Re: [Teep] I-D Action: draft-ietf-teep-protocol-09.txt
Dave Thaler <dthaler@microsoft.com> Sun, 31 July 2022 03:17 UTC
Return-Path: <dthaler@microsoft.com>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 17242C15C52B for <teep@ietfa.amsl.com>; Sat, 30 Jul 2022 20:17:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.692
X-Spam-Level:
X-Spam-Status: No, score=-2.692 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.582, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nrA3Bt4sb364 for <teep@ietfa.amsl.com>; Sat, 30 Jul 2022 20:17:12 -0700 (PDT)
Received: from na01-obe.outbound.protection.outlook.com (mail-cusazon11020024.outbound.protection.outlook.com [52.101.61.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A0066C15C51C for <teep@ietf.org>; Sat, 30 Jul 2022 20:17:12 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CSirT0AG7d8asiXD6Y+BWG+SbJAUVKF8DDQFR6/uFyzSiRLHIlqtkfx8QBdeVcxgDOw7eMfrFBH4/Tpw9HsHPCIPk8fG6jLv8oelMNnRDvZ33kBzokTLdqcE7hYWJPmgdRIVRB1LQkQm6byqXgJLMG4Sbp9Kjs+lRnRJOy2Qcafyh6y8SLlEHCe5IFFa+LB8CH5ndBsLuoOm6BVdnWF0rhv2KPwmiMpC0gEduL2jWCrXx5Gv781V5XWbeieO2KhAFSrI5r66CHk1JFwFO/+W+rl8vrI0kzFvT20h6EyWN4IcwjvpflSvkuZz6yLPVuh6PnVcw3q+aln/CkviTJWY2Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=qjpkmKmXU1YKzn0MM39avG5CewRZWqvDVwnjNw2FObA=; b=Fpgcx6hCD8hIud1y0fjl4bzyqprN6eZwmoVyXaGm0NTgnAo5q5HPzVepbn0VihPX2T3RjdqrcvjWyzqgEB1HE3EokwpjNX87xgMzM++iLNxH/7XRGYr1Ug6qTuu3SuyLRJtsjAh3fr9n9SBtWPrv/0/12XLRDzyDWxclrxYHWpNtQF/Pv0f+oQ97R5AqYSr5GhuoLLTHZaVenDUkd1eZXWw1QhS+TQCMcJ+3d5oYSJwSBtpt74wkCFMhW22jmAmBYXqpHRsZecTCs+fsK9XHuv5reSDHvQ5XBs94kmAfyN3f/lG1aQyM+5Svt3iuc3w0ATxx9ro9VZ0a7v4rmqXvpA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qjpkmKmXU1YKzn0MM39avG5CewRZWqvDVwnjNw2FObA=; b=Jw3RPzrVr5qGpIwhAFwvA0ASZHOhocumv+LX97OrkWa3SB+7FTuJikPZGtjxOCuHDd1aQYu8XWmEB9wtWtKFL6FIiG4CHifoadjt7O8zACR2X6q3zaNPqeWTIFsWEZDn8Pi2OXKE+ZyCJKzMzOrqZrmIvPeIgH9qdC1QXeaM9e0=
Received: from CH2PR21MB1464.namprd21.prod.outlook.com (2603:10b6:610:89::16) by SA1PR21MB2067.namprd21.prod.outlook.com (2603:10b6:806:1c2::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5504.12; Sun, 31 Jul 2022 03:16:46 +0000
Received: from CH2PR21MB1464.namprd21.prod.outlook.com ([fe80::dc03:ddee:808f:5e48]) by CH2PR21MB1464.namprd21.prod.outlook.com ([fe80::dc03:ddee:808f:5e48%7]) with mapi id 15.20.5504.012; Sun, 31 Jul 2022 03:16:46 +0000
From: Dave Thaler <dthaler@microsoft.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>, "teep@ietf.org" <teep@ietf.org>
Thread-Topic: [Teep] I-D Action: draft-ietf-teep-protocol-09.txt
Thread-Index: AQHYlXrCUPujTFtV7EWrdhNm5w4wbq2XspSAgAA6FTA=
Date: Sun, 31 Jul 2022 03:16:46 +0000
Message-ID: <CH2PR21MB14642CBA788A612A1F61D34CA39B9@CH2PR21MB1464.namprd21.prod.outlook.com>
References: <165758069576.5292.17995718687189976942@ietfa.amsl.com> <701168.1659224867@dooku>
In-Reply-To: <701168.1659224867@dooku>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=fba81df2-a5fd-4838-9f53-17a483a3ab74; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2022-07-31T03:15:39Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=microsoft.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 9e615b64-0ae7-4b0b-9c06-08da72a319bb
x-ms-traffictypediagnostic: SA1PR21MB2067:EE_
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Gpxa6hP7eoi9rUDitLHX4goCNsj5bliHgRmJQFZiHflOVR4CHXEZ48PJkDFLzH9888hD75crnm3AjLrJmP8dZVBIzmusvAa6x8PutTAyzOlbyBXjJDpdnFOCiU8zjTWDNFdHekI4dmB+BWx603vAgWWMcd7pAJEuiXI/ERHfB0Dpkl+6SO2zvwACgBwEn5foxmX8KL0JwkD2yXLZVgwb9FmQ4YsMGNLvHfT+zYt51GPDmIUw3RQARj/lp04pML/HUzR74ktBFeh+uqjSxY/OxNp93HvL3zU+/39rCLoxTDAE/qIK7EVxWLoTeDu246KjFNR+LNDriAO+xdwTcpnMeZqNzJ2JatGGWfhOF2dn4wXmQhuUb2hwQpXBejdd5F7xiRF0jG5fmL3GHAkDZtTD4C5zgxNJ/vgIY0AT0pPiWHUTLLwnZQROT903MdbtWpNNo91FB/jJWieKYNTSy/Q9xPkXB/igyubsSdlsLkJTwzfz71BeJEwgA3N8ZTubIQAX18TP3UWoIeg3GgCtRhUFlWjUaP5JwT1R1FdM/ycSHWpj4PPkRzXFkOG9UuNxxC+5zYNxA9kbRhJg3fZtZ51Yvgwyw1ulp752afAX50ZF1UqX4CYTF23Nb9gA+xyfTYUoHAqZGYY2v2S4B8PUZS6tW/KZSpgnA5CeNXq7J7zCAxqIS9bgwWxAaaN8AsXJg8bURyPULvuSCR1zaMnfKZHRxhePZftRe8omaAPOB3VI28LUsFnruKNPtVMlls2G+2Xzw6OIRNmWbFBCZaXAyesw5TYPbf3om7hRfYNpz7wMQ8/U6q9hHFxdpXt8fekjxNU2SCmjHpDOSthavY7BcYziRwNuJWV1renm3st8AkvFQTankB5nFoz3s+jaSY4T5iQficLmJPnXcIi3BdoVB3GKDmhxomdKMuNgYPOFET3dl6c=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH2PR21MB1464.namprd21.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230016)(4636009)(396003)(366004)(136003)(39860400002)(346002)(376002)(451199009)(83380400001)(9686003)(7696005)(6506007)(26005)(38070700005)(53546011)(186003)(38100700002)(82960400001)(122000001)(82950400001)(52536014)(8936002)(110136005)(66446008)(5660300002)(64756008)(8676002)(66556008)(2906002)(66476007)(55016003)(8990500004)(71200400001)(41300700001)(966005)(478600001)(76116006)(66946007)(10290500003)(33656002)(316002)(86362001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 5kF0TljimYNPnIpZqvT8VHZ4S5RfAXijNsEYzJI/jzkBSGzzgHjNQTXTJHAXSHk1r5HzuUemcjs4PE5pBPf7HEmS9mbW6Vji7qNIN5MAqQAIS8Qtf57YBx/mw+RKnDsE7XMMX2f5FgNbKi5LAA6cjMWR1HRF5YtjvYV0irsMQBbaeZACTkANBMb/YL0Dz7Y6OepxLoyBWh1CUWOcMcBRiKykHuxVDcmaoCNsRCaAB8tjLL/9veHSxODz0Xncblp7Ulh1afxaUnK4aCQ7OpzSGrJtbVVH9ZysJuFMjMOShVpcfE1JmucZlGw71gkwI0RN9bNlTGC+CGtk6lTebGAHqy9R7dojRbNZZ6ws/puYmW9xkny+1ZdkJ6zEe4lJQybz+JCaKKsAPYcIszBhYah4XVkUMEyzWb7iY3JeBoRZBbegJQCvHR9qBPay3UUsVWuHzQB0kS5CKVP3Zti6s20VKFpQMzRiNirn3Bj32Qu1CSyxPjCRzqtSrEUOXL0fuvS+E38/R8MLrq8a6Si+6M5Yy0CKF32DIFzfScuXt9dTiAVDb1HOTc+gSpzpoLjJbr+pm+Ob1t2ti480BhgRZuBnoB/dXsFXX1PLnShBsdI5dJYHBUKaaulJrjcqcKfi7dF0O+8910wFJjxPkmpcDHmvZTfgigVtX+U0Ww6yo6T8iNqkkSKMWoKrThJGUXavH66pZK46ex8yz1qHizyEmWz9DIL8G9kJbUCMXz8E7np2d7eklXNnSfLrQoF82ajCV9ckQiX0IBy1VcCe/ea8ko7XvgIPxgFL0leUnqtGJQNHDx2lftbA+I7OnMoW65VwVbXY8CG5kUojB03df4HJ9IB9MOwJKKkZWNm7fOXiIv438Y6Q5sbz7c1n+/ngf+c3jJZIlJ9GnURNoeJXrxnUpAaPsB0C6IoxxxZ4GvR7R93W1WdRQBPyrKQvldCOMvvkBFBf97g+PYBOJ33v/csmJYolg1fbExlq0gEMfgOYpMLwHtsaqrEEObVchv9iar8fzKWMymfhwrlWv1IgI0h0K96mIeH9xZCzv16PkUYXC/h4dq+g2Z2kd5FLF9sYGF/Ugsvjoxoe/J49N84611xvSq9e8yPJO0pT8dthELM28rDEg1VhU//WZoF/b+j3C0JA/69YUyXEveBM7bnKmdrBd5Xa/PnnWsqrB9q7jhy57r62bUtztHlceWllwEKKEmY2csbGJ4R72hIXCZ5BX98aFJodOMF4plHJxB+JqfgDonFzruL7xTYn+RzN3iV7RQSy+7QPDei26m79Jnwkp2s/VYnpruUXfZg5sKgkBkvmfXcxb9CFwBF13S/BKbESZeFps8uh3AQAbkbp79b5vBJS0NDYKpFL58QEAlVoik2JFeAhht1Yv+VHgyiEBmCM3SpeXtyj0z6iF6gxXDJiYXsiv8UgZcBRXeyEHrHwAyzO3P2xJa+3zu/ne73kcABTsB65vGxpPzAJ75cvZeti3gz5KbuCfIixkFeT1FF/IZ/TsaU1b858gnD5J3i1ILe27A17OACL5oAgBakbrNhex/HACmYDKXQrPQ4Km5/7KlwD9MRGR+r2XhsZlqLPm2BBFmEYz3lFrBXRveObQvL3s4RiFUpskg==
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH2PR21MB1464.namprd21.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 9e615b64-0ae7-4b0b-9c06-08da72a319bb
X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Jul 2022 03:16:46.3150 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 0v1RJZ4o5CvvjJaaG4AogfR2nu9nu/U22eIKlmzexbDkd5xvyxh21/oKdk29vQSPQFN5VZmTVlCZF2hf5MrNIGKT7y7cySphMkpwOyuCdJg=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR21MB2067
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/Qp_knatz2Y1j2qi7w0_E15Xjvvg>
Subject: Re: [Teep] I-D Action: draft-ietf-teep-protocol-09.txt
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 31 Jul 2022 03:17:17 -0000
Thanks Michael! BTW you can find the document's github repo by going to https://datatracker.ietf.org/doc/draft-ietf-teep-protocol/ and clicking on "GitHub Repository" under Additional Resources. Dave > -----Original Message----- > From: TEEP <teep-bounces@ietf.org> On Behalf Of Michael Richardson > Sent: Saturday, July 30, 2022 7:48 PM > To: teep@ietf.org > Subject: Re: [Teep] I-D Action: draft-ietf-teep-protocol-09.txt > > > I took a look through draft-ietf-teep-protocol. > This might be my first reading in a long time. > I'm sorry I missed the WG session... conflicts. > I did my annotations here, which might be amusing for some: > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhyp.is > %2Fgo%3Furl%3Dhttps%253A%252F%252Fwww.ietf.org%252Farchive%252Fid > %252Fdraft-ietf-teep-protocol- > 10.html%26group%3D__world__&data=05%7C01%7Cdthaler%40microso > ft.com%7C4fe60e5bd0914125cb6b08da7285f084%7C72f988bf86f141af91ab2d > 7cd011db47%7C1%7C0%7C637948217660929122%7CUnknown%7CTWFpbGZs > b3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn > 0%3D%7C2000%7C%7C%7C&sdata=aJfigtXvG9VcmZcW2OzDPCaAVk0T5cf > kkL88HYJMSPQ%3D&reserved=0 > > I'd send issues/PRs, but I didn't find a venue for the document. > > section 4.2: > } The TAM SHOULD set an expiration time for each token and MUST ignore any > } messages with expired tokens. The TAM MUST expire the token value after } > receiving the first response containing the token value and ignore any } > subsequent messages that have the same token value. > > I guess this is a defense against replays. > I guess this document hasn't told me if it's over HTTP or carrier pigeon yet :-) > How does the TAM know that the *first* isn't invalid? > I guess it has already validated the message, so it must be okay. > This isn't a replay window here. Some motivation for what attack we are > resisting here would be good. > > section 4.3: > } The absence of this parameter indicates that the format is "application/eat- > cwt; } > profile=https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2 > Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-ietf-teep-protocol- > 10&data=05%7C01%7Cdthaler%40microsoft.com%7C4fe60e5bd0914125c > b6b08da7285f084%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637 > 948217660929122%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiL > CJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&a > mp;sdata=bMzC5S5idwvv3oV9HrEDdh%2BAVTqsOKz2fcOMkMfMGZE%3D&a > mp;reserved=0 > } (RFC-editor: upon RFC publication, replace URI above with } > "https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww > .rfc- > editor.org%2Finfo%2FrfcXXXX&data=05%7C01%7Cdthaler%40microsoft.c > om%7C4fe60e5bd0914125cb6b08da7285f084%7C72f988bf86f141af91ab2d7c > d011db47%7C1%7C0%7C637948217660929122%7CUnknown%7CTWFpbGZsb3 > d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0% > 3D%7C2000%7C%7C%7C&sdata=d5K34pG8S7BU7rWs7wOu18Bj7cCTEXz > NV7Qcr5%2FVsBQ%3D&reserved=0" where XXXX is the RFC number of } > this document.) It MUST be present if the attestation-payload parameter is } > present and the format is not an EAT in CWT format with the profile defined } > below in Section 5. > > If we revise this document rfcXXXX-bis, then what will the absense of the > payload format mean? > It feels like premature optimization to set a default here. > I think that the profile should always be present, or never present. > > section 4.3.1: > } When an Entity Attestation Token is used > > ... and when EAT is not used? > There are quite a number of places where the document says "when EAT..." > and > to me they read like stealth SHOULDs. I understand that the document wants > to > enable other attestation systems other than EAT, and I'm okay with that. > I'm not sure what to suggest, but it feels like a documentation bug. > > such as: > section 5: > } While the TEEP protocol does not require use of EAT, use of EAT is } > encouraged and Section 4.3 > > mcr: Need to list alternatives and reasons not to use EAT. > > > section 4.4: > } It can also be used to pass a successful Attestation Report back to the } TEEP > Agent when the TAM is configured as an intermediary between the TEEP } > Agent and a Verifier, as > > this is another case where I think "when" is being used when SHOULD ought to > be used. Then it would be obvious that there is a case "when the TAM is not > configured", and why would someone do A or ~A here? > > section 4.4.1: > } Example 1: Having one SUIT Manifest pointing to a URI of a Trusted > Component Binary > > I don't like them being called examples. They aren't things I can ignore. > I think that they are usage scenarios, and there seem to be four important > ones. > > section 4.4.1: > } The device must fetch the Trusted Component Binary in another connection } > after receiving an Update message > > I'd add an additional CON, and bring it up in Privacy Consideration. > The device must reveal eis location to the Trusted Binary server. > > section 6: > } Since the word "key" is mainly used in its other meaning, as a } cryptographic > key, this specification uses the term "label" for this usage as } a map key. > > Is this something that EAT should say? > > section 7.1.2: > } Hence, depending on the freshness mechanism in use, the TAM may need to > } store data (e.g., a nonce) for some time. > > This also suggests that for mobile devices that it may be hours to days before > before right things are installed if they require unmetered WIFI to get the right > pieces. The mobile device might change IP addresses and even geographies. > > (I was thinking based upon some travel in 2019 that someone with a mobile > device in some restrictive localities may find they have to change to their > roaming SIM card in order to appear in their "home" country, at which point > they might even wind up with a different set of requirements) > > I'm also concerned about the number of dependancies upon other documents > in other WGs that do not seem at all close to completing. The dependancy > graph might be useful, and "you" TEEP folks might have to organize > interventions in other WGs to get documents advanced! > > > > -- > Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works - > = IPv6 IoT consulting =- > >
- [Teep] I-D Action: draft-ietf-teep-protocol-09.txt internet-drafts
- Re: [Teep] I-D Action: draft-ietf-teep-protocol-0… Michael Richardson
- Re: [Teep] I-D Action: draft-ietf-teep-protocol-0… Dave Thaler