IETF Logo Mail Archive

Re: [Teep] [Suit] draft-ietf-suit-firmware-encryption-07

Dave Thaler <dthaler@microsoft.com> Wed, 21 September 2022 15:23 UTC

Return-Path: <dthaler@microsoft.com>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 63C1FC1522C9; Wed, 21 Sep 2022 08:23:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.888
X-Spam-Level:
X-Spam-Status: No, score=-1.888 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.571, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, RDNS_NONE=0.793, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uIbZ0wUjM4mX; Wed, 21 Sep 2022 08:23:54 -0700 (PDT)
Received: from na01-obe.outbound.protection.outlook.com (unknown [52.101.56.21]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ACCC8C1522C7; Wed, 21 Sep 2022 08:23:54 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QvJJHP3YgseNiiSNAfq6TIJ8WKu5QBNIoFg3EXN41/oNT4rL04GkYZzi8TyhZ2sa5afH6wm8V/O+AeK740aXZtsobsADsyauATs5D3cKXNaFX6qlBwd/GhZgxb6LIZZ5sxiVHl7ST2rpjX9F2LpCUOBpaV7lgi+QIcLw9ox5ycQHzg+ef573zhCHI2H7IuVeJ6jAUYF8sQ5ziIBU0/yMLjQQI5UY2QBZ/3I+iG5s0cFCQgHpqHOn9vD/WdZljmB1DeAcSKnBR13kSPbN0Y8GZmkLMjONEC2aD2qnnCQefaqpdHMBLXoFu3yuUELKGT75YlY1igmBQAQ2vaT++FjoBg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=pCYpPnmLw2/QCM3W+QraMJAR1+OlaiDg6b7z6Ec4Xc0=; b=SVfDadEvzcF9YT07cBsV1mER/aIa82Flker4NACHCZMkYMbI8kfVDmX795T1UZa2RCjmyxSDQC1LGbBZnL6rZ0fZgSxfj8BCthflzYFcR/vTAIwcvcwrGB5xR1KzsirUrCwOYu4tqtMbtNl9sdCyLdhtjH4JE+Vn3OVOaf8SQ2Muej2fQWB94qq6XsNTbsav1ZXz+shXZjvUTtrsqCUQ1GSg8Qqzq0Nu36FeWenBwZs9evgyuGvpMHkJ7nkKX8Fof/sLlzvh1mC31eZCO2unTfzglA6SWB//cqgxfGnb2V9bsm2dSrjY41PvgBJBMVB6fqStuw0EoOfB6o48w77czg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pCYpPnmLw2/QCM3W+QraMJAR1+OlaiDg6b7z6Ec4Xc0=; b=DsIkyRL+UCLOMv5Lij2w9B5NxCKQoYE9HxpUAD6H4NoOOL1flKAatdNvc01kowbODLrHErKi5VAYLzm5WODhXViqF2li2Llhf5EjDio1ZV5mwpCaehi+VdwVhHZDcgztRyNjcEQwZiydB8lTOX7WKQHnXH5Pq7D10D5nsaChhHM=
Received: from DM4PR21MB3440.namprd21.prod.outlook.com (2603:10b6:8:ad::14) by CH2PR21MB1383.namprd21.prod.outlook.com (2603:10b6:610:8f::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5676.7; Wed, 21 Sep 2022 15:23:30 +0000
Received: from DM4PR21MB3440.namprd21.prod.outlook.com ([fe80::5872:7dd2:2a86:c111]) by DM4PR21MB3440.namprd21.prod.outlook.com ([fe80::5872:7dd2:2a86:c111%9]) with mapi id 15.20.5676.007; Wed, 21 Sep 2022 15:23:30 +0000
From: Dave Thaler <dthaler@microsoft.com>
To: Hannes Tschofenig <hannes.tschofenig@arm.com>, Michael Richardson <mcr+ietf@sandelman.ca>
CC: "suit@ietf.org" <suit@ietf.org>, "teep@ietf.org" <teep@ietf.org>
Thread-Topic: [Suit] draft-ietf-suit-firmware-encryption-07
Thread-Index: AQHYzajnrY9SX+Ft8US+eCzFb6T3WK3qAEyQ
Date: Wed, 21 Sep 2022 15:23:30 +0000
Message-ID: <DM4PR21MB34402117A936A47884F38BAEA34F9@DM4PR21MB3440.namprd21.prod.outlook.com>
References: <AS8PR08MB59111F73E0DEF0EBF8128C73FA4F9@AS8PR08MB5911.eurprd08.prod.outlook.com> <47620.1663757114@dooku> <AS8PR08MB59113ACA0D8EEE443B3C319BFA4F9@AS8PR08MB5911.eurprd08.prod.outlook.com>
In-Reply-To: <AS8PR08MB59113ACA0D8EEE443B3C319BFA4F9@AS8PR08MB5911.eurprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=ca66f110-ffca-45b9-9e87-fb5892edaff6; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2022-09-21T15:21:23Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=microsoft.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DM4PR21MB3440:EE_|CH2PR21MB1383:EE_
x-ms-office365-filtering-correlation-id: 70e5c66f-a890-42f5-f5ff-08da9be53d12
x-ld-processed: 72f988bf-86f1-41af-91ab-2d7cd011db47,ExtAddr
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 253FsktMw1cQUcXv/zbvX4ouLIqKpAD7sVvapAgx48KGzGonT7Ipe5CP9I34Ubj9kM/20+Teiz8xRRtV+jjSkGosh/H0stIA5ipWih0sWcSistuZSsTRnL2Jl8/GkJWPp5pKezBq2Cd0srjCH1k/+0nOqJ1tHfYQnepRf66+RDDsk/pXLIZnDqZE4QrWZ4S6VfYJyYAoJDdUnHeM/pHiGI4qIvbzgKN3shqcjvfRa1idd+HuAwvEL4PWFS8uQM9kZBfVRxumgVmQdpkuvCt0vimfp802NmK/XX5el+4MN+bLn6YWzjST6T9G07RdKvdF+dNHmxyIV6Yj76V6i+HzaQVa5OuHPGaV3voGYDIG0LRIHj0+WxnhkSyUY5AgEeyetpH/UEQJc6gbFQu2p04RBRX9Vb+GlhPfFjfDtMx0iyN/Ov7n9J7C1dunZibVDlWe21a77dMbHYd/NkLnXqeSba3xOd0EPFMPGM2nUCL5dLHqXLSg7y6zlnPGnVCLjTVgKVKXjEpKVTRMIWe4i4kecGb03Mcb7CXfdo6ATnBulsK+bylrycdgjbFb6F17+D+tvuazqbg36+rP/UcjBxUqlV5Hy5W+/+pvYS6xh5DAbk7u9YMJshk4YW96cgQjcZwQqa5Haq9fOq4wWOxe0Amj9mmhKuY1DJlf3NxHFPLLaG/0i9REXHwtlr7uiNeu56XgqNDZQNrLh1zPKgLykvkwpVqVy6uHR9tmcGMawpEaM0NueMW3elxLrXkUO6P8KmmVB/fqONbFjgtjq7JkwfHQd0L00iv+iT4n37W111xoNV2GODMNilKlZykP5AmHBjGZ
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM4PR21MB3440.namprd21.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(396003)(376002)(346002)(136003)(39860400002)(366004)(451199015)(10290500003)(316002)(110136005)(54906003)(66556008)(76116006)(66946007)(478600001)(71200400001)(5660300002)(52536014)(41300700001)(4744005)(82960400001)(8936002)(26005)(82950400001)(9686003)(186003)(2906002)(8990500004)(38100700002)(8676002)(4326008)(7696005)(6506007)(33656002)(83380400001)(66476007)(66446008)(64756008)(86362001)(55016003)(122000001)(38070700005); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: jd1jtZ9JItSjNTK/25xrMn2D4Z6iFEZn18zGQL6leMUCUz0YgwqKiE4btKphB3nL1gDL+vjE/NDeJnamP1OmCrW/331yedbb13fr8a+vHuV0G3V82vuk1eyf+JNeVfyy4coxv0GSS6wp0ZsZYLgx9kTBfwpVPCftimBr3NAFydT2Yq2LF3C83tOCbv5ha9PVVBTs5ZBZT+YgzuoWlNTO1RKjoh2OoWcQbayhf6WSZpQvrNvM4schmHoXrp2VdHN+AtYQBikMS28Hn8uWXDrW+GI2ru+ZwCXRSlxeeAlUZ7m6HREcz/xvANph8Ma3mIJl4nBHzjbsDM1JSW9LjgtgWWJ4o5tIQr1sbMfGAtn3ZD+cSxt32IjebCQE8e0C9b04zQCvosJfl3zstBs1SarATywDEuRarEo1E9+k/IZvBxa8q7n4SEftg5s60uRBhvYCdOabDv50QiA+YI0uLCSUdn+QEpPxryWrDWwfKGsFiMeg44rhNrx1TYYzrl8I+bhJzrBgWfNKwzzk+2kQWLFPhs++ASAxl1SJXYkHScvN8kdezOzstl59W2WXgVEMQleqIJyN1MrHdZuQ390dgLn383jxt+LOLNERZzo8heS0f8qLG3NzbWLcR+cXpNvgIGJzkkuwcNpKyiLpijSW1nJWIXLIVidjNm/I1QN0KZelC6H7mWvI2Oe8qB6KrAc21qgwe3qDSCuwPwYnFdeEu+xe8KCo3s4n/hNzrDaG6i78/dUHQP6XpwNAwQON72R1LsoxqlP4mzzTpKtSeKizWpFbijS5Y70KmCbvXxWGKy5OmSdN2OegADCKr+SoRnNLgB2q9dQ8UQrjfHrUNQsA1jfoHCp5ne6RqTGG/tkFrUsU5FSl4S+azZ15Eu1jJAOz1NkJstsMDxFVTyHlDV15WAC8vNxm1VJ6Oomx95Ocdgg/NoUfvIlAsg+zyQ7Nz5Jb/du4cX4Gz1f95ZgjQetKIvoE0uoInqwbq1fPI0qZAvo+lnB8bSTn/BVRsppVNvqEincWBKRzdikMkFa7SlOmw/wErmNeevRAMRhxItdXwSJZ+ZEC/41XtmcYcyGAE7+zSQa9XJeK53etUj3ijhhmZuHC60730iKFQVFOh5BGZQ4+MRXiaa/cKUbyvdYbSGBrgb9H8pKO4tVXs9vQfK0vNcf0M4STNOh845Pd6+0jjeFBPTvNvVzBBanFmH+xsCC47PIseKuqwu3LKLTxe7MG3HJ3dUI4CAd5UKxVcZxTsQXRIATyPhWeh+YqvfnuShTuO53c2fEI7Zro8MyQLIK5ROdeZZfWdxXhcaQCRVchoxwXPqdwhL2J0XteDCdfsNvLlELn+Ewl6/HjO9o3YgGJsYZND/bHgqqSLaQUTfsNu0Nizy1S0fq3n+81wYb8FInX135ywDpb3L3XGrNPJLHqYy3cCmzNPr9D1xtyur3OaDbp6LOhvKu5xy/jZN/SEB3vHIca3dz5VSugHpn7aYh4+H2PXh1qNvIwWM8QB/6O4qFzjQq4ff4sMofKt6ltGXgpHMgZQMq6VwMh4DuCxFjU2H0mCSk8VWDWLTPq+0VwPEqfi2OznqlPHYBSwaxp4v/trL8qiUtovwD0/hWHgnCCG9wXog==
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM4PR21MB3440.namprd21.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 70e5c66f-a890-42f5-f5ff-08da9be53d12
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Sep 2022 15:23:30.0659 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 29WO9LE5bi0Jl1ye6vvhVsN61UtY7OQLGXFz/0JUc41fOBHJmTR92toCv0HeoTlqH8B8DwbdXRtGijP4yYaw2r5NNnJBWVkVDCEkvrBRQxQ=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH2PR21MB1383
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/yG7r2LQaWmNTjkjpbRhlFvaRog8>
Subject: Re: [Teep] [Suit] draft-ietf-suit-firmware-encryption-07
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Sep 2022 15:23:55 -0000

Hannes Tschofenig wrote: 
> Thanks for the quick response. It turns out to be tricky to find a good title for
> the document because the applications for this draft is fairly large, including
> encryption firmware images (our original motivation), encrypting trusted
> applications, and personalization data (TEEP use case). Now we have also
> noticed that the TEEP protocol has applicability to the confidential computing
> use case where trusted applications, entire VMs, or anything in between can
> be encrypted. Additionally, configuration data (such as machine learning
> models) can be encrypted as well.
> 
> How can this be captured in a title?

Perhaps just drop the word Software, leaving "Encryption with SUIT Manifests"?

Dave

v2.23.0 | Report a Bug | By Email