Skip to main content

Minutes interim-2020-teep-01: Mon 10:00

Meeting Minutes Trusted Execution Environment Provisioning (teep) WG
Title Minutes interim-2020-teep-01: Mon 10:00
State Active
Other versions plain text
Last updated 2020-04-02

Virtual Interim Meeting

Info on joining:

Meeting number (access code): 317 197 262
Meeting password: z5gi5vqe

                Michael Richardson
                Nancy Cam-Winget ("TEEP WG")
                Dave Thaler
                Dave Wheeler
                Henk Birkholz
                Kathleen Moriarty
                Kohei Isobe
                Nicolae RISE
                Russ Housley
                Tirumaleswar Reddy
                Mingliang Pei

1. note takers: Michael Richardson
2. Agenda bashing.
        Dave thaler asked for TEEP over HTTP update

3. TEEP over HTTP update -- Dave Thaler.
        @IETF106, the question was what direction should we go with the old
        OTRv1 stuff.
                We instructions to the editor about what to do, and... ?
                Dave Thaler has just posted a new version.

4. Architecture -- Dave Thaler (50min)
        * draft-ietf-teep-architecture
        * issues:
        19 issues filed in github, 17 are addressed in draft-06
        Q: does all personalization data require confidentiality? Or does some
        of just need integrity? Q (KM): is the IEEE MAC address considered
        personal data?  Even when the MAC address is randomized, the per-vendor
        randomization process resulted in the vendor being identifiable due to
        the different ways that they did it.  Newer IEEE specifies how to
        randomize the MAC address, so this is no longer the case. DW: I don't
        think that this is intended to cover the MAC address situation? So I
        don't think that this falls into the bucket. HB: asks for an example.
        KM: maybe the mac address is an example. DT: this is data sent to the
        device, not from the device. DW:  an example would be a list of
        servers/providers which could be provided to the device to contact. DT:
        but the list of servers would still provide a way to track devices. RH:
        'implementations must support encryption to allow for loading of
        sensitive personal data'
                Three sentences that went by too fast.

Issue #128 - re: euicc.
        Where does TEEP fit into this picture?
        David Wheeler will make some comments on the list, and attempt to close
        it on the list.
issue 139: keep going.
issue 113: draft is inconsistent. Is there one common broker, or 1 per TEE?
        -- the issue will be closed unless there are objections

issue 118: attacks are mitigated, discussion in security consideration ,DoS
issue 119:
issue 120:
issue 123: ditto.
        - Should file an issue in RATS architecture, about how long an
        attestation result should be used. HB: there will always be a delay,
        and the evidence may have changed during the evaluation.

issue 120:
        - a type of DoS where the TEEP is asked to install/uninstall TA. TA is
        not authorized.
                - "I still want to install it", one would keep bothering the TAM
                - this is implementer advice, and it might require state, and
                an MCU might not want to do it.

issue 122:

5. Upcoming Hackathon Updates --- Hannes (5min) - no here yet move to the end.

Hannes We are planning to focus on the TEEP protocol implementation in
JSON/JOSE because this functionality is not yet covered in the draft. ~45
people have registered for the Hackathon. The participants will be split across
the three topics (RATS, SUIT, and TEEP).