[Teep] comments on draft-ietf-teep-architecture-03

Schönwälder, Jürgen <J.Schoenwaelder@jacobs-university.de> Sat, 12 October 2019 08:33 UTC

Return-Path: <J.Schoenwaelder@jacobs-university.de>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2ECD0120841 for <teep@ietfa.amsl.com>; Sat, 12 Oct 2019 01:33:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=jacobsuniversity.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3oCHuTupxEt9 for <teep@ietfa.amsl.com>; Sat, 12 Oct 2019 01:33:53 -0700 (PDT)
Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-eopbgr00076.outbound.protection.outlook.com [40.107.0.76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C36712080A for <teep@ietf.org>; Sat, 12 Oct 2019 01:33:53 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=l17UFlELoeyQPKfdCgBErRHvprH2vra3FCaKBwpN5W9mYr6Isel1J0po5mJb7xTpA3MD8lbkBXItnjMJ0zaKuH5x9TqGt80eGX31M5whLwkkpvZfvg804yegyw3/UT/lSMFl8Ey3SxgpCqKG+8cfPG1fveBbgFZm4+UdAMDUWVXckNTBtQaotvutjwVWJW0jItXJesA3I195zC9VY0Rvln4Z9CUqsrBtXFytmOWHR8WzF9W2ziy4Y2oY1rIo2CKvVZPPIa19INAcpngvyJrNKJBY3Fokdd+ABOLiIIwg7o2LufkvBBfBpOPCicofs1BayqyeQt5a8RZHDKxYKfURJg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=35eXN53pgSXG+T8JII2YA7+HCDXh46KUYcv7WvBV7eE=; b=HseCICV8tYvcFt+8DOAXxiksPGHplhn4t9x1zPnbpdsBOIz++RSvTlwdpvaaFFIEIeO6gl7LgG58BaOpsIcmH24r38I3JlENYMPtNMxWxgUB7cK+WT4x5LqUtbfh38bjQ+5T7aeCQlk+bop3SZKVuEy0WvCqVUpb6NiLmG044CtEDbsAL+3JDUCgCLOt7/6tioiQNvidEl5EOmaFTWtNIsTfendGB4R7lghWudo4ISNQIc2YKT7Pd4d7G8aX67pUaxr7QRnaru2RdgMO31FAMV14CKzuF4SOahI4ON8x3HxaaizGioogHijfhihV+2M64xhWb7Wi/nmFFP+wy9EmBw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=jacobs-university.de; dmarc=pass action=none header.from=jacobs-university.de; dkim=pass header.d=jacobs-university.de; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jacobsuniversity.onmicrosoft.com; s=selector2-jacobsuniversity-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=35eXN53pgSXG+T8JII2YA7+HCDXh46KUYcv7WvBV7eE=; b=qHOZktt5I7gVZhXdCmJLYwR+AEyil74FOOQQVv7n9GkvNOrWb4HGszgNNqTDxgD71pHF4qVR1oroFi+zrnZqgZNs0uJ9dOIi158nE5tI3Xr4isk8B0PO1RA4Ys5YY/VsFs2u5rIPgk/BCN3MxDsB1sFKlIhFVywWnOoQXRtiAuw=
Received: from DB6P190MB0181.EURP190.PROD.OUTLOOK.COM (10.172.229.20) by DB6P190MB0568.EURP190.PROD.OUTLOOK.COM (10.175.241.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2347.18; Sat, 12 Oct 2019 08:33:50 +0000
Received: from DB6P190MB0181.EURP190.PROD.OUTLOOK.COM ([fe80::d1ea:2415:7174:c908]) by DB6P190MB0181.EURP190.PROD.OUTLOOK.COM ([fe80::d1ea:2415:7174:c908%4]) with mapi id 15.20.2347.021; Sat, 12 Oct 2019 08:33:50 +0000
From: =?iso-8859-1?Q?Sch=F6nw=E4lder=2C_J=FCrgen?= <J.Schoenwaelder@jacobs-university.de>
To: "teep@ietf.org" <teep@ietf.org>
Thread-Topic: comments on draft-ietf-teep-architecture-03
Thread-Index: AQHVgNfFo7CIIoGYJkGJ0iuAziUE4Q==
Date: Sat, 12 Oct 2019 08:33:50 +0000
Message-ID: <20191012083349.ehhsopwy4brtkjdr@anna.jacobs.jacobs-university.de>
Reply-To: =?iso-8859-1?Q?Sch=F6nw=E4lder=2C_J=FCrgen?= <J.Schoenwaelder@jacobs-university.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-clientproxiedby: AM0PR0102CA0012.eurprd01.prod.exchangelabs.com (2603:10a6:208:14::25) To DB6P190MB0181.EURP190.PROD.OUTLOOK.COM (2603:10a6:4:88::20)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=J.Schoenwaelder@jacobs-university.de;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [2001:638:709:5::7]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 1b3e1c9e-c508-4751-ba38-08d74eeee866
x-ms-traffictypediagnostic: DB6P190MB0568:
x-ms-exchange-purlcount: 1
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <DB6P190MB05689AACB899B82F3D809B95DE960@DB6P190MB0568.EURP190.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:6790;
x-forefront-prvs: 0188D66E61
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(136003)(346002)(366004)(396003)(39850400004)(189003)(199004)(14444005)(8676002)(2351001)(256004)(81156014)(14454004)(1730700003)(6916009)(8936002)(64756008)(66476007)(66946007)(66446008)(66556008)(2501003)(45776006)(71190400001)(71200400001)(99286004)(305945005)(7736002)(186003)(81166006)(52116002)(102836004)(6506007)(1076003)(5660300002)(6512007)(25786009)(6436002)(6486002)(5640700003)(6306002)(478600001)(486006)(476003)(46003)(6116002)(2906002)(3450700001)(386003)(43066004)(786003)(316002)(86362001); DIR:OUT; SFP:1101; SCL:1; SRVR:DB6P190MB0568; H:DB6P190MB0181.EURP190.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: jacobs-university.de does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: lgq+5+SO1RC+4KfsrmEwrVwDfa93YxJBrTBTNOgX+YPTd1g/M+VZrCQPw4tdykH3W2CEwZcocVSnLlwB58E4ULm+wp8m8fwl9IUAVlDk7bLEe18uxs3nxmwm8p8If3j6/75Z3IAu9Jrv5KYUH0bA9tys2r0ssnRlkUoL8pPhhw3DGkcmhhJKQkkvpfZjNQ33t3sFzOPA7U9ageIOIN0OJJCezBfhhL3Z3Ocf3wCXen3ds1TtlSoV+iq8oGoVKeB9DZnp4b314rhJfWEp94kLJwvVSSsRh3qZJwfe3cZXtJePfvCvFoYCCW3W/+XIKfpE0ScM/KjoNYl1gSVUrSCi1/U3rIzO5AfFuwznoCW/6ukwxtsIztEk26FWF6PpZmw1LaHsNXnpDh9GAWMTOAdyVlZZreO0gbXyN2VbgA2eytYCmdYV5NdYkEhXDbW3aDZiMvSXWDoXvNqdqMToxnk4dQ==
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <ADA691B9B6832143B2DFE4B5DF59CD7D@EURP190.PROD.OUTLOOK.COM>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: jacobs-university.de
X-MS-Exchange-CrossTenant-Network-Message-Id: 1b3e1c9e-c508-4751-ba38-08d74eeee866
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Oct 2019 08:33:50.5743 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f78e973e-5c0b-4ab8-bbd7-9887c95a8ebd
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 5Ra0TgRkolUBhC4PXP50F5RxOajlx5P5tF4jnlVKSa1HzWY7BHbEWp2L5Wa+YmJC2u7KIv3JEu8Vj8HPBm4xe6ny0b5NsMSy2iorFErxAcg=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6P190MB0568
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/dCoC4-zkhnkJFL_JA2kxjXBY2ec>
Subject: [Teep] comments on draft-ietf-teep-architecture-03
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Oct 2019 08:34:00 -0000

Hi,

I am new to TEEP (so please forgive my ignorance) and I thought I
start by reading the architecture document. Below are my comments on
draft-ietf-teep-architecture-03. In general, I found the document to
be helpful and in reasonably good shape.

- RFC 2119 language

  This seems mainly used in the section about attestations. Do we
  really need RFC 2119 terms in this architecture document? Some of
  the SHALLs do not seem to be really needed.

- UA == CA ?

  The introduction introduces UA but then this is only used again once
  in 5.2. Given that section 2 starts with defining CA, is CA the same
  as UA (and hence UA should be replaced with CA)?

- root of trust

  This definition remains a bit unclear and it ends with an ad-hoc
  reference to a NIS draft. I searched for RoT in the document but it
  is not widely used. Perhaps this term can even be replaced by simply
  expanding the definitions of TFW a bit?

- acronyms and terms

  I notice that not all terms for which acronyms are defined at the
  end of section 2 are actually defined terms. Perhaps they should all
  be defined? Missing are TAM (Trusted Application Manager) and SD
  (Security Domain). The later one (SD) in particular would benefit
  from a definition.

- assumptions

  Does it make sense to have a top-level section consisting of just two
  sentences? Perhaps move this into a subsection of the architecture
  section?

- #notionalarch

  What is #notionalarch? A broken reference to Figure 1?

- typo caption figure 2

  s/wtih/with/

- typo 5.5

  s/would required/would require/
  s/recieve/receive/

- typo 5.7

  s/may different/may be different/

- trust anchors

  It seems that managing trust anchors will be crucial in order to
  deal with 'crypto gone wrong' scenarios. Is it really smart to leave
  management and updates to proprietary mechanisms? Why can't trust
  anchors not be managed like other TEE data? What is the reason to
  declare this out of scope - too complex? too hard to find agreement?
  Will trust anchor changes cause installed TAs to be removed if they
  lost their trust?

- message security

  It may help to clarify what the 'ends' are in the statement
  "messages are signed end-to-end". In particular, is the end the TEEP
  Agent and the TAM?

- teep broker

  I am not sure what "A shared module in REE comes to meet this need."
  tells me. What is a "shared module"? Perhaps the sentence can simply
  be removed.

  I am not sure the text is really clear. There are two kinds of
  interactions, a CA needing a TA to be made available and CA using a
  TA. I assume the first goes with the TEEP broker but the later via
  REE OS mechanisms. Or does the TEEP broker provide the single
  interface via which CAs request TA services?

- attestation

  "but the OTrP protocol SHALL allow" - this is the first time OTrP
  shows up and RFC 2119 language is used; did you mean to say a TEEP
  protocol? or something like that?

- crypto properties

  Does it really make sense to fix digital signature formats in an
  architecture document? The list of formats will likely change over
  time; so it is good to define MUST for today's blessed list?

- figure teep attestation layout

  Perhaps change the layout such that the claims are listed one below
  the other instead of next to each other (this way things may fit
  into the space - yes, I am still using 80 column terminals).

- typo attestation flow

  s/Attesations/Attestations/

- security

  Why does that text say "should be validated" instead of "must be
  validated"?

  What is the GetTAInformation function discussed in the security
  considerations? It seems to fall out of the air.

/js

-- 
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
Fax:   +49 421 200 3103         <https://www.jacobs-university.de/>