Re: [Teep] Charter Text
Robert Broberg <rbroberg@cisco.com> Mon, 30 October 2017 16:43 UTC
Return-Path: <rbroberg@cisco.com>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BFEB013F576 for <teep@ietfa.amsl.com>; Mon, 30 Oct 2017 09:43:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.52
X-Spam-Level:
X-Spam-Status: No, score=-14.52 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8SwTadohY0R0 for <teep@ietfa.amsl.com>; Mon, 30 Oct 2017 09:43:50 -0700 (PDT)
Received: from alln-iport-1.cisco.com (alln-iport-1.cisco.com [173.37.142.88]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2E04113FE3A for <teep@ietf.org>; Mon, 30 Oct 2017 09:36:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=18429; q=dns/txt; s=iport; t=1509381408; x=1510591008; h=date:from:to:cc:subject:in-reply-to:message-id: references:mime-version; bh=lbIg8D00tD2oPnk5XN21trKWDpAuv/8cHIRUA0lZ48E=; b=Gjh6VJfMbw2xGStfqIzXS+xFxNQQb9LQx9dc+VtSmTNeKXXohjHTQoV+ aA9+p3CaxcS534enhUY1UIhOKgD0GSKyat3Fhqki5G5C5emgdOoQ9MpSX QQ0Ec7d5LxHr2/pV0oJzaYSQlFTBVN4QBh9s019f7brWLABJuEHVXiB1G o=;
X-IronPort-AV: E=Sophos;i="5.44,320,1505779200"; d="scan'208";a="24192765"
Received: from rcdn-core-12.cisco.com ([173.37.93.148]) by alln-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 30 Oct 2017 16:36:47 +0000
Received: from rtp-ads-285.cisco.com (rtp-ads-285.cisco.com [10.83.108.225]) by rcdn-core-12.cisco.com (8.14.5/8.14.5) with ESMTP id v9UGaljv032741; Mon, 30 Oct 2017 16:36:47 GMT
Received: by rtp-ads-285.cisco.com (Postfix, from userid 2879) id 6DEDEAAB; Mon, 30 Oct 2017 12:36:47 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by rtp-ads-285.cisco.com (Postfix) with ESMTP id 6ADB391F; Mon, 30 Oct 2017 12:36:47 -0400 (EDT)
Date: Mon, 30 Oct 2017 12:36:37 -0400
From: Robert Broberg <rbroberg@cisco.com>
To: Dave Thaler <dthaler@microsoft.com>
cc: Jeremy O'Donoghue <jodonogh@qti.qualcomm.com>, "Wheeler, David M" <david.m.wheeler@intel.com>, "Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com>, "teep@ietf.org" <teep@ietf.org>
In-Reply-To: <CY4PR21MB0856AE0C84D1919C222EC7BBA3590@CY4PR21MB0856.namprd21.prod.outlook.com>
Message-ID: <alpine.LRH.2.00.1710301231220.548@rtp-ads-285.cisco.com>
References: <6EFD27BC-CE56-4112-AD20-C787520BEE87@cisco.com> <DM5PR20MB1228DEC9757FCBDCA4254052AAA70@DM5PR20MB1228.namprd20.prod.outlook.com> <d6015c71-04de-3323-bb08-5ac66a5c21d0@mixmax.com> <35502548-8d02-4af2-b409-d8be73dd6a6d.max.ldp@alibaba-inc.com> <CAKcc6AdZV7HsUvTiKnSP7dXf9Q4PMfBmNyWnwMLnGF6re3aKAQ@mail.gmail.com> <201709221010555677461@bjleisen.com> <06E2371B-CD39-4205-B663-FF8C0AD300A6@cisco.com> <6573BB65-A7AD-4CF2-996D-A0C64B8BD8B8@qti.qualcomm.com> <0627F5240443D2498FAA65332EE46C8436743A75@CRSMSX102.amr.corp.intel.com> <F9296C1B-9EC8-438F-8C3F-7CCF19371DDF@qti.qualcomm.com> <CY4PR21MB0856AE0C84D1919C222EC7BBA3590@CY4PR21MB0856.namprd21.prod.outlook.com>
User-Agent: Alpine 2.00 (LRH 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED; BOUNDARY="1393221996-640912940-1509381407=:548"
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/qBicLHOxgXT5EccRO3fm2pJBIV0>
Subject: Re: [Teep] Charter Text
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Oct 2017 16:43:55 -0000
At Nancy's request I've joined and been following this thread. I am not completely clear on the need yet for the proposed work but I think following paper may be of interest as various vendor specific architectures for trusted execution environments come with their own specific limiations. The following paper proposes an approach to provide a common interface on top of different HW architectures. Komodo: Using verification to disentangle secure-enclave hardware from software Andrew Ferraiuolo, Cornell University Andrew Baumann, Microsoft Research Chris Hawblitzel, Microsoft Research Bryan Parno, Carnegie Mellon University can be found at: http://delivery.acm.org/10.1145/3140000/3132782/p287-ferraiuolo.pdf?ip=64.104.125.226&id=3132782&acc=OPENTOC&key=4D4702B0C3E38B35%2E4D4702B0C3E38B35%2E4D4702B0C3E38B35%2EC42B82B87617960C&CFID=823679137&CFTOKEN=20531313&__acm__=1509381326_a95f9975e892c4aa7f42fc5a1be0b1d4 Robert On Mon, 30 Oct 2017, Dave Thaler wrote: > > Do we know who from GlobalPlatform is participating in IETF, and vice versa? > > > > Is there a description of the work GlobalPlatform is proposing to do related to OTrP? > > > > Where can IETF participants find GP?s discussion of OTrP? Is it an open or closed forum? > > > > Thanks, > > Dave > > > > From: TEEP [mailto:teep-bounces@ietf.org] On Behalf Of Jeremy O'Donoghue > Sent: Friday, September 22, 2017 8:01 AM > To: Wheeler, David M <david.m.wheeler@intel.com> > Cc: Nancy Cam-Winget (ncamwing) <ncamwing@cisco.com>; teep@ietf.org > Subject: Re: [Teep] Charter Text > > > > Hi Dave, > > > > On 22 Sep 2017, at 15:26, Wheeler, David M <david.m.wheeler@intel.com> wrote: > > > > I understand your perspective and concern (I think, but would like to hear more). From Intel?s side, we have some issues with ?too > close? relationship to GP, because GP?s definition of TEE security ties that security to trusted boot. I understand that TZ, and even > some of Intel?s TEEs (Android Trusty implementation) require a trusted secure boot in order to themselves be secure, but Intel also > has TEEs that are *completely separated* from secure boot, and therefore do not require a secure booted platform to retain > security. > > > > You are correct on this point. However, the GP notion of ?trusted boot? allows quite a lot of wiggle room - the essential requirement is > that the mechanism whereby the TEE is instantiated is bound to a secure root of trust on the SoC or on off-SoC security processor. I > don?t know enough about SGX to be able to say whether it could meet this definition. > > > > Most actual implementations of GP TEEs are bound to the ARM TZ architecture, so there may well be some bias to that in some of the > informative material around a GP TEE. > > > > However, implementations of most of the specifications e.g. the GP Internal Core API, Management Framework, OTrP etc. are not bound to > that security definition. Both TMF and the GP approach to OTrP are explicitly designed to support management of non-GP TEE. > > > > I do recognise that being outside the GP Security definition might pose commercial difficulties in such an approach. > > > > Too close a relationship to GP will create issues around this definition. We need greater discussion around this, > otherwise, by definition it rejects certain Intel TEEs (SGX primarily) and then Intel would consider this an implementation > specific definition aligned to TrustZone, and not a general TEE protocol. > > > > My suspicion is that it also rejects ARM Cortex-M Trustzone for similar reasons (which I think has some similarities to SGX in its > approach) > > > > I think we need to talk more about this. I agree there is a lot of good stuff in GP that we should leverage. > > > > Are you open to changing some of these core definitions, and working through the implications of those changes with us? This will > separate us somewhat form GP standards, I think. > > > > I think there is a need to have standards supporting TEEs that are not rooted in a secure boot style root of trust, and (ideally) for > these to behave similarly from a developer and management perspective to TEEs that have such a root. > > > > I would have thought that the main effort in such a case would be to define a system architecture, security requirements and > (eventually) a Protection Profile - this looks a long way from the charter as currently proposed. > > > > I would need to discuss further internally as to whether that is an effort to which I would be able to contribute. > > > > Best regards > > Jeremy > > > > Very interested in your thoughts and perspective. > > Thanks, > > Dave Wheeler > > > > From: TEEP [mailto:teep-bounces@ietf.org] On Behalf Of Jeremy O'Donoghue > Sent: Friday, September 22, 2017 1:00 AM > To: Nancy Cam-Winget (ncamwing) <ncamwing@cisco.com> > Cc: teep@ietf.org > Subject: Re: [Teep] Charter Text > > > > Qualcomm would like to ensure that the charter and proposed deliverables are properly differentiated from work occurring in > GlobalPlatform based on the OTrP contribution which has been accepted as a GlobalPlatform work item. > > > > Since the proposed charter for teep includes a close relationship with GlobalPlatform, Qualcomm suggests some alignment between > the organisations to ensure that there is a single, definitive, set of standards defining OTrP as the best outcome for all > participants. > > > > --- > > Jeremy O?Donoghue email: jodonogh@qti.qualcomm.com > > Engineer, Principal/Manager tel: +44 1252 363189 > > NFC & Secure Software and Systems > > > > > > > > > > On 22 Sep 2017, at 05:49, Nancy Cam-Winget (ncamwing) <ncamwing@cisco.com> wrote: > > > > Thank you all for responding and for demonstrating there is good support to move this work along. > > > > It would be good to get discussions started on the current drafts and milestones as well. > > > > Nancy > > > > From: TEEP <teep-bounces@ietf.org> on behalf of "zhoup@bjleisen.com" <zhoup@bjleisen.com> > Date: Thursday, September 21, 2017 at 7:10 PM > To: Dapeng Liu <maxpassion@gmail.com>, Lubna Dajani <lubnadajani@gmail.com>, "ppeterka@verimatrix.com" > <ppeterka@verimatrix.com>, teep-bounces <teep-bounces@ietf.org>, teep <teep@ietf.org>, Mingliang Pei > <Mingliang_Pei@symantec.com>, "Marc.Canel" <Marc.Canel@arm.com>, Richard Parris <richard.parris@intercede.com>, Rob Coombs > <rob.coombs@arm.com>, "qingyang.meng" <qingyang.meng@beanpodtech.com>, Brian Witten <brian_witten@symantec.com>, > "henry.j.lee@samsung.com" <henry.j.lee@samsung.com>, Nick Cook <Nick.Cook@intercede.com>, "Mike.M.Parsel@sprint.com" > <Mike.M.Parsel@sprint.com>, Hannes Tschofenig <hannes.tschofenig@arm.com>, "zhijian.zhang" > <zhijian.zhang@beanpodtech.com>, ???<maojun.wei@watchdata.com>, Dominique Bolignano <dominique.bolignano@provenrun.com>, > "heekwan.lee@samsung.com" <heekwan.lee@samsung.com>, Mike Hendrick <mike.hendrick@seqlabs.com>, XiaYubin > <xiayubin@trustkernel.com>, "sangjin.park@hansol.com" <sangjin.park@hansol.com>, "Paczkowski, Lyle W [CTO]" > <lyle.w.paczkowski@sprint.com>, Pengcheng Zou <zoupc@thundersoft.com>, "fmw@whty.com.cn" <fmw@whty.com.cn>, > "philip.attfield" <philip.attfield@seqlabs.com>, "Andrew.Atyeo" <Andrew.Atyeo@intercede.com>, paromix > <paromix@sola-cia.com>, ppeterkaa <ppeterkaa@verimatrix.com>, "max.ldp@alibaba-inc.com" <max.ldp@alibaba-inc.com> > Subject: Re: [Teep] Charter Text > > > > hi, > > > > Beijing Laser Tech. support it.thanks. > > > > _______________________________________________________________________________________________________________________________________ > > ?? > > CEO > > ???????????? > > Beijing Laser Technology Development CO.,LTD > > ??????????43?????7? ??100044 > > ???18910750012/15601105750/13911779990 > > ???www.bjleisen.com > > > > From: Dapeng Liu > > Date: 2017-09-13 00:49 > > To: Lubna Dajani; ppeterka; teep-bounces; teep; Mingliang Pei; Marc Canel; richard.parris@intercede.com; Rob > Coombs; qingyang.meng; brian_witten; henry.j.lee@samsung.com; Nick Cook; Mike.M.Parsel@sprint.com; HannesTschofenig; zhijian.zhang; zhoup; maojun.wei; dominique.bolignano; heekwan.lee@samsung.com; mike.hendrick@seqlabs.com; xiayubin; sangj > in.park; lyle.w.paczkowski; Pengcheng Zou; fmw; philip.attfield; Andrew.Atyeo; paromix; ppeterkaa; ? ? > > Subject: re: [Teep] Charter Text > > Hello Nancy, > > > > Thanks! > > > > Actually, there are lots of companies/experts are very interested in the proposed TEEP work. But they may not > familiar with IETF process, I hope they would getting more active in the list after the long > > summer vacation:) > > > > Note: I have copied to all the experts that are interested in TEEP based on offline discussions. > > To all the experts copied in this mail: Please subscribe to TEEP email list first if you want to reply. Here is how > to subscribe: https://www.ietf.org/mailman/listinfo/teep > > > > Thanks, > > Max > > ------------------------------------------------------------------ > > From:Nancy Cam-Winget (ncamwing) <ncamwing@cisco.com> > > Send Time:2017?9?12?(???) 23:50 > > To:Lubna Dajani <lubnadajani@gmail.com>; Petr Peterka <ppeterka@verimatrix.com> > > Cc:teep@ietf.org <teep@ietf.org> > > Subject:Re: [Teep] Charter Text > > > > Thank you Lubna and Petr! > > > > Would still like to hear from others and also solicit feedback on the proposed charter text. > > > > Warm regards, > > Nancy > > > > From: Lubna Dajani <lubnadajani@gmail.com> > > > Date: Tuesday, September 12, 2017 at 4:40 AM > To: Petr Peterka <ppeterka@verimatrix.com> > > Cc: "ncamwing@cisco.com" <ncamwing@cisco.com>, "teep@ietf.org" <teep@ietf.org> > > > Subject: Re: [Teep] Charter Text > > > > please allow me to echo Petr's responses. > > 1. Yes > > 2. Yes > > 3. Yes > > 4. Yes > > I am personally very excited to see this WG form and I look forward to actively contributing to the evolution of > this protocol as I have since the ideation stages of this protocol > > ? > > Thank you Nancy, Petr and everyone here? > > > > Lubna > > __________________________________________________ > > Lubna Dajani I Allternet Ltd. > > @lubnadajani > > @futuristasORG > > + 1 201 982 0934 > > > > > > Confidentiality Notice: The information contained in this email and any attachments is intended only for the > recipient[s] listed above and may be privileged and confidential. Any dissemination, copying, or use of or reliance > upon such information by or to anyone other than the recipient[s] listed above is prohibited. If you have received > this message in error, please notify the sender immediately at the email address above and destroy any and all copies > of this message. > > > > Sent with Mixmax > > > > > > On Thu, Jul 20, 2017 2:48 AM, Petr Peterka ppeterka@verimatrix.com wrote: > > Hi Nancy > > I think we had a very productive meeting yesterday. Here are my answers to your questions: > > > > 1) Do you understand what TEEP is trying to achieve? > > ANSWER: Yes, I do. I?d like to add that the charter may re-emphasize that the proposed WG is not going to define the > TEE or the TAM service themselves but just the protocol between them. > > > > 2) Is this work that should be done in general? > > ANSWER: Yes, it should since there are going to be more and more trusted execution environments (lower case) > especially with the proliferation of IoT devices which will need more security than what they have today. > > > > 3) Is this work that should be done in the IETF, or does it belong to somewhere else? > > ANSWER: Since we are trying to define a protocol that is independent of the different TEE implementations, I believe > that IETF is the right home for it. > > > > 4) Should we form a WG with given charter to work on this? > > ANSWER: Yes, that is my recommendation. > > > > Thanks > > Petr > > > > From: TEEP [mailto:teep-bounces@ietf.org] On Behalf Of Nancy Cam-Winget (ncamwing) > Sent: Thursday, July 20, 2017 11:13 AM > To: teep@ietf.org > Subject: Re: [Teep] Charter Text > > > > All, > > Please provide feedback on the results of yesterday?s side meeting. In particular, we?d like to get feedback on whether > this the right scope and if we have captured it appropriately. If it is not, also please comment and if possible, > provide suggestions for improvement. > > > > We would like to continue discussion over email and get consensus around the 2nd week of September so that we can > have a path forward. In particular we would like to get answers for: > > > > 1) Do you understand what TEEP is trying to achieve? > > 2) Is this work that should be done in general? > > 3) Is this work that should be done in the IETF, or does it belong to somewhere else? > > 4) Should we form a WG with given charter to work on this? > > > > Warm regards, > > Nancy & Tero (TEEP BoF Chairs) > > > > From: TEEP <teep-bounces@ietf.org> on behalf of Hannes Tschofenig <Hannes.Tschofenig@arm.com> > Date: Wednesday, July 19, 2017 at 5:56 AM > To: "teep@ietf.org" <teep@ietf.org> > Subject: [Teep] Charter Text > > > > Here is the charter text we came up in the side-meeting today. > > > > ------ > > > > > TEEP -- A Protocol for Dynamic Trusted Execution Environment Enablement Charter > > > > The Trusted Execution Environment (TEE) is a secure area of a processor. The TEE provides security features, such as > isolated execution, integrity of Trusted Applications along with confidentiality of their assets. In general terms, > the TEE offers an execution space that provides a higher level of security than a "rich" operating system and more > functionality than a secure element. For example, implementations of the TEE concept have been developed by ARM, and > Intel using the TrustZone and the SGX technology, respectively. > > > > To programmatically install, update, and delete applications running in the TEE, this protocol runs between a service > running within the TEE, a relay application or service access point on the device's network stack and a server-side > infrastructure that interacts with and optionally maintains the applications. Some tasks are security sensitive and > the server side requires information about the device characteristics in form of attestation and the device-side may > require information about the server. > > > > Privacy considerations have to be taken into account with authentication features and attestation. > > > > This working group aims to develop an application layer protocol providing TEEs with the following functionality, > > * lifecycle management of trusted applications, and > > * security domain management. > > > > A security domain allows a service provider's applications to be isolated so that one security domain cannot be > influenced by another, unless it exposes an API to allow it. > > > > The solution approach must take a wide range of TEE and relevant technologies into account and will focus on the use > of public key cryptography. > > > > The group will produce the following deliverables. First, an architecture document describing the involved entities, > their relationships, assumptions, the keying framework and relevant use cases. Second, a solution document that > describes the above-described functionality. The choice of encoding format(s) will be decided in the working group. > The group may document several attestation technologies considering the different hardware capabilities, performance, > privacy and operational properties. > > > > The group will maintain a close relationship with the GlobalPlatform, Trusted Computing Group, and other relevant > standards to ensure proper use of existing TEE-relevant application layer interfaces. > > > > Milestones > > > > Dec 2017 Submit "TEEP Architecture" document as WG item. > > > > Feb 2018 Submit "TEEP Protocol" document as WG item. > > > > July 2018 Submit "TEEP Architecture" to the IESG for publication as an Informational RFC. > > > > Feb 2019 Submit "TEEP Protocol" to the IESG for publication as a Proposed Standard. > > > > Additional calendar items: > > > > Nov 2017 IETF #100 Hackathon to work on TEEP protocol prototype implementations. > > > > Mar 2018 1st interoperability event (at IETF #101). > > > > Jul 2018 2nd interoperability event (at IETF #102). > > > > IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you > are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other > person, use it for any purpose, or store or copy the information in any medium. Thank you. > > [ISbvNmLslWYtdGQp5WYqFGZh5mY1xmI] > > > > _______________________________________________ > TEEP mailing list > TEEP@ietf.org > https://www.ietf.org/mailman/listinfo/teep > > > > >
- [Teep] Charter Text Hannes Tschofenig
- Re: [Teep] Charter Text Nancy Cam-Winget (ncamwing)
- Re: [Teep] Charter Text Petr Peterka
- Re: [Teep] Charter Text Kaarthik Sivakumar
- Re: [Teep] [EXT] Re: Charter Text Mingliang Pei
- Re: [Teep] [EXT] Re: Charter Text Kaarthik Sivakumar
- Re: [Teep] Charter Text Lubna Dajani
- Re: [Teep] Charter Text Nancy Cam-Winget (ncamwing)
- Re: [Teep] Charter Text 刘大鹏(鹏成)
- Re: [Teep] Charter Text Dapeng Liu
- Re: [Teep] Charter Text Nancy Cam-Winget (ncamwing)
- Re: [Teep] Charter Text Dapeng Liu
- Re: [Teep] Charter Text Mingliang Pei
- Re: [Teep] Charter Text Paczkowski, Lyle W [CTO]
- Re: [Teep] Charter Text zhoup@bjleisen.com
- Re: [Teep] [EXT] RE: Charter Text Mingliang Pei
- Re: [Teep] Charter Text Nancy Cam-Winget (ncamwing)
- Re: [Teep] Charter Text Jeremy O'Donoghue
- Re: [Teep] Charter Text Wheeler, David M
- Re: [Teep] Charter Text Jeremy O'Donoghue
- Re: [Teep] Charter Text Nancy Cam-Winget (ncamwing)
- Re: [Teep] [EXT] Re: Charter Text Brian Witten
- Re: [Teep] [EXT] Re: Charter Text Dave Thaler
- Re: [Teep] [EXT] Re: Charter Text 刘大鹏(鹏成)
- Re: [Teep] [EXT] Re: Charter Text Dave Thaler
- Re: [Teep] [EXT] Re: Charter Text 刘大鹏(鹏成)
- Re: [Teep] [EXT] Re: Charter Text Dave Thaler
- Re: [Teep] Charter Text Dave Thaler
- Re: [Teep] Charter Text Robert Broberg
- Re: [Teep] Charter Text Jeremy O'Donoghue
- Re: [Teep] Charter Text Hank Chavers