IETF Logo Mail Archive

[Teep] draft-ietf-teep-otrp-over-http-06

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Wed, 13 May 2020 10:45 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CD7B93A0984 for <teep@ietfa.amsl.com>; Wed, 13 May 2020 03:45:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=VzZlY2QF; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=VzZlY2QF
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gUfAc9aIvsOU for <teep@ietfa.amsl.com>; Wed, 13 May 2020 03:45:31 -0700 (PDT)
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-eopbgr130051.outbound.protection.outlook.com [40.107.13.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6D5EE3A0982 for <teep@ietf.org>; Wed, 13 May 2020 03:45:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=QAU+LJqt80L9wVOHIh80i5+RJBHmDaRqDjNzTBAke44=; b=VzZlY2QFmk3ppxr59p1XxDMGgvZ2oyq8c4K9k5VgmnQQi7d+8VpS3U+CB/cmTltANL0imHAH6LLcYf8FniOkuaFzmTsdErkqBcuYNO1YMkN9YH6jvYOki5qM4k42HSuCUDrS+m6V9foguBVN+i1Rv7p2ogT8VaHXiD/i38/DdYw=
Received: from MR2P264CA0097.FRAP264.PROD.OUTLOOK.COM (2603:10a6:500:33::13) by VI1PR08MB3181.eurprd08.prod.outlook.com (2603:10a6:803:3f::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2979.33; Wed, 13 May 2020 10:45:27 +0000
Received: from VE1EUR03FT022.eop-EUR03.prod.protection.outlook.com (2603:10a6:500:33:cafe::54) by MR2P264CA0097.outlook.office365.com (2603:10a6:500:33::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3000.20 via Frontend Transport; Wed, 13 May 2020 10:45:26 +0000
Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=bestguesspass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by VE1EUR03FT022.mail.protection.outlook.com (10.152.18.64) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3000.19 via Frontend Transport; Wed, 13 May 2020 10:45:26 +0000
Received: ("Tessian outbound 4cdf5642225a:v54"); Wed, 13 May 2020 10:45:26 +0000
X-CR-MTA-TID: 64aa7808
Received: from e6a1247f941d.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id DFC1ADCB-3078-46EB-894C-D5C7DAE765D1.1; Wed, 13 May 2020 10:45:21 +0000
Received: from EUR05-VI1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id e6a1247f941d.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Wed, 13 May 2020 10:45:21 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VmT9hvN8i74p/qJwDbZcGhkX+eWPMKoM0EXU6ssgGbYvrbYMsARHGeq1j10/+OoYxtRLEiwo59VQD/BwrFUxkFGPC8Y2BWkBVxjYt6ltCXx0RHgykWPmknJfJYDmm0ZSqGY79dFDATXQlSVXzVwlpc2h3G0RggUCFgfjvx78NSqyw5gmo5wWnGT862zgOdh1gzKyFj/NSNfprH5sOsXpTQBTPenzC3RUZp3vx9fNSb8QQrZSPyWwQEcL0uU0fh3kmmFkXhteWTKeCGaEK8Z8B3kB/wd5bNdpPyzWOvJ7bIrxsWz2zf4jn4kT6XpuwBwRKAV05TbPpNDc8NWV/8T5ww==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=QAU+LJqt80L9wVOHIh80i5+RJBHmDaRqDjNzTBAke44=; b=oOsrx6psKOqxOY3oz5fDciNveY/Tq9ois0HhXQ7s8afPyOZudfVWthZcVx6tGWWjOve7Uee73qLDnJeoV5zsbo3RZ4Ocx7jGK0VtJJZPr4KU3yzsTenCSy3VdB7ynA/BWPicDkpG7kkKML68Yrs5/fExAPXDRI8oeCO1fhMjg4foNYg4B9EIMHzIUs7R2KlcwNPcFa28zjeL93y0LjbFFNxZRazN28urlp1/CkZIfRTwGE3JANOhz+fCwQMNPdCQsJGYzybiVKxAcEQs7lhiprimkOw4XW9haCzkAzAIgBRVurYYRjPcfsGBkedd3YD0VOa2gSUW6aZLqTNukuuBgg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=QAU+LJqt80L9wVOHIh80i5+RJBHmDaRqDjNzTBAke44=; b=VzZlY2QFmk3ppxr59p1XxDMGgvZ2oyq8c4K9k5VgmnQQi7d+8VpS3U+CB/cmTltANL0imHAH6LLcYf8FniOkuaFzmTsdErkqBcuYNO1YMkN9YH6jvYOki5qM4k42HSuCUDrS+m6V9foguBVN+i1Rv7p2ogT8VaHXiD/i38/DdYw=
Received: from AM0PR08MB3716.eurprd08.prod.outlook.com (2603:10a6:208:106::13) by AM0SPR01MB0031.eurprd08.prod.outlook.com (2603:10a6:208:7b::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2979.33; Wed, 13 May 2020 10:45:19 +0000
Received: from AM0PR08MB3716.eurprd08.prod.outlook.com ([fe80::f501:c93e:1c20:8bee]) by AM0PR08MB3716.eurprd08.prod.outlook.com ([fe80::f501:c93e:1c20:8bee%6]) with mapi id 15.20.2979.033; Wed, 13 May 2020 10:45:19 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: teep <teep@ietf.org>
Thread-Topic: draft-ietf-teep-otrp-over-http-06
Thread-Index: AdYoT0JwuJyj7L3ISgW6R9hoPfO8nA==
Date: Wed, 13 May 2020 10:45:19 +0000
Message-ID: <AM0PR08MB37168A2CC099C7FE52EFBBACFABF0@AM0PR08MB3716.eurprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ts-tracking-id: 453bf7b3-3499-4c9d-ae29-09a73230db20.0
x-checkrecipientchecked: true
Authentication-Results-Original: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=arm.com;
x-originating-ip: [80.92.122.242]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: e41e0f62-eb29-4013-238e-08d7f72abf33
x-ms-traffictypediagnostic: AM0SPR01MB0031:|VI1PR08MB3181:
X-Microsoft-Antispam-PRVS: <VI1PR08MB318145765737C6F0743E5845FABF0@VI1PR08MB3181.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:10000;OLM:10000;
x-forefront-prvs: 0402872DA1
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: Dha2CZCgS/68sRD+VI6//Dz9Zo/pjmQ8Ex6Z+6XrXFsGGlAV6uEfqZXVQXGnWIj63tVM5Qg6QlTN2/4CqXMiiGY7yChPdnUDvhtBOKJmThAllzdLCMsHDtUyXdOtaRWRftagXX1xPHvMzqXa5vSHGAWQZ3ONz4fERsX0XkxTdkjZfTAC5zFP44XgGj6VPyHF7f37zGse0ZF0xQaqPS5uHoanGUxrmnGSkodH0YUlTmL+Bg1EyxGi8PUOA1LS58Cq36Xy1bCwQI3S74a9HFnrb2bqcqe3FFW4PdrKkUqPnq0bsAmHsQevNNEctixuq2DoYhnDQyblgXqL4mg67svYDh3g9PMCEolHdplgrutMQR0Cak8U9PgyHN/md6W3nxGOiR6Ot5Cxj3RODcfVEk/yPz5p13c9XEUQwnJsgzjNvRgiN0w0Lj/dw0RTpjJSFlb2lDVnWzxyNWKnXaw3qXPgqWoe6mKAjdT0RsmV7Q5QRWPB2k0R9czizIHzCk3dTKwWTmHKxjR4t792l9O7s/m7Bwy1/zVTwTo1CWaOg3pmVrkVkFAKLhqUTfa1WhZG3sPMDYGqBPP4MAnravk6UGp8hNtS81ztbn2BccT/bJlDSDE=
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR08MB3716.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(396003)(39860400002)(136003)(376002)(346002)(366004)(33430700001)(64756008)(66946007)(76116006)(8936002)(33656002)(33440700001)(186003)(478600001)(5660300002)(166002)(86362001)(966005)(6506007)(26005)(7696005)(66446008)(316002)(66476007)(66556008)(9686003)(2906002)(8676002)(71200400001)(55016002)(52536014)(6916009); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: qsQuPmj0RCAgr9QThC3963R51mhueMkWxPM9EGwdXJ4pCi9DE+EA459hAYG+fJshaGVeaU9thIURp0ekCCBX8aB9dC78wE5UaT4FUxv3ivoEkSq/u+0R1kD7MY+fV84lmYfWzrclOo5p7bG3BKPhLIdbi45xRJLbC60vaHXHnTgZNXReoO1ZSebE8fQs7nckA7btV8A8NhvbGDTKltZSv/0c4pzlp7OtH+M2Rvuhrz46JLA/FLhrxpy0jQCv3eaEM88U0MNRgs+WowWX77jmARA98QFUjAiYkW4hduP/dS6zX5B0wI6YTcVaOSUbfPcvkHfGs8jd+3nJFXpvZwRD52R4UNMZ1w3rR+CaMSgtFGnhJNp2yHqUTOgNwTaHtVnOixrSFiN8T5WqDZ2LOmCuGLIpdoBgy9ZunlnAUyt6dagoi5TSTSBbeR74ptMbwISki6n14stoY67o80Lf1+V4IEG/eWjIfFk6Orzlz75qvh1a2V3Oe3e4bbUMtj9y6mS9
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_AM0PR08MB37168A2CC099C7FE52EFBBACFABF0AM0PR08MB3716eurp_"
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0SPR01MB0031
Original-Authentication-Results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: VE1EUR03FT022.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFTY:; SFS:(4636009)(376002)(136003)(396003)(346002)(39850400004)(46966005)(33430700001)(82310400002)(26005)(186003)(8676002)(9686003)(70206006)(47076004)(33656002)(55016002)(316002)(6916009)(8936002)(36906005)(70586007)(166002)(2906002)(6506007)(81166007)(33440700001)(82740400003)(356005)(478600001)(336012)(86362001)(7696005)(966005)(52536014)(5660300002); DIR:OUT; SFP:1101;
X-MS-Office365-Filtering-Correlation-Id-Prvs: 3136f63d-4b9c-4bd9-045e-08d7f72abb2f
X-Forefront-PRVS: 0402872DA1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: fx9QMXIQJzHmsbrmpbvOQMhZaDCqHLm/N6O3UlMjzO/Y+OiGA2ZsvdRKhaBIPQr2zV8VdGcLX7uMdwCay6YYFOHiceDo9gm+P6S4qCIYtCsqvwvIkjfBQiPqQe9/zN5AVw+gtijVsqXgCM4kT3PsWwj6p+sdgjs9CQ0UlR+9FRA6b4hkIVZBauS5a4aGb9z8v99XrCc0TLJ1S6P0fCk20qNTe4LMARimHH1/CpUfy4dfefJEo6MYpR+dzwmKu747wV1Qqj1cNs/6Y73TR58DwIotpGcagrZf/fJAzzgaN6FA6mgQLRwAs9G5x+O/uizyU7JZOBsmIJ3F5Ax3yWHZ6ZJE6S4VztgPWJpPQSYlczAeAeGRjz99lADnb1ugv6GZWwohbiLmb4YxsiJ9/h+UzoSuIWK0k99gor3xHT5v0IzEYQoxNjASScfaZ+o8VUMp0UT2dflBaCZOahVmjILehRs6Fm9c/tsQoVs4WwmwgpI87rWxIPzWD4VQ+f6vEUupFzYEi8LFdWi5cZArbISop3+p8Cg4p7r2PnXxD3cfysWv1GPuhtlJeLS5P+TgKFCBaB4BLs+eVSylUHfZbt0ZczipoAYDRlDtQj1WRAiAhv/gowmeW6HTcmPicHfMnug4vJJ8dK98LBp533HEFT9ZJw==
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 May 2020 10:45:26.3272 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: e41e0f62-eb29-4013-238e-08d7f72abf33
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR08MB3181
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/L2_p4ynYumOugD_RLLAo9mVuwiw>
Subject: [Teep] draft-ietf-teep-otrp-over-http-06
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 May 2020 10:45:34 -0000

Hi Dave, Hi all,



I read through https://tools.ietf.org/html/draft-ietf-teep-otrp-over-http-06 and have a few high level comments.



I wonder whether there is room for simplification in these two figures below.



IMHO the middle layer is not needed in this figure. We have two layers, namely the TEEP protocol layer and the HTTP transport.



      +------------------+           TEEP           +------------------+

      |    TEEP Agent    | <----------------------> |        TAM       |

      +------------------+                          +------------------+

               |                                              |

      +------------------+      TEEP-over-HTTP      +------------------+

      | TEEP/HTTP Client | <----------------------> | TEEP/HTTP Server |

      +------------------+                          +------------------+

               |                                              |

      +------------------+           HTTP           +------------------+

      |    HTTP Client   | <----------------------> |    HTTP Server   |

      +------------------+                          +------------------+



                   Figure 1: Agent-to-TAM Communication



The same is true for the next figure in the document. I would remove the TEEP/HTTP implementation part and the figure is already substantially simpler to understand.

Furthermore, I am wondering whether Section 3 shouldn't go to the architecture draft because this is not really about the HTTP transport. Replace HTTP with CoAP, MQTT, etc. and the design aspect would still be the same. Furthermore, we have decided in the architecture that we want to provide application layer security independent of the transport and hence the question about where various pieces should go is less about security anymore. We could have made the design differently but we followed the OTrP approach.


                           Model:    A      B      C     ...

                                    TEE    TEE    TEE
        +----------------+           |      |      |
        |      TEEP      |     Agent |      |      | Agent
        | implementation |           |      |      |
        +----------------+           v      |      |
                 |                          |      |
        +----------------+           ^      |      |
        |    TEEP/HTTP   |    Broker |      |      |
        | implementation |           |      |      |
        +----------------+           |      v      |
                 |                   |             |
        +----------------+           |      ^      |
        |      HTTP      |           |      |      |
        | implementation |           |      |      |
        +----------------+           |      |      v
                 |                   |      |
        +----------------+           |      |      ^
        |   TCP or QUIC  |           |      |      | Broker
        | implementation |           |      |      |
        +----------------+           |      |      |
                                    REE    REE    REE

                       Figure 2: TEEP Broker Models



Minor aspects:



The content type has to change. Currently it talks about JSON.



Reference https://tools.ietf.org/html/rfc6125 Instead of RFC 2818<https://tools.ietf.org/html/rfc6125%20Instead%20of%20RFC%202818>.



In terms of HTTP transport aspects I believe the important aspects are



  *   Does it use the HTTP ports (80/443)?  (Yes, in our case)
  *   Does it use the HTTP URI scheme? (Yes, in our case)
  *   What HTTP messages are being used? (POST only in our case)
  *   What URIs are we sending the requests to? (I don't think we talk about this but we should.)
  *   What header fields does the client and the server use? (*)
  *   Are we using Cookies? (I would say that we don't. Currently not discussed.)
  *   The use of status codes **
  *   Server Push***
  *   HTTP authentication ****
  *   Redirect handling *****



*) The text says that the client uses the Accept header but I don't see any normative language there.

The headers the server uses are listed but my understanding of those is that they are only relevant for co-existence with web browsing. Clearly, the communication we are describing isn't useful for web browsing scenarios.


IMHO the following statement should be enough:
"
   The "Cache-control" header SHOULD be set to disable caching of any TEEP protocol
   messages by HTTP intermediaries.  Otherwise, there
   is the risk of stale TEEP messages.

"

To me, the following three headers shown in the draft are an overkill:


       X-Content-Type-Options: nosniff
       Content-Security-Policy: default-src 'none'
       Referrer-Policy: no-referrer



I would also add the following sentence:

"
   If the TAM does not receive the appropriate Content-Type and Accept header fields, the
   TAM SHOULD fail the request, returning a 406 (not acceptable)
   response.  TAM responses MUST include a Content-Length header.

"



**) The example gives me the impression that the protocol end indication is the 204 No Content. While I never saw it that way we should describe it more clearly if that's indeed the case. (FWIW the note that the TEEP Agent can start with a QueryResponse if it has the TAM public key is IMHO incorrect.)



***) I don't see any use for it.



****) I don't see a need to use HTTP-based client authentication



*****) The text is currently very fuzzy. It says "Redirects MAY be automatically followed." Based on what decision should a developer decide whether it wants to follow the redirect?



Ciao

Hannes







IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email