You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The protocol between TEEP Agents and TAMs similarly is responsible
for securely providing integrity and confidentiality protection
against adversaries between them. Since the transport protocol under
the TEEP protocol might be implemented outside a TEE, as discussed in
Section 6, it cannot be relied upon for sufficient protection. The
TEEP protocol provides integrity protection, but confidentiality must
be provided by payload encryption, i.e., using encrypted TA binaries
and encrypted attestation information. See [I-D.ietf-teep-protocol]
for more discussion.
Re-work the text to clarify that this is a design choice whether to terminate TLS inside the TEE or outside. Different solutions have taken a different approach here and the architecture should be agnostic to it.
The text was updated successfully, but these errors were encountered:
What is the issue? The text says "might be implemented outside a TEE" so it already implies it's a design choice.
Hence to me it's already clear enough and agnostic to it.
Also, as an aside, that paragraph is transport protocol agnostic, so if there were a binding over something other than TLS (e.g., DTLS or OPC UA's security protocol) it would still be correct.
The issue is that I see others coming with different solutions that fit the same architectural description and problem statement.
Reading through the draft I noticed that there are a few places where we go the step from the architecture to the solution details. This is not really necessary and hence I wanted to make it a bit more generic
Re-work the text to clarify that this is a design choice whether to terminate TLS inside the TEE or outside. Different solutions have taken a different approach here and the architecture should be agnostic to it.
The text was updated successfully, but these errors were encountered: