Trusted Execution Environment Provisioning
charter-ietf-teep-01

WG review announcement

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: teep@ietf.org 
Subject: WG Review: Trusted Execution Environment Provisioning (teep)

The Trusted Execution Environment Provisioning (teep) WG in the Security Area
of the IETF is undergoing rechartering. The IESG has not made any
determination yet. The following draft charter was submitted, and is provided
for informational purposes only. Please send your comments to the IESG
mailing list (iesg@ietf.org) by 2018-03-05.

Trusted Execution Environment Provisioning (teep)
-----------------------------------------------------------------------
Current status: BOF WG

Chairs:
  Nancy Cam-Winget <ncamwing@cisco.com>
  Dave Thaler <dthaler@microsoft.com>

Assigned Area Director:
  Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>

Security Area Directors:
  Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>
  Eric Rescorla <ekr@rtfm.com>

Mailing list:
  Address: teep@ietf.org
  To subscribe: https://www.ietf.org/mailman/listinfo/teep
  Archive: https://mailarchive.ietf.org/arch/browse/teep/

Group page: https://datatracker.ietf.org/group/teep/

Charter: https://datatracker.ietf.org/doc/charter-ietf-teep/

The Trusted Execution Environment (TEE) is a secure area of a processor. The
TEE provides security features such as isolated execution and integrity of
Trusted Applications, along with provisions for maintaining the
confidentiality of their assets. In general terms, the TEE offers an
execution space that provides a higher level of security than a "rich"
operating system and more functionality than a secure element. For example,
implementations of the TEE concept have been developed by ARM, and Intel
using the TrustZone and the SGX technology, respectively.

To programmatically install, update, and delete applications in a TEE, the
Trusted Execution Environment Provisioning protocol runs between a service
within the TEE on a given device, a relay application or service access point
on the device's network stack and a server-side infrastructure that interacts
with and optionally maintains the applications. Some tasks are security
sensitive and the server side requires information about the device
characteristics in the form of attestation and the device-side may require
information about the server.

Privacy considerations have to be taken into account with authentication
features and attestation.

This working group aims to develop an application layer protocol providing
TEEs providing lifecycle management and security domain management for
trusted applications.

A security domain allows a service provider's applications to be isolated so
that one security domain cannot be influenced by another domain, unless the
domain exposes an API to allow inter-domain interactions.

The solution approach must take a wide range of TEE and relevant technologies
into account and will focus on the use of public key cryptography.

The group will produce the following deliverables. The first draft is an
architecture document describing the involved entities, their relationships,
assumptions, the keying framework and relevant use cases. Second, a solution
document that describes the above-described functionality that will be
developed. The choice of encoding format(s) will be decided in the working
group. The group may document several attestation technologies considering
the different hardware capabilities, performance, privacy, and operational
properties.

The group will maintain a close relationship with the IETF SUIT working
group, GlobalPlatform, Trusted Computing Group, and other relevant standards
to ensure interoperability, compatibility, and proper use of existing
TEE-relevant application layer interfaces.

Milestones:

  Mar 2018 - Adopt an Architecture document

  Mar 2018 - Adopt a solution document

  Aug 2018 - Progress Solution document to the IESG for publication

  Dec 2018 - Begin WGLC for Architecture document

  Jan 2019 - Progress Architecture document to the IESG for publication

  Jul 2019 - Begin WGLC for Solution document


WG action announcement

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: The IESG <iesg@ietf.org>,
    teep@ietf.org,
    teep-chairs@ietf.org 
Subject: WG Action: Formed Trusted Execution Environment Provisioning (teep)

A new IETF WG has been formed in the Security Area. For additional
information, please contact the Area Directors or the WG Chairs.

Trusted Execution Environment Provisioning (teep)
-----------------------------------------------------------------------
Current status: BOF WG

Chairs:
  Nancy Cam-Winget <ncamwing@cisco.com>
  Dave Thaler <dthaler@microsoft.com>

Assigned Area Director:
  Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>

Security Area Directors:
  Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>
  Eric Rescorla <ekr@rtfm.com>

Mailing list:
  Address: teep@ietf.org
  To subscribe: https://www.ietf.org/mailman/listinfo/teep
  Archive: https://mailarchive.ietf.org/arch/browse/teep/

Group page: https://datatracker.ietf.org/group/teep/

Charter: https://datatracker.ietf.org/doc/charter-ietf-teep/

The Trusted Execution Environment (TEE) is a secure area of a processor. The
TEE provides security features such as isolated execution and integrity of
Trusted Applications, along with provisions for maintaining the
confidentiality of their assets. In general terms, the TEE offers an
execution space that provides a higher level of security than a "rich"
operating system and more functionality than a secure element. For example,
implementations of the TEE concept have been developed by ARM and Intel,
using the TrustZone and the SGX technology, respectively.

To programmatically install, update, and delete applications in a TEE, the
Trusted Execution Environment Provisioning protocol runs between a service
within the TEE on a given device, a relay application or service access point
on the device's network stack and a server-side infrastructure that interacts
with and optionally maintains the applications. Some tasks are security
sensitive and the server side requires information about the device
characteristics in the form of attestation and the device-side may require
information about the server.

Privacy considerations have to be taken into account with authentication
features and attestation.

This working group aims to develop an a protocol providing TEEs with
lifecycle management and security domain management for trusted applications.

A security domain allows a service provider's applications to be isolated so
that one security domain cannot be influenced by another domain, unless the
domain exposes an API to allow inter-domain interactions.

The solution approach must take a wide range of TEE and relevant technologies
into account and will focus on the use of public key cryptography.

The group will produce the following deliverables. The first document is on
architecture, describing the involved entities, their relationships,
assumptions, the keying framework, and relevant use cases. Second, a solution
document that includes the above-described functionality in a protocol will
be developed. The choice of encoding format(s) will be decided in the working
group. The group may document several attestation technologies considering
the different hardware capabilities, performance, privacy, and operational
properties.

The group will maintain a close relationship with the IETF SUIT working
group, GlobalPlatform, Trusted Computing Group, and other relevant standards
groups to ensure interoperability, compatibility, and proper use of existing
TEE-relevant application layer interfaces.

Milestones:

  Mar 2018 - Adopt an Architecture document

  Mar 2018 - Adopt a solution document

  Aug 2018 - Progress Solution document to the IESG for publication

  Dec 2018 - Begin WGLC for Architecture document

  Jan 2019 - Progress Architecture document to the IESG for publication

  Jul 2019 - Begin WGLC for Solution document


Ballot announcement