Markdown Version | Session Recording

Session Date/Time: 27 Mar 2023 06:30

teep

Summary

The TEep working group meeting covered updates on the hackathon, the keep-over-HTTP transport specification, and the protocol draft. Discussions focused on error handling, agent authentication, Eat profiles, and the integration of suit manifests. Several issues were addressed, and a path forward was discussed regarding normative dependencies.

Key Discussion Points

• Hackathon Update (Akira):
  • Implemented and verified the draft.
  • Clarified the use of Cnf for compromised agent situations by adding it to query requests.
  • Discussed the compromised TEE broker scenario, concluding no action is needed as the TEE agent key pair is independent.
  • Addressed token handling in PAM and resolved matching query requests and responses with deep updates, success/error returns.
  • Discussed the use of CDDL ( Concise Data Definition Language) and an update mechanism.
• Keep-over-HTTP Transport Specification (Dave):
  • Addressed comments from IAD and area reviewers including timeout handling, HTTPS recommendation, consistency in terminology, URI dereferencing, and cash control headers.
  • Clarified the use of HTTP status codes.
• Protocol Document (Dave, Akira):
  • Added the ability for the TAM to send error messages to the agent.
  • Integrated the Cnf claim to bind attestation results to specific agents, preventing unauthorized use of attestation claims.
  • Defined required claims in the Eat profile.
  • Clarified the relationship between the TEE profile and the AR4SI. Defined three cases for TAM behavior based on protocol support.
  • Specified the use of Suit inside the Eat manifest claim for software component names.
  • Summarized mandatory implementation algorithms and crypto suites.
  • Discussed encryption algorithms for Eat and suit reports, proposing the use of the same algorithm for both.
  • Addressed the discrepancy between the current draft and the suit MtI document due to last-minute changes, which need to be brought into alignment.
• Normative Dependencies:
  • Concern was raised regarding normative dependencies on evolving drafts (Eat, Suit, Firmware Encryption, Trust Domains, Reference Interaction Models).
  • Potential to change Firmware Encryption to an informative reference.
  • Discussed potential issues with the dependencies.
• CDDL Updates: Akira noted the need to update both the .md and .CDDL files in the GitHub repository to avoid future dependencies on the T protocol CDDL file.
• Cnf Public Key Hashing: Implementers are looking for guidance on how to properly encode the public key hash used within the Cnf claim.

Decisions and Action Items

• Dave: To publish draft 15 of the Keep-over-HTTP transport specification.
• Dave: Update the protocol draft to replace Hp with Ec and clear any references to CH draft, to align with the Suit MtI specification.
• Dave: Evaluate and potentially change the Firmware Encryption to informative reference in next draft.
• Akira: To provide a link to the mail list with the code where the implementations are having an issue with the Cnf hashing algorithm.

Next Steps

• Dave to address the action items and prepare a new draft of the protocol.
• Working group to review and provide feedback on the updated drafts.
• WG chairs to assess the maturity of normative dependencies and initiate working group last calls when appropriate.
• Request from working group for Hank to prioritize the reference interaction models so that the working group can complete the non specification of the protocol draft.