[Teep] comments on draft-ietf-teep-architecture-03
Schönwälder, Jürgen <J.Schoenwaelder@jacobs-university.de> Sat, 12 October 2019 08:33 UTC
Return-Path: <J.Schoenwaelder@jacobs-university.de>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2ECD0120841 for <teep@ietfa.amsl.com>; Sat, 12 Oct 2019 01:33:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=jacobsuniversity.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3oCHuTupxEt9 for <teep@ietfa.amsl.com>; Sat, 12 Oct 2019 01:33:53 -0700 (PDT)
Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-eopbgr00076.outbound.protection.outlook.com [40.107.0.76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C36712080A for <teep@ietf.org>; Sat, 12 Oct 2019 01:33:53 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=l17UFlELoeyQPKfdCgBErRHvprH2vra3FCaKBwpN5W9mYr6Isel1J0po5mJb7xTpA3MD8lbkBXItnjMJ0zaKuH5x9TqGt80eGX31M5whLwkkpvZfvg804yegyw3/UT/lSMFl8Ey3SxgpCqKG+8cfPG1fveBbgFZm4+UdAMDUWVXckNTBtQaotvutjwVWJW0jItXJesA3I195zC9VY0Rvln4Z9CUqsrBtXFytmOWHR8WzF9W2ziy4Y2oY1rIo2CKvVZPPIa19INAcpngvyJrNKJBY3Fokdd+ABOLiIIwg7o2LufkvBBfBpOPCicofs1BayqyeQt5a8RZHDKxYKfURJg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=35eXN53pgSXG+T8JII2YA7+HCDXh46KUYcv7WvBV7eE=; b=HseCICV8tYvcFt+8DOAXxiksPGHplhn4t9x1zPnbpdsBOIz++RSvTlwdpvaaFFIEIeO6gl7LgG58BaOpsIcmH24r38I3JlENYMPtNMxWxgUB7cK+WT4x5LqUtbfh38bjQ+5T7aeCQlk+bop3SZKVuEy0WvCqVUpb6NiLmG044CtEDbsAL+3JDUCgCLOt7/6tioiQNvidEl5EOmaFTWtNIsTfendGB4R7lghWudo4ISNQIc2YKT7Pd4d7G8aX67pUaxr7QRnaru2RdgMO31FAMV14CKzuF4SOahI4ON8x3HxaaizGioogHijfhihV+2M64xhWb7Wi/nmFFP+wy9EmBw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=jacobs-university.de; dmarc=pass action=none header.from=jacobs-university.de; dkim=pass header.d=jacobs-university.de; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jacobsuniversity.onmicrosoft.com; s=selector2-jacobsuniversity-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=35eXN53pgSXG+T8JII2YA7+HCDXh46KUYcv7WvBV7eE=; b=qHOZktt5I7gVZhXdCmJLYwR+AEyil74FOOQQVv7n9GkvNOrWb4HGszgNNqTDxgD71pHF4qVR1oroFi+zrnZqgZNs0uJ9dOIi158nE5tI3Xr4isk8B0PO1RA4Ys5YY/VsFs2u5rIPgk/BCN3MxDsB1sFKlIhFVywWnOoQXRtiAuw=
Received: from DB6P190MB0181.EURP190.PROD.OUTLOOK.COM (10.172.229.20) by DB6P190MB0568.EURP190.PROD.OUTLOOK.COM (10.175.241.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2347.18; Sat, 12 Oct 2019 08:33:50 +0000
Received: from DB6P190MB0181.EURP190.PROD.OUTLOOK.COM ([fe80::d1ea:2415:7174:c908]) by DB6P190MB0181.EURP190.PROD.OUTLOOK.COM ([fe80::d1ea:2415:7174:c908%4]) with mapi id 15.20.2347.021; Sat, 12 Oct 2019 08:33:50 +0000
From: "Schönwälder, Jürgen" <J.Schoenwaelder@jacobs-university.de>
To: "teep@ietf.org" <teep@ietf.org>
Thread-Topic: comments on draft-ietf-teep-architecture-03
Thread-Index: AQHVgNfFo7CIIoGYJkGJ0iuAziUE4Q==
Date: Sat, 12 Oct 2019 08:33:50 +0000
Message-ID: <20191012083349.ehhsopwy4brtkjdr@anna.jacobs.jacobs-university.de>
Reply-To: "Schönwälder, Jürgen" <J.Schoenwaelder@jacobs-university.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-clientproxiedby: AM0PR0102CA0012.eurprd01.prod.exchangelabs.com (2603:10a6:208:14::25) To DB6P190MB0181.EURP190.PROD.OUTLOOK.COM (2603:10a6:4:88::20)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=J.Schoenwaelder@jacobs-university.de;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [2001:638:709:5::7]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 1b3e1c9e-c508-4751-ba38-08d74eeee866
x-ms-traffictypediagnostic: DB6P190MB0568:
x-ms-exchange-purlcount: 1
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <DB6P190MB05689AACB899B82F3D809B95DE960@DB6P190MB0568.EURP190.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:6790;
x-forefront-prvs: 0188D66E61
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(136003)(346002)(366004)(396003)(39850400004)(189003)(199004)(14444005)(8676002)(2351001)(256004)(81156014)(14454004)(1730700003)(6916009)(8936002)(64756008)(66476007)(66946007)(66446008)(66556008)(2501003)(45776006)(71190400001)(71200400001)(99286004)(305945005)(7736002)(186003)(81166006)(52116002)(102836004)(6506007)(1076003)(5660300002)(6512007)(25786009)(6436002)(6486002)(5640700003)(6306002)(478600001)(486006)(476003)(46003)(6116002)(2906002)(3450700001)(386003)(43066004)(786003)(316002)(86362001); DIR:OUT; SFP:1101; SCL:1; SRVR:DB6P190MB0568; H:DB6P190MB0181.EURP190.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: jacobs-university.de does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: lgq+5+SO1RC+4KfsrmEwrVwDfa93YxJBrTBTNOgX+YPTd1g/M+VZrCQPw4tdykH3W2CEwZcocVSnLlwB58E4ULm+wp8m8fwl9IUAVlDk7bLEe18uxs3nxmwm8p8If3j6/75Z3IAu9Jrv5KYUH0bA9tys2r0ssnRlkUoL8pPhhw3DGkcmhhJKQkkvpfZjNQ33t3sFzOPA7U9ageIOIN0OJJCezBfhhL3Z3Ocf3wCXen3ds1TtlSoV+iq8oGoVKeB9DZnp4b314rhJfWEp94kLJwvVSSsRh3qZJwfe3cZXtJePfvCvFoYCCW3W/+XIKfpE0ScM/KjoNYl1gSVUrSCi1/U3rIzO5AfFuwznoCW/6ukwxtsIztEk26FWF6PpZmw1LaHsNXnpDh9GAWMTOAdyVlZZreO0gbXyN2VbgA2eytYCmdYV5NdYkEhXDbW3aDZiMvSXWDoXvNqdqMToxnk4dQ==
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <ADA691B9B6832143B2DFE4B5DF59CD7D@EURP190.PROD.OUTLOOK.COM>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: jacobs-university.de
X-MS-Exchange-CrossTenant-Network-Message-Id: 1b3e1c9e-c508-4751-ba38-08d74eeee866
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Oct 2019 08:33:50.5743 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f78e973e-5c0b-4ab8-bbd7-9887c95a8ebd
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 5Ra0TgRkolUBhC4PXP50F5RxOajlx5P5tF4jnlVKSa1HzWY7BHbEWp2L5Wa+YmJC2u7KIv3JEu8Vj8HPBm4xe6ny0b5NsMSy2iorFErxAcg=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6P190MB0568
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/dCoC4-zkhnkJFL_JA2kxjXBY2ec>
Subject: [Teep] comments on draft-ietf-teep-architecture-03
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Oct 2019 08:34:00 -0000
Hi, I am new to TEEP (so please forgive my ignorance) and I thought I start by reading the architecture document. Below are my comments on draft-ietf-teep-architecture-03. In general, I found the document to be helpful and in reasonably good shape. - RFC 2119 language This seems mainly used in the section about attestations. Do we really need RFC 2119 terms in this architecture document? Some of the SHALLs do not seem to be really needed. - UA == CA ? The introduction introduces UA but then this is only used again once in 5.2. Given that section 2 starts with defining CA, is CA the same as UA (and hence UA should be replaced with CA)? - root of trust This definition remains a bit unclear and it ends with an ad-hoc reference to a NIS draft. I searched for RoT in the document but it is not widely used. Perhaps this term can even be replaced by simply expanding the definitions of TFW a bit? - acronyms and terms I notice that not all terms for which acronyms are defined at the end of section 2 are actually defined terms. Perhaps they should all be defined? Missing are TAM (Trusted Application Manager) and SD (Security Domain). The later one (SD) in particular would benefit from a definition. - assumptions Does it make sense to have a top-level section consisting of just two sentences? Perhaps move this into a subsection of the architecture section? - #notionalarch What is #notionalarch? A broken reference to Figure 1? - typo caption figure 2 s/wtih/with/ - typo 5.5 s/would required/would require/ s/recieve/receive/ - typo 5.7 s/may different/may be different/ - trust anchors It seems that managing trust anchors will be crucial in order to deal with 'crypto gone wrong' scenarios. Is it really smart to leave management and updates to proprietary mechanisms? Why can't trust anchors not be managed like other TEE data? What is the reason to declare this out of scope - too complex? too hard to find agreement? Will trust anchor changes cause installed TAs to be removed if they lost their trust? - message security It may help to clarify what the 'ends' are in the statement "messages are signed end-to-end". In particular, is the end the TEEP Agent and the TAM? - teep broker I am not sure what "A shared module in REE comes to meet this need." tells me. What is a "shared module"? Perhaps the sentence can simply be removed. I am not sure the text is really clear. There are two kinds of interactions, a CA needing a TA to be made available and CA using a TA. I assume the first goes with the TEEP broker but the later via REE OS mechanisms. Or does the TEEP broker provide the single interface via which CAs request TA services? - attestation "but the OTrP protocol SHALL allow" - this is the first time OTrP shows up and RFC 2119 language is used; did you mean to say a TEEP protocol? or something like that? - crypto properties Does it really make sense to fix digital signature formats in an architecture document? The list of formats will likely change over time; so it is good to define MUST for today's blessed list? - figure teep attestation layout Perhaps change the layout such that the claims are listed one below the other instead of next to each other (this way things may fit into the space - yes, I am still using 80 column terminals). - typo attestation flow s/Attesations/Attestations/ - security Why does that text say "should be validated" instead of "must be validated"? What is the GetTAInformation function discussed in the security considerations? It seems to fall out of the air. /js -- Juergen Schoenwaelder Jacobs University Bremen gGmbH Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany Fax: +49 421 200 3103 <https://www.jacobs-university.de/>