[Teep] Trusted Applications vs Trusted Components
Dave Thaler <dthaler@microsoft.com> Mon, 26 October 2020 23:29 UTC
Return-Path: <dthaler@microsoft.com>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C4BDE3A10D0 for <teep@ietfa.amsl.com>; Mon, 26 Oct 2020 16:29:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.102
X-Spam-Level:
X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mzct1MAf7h55 for <teep@ietfa.amsl.com>; Mon, 26 Oct 2020 16:29:56 -0700 (PDT)
Received: from NAM10-BN7-obe.outbound.protection.outlook.com (mail-bn7nam10on2114.outbound.protection.outlook.com [40.107.92.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A7BE13A10CE for <teep@ietf.org>; Mon, 26 Oct 2020 16:29:56 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JagOT0aZzj1DfSxtFP+Y4o6N5F/ZkT6oNfP1glw3isW+UMsqG7V77iWbaCGTKOIvln85yqiIXUgzxgLtmqwqvfDtXCab5pORnevf+Id1hwr0wX37mprl0C3PNn6g3+hPxOMt7MCHNsdyXi5OSYNQ4HeaWvGBRcgGW8ZWMvwfbhfIVhKpvjgQJ7SwwrgjS/7onW4d3BMZbPnCbsh2unNBkH2+xjfvX/HFVepaAfdlGHXqHb88cVeLhzwm4CJ23JvWSxjeUHuXIHQCyvpqu005WnnAL2J/XiyEk2Nzt1fyKPQPClf4dkMqgLZxM065D8cYfdQN6+VpD/Oa87GBGZjiug==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=aaJgHyUF9Xy3JACKfPLJtHghZ2a/HIsnOS4eqmJZiW8=; b=YcjlF+WeaQnqabM5Bcm8w1oh21ELbFiRUkA5BDCLrT7so1kZc/F6OmW9+LWyDDjj+CMEGDV6r2Q3O0bwiBNCJAL5Vlu21n5oDUlLyemJ4ZK9p3/8usnEJAr6+9MkjtXgMDvML9GHbl1Hn9m77au5+xk2EjqUBe8KFjPil4iVOfF2VcnxwF06Il9ToSTkMPNcfxVJaDQSZvkFeHzSq5Ch+HHrsv0DAz26aDqgRPSRiI+foNTwzeFks+c3DJViwWZYeyhVzncSOk9xUm//P/XBPOafaIVf2QPBr+fR4RHh+5uhxN/9fkf2qWasDdJJgJJctIuFcE5w4hA6DLBoJbpz+A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=aaJgHyUF9Xy3JACKfPLJtHghZ2a/HIsnOS4eqmJZiW8=; b=UmmR2SUPSuunnkS6iESjt1Eu/Q+cHpOwzgCiJNpDEJL0k/Gwzkp0DkNZy3rMwqUJ4gu2UFDX/tPYMJEKTn/Yc4+D78kkF0RErQxiPxNPRvEVG9EqslYP/EcMP2l1+Ld8Zf9mFnFe4TzeBiDnJiWHDKVr/SFkuhUv5IkI5h0RWjo=
Received: from BL0PR2101MB1027.namprd21.prod.outlook.com (2603:10b6:207:30::33) by BL0PR2101MB0994.namprd21.prod.outlook.com (2603:10b6:207:36::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3499.16; Mon, 26 Oct 2020 23:29:52 +0000
Received: from BL0PR2101MB1027.namprd21.prod.outlook.com ([fe80::4da:87a4:8d47:889f]) by BL0PR2101MB1027.namprd21.prod.outlook.com ([fe80::4da:87a4:8d47:889f%6]) with mapi id 15.20.3499.017; Mon, 26 Oct 2020 23:29:52 +0000
From: Dave Thaler <dthaler@microsoft.com>
To: teep <teep@ietf.org>
Thread-Topic: Trusted Applications vs Trusted Components
Thread-Index: Adar7Szxj4PlUMH7Se+s6nQUf2wT4Q==
Date: Mon, 26 Oct 2020 23:29:52 +0000
Message-ID: <BL0PR2101MB1027288E5BF7E970A65AF29CA3190@BL0PR2101MB1027.namprd21.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2020-10-26T23:29:50Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=25bedfaa-f26f-4533-b980-c9e3e5451dcc; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=microsoft.com;
x-originating-ip: [2601:600:9780:8d0:d1a1:21ff:2932:45f9]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: a3f1f8a2-7cd5-499f-138e-08d87a0709f7
x-ms-traffictypediagnostic: BL0PR2101MB0994:
x-microsoft-antispam-prvs: <BL0PR2101MB09949044D6CC35D387010DD0A3190@BL0PR2101MB0994.namprd21.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: SHv0LBY6mm9KkYu0iTfcwqav9cCCyQA7Vmuk5tzsl6hCQQ724PorWh0BrOw1/p4Z1wK9lol3RynzBW5VaA1XIk53dgxGzS9gCGUAcE/Egs2cs0MlvwmNgdAQ31y9UZSRIB/JSXizL460R5uZ02aZME+qNcpfNQ8RjWkXr7n8VwmJ9Lx1HClDukOaF+Fo2okrvU8KuEqATXduU86/jbIv2zLayakGIVONtwIphtO6XEBoRl6plAfgNrt5lIe9nAFf3nsaKVIxAC56ba+sjdZMIyS3TBCH5NSyLwjyHduKDAXBQseKV6ZRXuwxjnBzsw8dlR34pPcnuAVQeAGeInWmYbeGpD9I5eqcLQAQpZivfFEexl9KqOXWLNae2igue3i0tPr2Xuo5NvuSWdPwej6esA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BL0PR2101MB1027.namprd21.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(136003)(376002)(396003)(346002)(39860400002)(8676002)(966005)(2906002)(9686003)(66446008)(10290500003)(66946007)(5660300002)(52536014)(186003)(66556008)(66476007)(55016002)(64756008)(7696005)(6916009)(478600001)(8990500004)(6506007)(76116006)(8936002)(82960400001)(82950400001)(83380400001)(86362001)(71200400001)(166002)(33656002)(316002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: Lr9xxBxETPmUNfByw1Xu/Kr//lIqI1J+wwVm7sbmR+FJVb3pdbIwMX0ou8ZdUDLC2Tf5gjssikiUUPP+h05nX+B1uRWl31MMq+DPIHZkGXOTMU/Q5quovDzJNe4Hk4PXr1CfFr1p91LR4hFeJJxW7bjt0jmxOX0WXSjwGtF8k4/zfc57TY/SYmwK9Ry62PpxSCfwES8cGFKdB7o3ERo1fOiAZbk3x5BrNrQ7Uk6pxp1B7Sy4S7jg/mBJkQg2pewxG0WKYxgOEX2uxScHSIJ/pkrAEFMm86Cj1dzNk8U9PupjeVVf3XuFDS/p5njGX25N+KpfV40VDLXuUP08E4mOVTj+o5mPGID91gdKO53FEsrNqYDR60AUMJQW1PlwDZ9j7GQxi9yTndFzCmocJN37u0l/yhxJzk3oCMujqBxqpzPfqwmQc1piMjGEOrHqqFyPWHnXs01XSNHZRGoH75++fz1hH+FzpEsXFQIZ4TFYutdTWG0PCro8+WZfYPt4tS6NEhf5L3cdx5qJHw6+Co92CH3n0w/MqR/WKT2+1gOX0X+wT03K8Xs7TLz8+UVEomShYeYxsE7BaJf39du7CNjIbFYczwjXHK/XLCP1/1GUNz/arGQjcQbpuWr9tIrGhe3bE70Oy8gdOf2HqtnJ4CE8WhZ5iyJe3YM6WlwDuyKIY5YtBs3KaeT5Y/isZdhWifZwr3BMLxL9XcG6XFAVyCrmnA==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_BL0PR2101MB1027288E5BF7E970A65AF29CA3190BL0PR2101MB1027_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BL0PR2101MB1027.namprd21.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a3f1f8a2-7cd5-499f-138e-08d87a0709f7
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Oct 2020 23:29:52.1493 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: aHKCaqKEANXxqNlOeABlv7gq2gw7pgTAJNAqBuzs9jpCXGEyKswlUUxWLobv6Sk8MH6PdYQA7CPCZmj06m9W0mibWh6sS1Y6Ci3M80so7X8=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR2101MB0994
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/J-gjq6J_0GkfNcgCu-DcxIwTCU8>
Subject: [Teep] Trusted Applications vs Trusted Components
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Oct 2020 23:29:59 -0000
Section 4 of draft-ietf-teep-architecture explains that personalization data can be a separate package that a TA depends on (not bundled with the TA), and goes on to say: Ø The TEEP protocol treats each TA, any dependencies the TA has, and Ø personalization data as separate components with separate Ø installation steps that are expressed in SUIT manifests, and a SUIT Ø manifest might contain or reference multiple binaries (see Ø [I-D.ietf-suit-manifest] for more details). Thus, the TEEP protocol can install anything representable by a SUIT manifest, whether the binaries represent code or personalization data, or both. Recall that a TA is defined as: Ø - Trusted Application (TA): An application (or, in some implementations, Ø an application component) that runs in a TEE. Thus the "that runs" means a TA is specifically code, not something that might refer to a SUIT manifest containing only personalization data. Elsewhere in the arch doc it talked about the TAM installing "Trusted Applications", such as Ø A TA Signer selects one or more TAMs and communicates the TA(s) to the TAM. for example (plenty of other places too), except that such statements should also apply to personalization data expressed via their own manifest, but the term "TA" implies the relevant text is limited to things containing code. The term "trusted components" does appear in the doc in a way that refers to TAs and/or personalization data, such as in this sentence: Ø When the TEEP Agent subsequently receives the TA to install and the TA's manifest Ø indicates dependencies on any other trusted components, each dependency can include Ø a list of TAM URIs for the relevant dependency. As a document editor, I would like to make "Trusted Components" a term defined in the terminology section as referring to TAs and/or Personalization Data, and fix text that says TA that should instead say Trusted Components more generally. In theory an alternative approach would be to redefined TAs to not just be code but to also include only data. But that would seem to go against the normal human expectation that "app" means something that has code (and maybe data too, but not data-only). https://github.com/ietf-teep/architecture/pull/212/files shows proposed diffs if we go ahead and make the change to use Trusted Components as a more formal term, just like TA is. Please speak up if you have strong opinions on this editorial change. I would like to make a decision one way or the other before the I-D deadline. Dave