IETF Logo Mail Archive

[Teep] Charter Text

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Wed, 19 July 2017 12:56 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9690E131D06 for <teep@ietfa.amsl.com>; Wed, 19 Jul 2017 05:56:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.911
X-Spam-Level:
X-Spam-Status: No, score=-2.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=-1, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uzAvhJhiO_z0 for <teep@ietfa.amsl.com>; Wed, 19 Jul 2017 05:56:15 -0700 (PDT)
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-he1eur01on0057.outbound.protection.outlook.com [104.47.0.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4C849131D0C for <teep@ietf.org>; Wed, 19 Jul 2017 05:56:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=dITmT39VAUCbkwDNu4LC7bKv39/GYtcmtFoyiLVD7Lo=; b=bKNnLhaBKtE9sbpUpcBZsTL5ChxtIB0Oi/+eN+sF6LaIXWS5BpLuS4DGzhQZWrZxUIP1L2FoGNX7L4y/st5Zl+K3KWj4Cx36jFqiPTzcnV1A1gz/D6gXRV9qn4YyKfPEvuYXaahZc59/3Ko0bi0uCxkNBLD4CYJjDn4B3DOKL+I=
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com (10.167.90.148) by AM4PR0801MB2708.eurprd08.prod.outlook.com (10.167.90.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1282.10; Wed, 19 Jul 2017 12:56:11 +0000
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::101e:636f:8916:d3e9]) by AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::101e:636f:8916:d3e9%13]) with mapi id 15.01.1282.011; Wed, 19 Jul 2017 12:56:11 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: "teep@ietf.org" <teep@ietf.org>
Thread-Topic: Charter Text
Thread-Index: AdMAjhBvpOOzQmirT2iZHvEI0ch6jg==
Date: Wed, 19 Jul 2017 12:56:10 +0000
Message-ID: <AM4PR0801MB27069CC53BC0798D84BE6848FAA60@AM4PR0801MB2706.eurprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=arm.com;
x-originating-ip: [31.133.137.21]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM4PR0801MB2708; 7:NDdp9YNKlahLsa+IdN7g8cWKuBQhd8JWszinlNfKvX4S0iWJ/FVz9orYebAjryzCMHyd+ghv2Ox/9K0nturGtRbNk7IQTnOgqg7h5L4hl7b0ZIuilxZ0B5o/msOsfYwYq79tp+dfxgKRUZA0KPj17nW2VitU/nxTbokV2qlMKlcIqC7FN1FiJJGgCcaEXcmoex/oslb/6Hwzu1CMySguewSTnFH95wAPE2hF5xbOMFBAOvk1SD2vdV0QpFHngTFKp08YYYbhyEEWzlwDYDAtNOXX9I6uoQlt+lY6KwZEAolyA+tqE48PNyKtjZGd4FEwkDxdql6wBYKqbvmdpFuLztWoCzJyhNNAtHRjEglN2eGI2nmKrecNxdhqAWNQw+tR45U0m9CKWiu6978XTL4BNqRcwoq36RE9+n1k78LPUJp7TlS2/0RyWehM52B1Gd6rpZbHLTKaVMFJsYOv94IpURem+iCCKbqknWoVtm5s50iBD8hwqkFYDAI0vhW02zS10q9KlnFzCFkety3OV1cbHNbPEXGW4+y/38jr7myvtQPLV4wBPMEu/AaBZGelVN8tT5tYdKTNCoDGOmwzCbNHw0RguXNiU5Xg136HlBmYT5T8JliPBfoM+ceTK7UTbNe4Zgz1kkb1ZxqAIEBB6H3dNxLGzwCJe4n8Zte8MYdvyNJB5MrNN+8Domi5QkvYuZF44t/nt7pZXWunRG6yY7wGTb6N0sa6ESn2OhGF8eskD9y/mGmiRp+EHFqf0KPRJq/VMVs/J2FPYKEwN0S+hADYgY11c+GLGIzSu1no+YcZ4Fc=
x-ms-office365-filtering-correlation-id: 74d76c04-fa9a-47f6-1285-08d4cea587ee
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254075)(300000503095)(300135400095)(48565401081)(2017052603031)(201703131423075)(201703031133081)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:AM4PR0801MB2708;
x-ms-traffictypediagnostic: AM4PR0801MB2708:
x-exchange-antispam-report-test: UriScan:(151999592597050)(125551606395959)(278178393323532)(158342451672863)(278428928389397)(26388249023172)(236129657087228)(192374486261705)(148574349560750)(21748063052155);
x-microsoft-antispam-prvs: <AM4PR0801MB2708C4A3A831FC4521F8B0B7FAA60@AM4PR0801MB2708.eurprd08.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(8121501046)(2017060910075)(5005006)(3002001)(100000703101)(100105400095)(93006095)(93001095)(10201501046)(6055026)(6041248)(20161123555025)(20161123564025)(20161123560025)(20161123558100)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(6072148)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:AM4PR0801MB2708; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:AM4PR0801MB2708;
x-forefront-prvs: 0373D94D15
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(39400400002)(39410400002)(39850400002)(39860400002)(39840400002)(39450400003)(40434004)(790700001)(6116002)(102836003)(5630700001)(25786009)(3846002)(66066001)(55016002)(99286003)(7696004)(3480700004)(7736002)(81166006)(50986999)(86362001)(54356999)(8936002)(2906002)(3280700002)(5890100001)(1730700003)(4743002)(5250100002)(3660700001)(8676002)(33656002)(6916009)(72206003)(14454004)(189998001)(2501003)(2351001)(6436002)(74316002)(6306002)(9686003)(5640700003)(54896002)(478600001)(53936002)(38730400002)(110136004)(7116003)(5660300001)(2900100001)(6506006); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR0801MB2708; H:AM4PR0801MB2706.eurprd08.prod.outlook.com; FPR:; SPF:None; MLV:ovrnspm; PTR:InfoNoRecords; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_AM4PR0801MB27069CC53BC0798D84BE6848FAA60AM4PR0801MB2706_"
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Jul 2017 12:56:10.9483 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0801MB2708
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/Xy5ftFayb4gX6XM9ewQSZFVx2Kc>
Subject: [Teep] Charter Text
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Jul 2017 12:56:18 -0000

Here is the charter text we came up in the side-meeting today.

------

TEEP -- A Protocol for Dynamic Trusted Execution Environment Enablement Charter

The Trusted Execution Environment (TEE) is a secure area of a processor. The TEE provides security features, such as isolated execution, integrity of Trusted Applications along with confidentiality of their assets. In general terms, the TEE offers an execution space that provides a higher level of security than a "rich" operating system and more functionality than a secure element. For example, implementations of the TEE concept have been developed by ARM, and Intel using the TrustZone and the SGX technology, respectively.

To programmatically install, update, and delete applications running in the TEE, this protocol runs between a service running within the TEE, a relay application or service access point on the device's network stack and a server-side infrastructure that interacts with and optionally maintains the applications. Some tasks are security sensitive and the server side requires information about the device characteristics in form of attestation and the device-side may require information about the server.

Privacy considerations have to be taken into account with authentication features and attestation.

This working group aims to develop an application layer protocol providing TEEs with the following functionality,
* lifecycle management of trusted applications, and
* security domain management.

A security domain allows a service provider's applications to be isolated so that one security domain cannot be influenced by another, unless it exposes an API to allow it.

The solution approach must take a wide range of TEE and relevant technologies into account and will focus on the use of public key cryptography.

The group will produce the following deliverables. First, an architecture document describing the involved entities, their relationships, assumptions, the keying framework and relevant use cases. Second, a solution document that describes the above-described functionality. The choice of encoding format(s) will be decided in the working group. The group may document several attestation technologies considering the different hardware capabilities, performance, privacy and operational properties.

The group will maintain a close relationship with the GlobalPlatform, Trusted Computing Group,  and other relevant standards to ensure proper use of existing TEE-relevant application layer interfaces.

Milestones

Dec 2017     Submit "TEEP Architecture" document as WG item.

Feb 2018     Submit "TEEP Protocol" document as WG item.

July 2018     Submit "TEEP Architecture" to the IESG for publication as an Informational RFC.

Feb 2019     Submit "TEEP Protocol" to the IESG for publication as a Proposed Standard.

Additional calendar items:

Nov 2017     IETF #100 Hackathon to work on TEEP protocol prototype implementations.

Mar 2018     1st interoperability event (at IETF #101).

Jul 2018       2nd interoperability event (at IETF #102).

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email