Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Role of Client Application #11

Closed
hannestschofenig opened this issue Aug 2, 2018 · 4 comments
Closed

Role of Client Application #11

hannestschofenig opened this issue Aug 2, 2018 · 4 comments
Assignees
@ncamwing
Labels
ready to close Ready for WG chairs to verify and close

Comments

@hannestschofenig
Copy link
Collaborator

In most discussions the TEEP messaging interaction has been described as a protocol that runs between the TAM and the TEE with a relay (Agent) that passed messages back and forth.

However, the OTrP specification also gives a role to the Client Application not only in the sense of triggering the interaction (since the TEE itself cannot communicate to the outside world on its own) but via the GetTAInformation call. The GetTAInformation call described in Section 6.4.2 of https://tools.ietf.org/html/draft-ietf-teep-opentrustprotocol-01 allows a Client Application to query a TEE about a previously installed TA without requiring the interaction with a TAM.

In order for this to work the Client Application has to known the TA's identifier and also the AIK public key.

The Client App has to obtain this information somehow.

The important implication of allowing the Client App to participate in the TEEP message exchange is that the protocol interaction becomes a three party interaction rather than a two party protocol. There is also the need to consider the encoding of the protocol messages so that they are friendly for app developers since the Client App needs to deal with the TEEP messaging exchanges.

As this functionality appears to be an optimization it would be good to know how much is actually gained by this optimization.
@hannestschofenig hannestschofenig self-assigned this Dec 10, 2018
@hannestschofenig
Copy link
Collaborator Author

I pointed this out in my new review of the security domain, see issue #7

@dthaler
Copy link
Collaborator

dthaler commented May 17, 2019

Discussion among editors: APIs between client app and TEEs should be in arch doc, not in OTrP spec per se, which should just focus on the actual OTrP messages themselves, which go between TAM and OTrP Agent (not the client app per se).

Arch doc can have a list of Broker/Agent apis, and leave details to the broker (transport spec), and agent (protocol spec).

@dthaler
Copy link
Collaborator

dthaler commented May 17, 2019

List of OTrP broker -> OTrP Agent apis currently in the transport spec: RequestTA, ProcessOTrPMessage, RequestPolicyCheck, ProcessError.
List of TAM transport -> TAM OTrP implementation apis currently in the transport spec: ProcessConnect, ProcessOTrPMessage.

dthaler added a commit that referenced this issue Nov 17, 2019
@dthaler
Changes for github issue #11
c2800dc 
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
@dthaler dthaler mentioned this issue Nov 17, 2019
Merged
@dthaler
Copy link
Collaborator

dthaler commented Nov 19, 2019

@ncamwing this issue is ready to be closed

@dthaler dthaler assigned ncamwing and unassigned hannestschofenig Nov 23, 2019
@dthaler dthaler added the ready to close Ready for WG chairs to verify and close label Nov 23, 2019
@mcd500 mcd500 mentioned this issue Feb 18, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ncamwing ncamwing

Labels
ready to close Ready for WG chairs to verify and close
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@hannestschofenig @dthaler @ncamwing @tireddy2