--- 1/draft-ietf-teep-otrp-over-http-03.txt 2020-02-10 06:13:14.846930000 -0800 +++ 2/draft-ietf-teep-otrp-over-http-04.txt 2020-02-10 06:13:14.878930816 -0800 @@ -1,19 +1,19 @@ TEEP WG D. Thaler Internet-Draft Microsoft -Intended status: Informational November 04, 2019 -Expires: May 7, 2020 +Intended status: Informational February 10, 2020 +Expires: August 13, 2020 HTTP Transport for Trusted Execution Environment Provisioning: Agent-to- TAM Communication - draft-ietf-teep-otrp-over-http-03 + draft-ietf-teep-otrp-over-http-04 Abstract The Trusted Execution Environment Provisioning (TEEP) Protocol is used to manage code and configuration data in a Trusted Execution Environment (TEE). This document specifies the HTTP transport for TEEP communication where a Trusted Application Manager (TAM) service is used to manage TEEs in devices that can initiate communication to the TAM. An implementation of this document can (if desired) run outside of any TEE, but interacts with a TEEP implementation that @@ -27,25 +27,25 @@ Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on May 7, 2020. + This Internet-Draft will expire on August 13, 2020. Copyright Notice - Copyright (c) 2019 IETF Trust and the persons identified as the + Copyright (c) 2020 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as @@ -66,45 +66,45 @@ 5.4. Handling checks for policy changes . . . . . . . . . . . 9 5.5. Error handling . . . . . . . . . . . . . . . . . . . . . 9 6. TEEP/HTTP Server Behavior . . . . . . . . . . . . . . . . . . 9 6.1. Receiving an HTTP POST request . . . . . . . . . . . . . 10 6.2. Getting an empty buffer back from the TEEP implementation 10 6.3. Getting a message buffer from the TEEP implementation . . 10 6.4. Error handling . . . . . . . . . . . . . . . . . . . . . 10 7. Sample message flow . . . . . . . . . . . . . . . . . . . . . 10 8. Security Considerations . . . . . . . . . . . . . . . . . . . 12 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12 - 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 13 - 10.1. Normative References . . . . . . . . . . . . . . . . . . 13 + 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 12 + 10.1. Normative References . . . . . . . . . . . . . . . . . . 12 10.2. Informative References . . . . . . . . . . . . . . . . . 13 - Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 14 + Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 13 1. Introduction Trusted Execution Environments (TEEs), including environments based on Intel SGX, ARM TrustZone, Secure Elements, and others, enforce that only authorized code can execute within the TEE, and any memory used by such code is protected against tampering or disclosure outside the TEE. The Trusted Execution Environment Provisioning (TEEP) protocol is designed to provision authorized code and configuration into TEEs. To be secure against malware, a TEEP implementation (referred to as a TEEP "Agent" on the client side, and a "Trusted Application Manager (TAM)" on the server side) must themselves run inside a TEE. However, the transport for TEEP, along with the underlying TCP/IP stack, does not necessarily run inside a TEE. This split allows the set of highly trusted code to be kept as small as possible, including allowing code (e.g., TCP/IP) that only sees encrypted messages, to be kept out of the TEE. - The TEEP specification [I-D.tschofenig-teep-protocol] (and its + The TEEP specification [I-D.ietf-teep-protocol] (like its predecessors [I-D.ietf-teep-opentrustprotocol] and [GP-OTrP]) describes the behavior of TEEP Agents and TAMs, but does not specify the details of the transport. The purpose of this document is to provide such details. That is, a TEEP-over-HTTP (TEEP/HTTP) implementation delivers messages up to a TEEP implementation, and accepts messages from the TEEP implementation to be sent over a network. The TEEP-over-HTTP implementation can be implemented either outside a TEE (i.e., in a TEEP "Broker") or inside a TEE. There are two topological scenarios in which TEEP could be deployed: @@ -339,25 +339,25 @@ 5.3. Receiving an HTTP response When an HTTP response is received in response to a request associated with a given session state, the TEEP/HTTP Client MUST do the following. If the HTTP response body is empty, the TEEP/HTTP Client's task is complete, and it can delete its session state, and its task is done. If instead the HTTP response body is not empty, the TEEP/HTTP Client - passes (e.g., using "ProcessOTrPMessage" API as mentioned in - Section 6.2 of [I-D.ietf-teep-opentrustprotocol] if OTrP rather than - TEEP is used for provisioning) the response body up to the TEEP - implementation associated with the session. The TEEP implementation - will then either pass no data back, or pass back a message buffer. + passes (e.g., using "ProcessTeepMessage" API as mentioned in + Section 6.2.1 of [I-D.ietf-teep-architecture]) the response body up + to the TEEP implementation associated with the session. The TEEP + implementation will then either pass no data back, or pass back a + message buffer. If no data is passed back, the TEEP/HTTP Client's task is complete, and it can delete its session state, and inform its caller (e.g., the application installer) of success. If instead the TEEP implementation passes back a message buffer, the TEEP/HTTP Client handles the message buffer as specified in Section 5.2. 5.4. Handling checks for policy changes @@ -401,24 +401,22 @@ 6. TEEP/HTTP Server Behavior 6.1. Receiving an HTTP POST request When an HTTP POST request is received with an empty body, the TEEP/ HTTP Server invokes the TAM's "ProcessConnect" API. The TAM will then pass back a (possibly empty) message buffer. When an HTTP POST request is received with a non-empty body, the TEEP/HTTP Server passes the request body to the TAM (e.g., using the - "ProcessOTrPMessage" API mentioned in - [I-D.ietf-teep-opentrustprotocol] if OTrP rather than TEEP is used - for provisioning). The TAM will then pass back a (possibly empty) - message buffer. + "ProcessTeepMessage" API mentioned in [I-D.ietf-teep-architecture]). + The TAM will then pass back a (possibly empty) message buffer. 6.2. Getting an empty buffer back from the TEEP implementation If the TEEP implementation passes back an empty buffer, the TEEP/HTTP Server sends a successful (2xx) response with no body. 6.3. Getting a message buffer from the TEEP implementation If the TEEP implementation passes back a non-empty buffer, the TEEP/ HTTP Server generates a successful (2xx) response with a Content-Type @@ -530,33 +528,28 @@ 9. IANA Considerations This document has no actions for IANA. 10. References 10.1. Normative References [I-D.ietf-httpbis-semantics] Fielding, R., Nottingham, M., and J. Reschke, "HTTP - Semantics", draft-ietf-httpbis-semantics-05 (work in - progress), July 2019. - - [I-D.ietf-teep-opentrustprotocol] - Pei, M., Atyeo, A., Cook, N., Yoo, M., and H. Tschofenig, - "The Open Trust Protocol (OTrP)", draft-ietf-teep- - opentrustprotocol-03 (work in progress), May 2019. + Semantics", draft-ietf-httpbis-semantics-06 (work in + progress), November 2019. - [I-D.tschofenig-teep-protocol] - Pei, M., Tschofenig, H., and D. Wheeler, "Trusted - Execution Environment Provisioning (TEEP) Protocol", - draft-tschofenig-teep-protocol-00 (work in progress), - November 2019. + [I-D.ietf-teep-protocol] + Tschofenig, H., Pei, M., Wheeler, D., and D. Thaler, + "Trusted Execution Environment Provisioning (TEEP) + Protocol", draft-ietf-teep-protocol-00 (work in progress), + December 2019. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, DOI 10.17487/RFC2818, May 2000, . @@ -571,21 +564,25 @@ Platform GPD_SPE_123, May 2019, . [I-D.ietf-httpbis-bcp56bis] Nottingham, M., "Building Protocols with HTTP", draft- ietf-httpbis-bcp56bis-09 (work in progress), November 2019. [I-D.ietf-teep-architecture] - Pei, M., Tschofenig, H., Wheeler, D., Atyeo, A., and D. - Liu, "Trusted Execution Environment Provisioning (TEEP) - Architecture", draft-ietf-teep-architecture-03 (work in - progress), July 2019. + Pei, M., Tschofenig, H., Thaler, D., and D. Wheeler, + "Trusted Execution Environment Provisioning (TEEP) + Architecture", draft-ietf-teep-architecture-06 (work in + progress), February 2020. -Author's Address + [I-D.ietf-teep-opentrustprotocol] + Pei, M., Atyeo, A., Cook, N., Yoo, M., and H. Tschofenig, + "The Open Trust Protocol (OTrP)", draft-ietf-teep- + opentrustprotocol-03 (work in progress), May 2019. +Author's Address Dave Thaler Microsoft EMail: dthaler@microsoft.com