[Teep] [Hackathon 1/3] Update: TEEP Agent / TAM / Verifier demo for IETF 125 Hackathon (TEEP, RATS, SUIT)
Ken Takayama <ken.takayama.ietf@gmail.com> Fri, 13 March 2026 13:05 UTC
Return-Path: <ken.takayama.ietf@gmail.com>
X-Original-To: teep@mail2.ietf.org
Delivered-To: teep@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 3E0BDC95FCAA for <teep@mail2.ietf.org>; Fri, 13 Mar 2026 06:05:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UuDtypqE27w4 for <teep@mail2.ietf.org>; Fri, 13 Mar 2026 06:05:41 -0700 (PDT)
Received: from mail-vk1-xa29.google.com (mail-vk1-xa29.google.com [IPv6:2607:f8b0:4864:20::a29]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 93710C95F03B for <teep@ietf.org>; Fri, 13 Mar 2026 06:04:31 -0700 (PDT)
Received: by mail-vk1-xa29.google.com with SMTP id 71dfb90a1353d-56b49b943c1so932228e0c.2 for <teep@ietf.org>; Fri, 13 Mar 2026 06:04:31 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1773407065; cv=none; d=google.com; s=arc-20240605; b=joRzPJZ47uoDR1pS/DIA4hGay3Ia5r84KdGQIYMGjmxyssK0/t/8aS/TEZb799NDQi H2iC0xIaNHPz/A0GCLEBqV836XPJ3qgMqQQw9eOhP9jVlz4JOnvdAx9tcNAepu7pRjIu +E2oXJeduiPaTSXC6OnW3nQsxbQ2DXWWEzsra2QS4tfREffKNrj5zwXI8wKbwRX15uCq Kbaasu3kCJCZ25o/FQ7UTSDuzCtIcTzTGK5XIXZWG7iPvxORAGPDxqJyRU9FxAyHg1Ao oi3vyL/C9icmiiy167cVmJCd4p3In0DmoSBXeXnd9e78zPk6JDKjQ4Jo6fhIaMOdW2/l JwaQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=content-transfer-encoding:to:subject:message-id:date:from :mime-version:dkim-signature; bh=qbHLGwAHYwRhFqbZxhJGaO+/FawCO9ToUL9DTXtYDeM=; fh=RUt45dKh9TGWxyE8CTi6IQGI74vt/E2Xd55whrF9XeY=; b=Jv6W1jOs98WE37SanPrOrY2e0XrRC5G7+UTGVwcQ+TncUrhERKTDLT60579nQhwFVC u4IcKPTek+RCYkQnl0mr0kih6NqVo+/uwYwfNagNISV/AMAuBSDlcmEB38RMJGmhjFK4 uTlORx2g4nQhb3EHufZPCG7tVxwXz3uzNSzcmXx0PPtoR9TIwPBaHvzDfWhdOll5Wo9s aTh1+WrX2u1tUDKtgAe7AcIf1A9gC6oQxXVDweZH12wO0UvEWXqZ+brswMMqwStdMzk0 3eWVMiUE2/3P2I+36Aj7bcLtXmAWwyl0XdKGCTtYeoHmNKTb5V6L9EWno+53ohbRplrU 6HJA==; darn=ietf.org
ARC-Authentication-Results: i=1; mx.google.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1773407065; x=1774011865; darn=ietf.org; h=content-transfer-encoding:to:subject:message-id:date:from :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=qbHLGwAHYwRhFqbZxhJGaO+/FawCO9ToUL9DTXtYDeM=; b=Al2PyyvFLu06Jenv9ijK9c8+QZiMauLxB+gz1/srXi5E/MtUtRyQ50E55jlnYUd8rL PiUnelpye1xdv4SU90e1XErMH+C9zsm9c9Pb5iXxrMAD6DtG6ZwKEJwXjUZH8jGE1evc dtNIZ0vY3erQ27sX2Cf2Saj2q7MjJ1klOO+6STz/hyDJQbeFqQGwY9WxqiYrcquQfa/v 3L+gxw8jVNiM/zXwjna859h1rGi1689nO8o935nPgSB2pEAYTrZDs6GpAw1xHbI36ja5 TpLd9C8Rze8w/XAiE1sq9zuTJupQ2zTsan2TDNT0kqI5IhpwmyDeIp2VZIRG9Qf3zUMn 66Jg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1773407065; x=1774011865; h=content-transfer-encoding:to:subject:message-id:date:from :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=qbHLGwAHYwRhFqbZxhJGaO+/FawCO9ToUL9DTXtYDeM=; b=Fq45BRHyoCHpW6qN8iGvFZsFOCfAZq27YXmoUcRHRKa1Pqv9AtZDpWSEHDJjf2SSrQ zBa8mIr0rnPcF1vm76JmJQBmKb7Oq8zooxdzz83I+xQdHBqtAVP2hLBpcUYQU7KgoOYa wP/IO0CoGlaaDU4QZ+p/szoWS+ycVtTOk572dY8M1EE+B2xIqZoYg3O3c3wrTx7xeipc vAWxfuBZ9s4ojY5LTTo3cAizbd7fY5zwOeSBerjP2XrU+gs3yeLEwyTD3f13yN3ctJCQ YJretBAtAPISwSblpB3soBnNWEtzb41cnpFaeJdTmq+Hfrzr0QeDhpTjQAzxbn9FgTDE bl6Q==
X-Gm-Message-State: AOJu0YxuwJUdW3UW/PFsesoDHPYiZQeInVLKptKuds3LeNAyceYBhOsu xfaRz5Npt0tbjHdVsF6iYimDeLhCUhHWzyjFCb3MD4UG1aaOewosl3Ta3rSU/Qtkq0FMOi70AE/ moziRjbpWkAH0eXkJV1oiumIZ/uJIVNyVAmpL
X-Gm-Gg: ATEYQzykcovq/KgeQpYbjuIMvKPKj9eG2sL5SJCV/geCQeSxFVnQ9fBIDfelcypDrH2 yoOzCLleCsvKLP+lGGMWuDMffAByrCNrFfmJPuR2Ca6wxfg6KZbnUewW8+J0nytN5viRbjWEeIT sd3xnMaXkXN/QO2z8KgWg/GCQk/Dep762hqTvF0ZWK5xO5ROCSPPIknSnV43mSSVOmDlbCAj4O6 ec7Ogj8kniz53/ZsiudRQ228RxwbB5feY7dlMTXMhz88Tg4By/nF0aYJQlx913KkTHA6uXnlZds vfxoR6HKzOrYum48a5LrEyeagAOGQbnQiFfbWbK3nAy+tspu4WFvK4Q3eFbhQ4NpqHw=
X-Received: by 2002:a05:6122:32ca:b0:56a:9841:9f81 with SMTP id 71dfb90a1353d-56b62844e29mr1076497e0c.6.1773407064892; Fri, 13 Mar 2026 06:04:24 -0700 (PDT)
MIME-Version: 1.0
From: Ken Takayama <ken.takayama.ietf@gmail.com>
Date: Fri, 13 Mar 2026 22:04:14 +0900
X-Gm-Features: AaiRm50S_frC0pBelzZ8LAUtjANyO0xuGg_gGoh7Glx2kB3dqzl58vYbWYo5Xrc
Message-ID: <CAOZByRAcQSG1q94Exw99o+6ndiNQxc02S4yKrB2=hRBCs7knKw@mail.gmail.com>
To: "TEEP@ietf.org" <teep@ietf.org>, "rats@ietf.org" <rats@ietf.org>, suit <suit@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: DHK4CRXMGOZUH5I7VO34BSTMQYBAYRXJ
X-Message-ID-Hash: DHK4CRXMGOZUH5I7VO34BSTMQYBAYRXJ
X-MailFrom: ken.takayama.ietf@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-teep.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Teep] [Hackathon 1/3] Update: TEEP Agent / TAM / Verifier demo for IETF 125 Hackathon (TEEP, RATS, SUIT)
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/QE0uZLLA2gP5kloPm3EcA1w5b0I>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Owner: <mailto:teep-owner@ietf.org>
List-Post: <mailto:teep@ietf.org>
List-Subscribe: <mailto:teep-join@ietf.org>
List-Unsubscribe: <mailto:teep-leave@ietf.org>
Dear TEEP, RATS, and SUIT WGs, For IETF 124 we presented a demo implementation consisting of a TEEP Agent, TAM, and Verifier using the Background Check Model. We have now updated this demo for the IETF 125 Hackathon. Repository: https://github.com/s-miyazawa/teep-wasm-demo This implementation integrates specifications from multiple WGs: • TEEP – protocol between the TEEP Agent and TAM • RATS – remote attestation using EAT • SUIT – installation and reporting of Trusted Components Some highlights of the update: 1. A database and management console for the TAM were added to make it easier to manage TEEP Agents and Trusted Components. 2. Inside an Intel SGX enclave (simulation mode), the TEEP Agent now receives a YOLOv8 object detection application as a WebAssembly module and executes it. 3. Remote attestation is implemented by binding the TEEP Agent public key to an EAT (Entity Attestation Token), allowing the TAM to trust the Agent key after successful verification. 4. Trusted Components are installed using a SUIT Manifest, and the installation results are reported from the TEEP Agent to the TAM using a SUIT Report. While implementing the system according to the specifications, we encountered several areas where implementation choices are required. Some of these observations may be useful for other implementers. I will share two follow-up emails describing these implementation experiences in more detail. Feedback from implementers across the TEEP, RATS, and SUIT communities would be very welcome. Best regards, Ken
- [Teep] [Hackathon 1/3] Update: TEEP Agent / TAM /… Ken Takayama