Re: [Teep] Confidential Computing Use Case
Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de> Sun, 03 December 2023 10:52 UTC
Return-Path: <muhammad_usama.sardar@tu-dresden.de>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB416C14F74E for <teep@ietfa.amsl.com>; Sun, 3 Dec 2023 02:52:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=tu-dresden.de
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ti8KE0ETuADC for <teep@ietfa.amsl.com>; Sun, 3 Dec 2023 02:52:22 -0800 (PST)
Received: from mailout4.zih.tu-dresden.de (mailout4.zih.tu-dresden.de [141.30.67.75]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 54559C14F5E8 for <teep@ietf.org>; Sun, 3 Dec 2023 02:52:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=tu-dresden.de; s=dkim2022; h=From:Subject:To:MIME-Version:Date:Message-ID: Content-Type:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=nVGAa/YBALCXadWOgUGq8T1h9wdsgpRjG6M0jw6M1s4=; b=RlxhrKoIHyKjYkij+hioIA764J 9++cTgMllmo/E7xHBePqObGGMC8OmGOaVFQsULSjK7r1NGaY0AiklpWFzaz6DE5H2zKPDeHBGKeQf 6TA00zsZ3/rXTB7iuN8Ci3O9Pr+fzqp8ZE7SM+LbQWgWJ3pn0tPnmMV6UWl0YNSUCnuleSUodh9fc bStNuAu/M47aPOGCVi1wkhmaeblIMCwjJ1givj9QNvR7T7/IaPSC48ItNZAC6ZNqyWfxZdKKMQpTY LYykA7fvvnLUHBy+HSc+82IM8g4WF4PDthrwScupiXubCbhQpgRwVui1MI3tskDI7OQ3/6PspNWVg aoXOxnjw==;
Received: from [172.26.35.114] (helo=msx.tu-dresden.de) by mailout4.zih.tu-dresden.de with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <muhammad_usama.sardar@tu-dresden.de>) id 1r9k5E-00Eypx-0N for teep@ietf.org; Sun, 03 Dec 2023 11:52:20 +0100
Received: from [192.168.1.218] (92.224.215.151) by MSX-T314.msx.ad.zih.tu-dresden.de (172.26.35.114) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Sun, 3 Dec 2023 11:52:14 +0100
Content-Type: multipart/alternative; boundary="------------1tcg302EgjwQUL56k0tyTKR5"
Message-ID: <1ca723c7-2ff2-4f3a-9f24-3dbaa07e6c60@tu-dresden.de>
Date: Sun, 03 Dec 2023 11:52:13 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: teep@ietf.org
Content-Language: en-US
From: Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de>
X-ClientProxiedBy: msx-l322.msx.ad.zih.tu-dresden.de (172.26.34.122) To MSX-T314.msx.ad.zih.tu-dresden.de (172.26.35.114)
X-TUD-Virus-Scanned: mailout4.zih.tu-dresden.de
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/MQ3_TmLeOJL9YryjBEJpxmF0KKA>
Subject: Re: [Teep] Confidential Computing Use Case
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 03 Dec 2023 10:52:26 -0000
Dear Juan, a few comments on my quick first read: > Confidential virtual machine (CVM) in the cloud environment is one use case of confidential computing. I wouldn't call it a use case. It is one granularity of isolation for confidential computing. By use cases, one typically means application areas like finance, health etc. > CVM allows a cloud tenant to protect the sensitive workload and data, and manage the cryptography keys independently from the cloud service providers. This is not something specific to CVM. This is the general goal of confidential computing. As an example, process-based TEEs can also achieve this. > When adopting CVMs in the cloud, the CVM features, CVM provisioning and management of cryptography keys, etc. depend on different hardware. Common CVM provisioning procedures and requirements are needed. This does not provide me a strong motivation as to why this standardization work is required. It is quite natural that each hardware design will have its own provisioning procedures. What exactly do you want to achieve from "common CVM procedures and requirements"? What exactly would these procedures look like? Do you want to standardize the protocol between cloud tenant and CVM platform as part of this work? > SVN represents the security features of the hardware of CVM. This is inconsistent with the usage of SVN in industry, e.g., in Intel TDX, where SVN is typically associated with enclave (e.g., TD QE and not hardware). > Key Agent and Key server are mutually authenticated and communications between them are confidentially and integrity protected. How exactly is this achieved? You may find our work on Arm CCA and Intel TDX helpful to make your work more concrete and helpful in practice:https://www.researchgate.net/publication/375592777_Formal_Specification_and_Verification_of_Architecturally-defined_Attestation_Mechanisms_in_Arm_CCA_and_Intel_TDX. Moreover, there are several grammatical issues in the draft. Please make a grammar pass. Best Regards, Usama
- [Teep] Confidential Computing Use Case hannes.tschofenig
- [Teep] 回复: Confidential Computing Use Case 邓娟
- [Teep] Fw: FW: Confidential Computing Use Case Meiling Chen
- Re: [Teep] Fw: FW: Confidential Computing Use Case hannes.tschofenig
- Re: [Teep] Fw: FW: Confidential Computing Use Case Meiling Chen
- Re: [Teep] Fw: FW: Confidential Computing Use Case Hannes Tschofenig
- [Teep] 回复: Confidential Computing Use Case 邓娟
- Re: [Teep] Confidential Computing Use Case Muhammad Usama Sardar