[Teep] Quick review of draft-deng-teep-cvmp
Hannes Tschofenig <hannes.tschofenig@gmx.net> Sun, 03 December 2023 09:10 UTC
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D4E4C14F75F; Sun, 3 Dec 2023 01:10:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmx.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9G04M3kU1tZA; Sun, 3 Dec 2023 01:10:34 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 88865C14F74E; Sun, 3 Dec 2023 01:10:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=s31663417; t=1701594628; x=1702199428; i=hannes.tschofenig@gmx.net; bh=5yEtw1OF0apo6dCL+HZ+GEj1WCk4wsrwskzGBf0YCGw=; h=X-UI-Sender-Class:Date:To:From:Subject; b=EyQL5jBncBGZx42FlfWY/+3SdSoiLDHbf85Ixyhqtnnv4VCzeBZPLMFm+hyufRGr HX87an9JXNwVWZ/OD26iJRT8ukGAZ1MK4sAzk1vOKCLbZ7Ohh6cUZNQAWZ36RZ+50 p2DUKP+SW4f1auqMuP55QQy1LfualCFGvOV+6VpWbG6i48YZEpeYB9u3jB0ZFWP3E 9RtoGqg489iO1ujSHenbdITtNY6OTXDEGP9kyOrJbmCOKlJZ746np8eJZUf+VCs4H 5NfkQRQ+DNQ5tvusDEfWyu6PJ3tmuz3RzBLT1nJa7/z0vjgE0D2pV2D7O25tdQ4sc nshxetXRWyoTVkN4wQ==
X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a
Received: from [172.16.254.186] ([185.176.157.173]) by mail.gmx.net (mrgmx005 [212.227.17.190]) with ESMTPSA (Nemesis) id 1MYNNo-1qoFVe2Yb4-00VPeO; Sun, 03 Dec 2023 10:10:28 +0100
Message-ID: <10d5ff7b-c694-452f-bc09-a9bc6e731f41@gmx.net>
Date: Sun, 03 Dec 2023 10:10:29 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: "TEEP@ietf.org" <teep@ietf.org>, dengjuan.deng=40alibaba-inc.com@dmarc.ietf.org
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
X-Provags-ID: V03:K1:hsNRQhvDJspnYRK6/NaNKUrSpjiQpHJY3rxQzyqE94RxlZhKHW5 kU7Y169oTNufA0WTLGk6BY2+cbpuxpiXruKOnfP+2VCkHmJ+2nuHzqJDUAZ7FRc/HwoSuG/ 14dglFqpQTXoPIz1LZZgGNUJShUL7BwP2cejRMGzG7NQeI24dVqzEW/1slQeP1mrJjN211G 2tqQUeiC0Dbn/vD+6IHsA==
UI-OutboundReport: notjunk:1;M01:P0:JJPEXCYRD7Q=;rIUCzb3zRV7Hp/2YabqHcwgPKau OUMONMn/BzFdUgY5uHB0gwbNLcjQEYyjtVgEo5b3BUQeVI5fBAS0LBFN8mxFlTun0OZ9F5FQi bG4feOPuCZwV7l3HeyvW/9lxMsw4JKMp40F8+qiKsOAXKxR1BsHmZ8fKLV5KOAYHdxwgPObzL LPDc05NRREEX+VuK2TVHNvhBpcSVmVvxgA6nBiz25TBUNbeqXctmC7UcB8PSy5+lu5//m7B60 9Oqhx+Irwr38xW4bF1da2sOmbMlV6zw3hdVCx/NisEYIOqq5nj7zkBIknEFnecoPf/GpIXOx4 aLpmNCx5/3tqXNoR+/tqe0fjudDjcJUFx/c/QmZtnzF/eL39c0GYDFKDvOJJU3wkpr7ZW4BUL P6EE5DzKeELr9Z/XZ6KmgTZHC6fotooebAHuLWglPAG5DYggciqKRXe4M2MuE54Au6IR+UagN 8VMfsS8jzq7wbZ90YbKyV0vICUs9mGilYvNKQldLb3OXDpCbpLAW4zDTIx7PbDvxI5rE6sa4t iIg2DpGa12/47k6xUkXJdwkVZ6QJ6xgdGVa33SCUrCjPtNcfnwtsttGbvNXqYJ1l8bw1wWg2e Tae9A+/LaBkyy0oc0Ppr0oIRFLPHK6+jQEb222g1wN0sp4MyZ8Re9wJvTW7ECEnvLBMW95kBr RYZXat5d5OCEqFQK4UFfGGyvOJaZs8Gafi4/wcuEYxaTAj4ZJgvUchnvOFfPBFtRkSm9GxNVg E6UC1IXdpnzJf/PBEhT4+iG2c2TRMK7eY2zjZIofuOOr9Wz/OwgD7xm26bi197LnuUFa4lwja RUOnV3mZ5c352X8bIiBGYDNJ7o5JcK8BoSpF9df1xchxy0mbU2q9IsvIhAIv8iFspX62zPqgr cuUnSLavRZgPQBdTTBzMcWKVBWAW7/rI0PnWHPfVOiQL68aqVngbpmNJNQQVZxC9sE2FvoM1Z sTIRjYCCNPYco2Up4SnnnhFoM1M=
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/G_cHwEMw5GWK_jAeAVHZjfN1y7o>
Subject: [Teep] Quick review of draft-deng-teep-cvmp
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 03 Dec 2023 09:10:39 -0000
Hi Juan, thanks for submitting draft-deng-teep-cvmp. I quickly browsed through the document and noticed a few things You didn't ... - re-use any of the existing TEEP terminology and architecture. You might want to take a look at https://www.rfc-editor.org/rfc/rfc9397.html Let me/us know whether the terms or the architecture are not a good fit for your use case. - utilize the TEEP protocol, see https://datatracker.ietf.org/doc/draft-ietf-teep-protocol/, although the functionality appears to be remarkably similiar. For example, the "Feature Acquirement" step correspond to the QueryRequest/QueryResponse where attestation information and other features are exchanged. Do you believe you cannot use the TEEP protocol for your use case? - explain what the provisioned keys are used for. In the TEEP protocol we provision keys for encrypting the software and personalization data. Are you provisioning keys for a different purpose? Ciao Hannes
- [Teep] Quick review of draft-deng-teep-cvmp Hannes Tschofenig