Re: [Teep] Comments on draft-ietf-teep-usecase-for-cc-in-network-02

yangpenglin@chinamobile.com Fri, 11 November 2022 03:25 UTC

Return-Path: <yangpenglin@chinamobile.com>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3DBD8C1524C7; Thu, 10 Nov 2022 19:25:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.906
X-Spam-Level:
X-Spam-Status: No, score=-6.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HpUg2LuK-_jT; Thu, 10 Nov 2022 19:25:15 -0800 (PST)
Received: from cmccmta2.chinamobile.com (cmccmta2.chinamobile.com [221.176.66.80]) by ietfa.amsl.com (Postfix) with ESMTP id AAED0C1524B1; Thu, 10 Nov 2022 19:25:13 -0800 (PST)
X-RM-TagInfo: emlType=0
X-RM-SPAM-FLAG: 00000000
Received: from spf.mail.chinamobile.com (unknown[172.16.121.17]) by rmmx-syy-dmz-app08-12008 (RichMail) with SMTP id 2ee8636dc097931-67aa4; Fri, 11 Nov 2022 11:25:11 +0800 (CST)
X-RM-TRANSID: 2ee8636dc097931-67aa4
X-RM-TagInfo: emlType=0
X-RM-SPAM-FLAG: 00000000
Received: from [192.168.1.6] (unknown[223.72.70.64]) by rmsmtp-syy-appsvr09-12009 (RichMail) with SMTP id 2ee9636dc0960b2-0c372; Fri, 11 Nov 2022 11:25:11 +0800 (CST)
X-RM-TRANSID: 2ee9636dc0960b2-0c372
Content-Type: multipart/alternative; boundary="------------Irlm0iMkTM7ePJxMZKIuZ0X0"
Message-ID: <9d65b9d3-ef50-c713-9484-9e233770a464@chinamobile.com>
Date: Fri, 11 Nov 2022 11:25:11 +0800
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.4.2
To: Mingliang Pei <mingliang.pei@broadcom.com>, draft-ietf-teep-usecase-for-cc-in-network.all@ietf.org, teep <teep@ietf.org>
References: <CABDGos7uTfZ-dgAVW6FZXD=VU662tfb1Kq4rqSWJMav3YKsQ3A@mail.gmail.com>
From: yangpenglin@chinamobile.com
In-Reply-To: <CABDGos7uTfZ-dgAVW6FZXD=VU662tfb1Kq4rqSWJMav3YKsQ3A@mail.gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/pFUqHKNEYWa6RbiXOjo38vaMnC8>
Subject: Re: [Teep] Comments on draft-ietf-teep-usecase-for-cc-in-network-02
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Nov 2022 03:25:19 -0000

Hi Mingliang,

Thanks for you comments. I agree with all the typos and format 
suggestions. And other feedbacks are as follow.


 >>>> In detail, computing unit with confidential computing feature 
could generate an isolated hardware-protected area,
 >>Is "hardware-protected area" a common way to say it? Do you need to 
refer more such as "in a TEE" or "Security Domain" as examples?

 >>>> ... users need to attest and deploy their data and applications in 
the TEE environment
 >>In this sentence immediately following the above, it gives almost 
only choice, being "TEE". Is non-TEE technology an option in the CCC 
referred general "protected area" or your use of this terminology?

Here I just want to emphasize that confidential computing is protected 
by hardware. And the previous sentence in the draft has already referred 
the CCC definition of confidential computing. So in my personal opinion 
TEE is the only choice. I'm not sure if there has other non-TEE 
technology could be used in confidential computing.


 >>>> Title: Notational Architecture of using confidential ...
 >>Do you want to capitalize all words or not capitalize "Architecture"?

I prefer not to capitalize "architecture".

 >>>> 4.1 This use case refers to the case 1 of TEEP architecture.
 >>Clarify or make it explicit what "case 1" means - which section in 
TEEP Architecture doc. There are the Use Cases section 3 in that doc 
where it lists only three cases.

The case means section4.4 in TEEP Architecture, which explains different 
bundles of TA, UA and PD.

 >>>> {att TEEP Agent
 >>What does "att" mean?

 >>Isn't a TEEP Broker needed? It is central to the TEEP Architecture. 
The sequence row in Figure 2 doesn't mention it.

The "att" means attestation. For example "att TEEP Agent" means TAM 
sends attestation request to TEEP Agent.
Since TEEP Broker is a transparent forwarding component, so I omitted it 
in the figures.

BR.
Penglin

On 11/10/2022 1:49 AM, Mingliang Pei wrote:
> Hi Penglin and co-authors,
>
> Here are a few quick comments on the current draft:
>
> Section 1:
> >> ... Environment"[CCC-White-Paper 
> <https://www.ietf.org/archive/id/draft-ietf-teep-usecase-for-cc-in-network-02.html#CCC-White-Paper>].
> Nits: Extra "
>
> >> In detail, computing unit with confidential computing feature could 
> generate an isolated hardware-protected area,
> Is "hardware-protected area" a common way to say it? Do you need to 
> refer more such as "in a TEE" or "Security Domain" as examples?
>
> >> ... users need to attest and deploy their data and applications in 
> the TEE environment
> In this sentence immediately following the above, it gives almost only 
> choice, being "TEE". Is non-TEE technology an option in the CCC 
> referred general "protected area" or your use of this terminology?
>
> >> In confidential computing, the TEE can also be provisioned and 
> managed by TEEP architectue and protocol.
> 1) it is TAs that can be provisioned, not TEE
> 2) Nits: the TEE --> a TEE
> 3) Nits: typo architecture
>
> Section 3:
>
> >> Title: Notational Architecture of using confidential ...
> Do you want to capitalize all words or not capitalize "Architecture"?
>
> >> Figure 1: notational architecture
> Suggest to capitalize the first word at least
>
> Section 4:
>
> >> Usecases
> I believe it is more common to use "Use Cases"
>
> >> UA, TA and PD
> "PD" isn't defined in TEEP and anywhere in this doc. I understand it 
> tries to mean "Personalization Data".
>
> >> Case 5 and 6 are new cases that possible in implementation.
> TEEP Architecture doc section 4.4 has 5 cases. Need to remove the 
> reference with case 6.
> Also suggest adding TEEP Arch draft reference link here
> Nits: ... that are possible....
>
> Section 4.1
>
> >> 4.1 This use case refers to the case 1 of TEEP architecture.
> Clarify or make it explicit what "case 1" means - which section in 
> TEEP Architecture doc. There are the Use Cases section 3 in that doc 
> where it lists only three cases.
>
> >> The TAM works as Verifier
> Nits: as a Verifier
>
> >> Network User works as Relying Party
> "Relying Party" may need a definition when it is capitalized. It is 
> first time used here in the doc.
> Nits: a Relying Party
>
> >> The arrow means deploy package to
> Nits: means to deploy ...
>
> >> {att TEEP Agent
> What does "att" mean?
>
> Isn't a TEEP Broker needed? It is central to the TEEP Architecture. 
> The sequence row in Figure 2 doesn't mention it.
>
> Similar comments about TEEP Broker for other sections 4.2 - 4.5.
>
> Best,
>
> Ming
>
>
>
>
>
>
> This electronic communication and the information and any files 
> transmitted with it, or attached to it, are confidential and are 
> intended solely for the use of the individual or entity to whom it is 
> addressed and may contain information that is confidential, legally 
> privileged, protected by privacy laws, or otherwise restricted from 
> disclosure to anyone else. If you are not the intended recipient or 
> the person responsible for delivering the e-mail to the intended 
> recipient, you are hereby notified that any use, copying, 
> distributing, dissemination, forwarding, printing, or copying of this 
> e-mail is strictly prohibited. If you received this e-mail in error, 
> please return the e-mail to the sender, delete it from your computer, 
> and destroy any printed copy of it.