IETF Logo Mail Archive

Re: [Teep] The TEEP WG has placed draft-yang-teep-usecase-for-cc-in-network in state "Call For Adoption By WG Issued"

yangpenglin@chinamobile.com Fri, 19 August 2022 04:01 UTC

Return-Path: <yangpenglin@chinamobile.com>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2532BC14F727; Thu, 18 Aug 2022 21:01:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.906
X-Spam-Level:
X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_FONT_FACE_BAD=0.001, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ojdXsJXD7J3m; Thu, 18 Aug 2022 21:01:19 -0700 (PDT)
Received: from cmccmta2.chinamobile.com (cmccmta2.chinamobile.com [221.176.66.80]) by ietfa.amsl.com (Postfix) with ESMTP id C14DBC14CF1D; Thu, 18 Aug 2022 21:01:15 -0700 (PDT)
X-RM-TagInfo: emlType=0
X-RM-SPAM-FLAG: 00000000
Received: from spf.mail.chinamobile.com (unknown[172.16.121.1]) by rmmx-syy-dmz-app06-12006 (RichMail) with SMTP id 2ee662ff0b0742c-de989; Fri, 19 Aug 2022 12:01:13 +0800 (CST)
X-RM-TRANSID: 2ee662ff0b0742c-de989
X-RM-TagInfo: emlType=0
X-RM-SPAM-FLAG: 00000000
Received: from [10.2.50.192] (unknown[10.2.50.192]) by rmsmtp-syy-appsvr01-12001 (RichMail) with SMTP id 2ee162ff0b05a42-05a4a; Fri, 19 Aug 2022 12:01:13 +0800 (CST)
X-RM-TRANSID: 2ee162ff0b05a42-05a4a
Content-Type: multipart/alternative; boundary="------------1zqaEnzGDBM1uvdukopGbFvA"
Message-ID: <e9bba45a-060c-d4e7-1ef8-386da5707dee@chinamobile.com>
Date: Fri, 19 Aug 2022 12:01:12 +0800
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.1.2
To: Nicolae Paladi <np.ietf@gmail.com>
Cc: Meiling Chen <chenmeiling@chinamobile.com>, Daniel Migault <mglt.ietf@gmail.com>, IETF Secretariat <ietf-secretariat-reply@ietf.org>, "draft-yang-teep-usecase-for-cc-in-network@ietf.org" <draft-yang-teep-usecase-for-cc-in-network@ietf.org>, "teep-chairs@ietf.org" <teep-chairs@ietf.org>, "teep@ietf.org" <teep@ietf.org>
References: <165952838991.5511.9979238633317350736@ietfa.amsl.com> <202208080924502507204@chinamobile.com> <CADZyTknr-JcJVTGNWvPJsBtXbC-y14qsaJRuiPLGW1fR2UoM-w@mail.gmail.com> <202208110913251691585@chinamobile.com> <ca41361e-9798-382a-6c32-10e0849948d4@chinamobile.com> <CDBF00D9-5471-4555-9EEE-C2DC661F903B@gmail.com>
From: yangpenglin@chinamobile.com
In-Reply-To: <CDBF00D9-5471-4555-9EEE-C2DC661F903B@gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/dUaM8owrzCla6Iiz-pWA56cIHeM>
Subject: Re: [Teep] The TEEP WG has placed draft-yang-teep-usecase-for-cc-in-network in state "Call For Adoption By WG Issued"
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Aug 2022 04:01:23 -0000

Hi Nicolae,

Thanks for your review. I think your suggestions are very useful to 
improve the quality of this draft, and I will try to resolve these 
issues in next version.

Just for information, the use cases in section 4.1-4.5 could be used in 
examples like Federal Learning, in which the TA is the FL algorithm, and 
the PD is the data set or training result. Sometimes the FL algorithm 
and the data set are bundled together by data owner and sent to remote 
confidential computing resource for computing. Sometimes the FL 
algorithm needs to aggreaget different data owners' training result  in 
remote confidential computing resource to create the final training model.

BR
Penglin


On 8/19/2022 3:45 AM, Nicolae Paladi wrote:
>
> Hi, my brief initial review of the draft:
>
> I think this is a useful draft and it’s a good idea to provide a 
> guidance for MEC/CAN usage of confidential computing.
>
>
> Abstract:
>
>   * The abstract needs to be made clearer. Some things that are
>     missing in the abstract: (1) what problem or need is being
>     addressed; (2) on which components in the network the TEEs are
>     assumed to be deployed;
>
>
> Introduction:
>
>   * “In the scenario of confidential computing in network, network
>     users will attest the TEE in confidential computing and provision
>     private data and applications to that TEE by network. This network
>     could be a MEC[MEC], CAN or other network that provide computing
>     resource to users.” - the introduction can improved by describing
>     early on what the users represent in this scenario, and where the
>     TEEs are located in the network fabric. Similar to the abstract -
>     what is the motivation for doing this? Simply having it _possible_
>     is not enough of a reason.
>
>
> Notional Architecture:
>
>   * The Data Owner is mentioned without introduction or explanation.
>     It’s important to clarify who the data owner is? Same as the user
>     deploying data? Perhaps there are other roles, such as the data
>     source (such as the connected vehicle), the application source (a
>     third party application provider?), data owner (the owner of the
>     vehicle or the operator of the vehicle at a specific point in time?)
>
>
>
> Use cases:
>
>   * Sections 4.1-4.5 enumerate various combinations of delivering the
>     Personalization Data (PD), Trusted Application (TA) and Untrusted
>     applications (UA). Some context and examples for each of them
>     would both help readability and provide clearer motivations for
>     each of the enumerated use cases.
>
>
> Best regards,
> Nicolae
>
>
>
>> On 13 Aug 2022, at 06:36, yangpenglin@chinamobile.com wrote:
>>
>> Hi,
>>
>> In my understanding, some deploy steps are better to be remained in 
>> this draft, and some could be defined in a loose sequence.
>>
>> First, we should make sure that all the PD is unpackaged or processed 
>> inside TA. For example in section 4.1 process column, since the 
>> package contains (UA, TA and PD), the package should be unpackaged 
>> inside TEE, and then let the TEE export the UA to REE.
>>
>> Seond, we also need to consider if the TA has the ability of network 
>> communication. In some scenarios like SGX, if there is no middleware 
>> like libos or web assembly, the trusted process may have no network 
>> ability. And the TEEP broker or the UA will have to act as the role 
>> of network communication. This also means UA have to deployed before 
>> TA and PD. In Dave's feedback of 9th July, the sequence problem is 
>> also been mentioned.
>>
>> /"//It talks about the TAM (which is the relying party in 
>> attestation) forwarding the attestation result to the user (data 
>> provider).  I agree the data provider needs to get it if it wants to 
>> communicate with the TEEP agent to provide a decryption key or 
>> whatever else.  However, I don’t think it has to get it from the TAM, 
>> but could get it directly from the TEEP Agent  For example, if the 
>> data provider has its own TAM just for handing out the key, then the 
>> TEEP Agent would reach out to the data provider and provide the 
>> attestation payload directly.  So I think the language should be 
>> loosened here rather than overly constrained."/
>>
>> I will try to resolve this problem in next version.
>>
>> BR
>> Penglin
>>
>>
>> On 8/11/2022 9:13 AM, Meiling Chen wrote:
>>>  Hi Daniel,
>>> Thanks for your support.
>>>  Agree with you, deployment options no need every one in detail.
>>>
>>> Best,
>>> Meiling
>>>
>>>     *From:* Daniel Migault <mailto:mglt.ietf@gmail.com>
>>>     *Date:* 2022-08-10 20:34
>>>     *To:* Meiling Chen <mailto:chenmeiling@chinamobile.com>
>>>     *CC:* IETF Secretariat
>>>     <mailto:ietf-secretariat-reply@ietf.org>;draft-yang-teep-usecase-for-cc-in-network@ietf.org;teep-chairs@ietf.org;teep@ietf.org
>>>     *Subject:* Re: [Teep] The TEEP WG has placed
>>>     draft-yang-teep-usecase-for-cc-in-network in state "Call For
>>>     Adoption By WG Issued"
>>>     As mentioned during the IETF114, I support the adoption of the
>>>     document and I am interested in reviewing the document.
>>>
>>>     Yours,
>>>     Daniel
>>>
>>>     On Sun, Aug 7, 2022 at 9:25 PM Meiling Chen
>>>     <chenmeiling@chinamobile.com> wrote:
>>>
>>>         Hi folks,
>>>         As one of the authors, I support the WG adoption. And I also
>>>         notice that this draft need more reviewers, if anyone have
>>>         interest, feel free to comments.
>>>
>>>         Best,
>>>         Meiling
>>>
>>>             *From:* IETF Secretariat
>>>             <mailto:ietf-secretariat-reply@ietf.org>
>>>             *Date:* 2022-08-03 20:06
>>>             *To:*
>>>             draft-yang-teep-usecase-for-cc-in-network@ietf.org;teep-chairs@ietf.org;teep@ietf.org
>>>             *Subject:* The TEEP WG has placed
>>>             draft-yang-teep-usecase-for-cc-in-network in state "Call
>>>             For Adoption By WG Issued"
>>>             The TEEP WG has placed
>>>             draft-yang-teep-usecase-for-cc-in-network in state
>>>             Call For Adoption By WG Issued (entered by Tirumaleswar
>>>             Reddy.K)
>>>             The document is available at
>>>             https://datatracker.ietf.org/doc/draft-yang-teep-usecase-for-cc-in-network/
>>>
>>>         _______________________________________________
>>>         TEEP mailing list
>>>         TEEP@ietf.org
>>>         https://www.ietf.org/mailman/listinfo/teep
>>>
>>>
>>>
>>>     --
>>>     Daniel Migault
>>>     Ericsson
>>>
>> _______________________________________________
>> TEEP mailing list
>> TEEP@ietf.org
>> https://www.ietf.org/mailman/listinfo/teep
>

v2.23.0 | Report a Bug | By Email