Re: [Teep] AD review of draft-ietf-teep-architecture-15
Mingliang Pei <mingliang.pei@broadcom.com> Thu, 17 March 2022 23:40 UTC
Return-Path: <mingliang.pei@broadcom.com>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ED9FE3A1104 for <teep@ietfa.amsl.com>; Thu, 17 Mar 2022 16:40:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.109
X-Spam-Level:
X-Spam-Status: No, score=-2.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=broadcom.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hUnLhwr3y2AF for <teep@ietfa.amsl.com>; Thu, 17 Mar 2022 16:39:57 -0700 (PDT)
Received: from mail-oo1-xc30.google.com (mail-oo1-xc30.google.com [IPv6:2607:f8b0:4864:20::c30]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8D5DF3A0D40 for <teep@ietf.org>; Thu, 17 Mar 2022 16:39:56 -0700 (PDT)
Received: by mail-oo1-xc30.google.com with SMTP id u30-20020a4a6c5e000000b00320d8dc2438so8347222oof.12 for <teep@ietf.org>; Thu, 17 Mar 2022 16:39:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=broadcom.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=tAZ/mTlwKRUAHMW06OspxmoNjzvjcM8rKb1sXTjOCdY=; b=GxuMNQWQ8QlXf5kPBHBtt138WZeFvKtrsNxe8uNiDz+vtQtNB38UhajDLnGlcX28V+ 2Bcx8XQWCJJqOA/vg7raQzsrIaPEekYWC2OsiAiEENdKwXnWgcA4CmS5/gZVEsn1Dhzg I2qBdM4AogHeMhChOhEc7Eq1M6l6iurPPEvpo=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=tAZ/mTlwKRUAHMW06OspxmoNjzvjcM8rKb1sXTjOCdY=; b=3Bi4NdST69AjayNGGAwO2g+Sw/ALOobXE3ewnBlbId6pt9Wjf13vpbIZTCuxhlTheQ CF3/8031gNufJWt/QYel1OyXBAn9Ugc6HhpSFwKHyOnQr46SWwwC7KvCKLoSN30RFRCW 1M+auBt12pszA+Bsgmn7CbAEn8DKfIhtDk1kSTrHIPLF2gaqCo/hlV2t1/485kylolhj 4MhQXy/fdTz27nhZXRzfN34CuZMiZG50pABxBm5imr3g2JG/13wez4nGE1xOM96ZynjV 9X71wSYV6ABhCdTb8VyvLEkKdzhD36ePoRfzEe3mrQy5ZfvEREO33tBv6PRbyCJeTFR/ TV3g==
X-Gm-Message-State: AOAM533qAoknn/x6wuSIRNIsmlnMnhCTostXLS5Jvi5XkWn1lNqF66I1 yAxUy1xWSc6W1LTO33eIiYGQ2PpY7oSM4fuzIlb+uWmWQADgSn2N3jkrrTMAHzb5N0A/0QXmMF9 2bBehDB6YGnk=
X-Google-Smtp-Source: ABdhPJwR49BPMpaAZhQT/9GYDL5K7GOC1/TgrSeAdTu/AOZQZm5MVNUd1CwXRKO47jDCZD1OJWTwzSS1xs4f7W+gXCw=
X-Received: by 2002:a05:6871:811:b0:dd:b8ea:6bb1 with SMTP id q17-20020a056871081100b000ddb8ea6bb1mr2273128oap.43.1647560395657; Thu, 17 Mar 2022 16:39:55 -0700 (PDT)
MIME-Version: 1.0
References: <20220107200159.GP11486@mit.edu> <CH2PR21MB146471B9235CD854338D952FA3029@CH2PR21MB1464.namprd21.prod.outlook.com> <20220317195940.GF13021@kduck.mit.edu> <CH2PR21MB1464D727615D20682E835C13A3129@CH2PR21MB1464.namprd21.prod.outlook.com>
In-Reply-To: <CH2PR21MB1464D727615D20682E835C13A3129@CH2PR21MB1464.namprd21.prod.outlook.com>
From: Mingliang Pei <mingliang.pei@broadcom.com>
Date: Thu, 17 Mar 2022 16:39:44 -0700
Message-ID: <CABDGos47DZMhpzkhkNekLbgn3eOH1_QsS9wYz_jfTLPyPHFcsw@mail.gmail.com>
To: Dave Thaler <dthaler@microsoft.com>
Cc: Benjamin Kaduk <kaduk@mit.edu>, "draft-ietf-teep-architecture.all@ietf.org" <draft-ietf-teep-architecture.all@ietf.org>, "teep@ietf.org" <teep@ietf.org>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="00000000000026cc2905da728ca2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/In8IgUTp5b-UnH4DRAHyRYxFCKA>
Subject: Re: [Teep] AD review of draft-ietf-teep-architecture-15
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Mar 2022 23:40:03 -0000
Hi Ben, thanks very much, Ming On Thu, Mar 17, 2022 at 3:22 PM Dave Thaler <dthaler@microsoft.com> wrote: > Great, thanks Ben! > > -----Original Message----- > From: TEEP <teep-bounces@ietf.org> On Behalf Of Benjamin Kaduk > Sent: Thursday, March 17, 2022 1:00 PM > To: Dave Thaler <dthaler@microsoft.com> > Cc: draft-ietf-teep-architecture.all@ietf.org; teep@ietf.org > Subject: Re: [Teep] AD review of draft-ietf-teep-architecture-15 > > Hi Dave, > > Thanks for the updates to this and the HTTP transport. > Everything looks good, so I'll go kick off the IETF LC (which will be > extended a week as it overlaps IETF 113). > > On Tue, Mar 01, 2022 at 12:13:38AM +0000, Dave Thaler wrote: > > Ok, I've now addressed the comments on this document and will submit an > update soon. Responses with [DT] below. > [...] > > Section 9.4 > > > > > > > > certificate. Such validation includes checking for certificate > > > > revocation. See Section 6 of [RFC5280] for details. > > > > > > > > Might OCSP (including stapling) or other non-CRL mechanisms be in > scope? Is it worth mentioning RFC 6960 or 6961 as well as 5280 here? > > > > > > > > [DT] At IETF 111, the TEEP WG got consensus to not depend on OCSP and > remove such references from the protocol spec. Meeting discussion is > documented in > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fmeeting%2F111%2Fmaterials%2Fminutes-111-teep-00&data=04%7C01%7Cdthaler%40microsoft.com%7C924fe8bc1853401cbf7808da0850b862%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637831440480799292%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=rR%2FCcLrVFTEAsZTEkxzl%2BU6YCs3HUkgykfWo9nWbnqM%3D&reserved=0 > which says > > > > among other things: > > > > * Russ made the argument that OCSP stappling might be difficult for > constrained node. He was arguing that there are more lightweight solutions. > > * Ben: OCSP does not really make sense with COSE. You might just be > using hard-coded keys and you might be updating keys with software updates. > It is probably still worth to mention that there is a need for revocation. > > Haha, I guess my memory is going :) > Thanks for the reminder. > > -Ben > > _______________________________________________ > TEEP mailing list > TEEP@ietf.org > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fteep&data=04%7C01%7Cdthaler%40microsoft.com%7C924fe8bc1853401cbf7808da0850b862%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637831440480799292%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=yahJQJJyIjusTeF%2B12E3nobDFrvVlqXO3xgcZAhKObA%3D&reserved=0 > -- This electronic communication and the information and any files transmitted with it, or attached to it, are confidential and are intended solely for the use of the individual or entity to whom it is addressed and may contain information that is confidential, legally privileged, protected by privacy laws, or otherwise restricted from disclosure to anyone else. If you are not the intended recipient or the person responsible for delivering the e-mail to the intended recipient, you are hereby notified that any use, copying, distributing, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited. If you received this e-mail in error, please return the e-mail to the sender, delete it from your computer, and destroy any printed copy of it.
- [Teep] AD review of draft-ietf-teep-architecture-… Benjamin Kaduk
- Re: [Teep] AD review of draft-ietf-teep-architect… Dave Thaler
- Re: [Teep] AD review of draft-ietf-teep-architect… Benjamin Kaduk
- Re: [Teep] AD review of draft-ietf-teep-architect… Dave Thaler
- Re: [Teep] AD review of draft-ietf-teep-architect… Mingliang Pei