IETF Logo Mail Archive

Re: [Teep] [Last-Call] Artart last call review of draft-ietf-teep-architecture-16

Mingliang Pei <mingliang.pei@broadcom.com> Fri, 08 April 2022 00:41 UTC

Return-Path: <mingliang.pei@broadcom.com>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2552A3A1B86 for <teep@ietfa.amsl.com>; Thu, 7 Apr 2022 17:41:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.109
X-Spam-Level:
X-Spam-Status: No, score=-7.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=broadcom.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xe6GY7rjyYSC for <teep@ietfa.amsl.com>; Thu, 7 Apr 2022 17:41:12 -0700 (PDT)
Received: from mail-oa1-x29.google.com (mail-oa1-x29.google.com [IPv6:2001:4860:4864:20::29]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C5E273A1B88 for <teep@ietf.org>; Thu, 7 Apr 2022 17:41:09 -0700 (PDT)
Received: by mail-oa1-x29.google.com with SMTP id 586e51a60fabf-d39f741ba0so8163453fac.13 for <teep@ietf.org>; Thu, 07 Apr 2022 17:41:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=broadcom.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=mBpIULa+0uAXiAZ0uZBgsxR6/jn3LIYvRl0CK2wwkIY=; b=MB+WPN6EpdBNgxyR1Y+mzP/bN1NLDwkBJ7TMQ64Phi4YuEsOJLoV/U0lnloV4xDnjt KSfxiNAxdLLgXpff4su7AKx2mCadX9eZpzP059glkv2AsAOKgBXbulZ7AEN7T0XDAKuy ajZvVARHMrddJV4VhUk4Nv7orudY/h4TrEVqg=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=mBpIULa+0uAXiAZ0uZBgsxR6/jn3LIYvRl0CK2wwkIY=; b=xfWkqzSOh6r29hY4FsdhF9ZM9Hd7q51veFIjoVRwUTGGvWklHnYeqQD5v2IA3qK/eq 6vhNP0lhKwqOXxOTw4Yx0K9Idg7rAqDa0MGzdsHUY18xHz4hL/b38ITA9Gm/eAxkiE5s KjVztw7B5MhV1pJJWd6hPY+qmo1Q9JnIDAReWWzsf1U0yN7dBwDPIsT5YJGWPuw6+mX+ 5YBm2k6veKmVQiYbs4pF6LcEYNl82fzbegazvByzGne0Ymh3eoH6myupNEwFRZZNo6YA Rat+jt+en2A4oKHH6insVpFWHIkAAP7Kv0bFtm7Y8gjwalBCaXwufBqWbzXfIeR39Ui3 pQAA==
X-Gm-Message-State: AOAM5333jUeYar+uNEsJUV1iZJJymKq9GtViaTzN8CZ4JE8eUene9Nwf EWHxnFtcv97NUFdmo3MSN9nwlBF1uEJtTEgkO6JcXBLcAMdgbY8B6psv3NUDcKUtaNjdAjVcq2J sf8u2bz9dQ1Q=
X-Google-Smtp-Source: ABdhPJzOYRPMavAJqVfmJ2wq8jmBMAFEUbUYnIGtttsX45M4zk2xtZHfMZhiW4dhgKYz3L+Ty6A0fUmJeTRvaATXiHM=
X-Received: by 2002:a05:6870:218f:b0:e2:8280:7f5d with SMTP id l15-20020a056870218f00b000e282807f5dmr1128187oae.43.1649378468190; Thu, 07 Apr 2022 17:41:08 -0700 (PDT)
MIME-Version: 1.0
References: <164850526406.21554.6982960206540476351@ietfa.amsl.com> <DBBPR08MB5915B3398715EE22DF06BEBFFA1E9@DBBPR08MB5915.eurprd08.prod.outlook.com> <CABDGos6QOEabsz1YfQ_X2uQkQm+9L1WdynksTsTD+T26y_UNXQ@mail.gmail.com> <F88F6DC2-B2AE-45AF-B68E-1A1C75C575EA@vigilsec.com> <CABDGos4QOf+GS5JFbK50D6PORFb=UqpfAzjxSp5xcQLCSoub6Q@mail.gmail.com>
In-Reply-To: <CABDGos4QOf+GS5JFbK50D6PORFb=UqpfAzjxSp5xcQLCSoub6Q@mail.gmail.com>
From: Mingliang Pei <mingliang.pei@broadcom.com>
Date: Thu, 07 Apr 2022 17:40:57 -0700
Message-ID: <CABDGos5fBpe8eLNB1xtZM_qo4gxkUQMBiFNqFh=ag+tvW2gOkw@mail.gmail.com>
To: Russ Housley <housley@vigilsec.com>
Cc: Mingliang Pei <mingliang.pei=40broadcom.com@dmarc.ietf.org>, Hannes Tschofenig <Hannes.Tschofenig@arm.com>, "art@ietf.org" <art@ietf.org>, "teep@ietf.org" <teep@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, "draft-ietf-teep-architecture.all@ietf.org" <draft-ietf-teep-architecture.all@ietf.org>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="000000000000ba0b3d05dc19d92e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/ZqnA29413S3cT_Quz-UJzCQLJ5E>
Subject: Re: [Teep] [Last-Call] Artart last call review of draft-ietf-teep-architecture-16
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Apr 2022 00:41:18 -0000

See PR: https://github.com/ietf-teep/architecture/pull/236, thanks, Ming

On Thu, Apr 7, 2022 at 1:52 PM Mingliang Pei <mingliang.pei@broadcom.com>
wrote:

> Hi Russ,
>
> Great, thank you. Please see inline. I will update RFC with the two points
> agreed.
>
> Best,
>
> Ming
>
>
> On Thu, Apr 7, 2022 at 12:31 PM Russ Housley <housley@vigilsec.com> wrote:
>
>> Please see below.
>>
>> On Apr 6, 2022, at 8:54 PM, Mingliang Pei <
>> mingliang.pei=40broadcom.com@dmarc.ietf.org> wrote:
>>
>> Thanks Russ for your comments. Thanks Hannes for the PR. I made a minor
>> comment on the PR. The changes look good overall.
>>
>> Please see my comments inline about "trust anchor" and "app store".
>>
>> Best,
>>
>> Ming
>>
>> On Mon, Mar 28, 2022 at 11:06 PM Hannes Tschofenig <
>> Hannes.Tschofenig@arm.com> wrote:
>>
>>> Hi Russ,
>>>
>>> Thanks for the review.
>>>
>>> I have created a few PR based on your comments:
>>> https://github.com/ietf-teep/architecture/pull/234
>>>
>>> I have added a few remarks below (mainly agreeing with your
>>> observations).
>>>
>>> Ciao
>>> Hannes
>>>
>>>
>>> -----Original Message-----
>>> From: Russ Housley via Datatracker <noreply@ietf.org>
>>> Sent: Tuesday, March 29, 2022 12:08 AM
>>> To: art@ietf.org
>>> Cc: draft-ietf-teep-architecture.all@ietf.org; last-call@ietf.org;
>>> teep@ietf.org
>>> Subject: Artart last call review of draft-ietf-teep-architecture-16
>>>
>>> Reviewer: Russ Housley
>>> Review result: Almost Ready
>>>
>>> I am the assigned ARTART reviewer for this Internet-Draft.
>>>
>>> Document: draft-ietf-teep-architecture-16
>>> Reviewer: Russ Housley
>>> Review Date: 2022-03-28
>>> IETF LC End Date: 2022-04-07
>>> IESG Telechat date: unknown
>>>
>>> Summary: Almost Ready
>>>
>>> Major Concerns: None.
>>>
>>>
>>> Minor Concerns:
>>>
>>> Section 3.3 says:
>>>
>>>    Weak security in Internet of Things (IoT) devices has been posing
>>>    threats to critical infrastructure that relies upon such devices.
>>>
>>> I'm a bit confused by this opening sentence.  IoT devices usually depend
>>> upon an infrastructure.  This seems to be talking about an infrastructure
>>> that depends upon a collection of IoT devices.  I suggest a minor edits to
>>> help the reader understand that this sentence is not talking about network
>>> infrastructure.
>>>
>>> [Hannes] I have changed the sentence to improve the wording.
>>>
>>> Section 9.3 says that a compromised REE "might drop or delay messages".
>>> This discussion should be expanded to include the replay of messages.
>>>
>>> [Hannes] Agree.
>>>
>>> Section 9.4 says:
>>>
>>>    A root CA for TAM certificates might get compromised or its
>>>    certificate might expire, or a Trust Anchor other than a root CA
>>>    certificate may also expire or be compromised.
>>>
>>> I do not understand the difference between a Root CA and a Trust Anchor.
>>> These are usually used a synonyms.  Please explain the difference that
>>> in intended here.
>>>
>>> [Hannes] Good point. I removed part of the sentence.
>>>
>>>
>> [Ming] Trust Anchor definition says "The Trust Anchor may be a
>> certificate or it may be a raw public key.". When it is a certificate,
>> it doesn't have to be the root certificate. It could be an issuing CA while
>> it isn't a common practice. Do we limit it to a self-signed root CA? I am
>> fine with this, and update accordingly.
>>
>>
>> I think the point about not a "Root Certificate" in all situations is
>> very helpful.  Please add that to the document.
>>
>>
> Ming: will add a clarification line in the definition of "Trust Anchor"
> that a "A Trust Anchor can be a non-root certificate when it is a
> certificate.", and keep the original statement above.
>
>>
>>
>>> Nits:
>>>
>>> Section 1 says:
>>>
>>>    ... The problems in the bullets above, on the
>>>    other hand, require a new protocol, i.e., the TEEP protocol, for TEEs
>>>    that can install and enumerate TAs in a TEE-secured location and
>>>    where another domain-specific protocol standard (e.g., [GSMA],
>>>    [OTRP]) that meets the needs is not already in use.
>>>
>>> Recommend breaking this long sentence up into at least two sentences.
>>> There are two points.  First, the need for a protocol to address the
>>> items listed earlier.  Second, where an existing domain-specific protocol
>>> does not already exist, a new more general protocol is needed.
>>>
>>> [Hannes] Splitting the sentence improves readability.
>>>
>>> Section 4.4 says:
>>>
>>>    ... Implementations must support encryption of
>>>    such Personalization Data to preserve the confidentiality of
>>>    potentially sensitive data contained within it, and must support
>>>    integrity protection of the Personalization Data.
>>>
>>> Why not say that implementation must support mechanisms for the
>>> confidentiality and integrity protection of such Personalization Data?
>>> Also, it seems like draft-ietf-suit-firmware-encryption offers one
>>> mechanism for such protection.  Should it be referenced here?
>>>
>>> [Hannes] Agree that the sentence should be simplified. You are also
>>> right by saying that a solution is available. I am not sure we should
>>> reference the solution in this document or in the protocol spec.
>>>
>>> Section 4: Is an "App Store" a place where apps are stored, or is it a
>>> place where apps a purchased?  The term seems to be used both ways, and in
>>> one place, the document is very general by saying, "an app store or other
>>> app repository".  Elsewhere, the term "Trust Anchor Store" is clearly a
>>> place for storage of trust anchors.
>>>
>>> [Hannes] I am not entirely sure what do about this one. I hope for input
>>> from my co-authors.
>>>
>>>
>> [Ming] "app store" intends to mean "where apps are stored and can be
>> acquired (such as Apple App Store / Google Play)". "Trust Anchor Store"
>> means some storage within a device to keep a list of Trust Anchors. How
>> about add a definition of "App Store" that was depicted in the diagram
>> under Section "Entity Relations" to say the following?
>>
>>
>> Definitions would resolve this comment.
>>
>>
> Ming: thanks
>
>>
>> App Store: a service provider where an Untrusted Application may be
>> downloaded.
>>
>>
>> Suggestion: App Store: an online location from which Untrusted
>> Applications can be downloaded.
>>
>
> Ming: looks better. I will use your version.
>
>
>>
>> Section 9.7: Please consider changing the section title to be something
>>> like: "TEE Certificate Expiry and Renewal".  There is an earlier section
>>> that talks about expiration of Root CA certificates.
>>>
>>> [Hannes] Makes sense.
>>>
>>> IMPORTANT NOTICE: The contents of this email and any attachments are
>>> confidential and may also be privileged. If you are not the intended
>>> recipient, please notify the sender immediately and do not disclose the
>>> contents to any other person, use it for any purpose, or store or copy the
>>> information in any medium. Thank you.
>>>
>>
>> This electronic communication and the information and any files
>> transmitted with it, or attached to it, are confidential and are intended
>> solely for the use of the individual or entity to whom it is addressed and
>> may contain information that is confidential, legally privileged, protected
>> by privacy laws, or otherwise restricted from disclosure to anyone else. If
>> you are not the intended recipient or the person responsible for delivering
>> the e-mail to the intended recipient, you are hereby notified that any use,
>> copying, distributing, dissemination, forwarding, printing, or copying of
>> this e-mail is strictly prohibited. If you received this e-mail in error,
>> please return the e-mail to the sender, delete it from your computer, and
>> destroy any printed copy of it.--
>> last-call mailing list
>> last-call@ietf.org
>> https://www.ietf.org/mailman/listinfo/last-call
>>
>>
>>

-- 
This electronic communication and the information and any files transmitted 
with it, or attached to it, are confidential and are intended solely for 
the use of the individual or entity to whom it is addressed and may contain 
information that is confidential, legally privileged, protected by privacy 
laws, or otherwise restricted from disclosure to anyone else. If you are 
not the intended recipient or the person responsible for delivering the 
e-mail to the intended recipient, you are hereby notified that any use, 
copying, distributing, dissemination, forwarding, printing, or copying of 
this e-mail is strictly prohibited. If you received this e-mail in error, 
please return the e-mail to the sender, delete it from your computer, and 
destroy any printed copy of it.

v2.23.0 | Report a Bug | By Email