Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Russ Housley's comments on draft-12 #206

Closed
dthaler opened this issue Jul 28, 2020 · 1 comment · Fixed by #207
Closed

Russ Housley's comments on draft-12 #206

dthaler opened this issue Jul 28, 2020 · 1 comment · Fixed by #207
Assignees
@tireddy2
Labels
ready to close Ready for WG chairs to verify and close

Comments

@dthaler
Copy link
Collaborator

dthaler commented Jul 28, 2020

  1. Section 3.3 talks about the Internet of Things. It does not talk about the billions of devices being used to mount DDoS attacks. Can it cover that too? Without putting the network interface inside the TEE, I'm skeptical there is a solution.

  2. Section 3.4 talks about Confidential Cloud Computing. Can something be said in Section 4.4.1 to make this less abstract?

Regarding 6), the original Section 4.4.1 gone, and Section 1 does not seem like a good place to resolve this comment. In the current document structure, I think a sentence or two needs to appear in Section 3.4.

In addition, I have a few new comments based on the revised document.

Section 2: Since my last review, Raw Public Key was added. Please add [RFC5280] as the reference for a "PKIX certificate".

Section 4.1: now says:

  ...  A TA Signer or
  Device Administrator may run their own TAM, but the devices they
  wish to manage must include this TAM's public key/certificate
  [RFC5280], or a certificate it chains up to, in the Trust Anchor
  Store.

The meaning of "/" is unclear. I think it means "or", Please spell it out.

Section 5: s/content encryption key/content-encryption key/

Section 9.2: s/provides protection/provide protection/

Section 9.2 says: "... user/tenant ...". Again, I think the slash means "or".

Section 9.2 uses the term "payload security". For alignment with Section 5.5, I think it should say "payload encryption".

Section 9.4 talks about compromise and expiration. I do not think about expiration as a form of compromise, so I think the title of the section should be expanded.
dthaler added a commit that referenced this issue Oct 9, 2020
@dthaler
Address Russ Housley's comments on draft-12
1e1445b 
Fixes #206

Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
@dthaler dthaler mentioned this issue Oct 9, 2020
Merged
@dthaler dthaler added the have proposed text Ready for other editors to review and merge if ok label Oct 9, 2020
@dthaler dthaler self-assigned this Oct 9, 2020
@dthaler dthaler reopened this Oct 16, 2020
@dthaler dthaler added fixed in editors copy and removed have proposed text Ready for other editors to review and merge if ok labels Oct 16, 2020
@dthaler
Copy link
Collaborator Author

dthaler commented Nov 2, 2020

Fixed in draft-13

@dthaler dthaler added ready to close Ready for WG chairs to verify and close and removed fixed in editors copy labels Nov 2, 2020
@dthaler dthaler assigned tireddy2 and unassigned dthaler Nov 2, 2020
@tireddy2 tireddy2 closed this as completed Nov 4, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tireddy2 tireddy2

Labels
ready to close Ready for WG chairs to verify and close
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Address Russ Housley's comments on draft-12 ietf-teep/architecture
2 participants
@dthaler @tireddy2