IETF Logo Mail Archive

Re: [Teep] draft-tschofenig-teep-otrp-v2-00

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Tue, 09 July 2019 14:41 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A7C22120440 for <teep@ietfa.amsl.com>; Tue, 9 Jul 2019 07:41:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t0M-VDsUBHTK for <teep@ietfa.amsl.com>; Tue, 9 Jul 2019 07:41:27 -0700 (PDT)
Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-he1eur02on060b.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe05::60b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A40C31203AE for <teep@ietf.org>; Tue, 9 Jul 2019 07:41:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=flOxcTYacrXDQrGScBg2TGvcUsCj5LMbYriQ+c+ri4U=; b=hZ+3hluJOGWBOLMMQ8gUIfMyjMYZWn9R6F50MkCeiVIOfAui+xwQr3U0dEIJ227IoDafH+NPMQ42lhYB328yOPGxPeutkyYa1bGBhee/29U5ZRRL2kR2vtAMSBcOfGgSwPrqubz2rMp3Jbm7Z8u00yBFjy8xMCzhjTC4JU+ITuM=
Received: from VI1PR08MB5360.eurprd08.prod.outlook.com (52.133.244.88) by VI1PR08MB2847.eurprd08.prod.outlook.com (10.170.236.159) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2052.20; Tue, 9 Jul 2019 14:41:16 +0000
Received: from VI1PR08MB5360.eurprd08.prod.outlook.com ([fe80::9ce0:faf4:980d:dc77]) by VI1PR08MB5360.eurprd08.prod.outlook.com ([fe80::9ce0:faf4:980d:dc77%3]) with mapi id 15.20.2052.020; Tue, 9 Jul 2019 14:41:16 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Anders Rundgren <anders.rundgren.net@gmail.com>, "teep@ietf.org" <teep@ietf.org>
Thread-Topic: [Teep] draft-tschofenig-teep-otrp-v2-00
Thread-Index: AdU2MM7rokbHdeT7SSOyoNhR4EHtYAALVl+AAAANWVAAAPkPAAAAUUEg
Date: Tue, 09 Jul 2019 14:41:16 +0000
Message-ID: <VI1PR08MB536027C1ECB8DF85F3727880FAF10@VI1PR08MB5360.eurprd08.prod.outlook.com>
References: <VI1PR08MB536037A16BACD104800B358FFAF10@VI1PR08MB5360.eurprd08.prod.outlook.com> <da0a237b-58ed-ffc7-02c2-ca00d1797955@gmail.com> <VI1PR08MB5360540D41C46C07015302E4FAF10@VI1PR08MB5360.eurprd08.prod.outlook.com> <edb1abf1-9f76-f5ad-5aaf-8480efe8718d@gmail.com>
In-Reply-To: <edb1abf1-9f76-f5ad-5aaf-8480efe8718d@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ts-tracking-id: 9a2528f3-8809-446f-9936-4d6c237fa312.1
x-checkrecipientchecked: true
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com;
x-originating-ip: [80.92.119.152]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: eed9a7af-7898-427a-bb18-08d7047b7fb9
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:VI1PR08MB2847;
x-ms-traffictypediagnostic: VI1PR08MB2847:
x-ms-exchange-purlcount: 1
x-microsoft-antispam-prvs: <VI1PR08MB284731AEC9C848FD980271E8FAF10@VI1PR08MB2847.eurprd08.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0093C80C01
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(376002)(366004)(136003)(396003)(39860400002)(346002)(13464003)(40434004)(199004)(189003)(7736002)(33656002)(486006)(25786009)(11346002)(66066001)(72206003)(229853002)(476003)(446003)(2906002)(478600001)(305945005)(6436002)(966005)(74316002)(14444005)(5024004)(6246003)(14454004)(6306002)(55016002)(53936002)(3846002)(256004)(6116002)(8936002)(5660300002)(8676002)(81156014)(81166006)(110136005)(66556008)(102836004)(316002)(86362001)(7696005)(26005)(6506007)(53546011)(186003)(66946007)(76116006)(71190400001)(71200400001)(73956011)(68736007)(2501003)(64756008)(66446008)(9686003)(99286004)(52536014)(66476007)(76176011); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR08MB2847; H:VI1PR08MB5360.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: bvTD8f+Y9W/tr6CIIAtaGbr/cyvB4Ve4itdGamBNBw56hf8jWNuwDrsmhSmZL3J/YJ3KBd86r3ZLZlPzCBb5Se2zdvfBV7h18CZKKMKfOqn87+9RDXP5T511XwGglPAhMMSlepFvSg3enKNujtb6Z8dD6HuDdmtQAaNyh8alxFgv5Mf3tR1gfEU3/f7oltGY7aJJ7tz2aq9bQNzxXyGUI2/3mjqa1jCweAwSWSfTvvB3i+wz5oKNHUIuFG4y8ObLH4vF/kRKpvRb4J98pQOucFq2SE4Q0WgXATkuoZAAxM4nplbb5rtqpEVK+Sh3a5nSjAtDjD6Ss40cC9A0x6L4ipncye8W5u5qHLQ/ljJMF8mcwUYqvN7ocrw6I7KFga4dfNXsvSU6UvR6JoDg7QhLknGSZrsh90n0sESEwi2CIoA=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: eed9a7af-7898-427a-bb18-08d7047b7fb9
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Jul 2019 14:41:16.4990 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Hannes.Tschofenig@arm.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR08MB2847
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/J6Q3U2PXpH8OgdFTZnrWWBL9FtU>
Subject: Re: [Teep] draft-tschofenig-teep-otrp-v2-00
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jul 2019 14:41:30 -0000

Let's look at a specific example, the QueryRequest message:

   QueryRequest = (
        TYPE : int,
        TOKEN : bstr,
        REQUEST : [+data_items],
        ? CIPHER_SUITE : [+suite],
        ? NONCE : bstr,
        ? VERSION : [+version],
        ? OCSP_DATA : bstr,
        * $$extensions
   )

What does it mean to separating the API from the protocol?
I believe the NONCE, the OCSP_DATA, the TOKEN, the REQUEST and the CIPHER_SUIT need to be made available to the OTrP Agent running inside the secure world to make some meaningful decisions. This data has to be encoded somehow.

In that list the only item that is missing is the TYPE and it would have to be mapped into an API to make sense.

The issue is: there is not much of a protocol left in the current design that can be terminated outside the secure world without making the computations in the secure world meaningless.

Ciao
Hannes

-----Original Message-----
From: Anders Rundgren <anders.rundgren.net@gmail.com>
Sent: Dienstag, 9. Juli 2019 16:26
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>; teep@ietf.org
Subject: Re: [Teep] draft-tschofenig-teep-otrp-v2-00

On 2019-07-09 15:59, Hannes Tschofenig wrote:
> Hi Anders,
>
>> A wise decision!  BTW, I never understood the point making an IETF copy (it was?) of another standard.
>
> Actually, it was the other way around.

Thanx, I didn't know that.

>
>> I have said it before and I say it again: By separating the API from the Protocol and rather use a session-based scheme you get a cleaner and more powerful system [*] in the end.  Yeah, the initial task will be 30-50% bigger but that difference is zeroed out when you have both protocol encodings in place.
>
> "Executive Level" description: https://cyberphone.github.io/doc/research/session-based-remote-attestation.pdf
>
> Certainly a good point but I fear that it is not really design a secure system when the protocol does not terminate the secure world.

Every step of the protocol is supposed to be secured through MAC signatures.  If the protocol doesn't obey the API (which is running in the secure world [*]), the session terminates and the accumulated operations are rolled back.

Verifying my claims regarding the security of this scheme is non-trivial but it is not entirely different to TLS which you are an expert on.

Regards,
Anders

*] potentially extending into a security processor doing all cryptographic operations based on encrypted key material.

>
>
> Ciao
> Hannes
>
> IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
>

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email