IETF Logo Mail Archive

Re: [Teep] Review of draft-ietf-teep-architecture-08

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Tue, 21 April 2020 14:46 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 712923A0415 for <teep@ietfa.amsl.com>; Tue, 21 Apr 2020 07:46:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=XtPEOme3; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=XtPEOme3
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CtptgpKEi4tu for <teep@ietfa.amsl.com>; Tue, 21 Apr 2020 07:46:47 -0700 (PDT)
Received: from EUR03-AM5-obe.outbound.protection.outlook.com (mail-am5eur03on0626.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe08::626]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 34F673A0405 for <teep@ietf.org>; Tue, 21 Apr 2020 07:46:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Ba9s4Bibv/RpBCuMMiXM0XEHU8L4mhR/1Dsh4Jf9uYU=; b=XtPEOme3JRv8TT6LO/ZnIMiaFP0v3p8WHitQD2upCJwjM9UtZriScedDNTp+pRHYJv755kZcCWJEllBj0ccW9XCiT4ZAoP+eWnjxh6BgrlskMeigIHk4Iw3ZabuOCD9LFtZeRwumPx4/rtxTDyp/6YpQ272LXAwxOzPHP+fEYpY=
Received: from AM0PR10CA0027.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:208:17c::37) by VI1PR0802MB2144.eurprd08.prod.outlook.com (2603:10a6:800:a3::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2937.13; Tue, 21 Apr 2020 14:45:54 +0000
Received: from AM5EUR03FT007.eop-EUR03.prod.protection.outlook.com (2603:10a6:208:17c:cafe::a2) by AM0PR10CA0027.outlook.office365.com (2603:10a6:208:17c::37) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2921.25 via Frontend Transport; Tue, 21 Apr 2020 14:45:54 +0000
Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=bestguesspass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM5EUR03FT007.mail.protection.outlook.com (10.152.16.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2900.18 via Frontend Transport; Tue, 21 Apr 2020 14:45:54 +0000
Received: ("Tessian outbound d63670e9da8f:v53"); Tue, 21 Apr 2020 14:45:54 +0000
X-CR-MTA-TID: 64aa7808
Received: from d0ec7d409e5b.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 4462C321-2238-444E-8B3B-64984353BECC.1; Tue, 21 Apr 2020 14:45:48 +0000
Received: from EUR05-AM6-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id d0ec7d409e5b.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Tue, 21 Apr 2020 14:45:48 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZZBTrNnWIRGEfqkhxIGIGwegIJiGvYH6j9x2DOoS9tSCidR3Hc5eZADI82XXiaKbS/LHN9B0qvdkpemmgSmkrJ9HySyWIzDzjCFYjpxDTapSrYFeSKUdlHpsQubIVFOw/tyI0gXH4qgnbjfb+stjYacqSOWze46sRiwU+qnrngJFpNJHAwFjdm99dC5qLsWCI4MC2mKHuz+/FcogRPMFpgluflDzZaZkz5eTtZtdaHi537SXofAf19ACL9Uz45fJCZ+rI4tyP0/9lN2UOO8zGpBLzQBnqvd9kVMQsSO7D6H8ITWddFfdJEowqBNI6xgsQMaQvzjVxMMibNH6fVQNlg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Ba9s4Bibv/RpBCuMMiXM0XEHU8L4mhR/1Dsh4Jf9uYU=; b=AItho+AYR78LXwKHwMOZfhtPvVf3yOJpZXXRseWPk940yGfIWGUN/5Xzbh3pLFMy53IUjDPtxkKcIA1cZi9wCxphtFnj39JON4tEtoijuSO3UdOLHLHC7gCby77wJoYeJTsv8E6dzksfcpKf3MmqGv7XOsmJaTnwHewgr96ycgg/pF/zuWsCX7P/Z4r2aTR04xt+M1J6wN7ZfF3j2lS0d5jk+6/CjHO1EmAa9ax9aljEcpIImnZfpBTz1rdpDPcVyBF+WL0DzU5yd5wRf8GTm7A5B2ZBYVuLvj5+GaQMEpSgxphvUHrXz/Lahgrni/n5E7c6csJJiV9cHmE9n/BxAw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Ba9s4Bibv/RpBCuMMiXM0XEHU8L4mhR/1Dsh4Jf9uYU=; b=XtPEOme3JRv8TT6LO/ZnIMiaFP0v3p8WHitQD2upCJwjM9UtZriScedDNTp+pRHYJv755kZcCWJEllBj0ccW9XCiT4ZAoP+eWnjxh6BgrlskMeigIHk4Iw3ZabuOCD9LFtZeRwumPx4/rtxTDyp/6YpQ272LXAwxOzPHP+fEYpY=
Received: from AM0PR08MB3716.eurprd08.prod.outlook.com (2603:10a6:208:106::13) by AM0PR08MB4178.eurprd08.prod.outlook.com (2603:10a6:208:133::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2921.29; Tue, 21 Apr 2020 14:45:47 +0000
Received: from AM0PR08MB3716.eurprd08.prod.outlook.com ([fe80::f501:c93e:1c20:8bee]) by AM0PR08MB3716.eurprd08.prod.outlook.com ([fe80::f501:c93e:1c20:8bee%6]) with mapi id 15.20.2921.030; Tue, 21 Apr 2020 14:45:47 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Russ Housley <housley@vigilsec.com>, teep <teep@ietf.org>
Thread-Topic: [Teep] Review of draft-ietf-teep-architecture-08
Thread-Index: AQHWFPgF+4V7s+hm5EGip0UBtF6t6KiDh6bw
Date: Tue, 21 Apr 2020 14:45:47 +0000
Message-ID: <AM0PR08MB3716D21FB8FAC0D1597D91F6FAD50@AM0PR08MB3716.eurprd08.prod.outlook.com>
References: <218509BB-AD51-4F29-8904-2BD5D4AF663D@vigilsec.com>
In-Reply-To: <218509BB-AD51-4F29-8904-2BD5D4AF663D@vigilsec.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ts-tracking-id: 77a70ade-ba86-4b8e-9afe-9b014bc73aa5.0
x-checkrecipientchecked: true
Authentication-Results-Original: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com;
x-originating-ip: [217.140.96.140]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: 0231dea8-8232-4adb-9163-08d7e602b1a1
x-ms-traffictypediagnostic: AM0PR08MB4178:|VI1PR0802MB2144:
X-Microsoft-Antispam-PRVS: <VI1PR0802MB21442BBE6FA214BBFF244CABFAD50@VI1PR0802MB2144.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:1013;OLM:2449;
x-forefront-prvs: 038002787A
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR08MB3716.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(10009020)(4636009)(346002)(376002)(396003)(39860400002)(366004)(136003)(71200400001)(9686003)(5660300002)(55016002)(86362001)(8676002)(81156014)(8936002)(2906002)(33656002)(66574012)(110136005)(7696005)(64756008)(66476007)(6506007)(53546011)(316002)(26005)(186003)(966005)(478600001)(76116006)(66446008)(52536014)(66556008)(66946007); DIR:OUT; SFP:1101;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: YvPt/lJSaodYb23ncxDpeP6qrUZvdwnYemTkx2Z/c5oIS8MNDJ+wdQS01CAyyOzfbX8kmdc7N248oJSN5Q9M7h+fZ8Tx5HUN89I1WGYXFylVaCe9mYzp2dULEThUHYr0xA8OjR5jMxfACoXvnMjq0aiJVj0BXzHxevrwlE4KSfTVTzC0cb5V/ZCypa8WI7ATdey2tUz4r5SLy7OkQisD1pEyl3uugAFw88xgHe/5Bftj3xW9qfh0SFw7NSTpRWfQ3gD+BWk7Hrj5BSJpaevGiLN5BQ3N43FeKnnTuDzNo+a37tJQuCRAX+2p2HvVapACUynsUxI8x6DSr3hXH1OPnUxyLt+vhqecRiULa4N1+5C7dnnG/4p636o0WdYl6XiNDIAoTfMtyjX3U2MV1Rmca7AfJSr22ZLotx6owt6r31IZ5NHWHZqUuwK3z4VN8O1r+iy4302/w6xLVVrGebTEJkgyyVj0mDmLVVmLYJmaIkzYTc6MOWWVFIX7Dq+xdObfvCn2OSHFK5dVNMWfpjngyA==
x-ms-exchange-antispam-messagedata: SR4Lb1TRvGogd/E4ckq7wnr7XtmKHmlzSDhLItpUSQTVekrOXhV/yyEhzoEnCrcYw2hjLQ6I48V5OV5IHCtLlO7FLuHfdfuOgfYDeu2LUd/Fa+J2mMgay7IxHl43xpIpQuzHTU1N8af+Q0j/VLtWcg==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR08MB4178
Original-Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT007.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFTY:; SFS:(4636009)(39860400002)(136003)(396003)(346002)(376002)(46966005)(86362001)(82740400003)(52536014)(33656002)(55016002)(47076004)(9686003)(81166007)(70586007)(70206006)(186003)(336012)(26005)(966005)(8676002)(110136005)(36906005)(316002)(478600001)(81156014)(356005)(8936002)(5660300002)(66574012)(53546011)(6506007)(2906002)(7696005); DIR:OUT; SFP:1101;
X-MS-Office365-Filtering-Correlation-Id-Prvs: 6ca8c146-7cb6-4acb-3e6c-08d7e602adbb
X-Forefront-PRVS: 038002787A
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: tmeqwESOgnQ5SrpYXidY3o58qXxaNuQd9IhjmRJUtQAamNQ3pmdSk0suwSV/fcur4UUOjIDfwCS1IviiLcQN/aBJLl5LWJbFZRBU+3H8lokHVvxhyupnr2jMLU1qgon2TBfHYKR/3LbIJkoNK3vGFQYRyR77XbTLp6kkpYVYm1c5hsZCTcFFLNRJX7Kf90efSH4HbGWhMeGP1jke1mxWMaNS9gBkTXd/Agr13U6Yv12FE7SsUWClPLIs2Meyafuu5fxKfH6p7qzZH2ZwYc1Yizxv8kQaJOd5j27faBFuZPiHq5pUzZzKT22sHLv8CBmOgSsMSEzJKQlDfSVLF6DipTQg5yQl47Bt9Zhq+2QynIH4gePYF3TH/qwdM9rBd14i+3XPi6OIPI/oeX7Ih7i/Wt94OUKB6N0fQCiGLWd3hcm9JDmPg8c0JhxivoYV7FlMNv5ItY3+rthCYR8O5lkUEAIYMeaSiWUAUQSd/JUfrDB1i2kXAEs7JyqfEmc74tmBQwTaojzlZFVGChCBmilAqCQF9BUCQdK49NTTHoNgwjIvx6xNnZalxbPWNFc2o8+YWrwXFhoFl/+HMUXoHyZMeg==
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Apr 2020 14:45:54.0092 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 0231dea8-8232-4adb-9163-08d7e602b1a1
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0802MB2144
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/dTZJaSgimGnHym7ERlExWw0o8bA>
Subject: Re: [Teep] Review of draft-ietf-teep-architecture-08
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Apr 2020 14:46:53 -0000

Hi Russ,

Thanks for the detailed review. I addressed almost all of it but see my response below. Ming/DaveW/DaveT - there are also some items for you...

-----Original Message-----
From: TEEP <teep-bounces@ietf.org> On Behalf Of Russ Housley
Sent: Friday, April 17, 2020 10:34 PM
To: teep <teep@ietf.org>
Subject: [Teep] Review of draft-ietf-teep-architecture-08

On the last TEEP call, I agreed to review the TEEP Architecture document.  Here are my comments and questions.

1) Section 1 says:

   Typically, application components are chosen to execute inside a TEE
   because those application components perform security sensitive
   operations or operate on sensitive data.

Recognizing that this is the introduction, I was wondering if you could provide a bit more explanation here.  Earlier in the paragraph, the document offers an example of a banking application.  There would be components of such and application that are trusted, and other components would be untrusted. This concept is described, but the coupling to make a complete application could be more explicit to prepare the reader for the detail that is coming.  Within such an application, it would be good to offer an example of a security sensitive operations and a separate example of operating on sensitive data.

[Hannes] Here is the PR:
https://github.com/ietf-teep/architecture/pull/162

2) Section 1 says:

   To simplify the life of TA developers interacting with TAs in a TEE,
   an interoperable protocol for managing TAs running in different TEEs
   of various devices is needed.

This feels incomplete to me.  Making sure that compatible trusted and untrusted components of an application are installed on the same device is vital when they are not bundled.

[Hannes] Fair enough. I created a PR on this topic as well:
https://github.com/ietf-teep/architecture/pull/163

3) Section 1 offers:

   -  A TA developer wants to remove a confidential TA from a device's
      TEE if the TA developer is no longer offering such TAs or the TAs
      are being revoked from a particular user (or device).  For
      example, if a subscription or contract for a particular service
      has expired, or a payment by the user has not been completed or
      has been rescinded.

This implies that the TA developer has some of the privileges that I associate with the TAM.  Yes, I see the note at the end of the bullets, but I think this is an indication that the privileges are not quite right for these roles.  Also, if I was writing a TA for a subscription, I would have the TA perform some form of payment checking, and then refuse to decrypt the content if the payment checking fails.  Perhaps the REE passes a signed proof of payment.  This way, the TA developer does not need to actually have permission to remove a TA. Further, if the TA is on a multi-user device, removing the TA would adversely impact other users.

[Hannes] I agree with you. This sounds a bit strange. I have changed the wording to:

  - A Device Administrator wants to remove a TA from a device's TEE if
    the TA developer is no longer maintaining that TA, when the TA has
    been revoked or is not used for other reasons anymore (e.g. due to an
    expired subscription).

The PR is:
https://github.com/ietf-teep/architecture/pull/163

4) Section 2 says:

   -  Untrusted Application: An application running in a Rich Execution
      Environment.

For alignment with the definition of a TA and te terms used in section 1, I think this should say:

   -  Untrusted Application: An application component that runs in a
      REE.

It is also useful to indicate that the Untrusted Application may be dependent on one or more TAs.

[Hannes] Sounds useful to me. PR is here:
https://github.com/ietf-teep/architecture/pull/164

5) Section 3.3 talks about the Internet of Things.  It does not talk about the billions of devices being used to mount DDoS attacks.  Can it cover that too?  Without putting the network interface inside the TEE, I'm skeptical there is a solution.

[Hannes] The DDoS attacks you are referring to were caused by default passwords on those devices. A TEE cannot help with that directly. You can, of course, put per-device credentials and isolate them better using the TEE. The problem with the DDoS attacks of these IP-based cameras wasn't the lack of isolation of software but the fact that all devices used the same credentials and that those credentials were public. I am not sure what I could write to talk about these use cases without making too many assumptions.

6) Section 3.4 talks about Confidential Cloud Computing.  Can something be said in Section 4.4.1 to make this less abstract?

[Hannes] This is a question for DaveT. Maybe there is some text that could be copied from the CCC.

7) Section 4.1 defines CA incorrectly.  A CA is not "Certificate-based credentials".  A CA issues certificates, and the certificates are then used for authentication and cryptographic key management.  This bullet should begin: "A CA is ..." to follow the pattern of the other bullets.

[Hannes] Stupid mistake. Here is the PR:
https://github.com/ietf-teep/architecture/pull/165

8) Section 4.3 introduces the term "TA software author" and "TA signer."  I hope we ca pick one.  Please add the term that is chosen to Section 2.

[Hannes] Good catch. I have expanded the text for the TA developer in the intro section and have also removed the terms "TA software author" and "TA signer" with the term "TA developer".

9) Section 4.4 should require support for both confidentiality and integrity protection.

[Hannes] Of course. I correct it. Here is the Pr:
https://github.com/ietf-teep/architecture/pull/165

10) Should GlobalPlatform be added to Section 4.4.1?

[Hannes] GlobalPlatform defined APIs that simplify the experience of developers when need to pass information between the Untrusted App and the TA (and also for the TA to access secure world OS features). I could add text but I am wondering whether this would go a bit too far.

11) Section 4.5 uses the term "TA binary signers" and "TA signer".  Please see comment 8 above.

[Hannes] I hope I removed all occurrences.

12) Section 5 says: "... encrypted with the TAM public key ...".  This is not correct.  The TAM public key is used to establish the key that is then used for encryption and decryption.  Further the wording is aimed at RSA, which is a key transport algorithm.  Please make the wording accommodate key transport and key agreement approaches.

[Hannes] I changed the text in this PR but I wanted to note that we don't want to go into the details on how the encryption works because the details, as you point out, vary a bit from mechanism to mechanism.

PR:
https://github.com/ietf-teep/architecture/pull/166

13) Section 5.1 says that a TAM obtains "a TAM certificate from a CA"; however, Section 1 said that a trust anchor could be a raw public key.  Can the TAM use the raw trust anchor key directly?

[Hannes] I enhanced that sentence.

14) Section 5.2 and Section 5.3 should allow signatures to be directly by the trust anchor.  The current working requires a certification path.

[Hannes] I have updated the text but have a look whether I captured everything. Here is the PR:
https://github.com/ietf-teep/architecture/pull/166

15) Section 5.4 says that "self-signed certificates" are allowed.  I think this is the same as allowing signatures to be directly by the trust anchor.  Please consider this comment in conjunction with comment 13 above.

[Hannes] I removed it because I don't think that self-signed certificates really make sense given what we described elsewhere.

16) Section 7 says that there are "different attestation algorithms".  Does this mean different set of claims?  Please be more clear here.

[Hannes] The idea was to be flexible with regards to attestation schemes, like ECDSA-based attestation, Direct Anonymous Attestation (DAA), Enhanced Privacy ID (EPID), a Privacy CA, etc. With our decision to support EAT tokens I believe we pushed the responsibility over to RATS.

I still added a few examples:
https://github.com/ietf-teep/architecture/pull/167

17) I think the discussion about "assumptions" would be better written as things that need to be considered when assessing the degree of confidence in the claim by the TEE,

[Hannes] @DaveW: Can you take care of this? I believe you wrote that section.

18) Section 18: Asymmetric algorithms are also used to manage the symmetric keys.  Symmetric algorithms are also used for data integrity.

[Hannes] I added a remark on this topic in this PR:
https://github.com/ietf-teep/architecture/pull/168

19) Section 9.4: Please expand this discussion to cover compromised trust anchors and compromised intermediate CAs.

[Hannes] @Ming: Can I push this to you? I believe you wrote that text.

20) Section 9.7: You may want to point to Section 4.1.2.5 of RFC 5280, which tells how to make a device certificate that never expires.

[Hannes] Good idea. Here is the PR:
https://github.com/ietf-teep/architecture/pull/168

21) Please add references for SGX and TrustZone, adding the citations in the body as appropriate.

[Hannes] DaveT/DaveW: What reference should I use for SGX?

22) Nits:

I covered the nits below in the following PR:
https://github.com/ietf-teep/architecture/pull/169

Ciao
Hannes

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email