Re: [Teep] Review of draft https://tools.ietf.org/html/draft-ietf-teep-otrp-over-http-06
Dave Thaler <dthaler@microsoft.com> Sat, 18 July 2020 01:34 UTC
Return-Path: <dthaler@microsoft.com>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A2EC3A0901 for <teep@ietfa.amsl.com>; Fri, 17 Jul 2020 18:34:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rXYEIPz-R0vS for <teep@ietfa.amsl.com>; Fri, 17 Jul 2020 18:34:21 -0700 (PDT)
Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2104.outbound.protection.outlook.com [40.107.243.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2AECA3A0900 for <teep@ietf.org>; Fri, 17 Jul 2020 18:34:20 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QwaiGCrUCuKPm56I6CkdbFhZ/gxIjhYlHtSnlz/m3pBU+6mxDXRx2LiTPvTqFgIJeZDoitmXS3VZiYfORfXe5jQG7IcmKs+GDlBlkS8Guan48Rvmn274bfIPq6tD8mCwTWZyW2EB4kk6CuNWqusm0DCaDGcQO2CB/ZFiMyXCAouDja2yXjITYA51Ldg6SaMTEG4YgFBL1Dy2Akk0WwbhYpi0kor/V5Qt8hYL1O1XkY1753cdAzxXDNJRAOZAmX5LOo34aaFv0PepE9B17wgLA9r5XoJvV709lzTHOKVjjP9QEaNTD3HSQf1OEr7H5/9wSovJqkEoo+yGCKbGox9rfw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CDxdwffY7+x+3K1/1C0CNyMYVGtl3Tmm41mDpF9oz9Q=; b=ZfPblDJDghMeu7IZ4Z16irwq75lSnbUxW0U0yiwtwlJe829H+1k7Fx+lX4+wWaxfLiJR18I2OiuaE9E+ZOVRTriS9sWx+4NNKJV7ahZAfCOyi6NObzxg8kEvwPFawib21WdockXeNmcICghkMF8GsvSnyWXMCy3s9+wrCf8qiALBpjTeXEA40BKAn8BVgTbV2G4sy7OIGjbPIzVEN1Ng7d8u7sCxaLZqa5uYIcm9j5Q6SpLBmYVXjLA1VPzmfLPnKDlreD6CTx7pynA4wAwKo7C9iCOr5T03/uJAkO/HE4/Zgrhww1xizm3ZRplbXx7yI4d48EB7kE7NRNUF33F5kg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CDxdwffY7+x+3K1/1C0CNyMYVGtl3Tmm41mDpF9oz9Q=; b=S9S+aw27fJ2nGhPsrhW9D9dSGRmzURB9FQpx7+GrmbQ+1io+0sJjPb4pCW7bgjs8lrMpFSROattbtu6cPDtCwFPjWPkTR5J0oFYEeqCg8zg0p3T/w26WsvAo2FskKpXBO5KU+mb3/sPn7cbcpdipF1ath5kf7qmAhQXZq0w0/j0=
Received: from BL0PR2101MB1027.namprd21.prod.outlook.com (2603:10b6:207:30::33) by BL0PR2101MB1332.namprd21.prod.outlook.com (2603:10b6:208:92::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3216.13; Sat, 18 Jul 2020 01:34:15 +0000
Received: from BL0PR2101MB1027.namprd21.prod.outlook.com ([fe80::29cb:295d:97bc:3f7f]) by BL0PR2101MB1027.namprd21.prod.outlook.com ([fe80::29cb:295d:97bc:3f7f%9]) with mapi id 15.20.3216.011; Sat, 18 Jul 2020 01:34:15 +0000
From: Dave Thaler <dthaler@microsoft.com>
To: Mingliang Pei <mingliang.pei@broadcom.com>
CC: "teep@ietf.org" <teep@ietf.org>
Thread-Topic: Review of draft https://tools.ietf.org/html/draft-ietf-teep-otrp-over-http-06
Thread-Index: AQHWW7mDmQ9YhfvJ10asxXOZvn2t0akK7sLggAAPJQCAAWhxUIAACoeAgAAOeqCAAAylgIAAA2tA
Date: Sat, 18 Jul 2020 01:34:15 +0000
Message-ID: <BL0PR2101MB1027E34F73C7A4E91DFA3489A37D0@BL0PR2101MB1027.namprd21.prod.outlook.com>
References: <BL0PR2101MB102705E9613F4764C3EB7155A37D0@BL0PR2101MB1027.namprd21.prod.outlook.com> <C430ED29-5EB3-470F-92F5-CDD1C0DD0863@broadcom.com>
In-Reply-To: <C430ED29-5EB3-470F-92F5-CDD1C0DD0863@broadcom.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2020-07-18T01:34:14Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=db85def1-1091-47ca-bc4e-d84dd1cd53cd; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0
authentication-results: broadcom.com; dkim=none (message not signed) header.d=none; broadcom.com; dmarc=none action=none header.from=microsoft.com;
x-originating-ip: [2601:600:9780:16f0:8434:77bb:d5be:ef8]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 9e65ed1b-2209-450b-b59b-08d82abaae80
x-ms-traffictypediagnostic: BL0PR2101MB1332:
x-microsoft-antispam-prvs: <BL0PR2101MB13326DCED31088E4F65E789FA37D0@BL0PR2101MB1332.namprd21.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: uK+cRoSf+Xl9JYC86ISeY7qIextjCCIuntOjDwxUrID8N+zFJEt+LC5PoJE9XKfFpPAA5LTnocL2K77s9umcut1TmG1L+CnE3DVZmQVCAm6o46trGqjUXVMjstlO56vUW+DS0sPsDk+qxvg6tYaX1W/KgRlvAERwuwiakJvml9mJmOQxK9oQV46KOJuEItKfiCLjDRMqdo8VrkX2AucGgqPl8aLbyTENHc1GCBh6z8uhc71aAdkC1JL+Ic0c+qXAymtoJxnll7PzVYX8S7FJIBFqSVmzVv7mGZW/3xWVzdXXXN6E7fb4taL4RHj2UETXEmn11/qgbqwDfXil3SWLS/78W5TzvINuG18PKrMze8a9BMcuuouaqdVVjl+U770Cqa9e02VyBl48Fy3hpWq51A==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BL0PR2101MB1027.namprd21.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(366004)(376002)(396003)(39860400002)(136003)(346002)(9686003)(2906002)(71200400001)(76116006)(6506007)(66556008)(53546011)(186003)(64756008)(66446008)(8936002)(66476007)(966005)(82950400001)(52536014)(55016002)(10290500003)(82960400001)(5660300002)(7696005)(478600001)(33656002)(6916009)(4326008)(166002)(86362001)(66946007)(83380400001)(316002)(8676002)(8990500004); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: IdDpI5hkmqjPPauEfYaqB/TZ7oQ+pUa4FgasYGni1z0sCjE7rR/+CS3Y0DdbNJkayAvl5yO6g5AqvBYmR+nFtC5FVne03OiTDYkRsKThXCoAVhVqxP2sTaN12YPcv4DkOS/ecI6GvsuP5tncOdZhNXVHUa008r3EbTOIy1IUtBFJEJCnRsexzNaLKj/pta551fREojXbjdSiihFQt5s7UKlnlBOusH8DxaBOassfCM0Pz9PpP7Jjr8b6+6GK8eJM+mIzdaRSkEuR5Aaaa6ql2Rli+O1FncM0e0iYYryF+V8zY855ZMMKyy6Q92begCLLM2uMO1pOdQESu+L+UUfl3h5/uvP9EZzLBjqAUiGuDpSp9DmXU7dxs2ScoOrkb3HXsdRQIpTvVKFQ6HOvD/5qQQqw/Jnl/IDz1jEDM9FHNudF4EppoySXtV9xaY58AxzryoeXuKxFAHVEKmvS0ADJscWamdnHfLq/ZgNpVH9oAf9VFsa6Rh+lM9Y1RGnPpO1gZSdUpYsonzlSK+i85e/D03IMnRwk7IXGkusQaYvhWg8bdz9YsNkssPwY7BvHZqnJ
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_BL0PR2101MB1027E34F73C7A4E91DFA3489A37D0BL0PR2101MB1027_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BL0PR2101MB1027.namprd21.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 9e65ed1b-2209-450b-b59b-08d82abaae80
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Jul 2020 01:34:15.2319 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Z8/e9exDgg2T8eo95X4mnsGQZ6aC+lvUzWRE0Xx5sfMHNwBwIP0zLTdXKRtdy7pVyujxz/YblCz1jPL0VUq3lh7Omcnc2Fjs4kMVK2pShxc=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR2101MB1332
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/bIyHyUHE5Ccp6Ha1uNTbtPXiHO8>
Subject: Re: [Teep] Review of draft https://tools.ietf.org/html/draft-ietf-teep-otrp-over-http-06
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 18 Jul 2020 01:34:23 -0000
The power of us using RATS and SUIT is that the TEEP protocol gets lots of stuff for free. We don’t need TEEP protocol methods for things that can be done as RATS claims or SUIT manifest commands. From: Mingliang Pei <mingliang.pei@broadcom.com> Sent: Friday, July 17, 2020 6:21 PM To: Dave Thaler <dthaler@microsoft.com> Cc: teep@ietf.org Subject: Re: Review of draft https://tools.ietf.org/html/draft-ietf-teep-otrp-over-http-06 Hi Dave, TEEP protocol itself defines what TEEP protocol does for TA. It doesn’t list what is not allowed; implementation still has freedom to add management for dependencies it needs. My concern is whether additional protocol methods should be defined if TEEP is used to manage other non-TA code. We can choose to not mention it which doesn’t mean it disallows them. If we choose to include non-TA, we could mention that TEEP extensions later may be added for those to move on. Thanks, Ming Sent from iPhone On Jul 17, 2020, at 5:37 PM, Dave Thaler <dthaler@microsoft.com<mailto:dthaler@microsoft.com>> wrote: My point is that saying you cannot update OP-TEE in a SUIT manifest would be like saying you are not allowed to create an SD in a SUIT manifest workflow. I think trying to disallow such things would be counterproductive and would just result in people using a protocol other than TEEP. Dave From: Mingliang Pei <mingliang.pei@broadcom.com<mailto:mingliang.pei@broadcom.com>> Sent: Friday, July 17, 2020 4:44 PM To: Dave Thaler <dthaler@microsoft.com<mailto:dthaler@microsoft.com>> Cc: teep@ietf.org<mailto:teep@ietf.org> Subject: Re: Review of draft https://tools.ietf.org/html/draft-ietf-teep-otrp-over-http-06 Hi Dave, Our architecture document starts with the following abstract: "This architecture document motivates the design and standardization of a protocol for managing the lifecycle of trusted applications running inside such a TEE." >> TEEP is for provisioning TEEs To me, TEEP is to provision trusted applications to TEEs. This scope is consistent with what architecture doc says. >> whether that is creating an SD or updating OP-TEE We have had good elaboration about SD, and decided to not include it in TEEP. These example artifacts (SD or TEE update) are internal implementation choices, which TEEP doesn't need to define. They are underlying dependencies but TEEP doesn't need to cover whether and how a TEE updates itself and whether a TEE will use SD to host a TA or not. Agreed that this most probably needs WG consensus. This is one word simple change but important about getting on the same page. Hope to hear additional comments. Thanks, Ming On Fri, Jul 17, 2020 at 4:15 PM Dave Thaler <dthaler@microsoft.com<mailto:dthaler@microsoft.com>> wrote: Mingliang Pei mingliang.pei@broadcom.com<mailto:mingliang.pei@broadcom.com> wrote: > 1) Abstract section says "is used to manage code and configuration data" > > Should it just say manage "Trusted Applications" as this can > assume the context defined in TEEP architecture and TEEP protocol > document. No. TEEP can also be used to manage code that isn't a "TA" per se. For example, it could also be used to update OP-TEE (or any other TEE "OS"). MP: Non-TA code management is out of scope for TEEP. TEEP architecture doc only targets to support TA management per use cases and scope sections; it doesn't have design to update OP-TEE or any other TEE OS. TEEP protocol doesn't have methods for non-TA code. It defines only two methods: TrustedAppInstall TrustedAppDelete The transport is to support TEEP protocol doc. I suggest that we limit the scope of TA management across all three docs. I disagree with the above. TEEP is for provisioning TEEs, and TEE architectures vary. For example, CreateSD in OTrP manages a TEE but is not about a TA per se. And in the TEEP protocol we use a SUIT manifest which can express dependencies among TAs, and dependencies on system components, and install (or install updates to) such dependencies as part of SUIT manifest processing. That means if you have TA1 that depends on TA2 that depends on having the latest version of trusted firmware or OP-TEE or whatever, the RATS attestation can include the current state, and the SUIT workflow can install/update it. The fact that the TEEP protocol uses a TA as the leaf/trigger doesn’t mean it can’t also do things that it depends on, whether that is creating an SD or updating OP-TEE. Trying to make some dependencies be out of scope and other dependencies not be out of scope would be arbitrary, complicate the protocol (by saying some SUIT manifests would be illegal, as opposed to just using a SUIT processor), and create discrepancies between TEE implementations (e.g., SGX vs OP-TEE/TrustZone) that in my opinion would not make sense and provide no value. This sounds like something that needs WG consensus either way but I feel strongly about this one. Dave
- [Teep] Review of draft https://tools.ietf.org/htm… Mingliang Pei
- Re: [Teep] Review of draft https://tools.ietf.org… Dave Thaler
- Re: [Teep] Review of draft https://tools.ietf.org… Mingliang Pei
- Re: [Teep] Review of draft https://tools.ietf.org… Dave Thaler
- Re: [Teep] Review of draft https://tools.ietf.org… Mingliang Pei
- Re: [Teep] Review of draft https://tools.ietf.org… Dave Thaler
- Re: [Teep] Review of draft https://tools.ietf.org… Mingliang Pei
- Re: [Teep] Review of draft https://tools.ietf.org… Dave Thaler