IETF Logo Mail Archive

Re: [Teep] draft-tschofenig-teep-otrp-v2-00

Anders Rundgren <anders.rundgren.net@gmail.com> Tue, 09 July 2019 14:26 UTC

Return-Path: <anders.rundgren.net@gmail.com>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A221120172 for <teep@ietfa.amsl.com>; Tue, 9 Jul 2019 07:26:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.703
X-Spam-Level:
X-Spam-Status: No, score=-0.703 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, PDS_NO_HELO_DNS=1.295, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OgktflYNgQPZ for <teep@ietfa.amsl.com>; Tue, 9 Jul 2019 07:26:37 -0700 (PDT)
Received: from mail-lj1-x232.google.com (mail-lj1-x232.google.com [IPv6:2a00:1450:4864:20::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 699BC12016A for <teep@ietf.org>; Tue, 9 Jul 2019 07:26:19 -0700 (PDT)
Received: by mail-lj1-x232.google.com with SMTP id 16so19733020ljv.10 for <teep@ietf.org>; Tue, 09 Jul 2019 07:26:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=jCcD2NjDljONBLBKddX9xaOtsCCePEk0j0dA6KH8eag=; b=Rh06JoirvDoe8VTrlpf1Pf3NQxwEl9A1Fi5CfS1oA1Xq5lvkDTAU8JHcQJARN5cttY BkwLd81espxh7r8WIgo/r/sOpShUvvg5QdFrPpeFKKD0/ETJ8nrtf+FoAHrHNq32/yUd bKCH3+RFfMPazG7jyz/Bo+pZ+2IewqB7QbiH45Gtxez/w1VKbD8uW81HGWt/oMtg+Qr8 3grvGG1oEEUsrHyIaLdAQTW8dy/mcSk5p8ojeoALJowg4wv8JdLrLkrFW0W7z19RDMXD AxfBGNqZeWEDFXNvLgNQX3jSAfrz6T00YtJz6h4sC8MfAh7BNx2sBa+wsj3X4XeAyiMZ +/mA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=jCcD2NjDljONBLBKddX9xaOtsCCePEk0j0dA6KH8eag=; b=kA2XigA1N2h0iN+IfMxRT0Ja+AhoF4hPtD34+MhMs8GAc5T3sucfs0Xw9NUzf0oFE6 t7GtTQyEKOhNTie4TZ+AYKDDUk5o14oDdpHxjpLkVTnN0XKWj4xyy3MAZctHJMRLnSL8 OIDAGZIPm7aLnGHXlYDh0T1v2cFddCnl8MHSPX0b2EbIlxKPff+9pWlEhgqux381pzxv l0Xq2Oh97l+XOdmnbKpqsfDqDXgIiXBFFZFfSpBWhG16cYXDs1ccoIOjKN+GUzvRaOqw jgOf5DVOFahWIdxyUz9m5h9qoWnQgHNsZzBD/XZJzmm7s8R8TIVkWD1V9vf0Vw+gT+5Q ZbmQ==
X-Gm-Message-State: APjAAAWxYc43OuUuwFtjSyeSJ7DUOm8k9zOrYDWyOlrZ8gA3BPKxLpPm 65bsTxxbtGscJyKau/kJ7e7NwivC6jU=
X-Google-Smtp-Source: APXvYqz8cWROdGjHUlgeFiTtz2BV7cBwLpA9PxNgWbwgp4dNhpuOP1XTTNKBdVr2gapRhYxfCRKOMQ==
X-Received: by 2002:a2e:8455:: with SMTP id u21mr10512978ljh.20.1562682377242; Tue, 09 Jul 2019 07:26:17 -0700 (PDT)
Received: from [192.168.0.101] (212-107-132-189.customers.ownit.se. [212.107.132.189]) by smtp.googlemail.com with ESMTPSA id y15sm3380626lfg.43.2019.07.09.07.26.16 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 09 Jul 2019 07:26:16 -0700 (PDT)
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, "teep@ietf.org" <teep@ietf.org>
References: <VI1PR08MB536037A16BACD104800B358FFAF10@VI1PR08MB5360.eurprd08.prod.outlook.com> <da0a237b-58ed-ffc7-02c2-ca00d1797955@gmail.com> <VI1PR08MB5360540D41C46C07015302E4FAF10@VI1PR08MB5360.eurprd08.prod.outlook.com>
From: Anders Rundgren <anders.rundgren.net@gmail.com>
Message-ID: <edb1abf1-9f76-f5ad-5aaf-8480efe8718d@gmail.com>
Date: Tue, 09 Jul 2019 16:26:12 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.7.2
MIME-Version: 1.0
In-Reply-To: <VI1PR08MB5360540D41C46C07015302E4FAF10@VI1PR08MB5360.eurprd08.prod.outlook.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/OUNbHQQZmX0z0zcRvaIt3-gf6io>
Subject: Re: [Teep] draft-tschofenig-teep-otrp-v2-00
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jul 2019 14:26:39 -0000

On 2019-07-09 15:59, Hannes Tschofenig wrote:
> Hi Anders,
> 
>> A wise decision!  BTW, I never understood the point making an IETF copy (it was?) of another standard.
> 
> Actually, it was the other way around.

Thanx, I didn't know that.

> 
>> I have said it before and I say it again: By separating the API from the Protocol and rather use a session-based scheme you get a cleaner and more powerful system [*] in the end.  Yeah, the initial task will be 30-50% bigger but that difference is zeroed out when you have both protocol encodings in place.
> 
> "Executive Level" description: https://cyberphone.github.io/doc/research/session-based-remote-attestation.pdf
> 
> Certainly a good point but I fear that it is not really design a secure system when the protocol does not terminate the secure world.

Every step of the protocol is supposed to be secured through MAC signatures.  If the protocol doesn't obey the API (which is running in the secure world [*]), the session terminates and the accumulated operations are rolled back.

Verifying my claims regarding the security of this scheme is non-trivial but it is not entirely different to TLS which you are an expert on.

Regards,
Anders

*] potentially extending into a security processor doing all cryptographic operations based on encrypted key material.

> 
> 
> Ciao
> Hannes
> 
> IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
>

v2.23.0 | Report a Bug | By Email