IETF Logo Mail Archive

Re: [Teep] [saag] BOFs about IoT firmware update and TEE configuration

Hannes Tschofenig <hannes.tschofenig@gmx.net> Wed, 22 February 2017 08:16 UTC

Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 380AC129444; Wed, 22 Feb 2017 00:16:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.988
X-Spam-Level:
X-Spam-Status: No, score=-3.988 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-1.887, RCVD_IN_SORBS_SPAM=0.5, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x2X4MjTJdMGc; Wed, 22 Feb 2017 00:16:02 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.22]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D8E4B1293DF; Wed, 22 Feb 2017 00:16:01 -0800 (PST)
Received: from [192.168.91.176] ([195.149.223.239]) by mail.gmx.com (mrgmx103 [212.227.17.168]) with ESMTPSA (Nemesis) id 0McluX-1cxhzU1hZZ-00Hwhb; Wed, 22 Feb 2017 09:15:53 +0100
To: Eliot Lear <lear@cisco.com>
References: <16c236b7-dd80-1e27-8de9-16f05558d38e@gmx.net> <dbc93119-3128-64e0-b6b0-1a0e87e95f90@cisco.com> <1da45f12-7999-6a9e-3649-2ffea4d50511@gmx.net> <fe6c2aaf-dc0a-bfc2-59c2-a077ddc4e43b@cisco.com>
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Openpgp: id=071A97A9ECBADCA8E31E678554D9CEEF4D776BC9
Message-ID: <6916bccf-9273-5d2f-af44-ef38d1394223@gmx.net>
Date: Wed, 22 Feb 2017 09:15:51 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.7.0
MIME-Version: 1.0
In-Reply-To: <fe6c2aaf-dc0a-bfc2-59c2-a077ddc4e43b@cisco.com>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="hI3RQLufgaom59dRQ5OT2PbenT4FMi15U"
X-Provags-ID: V03:K0:rPfhlBOQXuW1/sBqGJetnwkqASvv7ooZhztJ6Fe8uiZuTXxu2Tn Mq8eoAr8JGqA+rLE/yWHRuBxPXBHklnhvwLm6h9x2IJJ3GKeneFhJznxOFyJI26H2XyWnyE Keaz1v7XTnpiAYvHBjmVGIKfDSgScm2q0C2TBNmKKCW+lj4HENu06TRR8Rw9xb64vLTzMtv LpcONFbvkDJSSGI1ch4rA==
X-UI-Out-Filterresults: notjunk:1;V01:K0:AnxnEiUV/70=:oLTq4Co8mpvE/SEyvs7hr4 s6PSNpHovxZfk3GIc3mdCIvTj3WmIKnU/GFmbtUHOh9KAfwIBitXfrqTdB+WVBEG7TQJyOg7T W9LecCPjxvAAZivS7uK4qN2vM+LZHFnyZYCbTMLMmqNFK2zWJW+pEgRDwHzLj79040T92eHdF i9s36+o+y6oT8NsR7R0JY481ZvEv4zArAjinztdzOQmgpfimrjcR0xLX6TOMyr/HRPEqIpbnK VUptSwh8I1Dv+3n8qjzUhTUlNk3H5Cx9JHd5lNeuY4LH/nWAo13Lt6RqvTnAzz5D5uB7KKK7B yYwYLt9853a6Nb/nlT80bP+dZDERqI/kL3InKCp1irXH8TzTvExOoHq2od/aazg7jvs/g0tPg abWbyrZL0iwCI5ppelBO15hYLve+K6DdgWNAP1havGOUKiC/DbITO7GcEuvp0FwaR4DKb2xTN irDcPw2vGVtTxa1ESC4k5MCQ9kvJcNYXUO1sPbTGx9JrOSxN6yS6qegREAdI4kY1kg1FwlKEw WJnMWXc/vCNtKLAfuy0H0j1pjlUgHnsIfiLNzpuafn+U29yO/uoK1RbBp0QJKDIW/XgLHXGfZ RoWzvNmWuttqqT3cGkK/1HRBGwP1JpTKr1U8+pXDVF9lFHyzWK3pSgChPexklmxaTQcHQBRtG 2oQHmUM2rmHH3PnoWwDzn+CfB/J1lXDle+EXZHjtotMFRll7DwFrN2+pahzDwRdz7yDSfVRBU DEebpjRS7gEQgdttjbxaWU4zB9qgydvCMgpH04wA4anEeYtNzYqjEAdwci4IqPrxZZ4M3EdG5 o770733oPF1ZGr5fKCFBMiMDRo5ChKvoeu3gPUJhxdFqxia7+NaVSrcO/ER2aIhd1OU10QfhN 0l7UijgLBabR0YiEAcRpafJlVt5ShJt0Yr6K6pqhjw3TJ2eDDdWHEtYnNJ1E4IpOhqTRPYWI8 pKeo9xnDmSYLUTfPK6tMxduY3ElO/vW3nGR+/p+OO2E0CTtrrK8HzcuPlS64VeEELSnDbBcbl Jw==
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/NiI4T_ipuigAkFxjWRfMTtTDM2A>
X-Mailman-Approved-At: Wed, 22 Feb 2017 00:16:42 -0800
Cc: teep@ietf.org, saag <saag@ietf.org>
Subject: Re: [Teep] [saag] BOFs about IoT firmware update and TEE configuration
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Feb 2017 08:16:04 -0000

Hi Eliot,


(I put the TEEP mailing list on CC since they may be interested in this
conversation as well.)

The use case for TEEP is a bit different.

The idea is to configure software running on a trusted execution
environment. While the currently proposed solution assumes a PKI and the
use of asymmetric key cryptography it does not use 802.1AR certificates.
There is no notion of a local network since it does not matter. The
document also does not talk about how the messages are conveyed but HTTP
is more likely for the smart phone/tablet use cases.


I created a slide deck for presentation at the T2TRG meeting at the
Berlin IETF but unfortunately there was no time. Nevertheless, here is
the slide deck:
https://github.com/t2trg/2016-ietf96/blob/master/slides/70_OTrP-IETF93.pdf

Does this provide enough information about the intention?

Ciao
Hannes

On 02/20/2017 03:58 PM, Eliot Lear wrote:
> Hi Hannes,
> 
> First, Max, Michael, Michael, and Kent are far more the experts than I
> am on this, but here is a brief summary:
> 
> The purpose of  draft-ietf-anima-bootstrap-keyinfra is to provide a
> trusted introduction between devices and the network such that you start
> in the following state:
> 
> Device has a manufacturer certificate (802.1AR iDevID) and a
> manufacturer trust root, and the local network can in some way
> authenticate the manufacturer, and perhaps visa versa.  The end state is
> that the device has a local (802.1 LDevID) and a local trust anchor.  To
> accomplish this, a flow is defined to get to the point where the device
> will register with a local registrar using EST (either EST or EST/CoAP).
> 
> Now perhaps you could explain a little about the TEE draft you're doing?
> 
> If there's some overlap perhaps there's a chance to consolidate the work.
> 
> Eliot
> 
> 
> 
> On 2/18/17 5:17 PM, Hannes Tschofenig wrote:
>> Hi Eliot,
>>
>> I actually don't know since I never understood the ANIMA work all that
>> well due to its fuzzy scope. I suspect that you can answer the question
>> better than I do.
>>
>> Ciao
>> Hannes
>>
>> On 02/13/2017 02:29 PM, Eliot Lear wrote:
>>> Hannes,
>>>
>>> Can you say a few words about how TEE compares to
>>> draft-ietf-anima-bootstrap-keyinfra (et al) which has been in
>>> development in a WG for quite some time?
>>>
>>> Eliot
>>>
>>>
>>> On 2/13/17 12:51 PM, Hannes Tschofenig wrote:
>>>> Hi all,
>>>>
>>>> we have proposed two security-relevant BOFs for the upcoming meeting.
>>>> They are listed on the BOF Wiki page at
>>>> https://trac.tools.ietf.org/bof/trac/wiki but I still wanted to briefly
>>>> introduce them to you
>>>>
>>>> ** “Firmware Update Description (FUD)”
>>>>
>>>> Last year we had a workshop organized by the IAB on firmware updates for
>>>> IoT devices (see https://www.iab.org/activities/workshops/iotsu/) where
>>>> we talked about various challenges and gaps.
>>>>
>>>> As a follow-up to the workshop we would like to initiate some
>>>> standardization activity in this area.
>>>>
>>>> The mailing list can be found at
>>>> https://www.ietf.org/mailman/listinfo/fud
>>>>
>>>>
>>>> ** “A Protocol for Dynamic Trusted Execution Environment Enablement (TEEP)”
>>>>
>>>> This BOF is about an application layer security protocol that allows to
>>>> configure security credentials and software running on a Trusted
>>>> Execution Environment (TEE). Today, TEEs are, for example, found home
>>>> routers, set-top boxes, smart phones, tablets, wearables, etc.
>>>> Unfortunately, there have been mostly proprietary protocols used in this
>>>> environment.
>>>>
>>>> With this BOF we are making an attempt to standardize such a protocol. A
>>>> strawman proposal of such a protocol has been published with
>>>> https://tools.ietf.org/html/draft-pei-opentrustprotocol-03.
>>>>
>>>> The mailing list can be found at:
>>>> https://www.ietf.org/mailman/listinfo/teep
>>>>
>>>>
>>>>
>>>>
>>>> Ciao
>>>> Hannes
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> saag mailing list
>>>> saag@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/saag
> 
>

v2.23.0 | Report a Bug | By Email