draft-ietf-teep-otrp-over-http-11.txt   draft-ietf-teep-otrp-over-http-12.txt 
TEEP WG D. Thaler TEEP WG D. Thaler
Internet-Draft Microsoft Internet-Draft Microsoft
Intended status: Informational July 12, 2021 Intended status: Standards Track 26 July 2021
Expires: January 13, 2022 Expires: 27 January 2022
HTTP Transport for Trusted Execution Environment Provisioning: Agent-to- HTTP Transport for Trusted Execution Environment Provisioning: Agent
TAM Communication Initiated Communication
draft-ietf-teep-otrp-over-http-11 draft-ietf-teep-otrp-over-http-12
Abstract Abstract
The Trusted Execution Environment Provisioning (TEEP) Protocol is The Trusted Execution Environment Provisioning (TEEP) Protocol is
used to manage code and configuration data in a Trusted Execution used to manage code and configuration data in a Trusted Execution
Environment (TEE). This document specifies the HTTP transport for Environment (TEE). This document specifies the HTTP transport for
TEEP communication where a Trusted Application Manager (TAM) service TEEP communication where a Trusted Application Manager (TAM) service
is used to manage code and data in TEEs on devices that can initiate is used to manage code and data in TEEs on devices that can initiate
communication to the TAM. An implementation of this document can (if communication to the TAM. An implementation of this document can (if
desired) run outside of any TEE, but interacts with a TEEP desired) run outside of any TEE, but interacts with a TEEP
skipping to change at page 1, line 38 skipping to change at page 1, line 38
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 13, 2022. This Internet-Draft will expire on 27 January 2022.
Copyright Notice Copyright Notice
Copyright (c) 2021 IETF Trust and the persons identified as the Copyright (c) 2021 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents (https://trustee.ietf.org/
(https://trustee.ietf.org/license-info) in effect on the date of license-info) in effect on the date of publication of this document.
publication of this document. Please review these documents Please review these documents carefully, as they describe your rights
carefully, as they describe your rights and restrictions with respect and restrictions with respect to this document. Code Components
to this document. Code Components extracted from this document must extracted from this document must include Simplified BSD License text
include Simplified BSD License text as described in Section 4.e of as described in Section 4.e of the Trust Legal Provisions and are
the Trust Legal Provisions and are provided without warranty as provided without warranty as described in the Simplified BSD License.
described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4
3. TEEP Broker . . . . . . . . . . . . . . . . . . . . . . . . . 4 3. TEEP Broker . . . . . . . . . . . . . . . . . . . . . . . . . 4
3.1. Use of Abstract APIs . . . . . . . . . . . . . . . . . . 4 3.1. Use of Abstract APIs . . . . . . . . . . . . . . . . . . 4
4. Use of HTTP as a Transport . . . . . . . . . . . . . . . . . 5 4. Use of HTTP as a Transport . . . . . . . . . . . . . . . . . 5
5. TEEP/HTTP Client Behavior . . . . . . . . . . . . . . . . . . 6 5. TEEP/HTTP Client Behavior . . . . . . . . . . . . . . . . . . 6
5.1. Receiving a request to install a new Trusted Application 6 5.1. Receiving a request to install a new Trusted
Application . . . . . . . . . . . . . . . . . . . . . . . 6
5.1.1. Session Creation . . . . . . . . . . . . . . . . . . 7 5.1.1. Session Creation . . . . . . . . . . . . . . . . . . 7
5.2. Receiving a notification that a Trusted Application is no 5.2. Receiving a notification that a Trusted Application is no
longer needed . . . . . . . . . . . . . . . . . . . . . . 7 longer needed . . . . . . . . . . . . . . . . . . . . . . 7
5.3. Getting a message buffer back from a TEEP Agent . . . . . 8 5.3. Getting a message buffer back from a TEEP Agent . . . . . 8
5.4. Receiving an HTTP response . . . . . . . . . . . . . . . 8 5.4. Receiving an HTTP response . . . . . . . . . . . . . . . 8
5.5. Handling checks for policy changes . . . . . . . . . . . 9 5.5. Handling checks for policy changes . . . . . . . . . . . 9
5.6. Error handling . . . . . . . . . . . . . . . . . . . . . 9 5.6. Error handling . . . . . . . . . . . . . . . . . . . . . 9
6. TEEP/HTTP Server Behavior . . . . . . . . . . . . . . . . . . 10 6. TEEP/HTTP Server Behavior . . . . . . . . . . . . . . . . . . 9
6.1. Receiving an HTTP POST request . . . . . . . . . . . . . 10 6.1. Receiving an HTTP POST request . . . . . . . . . . . . . 10
6.2. Getting an empty buffer back from the TAM . . . . . . . . 10 6.2. Getting an empty buffer back from the TAM . . . . . . . . 10
6.3. Getting a message buffer from the TAM . . . . . . . . . . 10 6.3. Getting a message buffer from the TAM . . . . . . . . . . 10
6.4. Error handling . . . . . . . . . . . . . . . . . . . . . 10 6.4. Error handling . . . . . . . . . . . . . . . . . . . . . 10
7. Sample message flow . . . . . . . . . . . . . . . . . . . . . 10 7. Sample message flow . . . . . . . . . . . . . . . . . . . . . 10
8. Security Considerations . . . . . . . . . . . . . . . . . . . 12 8. Security Considerations . . . . . . . . . . . . . . . . . . . 12
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 13 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 12
10.1. Normative References . . . . . . . . . . . . . . . . . . 13 10.1. Normative References . . . . . . . . . . . . . . . . . . 12
10.2. Informative References . . . . . . . . . . . . . . . . . 14 10.2. Informative References . . . . . . . . . . . . . . . . . 13
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 14 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 14
1. Introduction 1. Introduction
A Trusted Execution Environment (TEE) is an environment that enforces A Trusted Execution Environment (TEE) is an environment that enforces
that any code within that environment cannot be tampered with, and that any code within that environment cannot be tampered with, and
that any data used by such code cannot be read or tampered with by that any data used by such code cannot be read or tampered with by
any code outside that environment. The Trusted Execution Environment any code outside that environment. The Trusted Execution Environment
Provisioning (TEEP) protocol is designed to provision authorized code Provisioning (TEEP) protocol is designed to provision authorized code
and configuration into TEEs. and configuration into TEEs.
skipping to change at page 3, line 49 skipping to change at page 3, line 49
+------------------+ +------------------+ +------------------+ +------------------+
| | | |
+------------------+ TEEP-over-HTTP +------------------+ +------------------+ TEEP-over-HTTP +------------------+
| TEEP/HTTP Client | <----------------------> | TEEP/HTTP Server | | TEEP/HTTP Client | <----------------------> | TEEP/HTTP Server |
+------------------+ +------------------+ +------------------+ +------------------+
| | | |
+------------------+ HTTP +------------------+ +------------------+ HTTP +------------------+
| HTTP Client | <----------------------> | HTTP Server | | HTTP Client | <----------------------> | HTTP Server |
+------------------+ +------------------+ +------------------+ +------------------+
Figure 1: Agent-to-TAM Communication Figure 1: Agent Initiated Communication
This document specifies the middle layer (TEEP-over-HTTP), whereas This document specifies the middle layer (TEEP-over-HTTP), whereas
the top layer (TEEP) is specified in [I-D.ietf-teep-protocol]. the top layer (TEEP) is specified in [I-D.ietf-teep-protocol].
2. Terminology 2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP "OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and only when, they appear in all 14 [RFC2119] [RFC8174] when, and only when, they appear in all
skipping to change at page 6, line 20 skipping to change at page 6, line 20
5. TEEP/HTTP Client Behavior 5. TEEP/HTTP Client Behavior
5.1. Receiving a request to install a new Trusted Application 5.1. Receiving a request to install a new Trusted Application
In some environments, an application installer can determine (e.g., In some environments, an application installer can determine (e.g.,
from an application manifest) that the application being installed or from an application manifest) that the application being installed or
updated has a dependency on a given Trusted Application (TA) being updated has a dependency on a given Trusted Application (TA) being
available in a given type of TEE. In such a case, it will notify a available in a given type of TEE. In such a case, it will notify a
TEEP Broker, where the notification will contain the following: TEEP Broker, where the notification will contain the following:
- A unique identifier of the TA * A unique identifier of the TA
- Optionally, any metadata to provide to the TEEP Agent. This might * Optionally, any metadata to provide to the TEEP Agent. This might
include a TAM URI provided in the application manifest, for include a TAM URI provided in the application manifest, for
example. example.
- Optionally, any requirements that may affect the choice of TEE, if * Optionally, any requirements that may affect the choice of TEE, if
multiple are available to the TEEP Broker. multiple are available to the TEEP Broker.
When a TEEP Broker receives such a notification, it first identifies When a TEEP Broker receives such a notification, it first identifies
in an implementation-dependent way which TEE (if any) is most in an implementation-dependent way which TEE (if any) is most
appropriate based on the constraints expressed. If there is only one appropriate based on the constraints expressed. If there is only one
TEE, the choice is obvious. Otherwise, the choice might be based on TEE, the choice is obvious. Otherwise, the choice might be based on
factors such as capabilities of available TEE(s) compared with TEE factors such as capabilities of available TEE(s) compared with TEE
requirements in the notification. Once the TEEP Broker picks a TEE, requirements in the notification. Once the TEEP Broker picks a TEE,
it passes the notification to the TEEP/HTTP Client for that TEE. it passes the notification to the TEEP/HTTP Client for that TEE.
skipping to change at page 7, line 22 skipping to change at page 7, line 22
HTTP(S) POST to the TAM URI with an Accept header with the TEEP media HTTP(S) POST to the TAM URI with an Accept header with the TEEP media
type requested, and an empty body. The HTTP request is then type requested, and an empty body. The HTTP request is then
associated with the TEEP/HTTP Client's session state. associated with the TEEP/HTTP Client's session state.
If the TEEP Agent instead passes back a TAM URI with a message If the TEEP Agent instead passes back a TAM URI with a message
buffer, the TEEP/HTTP Client attempts to create session state and buffer, the TEEP/HTTP Client attempts to create session state and
handles the message buffer as specified in Section 5.3. handles the message buffer as specified in Section 5.3.
Session state consists of: Session state consists of:
- Any context (e.g., a handle) that identifies the API session with * Any context (e.g., a handle) that identifies the API session with
the TEEP Agent. the TEEP Agent.
- Any context that identifies an HTTP request, if one is * Any context that identifies an HTTP request, if one is
outstanding. Initially, none exists. outstanding. Initially, none exists.
5.2. Receiving a notification that a Trusted Application is no longer 5.2. Receiving a notification that a Trusted Application is no longer
needed needed
In some environments, an application installer can determine (e.g., In some environments, an application installer can determine (e.g.,
from an application manifest) that a given Trusted Application is no from an application manifest) that a given Trusted Application is no
longer needed, such as if the application that previously depended on longer needed, such as if the application that previously depended on
the TA is uninstalled or updated in a way that removes the the TA is uninstalled or updated in a way that removes the
dependency. In such a case, it will notify a TEEP Broker, where the dependency. In such a case, it will notify a TEEP Broker, where the
notification will contain the following: notification will contain the following:
- A unique identifier of the TA * A unique identifier of the TA
- Optionally, any requirements that may affect the choice of TEE, if * Optionally, any requirements that may affect the choice of TEE, if
multiple are available to the TEEP Broker. multiple are available to the TEEP Broker.
When a TEEP Broker receives such a notification, it first identifies When a TEEP Broker receives such a notification, it first identifies
in an implementation-dependent way which TEE (if any) is appropriate in an implementation-dependent way which TEE (if any) is appropriate
based on the constraints expressed, as in Section 5.1. based on the constraints expressed, as in Section 5.1.
The TEEP/HTTP Client then informs the TEEP Agent in that TEE by The TEEP/HTTP Client then informs the TEEP Agent in that TEE by
invoking an appropriate "UnrequestTA" API that identifies the invoking an appropriate "UnrequestTA" API that identifies the
unneeded TA. The TEEP/HTTP Client need not know whether the TEE unneeded TA. The TEEP/HTTP Client need not know whether the TEE
actually has the TA installed. actually has the TA installed.
skipping to change at page 11, line 22 skipping to change at page 11, line 18
2. The TEEP/HTTP Client calls the TEEP Agent's "RequestTA" API, 2. The TEEP/HTTP Client calls the TEEP Agent's "RequestTA" API,
passing TA Needed = X. passing TA Needed = X.
3. The TEEP Agent finds that no such TA is already installed, but 3. The TEEP Agent finds that no such TA is already installed, but
that it can be obtained from a given TAM. The TEEP Agent passes that it can be obtained from a given TAM. The TEEP Agent passes
the TAM URI (e.g., "https://example.com/tam") to the TEEP/HTTP the TAM URI (e.g., "https://example.com/tam") to the TEEP/HTTP
Client. Client.
4. The TEEP/HTTP Client sends an HTTP POST request to the TAM URI: 4. The TEEP/HTTP Client sends an HTTP POST request to the TAM URI:
POST /tam HTTP/1.1 POST /tam HTTP/1.1
Host: example.com Host: example.com
Accept: application/teep+cbor Accept: application/teep+cbor
Content-Length: 0 Content-Length: 0
User-Agent: Foo/1.0 User-Agent: Foo/1.0
where the TEEP/HTTP Client fills in an implementation-specific where the TEEP/HTTP Client fills in an implementation-specific
value in the User-Agent header. value in the User-Agent header.
5. On the TAM side, the TEEP/HTTP Server receives the HTTP POST 5. On the TAM side, the TEEP/HTTP Server receives the HTTP POST
request, and calls the TAM's "ProcessConnect" API. request, and calls the TAM's "ProcessConnect" API.
6. The TAM generates a TEEP message (where typically QueryRequest 6. The TAM generates a TEEP message (where typically QueryRequest
is the first message) and passes it to the TEEP/HTTP Server. is the first message) and passes it to the TEEP/HTTP Server.
7. The TEEP/HTTP Server sends an HTTP successful response with the 7. The TEEP/HTTP Server sends an HTTP successful response with the
TEEP message in the body: TEEP message in the body:
HTTP/1.1 200 OK HTTP/1.1 200 OK
Content-Type: application/teep+cbor Content-Type: application/teep+cbor
Content-Length: [length of TEEP message here] Content-Length: [length of TEEP message here]
Server: Bar/2.2 Server: Bar/2.2
X-Content-Type-Options: nosniff X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'none' Content-Security-Policy: default-src 'none'
Referrer-Policy: no-referrer Referrer-Policy: no-referrer
[TEEP message here] [TEEP message here]
where the TEEP/HTTP Server fills in an implementation-specific where the TEEP/HTTP Server fills in an implementation-specific
value in the Server header. value in the Server header.
8. Back on the TEEP Agent side, the TEEP/HTTP Client gets the HTTP 8. Back on the TEEP Agent side, the TEEP/HTTP Client gets the HTTP
response, extracts the TEEP message and pass it up to the TEEP response, extracts the TEEP message and pass it up to the TEEP
Agent. Agent.
9. The TEEP Agent processes the TEEP message, and generates a TEEP 9. The TEEP Agent processes the TEEP message, and generates a TEEP
response (e.g., QueryResponse) which it passes back to the TEEP/ response (e.g., QueryResponse) which it passes back to the TEEP/
HTTP Client. HTTP Client.
10. The TEEP/HTTP Client gets the TEEP message buffer and sends an 10. The TEEP/HTTP Client gets the TEEP message buffer and sends an
HTTP POST request to the TAM URI, with the TEEP message in the HTTP POST request to the TAM URI, with the TEEP message in the
body: body:
POST /tam HTTP/1.1 POST /tam HTTP/1.1
Host: example.com Host: example.com
Accept: application/teep+cbor Accept: application/teep+cbor
Content-Type: application/teep+cbor Content-Type: application/teep+cbor
Content-Length: [length of TEEP message here] Content-Length: [length of TEEP message here]
User-Agent: Foo/1.0 User-Agent: Foo/1.0
[TEEP message here] [TEEP message here]
11. The TEEP/HTTP Server receives the HTTP POST request, and passes 11. The TEEP/HTTP Server receives the HTTP POST request, and passes
the payload up to the TAM. the payload up to the TAM.
12. Steps 6-11 are then repeated until the TAM passes no data back 12. Steps 6-11 are then repeated until the TAM passes no data back
to the TEEP/HTTP Server in step 6. to the TEEP/HTTP Server in step 6.
13. The TEEP/HTTP Server sends an HTTP successful response with no 13. The TEEP/HTTP Server sends an HTTP successful response with no
body: body:
HTTP/1.1 204 No Content HTTP/1.1 204 No Content
Server: Bar/2.2 Server: Bar/2.2
14. The TEEP/HTTP Client deletes its session state. 14. The TEEP/HTTP Client deletes its session state.
8. Security Considerations 8. Security Considerations
Section 4 discussed security recommendations for HTTPS transport of Section 4 discussed security recommendations for HTTPS transport of
TEEP messages. See Section 6 of [I-D.ietf-httpbis-bcp56bis] for TEEP messages. See Section 6 of [I-D.ietf-httpbis-bcp56bis] for
additional discussion of HTTP(S) security considerations. additional discussion of HTTP(S) security considerations.
9. IANA Considerations 9. IANA Considerations
skipping to change at page 13, line 21 skipping to change at page 13, line 13
10.1. Normative References 10.1. Normative References
[BCP195] Sheffer, Y., Holz, R., and P. Saint-Andre, [BCP195] Sheffer, Y., Holz, R., and P. Saint-Andre,
"Recommendations for Secure Use of Transport Layer "Recommendations for Secure Use of Transport Layer
Security (TLS) and Datagram Transport Layer Security Security (TLS) and Datagram Transport Layer Security
(DTLS)", BCP 195, RFC 7525, DOI 10.17487/RFC7525, May (DTLS)", BCP 195, RFC 7525, DOI 10.17487/RFC7525, May
2015, <https://www.rfc-editor.org/info/rfc7525>. 2015, <https://www.rfc-editor.org/info/rfc7525>.
[I-D.ietf-httpbis-semantics] [I-D.ietf-httpbis-semantics]
Fielding, R. T., Nottingham, M., and J. Reschke, "HTTP Fielding, R. T., Nottingham, M., and J. Reschke, "HTTP
Semantics", draft-ietf-httpbis-semantics-16 (work in Semantics", Work in Progress, Internet-Draft, draft-ietf-
progress), May 2021. httpbis-semantics-17, 25 July 2021,
<https://www.ietf.org/archive/id/draft-ietf-httpbis-
semantics-17.txt>.
[I-D.ietf-teep-protocol] [I-D.ietf-teep-protocol]
Tschofenig, H., Pei, M., Wheeler, D., Thaler, D., and A. Tschofenig, H., Pei, M., Wheeler, D., Thaler, D., and A.
Tsukamoto, "Trusted Execution Environment Provisioning Tsukamoto, "Trusted Execution Environment Provisioning
(TEEP) Protocol", draft-ietf-teep-protocol-05 (work in (TEEP) Protocol", Work in Progress, Internet-Draft, draft-
progress), February 2021. ietf-teep-protocol-06, 12 July 2021,
<https://www.ietf.org/archive/id/draft-ietf-teep-protocol-
06.txt>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC6125] Saint-Andre, P. and J. Hodges, "Representation and [RFC6125] Saint-Andre, P. and J. Hodges, "Representation and
Verification of Domain-Based Application Service Identity Verification of Domain-Based Application Service Identity
within Internet Public Key Infrastructure Using X.509 within Internet Public Key Infrastructure Using X.509
(PKIX) Certificates in the Context of Transport Layer (PKIX) Certificates in the Context of Transport Layer
skipping to change at page 14, line 14 skipping to change at page 14, line 12
10.2. Informative References 10.2. Informative References
[GP-OTrP] Global Platform, "TEE Management Framework: Open Trust [GP-OTrP] Global Platform, "TEE Management Framework: Open Trust
Protocol (OTrP) Profile Version 1.0", Global Protocol (OTrP) Profile Version 1.0", Global
Platform GPD_SPE_123, May 2019, Platform GPD_SPE_123, May 2019,
<https://globalplatform.org/specs-library/tee-management- <https://globalplatform.org/specs-library/tee-management-
framework-open-trust-protocol/>. framework-open-trust-protocol/>.
[I-D.ietf-httpbis-bcp56bis] [I-D.ietf-httpbis-bcp56bis]
Nottingham, M., "Building Protocols with HTTP", draft- Nottingham, M., "Building Protocols with HTTP", Work in
ietf-httpbis-bcp56bis-12 (work in progress), April 2021. Progress, Internet-Draft, draft-ietf-httpbis-bcp56bis-12,
27 April 2021, <https://www.ietf.org/archive/id/draft-
ietf-httpbis-bcp56bis-12.txt>.
[I-D.ietf-teep-architecture] [I-D.ietf-teep-architecture]
Pei, M., Tschofenig, H., Thaler, D., and D. Wheeler, Pei, M., Tschofenig, H., Thaler, D., and D. Wheeler,
"Trusted Execution Environment Provisioning (TEEP) "Trusted Execution Environment Provisioning (TEEP)
Architecture", draft-ietf-teep-architecture-14 (work in Architecture", Work in Progress, Internet-Draft, draft-
progress), February 2021. ietf-teep-architecture-15, 12 July 2021,
<https://www.ietf.org/archive/id/draft-ietf-teep-
architecture-15.txt>.
[I-D.ietf-teep-opentrustprotocol] [I-D.ietf-teep-opentrustprotocol]
Pei, M., Atyeo, A., Cook, N., Yoo, M., and H. Tschofenig, Pei, M., Atyeo, A., Cook, N., Yoo, M., and H. Tschofenig,
"The Open Trust Protocol (OTrP)", draft-ietf-teep- "The Open Trust Protocol (OTrP)", Work in Progress,
opentrustprotocol-03 (work in progress), May 2019. Internet-Draft, draft-ietf-teep-opentrustprotocol-03, 15
May 2019, <https://www.ietf.org/archive/id/draft-ietf-
teep-opentrustprotocol-03.txt>.
[RFC9000] Iyengar, J., Ed. and M. Thomson, Ed., "QUIC: A UDP-Based [RFC9000] Iyengar, J., Ed. and M. Thomson, Ed., "QUIC: A UDP-Based
Multiplexed and Secure Transport", RFC 9000, Multiplexed and Secure Transport", RFC 9000,
DOI 10.17487/RFC9000, May 2021, DOI 10.17487/RFC9000, May 2021,
<https://www.rfc-editor.org/info/rfc9000>. <https://www.rfc-editor.org/info/rfc9000>.
Author's Address Author's Address
Dave Thaler Dave Thaler
Microsoft Microsoft
EMail: dthaler@microsoft.com Email: dthaler@microsoft.com
 End of changes. 27 change blocks. 
60 lines changed or deleted 70 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/