Re: [Teep] Implementation feedback on draft-ietf-teep-opentrustprotocol-01
Dave Thaler <dthaler@microsoft.com> Tue, 17 July 2018 14:35 UTC
Return-Path: <dthaler@microsoft.com>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 82265130E28 for <teep@ietfa.amsl.com>; Tue, 17 Jul 2018 07:35:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.011
X-Spam-Level:
X-Spam-Status: No, score=-2.011 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vGN_u0zvN_Jg for <teep@ietfa.amsl.com>; Tue, 17 Jul 2018 07:35:48 -0700 (PDT)
Received: from NAM03-CO1-obe.outbound.protection.outlook.com (mail-co1nam03on070e.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe48::70e]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1423C130DF9 for <teep@ietf.org>; Tue, 17 Jul 2018 07:35:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yMzOV5bqtXHMMbkA8vOXRCtz6fWuBNnrffeGhIjhJQ4=; b=Up4/SXIiivAXDy/9TgOlxEy/6OEUkZl2hYph5adqJ1TlDUvbioc4lwalqbpJ32LtTjuowGbDcrLb+38KqGdHwEmt/7w2JZ3UEbKbbcs13Lb06RFtEpHXWnnGGFE/Cl7ZnvFFr2WuOCAo+GbP0V4cXceLvcG55yPPgUR1LzkXIqk=
Received: from DM5PR2101MB0805.namprd21.prod.outlook.com (10.167.105.149) by DM5PR2101MB0888.namprd21.prod.outlook.com (52.132.132.157) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.995.0; Tue, 17 Jul 2018 14:35:46 +0000
Received: from DM5PR2101MB0805.namprd21.prod.outlook.com ([fe80::8416:6f:8f6b:3fb7]) by DM5PR2101MB0805.namprd21.prod.outlook.com ([fe80::8416:6f:8f6b:3fb7%3]) with mapi id 15.20.0995.004; Tue, 17 Jul 2018 14:35:46 +0000
From: Dave Thaler <dthaler@microsoft.com>
To: Mingliang Pei <Mingliang_Pei=40symantec.com@dmarc.ietf.org>, Andrew Atyeo <Andrew.Atyeo@intercede.com>, "teep@ietf.org" <teep@ietf.org>
Thread-Topic: [Teep] Implementation feedback on draft-ietf-teep-opentrustprotocol-01
Thread-Index: AQHUHXxtkKoaWsfgnUel1QbgYTRqxKSTdQog
Date: Tue, 17 Jul 2018 14:35:46 +0000
Message-ID: <DM5PR2101MB080560477C09D8224C405470A35C0@DM5PR2101MB0805.namprd21.prod.outlook.com>
References: <F77F1C85-5AA1-4554-B565-246A376294FC@symantec.com>
In-Reply-To: <F77F1C85-5AA1-4554-B565-246A376294FC@symantec.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Owner=dthaler@ntdev.microsoft.com; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2018-07-17T14:35:42.6965935Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Application=Microsoft Azure Information Protection; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Extended_MSFT_Method=Automatic; Sensitivity=General
x-originating-ip: [2001:67c:1232:144:9f0:7c8d:3aa8:626f]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM5PR2101MB0888; 6:CzGN/iJbYDIsNPaqT7ln1o+X04JmNHMQUhx9QekzEWLEGOlnjsvCo7RPeBBRNOrHhftXSaYEoQSZ68K7Gj0Oe12c1nPjiKXPW1LNph3jcFimLDbkIHLvQ5jNMO7KM4jLmf1P4Tl6yDcDVTey9zIU3s5t37ExBXEhaAmpRcGp53IVKEHxBQ0Ko47jW8+g2d4rFxotnTqbr6VoGTbfruLYK5TnIpNqVkDInW6Lfhxyp5a35LZCXa3HXhT/J1JbJgfTZWHnCCt2OlZEOd1bKXd6MyvfSFONNFClLMWCfVkPG2VOkHbxLoD94hbORq7std41eghkpUHdnlPd4YrClt7oRl3B2ljbyxyxP8BaxKMvRznT7q2KThQfBt07GBvXOhiu40aPy7bh95BkvwNaX6nYrGinYWzWGnpJxf98Qv+O4FVyFEm/O+IH/525YS54C5vU1CsGYSonFAxG7FYFp8n6gA==; 5:2xsPZsNkPVKNVfji6tfGP1s8+O9mEC0By9Hkrpw/Wsczai2752r1z4WtBV5/N/6HhCg1TSMM+d3kIQSf08BVLhGaTxWbB1owi+GRAQLqDrDR0gYWTZwOWYTJbCBF06CCaG8jl0aDhTpTcBP1+KnVtUpKQBN31XUlAR9s4nN+h0Q=; 7:3mBHlMFar8i/5WKMQ4awni35qeMRr4YeO+TiysSc7p/6a9mg7xDP52YpkHYXXfPVTxrsodcjE+pYaFS4TQCVhEgUa4D+eZOXrlNA/Sq5jsP0qAOZugEXQdhlng65wky8G42UwdnaAm+RWf3I+GgS08GCSoDlGINLDJaX3Dd2SNagszPKYutn2hjxBmQ+JzYQRIjj8lQxzX6J1jbPObp/C2/0uHQKkYcdZ9fPep7SwIR1q66LmD+sV/FruKCOqPYd
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 8bd85b2a-8e7e-4ec3-7abf-08d5ebf29570
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989117)(5600053)(711020)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(48565401081)(2017052603328)(7193020); SRVR:DM5PR2101MB0888;
x-ms-traffictypediagnostic: DM5PR2101MB0888:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=dthaler@microsoft.com;
x-microsoft-antispam-prvs: <DM5PR2101MB0888FEF9058551D9939008FFA35C0@DM5PR2101MB0888.namprd21.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(93006095)(93001095)(3002001)(3231311)(944501410)(52105095)(2018427008)(10201501046)(6055026)(149027)(150027)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123564045)(20161123562045)(20161123560045)(6072148)(201708071742011)(7699016); SRVR:DM5PR2101MB0888; BCL:0; PCL:0; RULEID:; SRVR:DM5PR2101MB0888;
x-forefront-prvs: 073631BD3D
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39860400002)(366004)(136003)(346002)(376002)(396003)(199004)(189003)(86612001)(102836004)(6506007)(478600001)(68736007)(486006)(86362001)(2900100001)(476003)(22452003)(316002)(97736004)(8936002)(256004)(14444005)(10090500001)(9686003)(6116002)(8676002)(5250100002)(6436002)(2501003)(55016002)(305945005)(7696005)(186003)(2906002)(81156014)(76176011)(6246003)(446003)(14454004)(81166006)(33656002)(106356001)(105586002)(74316002)(25786009)(46003)(7736002)(53936002)(5660300001)(99286004)(11346002)(229853002)(110136005)(10290500003)(8990500004); DIR:OUT; SFP:1102; SCL:1; SRVR:DM5PR2101MB0888; H:DM5PR2101MB0805.namprd21.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: Zq6itOgYR1ZEMCo9sdHXP1J6oNSoHO9tP95os86FHMze1riNmJejCgHlyN4WmlBslvbfy3m92V+++Wl0TNprtumtuughE0s67N+x2NWkuwSA0R1e2p9KD2ay2glCx5kRlizC37f4cYlV1SwurtCBkbl7YLul01iclcuk+pd6FUPicqDmnCO7oMWBzZdvjcUlH8tOFbSJym6Og7gz9IvTGi+MDLHw9Aaa52sgY9iF4lKkpJTEi24jhRNiLrvJ3HFiy6M7qOvSuY/WOckQ/w5icKnVBI6pSObFrwAEYq3KeUfoD0IMLXhv10s0cou8MW/QFGM9o12ewSdot3J1gQrJFx7MpNvfumqGzAcMVWV25CI=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 8bd85b2a-8e7e-4ec3-7abf-08d5ebf29570
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Jul 2018 14:35:46.3020 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR2101MB0888
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/4HKWh8fLlW5GLP4kC-bwwgk6Iew>
Subject: Re: [Teep] Implementation feedback on draft-ietf-teep-opentrustprotocol-01
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Jul 2018 14:35:55 -0000
Mingliang Pei writes: ... > There is one major difference in contacting TEE first vs. contacting TAM first. > When a Rich App or an installer being its delegate lets TEE to generate a request, > a TEE needs authorize such a request. There is some role relationship to agree > on here. A device is managed by a TAM, and TAM’s initiated call can be authorized > by a TEE. Now, does the TEE have to authorize both an installer / Rich App intent > and also a TAM for a TA installation? Or you mean by “related by the installer” > that the first authorization is delegated from TEE to TAM, and TAM will make a > decision whether it will honor an installer’s request about a Rich App’s desire to > use a TA that it manages, right? The installer's request is just a request, regardless of whether it's sent to the TAM or the TEE. It can only be authorized by communication between the TAM and the TEE, regardless of which side initiated it. It's simply far more efficient to contact the TEE first, since that does not require a network message. I have a diagram that I will present in the meeting (which Ming has already seen). … > Delegated flow would mean that it always accept a request, and generates a > request. Would this cause some spam and attack issue to the TEE? On the other > hand, TAM is given to handle its clients being Rich App or an installer in a REE > etc, which is out of the scope in our design. There's a potential spam attack issue on whoever the installer/rich app contacts first. In the document's model, it's a spam/attack issue against the TAM. I claim it's slightly more efficient to defend against it when talking to the TEE first, since it does not involve network messages and so is a less severe issue to deal with. E.g., a rich app sending 10000 messages to a TAM consumes more resources than a rich app sending 10000 requests to its own TEE, and a TAM has to scale to far more rich apps (many per device) than a TEE does (just the ones on the local device) so the problem is more severe at a TAM. ... > My main point is that it should be possible to combine CreateSD into > the first InstallTA and be more efficient. > Also remember that the TA binary need not come from the TAM. > > [AA] when the SD is created, an asymmetric keypair is generated (spaik), > and the public part of this is returned. When a TA is installed, it is encrypted > with this key. This enables some use cases where a TAM could interface to > a SP and enable an SP to provide the TA encrypted such that the TA binary > is not known by the TAM. > > The spaik is also used to encrypt the personalization data (that is also sent > in InstallTA), and there is also a use case for a TAM interfacing to an SP in > order that the SP encrypts perso data for that TEE such that it travels via > the TAM to the TEE, but without the TAM having access to that data > Since InstallTA requires knowledge of the public key returned from CreateSD, > it is true that the extra round trip is required. > So the question is whether there is a case for installing TA (and their > accompanying perso data) without the ability to provide confidentiality > between an SP and the TEE by making that layer of encryption optional, > and by allowing the TA (and perso data?) to be bundled into CreateSD > > [MP] This could be an option, I think, when a TA binary encryption isn’t > needed. However, we did elaborate this in the very beginning of protocol > design whether we give such an option. We (OTrP Alliance at the time) agreed > that the protection of TA binary itself is very valuable. You don’t want > someone to reverse engineer your TA code that makes exploit finding easier. > In the current design, a TA binary code is never given clear to any Rich App > or MITM. It is only known by the developer and then the running device TEE > itself. This was a very important design goal in this protocol. I think we're convoluting two separate things here: 1) The notion of an isolation boundary around one or more TAs. An SP can have multiple such instances within a TEE, e.g., one per TA is a common case. 2) The notion of a cryptographic context (spaik) between an SP and a TEE, to allow for use cases where the TAM should not have access to certain information (e.g., decrypted TA binary, etc.) In my view, for scalability these need to be kept as separate things, since the granularity is different. If an SP has 100 TAs per device, I think it should need only 1 key, not 100 of them. ... > TAs inherently can depend on other TA’s. I don’t think it should be out of scope for the WG. > > [MP] Let us discuss this more. In theory, there could be all chaining dependencies. > It isn’t common today. When TA1 uses TA2, would TA1 installation by TAM and > TEE will need to check existing of TA2? Yes. In general apps can depend on other things being installed that themselves depend on other things, this is not new. All I'm saying is that the same dependency models people use for apps today will happen for TAs too. Dave
- [Teep] Implementation feedback on draft-ietf-teep… Dave Thaler
- Re: [Teep] Implementation feedback on draft-ietf-… Andrew Atyeo
- Re: [Teep] Implementation feedback on draft-ietf-… Dave Thaler
- Re: [Teep] Implementation feedback on draft-ietf-… Mingliang Pei
- Re: [Teep] Implementation feedback on draft-ietf-… Wheeler, David M
- Re: [Teep] Implementation feedback on draft-ietf-… Dave Thaler