IETF Logo Mail Archive

Re: [Teep] [EXT] Re: Call for adoption

Nicolae Paladi <n.paladi@gmail.com> Tue, 15 May 2018 12:57 UTC

Return-Path: <n.paladi@gmail.com>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 46F67126C22 for <teep@ietfa.amsl.com>; Tue, 15 May 2018 05:57:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.709
X-Spam-Level:
X-Spam-Status: No, score=-0.709 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Vlgoo7Wz8Ttz for <teep@ietfa.amsl.com>; Tue, 15 May 2018 05:57:03 -0700 (PDT)
Received: from mail-lf0-x235.google.com (mail-lf0-x235.google.com [IPv6:2a00:1450:4010:c07::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E887B1252BA for <teep@ietf.org>; Tue, 15 May 2018 05:57:02 -0700 (PDT)
Received: by mail-lf0-x235.google.com with SMTP id n18-v6so16342lfh.10 for <teep@ietf.org>; Tue, 15 May 2018 05:57:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc:message-id:references :to; bh=Za6elMgmZlgybqpLlxo55ZzwW4ZC7sEZjBP1l10eYb8=; b=BwdZp7gXLZ7DSHAF5E7rMyiqO87zSabxLBagsWSJ0pn7OojMjyXqS3UstxLN2dMMqY DNRBQQwg9FbT+df6eU/cAcuJa3CS/acJhQflAwyOuQr8O/uKq6CpGsMIZrBQmFoXA5pA BbXrMT226zIhZQIrVWOrd9ZvgmbOvzeKtTrZGRlosnobZOs5sTOiStTFA52EyDzRqJQi Tt11pcEaUBUdFyI2KiLg/cmaATPIe238YrJ+QzXsVR86GVPcYdazyZc/rEhc8biEdcPI 4AmlFpIB9odZn2hXmDI18s/Fy9XCnbTM+v6r8HQWN5Y3HaMfliH05F8kqHgDZhV6whlO UgAw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=Za6elMgmZlgybqpLlxo55ZzwW4ZC7sEZjBP1l10eYb8=; b=rVihAuqhzR1LBQwf83mHzNZy+d2mVroyTMtAxD2fMYyvvaScIbnrYs9otmnd2w2cUc 61mEWFwdxodHXcCZc7/9wNlCSIp7YkO+hqHHMUSIZG8lSEwdIW3Y1dPpnpe+3lBOAWZ+ KBGFcxPAftTuN6JWqspqxVaNsJMvA/LtVHfM53SOa/Gv2eIvnHEih6FsbHDzeCVAgHby Tb27zEKO6SvdO0q2yT0SomqqtksWsBrw9imiejAEaYKQO+H8zyu+L7dlGxBw13DzBbDN ZSSwu6ZQYUJMqhGSrYdzJi5by8jk1ikC06RfV+lDhhoLb3PEOJRYrhqGXF4b7EhWs7Zw w43w==
X-Gm-Message-State: ALKqPwc3va4utYNkEvTvNHT9iE0GtszobYqeV/oKipgyQepdGHww9+St HtUStq8Xs9RwByhhdHEq/UMPGOw2
X-Google-Smtp-Source: AB8JxZrlfRgpjkOboRgwHP7YX9EYHG7FYNdo4lG9MgjJlR3kwDjVVfTNSpVxPdYLH4UbJelttMoIMw==
X-Received: by 2002:a19:ca5b:: with SMTP id h27-v6mr11410169lfj.69.1526389021026; Tue, 15 May 2018 05:57:01 -0700 (PDT)
Received: from [10.112.10.42] (gw10.sics.se. [193.10.64.23]) by smtp.gmail.com with ESMTPSA id j188-v6sm3031412lfg.52.2018.05.15.05.56.59 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 15 May 2018 05:56:59 -0700 (PDT)
Content-Type: multipart/alternative; boundary="Apple-Mail=_0748B4FD-3CBD-4D91-B7D8-E653B0480601"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
From: Nicolae Paladi <n.paladi@gmail.com>
In-Reply-To: <E7523A59-37C2-4CDF-8553-E084A3185A8E@symantec.com>
Date: Tue, 15 May 2018 14:56:58 +0200
Cc: "Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com>, "teep@ietf.org" <teep@ietf.org>, "Wheeler, David M" <david.m.wheeler@intel.com>, Dave Thaler <dthaler@microsoft.com>
Message-Id: <C42613D9-71FD-49D5-9FA8-AF6DDCE32FED@gmail.com>
References: <E3320980-A44F-4429-A255-16E17EB572FD@cisco.com> <38924978-1EB8-4E25-A8EE-55F85A5FD173@cisco.com> <6F8051FA-C7F7-4E53-B8F8-5F45290F8D7F@symantec.com> <0627F5240443D2498FAA65332EE46C84367D27EF@CRSMSX102.amr.corp.intel.com> <CY4PR21MB07749A26B6D0DAFC15231CB1A3800@CY4PR21MB0774.namprd21.prod.outlook.com> <2F635C9F-199B-4118-9D80-CD35ADA74261@symantec.com> <6C77FC20-EB64-46B7-8D2D-69693E163D95@gmail.com> <E7523A59-37C2-4CDF-8553-E084A3185A8E@symantec.com>
To: Mingliang Pei <Mingliang_Pei@symantec.com>
X-Mailer: Apple Mail (2.2104)
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/oehLCEjoMBRkM58gcprQzy06gWc>
Subject: Re: [Teep] [EXT] Re: Call for adoption
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 May 2018 12:57:07 -0000

Hi Mingliang, 

thank you for the clarifications. Comments and suggestions inline.

> On 10 May 2018, at 04:51, Mingliang Pei <Mingliang_Pei@symantec.com> wrote:
> 
> Hi Nicolae,
>  
> Thank you very much for your comments. Sorry for delayed reply. Please see my comments inline.
>  
> Best,
>  
> Ming
>  
> From: Nicolae Paladi <n.paladi@gmail.com <mailto:n.paladi@gmail.com>>
> Date: Friday, May 4, 2018 at 2:35 AM
> To: Mingliang Pei <Mingliang_Pei@symantec.com <mailto:Mingliang_Pei@symantec.com>>
> Cc: Dave Thaler <dthaler@microsoft.com <mailto:dthaler@microsoft.com>>, "Wheeler, David M" <david.m.wheeler@intel.com <mailto:david.m.wheeler@intel.com>>, "Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com <mailto:ncamwing@cisco.com>>, "teep@ietf.org <mailto:teep@ietf.org>" <teep@ietf.org <mailto:teep@ietf.org>>
> Subject: Re: [Teep] [EXT] Re: Call for adoption
>  
> Hello, 
>  
> I have read through the 06 OTrP document; besides a list of miscellaneous omissions and minor misses (that can be addressed later), several points caught my eye:
>  
> 1. In §5.2 the acronym “AIK” from  "TEE SP anonymous key (AIK)” reads very similar to the concept of an “Attestation Identity Key”  (e.g. from [1]). 
> Is that the purpose? If yes, the key and its role should be introduced, otherwise a different acronym could be used.
>  
> Ming: it is different. The TAM will still know a device’s identity basing on TEE key and we introduced AIK to make the application itself no need to access TEE device key. We were aware of DAA but didn’t make it a requirement to use.

Nicolae: I understand; in ANY that case it should be introduced in the acronym list (I assume it is an acronym; would be nice to know what it stands for), and also explained in the text body.

>  
> 2. In §6.3.1 the draft mentions that “It is important to ensure a legitimate OTrP Agent is installed”. 
> However, it is not clear what a “legitimate” agent is and how one can ensure that a “legitimate” agent installed.
> Given that the agent runs in the REE where the applications are by definition un-trusted (as per 3.1), this paragraph leads to a dead end.
> What is the relation between a “legitimate” application and a “trusted” application?
>  
> Ming: “trusted” application refers to those running in TEE side. You are right, an OTrP Agent cannot be always trusted. We recommend that it is installed as a “system” app that has better protection than a user installed app. If an OTrP agent applicaton is compromised, it cannot steal anything because data is encrypted end-to-end, and TAM will detect it. One threat is that it may cause Denial-of-service to TA management requests. Thanks for your comment; we can elaborate this in “Security Consideration” section. How do you think?
>  

Nicolae: I think discussing the security aspects of the OTrP Agent in the “Security Consideration” section is a good idea. 
I would actually move the sentence “It is important to ensure a legitimate OTrP Agent is installed” also to the “Security Consideration” section - to both motivate this importance, outline the risks and suggest mitigations. 
Otherwise it does not help to underly this importance if earlier in the text the REE was declared untrusted.

> 3. §6.3.2 states twice (duplication) that only one OTrP agent is expected. 
> However, given that “a user can dynamically download and install an OTrP Agent on demand” (as per §6.3.1), it is unclear what this expectation is based on.
> Moreover, the interaction is multiple OTrP agents on the platform is not discussed.
>  
> Ming: the OTrP assumes that only one active TEE is installed in a device, see Section 12 and 7.8 etc. You raised a good point on what if a user downloads multiple OTrP agent. It was expected that one “system” OTrP agent is used that associates with the underlying TEE. Supporting multiple different OTrP agents are out of scope for the spec. The focus is on the “messaging protocol” that are exchanged. How an OTrP agent is installed and interact with TEE are left out for implementations. We will add clarification about this. Thanks again for your questions here.

Nicolae: Sounds good; explicitly marking the scope and the assumptions here will be helpful.

>  
> Best regards,
> Nicolae
>  
> ====
>  
> [1] Ernie Brickell, Jan Camenisch, and Liqun Chen. 2004. Direct anonymous attestation. In Proceedings of the 11th ACM conference on Computer and communications security (CCS '04). ACM, New York, NY, USA, 132-145. DOI=http://dx.doi.org/10.1145/1030083.1030103 <https://clicktime.symantec.com/a/1/FxLZJM03ASlro3ApjZyFHa5jrFqUjyGpGhjI8XOC1X0=?d=m6C10soKZjsw33Z3WzAqLgXYspcBsudM2nUIfa1o0mmI03HqQ3KmRq1gQ2LCFHBvg6I_OCTwg9HEo-dSm9GWB1bai4z4g8oPYU-p9tvCtkLwnCy4XjNiYWHbl4hDBH1XBYV8wONzxnXr3_pxkjPJv8WkoTMlSt9kJV42Y2m5Y6EcNmMOWivqcLhKm0lFJ44NGD-R9LhdGU01v3MaL4Q2vQLBoHZf9oeauDDsrxmN00kEuGowOuW_wVcXsjWfKOzsR_RAvXEzRIDUUhQn-vVpxQrjYSu1Mfi_s0pTQZEqHMstUlVcOKHfXLRAdqdDiEhKKMxBfiUAe5Kc56UJbDPDC85eOx4MiH5B1iBb3v3X8Itd_-TGNkGS8SbbGdgcn-c%3D&u=http%3A%2F%2Fdx.doi.org%2F10.1145%2F1030083.1030103>
>  
>  
>> On 02 May 2018, at 20:23, Mingliang Pei <Mingliang_Pei@symantec.com <mailto:Mingliang_Pei@symantec.com>> wrote:
>>  
>> Thanks Dave T, that is correct.
>>  
>> Hi Dave W, yes, I can confirm that it is exactly the same version as v06 OTrP except a few typo fixes. The plan is to rename the “adopted” version v06 first to WG named draft, and we work on revision from there with full continuity.
>>  
>> Thanks,
>>  
>> Ming
>>  
>> From: Dave Thaler <dthaler@microsoft.com <mailto:dthaler@microsoft.com>>
>> Date: Wednesday, May 2, 2018 at 10:13 AM
>> To: "Wheeler, David M" <david.m.wheeler@intel.com <mailto:david.m.wheeler@intel.com>>, Mingliang Pei <Mingliang_Pei@symantec.com <mailto:Mingliang_Pei@symantec.com>>, "Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com <mailto:ncamwing@cisco.com>>, "teep@ietf.org <mailto:teep@ietf.org>" <teep@ietf.org <mailto:teep@ietf.org>>
>> Subject: RE: [Teep] [EXT] Re: Call for adoption
>>  
>> You can see the diffs at
>>  
>> I see that a number of typos were fixed, but there were no substantial differences.
>>  
>> Dave
>>  
>> From: TEEP <teep-bounces@ietf.org <mailto:teep-bounces@ietf.org>> On Behalf Of Wheeler, David M
>> Sent: Wednesday, May 2, 2018 7:14 AM
>> To: Mingliang Pei <Mingliang_Pei@symantec.com <mailto:Mingliang_Pei@symantec.com>>; Nancy Cam-Winget (ncamwing) <ncamwing@cisco.com <mailto:ncamwing@cisco.com>>; teep@ietf.org <mailto:teep@ietf.org>
>> Subject: Re: [Teep] [EXT] Re: Call for adoption
>>  
>> Ming,
>> Can you just confirm that there are NO DIFFERENCES between the last released version and the 06 OTrP document?
>> If there are differences, can you give a short summary so I know where to look?
>> Much appreciated,
>> Dave Wheeler
>>  
>>  
>>  <>From: TEEP [mailto:teep-bounces@ietf.org <mailto:teep-bounces@ietf.org>] On Behalf Of Mingliang Pei
>> Sent: Thursday, April 26, 2018 10:46 AM
>> To: Nancy Cam-Winget (ncamwing) <ncamwing@cisco.com <mailto:ncamwing@cisco.com>>; teep@ietf.org <mailto:teep@ietf.org>
>> Subject: Re: [Teep] [EXT] Re: Call for adoption
>>  
>> Thank you Nancy, Dave and all for your support, comments and suggestions.
>>  
>> Yes, I will rename the draft to “draft-ietf-teep-opentrustprotocol” and resubmit it very soon.
>>  
>> Thanks, again,
>>  
>> Ming
>>  
>> From: TEEP <teep-bounces@ietf.org <mailto:teep-bounces@ietf.org>> on behalf of "Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com <mailto:ncamwing@cisco.com>>
>> Date: Thursday, April 26, 2018 at 8:58 AM
>> To: "teep@ietf.org <mailto:teep@ietf.org>" <teep@ietf.org <mailto:teep@ietf.org>>
>> Subject: [EXT] Re: [Teep] Call for adoption
>>  
>> Hearing (or reading) no strong objections, “draft-pei-opentrustprotocol” is adopted by the WG.
>>  
>> A few comments have already been provided that can be addressed in subsequent versions some can also be clarified in the architecture draft.
>>  
>> Ming: when you get a chance, please submit the draft with the name:  draft-ietf-teep-opentrustprotocol
>>  
>> Your chairs, Dave and Nancy
>>  
>> From: "ncamwing@cisco.com <mailto:ncamwing@cisco.com>" <ncamwing@cisco.com <mailto:ncamwing@cisco.com>>
>> Date: Monday, April 2, 2018 at 11:07 AM
>> To: "teep@ietf.org <mailto:teep@ietf.org>" <teep@ietf.org <mailto:teep@ietf.org>>
>> Subject: Call for adoption
>>  
>> All, <>
>>  
>> There was strong interest and consensus at the TEEP f2f IETF 101 meeting in London for adopting
>> https://datatracker.ietf.org/doc/draft-pei-opentrustprotocol/ <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fclicktime.symantec.com%2Fa%2F1%2FgRKJSsq7kQhfqIKwz5wHUYr68TvGP5gAqpJNYBP-b7k%3D%3Fd%3D8WYzqysvQkd-X_pG-TDgQWMOhCT_hZ1FSVct6-8Ei0YXDodJ-BlC1HRZVDivUH6gtXKkOaBplQ4cm5LXvKuOoc75nlsRDpZ0rTVUq3fI7jVSXjtiB2k5l62ztuPK_5u9S0O3mA7XFXurjMVspCv9uWGRny0TCxWJTwmktVrcQ-LZsoLDB69BN4KytF_Po_2Z2uln01QFKhgSZXUOR-YCo0fpFWZNBDKlXao5KGMKu-LMjD9wwhzQSXXsEgOk-r_0Vzw4CArYfYfPSqkGXkT1bJegLFfBHZZ6RGWMovT3TJ8Z2EohP6RQgIWuG16Z_L_WaaiTJKC75JKHUnWLAF4IObMDfaL4frUNdI7SaFJEk1Nym6ab%26u%3Dhttps%253A%252F%252Fdatatracker.ietf.org%252Fdoc%252Fdraft-pei-opentrustprotocol%252F&data=02%7C01%7Cdthaler%40microsoft.com%7C7a6910317f434c0cf7e508d5b036f02f%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C1%7C636608672364767599&sdata=4N1Xkn78OMBQeskfI6i%2FOe4R37Hw%2BcOELBqt06w6x%2FY%3D&reserved=0>  as a draft protocol.
>>  
>> This is a call for adoption as a working group draft .  If you have any concerns or objections please respond
>> by April 16th.
>>  
>> Warm regards, Nancy
>> _______________________________________________
>> TEEP mailing list
>> TEEP@ietf.org <mailto:TEEP@ietf.org>
>> https://www.ietf.org/mailman/listinfo/teep <https://clicktime.symantec.com/a/1/mXucsNPSYG5NsyN9moI8H8Nv5l3RsIzSmWatmV1beas=?d=m6C10soKZjsw33Z3WzAqLgXYspcBsudM2nUIfa1o0mmI03HqQ3KmRq1gQ2LCFHBvg6I_OCTwg9HEo-dSm9GWB1bai4z4g8oPYU-p9tvCtkLwnCy4XjNiYWHbl4hDBH1XBYV8wONzxnXr3_pxkjPJv8WkoTMlSt9kJV42Y2m5Y6EcNmMOWivqcLhKm0lFJ44NGD-R9LhdGU01v3MaL4Q2vQLBoHZf9oeauDDsrxmN00kEuGowOuW_wVcXsjWfKOzsR_RAvXEzRIDUUhQn-vVpxQrjYSu1Mfi_s0pTQZEqHMstUlVcOKHfXLRAdqdDiEhKKMxBfiUAe5Kc56UJbDPDC85eOx4MiH5B1iBb3v3X8Itd_-TGNkGS8SbbGdgcn-c%3D&u=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fteep>
>  
> _______________________________________________
> TEEP mailing list
> TEEP@ietf.org <mailto:TEEP@ietf.org>
> https://www.ietf.org/mailman/listinfo/teep <https://www.ietf.org/mailman/listinfo/teep>

v2.23.0 | Report a Bug | By Email