[Teep] Implementation feedback on draft-ietf-teep-opentrustprotocol-01
Dave Thaler <dthaler@microsoft.com> Mon, 16 July 2018 14:25 UTC
Return-Path: <dthaler@microsoft.com>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 204D4131071 for <teep@ietfa.amsl.com>; Mon, 16 Jul 2018 07:25:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.01
X-Spam-Level:
X-Spam-Status: No, score=-2.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AQKupB8Bz9Yi for <teep@ietfa.amsl.com>; Mon, 16 Jul 2018 07:25:15 -0700 (PDT)
Received: from NAM04-CO1-obe.outbound.protection.outlook.com (mail-eopbgr690090.outbound.protection.outlook.com [40.107.69.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 056E7131066 for <teep@ietf.org>; Mon, 16 Jul 2018 07:25:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=YiQlLJYF95wkkOF1WjMK46Sd8S98l0v5OtaqB70COPM=; b=Ug3/2qw7/ngkC2ug6b50tpqfbo4CnDMIh0qzoNxASRWlTScw2UuBbZTnkVtUkkME8PntywEpFMuBnXPwtRwqQsOHPhtiMoyktlQIcbNlcyFOk16pS4Jkoiy/9Kzk5/pldlITnzlb/PY/u3yAnMD/caVeNYCsg1K3bgBtcH25y3A=
Received: from DM5PR2101MB0805.namprd21.prod.outlook.com (10.167.105.149) by DM5PR2101MB0725.namprd21.prod.outlook.com (10.167.107.167) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.995.1; Mon, 16 Jul 2018 14:25:13 +0000
Received: from DM5PR2101MB0805.namprd21.prod.outlook.com ([fe80::8416:6f:8f6b:3fb7]) by DM5PR2101MB0805.namprd21.prod.outlook.com ([fe80::8416:6f:8f6b:3fb7%3]) with mapi id 15.20.0995.000; Mon, 16 Jul 2018 14:25:13 +0000
From: Dave Thaler <dthaler@microsoft.com>
To: "teep@ietf.org" <teep@ietf.org>
Thread-Topic: Implementation feedback on draft-ietf-teep-opentrustprotocol-01
Thread-Index: AdQdELD0WeWS9FafTXOUTGNyvJ0Bjg==
Date: Mon, 16 Jul 2018 14:25:13 +0000
Message-ID: <DM5PR2101MB0805ECC14568567445C261D5A35D0@DM5PR2101MB0805.namprd21.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Owner=dthaler@ntdev.microsoft.com; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2018-07-16T14:24:22.6802821Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Application=Microsoft Azure Information Protection; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Extended_MSFT_Method=Automatic; Sensitivity=General
x-originating-ip: [2001:67c:370:128:f821:d3c7:b1c:b8cc]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM5PR2101MB0725; 6:jZwoVxMkkjDoSumrB/gkZmDw7O+u6dFCnvju4FzaHoPzjsi4KYg6ssDwRiWBO2NL7WwE0hrWXkbAPGaxq2AQYznf6B93mUx9AeJyp4vIofkuMLAlT/8NEeTB3TIFUpIRmeyvGL4qY6LpSl0ce2QnOqtFeZ1XM/X/Ei2tgz0wkFk8P+AWKlL2U2iCcUclQhJugkHTEBtjONA9SOoD4TMyRKN+ll+0wWR35LI2iiF4inDJJrVq67YokdjGrhDwy+UtdwzEaJBRsYSfPu/elk1jdzJ/XJTx1z20dBELrmQ2S2+0wqOnUrLisLsfkxohKu5C/kuymEYN7U3BO9fgoNPjpp3So/34VUui9ZnVm2yzgWWeuMxc2PWu8KGVvDyavP4Y2rHTWOBgHBoiRcExN4BcbKqwkKZkaQEmOeuSSDQn9CcxpdPFPp0QAomkPfZp21Y9om9kzmlG7nCoqnnTXrSNjQ==; 5:qpfHNvzRZU9BjJkgD5DlVcyoD2LvM+wdcCLQaszfQMniHl3XzSormL2J5MSFy4K/c0r2fc1i0my3J48vPQW6zSuWGyCs82EuPya49QLnuPOk1qXcCEltACuFkZJEETOPtbYpXYJqKml5uxPqURLk4ypxtxlkDOFBuOGyYjw6gzs=; 7:MqSJiLAchwtE8q7/RGDAf5GR2WePQnEX+KD/23ONHMMmoDXIixr1b5VpO9H+/q8noa3rDkYnTKCH+7Ygh1EankdAnkBZ3CDOjKBZ0AroyfgzSBIcHLbcsB6CE35Q+Z7RyhcFZT6oqC3MGC9lkai6uq7hpIsqe0r/9JiSKQEUgY+KQKt8DyA6tmp1UIY950nGQyo4twYt/jMwx0uL2ebQr5T+7RIyN9w4OMDy+XqJHDxklc9cgKdHlcgaiKUCufQi
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 72338767-2fb7-4328-f06b-08d5eb27f1eb
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989117)(5600053)(711020)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(48565401081)(2017052603328)(7193020); SRVR:DM5PR2101MB0725;
x-ms-traffictypediagnostic: DM5PR2101MB0725:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=dthaler@microsoft.com;
x-microsoft-antispam-prvs: <DM5PR2101MB07252F85681B06A9CB777ACBA35D0@DM5PR2101MB0725.namprd21.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(21748063052155);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(3002001)(10201501046)(93006095)(93001095)(3231311)(944501410)(52105095)(2018427008)(6055026)(149027)(150027)(6041310)(20161123560045)(20161123558120)(20161123564045)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011)(7699016); SRVR:DM5PR2101MB0725; BCL:0; PCL:0; RULEID:; SRVR:DM5PR2101MB0725;
x-forefront-prvs: 073515755F
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39860400002)(376002)(366004)(346002)(396003)(136003)(52314003)(199004)(189003)(2351001)(5250100002)(105586002)(106356001)(8990500004)(53936002)(2906002)(102836004)(7696005)(25786009)(6116002)(790700001)(6506007)(478600001)(14454004)(2501003)(10290500003)(6916009)(6436002)(5640700003)(55016002)(54896002)(6306002)(9686003)(5660300001)(2900100001)(68736007)(97736004)(5630700001)(99286004)(33656002)(10090500001)(476003)(86612001)(8936002)(186003)(256004)(46003)(316002)(22452003)(74316002)(7736002)(1730700003)(81166006)(81156014)(486006)(8676002)(86362001); DIR:OUT; SFP:1102; SCL:1; SRVR:DM5PR2101MB0725; H:DM5PR2101MB0805.namprd21.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: v7+aPybVad14jc6SQwltKOvjC2Oq8yjaL84WU/uNSeYhKl4tOe4mUtuMvQClhaIumUk+f2QCeg27Q7wtLsIq8VYvL+w9s+U/fNA+1GQj+8H8r0yoO6RpNfs64UElNI9Hx/Hrc9ebqbjpf90aHUQlEo6sUdGo/fHsrsGDB2u93YYcLvSbxOi6t7Ct1AvKdPF02MlYeZCWQU4cUoocnhCkbMDwbUm24E7N0z2fwDjy0qB9nzIfgVpwtS1OiM1YJ3XfGeEyWGFqJIE2eExIluCX18M6JFeH5QRxM8Oh+Z/hcoD0ssABArFbnjR0EstWMXA7EM/+IklloIXeicxbfMEfzBf5DB3Ve+d6WAHvbdn5cXE=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_DM5PR2101MB0805ECC14568567445C261D5A35D0DM5PR2101MB0805_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 72338767-2fb7-4328-f06b-08d5eb27f1eb
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Jul 2018 14:25:13.7504 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR2101MB0725
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/9fa8vTBf-GjVNG1Pc15b4kgx4tc>
Subject: [Teep] Implementation feedback on draft-ietf-teep-opentrustprotocol-01
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Jul 2018 14:25:20 -0000
During the Hackathon yesterday, I started trying to write code for OTrP to see what issues I would run into. Below are some issues I ran into, in addition to what I already gave as feedback on the arch doc. 1) Section 6.5 explains that the TAM needs to receive a list of one or more TA's that are requested to be installed (S6.5.1 point 1A). However, no message is defined for doing so, which prevents interoperability. I think this message needs to be generated by the TEE (not the rich app), for reasons I will explain in #3 below. 2) Section 6.5 explains that the TAM needs to keep track of TAs installed on all devices, even though its list might be wrong. This has a scalability issue. Instead, I think there should be no such requirement. 3) Putting my issue #1 and issue #2 together means there's an extra round trip that is unnecessary. 6.5 says the TAM receive a list of TAs needed, and then the TAM just goes back and asks what is installed, just to get a list of what needs to be installed. This is unnecessary, the TEE can just send a list of one or more TAs that need to be installed and aren't already. Hopefully this explains why I said in issue #1 above why I think the message needs to be generated by the TEE. 4) Section 9.1.1 requires a list of OCSP stapling data, but as far as I can see, the document provides no information or citation about the correct format for such data. 5) The "did" field in 9.2.1.1 seems to be either (a) redundant and should be removed, or (b) missing from other messages like Install TA. The text explains the field is to check that the message was received by the right device. My opinion is that since the TEE has to trust the TAM anyway, it's the TAM's responsibility to send messages to the right device over an authenticated channel (whether encrypted or not). So I think it should be removed. 6) Some fields, e.g. "signerreq", have boolean values that are encoded as strings ("true", "false"). I think these should be boolean types, not strings, which would also have the advantage of better compression if we can use CBOR encoding. 7) Section 6.5.1 point 9.A implies that to install a TA, one must have an extra round trip first to create an SD if one isn't already there. I would expect one common case to be where there is one TA per SD, so that all TAs are isolated from each other. As such, requiring the extra delay is inefficient in time, bandwidth, and processing. All the fields in CreateSD are already present in an InstallTA message (except the "did" field mentioned above in issue #5), so it could be done automatically by the first InstallTA message itself. 8) The scope of uniqueness of the "rid" and "tid" fields is underspecified. They just say "unique". I think "rid" is just supposed to be unique within a given {session,"tid"} but I can't tell for sure. And I think "tid" is just supposed to be unique within a given session (not globally across all sessions, all TAMs, all devices), but I can't tell. They're also formatted as strings, but I'm not sure why they can't be integers which I think would be much more efficient. 9) I found it confusing that the names of the messages don't match the name values in the messages themselves ("GetDeviceStateResponse" vs "GetDeviceTEEStateTBSResponse", etc.) Having these not match is bug-prone. 10) It's unclear whether a rich app can depend on two TA's from different TAMs, and whether a TA can depend on a TA from a different TAM. In the use case where the device admin runs the TAM and controls all TAs on their devices the answer would be no. But in other use cases I'm not sure. If so, then the question arises about how dependencies are expressed and whether a dependency needs to express which TAM is used. This then begs the questions of whether a TA might be via more than one TAM, or might change TAMs over time. The answers here probably belong in the arch doc. Dave
- [Teep] Implementation feedback on draft-ietf-teep… Dave Thaler
- Re: [Teep] Implementation feedback on draft-ietf-… Andrew Atyeo
- Re: [Teep] Implementation feedback on draft-ietf-… Dave Thaler
- Re: [Teep] Implementation feedback on draft-ietf-… Mingliang Pei
- Re: [Teep] Implementation feedback on draft-ietf-… Wheeler, David M
- Re: [Teep] Implementation feedback on draft-ietf-… Dave Thaler