IETF Logo Mail Archive

Re: [Teep] Review of draft-ietf-teep-usecase-for-cc-in-network-00

yangpenglin@chinamobile.com Thu, 22 September 2022 03:05 UTC

Return-Path: <yangpenglin@chinamobile.com>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E986C1524C7 for <teep@ietfa.amsl.com>; Wed, 21 Sep 2022 20:05:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.907
X-Spam-Level:
X-Spam-Status: No, score=-6.907 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 235Z3BBKuNaq for <teep@ietfa.amsl.com>; Wed, 21 Sep 2022 20:05:24 -0700 (PDT)
Received: from cmccmta2.chinamobile.com (cmccmta2.chinamobile.com [221.176.66.80]) by ietfa.amsl.com (Postfix) with ESMTP id EB4EBC14F693 for <teep@ietf.org>; Wed, 21 Sep 2022 20:05:22 -0700 (PDT)
X-RM-TagInfo: emlType=0
X-RM-SPAM-FLAG: 00000000
Received: from spf.mail.chinamobile.com (unknown[172.16.121.9]) by rmmx-syy-dmz-app05-12005 (RichMail) with SMTP id 2ee5632bd0f0f79-b8caa; Thu, 22 Sep 2022 11:05:20 +0800 (CST)
X-RM-TRANSID: 2ee5632bd0f0f79-b8caa
X-RM-TagInfo: emlType=0
X-RM-SPAM-FLAG: 00000000
Received: from [10.2.50.192] (unknown[10.2.50.192]) by rmsmtp-syy-appsvr05-12005 (RichMail) with SMTP id 2ee5632bd0ee0c1-2d618; Thu, 22 Sep 2022 11:05:20 +0800 (CST)
X-RM-TRANSID: 2ee5632bd0ee0c1-2d618
Content-Type: multipart/alternative; boundary="------------VVYEB4dkti4ko3QR88cd1Qcg"
Message-ID: <a98d1149-bfdc-47c5-58f0-92d32bdc1016@chinamobile.com>
Date: Thu, 22 Sep 2022 11:05:19 +0800
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.2.2
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, "teep@ietf.org" <teep@ietf.org>
References: <AS8PR08MB5911C66C589CEA98DCE171F3FA4D9@AS8PR08MB5911.eurprd08.prod.outlook.com> <355d2078-2164-44a5-f57e-9af4cdf5202b@chinamobile.com> <AS8PR08MB5911273073B895C4FA8A6A1BFA4C9@AS8PR08MB5911.eurprd08.prod.outlook.com> <d5748f37-e052-6e9f-244e-538c239b5ede@chinamobile.com> <AS8PR08MB5911905624F12D4388BA3C5EFA4F9@AS8PR08MB5911.eurprd08.prod.outlook.com>
From: yangpenglin@chinamobile.com
In-Reply-To: <AS8PR08MB5911905624F12D4388BA3C5EFA4F9@AS8PR08MB5911.eurprd08.prod.outlook.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/PC0SuAGD2vH4wyhjVtT3XDAlHHM>
Subject: Re: [Teep] Review of draft-ietf-teep-usecase-for-cc-in-network-00
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Sep 2022 03:05:28 -0000

Hi Hannes

Yes, that's what I mean. If you are using a command line to configure CC 
environment manually, you don't have to use TEEP protocol. Instead, you 
need some commands provided by the CC environment. Like in occlum 
https://occlum.io/, you could use occlum new/build/run to create a CC 
environment.

BR
Penglin


On 9/21/2022 3:14 PM, Hannes Tschofenig wrote:
>
> Hi Penglin,
>
> I think there is a need to explain in the document what “network 
> protocol usecase of TEEP” means.
>
> My understanding, from your text below, is that this means that there 
> is a protocol used to provision the confidential computing device, 
> such as the TEEP protocol, rather than having a human configure the 
> device via the command line.
>
> Ciao
> Hannes
>
> *From:* yangpenglin@chinamobile.com <yangpenglin@chinamobile.com>
> *Sent:* Wednesday, September 21, 2022 3:51 AM
> *To:* Hannes Tschofenig <Hannes.Tschofenig@arm.com>; teep@ietf.org
> *Subject:* Re: [Teep] Review of 
> draft-ietf-teep-usecase-for-cc-in-network-00
>
> Hi Hannes,
>
> About the title of this document, I used to think different options 
> such as "in remote", "in cloud " or "in network". But in the end I 
> think "in network" is a better or precise term. The reason is as follow:
>
> 1,This document is about the network protocol usecase of TEEP, no 
> matter where the confidential computing device is, we should use this 
> network protocol usecase to provision the CC environment. For example, 
> the CC device could be in a public cloud where you want to rent for 
> your personal computing, or in a local area where you could provision 
> by LAN.
>
> 2,There are other methods like provision the CC environment by shell 
> or by system administrator directly. I think there scenarios are not 
> in this document's scope. So I prefer to keep "in network" in this 
> document.
>
> Sure, the github link is here https://github.com/ietf-teep/teep-in-cc, 
> you could make comments and create PRs.
>
> Thanks for the very detailed PDF, I think there is no major questions 
> about the comments, I will update the document before 115 meeting.
>
> BR
> Penglin
>
> On 9/20/2022 6:17 PM, Hannes Tschofenig wrote:
>
>     Hi Penglin,
>
>     Thanks for the quick response. Good to hear that you had a broad
>     scope in mind.
>
>     In this case I would suggest to remove the “in network” phrase to
>     avoid confusion. In fact, “in network” isn’t mentioned too often
>     in the text of the draft anyway.
>
>     Let me know if you have any questions about my handwritten
>     comments in the PDF.
>
>     If the document gets added to the working group Github repo, I can
>     also create PRs.
>
>     Ciao
>
>     Hannes
>
>     *From:* yangpenglin@chinamobile.com <yangpenglin@chinamobile.com>
>     <mailto:yangpenglin@chinamobile.com>
>     *Sent:* Tuesday, September 20, 2022 3:51 AM
>     *To:* Hannes Tschofenig <Hannes.Tschofenig@arm.com>
>     <mailto:Hannes.Tschofenig@arm.com>; teep@ietf.org
>     *Subject:* Re: [Teep] Review of
>     draft-ietf-teep-usecase-for-cc-in-network-00
>
>     Hi Hannes,
>
>     Thanks for your review. The scope of this document is not only for
>     edge computing like you mentioned in the pdf. In fact, the scope
>     is for any confidential computing environment which need to be
>     configured by network, like cloud computing, private preserve
>     computing, MEC, etc.
>
>     BR
>     Penglin
>
>     On 9/19/2022 7:26 PM, Hannes Tschofenig wrote:
>
>         Hi all,
>
>         I have reviewed the confidential computing use case document.
>         In the attached PDF there are a few comments.
>
>         The document describes a use case of confidential computing
>         for edge devices (although it calls it differently).
>
>         That’s indeed one of the confidential computing use cases.
>
>         I wonder whether the scope should be extended or is there a
>         specific reason to focus on this use case?
>
>         Ciao
>
>         Hannes
>
>         IMPORTANT NOTICE: The contents of this email and any
>         attachments are confidential and may also be privileged. If
>         you are not the intended recipient, please notify the sender
>         immediately and do not disclose the contents to any other
>         person, use it for any purpose, or store or copy the
>         information in any medium. Thank you.
>
>     IMPORTANT NOTICE: The contents of this email and any attachments
>     are confidential and may also be privileged. If you are not the
>     intended recipient, please notify the sender immediately and do
>     not disclose the contents to any other person, use it for any
>     purpose, or store or copy the information in any medium. Thank you.
>
> IMPORTANT NOTICE: The contents of this email and any attachments are 
> confidential and may also be privileged. If you are not the intended 
> recipient, please notify the sender immediately and do not disclose 
> the contents to any other person, use it for any purpose, or store or 
> copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email