IETF Logo Mail Archive

Re: [Teep] draft-tschofenig-teep-otrp-v2-00

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Tue, 09 July 2019 13:59 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D954A12016D for <teep@ietfa.amsl.com>; Tue, 9 Jul 2019 06:59:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Tik8XaU4xD3T for <teep@ietfa.amsl.com>; Tue, 9 Jul 2019 06:59:36 -0700 (PDT)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-eopbgr150082.outbound.protection.outlook.com [40.107.15.82]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D47C8120141 for <teep@ietf.org>; Tue, 9 Jul 2019 06:59:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MEgO3nUUb0K1LCL+LuHpxP6YYUBj+apdlwIQY5scVpQ=; b=xXVIf63EFq7zPd8Q4A8cv51+T9ZMbopkzMxSvK99wbEVyLTWOKkbFVfXGd0mcu69qcMzUiI2qDTWpyIMmSmAkpHiYuwAqSIXjtZKHOUeCPRpDnYgXK0LtIjEeMxe8kZKVevVgcdV6/W95JFkgUD/KYMaEuQcvldYTN/W0P/miL4=
Received: from VI1PR08MB5360.eurprd08.prod.outlook.com (52.133.244.88) by VI1PR08MB4446.eurprd08.prod.outlook.com (20.179.24.207) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2052.19; Tue, 9 Jul 2019 13:59:32 +0000
Received: from VI1PR08MB5360.eurprd08.prod.outlook.com ([fe80::9ce0:faf4:980d:dc77]) by VI1PR08MB5360.eurprd08.prod.outlook.com ([fe80::9ce0:faf4:980d:dc77%3]) with mapi id 15.20.2052.020; Tue, 9 Jul 2019 13:59:32 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Anders Rundgren <anders.rundgren.net@gmail.com>, "teep@ietf.org" <teep@ietf.org>
Thread-Topic: [Teep] draft-tschofenig-teep-otrp-v2-00
Thread-Index: AdU2MM7rokbHdeT7SSOyoNhR4EHtYAALVl+AAAANWVA=
Date: Tue, 09 Jul 2019 13:59:31 +0000
Message-ID: <VI1PR08MB5360540D41C46C07015302E4FAF10@VI1PR08MB5360.eurprd08.prod.outlook.com>
References: <VI1PR08MB536037A16BACD104800B358FFAF10@VI1PR08MB5360.eurprd08.prod.outlook.com> <da0a237b-58ed-ffc7-02c2-ca00d1797955@gmail.com>
In-Reply-To: <da0a237b-58ed-ffc7-02c2-ca00d1797955@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ts-tracking-id: e8db6ce2-9ca7-40d3-9a39-41bbf155c8c1.0
x-checkrecipientchecked: true
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com;
x-originating-ip: [80.92.119.152]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: d6340627-9ebf-4e69-e191-08d70475ab01
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:VI1PR08MB4446;
x-ms-traffictypediagnostic: VI1PR08MB4446:
x-ms-exchange-purlcount: 1
x-microsoft-antispam-prvs: <VI1PR08MB4446B8C8771424D4531FB9E7FAF10@VI1PR08MB4446.eurprd08.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:6790;
x-forefront-prvs: 0093C80C01
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(979002)(4636009)(366004)(136003)(39860400002)(346002)(396003)(376002)(199004)(189003)(40434004)(52536014)(73956011)(68736007)(76116006)(5024004)(14444005)(14454004)(66556008)(256004)(66946007)(2906002)(6306002)(33656002)(81166006)(66446008)(6436002)(64756008)(6116002)(66476007)(8936002)(9686003)(53936002)(81156014)(305945005)(6246003)(5660300002)(55016002)(110136005)(3846002)(86362001)(478600001)(316002)(74316002)(8676002)(7696005)(26005)(71200400001)(186003)(71190400001)(446003)(99286004)(72206003)(76176011)(7736002)(6506007)(102836004)(966005)(486006)(25786009)(229853002)(66066001)(476003)(2501003)(11346002)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR08MB4446; H:VI1PR08MB5360.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: NJH9/7AhApeWnfoXy3ZuMWUVV5m9/Jz0xTV51ItXcb2wT1cOPvG0Y/X+ubXmsyo5P+ZSYfYYIxJ/6k2b4wQ4lFZLXtQ/p9Q5r2OU85e+2/MFTZy3F7gVrkPkhgZYGhl4LbQ85cPo21ezzpzqIGjjRWM9iW9x7a97jyBxaVhaWdOgYqJXIa8EitXIS1/pFMNSD2g420krr2BaOe9GGCy+E04zk5iQbxekZyl7GwhbuujdBiKMayLEorJ0Z7Rfyf6puUgASxlAThhE2ZfV8gIHvtHU+Uw2LmFg1KQC8lfl+oDx5odG4wEZJ4T6Qw+0dffseyXPehoXzD6i+M/hMUJON/gBU7m5wT5BEykJKx1Q3jXW4CPnhKLBlcFTXBSt+lWxFyxYaAmGyDoSybXRQlelYnf9PabVs28tEL+mDTr0N8E=
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d6340627-9ebf-4e69-e191-08d70475ab01
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Jul 2019 13:59:32.0834 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Hannes.Tschofenig@arm.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR08MB4446
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/Fhq7tXS1TW1THV6IXRiRjnNGvds>
Subject: Re: [Teep] draft-tschofenig-teep-otrp-v2-00
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jul 2019 13:59:40 -0000

Hi Anders,

> A wise decision!  BTW, I never understood the point making an IETF copy (it was?) of another standard.

Actually, it was the other way around.

> I have said it before and I say it again: By separating the API from the Protocol and rather use a session-based scheme you get a cleaner and more powerful system [*] in the end.  Yeah, the initial task will be 30-50% bigger but that difference is zeroed out when you have both protocol encodings in place.

"Executive Level" description: https://cyberphone.github.io/doc/research/session-based-remote-attestation.pdf

Certainly a good point but I fear that it is not really design a secure system when the protocol does not terminate the secure world.


Ciao
Hannes

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email