Re: [Teep] Status of TEEP protocol draft, and its dependency on SUIT
dthaler1968@googlemail.com Wed, 18 October 2023 06:06 UTC
Return-Path: <dthaler1968@googlemail.com>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 69C4CC1519BF; Tue, 17 Oct 2023 23:06:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.855
X-Spam-Level:
X-Spam-Status: No, score=-1.855 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=googlemail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HH9vUqGuDpEW; Tue, 17 Oct 2023 23:05:55 -0700 (PDT)
Received: from mail-yb1-xb33.google.com (mail-yb1-xb33.google.com [IPv6:2607:f8b0:4864:20::b33]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B6B35C1519B1; Tue, 17 Oct 2023 23:05:55 -0700 (PDT)
Received: by mail-yb1-xb33.google.com with SMTP id 3f1490d57ef6-d9ac9573274so7171482276.0; Tue, 17 Oct 2023 23:05:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20230601; t=1697609154; x=1698213954; darn=ietf.org; h=thread-index:content-language:mime-version:message-id:date:subject :in-reply-to:references:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=1ZitbZGCKmcwm9CDWZiIlLRB/oDTwgDpqPyWu8Mmhcg=; b=ac80JdDEE6voz1vXPwkU3nVHqVvDiYR7NabopNRPGaK7D5m+ZRDC/mwDi0M81JUWwl NVNQXcrzJmXT4XKylboZUK+cGLb6OmcX+63Izd76Gv9nUmyvtqy2OxewDcZo1rjT1OSi sDut/xYNDkBEPzyuxIJDUxz6GrJknHVfKU7p8dYnXGoed+JSLWA+xjfQ4y91u/PIiFom O9qO5brNkqk5T9Ra+/wRFxpUGKHLVjg+g8q6YIO0MW38ddvFuEZcYtRYckgNYNUEwZb9 Wiv30KOlUyT+lBz3/kSam6skH58Wb/JPmYyFDuVUfy7SEkHbHEIawtfh2stXldnlnHXI ngEA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697609154; x=1698213954; h=thread-index:content-language:mime-version:message-id:date:subject :in-reply-to:references:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=1ZitbZGCKmcwm9CDWZiIlLRB/oDTwgDpqPyWu8Mmhcg=; b=ZqarUFGf2W8a5DzcUHFtHOzOZ4uSlWh4COiphufzeNNtUWJEMGrs/D0llHhG1s0f3p 8c6uYy+CRgnR8s6wCLP81lziioKHZnr8GPgSjj211GPu8Wxa6+v5IfJPjBbCVXpDZRQd EBnVOSUjz9hGFZ/ZJhKhSh0Kt6bV0Qmh9r5mgJZsTDHheLpJ+W6vkDBUIoexe5uOOf7g U1os/y9mQR6KhHCB1tAAdEtpC943dWQYZNmyo/zW2MzwhafY+K5jHAjYTqC3b/nBIktv UwL+TMD//3twSEx1Xi1/CDRRKYQaPYTP1YPw2S0pAq5fR1QM66Bmo92U5Yh29JkXabzV mtow==
X-Gm-Message-State: AOJu0YyZvFcd1eRs8eTz7CYKvomzQ+1rCzIzUxUMTJlaFg6vG42mM3Me //MyK3Rh/NA98hhM0vF9fxw=
X-Google-Smtp-Source: AGHT+IElacjVWz7uw3D64sWF1ulDXCcT/JFbQvWrhD4DiJEKyVnyb1Vg6yoi0WnT72KNm9YE2v33sQ==
X-Received: by 2002:a5b:b92:0:b0:d9a:4a5f:415d with SMTP id l18-20020a5b0b92000000b00d9a4a5f415dmr3833308ybq.0.1697609154198; Tue, 17 Oct 2023 23:05:54 -0700 (PDT)
Received: from LAPTOPTI6QM5GV (c-67-170-74-237.hsd1.wa.comcast.net. [67.170.74.237]) by smtp.gmail.com with ESMTPSA id n9-20020aa79849000000b006be1dc1537csm2475644pfq.59.2023.10.17.23.05.52 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 17 Oct 2023 23:05:53 -0700 (PDT)
From: dthaler1968@googlemail.com
X-Google-Original-From: <dthaler1968@gmail.com>
To: 'Hannes Tschofenig' <hannes.tschofenig@gmail.com>, 'Dave Thaler' <dthaler@microsoft.com>
Cc: 'Mingliang Pei' <mingliang.pei@broadcom.com>, 'Akira Tsukamoto' <akira.tsukamoto@gmail.com>, teep@ietf.org, suit-chairs@ietf.org, 'Brendan Moran' <brendan.moran.ietf@gmail.com>
References: <CAOQt4iD8vW5NvgOUePwkfwEHaDd9+5kKGn0QTiht1B9cDqHJog@mail.gmail.com> <PH7PR21MB387882305E6EBA84F563CD77A30DA@PH7PR21MB3878.namprd21.prod.outlook.com> <PH7PR21MB38787B02DC50FFECBA3A184AA312A@PH7PR21MB3878.namprd21.prod.outlook.com> <CABDGos6Q6mt=B=oSZaGSx3TKYQf_4D_eTG27OQK60FT5azbd8w@mail.gmail.com> <PH7PR21MB38782B73B868CCDA54577F0BA3D6A@PH7PR21MB3878.namprd21.prod.outlook.com> <CAOQt4iB+zOhBoPCHKzLFnPesH9MoNdd3qJ_1JVqMUwB1SyBiqQ@mail.gmail.com>
In-Reply-To: <CAOQt4iB+zOhBoPCHKzLFnPesH9MoNdd3qJ_1JVqMUwB1SyBiqQ@mail.gmail.com>
Date: Tue, 17 Oct 2023 23:05:51 -0700
Message-ID: <006c01da0189$26bb08f0$74311ad0$@gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_006D_01DA014E.7A5EA1F0"
X-Mailer: Microsoft Outlook 16.0
Content-Language: en-us
Thread-Index: AQHZWZ/TAAD49zslsakJwOubrqvDiwLKk/ICAlUlcHQBlgXXSQKYOtZRAVvlm0uv+w+YgA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/igD-Yxb-oGKkojO2Pi-iGXi0eyM>
Subject: Re: [Teep] Status of TEEP protocol draft, and its dependency on SUIT
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Oct 2023 06:06:00 -0000
Thanks Hannes! I merged 364. 366 has a conflict to resolve, and then can be merged. I will look at 358 tomorrow. Regarding 356, we need feedback from the suit-mti authors, I don’t have an opinion myself. Dave From: TEEP <teep-bounces@ietf.org> On Behalf Of Hannes Tschofenig Sent: Tuesday, October 17, 2023 9:13 PM To: Dave Thaler <dthaler@microsoft.com> Cc: Mingliang Pei <mingliang.pei@broadcom.com>; Akira Tsukamoto <akira.tsukamoto@gmail.com>; teep@ietf.org; suit-chairs@ietf.org; Brendan Moran <brendan.moran.ietf@gmail.com> Subject: Re: [Teep] Status of TEEP protocol draft, and its dependency on SUIT Hi Dave, thanks for your email. - I closed PR #359 ("s/bit is clear/bit is cleared") since you guys didn't agree with it. - I changed PR#366 ("Encryption-related editorial improvements") and reversed the change regarding the normative reference. - I added a comment regarding PR# 358 ("Removing statement about Token Usage") - I approved PR# 364 ("*.suit Filename") Regarding PR #356 ("No reference to each suit-cose-profiles") I need your feedback to tell me whether I am on the wrong track with my view about AES-CTR. I shared my views on the mailing list about it. Ciao Hannes On Tue, Oct 17, 2023 at 11:05 PM Dave Thaler <dthaler@microsoft.com <mailto:dthaler@microsoft.com> > wrote: Hi TEEP folks, I'd really like to get done with the teep-protocol specification. It's gone through WGLC and has a shepherd write-up associated with the document already, last changed in July: https://datatracker.ietf.org/doc/draft-ietf-teep-protocol/shepherdwriteup/ And we discussed the draft at the joint SUIT/TEEP interim meeting. That said, there are several github pull requests waiting for review or chairs to confirm consensus. * https://github.com/ietf-teep/teep-protocol/issues/356 ("No reference to each suit-cose-profiles") In this issue Ken pointed out that we reference profiles that no longer exist in draft-ietf-suit-mti-02, And proposed changing from GCM to CTR. I filed https://github.com/ietf-teep/teep-protocol/pull/373 to do that, which we discussed in the interim meeting. Since then, Hannes argued that draft-ietf-suit-mti should be changed to put GCM back in, but I haven't seen any of the suit-mti authors respond to that, which is holding up the teep protocol spec. https://mailarchive.ietf.org/arch/msg/suit/qJayE5LG6mmYaSfaEHUGxT0OSDQ/ Hence cc'ing Brendan and the SUIT chairs on this email. Earlier Ken had filed https://github.com/ietf-teep/teep-protocol/pull/351 which is an alternative that uses GCM rather than CTR and so we're in limbo not knowing whether PR 351 or 356 can be done in referencing suit-mti or diverging from it. All the other issues below are, I believe, purely editorial cleanup... * https://github.com/ietf-teep/teep-protocol/issues/364 ("*.suit Filename") In this issue Hannes didn't like the examples having a manifest filename ending in .suit but didn't propose how to address. Last week I filed https://github.com/ietf-teep/teep-protocol/pull/376 that just removes the .suit from the end of the example filenames, and it is still waiting for approval from other authors. * https://github.com/ietf-teep/teep-protocol/pull/358 ("Removing statement about Token Usage") Hannes filed this claiming there is no relationship between the token and the attestation bit. But as I mentioned in the PR comments 2 weeks ago there is a relationship that was discussed at IETF 109 and 110, with pointers in the comments, so I believe it reflects consensus as is. I'm happy to reopen discussion if a technical reason is given to remove the relationship but so far no rationale has been provided, so this PR has not been approved so far. * https://github.com/ietf-teep/teep-protocol/pull/366 ("Encryption-related editorial improvements") This PR has not been approved since it proposes changing firmware encryption to be a normative reference while not changing the citing language, which is at least in my reading, informative. * https://github.com/ietf-teep/teep-protocol/pull/359 ("s/bit is clear/bit is cleared") This one is a trivial grammatical debate that should not hold up the doc. Grammarly says the doc is more correct as written, so this PR has not been approved so far. The I-D deadline is next Monday but I am traveling starting this Friday so want to see it submitted by Friday. If others have views, please weigh in asap. Thanks, Dave
- [Teep] Status of TEEP protocol draft, and its dep… Dave Thaler
- Re: [Teep] Status of TEEP protocol draft, and its… Hannes Tschofenig
- Re: [Teep] Status of TEEP protocol draft, and its… dthaler1968