Re: [Teep] Overcoming other limitations in the TEE landscape
Anders Rundgren <anders.rundgren.net@gmail.com> Tue, 06 June 2017 05:37 UTC
Return-Path: <anders.rundgren.net@gmail.com>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1EB5B12EB71 for <teep@ietfa.amsl.com>; Mon, 5 Jun 2017 22:37:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q6HWZGAGO3Jg for <teep@ietfa.amsl.com>; Mon, 5 Jun 2017 22:37:00 -0700 (PDT)
Received: from mail-wm0-x22e.google.com (mail-wm0-x22e.google.com [IPv6:2a00:1450:400c:c09::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E0F25127337 for <teep@ietf.org>; Mon, 5 Jun 2017 22:36:59 -0700 (PDT)
Received: by mail-wm0-x22e.google.com with SMTP id d73so40084735wma.0 for <teep@ietf.org>; Mon, 05 Jun 2017 22:36:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=/fIjTaZWUKV+GLYfYCewCs+IcPZH4Qf7+s5hyHxLBk0=; b=kbsRD35bpcUPzjpYFJPfeyFAfIXYZ13lKBtmiVSk21LiCVmuhXhHle8XIX3yktoWwY 2AxWHbRaA+5rynLJk+pq6rDGFGMb5Pae8gYL4TKgQFmZme/B+3F+ZGXW2xWq7891voZp 5AOEZv31V25Cye6fGaGG/xhvvcDrGA1hELHo0HRAj93fLGzRXHXrYc2736PZgOO75abc 7X8WWSHn+yyzKqlh1iUVBZ7K6Z+4dQlNQ+GijDpqC7hRsdmpSOgNdyINPZxAyxaITRVi n2OPkhRPkZWMrUu28JxnzSoqceRzs7D/osxaiBy1q8nfYT+88NtPc0azvrSJej0T/h2l r0hw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=/fIjTaZWUKV+GLYfYCewCs+IcPZH4Qf7+s5hyHxLBk0=; b=FQN7Vr/cSQ+B+35A28PdkLh45DLOt3EZpdBEiX+6xpy/c4E7AyBwHMZrsjk+KAi0mq 3+It8ItCob5s3FUQfZVFcFCA/LNY8MDOxsXq9S+6CgO5xWBLb2H2VGS4IqfWoMHubYyS 40xt8f4y9owEpYI/Ppzp5+BIUcxY0KvDnLCdB3PAUFu4V5T6MlFwLlNz7BvpOc1/1lRq GdAtVF6iGCFGzfDYIINQW/2+UdhPSzKwVwKnAu1uthUgSBr1LB3M+JV1X0A9hKsfNEaR reH9DFjEuugpzQLv5BLgAnuUgsmJH+Sk4BbB0Ce+XkMbjuJUYaYAAHXJm9mwMJOVG9K2 R2TQ==
X-Gm-Message-State: AODbwcCGrABkRIS/YSveL7X1GWdQ2a7+ZR1sXM9pmEbdavvD6lbku11Y +y4xTruHdTsJK2py
X-Received: by 10.28.54.154 with SMTP id y26mr10002869wmh.53.1496727418118; Mon, 05 Jun 2017 22:36:58 -0700 (PDT)
Received: from [192.168.1.79] (124.25.176.95.rev.sfr.net. [95.176.25.124]) by smtp.googlemail.com with ESMTPSA id t8sm32687997wrc.28.2017.06.05.22.36.56 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 05 Jun 2017 22:36:57 -0700 (PDT)
To: Brian Witten <brian_witten@symantec.com>, "teep@ietf.org" <teep@ietf.org>
References: <e25cdc3c-96f7-6507-8115-c3f16574519b@gmail.com> <MWHPR16MB14886572B0AB1BBD5CCE187E93CA0@MWHPR16MB1488.namprd16.prod.outlook.com>
From: Anders Rundgren <anders.rundgren.net@gmail.com>
Message-ID: <994d06c4-c528-8ef3-426d-8f8fcff8bb66@gmail.com>
Date: Tue, 06 Jun 2017 07:36:54 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.1.1
MIME-Version: 1.0
In-Reply-To: <MWHPR16MB14886572B0AB1BBD5CCE187E93CA0@MWHPR16MB1488.namprd16.prod.outlook.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: base64
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/mpX1Z3mGv8T2bpFfzJbhbrsTHfQ>
Subject: Re: [Teep] Overcoming other limitations in the TEE landscape
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Jun 2017 05:37:02 -0000
On 2017-06-05 15:21, Brian Witten wrote: > Thanks! IMHO active RFID (keys & crypto embedded in the tag, executed > in the tag for strong authentication, private keys never leaving the tag, > several schemes leverage PKI like this embedded in RFID tags with just > enough crypto/computing power) ... active RFID (like that) helps break past > the "easily copied" challenges of QR codes, mag-stripe credit cards, SSN's > and the like, and does so at a price not too far from QR stickers/physical-printing. > However, the TEE in a mobile device (and TEE in IOT devices such as smart-glasses, > badge-scanners, and nearly anything else) with more compute than an RFID "tag" > helps add similar "hardware backed" security for such devices who might be not > only interrogating such tags, but might also be collaborating with such tags in > talking with cloud based services. Thanx Brian, I don't fully grasp what you are writing but AFAIK only FIDO alliance products address NFC support over the Web. However, for people using this dreadful old technology known as PKI there's nothing (standards-wise), which is why I have created an "issue" for such a development: https://github.com/w3c/web-nfc/issues/128 This is not (at all) only about security but about creating a better user experience for using TEE-powered phones together with a PC/Browser. Cheers, Anders > > > At least that's my view, but I'm very open to others - > > > ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ > *From:* TEEP <teep-bounces@ietf.org> on behalf of Anders Rundgren <anders.rundgren.net@gmail.com> > *Sent:* Saturday, June 3, 2017 11:18:31 PM > *To:* teep@ietf.org > *Subject:* [EXT] [Teep] Overcoming other limitations in the TEE landscape > F.Y.I. > > We all agree that TEEs are great, right? > > However, TEEs are no better than the environments they are supposed to be used in: > https://www.linkedin.com/pulse/motives-better-qr-anders-rundgren > (you don't need a LinkedIn account to read this short writeup) > > Anders > > _______________________________________________ > TEEP mailing list > TEEP@ietf.org > https://www.ietf.org/mailman/listinfo/teep
- [Teep] Overcoming other limitations in the TEE la… Anders Rundgren
- Re: [Teep] [EXT] Overcoming other limitations in … Brian Witten
- Re: [Teep] Overcoming other limitations in the TE… Anders Rundgren