use case, since it expands beyond a simple Device-User to Service-Provider situation, and creates a more complex interaction for the application - especially the interaction of the trusted application to aspects of the device itself (i.e. filtering outgoing packets). Is our policy for accepting TEE applications rich enough (or at least extensible enough) to enable a device/user to implement controls on what applications are allowed to do, perhaps even based on the service provider installing those applications.

I believe it is in our best interest to evaluate it, and the implications of such TEE applications. We can still come to the conclusion that some aspects of supporting such a use case may be out-of-scope, but it will give us concrete information to point to regarding what is exactly out-of-scope, why it breeches our scope, and perhaps direct future additions/expansions to the protocol.

Thanks,
Dave Wheeler


-----Original Message-----
From: TEEP [mailto:teep-bounces@ietf.org] On Behalf Of Benjamin Kaduk
Sent: Monday, March 26, 2018 6:33 PM
To: faibish, sorin <Faibish.Sorin@dell.com>
Cc: teep <teep@ietf.org>; Dave Thaler <dthaler@microsoft.com>; teep-chairs@ietf.org
Subject: Re: [Teep] IETF 101 agenda requests

On Mon, Mar 26, 2018 at 11:12:37PM +0000, faibish, sorin wrote:
> We discussed the DDoS in Singapore and we had a presentation on the DDoS:
> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatat
> racker.ietf.org%2Fmeeting%2F100%2Fmaterials%2Fslides-100-saag-int&data
> =02%7C01%7Cdthaler%40microsoft.com%7C105f96f6b0744e2a276408d593f98cc2%
> 7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636577622384270342&sdata=
> 32qt5mT4aXYjJ9gZW%2BFRegXm4GbM%2FWlOpwh6XmnJ84I%3D&reserved=0
> er-domain-ddos-mitigations-potentials-challenges-and-solutions-min-suk
> -kang/
> 
> So, I would like to include this usecase as a target for the WG. I 
> will write a draft related to this usecase. Thanks

Wanting it to be a target and writing a draft are both orthogonal to the question of whether the work is in-charter.  (Rechartering to include it would of course be possible, through the normal
procedure...)

-Ben

> ../Sorin
> 
> -----Original Message-----
> From: Benjamin Kaduk [mailto:kaduk@mit.edu]
> Sent: Friday, March 23, 2018 8:39 AM
> To: faibish, sorin <faibish_sorin@emc.com>
> Cc: Dave Thaler <dthaler@microsoft.com>; teep <teep@ietf.org>; 
> teep-chairs@ietf.org
> Subject: Re: [Teep] IETF 101 agenda requests
> 
> Hi Sorin,
> 
> On Thu, Mar 22, 2018 at 09:26:22AM +0000, faibish, sorin wrote:
> > New proposed usecase for TEEP WG.
> > 
> > Most recently the frequency and intensity of DDoS attacks from IoT devices increased with attacks almost every day. The reason of the proliferation of DDoS attacks from IoT devices is a result of the lower and maybe inexistent security protection of cheap IoT devices that have no security features implemented as this would increase the cost of such devices using any security HW. In the current charter of TEEP there sre 3 usecases and I would like to add the protectioin against DDoS of IoT as a new usecase:
> 
> On a quick read of the charter, I don't see how this topic would be in scope -- am I missing something that would allow it?
> 
> Thanks,
> 
> Ben
> 
> _______________________________________________
> TEEP mailing list
> TEEP@ietf.org
> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.i
> etf.org%2Fmailman%2Flistinfo%2Fteep&data=02%7C01%7Cdthaler%40microsoft
> .com%7C105f96f6b0744e2a276408d593f98cc2%7C72f988bf86f141af91ab2d7cd011
> db47%7C1%7C0%7C636577622384270342&sdata=1F4dZBFAumiRdEl7G4FYn0bO9VSzFy
> k%2BSkxW6cCfesw%3D&reserved=0

_______________________________________________
TEEP mailing list
TEEP@ietf.org
https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fteep&data=02%7C01%7Cdthaler%40microsoft.com%7C105f96f6b0744e2a276408d593f98cc2%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636577622384270342&sdata=1F4dZBFAumiRdEl7G4FYn0bO9VSzFyk%2BSkxW6cCfesw%3D&reserved=0

v2.23.0 | Report a Bug | By Email