[Teep] Fw: New Version Notification for draft-ietf-teep-usecase-for-cc-in-network-12.txt
"chenmeiling@chinamobile.com" <chenmeiling@chinamobile.com> Tue, 30 December 2025 08:16 UTC
Return-Path: <chenmeiling@chinamobile.com>
X-Original-To: teep@mail2.ietf.org
Delivered-To: teep@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 2A5C3A0B1559 for <teep@mail2.ietf.org>; Tue, 30 Dec 2025 00:16:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: 1.013
X-Spam-Level: *
X-Spam-Status: No, score=1.013 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=no autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=chinamobile.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AwlaZlLza1zW for <teep@mail2.ietf.org>; Tue, 30 Dec 2025 00:16:36 -0800 (PST)
Received: from cmccmta1.chinamobile.com (cmccmta8.chinamobile.com [111.22.67.151]) by mail2.ietf.org (Postfix) with ESMTP id BC52DA0B1550 for <teep@ietf.org>; Tue, 30 Dec 2025 00:16:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chinamobile.com; s=default; l=0; h=from:subject:message-id:to:mime-version; bh=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=; b=HsiWjjQE0b/KiTpdGrvRGe2u5nc6JqsezQdB490h24CKLnF2DfUAp5aKN30bxEZ10KcmOZQCdyqxT IH7wdbgzPuUK2GYcDstVZuFtJtI5+ILO0pw9W+N6VasqSxkA/NjF0Y8656D/6fSY/S7Bq5gS1oKiAN SLPPx8pBOl816juI=
X-RM-TagInfo: emlType=0
X-RM-SPAM-FLAG: 00000000
Received: from spf.mail.chinamobile.com (unknown[10.188.0.87]) by rmmx-syy-dmz-app02-12002 (RichMail) with SMTP id 2ee269538a5b8af-d59bf; Tue, 30 Dec 2025 16:16:28 +0800 (CST)
X-RM-TRANSID: 2ee269538a5b8af-d59bf
X-RM-TagInfo: emlType=0
X-RM-SPAM-FLAG: 00000000
Received: from DESKTOP-U9UKLCC (unknown[10.2.53.48]) by rmsmtp-syy-appsvr01-12001 (RichMail) with SMTP id 2ee169538a5ba13-34b3c; Tue, 30 Dec 2025 16:16:28 +0800 (CST)
X-RM-TRANSID: 2ee169538a5ba13-34b3c
Date: Tue, 30 Dec 2025 16:16:27 +0800
From: "chenmeiling@chinamobile.com" <chenmeiling@chinamobile.com>
To: teep <teep@ietf.org>
X-Priority: 3
X-GUID: 1928BD94-43B6-49F3-AF9B-D3F735655696
X-Has-Attach: no
X-Mailer: Foxmail 7.2.25.432[cn]
Mime-Version: 1.0
Message-ID: <2025123016162624357138@chinamobile.com>
Content-Type: multipart/alternative; boundary="----=_001_NextPart274718086705_=----"
Message-ID-Hash: HG3GM3VB3LCQ77M4ECHC6HCIE2HSFN6T
X-Message-ID-Hash: HG3GM3VB3LCQ77M4ECHC6HCIE2HSFN6T
X-MailFrom: chenmeiling@chinamobile.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-teep.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Teep] Fw: New Version Notification for draft-ietf-teep-usecase-for-cc-in-network-12.txt
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/klqsJvV4TRnZBy2uUZEQzhTMd10>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Owner: <mailto:teep-owner@ietf.org>
List-Post: <mailto:teep@ietf.org>
List-Subscribe: <mailto:teep-join@ietf.org>
List-Unsubscribe: <mailto:teep-leave@ietf.org>
Hi all, According to the comments, we have made an update for latest version. The main changes are as follows: 1、In the Section 1 , added an additional introduction on IDSA's support for confidential computing and CC. The International Data Spaces Association's goal is the establishment of trustworthiness in data sharing, and IDSA supports the use of confidential computing to protect data when dealing with data sharing . In detail, data sharing accommodate a wide range of scenarios. From a simple file transfer between two storage providers, to API access for streaming or eventing, to quite complex implementations with secure execution environments through confidential compute enclaves, environment attestations, signed code, custom encryption algorithms, and more. 2、Added appendix B, the specific examples of 5.3 use case. On-premises Remote Attestation Verification: Internet Service Providers (ISPs) verify the integrity of high-capacity routing platforms using Remote Attestation (RATS) and the raw evidence may contain sensitive metadata, such as granular firmware versions, patch levels, and operational configurations, which poses a risk of information leakage and violates data sovereignty requirements. So the ISP can deploy an on-premises Verifier within a TEE on a Confidential Computing (CC) server. In this scenario, the vendor-provided Verifier logic and Reference Values are provisioned as the Trusted Application (TA). The network devices (Attesters) send Evidence directly to this local TEE. By executing the Verifier within a TEE, the ISP ensures that the vendor's intellectual property (the verification logic) remains protected, while the ISP's sensitive device Evidence never leaves their controlled infrastructure. Privacy-Preserving When Using Machine Learning (ML) models: Network operators collect large-scale telemetry to detect advanced security threats and use specialized Machine Learning (ML) models for analysis. In this case, the operator can leverage an external CC-enabled cloud for analysis. The third-party security vendor provides the analysis model as a TA. The operator provides the telemetry as encrypted Input Data. The decryption keys are only released to the TEE after the operator performs remote attestation of the analytics environment. This ensures that the third-party provider cannot access the raw telemetry, and the operator cannot reverse-engineer the vendor's proprietary ML model. Privacy-Preserving Path Computation and Intent-Based Networking: In Software-Defined Networking (SDN), a Network User may require specific Path Computation (PCE) based on sensitive business intents, but the Network Provider need to keep their detailed network topology and link utilization metrics confidential. Then the Path Computation Element (PCE) can host within a TEE. The Network User's sensitive routing constraints and the Network Provider's topology data are treated as private inputs to the TA (the Path Computation algorithm). The TEE ensures that the User cannot see the Provider's full topology, and the Provider cannot see the User's specific intent or underlying traffic descriptors. 3、We think the draft is ready for the WGLC and hope this document can provide deployment guidance for scenarios to use confidential computing in network. chenmeiling@chinamobile.com From: internet-drafts Date: 2025-12-30 14:42 To: Chunchi Liu; Li Su; Meiling Chen; Penglin Yang; Peter Liu Subject: New Version Notification for draft-ietf-teep-usecase-for-cc-in-network-12.txt A new version of Internet-Draft draft-ietf-teep-usecase-for-cc-in-network-12.txt has been successfully submitted by Meiling Chen and posted to the IETF repository. Name: draft-ietf-teep-usecase-for-cc-in-network Revision: 12 Title: TEEP Usecase for Confidential Computing in Network Date: 2025-12-30 Group: teep Pages: 14 URL: https://www.ietf.org/archive/id/draft-ietf-teep-usecase-for-cc-in-network-12.txt Status: https://datatracker.ietf.org/doc/draft-ietf-teep-usecase-for-cc-in-network/ HTMLized: https://datatracker.ietf.org/doc/html/draft-ietf-teep-usecase-for-cc-in-network Diff: https://author-tools.ietf.org/iddiff?url2=draft-ietf-teep-usecase-for-cc-in-network-12 Abstract: Confidential computing is the protection of data in use by performing computation in a hardware-based Trusted Execution Environment. Confidential computing could provide integrity and confidentiality for users who want to run applications and process data in that environment. When confidential computing is used in scenarios which need network to provision user data and applications, TEEP architecture and protocol could be used. This usecase illustrates the steps of how to deploy applications, containers, VMs and data in different confidential computing hardware in network. This document is a use case and extension of TEEP architecture and could provide guidance for cloud computing, MEC (Multi-access Computing) and other scenarios to use confidential computing in network. The IETF Secretariat
- [Teep] Fw: New Version Notification for draft-iet… chenmeiling@chinamobile.com
- [Teep] Re: Fw: New Version Notification for draft… Liuchunchi(Peter)
- [Teep] Re: Fw: New Version Notification for draft… Nancy Cam-Winget (ncamwing)
- [Teep] Re: Fw: New Version Notification for draft… chenmeiling@chinamobile.com
- [Teep] Re: Fw: New Version Notification for draft… Nancy Cam-Winget (ncamwing)