Re: [Teep] Robert Wilton's No Objection on draft-ietf-teep-architecture-18: (with COMMENT)
Mingliang Pei <mingliang.pei@broadcom.com> Tue, 18 October 2022 06:43 UTC
Return-Path: <mingliang.pei@broadcom.com>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B251EC1524DD for <teep@ietfa.amsl.com>; Mon, 17 Oct 2022 23:43:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.676
X-Spam-Level:
X-Spam-Status: No, score=-2.676 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.571, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=broadcom.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M4ySUjFWyMVP for <teep@ietfa.amsl.com>; Mon, 17 Oct 2022 23:43:43 -0700 (PDT)
Received: from mail-ed1-x530.google.com (mail-ed1-x530.google.com [IPv6:2a00:1450:4864:20::530]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8CEB2C1524DC for <teep@ietf.org>; Mon, 17 Oct 2022 23:43:43 -0700 (PDT)
Received: by mail-ed1-x530.google.com with SMTP id l22so19069558edj.5 for <teep@ietf.org>; Mon, 17 Oct 2022 23:43:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=broadcom.com; s=google; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=XoyfNm+ssxTTAV/okEP70FIm3NRaTV5R0LStijBQ8jo=; b=aVt9FZ4Yo6tQuiHfVNNN6G/iaEWYSgWhbV99DVNPQEIjfAbPfcpSun4B4Qd9bLkfkd vCHobBUKqfoyBWr7uCp1Mf5kKUkDuLXt4Gkuk21OMLR0LcnjYi8u/L1/dRdukNP2draD oN7lankc3N59pmqH/jHLad3wgje6vm/FUd/RI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=XoyfNm+ssxTTAV/okEP70FIm3NRaTV5R0LStijBQ8jo=; b=THDnodfQcEHUGTSV6MD0Q6P26BhmnLGhiWxF0aCWS38I9c9BzgT8YezDGj63MlNRSA iDRGCvZurNFs9gRrqviyFGqzvbu8AVkB3IiKWAmG7fKcyA7F0BfwklQse5jH8tOFlQpr 41v5D0btP+Log/aPlsHbFRA9og+rNCXoBpVjuk1XI4mcoEDB326KIMp+7GGkl9mg8Do6 ISnYrI1unvsFhUUxlicL5lHSzyP6mzh6DJL+TSp93rwXoTrRNNad2BryDaLTwaaEQ0jN OAgN14oigPpg0LULvLqz5LLsgp2pKuCrohAr4UsAswvkorjur4CEQi0Qc5rSq7AU9JJ7 Cd7Q==
X-Gm-Message-State: ACrzQf14SnbsGpeq7DdyTR+Znss3L9GcQpLCYxvjiZD2CjjFbVoRRoaf p4/KHhIMvK1Y79O3CSTj6x4AmTzBtgnWgq0KbfakN9uFIlXtlJoG0ZEa7SzvvCoO+M/p+bIQ0d1 cdyXolkSHYMHYS/fb52g=
X-Google-Smtp-Source: AMsMyM4bqTM/QiMgy0ky2u5cWt7LQJGfXHflvpyaLp3KJnhR7xMOKl8NK5QRIE7bd+Sqw/w1f7uIEA/Uj4QFdd5uqis=
X-Received: by 2002:a05:6402:3890:b0:45c:2b5:b622 with SMTP id fd16-20020a056402389000b0045c02b5b622mr1268723edb.69.1666075420940; Mon, 17 Oct 2022 23:43:40 -0700 (PDT)
MIME-Version: 1.0
References: <166246006652.58207.7985397550749941120@ietfa.amsl.com>
In-Reply-To: <166246006652.58207.7985397550749941120@ietfa.amsl.com>
From: Mingliang Pei <mingliang.pei@broadcom.com>
Date: Mon, 17 Oct 2022 23:43:29 -0700
Message-ID: <CABDGos6ftjkuVkkAEAH0HwjXziU2n1P3D5St8DR9zsNdyp7q5A@mail.gmail.com>
To: Robert Wilton <rwilton@cisco.com>
Cc: The IESG <iesg@ietf.org>, draft-ietf-teep-architecture@ietf.org, teep-chairs@ietf.org, teep@ietf.org, kondtir@gmail.com
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="000000000000a8c9bd05eb496900"
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/JLx3Iy4ar3budLMjRlE68Ui_9ik>
Subject: Re: [Teep] Robert Wilton's No Objection on draft-ietf-teep-architecture-18: (with COMMENT)
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Oct 2022 06:43:47 -0000
Hi Rob, Thank you very much for your review, comments and suggestions. Thank you for your patience to our late reply; we have started to incorporate all reviews in the last few days and target to be done in a day or two for all. Please see my comments inline for some of your questions. Thanks again, Ming On Tue, Sep 6, 2022 at 3:27 AM Robert Wilton via Datatracker < noreply@ietf.org> wrote: > Robert Wilton has entered the following ballot position for > draft-ietf-teep-architecture-18: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to > https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ > for more information about how to handle DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-teep-architecture/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Hi, > > Thanks for this document, I found it pretty easy to read. > > Minor level comments: > > (1) p 17, sec 4.5. Entity Relations > > At step 3, a user will go to an Application Store to download the > Untrusted Application (where the arrow indicates the direction of > data transfer). > > I note that this diagram doesn't actually include the user, possibly > consider > changing "3. Install to 3. User Install" > Ming: we intended to not indicate who does it in concern of being restrictive. Some lab tests programally install apps into many devices. It is still some admin's decision to install but this gets vague or disagreement from some readers when we start to say "a user". So shall we just keep it out, assuming an Untrusted App install is generally understood in various contexts? > > (2) p 17, sec 4.5. Entity Relations > > At step 4, since the Untrusted Application depends on the TA, > installing the Untrusted Application will trigger TA installation via > communication with a TAM. The TEEP Agent will interact with the TAM > via a TEEP Broker that faciliates communications between the TAM and > the TEEP Agent. > > I found this quite unclear from the diagram, it looked like the messaging > is > initiated from the TAM to the Device with the TEE. I also found the time > flow > in this diagram to be somewhat unclear, since normally time flows downwards > with sequence diagrams, but I wasn't convinced that was the case here. > E.g. TA > -- 2b is lower than 3. Install. > Ming: you are right; that one was confusing. We move 3 below 2a and 2b. See a current PR #252 and the change: https://github.com/ietf-teep/architecture/pull/252/files > > (3) p 21, sec 5.4. Scalability > > factory. Likewise, new TAMs can join the ecosystem, providing they > are issued a TAM certificate that chains to an existing root whereby > existing TEEs will be allowed to be personalized by the TAM without > requiring changes to the TEE itself. > > It isn't clear to me what is meant by "personalized by the TAM". > > Ming: good catch. We should say "TAs in the TEEs will be allowed to be personalized by the TAM". A TA can have personalization data, and it is a TA that will be the target of a personalization. > (4) p 21, sec 5.5. Message Security > > These messages are signed end-to-end between a TEEP Agent and a TAM. > Confidentiality is provided by encrypting sensitive payloads (such as > Personalization Data and attestation evidence), rather than > encrypting the messages themselves. Using encrypted payloads is > important to ensure that only the targeted device TEE or TAM is able > to decrypt and view the actual content. > > It's not obvious to me why you would only encrypt the payload and not the > messages themselves. Is this so that 'routing information' is readily > available or something else? > > Ming: right, we won't consider the need to encrypt the entire messages except the sensitive payload, at least, not making it mandatory for a protocol. > (5) p 23, sec 6.2.1. TEEP Broker APIs > > The following conceptual APIs exist from a TEEP Broker to a TEEP > Agent: > > I'm slightly surprised that the conceptual TEEP Broker APIs are contained > in > this document when the other equivalent TEEP APIs are not. > > Ming: the protocol APIs are very specific via a separate RFC. These Broker APIs are illustrative or "conceptual" only, which we cannot specify exactly what forms it take, which is up to the provider, usually a TEE provider or device provider to bundle some TEEP Broker that can work with the TEE they embed. > (6) p 24, sec 6.2.2. TEEP Broker Distribution > > The Broker installation is commonly carried out at OEM time. A user > can dynamically download and install a Broker on-demand. > > It is unclear to me what is meant by "OEM time"? > > Ming: it tries to mean "device manufacture time" for putting on various device software etc. Is this fine or would you suggest an alternative word? > (7) p 27, sec 9. Security Considerations > > I note that there is no security considerations for a compromised TEE. > Should > this be considered, or is it the case that TEEs cannot be compromised? > Similarly, is a compromised TA something that should be considered here? > > Ming: we considered "Compromised TEE" out of scope for this. The device provider or owner needs to monitor and patch the entire device. There isn't much the TA that the protocol manages here can do. On compromised TA, we do have some description on it about replacing malicious or buggy TAs, see 9.6 Malicious TA Removal. We have this line: "It may happen that a TA was previously considered trustworthy but is later found to be buggy or compromised. In this case, the TAM can initiate the removal of the TA by notifying devices..." Is this fine? > Nit level comments: > > (8) p 3, sec 1. Introduction > > * An installer of an Untrusted Application that depends on a given > TA wants to request installation of that TA in the device's TEE so > that the Untrusted Application can complete, but the TEE needs to > > Should this be "so that the installation of the Untrusted Application can > complete? > Ming: good catch. I think we can revise this to "Untrusted Application can fully function". An Untrusted app can depend on a number of TAs. Its installation doesn't have to stop or not complete when TAs are not completely installed. It is a decision by the installer, which SUIT can specify for hard or soft dependency. If a TA is missing, only some function in the Untrusted app may not work but other functions may be just fine. How about this? > > (9) p 16, sec 4.4.2. Example: Application Delivery Mechanisms in Arm > TrustZone > > A trusted OS running in the TEE (e.g., OP-TEE) that supports loading > and verifying signed TAs from an untrusted filesystem can, like SGX, > use classic file distribution mechanisms. > > I suggest expanding OP-TEE, it wasn't obvious to me what this was. > > Ming: how about "e.g., OP-TEE, an open source TEE)? Thanks, > Rob > > > > -- This electronic communication and the information and any files transmitted with it, or attached to it, are confidential and are intended solely for the use of the individual or entity to whom it is addressed and may contain information that is confidential, legally privileged, protected by privacy laws, or otherwise restricted from disclosure to anyone else. If you are not the intended recipient or the person responsible for delivering the e-mail to the intended recipient, you are hereby notified that any use, copying, distributing, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited. If you received this e-mail in error, please return the e-mail to the sender, delete it from your computer, and destroy any printed copy of it.
- [Teep] Robert Wilton's No Objection on draft-ietf… Robert Wilton via Datatracker
- Re: [Teep] Robert Wilton's No Objection on draft-… Mingliang Pei