IETF Logo Mail Archive

Re: [Teep] Status of TEEP protocol draft, and its dependency on SUIT

Hannes Tschofenig <hannes.tschofenig@gmail.com> Wed, 18 October 2023 04:13 UTC

Return-Path: <hannes.tschofenig@gmail.com>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F037C1519BD; Tue, 17 Oct 2023 21:13:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X5aYbfxIIumU; Tue, 17 Oct 2023 21:12:57 -0700 (PDT)
Received: from mail-qv1-xf2d.google.com (mail-qv1-xf2d.google.com [IPv6:2607:f8b0:4864:20::f2d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C08AEC151096; Tue, 17 Oct 2023 21:12:57 -0700 (PDT)
Received: by mail-qv1-xf2d.google.com with SMTP id 6a1803df08f44-66d36b2a247so25750146d6.1; Tue, 17 Oct 2023 21:12:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1697602377; x=1698207177; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=yDxCV2W8r2i7ImkxlHcEQi0Zy7PqXuglCf+FV0Hx4zU=; b=FrPl49kz/JJ5s2i4zX8T0d9XWkHPJfiuQBR4JmL02LcR488WLK+N39UodmYbOQBzn0 YVDnqaPusuMeR8w47IQxP3fKV7gglUAkwoDYVoPXqU/pqwsB2kOm5dzZs6tihLgKudJY t0bJg1Y2ZcMOwtvTQG+h/xxhLmETZv7PkEdIxXOJoxgtF1Bt5ExVY5seiae62cl/29me 0uSxbG6P5d+igeVJYbR5AE9ADS3+KwNO6O5iJqno9wVgHVkNDLVkhn66osTg15i6A0Ph iC4Z7K9Qq+JmioM3fn5WV5sbDhNnBgUV+K/KhWpCMqh3/O1HmUVGqf542cIBvsNh9hk1 wLYQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697602377; x=1698207177; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=yDxCV2W8r2i7ImkxlHcEQi0Zy7PqXuglCf+FV0Hx4zU=; b=hYs93k791Bnc7LTRwJN+SCtJV8SH9M3aVg6TqxrwwrMtds9QIVqosIu/ADlYSag0ZM mBEygGZ+k+I2zeXpx+2aj2opEvvxEwI0OmV4T0jyzWd+xZm2wTx9ep/6DedHE7Gcpzzn UHM3fEU87WelRpO7aV/+G5UvFAWw07CaouuY++4RyfnjpOO3SIZXAnxPFmk8QDev5wgy 8Z/gRz5g7Ryv6t7LWYd143z5zhFSktXio48wq54y1ZIal9xni8KpmRGroBuT/KGobz05 RHZ5o9t7zPP22flzlXf3QjqVvMaHybYgUM62ldsoWocGnVngton70/Rn85iz9NlfnPz3 2Dqg==
X-Gm-Message-State: AOJu0Ywe67Kz6vbNHAVk+fEWVgScxaTiqx8exakSOJUnU/9Zplg+0Y7I zyEk3NTBFLYQbTJyRGQdR15sDxYMsbpecBPiI+Q=
X-Google-Smtp-Source: AGHT+IHG+qB39nIwkEhniwKyCYid7shR34psW4gPrQGhRCAGQrphO9YI5O/gUtDhvQn3Vf7f898h31HguOaOCSqX3pM=
X-Received: by 2002:ad4:4ea4:0:b0:66d:6194:77a6 with SMTP id ed4-20020ad44ea4000000b0066d619477a6mr5896404qvb.29.1697602376656; Tue, 17 Oct 2023 21:12:56 -0700 (PDT)
MIME-Version: 1.0
References: <CAOQt4iD8vW5NvgOUePwkfwEHaDd9+5kKGn0QTiht1B9cDqHJog@mail.gmail.com> <PH7PR21MB387882305E6EBA84F563CD77A30DA@PH7PR21MB3878.namprd21.prod.outlook.com> <PH7PR21MB38787B02DC50FFECBA3A184AA312A@PH7PR21MB3878.namprd21.prod.outlook.com> <CABDGos6Q6mt=B=oSZaGSx3TKYQf_4D_eTG27OQK60FT5azbd8w@mail.gmail.com> <PH7PR21MB38782B73B868CCDA54577F0BA3D6A@PH7PR21MB3878.namprd21.prod.outlook.com>
In-Reply-To: <PH7PR21MB38782B73B868CCDA54577F0BA3D6A@PH7PR21MB3878.namprd21.prod.outlook.com>
From: Hannes Tschofenig <hannes.tschofenig@gmail.com>
Date: Wed, 18 Oct 2023 06:12:45 +0200
Message-ID: <CAOQt4iB+zOhBoPCHKzLFnPesH9MoNdd3qJ_1JVqMUwB1SyBiqQ@mail.gmail.com>
To: Dave Thaler <dthaler@microsoft.com>
Cc: Mingliang Pei <mingliang.pei@broadcom.com>, Akira Tsukamoto <akira.tsukamoto@gmail.com>, "TEEP@ietf.org" <teep@ietf.org>, "suit-chairs@ietf.org" <suit-chairs@ietf.org>, Brendan Moran <brendan.moran.ietf@gmail.com>
Content-Type: multipart/alternative; boundary="000000000000a16bf30607f5da65"
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/w9QwZmG3Ye7sU4AySTmlHHqMVx4>
Subject: Re: [Teep] Status of TEEP protocol draft, and its dependency on SUIT
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Oct 2023 04:13:01 -0000

Hi Dave,

thanks for your email.

- I closed PR #359 ("s/bit is clear/bit is cleared") since you guys didn't
agree with it.
- I changed PR#366 ("Encryption-related editorial improvements")  and
reversed the change regarding the normative reference.
- I added a comment regarding PR# 358 ("Removing statement about Token
Usage")
- I approved PR# 364 ("*.suit Filename")

Regarding PR #356 ("No reference to each suit-cose-profiles") I need your
feedback to tell me whether I am on the wrong track with my view about
AES-CTR.
I shared my views on the mailing list about it.

Ciao
Hannes

On Tue, Oct 17, 2023 at 11:05 PM Dave Thaler <dthaler@microsoft.com> wrote:

> Hi TEEP folks, I'd really like to get done with the teep-protocol
> specification.
> It's gone through WGLC and has a shepherd write-up associated with the
> document already, last changed in July:
> https://datatracker.ietf.org/doc/draft-ietf-teep-protocol/shepherdwriteup/
> And we discussed the draft at the joint SUIT/TEEP interim meeting.
>
> That said, there are several github pull requests waiting for review or
> chairs to confirm consensus.
>
> * https://github.com/ietf-teep/teep-protocol/issues/356 ("No reference to
> each suit-cose-profiles")
>         In this issue Ken pointed out that we reference profiles that no
> longer exist in draft-ietf-suit-mti-02,
>         And proposed changing from GCM to CTR.  I filed
> https://github.com/ietf-teep/teep-protocol/pull/373
>         to do that, which we discussed in the interim meeting.
>         Since then, Hannes argued that draft-ietf-suit-mti should be
> changed to put GCM back in, but I haven't
>         seen any of the suit-mti authors respond to that, which is holding
> up the teep protocol spec.
>
> https://mailarchive.ietf.org/arch/msg/suit/qJayE5LG6mmYaSfaEHUGxT0OSDQ/
>         Hence cc'ing Brendan and the SUIT chairs on this email.
>         Earlier Ken had filed
> https://github.com/ietf-teep/teep-protocol/pull/351 which is an
> alternative
>         that uses GCM rather than CTR and so we're in limbo not knowing
> whether PR 351 or 356 can be done
>         in referencing suit-mti or diverging from it.
>
> All the other issues below are, I believe, purely editorial cleanup...
>
> * https://github.com/ietf-teep/teep-protocol/issues/364 ("*.suit
> Filename")
>         In this issue Hannes didn't like the examples having a manifest
> filename ending in .suit but didn't propose
>         how to address. Last week I filed
> https://github.com/ietf-teep/teep-protocol/pull/376 that just removes
>         the .suit from the end of the example filenames, and it is still
> waiting for approval from other authors.
>
> * https://github.com/ietf-teep/teep-protocol/pull/358 ("Removing
> statement about Token Usage")
>         Hannes filed this claiming there is no relationship between the
> token and the attestation bit.
>         But as I mentioned in the PR comments 2 weeks ago there is a
> relationship that was discussed at
>         IETF 109 and 110, with pointers in the comments, so I believe it
> reflects consensus as is.  I'm happy to
>         reopen discussion if a technical reason is given to remove the
> relationship but so far no rationale has
>         been provided, so this PR has not been approved so far.
>
> * https://github.com/ietf-teep/teep-protocol/pull/366
> ("Encryption-related editorial improvements")
>         This PR has not been approved since it proposes changing firmware
> encryption to be a normative
>         reference while not changing the citing language, which is at
> least in my reading, informative.
>
> * https://github.com/ietf-teep/teep-protocol/pull/359 ("s/bit is
> clear/bit is cleared")
>         This one is a trivial grammatical debate that should not hold up
> the doc.  Grammarly says the doc
>         is more correct as written, so this PR has not been approved so
> far.
>
> The I-D deadline is next Monday but I am traveling starting this Friday so
> want to see it
> submitted by Friday.  If others have views, please weigh in asap.
>
> Thanks,
> Dave
>
>
>

v2.23.0 | Report a Bug | By Email