Re: [Teep] The TEEP WG has placed draft-yang-teep-usecase-for-cc-in-network in state "Call For Adoption By WG Issued"
Nicolae Paladi <np.ietf@gmail.com> Thu, 18 August 2022 19:45 UTC
Return-Path: <np.ietf@gmail.com>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF78AC14CE46; Thu, 18 Aug 2022 12:45:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.103
X-Spam-Level:
X-Spam-Status: No, score=-2.103 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_FONT_FACE_BAD=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NP8YJjpolQdl; Thu, 18 Aug 2022 12:45:23 -0700 (PDT)
Received: from mail-lf1-x12d.google.com (mail-lf1-x12d.google.com [IPv6:2a00:1450:4864:20::12d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E20B3C14CE37; Thu, 18 Aug 2022 12:45:22 -0700 (PDT)
Received: by mail-lf1-x12d.google.com with SMTP id a9so3408801lfm.12; Thu, 18 Aug 2022 12:45:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:from:to:cc; bh=rawzbVJfkv24kfroe/q4V7dlM65l3luEAr6VwzI++cM=; b=ozxdXThdJlEv6mtzhsA4AL4Mk/vxaZdXvk5K+70/5Zkc6ypGWhDCQiuSGdJzmn5NM8 46FqVRdMHHT/qdrTJNdxkLnvCMMYiyigBxIRWS/BvGPK4b34NkYTzJwm2My08cmv/niV r/QuHLUaNEAr74hPHnNiOf+BLwRQ5IIMMVq9EDaZGwlmGCKicW+NJ+SfIPspqWmaHZXj B8lkmny5ZWGhtcswUD7zofXi2P8dCpBDJrrBsmN/LLlkSYyssNB/eOuFhrkEoWBdgj+h Uf+q2KEH8VqLv8nQamSnwGEszO9MNS3If3Mwe2+l4xbdmJGj1nnnckzRpR6cYlR/aqG0 1XGg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:x-gm-message-state:from:to:cc; bh=rawzbVJfkv24kfroe/q4V7dlM65l3luEAr6VwzI++cM=; b=oq5KsOTagHzIQKbDbxv2CO0bSKRrqO28QrPZqZr2SoThYE5yh+z1vmh+OVB8jlVuva qAGh2C+STqmT+6vJpkA1hX9osEDGP/eua4rlbRobIzelxGXBFThjB3/XjAuI/tMwxIei LzPVKLvU/uMFoclHp0/HLIeAHgy3PTlLkOB0tWpFLooaacuJLo0xfv1tw+HPFA7OCViz ohRkOHIuYOiOhag4Jv/OJpYQ6OJoHoFpZFg+sSB7TZ4YwqqlSjuNCsER/0uKCnW1W1d3 iGIpbm1j7WTThZJCcEvPstP20FRsss4mNjAUC39fO0jk9cd9RLkNyhp5AgWutGmg022h sdIw==
X-Gm-Message-State: ACgBeo1Q7L6KU5PUEcVNhVu229ySpMiGKR+aC/njEzuseuYQig193Ump 70LY2x7f8Oiu1cDef/aoLIg=
X-Google-Smtp-Source: AA6agR6V4sW2N41Di+Q3bmIHCOyEJ3bamTn7pBuknWFagwMFyNrjQecJf0IUD+nKs6RPRKFT13139A==
X-Received: by 2002:a05:6512:39d3:b0:492:c81d:b1e8 with SMTP id k19-20020a05651239d300b00492c81db1e8mr105813lfu.365.1660851920140; Thu, 18 Aug 2022 12:45:20 -0700 (PDT)
Received: from smtpclient.apple (h-158-174-53-54.A744.priv.bahnhof.se. [158.174.53.54]) by smtp.gmail.com with ESMTPSA id 12-20020ac25f0c000000b0048afe02c925sm122373lfq.219.2022.08.18.12.45.19 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 18 Aug 2022 12:45:19 -0700 (PDT)
From: Nicolae Paladi <np.ietf@gmail.com>
Message-Id: <CDBF00D9-5471-4555-9EEE-C2DC661F903B@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_89B0C58D-F679-434C-AA33-8D3F633284DC"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.100.31\))
Date: Thu, 18 Aug 2022 21:45:18 +0200
In-Reply-To: <ca41361e-9798-382a-6c32-10e0849948d4@chinamobile.com>
Cc: Meiling Chen <chenmeiling@chinamobile.com>, Daniel Migault <mglt.ietf@gmail.com>, IETF Secretariat <ietf-secretariat-reply@ietf.org>, "draft-yang-teep-usecase-for-cc-in-network@ietf.org" <draft-yang-teep-usecase-for-cc-in-network@ietf.org>, "teep-chairs@ietf.org" <teep-chairs@ietf.org>, "teep@ietf.org" <teep@ietf.org>
To: yangpenglin@chinamobile.com
References: <165952838991.5511.9979238633317350736@ietfa.amsl.com> <202208080924502507204@chinamobile.com> <CADZyTknr-JcJVTGNWvPJsBtXbC-y14qsaJRuiPLGW1fR2UoM-w@mail.gmail.com> <202208110913251691585@chinamobile.com> <ca41361e-9798-382a-6c32-10e0849948d4@chinamobile.com>
X-Mailer: Apple Mail (2.3696.100.31)
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/f-xYyEUXmUd2MAMVjIDmTpG8ySY>
Subject: Re: [Teep] The TEEP WG has placed draft-yang-teep-usecase-for-cc-in-network in state "Call For Adoption By WG Issued"
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Aug 2022 19:45:24 -0000
Hi, my brief initial review of the draft: I think this is a useful draft and it’s a good idea to provide a guidance for MEC/CAN usage of confidential computing. Abstract: The abstract needs to be made clearer. Some things that are missing in the abstract: (1) what problem or need is being addressed; (2) on which components in the network the TEEs are assumed to be deployed; Introduction: “In the scenario of confidential computing in network, network users will attest the TEE in confidential computing and provision private data and applications to that TEE by network. This network could be a MEC[MEC], CAN or other network that provide computing resource to users.” - the introduction can improved by describing early on what the users represent in this scenario, and where the TEEs are located in the network fabric. Similar to the abstract - what is the motivation for doing this? Simply having it _possible_ is not enough of a reason. Notional Architecture: The Data Owner is mentioned without introduction or explanation. It’s important to clarify who the data owner is? Same as the user deploying data? Perhaps there are other roles, such as the data source (such as the connected vehicle), the application source (a third party application provider?), data owner (the owner of the vehicle or the operator of the vehicle at a specific point in time?) Use cases: Sections 4.1-4.5 enumerate various combinations of delivering the Personalization Data (PD), Trusted Application (TA) and Untrusted applications (UA). Some context and examples for each of them would both help readability and provide clearer motivations for each of the enumerated use cases. Best regards, Nicolae > On 13 Aug 2022, at 06:36, yangpenglin@chinamobile.com wrote: > > Hi, > > In my understanding, some deploy steps are better to be remained in this draft, and some could be defined in a loose sequence. > > First, we should make sure that all the PD is unpackaged or processed inside TA. For example in section 4.1 process column, since the package contains (UA, TA and PD), the package should be unpackaged inside TEE, and then let the TEE export the UA to REE. > > Seond, we also need to consider if the TA has the ability of network communication. In some scenarios like SGX, if there is no middleware like libos or web assembly, the trusted process may have no network ability. And the TEEP broker or the UA will have to act as the role of network communication. This also means UA have to deployed before TA and PD. In Dave's feedback of 9th July, the sequence problem is also been mentioned. > > "It talks about the TAM (which is the relying party in attestation) forwarding the attestation result to the user (data provider). I agree the data provider needs to get it if it wants to communicate with the TEEP agent to provide a decryption key or whatever else. However, I don’t think it has to get it from the TAM, but could get it directly from the TEEP Agent For example, if the data provider has its own TAM just for handing out the key, then the TEEP Agent would reach out to the data provider and provide the attestation payload directly. So I think the language should be loosened here rather than overly constrained." > > I will try to resolve this problem in next version. > > BR > Penglin > > > > On 8/11/2022 9:13 AM, Meiling Chen wrote: >> Hi Daniel, >> Thanks for your support. >> Agree with you, deployment options no need every one in detail. >> >> Best, >> Meiling >> From: Daniel Migault <mailto:mglt.ietf@gmail.com> >> Date: 2022-08-10 20:34 >> To: Meiling Chen <mailto:chenmeiling@chinamobile.com> >> CC: IETF Secretariat <mailto:ietf-secretariat-reply@ietf.org>; draft-yang-teep-usecase-for-cc-in-network@ietf.org <mailto:draft-yang-teep-usecase-for-cc-in-network@ietf.org>; teep-chairs@ietf.org <mailto:teep-chairs@ietf.org>; teep@ietf.org <mailto:teep@ietf.org> >> Subject: Re: [Teep] The TEEP WG has placed draft-yang-teep-usecase-for-cc-in-network in state "Call For Adoption By WG Issued" >> As mentioned during the IETF114, I support the adoption of the document and I am interested in reviewing the document. >> >> Yours, >> Daniel >> >> On Sun, Aug 7, 2022 at 9:25 PM Meiling Chen <chenmeiling@chinamobile.com <mailto:chenmeiling@chinamobile.com>> wrote: >> Hi folks, >> As one of the authors, I support the WG adoption. And I also notice that this draft need more reviewers, if anyone have interest, feel free to comments. >> >> Best, >> Meiling >> >> From: IETF Secretariat <mailto:ietf-secretariat-reply@ietf.org> >> Date: 2022-08-03 20:06 >> To: draft-yang-teep-usecase-for-cc-in-network@ietf.org <mailto:draft-yang-teep-usecase-for-cc-in-network@ietf.org>; teep-chairs@ietf.org <mailto:teep-chairs@ietf.org>; teep@ietf.org <mailto:teep@ietf.org> >> Subject: The TEEP WG has placed draft-yang-teep-usecase-for-cc-in-network in state "Call For Adoption By WG Issued" >> >> The TEEP WG has placed draft-yang-teep-usecase-for-cc-in-network in state >> Call For Adoption By WG Issued (entered by Tirumaleswar Reddy.K) >> >> The document is available at >> https://datatracker.ietf.org/doc/draft-yang-teep-usecase-for-cc-in-network/ <https://datatracker.ietf.org/doc/draft-yang-teep-usecase-for-cc-in-network/> >> >> >> >> _______________________________________________ >> TEEP mailing list >> TEEP@ietf.org <mailto:TEEP@ietf.org> >> https://www.ietf.org/mailman/listinfo/teep <https://www.ietf.org/mailman/listinfo/teep> >> >> >> -- >> Daniel Migault >> Ericsson > _______________________________________________ > TEEP mailing list > TEEP@ietf.org > https://www.ietf.org/mailman/listinfo/teep
- [Teep] The TEEP WG has placed draft-yang-teep-use… IETF Secretariat
- Re: [Teep] The TEEP WG has placed draft-yang-teep… Meiling Chen
- Re: [Teep] The TEEP WG has placed draft-yang-teep… Daniel Migault
- Re: [Teep] The TEEP WG has placed draft-yang-teep… Meiling Chen
- Re: [Teep] The TEEP WG has placed draft-yang-teep… yangpenglin
- Re: [Teep] The TEEP WG has placed draft-yang-teep… Nicolae Paladi
- Re: [Teep] The TEEP WG has placed draft-yang-teep… yangpenglin