Re: [Teep] BoF call Mar 15th 7am PST (3pm CET, 10pm CST)

"Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com> Thu, 16 March 2017 21:17 UTC

Return-Path: <ncamwing@cisco.com>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8EA8B129AA2 for <teep@ietfa.amsl.com>; Thu, 16 Mar 2017 14:17:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.022
X-Spam-Level:
X-Spam-Status: No, score=-14.022 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Pt-cKnguZaIf for <teep@ietfa.amsl.com>; Thu, 16 Mar 2017 14:17:43 -0700 (PDT)
Received: from rcdn-iport-1.cisco.com (rcdn-iport-1.cisco.com [173.37.86.72]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3DBD8129AA0 for <teep@ietf.org>; Thu, 16 Mar 2017 14:17:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=48186; q=dns/txt; s=iport; t=1489699063; x=1490908663; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=VajxRYaVnFWvidtroEv/XORsTprJdrSoC7xjTvgt1uk=; b=HEOKC9UuuYMgP2W8LG720KFF7WJLNKZ6EuZgdw0hvrS20ITrKZ1a/IyK 3yPAOKSmRl/E9w+5HVUzS2Zr/9FRkGN82SKYw267BNT72uKhJntl6klZ2 +5FF41JK21HVKn7CCKYWZwKkN274JXLSggTYr2X4MSjZyr4/BfiCu2quv 4=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CpAQCA/8pY/40NJK1EFwMZAQEBAQEBAQEBAQEHAQEBAQGCbmNhgQoHg1qKD5E5H5U/gSYFYyyFdgIagmw/GAECAQEBAQEBAWsohRUBAQEBAQIjCjkIBhMCAgEGAhEBAgECFQQIAQMDAwICAhkXFAMGBwECBAESH4lhDjGTP51bgiYrgymGeQEBAQEBAQEBAQEBAQEBAQEBAQEBARgFBYhOCIJigTyBW4EuHQkJARUCDweCEiYughcaBY9bhiWGRQGGdoZOhHmBexiFEIoGiEuLAQEfOIEEWBVBEQGERQ0QgRZNdQGIOoENAQEB
X-IronPort-AV: E=Sophos;i="5.36,173,1486425600"; d="scan'208,217";a="224937977"
Received: from alln-core-8.cisco.com ([173.36.13.141]) by rcdn-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 16 Mar 2017 21:17:41 +0000
Received: from XCH-RTP-013.cisco.com (xch-rtp-013.cisco.com [64.101.220.153]) by alln-core-8.cisco.com (8.14.5/8.14.5) with ESMTP id v2GLHfZI020669 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 16 Mar 2017 21:17:41 GMT
Received: from xch-rtp-015.cisco.com (64.101.220.155) by XCH-RTP-013.cisco.com (64.101.220.153) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Thu, 16 Mar 2017 17:17:40 -0400
Received: from xch-rtp-015.cisco.com ([64.101.220.155]) by XCH-RTP-015.cisco.com ([64.101.220.155]) with mapi id 15.00.1210.000; Thu, 16 Mar 2017 17:17:40 -0400
From: "Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com>
To: Mingliang Pei <Mingliang_Pei@symantec.com>, "teep@ietf.org" <teep@ietf.org>
Thread-Topic: [Teep] BoF call Mar 15th 7am PST (3pm CET, 10pm CST)
Thread-Index: AQHSnZWt9ZSn/XlMHESjbbYmkOl/GaGVpjyAgAH0xoD//+ewAIAARVOA
Date: Thu, 16 Mar 2017 21:17:40 +0000
Message-ID: <F6F090B1-C5CF-4075-A5B5-734F2687739B@cisco.com>
References: <BE9BF4AF-46B1-486F-8C1D-77E730998309@cisco.com> <D4EEBD32.30C6D%mingliang_pei@symantec.com> <73B723F8-9209-4B48-9B93-543EE1686883@cisco.com> <D4F04CE0.30EC2%mingliang_pei@symantec.com>
In-Reply-To: <D4F04CE0.30EC2%mingliang_pei@symantec.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.1a.0.160910
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.24.79.177]
Content-Type: multipart/alternative; boundary="_000_F6F090B1C5CF4075A5B5734F2687739Bciscocom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/h12brGk8ClWpiw4-Aa8gVVFExzk>
Subject: Re: [Teep] BoF call Mar 15th 7am PST (3pm CET, 10pm CST)
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Mar 2017 21:17:47 -0000

No worries Ming, I am grateful for your notes as it helps get the group up to date and we can all chime in to ensure we record all salient points!

Thanks again, Nancy

From: TEEP <teep-bounces@ietf.org> on behalf of Mingliang Pei <Mingliang_Pei@symantec.com>
Date: Thursday, March 16, 2017 at 2:09 PM
To: "ncamwing@cisco.com" <ncamwing@cisco.com>, "teep@ietf.org" <teep@ietf.org>
Subject: Re: [Teep] BoF call Mar 15th 7am PST (3pm CET, 10pm CST)

That you Nancy for the addition. On participants, I had Henk first and somehow missed in the copy. Ming

From: "Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com<mailto:ncamwing@cisco.com>>
Date: Thursday, March 16, 2017 at 11:36 AM
To: Mingliang Pei <mingliang_pei@symantec.com<mailto:mingliang_pei@symantec.com>>, "teep@ietf.org<mailto:teep@ietf.org>" <teep@ietf.org<mailto:teep@ietf.org>>
Subject: Re: [Teep] BoF call Mar 15th 7am PST (3pm CET, 10pm CST)

Hi Ming,
Many thanks for taking and providing the notes for today’s prep call!

I have a couple of additions to make below:

From: Mingliang Pei <Mingliang_Pei@symantec.com<mailto:Mingliang_Pei@symantec.com>>
Date: Wednesday, March 15, 2017 at 9:44 AM
To: "ncamwing@cisco.com<mailto:ncamwing@cisco.com>" <ncamwing@cisco.com<mailto:ncamwing@cisco.com>>, "teep@ietf.org<mailto:teep@ietf.org>" <teep@ietf.org<mailto:teep@ietf.org>>
Subject: Re: [Teep] BoF call Mar 15th 7am PST (3pm CET, 10pm CST)

Meeting minutes for today’s call. Please correct or update if I have missed some major points. Thanks, Ming

————

TEEP meeting
03/14/2017

Participants: Nancy Cam-Winget, Kathleen Moriarty, Brian Witten, Dave Wheeler, Nick Cook, Mingliang Pei, Rashid Sangi, Tero Kivinen, Jeremy O’Donoghue, Tirumaleswar Reddy, Dapeng Liu, Michael Richardson
 [NCW] Henk Birkholz was also on the call.

Nancy hosted the meeting. Ming started to give a summary of use cases and comments by Michael in the mailing list.

Michael clarified that he wants to know why a smart door lock needs this where only a trusted environment is there. We (Brian, Hannes, Ming etc.) discussed that there are still needs to define trust where application injects TA from insecure side, being network, remote, or update.

The discussion indicates that we need to better see what the problem the charter tries to solve, who are stakeholders etc.

Dave suggested that we don’t put use cases too close to implementation. Some resource constraint devices don’t have full TEE.

Jeremy noted that some audiences don’t all know TEE. Hannes will introduce TEE in the BoF. To this note, Hannes prefers someone from Intel to introduce Intel SGX.

Nancy summarized two asks so far: introduction of TEE to set stage, and secondly show why the work needs to be done in IETF.

Nancy raised a personal view that we shouldn’t prescribe hardware architecture, and even there must be a hardware required to isolate. Some research has been using SW for isolation. People agree that this should be independent of hardware, ARM or Intel (SGX). On the requirement of hardware, this is generally considered yet – some isolation done by hardware and scope of assumption. We don’t want to get into a research project for the IETF work.
[NCW] My point on this was to raise 2 points: ensuring that the interfaces and protocols are hardware agnostic, and to the security aspects, how can assurance (or acknowledgement or attestation?) be provided that there is a true hardware based isolation.
I believe Henk also raised some points about the need for such attestation.

Dave from Intel indicated that SGX won’t have a root of trust at firmware level. Current OTrP assumes a trust from firmware to above. We will need to adjust on this as part of the IETF work.

Ming noted that we should work to define the scope of the spec this charter tries to address. We cannot leave it too open to solve everything. The current assumption of TEE presence is one. The assumption of hardware presence is one. Multiple different TEEs support and hardware independence are basic in scope assumption etc.

Jeremy raised a need to ensure specific interests should be guarded away from this work, and some kind of gate keeper (?). Brian commented to fully concur, and our work wants multiple TEEs, CAs etc. for competition and development. This doesn’t fully address Jeremy’s question, and we can think more.

Nick suggested that we also name sample applications that may make use the work while describing use cases.

To summarize, we came away with the following several planning work for BoF session candidates:


-          Clarify charter statement during BoF. From the call, not all people agree or have the same background with TEE, SGX and so on.

-          Introduction of TEE (Hannes, Dave on Intel SGX). A colleague of Dave will be attending BoF. Dave may join remotely.

-          Drive to define problem scope.

-          Discuss use cases that are in scope and those may be not

o   Discuss applications that may make use of the work of this charter, which can provide more concrete context.

-          Discuss stakeholders and protocol architecture

-          [NCW] Shaping what a charter might look like (I think Hannes may also start providing a template for this)

Action items:

-          Dave Wheeler from Intel provides SGX introduction slide, and prepare to present at BoF by his colleague, and him remotely

-          Discuss in mailing list to clarify charter and problem domain scope, use cases.

-          Discuss offline to clarify concerns Jeremy raised for openness / gate keepers (?)


From: TEEP <teep-bounces@ietf.org<mailto:teep-bounces@ietf.org>> on behalf of "Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com<mailto:ncamwing@cisco.com>>
Date: Wednesday, March 15, 2017 at 7:08 AM
To: "teep@ietf.org<mailto:teep@ietf.org>" <teep@ietf.org<mailto:teep@ietf.org>>
Subject: Re: [Teep] BoF call Mar 15th 7am PST (3pm CET, 10pm CST)

All,

We are about to start the BoF now….please join the webex if you want to participate.

Thanks!  Nancy

From: TEEP <teep-bounces@ietf.org<mailto:teep-bounces@ietf.org>> on behalf of "ncamwing@cisco.com<mailto:ncamwing@cisco.com>" <ncamwing@cisco.com<mailto:ncamwing@cisco.com>>
Date: Saturday, March 11, 2017 at 5:10 PM
To: "teep@ietf.org<mailto:teep@ietf.org>" <teep@ietf.org<mailto:teep@ietf.org>>
Subject: [Teep] BoF call Mar 15th 7am PST (3pm CET, 10pm CST)

All,
We had a good majority for Mar 15th 7am PST (3pm CET, 10pm CST);  I’ve setup a webex for that time slot
Please see info below.

Please send us agenda items for the upcoming call.

Thanks, Nancy



JOIN WEBEX MEETING
https://cisco.webex.com/ciscosales/j.php?MTID=me9216d73c5905ad78110499a8c7c12bf
Meeting number (access code): 207 779 570
Meeting password: KEQ52p3W (53752739 from phones)



JOIN FROM A VIDEO SYSTEM OR APPLICATION
Dial sip:207779570@cisco.webex.com<mailto:207779570@cisco.webex.com>
From the Cisco internal network, dial *267* and the 9-digit meeting number.  If you are the host, enter your PIN when prompted.


JOIN BY PHONE
+1-408-525-6800 Call-in toll number (US/Canada)
+1-866-432-9903 Call-in toll-free number (US/Canada)

Global call-in numbers:
https://cisco.webex.com/ciscosales/globalcallin.php?serviceType=MC&ED=379001592&tollFree=1

Toll-free dialing restrictions:
https://www.webex.com/pdf/tollfree_restrictions.pdf



Can't join the meeting?
https://help.webex.com/docs/DOC-5412


IMPORTANT NOTICE: Please note that this WebEx service allows audio and other information sent during the session to be recorded, which may be discoverable in a legal matter. By joining this session, you automatically consent to such recordings. If you do not consent to being recorded, discuss your concerns with the host or do not join the session.