[Teep] Comments on draft-ietf-teep-usecase-for-cc-in-network-02
Mingliang Pei <mingliang.pei@broadcom.com> Wed, 09 November 2022 17:49 UTC
Return-Path: <mingliang.pei@broadcom.com>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 871A2C14CE29 for <teep@ietfa.amsl.com>; Wed, 9 Nov 2022 09:49:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.674
X-Spam-Level:
X-Spam-Status: No, score=-2.674 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.571, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=broadcom.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gC0aIqbenFiH for <teep@ietfa.amsl.com>; Wed, 9 Nov 2022 09:49:35 -0800 (PST)
Received: from mail-ej1-x62b.google.com (mail-ej1-x62b.google.com [IPv6:2a00:1450:4864:20::62b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 39ADFC14F75F for <teep@ietf.org>; Wed, 9 Nov 2022 09:49:35 -0800 (PST)
Received: by mail-ej1-x62b.google.com with SMTP id b2so48866469eja.6 for <teep@ietf.org>; Wed, 09 Nov 2022 09:49:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=broadcom.com; s=google; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=fx/nU5qb+5fsZjDBfEvL9PSVpf0eCIsMjVgB0oOSa5c=; b=IMiy4jZds2K1yEJ+kqfrKbt271a1tRSY+vt+uyMt6d+808D23dQKiOHBfx8vK+/0qn I91yNaHJY6NPhaRt5ZlVLGDy1FMHDKV45LFZNgSdR/QpdmDOOefUgToZkZufu8gl8L93 T/6Friaz7iaVBCSIwJo1phmhqEZO1E4XNaCGQ=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=fx/nU5qb+5fsZjDBfEvL9PSVpf0eCIsMjVgB0oOSa5c=; b=UGBwd5yQbcLofpLRnCUPRbYtqsvFBBE+YKkG9gkd3X7y1muc8ej/hCp3cJKSeY5wuA ldHlMMaShs7Xr90EyqJ2RWow43G74ajwe/qv7anfxNIcJP0mTtrlRyJsThumLxPz/eDb WgIXT7XbMdovi2U4Vqd+AcXq0azwloKxDSI3OPegB83fsNb+yPqaPGDib088/Mxed3yi VCjmshU5XfDlSmFEodk/T2/neGwkB5gfaRz2AjXwfBf4QuJX/YvdcwSUZthKpORaCYHS kB7+p8qpdhpDxm+wpw+hzPkZWnmUQfZAA4BJzSO90c57UDoael1HU76sAcWbNfIO9T+f Xfmg==
X-Gm-Message-State: ANoB5plthqu8Yx8d3xDFTR3mFZEl9d2j9nOpDwMsz+MsLHVY8WScva6z Yf7lZhReoSntWTNvPMpi5JzHs1N+W10+N9R/rFblODi3gHb38AIFJHlNKxzssr3wcYUOZRTyCVI GoGOTVX8xT7T1eGqChGA=
X-Google-Smtp-Source: AA0mqf7uZs+P++a/S2vzSU5nfFOUNy46JdDCU1ASVruXuewv/jN33Mwj/RXf3npmUWvl11xWdFw3VWyw/Sih9cXdJuI=
X-Received: by 2002:a17:907:94c7:b0:7ae:76a4:e393 with SMTP id dn7-20020a17090794c700b007ae76a4e393mr759991ejc.743.1668016173593; Wed, 09 Nov 2022 09:49:33 -0800 (PST)
MIME-Version: 1.0
From: Mingliang Pei <mingliang.pei@broadcom.com>
Date: Wed, 09 Nov 2022 09:49:21 -0800
Message-ID: <CABDGos7uTfZ-dgAVW6FZXD=VU662tfb1Kq4rqSWJMav3YKsQ3A@mail.gmail.com>
To: draft-ietf-teep-usecase-for-cc-in-network.all@ietf.org, teep <teep@ietf.org>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="000000000000878dec05ed0d471e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/bO69AsqXNUBU5theUWKDuep8slI>
Subject: [Teep] Comments on draft-ietf-teep-usecase-for-cc-in-network-02
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Nov 2022 17:49:39 -0000
Hi Penglin and co-authors,
Here are a few quick comments on the current draft:
Section 1:
>> ... Environment"[CCC-White-Paper
<https://www.ietf.org/archive/id/draft-ietf-teep-usecase-for-cc-in-network-02.html#CCC-White-Paper>
].
Nits: Extra "
>> In detail, computing unit with confidential computing feature could
generate an isolated hardware-protected area,
Is "hardware-protected area" a common way to say it? Do you need to refer
more such as "in a TEE" or "Security Domain" as examples?
>> ... users need to attest and deploy their data and applications in the
TEE environment
In this sentence immediately following the above, it gives almost only
choice, being "TEE". Is non-TEE technology an option in the CCC referred
general "protected area" or your use of this terminology?
>> In confidential computing, the TEE can also be provisioned and managed
by TEEP architectue and protocol.
1) it is TAs that can be provisioned, not TEE
2) Nits: the TEE --> a TEE
3) Nits: typo architecture
Section 3:
>> Title: Notational Architecture of using confidential ...
Do you want to capitalize all words or not capitalize "Architecture"?
>> Figure 1: notational architecture
Suggest to capitalize the first word at least
Section 4:
>> Usecases
I believe it is more common to use "Use Cases"
>> UA, TA and PD
"PD" isn't defined in TEEP and anywhere in this doc. I understand it tries
to mean "Personalization Data".
>> Case 5 and 6 are new cases that possible in implementation.
TEEP Architecture doc section 4.4 has 5 cases. Need to remove the reference
with case 6.
Also suggest adding TEEP Arch draft reference link here
Nits: ... that are possible....
Section 4.1
>> 4.1 This use case refers to the case 1 of TEEP architecture.
Clarify or make it explicit what "case 1" means - which section in TEEP
Architecture doc. There are the Use Cases section 3 in that doc where it
lists only three cases.
>> The TAM works as Verifier
Nits: as a Verifier
>> Network User works as Relying Party
"Relying Party" may need a definition when it is capitalized. It is first
time used here in the doc.
Nits: a Relying Party
>> The arrow means deploy package to
Nits: means to deploy ...
>> {att TEEP Agent
What does "att" mean?
Isn't a TEEP Broker needed? It is central to the TEEP Architecture. The
sequence row in Figure 2 doesn't mention it.
Similar comments about TEEP Broker for other sections 4.2 - 4.5.
Best,
Ming
--
This electronic communication and the information and any files transmitted
with it, or attached to it, are confidential and are intended solely for
the use of the individual or entity to whom it is addressed and may contain
information that is confidential, legally privileged, protected by privacy
laws, or otherwise restricted from disclosure to anyone else. If you are
not the intended recipient or the person responsible for delivering the
e-mail to the intended recipient, you are hereby notified that any use,
copying, distributing, dissemination, forwarding, printing, or copying of
this e-mail is strictly prohibited. If you received this e-mail in error,
please return the e-mail to the sender, delete it from your computer, and
destroy any printed copy of it.
- [Teep] Comments on draft-ietf-teep-usecase-for-cc… Mingliang Pei
- Re: [Teep] Comments on draft-ietf-teep-usecase-fo… yangpenglin