Re: [Teep] TEEP Architecture Last Call Review
Mingliang Pei <mingliang.pei@broadcom.com> Wed, 19 October 2022 09:11 UTC
Return-Path: <mingliang.pei@broadcom.com>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B0DC5C14F731 for <teep@ietfa.amsl.com>; Wed, 19 Oct 2022 02:11:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.665
X-Spam-Level:
X-Spam-Status: No, score=-2.665 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.571, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_FONT_FACE_BAD=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_KAM_HTML_FONT_INVALID=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=broadcom.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fsmpX8LPkINx for <teep@ietfa.amsl.com>; Wed, 19 Oct 2022 02:11:42 -0700 (PDT)
Received: from mail-ej1-x634.google.com (mail-ej1-x634.google.com [IPv6:2a00:1450:4864:20::634]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 238A9C14CE23 for <teep@ietf.org>; Wed, 19 Oct 2022 02:11:36 -0700 (PDT)
Received: by mail-ej1-x634.google.com with SMTP id k2so38449466ejr.2 for <teep@ietf.org>; Wed, 19 Oct 2022 02:11:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=broadcom.com; s=google; h=cc:to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=LcEE7bLLr2Qb3kRgH1MDumo7hsq5lkMHix0GAic3jNQ=; b=BlwAZyiZBMEUXoLXATGJK0PjuYR3g/Kv18KiZhh7ZRlrH/wKifSMYO5yNzodablPZq h9kL/krURbBJGQwk2GfOgOWC8GPW7Qliwi5wsFOlBVIYC+qkL3YQky8xMRyIxbSWPVek t82cL/CEtrDJaMccb1+Oo3uiWqrUHQ53Lu0fo=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=LcEE7bLLr2Qb3kRgH1MDumo7hsq5lkMHix0GAic3jNQ=; b=v3acmjSDlhfSuyEKekDYz9gjW5HlX39IEYVagvaQ2MGe9czHA3wozBFisMugSqslZv SaUpq+9whnheIfHZ24hHQ+2Ya8fnUsDTIlLVObqUGAUpgmhZB0NgRipdantikkkG0J3m yq/Gr2eZ9iAgMJfIyeIOaNipPcIUTktREC7YZxHoTmUxcQUyXNgz6dNEzZGFRVwn/oHt YmU8FsPI9cUlzfwXmGr2NgUuoU/7872LzdIZoEJufZJjHSga9TrrDQ6U7evBEcvJz1mZ p9ZlV/3haToDL50oUwmf1ztiWjS6xGZMv2wlPz9AczRXvvLxLqqNMqoyNwwUCvu1WuoD RK6g==
X-Gm-Message-State: ACrzQf2+EUawZrYftte7+SY7KrmVgbu6YY+Gh9IJJn74g0UWxfRZn0K3 8twcEafhhLFs9wzowcM+WLQjPfa1i2ErhaKpPruRz/f+AdYwzlx0UFECCgcwxzlKyn+WRedWyVL jR0WWCTNdQnU=
X-Google-Smtp-Source: AMsMyM6KnSh6mq54YW2J9wSeDpUkNT4vaGqBNCoyLwXhRhJk6uvOkwhV0hyx/c/B+Q9jTvg+RrxLciziLhFkS4p0lV4=
X-Received: by 2002:a17:907:2da5:b0:78e:1208:8783 with SMTP id gt37-20020a1709072da500b0078e12088783mr5929149ejc.743.1666170694890; Wed, 19 Oct 2022 02:11:34 -0700 (PDT)
MIME-Version: 1.0
From: Mingliang Pei <mingliang.pei@broadcom.com>
Date: Wed, 19 Oct 2022 02:11:23 -0700
Message-ID: <CABDGos78vUzQG58mP5KvxTqkpdsJrY9zOzkOk0WvmaMc9nOooA@mail.gmail.com>
To: mariainesrobles@googlemail.com
Cc: teep <teep@ietf.org>, teep-chairs@ietf.org, Paul Wouters <paul.wouters@aiven.io>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="0000000000006eab4b05eb5f9876"
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/RyGNL6RKJbfm3GQmxEO6JFIiKnk>
Subject: Re: [Teep] TEEP Architecture Last Call Review
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Oct 2022 09:11:46 -0000
Hi Ines, Thank you very much for your review <https://datatracker.ietf.org/doc/review-ietf-teep-architecture-18-iotdir-telechat-robles-2022-09-04/> of our TEEP Architecture draft <https://datatracker.ietf.org/doc/draft-ietf-teep-architecture/>. We have created an issue tracker in github for TEEP as #250 <https://github.com/ietf-teep/architecture/issues/250>. Please see below for our comments and a fix that we have adopted. Please also feel free to check out the Github issue tracker that has more details about discussions and fixes. - Pag 9 - Figure 1: The arrows in the diagram are unidirectional, Are there cases where it could be bidirectional: e.g. the communication of the Agent with the Broker? Ming: we consider it always unidirectional, and don't find a case where we need bidirectional support. A TEEP Agent inside TEE doesn't call back and out to a TEEP Broker inside a REE. - Having an IoT scenario, in your opinion which type of Classes of Constrained Devices (Class 0, Class 1, etc. [RFC7228 <https://datatracker.ietf.org/doc/rfc7228/>]) can participate in the TEE as a "Device" in Figure 1. Ming: we authors discussed and consider the following: There is no clear spec from RFC 7228 to say which classes of IoT devices may fit. We will not specify it and leave such recommendations to the adopters. And the TEEP allows any code as long as the capacity fits. Is this fine with you? - Page 27: "...In some use cases it may be sufficient to identify only the class of the device..." what do you mean with class of device? Perphaps would be nice to add between brackets some examples. Ming: good suggestion. We provided an example, and a reference to RATS DAA as follows: "In some use cases it may be sufficient to identify only the class of the device, for example, a DAA Issuer's group public key ID when the attestation uses DAA, see {{I-D.ietf-rats-daa}}." Is this fine? Thank you again for your suggestions and reviews. Best, Ming -- This electronic communication and the information and any files transmitted with it, or attached to it, are confidential and are intended solely for the use of the individual or entity to whom it is addressed and may contain information that is confidential, legally privileged, protected by privacy laws, or otherwise restricted from disclosure to anyone else. If you are not the intended recipient or the person responsible for delivering the e-mail to the intended recipient, you are hereby notified that any use, copying, distributing, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited. If you received this e-mail in error, please return the e-mail to the sender, delete it from your computer, and destroy any printed copy of it.
- Re: [Teep] TEEP Architecture Last Call Review Mingliang Pei
- Re: [Teep] TEEP Architecture Last Call Review Mingliang Pei
- Re: [Teep] TEEP Architecture Last Call Review Ines Robles
- Re: [Teep] TEEP Architecture Last Call Review Mingliang Pei
- Re: [Teep] TEEP Architecture Last Call Review Ben Schwartz
- Re: [Teep] TEEP Architecture Last Call Review Mingliang Pei
- Re: [Teep] TEEP Architecture Last Call Review Brendan Moran
- Re: [Teep] TEEP Architecture Last Call Review Ben Schwartz
- Re: [Teep] TEEP Architecture Last Call Review Mingliang Pei
- Re: [Teep] TEEP Architecture Last Call Review Ben Schwartz
- Re: [Teep] TEEP Architecture Last Call Review Mingliang Pei