draft-ietf-teep-otrp-over-http-01.txt   draft-ietf-teep-otrp-over-http-02.txt 
TEEP WG D. Thaler TEEP WG D. Thaler
Internet-Draft Microsoft Internet-Draft Microsoft
Intended status: Informational July 08, 2019 Intended status: Informational October 22, 2019
Expires: January 9, 2020 Expires: April 24, 2020
HTTP Transport for the Open Trust Protocol (OTrP) HTTP Transport for Trusted Execution Environment Provisioning: Agent-to-
draft-ietf-teep-otrp-over-http-01 TAM Communication
draft-ietf-teep-otrp-over-http-02
Abstract Abstract
This document specifies the HTTP transport for the Open Trust The Open Trust Protocol (OTrP) is used to manage code and
Protocol (OTrP), which is used to manage code and configuration data configuration data in a Trusted Execution Environment (TEE). This
in a Trusted Execution Environment (TEE). An implementation of this document specifies the HTTP transport for OTrP communication where a
document can run outside of any TEE, but interacts with an OTrP Trusted Application Manager (TAM) service is used to manage TEEs in
implementation that runs inside a TEE. devices that can initiate communication to the TAM. An
implementation of this document can (if desired) run outside of any
TEE, but interacts with an OTrP implementation that runs inside a
TEE.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 9, 2020. This Internet-Draft will expire on April 24, 2020.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4
3. Use of Abstract APIs . . . . . . . . . . . . . . . . . . . . 3 3. TEEP Broker Models . . . . . . . . . . . . . . . . . . . . . 4
4. Use of HTTP as a Transport . . . . . . . . . . . . . . . . . 3 3.1. Use of Abstract APIs . . . . . . . . . . . . . . . . . . 5
5. TEEP Broker Behavior . . . . . . . . . . . . . . . . . . . . 4 4. Use of HTTP as a Transport . . . . . . . . . . . . . . . . . 6
5.1. Receiving a request to install a new Trusted Application 4 5. OTrP/HTTP Client Behavior . . . . . . . . . . . . . . . . . . 7
5.1.1. Session Creation . . . . . . . . . . . . . . . . . . 5 5.1. Receiving a request to install a new Trusted Application 7
5.2. Getting a message buffer back from an TEEP Agent . . . . 5 5.1.1. Session Creation . . . . . . . . . . . . . . . . . . 7
5.3. Receiving an HTTP response . . . . . . . . . . . . . . . 6 5.2. Getting a message buffer back from an OTrP implementation 8
5.4. Handling checks for policy changes . . . . . . . . . . . 6 5.3. Receiving an HTTP response . . . . . . . . . . . . . . . 8
5.5. Error handling . . . . . . . . . . . . . . . . . . . . . 7 5.4. Handling checks for policy changes . . . . . . . . . . . 9
6. TAM Broker Behavior . . . . . . . . . . . . . . . . . . . . . 7 5.5. Error handling . . . . . . . . . . . . . . . . . . . . . 9
6.1. Receiving an HTTP POST request . . . . . . . . . . . . . 7 6. OTrP/HTTP Server Behavior . . . . . . . . . . . . . . . . . . 10
6.2. Getting an empty buffer back from the TAM . . . . . . . . 7 6.1. Receiving an HTTP POST request . . . . . . . . . . . . . 10
6.3. Getting a message buffer from the TAM . . . . . . . . . . 7 6.2. Getting an empty buffer back from the OTrP implementation 10
6.4. Error handling . . . . . . . . . . . . . . . . . . . . . 7 6.3. Getting a message buffer from the OTrP implementation . . 10
7. Sample message flow . . . . . . . . . . . . . . . . . . . . . 7 6.4. Error handling . . . . . . . . . . . . . . . . . . . . . 10
8. Security Considerations . . . . . . . . . . . . . . . . . . . 9 7. Sample message flow . . . . . . . . . . . . . . . . . . . . . 10
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10 8. Security Considerations . . . . . . . . . . . . . . . . . . . 12
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 10 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12
10.1. Normative References . . . . . . . . . . . . . . . . . . 10 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 13
10.2. Informative References . . . . . . . . . . . . . . . . . 10 10.1. Normative References . . . . . . . . . . . . . . . . . . 13
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 11 10.2. Informative References . . . . . . . . . . . . . . . . . 13
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 14
1. Introduction 1. Introduction
Trusted Execution Environments (TEEs), including Intel SGX, ARM Trusted Execution Environments (TEEs), including environments based
TrustZone, Secure Elements, and others, enforce that only authorized on Intel SGX, ARM TrustZone, Secure Elements, and others, enforce
code can execute within the TEE, and any memory used by such code is that only authorized code can execute within the TEE, and any memory
protected against tampering or disclosure outside the TEE. The Open used by such code is protected against tampering or disclosure
Trust Protocol (OTrP) is designed to provision authorized code and outside the TEE. The Open Trust Protocol (OTrP) is designed to
configuration into TEEs. provision authorized code and configuration into TEEs.
To be secure against malware, an OTrP implementation (referred to as To be secure against malware, an OTrP implementation (referred to as
an OTrP "Agent" on the client side, and a "Trusted Application a TEEP "Agent" on the client side, and a "Trusted Application Manager
Manager (TAM)" on the server side) must themselves run inside a TEE. (TAM)" on the server side) must themselves run inside a TEE.
However, the transport for OTrP, along with typical networking However, the transport for OTrP, along with the underlying TCP/IP
stacks, need not run inside a TEE. This split allows the set of stack, does not necessarily run inside a TEE. This split allows the
highly trusted code to be kept as small as possible, including set of highly trusted code to be kept as small as possible, including
allowing code (e.g., TCP/IP) that only sees encrypted messages to be allowing code (e.g., TCP/IP) that only sees encrypted messages to be
kept out of the TEE. kept out of the TEE.
The OTrP specification [I-D.ietf-teep-opentrustprotocol] describes The OTrP specification ([I-D.ietf-teep-opentrustprotocol] or
the behavior of TEEP Agents and TAMs, but does not specify the [I-D.tschofenig-teep-otrp-v2]) describes the behavior of TEEP Agents
details of the transport, an implementation of which is referred to and TAMs, but does not specify the details of the transport. The
as a "Broker". The purpose of this document is to provide such purpose of this document is to provide such details. That is, an
details. That is, the HTTP transport for OTrP is implemented in a OTrP over HTTP (OTrP/HTTP) implementation delivers messages up to an
Broker (typically outside a TEE) that delivers messages up to an OTrP OTrP implementation, and accepts messages from the OTrP
implementation, and accepts messages from the OTrP implementation to implementation to be sent over a network. The OTrP over HTTP
be sent over a network. implementation can be implemented either outside a TEE (i.e., in a
TEEP "Broker") or inside a TEE.
There are two topological scenarios in which OTrP could be deployed:
1. TAMs are reachable on the Internet, and Agents are on networks
that might be behind a firewall, so that communication must be
initiated by an Agent. Thus, the Agent has an HTTP Client and
the TAM has an HTTP Server.
2. Agents are reachable on the Internet, and TAMs are on networks
that might be behind a firewall, so that communication must be
initiated by a TAM. Thus, the Agent has an HTTP Server and the
TAM has an HTTP Client.
The remainder of this document focuses primarily on the first
scenario as depicted in Figure 1, but some sections (Section 4 and
Section 8) may apply to the second scenario as well. A fuller
discussion of the second scenario may be handled by a separate
document.
+------------------+ OTrP +------------------+
| TEEP Agent | <----------------------> | TAM |
+------------------+ +------------------+
| |
+------------------+ OTrP over HTTP +------------------+
| OTrP/HTTP Client | <----------------------> | OTrP/HTTP Server |
+------------------+ +------------------+
| |
+------------------+ HTTP +------------------+
| HTTP Client | <----------------------> | HTTP Server |
+------------------+ +------------------+
Figure 1: Agent-to-TAM Communication
2. Terminology 2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP "OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and only when, they appear in all 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here. capitals, as shown here.
This document also uses various terms defined in This document also uses various terms defined in
[I-D.ietf-teep-architecture], including Trusted Execution Environment [I-D.ietf-teep-architecture], including Trusted Execution Environment
(TEE), Trusted Application (TA), Trusted Application Manager (TAM), (TEE), Trusted Application (TA), Trusted Application Manager (TAM),
TEEP Agent, and TEEP Broker. TEEP Agent, TEEP Broker, and Rich Execution Environment (REE).
3. Use of Abstract APIs 3. TEEP Broker Models
This document refers to various APIs between a Broker and an OTrP Section 6 of the TEEP architecture [I-D.ietf-teep-architecture]
implementation in the abstract, meaning the literal syntax and defines a TEEP "Broker" as being a component on the device, but
programming language are not specified, so that various concrete APIs outside the TEE, that facilitates communication with a TAM. As
can be designed (outside of the IETF) that are compliant. depicted in Figure 2, there are multiple ways in which this can be
implemented, with more or fewer layers being inside the TEE. For
example, in model A, the model with the smallest TEE footprint, only
the OTrP implementation is inside the TEE, whereas the OTrP/HTTP
implementation is in the TEEP Broker outside the TEE.
It is common in some TEE architectures (e.g., SGX) to refer to calls Model: A B C ...
into a Trusted Application (TA) as "ECALLs" (or enclave-calls), and
calls out from a Trusted Application (TA) as "OCALLs" (or out-calls).
In other TEE architectures, there may be no OCALLs, but merely data TEE TEE TEE
returned from calls into a TA. This document attempts to be agnostic +----------------+ | | |
as to the concrete API architecture. As such, abstract APIs used in | OTrP | Agent | | | Agent
this document will refer to calls into a TA as API calls, and will | implementation | | | |
simply refer to "passing data" back out of the TA. A concrete API +----------------+ v | |
might pass data back via an OCALL or via data returned from an API | | |
call. +----------------+ ^ | |
| OTrP/HTTP | Broker | | |
| implementation | | | |
+----------------+ | v |
| | |
+----------------+ | ^ |
| HTTP | | | |
| implementation | | | |
+----------------+ | | v
| | |
+----------------+ | | ^
| TCP or QUIC | | | | Broker
| implementation | | | |
+----------------+ | | |
REE REE REE
This document will also refer to passing "no" data back out of a TA. Figure 2: TEEP Broker Models
In an OCALL-based architecture, this might be implemented by not
making any such call. In a return-based architecture, this might be In other models, additional layers are moved into the TEE, increasing
implemented by returning 0 bytes. the TEE footprint, with the Broker either containing or calling the
topmost protocol layer outside of the TEE. An implementation is free
to choose any of these models, although model A is the one we will
use in our examples.
Passing information from an REE component to a TEE component is
typically spoken of as being passed "in" to the TEE, and informaton
passed in the opposite direction is spoken of as being passed "out".
In the protocol layering sense, information is typically spoken of as
being passed "up" or "down" the stack. Since the layer at which
information is passed in/out may vary by implementation, we will
generally use "up" and "down" in this document.
3.1. Use of Abstract APIs
This document refers to various APIs between an OTrP implementation
and an OTrP/HTTP implementation in the abstract, meaning the literal
syntax and programming language are not specified, so that various
concrete APIs can be designed (outside of the IETF) that are
compliant.
Some TEE architectures (e.g., SGX) may support API calls both into
and out of a TEE. In other TEE architectures, there may be no calls
out from a TEE, but merely data returned from calls into a TEE. This
document attempts to be agnostic as to the concrete API architecture
for Broker/Agent communication. Since in model A, the Broker/Agent
communication is done at the layer between the OTrP and OTrP/HTTP
implementations, and there may be some architectures that do not
support calls out of the TEE (which would be downcalls from OTrP in
model A), we will refer to passing information up to the OTrP
implementation as API calls, but will simply refer to "passing data"
back down from an OTrP implementation. A concrete API might pass
data back via an API downcall or via data returned from an API
upcall.
This document will also refer to passing "no" data back out of an
OTrP implementation. In a concrete API, this might be implemented by
not making any downcall, or by returning 0 bytes from an upcall, for
example.
4. Use of HTTP as a Transport 4. Use of HTTP as a Transport
This document uses HTTP [I-D.ietf-httpbis-semantics] as a transport. This document uses HTTP [I-D.ietf-httpbis-semantics] as a transport.
When not called out explicitly in this document, all implementation When not called out explicitly in this document, all implementation
recommendations in [I-D.ietf-httpbis-bcp56bis] apply to use of HTTP recommendations in [I-D.ietf-httpbis-bcp56bis] apply to use of HTTP
by OTrP. by OTrP.
Redirects MAY be automatically followed, and no additional request Redirects MAY be automatically followed, and no additional request
headers beyond those specified by HTTP need be modified or removed headers beyond those specified by HTTP need be modified or removed
skipping to change at page 4, line 23 skipping to change at page 6, line 49
specification): specification):
Content-Type: <content type> Content-Type: <content type>
Cache-Control: no-store Cache-Control: no-store
X-Content-Type-Options: nosniff X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'none' Content-Security-Policy: default-src 'none'
Referrer-Policy: no-referrer Referrer-Policy: no-referrer
Only the POST method is specified for TAM resources exposed over Only the POST method is specified for TAM resources exposed over
HTTP. A URI of such a resource is referred to as a "TAM URI". A TAM HTTP. A URI of such a resource is referred to as a "TAM URI". A TAM
URI can be any HTTP(S) URI. The URI to use is configured in an TEEP URI can be any HTTP(S) URI. The URI to use is configured in a TEEP
Agent via an out-of-band mechanism, as discussed in the next section. Agent via an out-of-band mechanism, as discussed in the next section.
When HTTPS is used, TLS certificates MUST be checked according to When HTTPS is used, TLS certificates MUST be checked according to
[RFC2818]. [RFC2818].
5. TEEP Broker Behavior 5. OTrP/HTTP Client Behavior
5.1. Receiving a request to install a new Trusted Application 5.1. Receiving a request to install a new Trusted Application
When the TEEP Broker receives a notification (e.g., from an In some environments, an application installer can determine (e.g.,
application installer) that an application has a dependency on a from an app manifest) that the application being installed or updated
given Trusted Application (TA) being available in a given type of has a dependency on a given Trusted Application (TA) being available
TEE, the notification will contain the following: in a given type of TEE. In such a case, it will notify a TEEP
Broker, where the notification will contain the following:
- A unique identifier of the TA - A unique identifier of the TA
- Optionally, any metadata to pass to the TEEP Agent. This might - Optionally, any metadata to provide to the OTrP implementation.
include a TAM URI provided in the application manifest, for This might include a TAM URI provided in the application manifest,
example. for example.
- Optionally, any requirements that may affect the choice of TEE, if - Optionally, any requirements that may affect the choice of TEE, if
multiple are available to the TEEP Broker. multiple are available to the TEEP Broker.
When such a notification is received, the TEEP Broker first When a TEEP Broker receives such a notification, it first identifies
identifies in an implementation-dependent way which TEE (if any) is in an implementation-dependent way which TEE (if any) is most
most appropriate based on the constraints expressed. If there is appropriate based on the constraints expressed. If there is only one
only one TEE, the choice is obvious. Otherwise, the choice might be TEE, the choice is obvious. Otherwise, the choice might be based on
based on factors such as capabilities of available TEE(s) compared factors such as capabilities of available TEE(s) compared with TEE
with TEE requirements in the notification. requirements in the notification. Once the TEEP Broker picks a TEE,
it passes the notification to the OTrP/HTTP Cient for that TEE.
The TEEP Broker then informs the TEEP Agent in that TEE by invoking The OTrP/HTTP Client then informs the OTrP implementation in that TEE
an appropriate "RequestTA" API that identifies the TA needed and any by invoking an appropriate "RequestTA" API that identifies the TA
other associated metadata. The TEEP Broker need not know whether the needed and any other associated metadata. The OTrP/HTTP Client need
TEE already has such a TA installed or whether it is up to date. not know whether the TEE already has such a TA installed or whether
it is up to date.
The TEEP Agent will either (a) pass no data back, (b) pass back a TAM The OTrP implementation will either (a) pass no data back, (b) pass
URI to connect to, or (c) pass back a message buffer and TAM URI to back a TAM URI to connect to, or (c) pass back a message buffer and
send it to. The TAM URI passed back may or may not be the same as TAM URI to send it to. The TAM URI passed back may or may not be the
the TAM URI, if any, provided by the broker, depending on the TEEP same as the TAM URI, if any, provided by the OTrP/HTTP Client,
Agent's configuration. If they differ, the TEEP Broker MUST use the depending on the OTrP implementation's configuration. If they
TAM URI passed back. differ, the OTrP/HTTP Client MUST use the TAM URI passed back.
5.1.1. Session Creation 5.1.1. Session Creation
If no data is passed back, the TEEP Broker simply informs its client If no data is passed back, the OTrP/HTTP Client simply informs its
(e.g., the application installer) of success. caller (e.g., the application installer) of success.
If the TEEP Agent passes back a TAM URI with no message buffer, the If the OTrP implementation passes back a TAM URI with no message
TEEP Broker attempts to create session state, then sends an HTTP(S) buffer, the OTrP/HTTP Client attempts to create session state, then
POST to the TAM URI with an Accept header and an empty body. The sends an HTTP(S) POST to the TAM URI with an Accept header and an
HTTP request is then associated with the TEEP Broker's session state. empty body. The HTTP request is then associated with the OTrP/HTTP
Client's session state.
If the TEEP Agent instead passes back a TAM URI with a message If the OTrP implementation instead passes back a TAM URI with a
buffer, the TEEP Broker attempts to create session state and handles message buffer, the OTrP/HTTP Client attempts to create session state
the message buffer as specified in Section 5.2. and handles the message buffer as specified in Section 5.2.
Session state consists of: Session state consists of:
- Any context (e.g., a handle) that identifies the API session with - Any context (e.g., a handle) that identifies the API session with
the TEEP Agent. the OTrP implementation.
- Any context that identifies an HTTP request, if one is - Any context that identifies an HTTP request, if one is
outstanding. Initially, none exists. outstanding. Initially, none exists.
5.2. Getting a message buffer back from an TEEP Agent 5.2. Getting a message buffer back from an OTrP implementation
When a message buffer (and TAM URI) is passed to a TEEP Broker from When an OTrP implementation passes a message buffer (and TAM URI) to
an TEEP Agent, the TEEP Broker MUST do the following, using the TEEP an OTrP/HTTP Client, the OTrP/HTTP Client MUST do the following,
Broker's session state associated with its API call to the TEEP using the OTrP/HTTP Client's session state associated with its API
Agent. call to the OTrP implementation.
The TEEP Broker sends an HTTP POST request to the TAM URI with Accept The OTrP/HTTP Client sends an HTTP POST request to the TAM URI with
and Content-Type headers with the OTrP media type in use, and a body Accept and Content-Type headers with the OTrP media type in use, and
containing the OTrP message buffer provided by the TEEP Agent. The a body containing the OTrP message buffer provided by the OTrP
HTTP request is then associated with the TEEP Broker's session state. implementation. The HTTP request is then associated with the OTrP/
HTTP Client's session state.
5.3. Receiving an HTTP response 5.3. Receiving an HTTP response
When an HTTP response is received in response to a request associated When an HTTP response is received in response to a request associated
with a given session state, the TEEP Broker MUST do the following. with a given session state, the OTrP/HTTP Client MUST do the
following.
If the HTTP response body is empty, the TEEP Broker's task is If the HTTP response body is empty, the OTrP/HTTP Client's task is
complete, and it can delete its session state, and its task is done. complete, and it can delete its session state, and its task is done.
If instead the HTTP response body is not empty, the TEEP Broker calls If instead the HTTP response body is not empty, the OTrP/HTTP Client
a "ProcessOTrPMessage" API (Section 6.2 of calls a "ProcessOTrPMessage" API (Section 6.2 of
[I-D.ietf-teep-opentrustprotocol]) to pass the response body to the [I-D.ietf-teep-opentrustprotocol]) to pass the response body up to
TEEP Agent associated with the session. The TEEP Agent will then the OTrP implementation associated with the session. The OTrP
pass no data back, or pass pack a message buffer. implementation will then either pass no data back, or pass back a
message buffer.
If no data is passed back, the TEEP Broker's task is complete, and it If no data is passed back, the OTrP/HTTP Client's task is complete,
can delete its session state, and inform its client (e.g., the and it can delete its session state, and inform its caller (e.g., the
application installer) of success. application installer) of success.
If instead the TEEP Agent passes back a message buffer, the TEEP If instead the OTrP implementation passes back a message buffer, the
Broker handles the message buffer as specified in Section 5.2. OTrP/HTTP Client handles the message buffer as specified in
Section 5.2.
5.4. Handling checks for policy changes 5.4. Handling checks for policy changes
An implementation MUST provide a way to periodically check for OTrP An implementation MUST provide a way to periodically check for OTrP
policy changes. This can be done in any implementation-specific policy changes. This can be done in any implementation-specific
manner, such as: manner, such as:
A) The TEEP Broker might call into the TEEP Agent at an interval A) The OTrP/HTTP Client might call up to the OTrP implementation at
previously specified by the TEEP Agent. This approach requires that an interval previously specified by the OTrP implementation. This
the TEEP Broker be capable of running a periodic timer. approach requires that the OTrP/HTTP Client be capable of running a
periodic timer.
B) The TEEP Broker might be informed when an existing TA is invoked, B) The OTrP/HTTP Client might be informed when an existing TA is
and call into the TEEP Agent if more time has passed than was invoked, and call up to the OTrP implementation if more time has
previously specified by the TEEP Agent. This approach allows the passed than was previously specified by the OTrP implementation.
device to go to sleep for a potentially long period of time. This approach allows the device to go to sleep for a potentially long
period of time.
C) The TEEP Broker might be informed when any attestation attempt C) The OTrP/HTTP Client might be informed when any attestation
determines that the device is out of compliance, and call into the attempt determines that the device is out of compliance, and call up
TEEP Agent to remediate. to the OTrP implementation to remediate.
The TEEP Broker informs the TEEP Agent by invoking an appropriate The OTrP/HTTP Client informs the OTrP implementation by invoking an
"RequestPolicyCheck" API. The TEEP Agent will either (a) pass no appropriate "RequestPolicyCheck" API. The OTrP implementation will
data back, (b) pass back a TAM URI to connect to, or (c) pass back a either (a) pass no data back, (b) pass back a TAM URI to connect to,
message buffer and TAM URI to send it to. Processing then continues or (c) pass back a message buffer and TAM URI to send it to.
as specified in Section 5.1.1. Processing then continues as specified in Section 5.1.1.
5.5. Error handling 5.5. Error handling
If any local error occurs where the TEEP Broker cannot get a message If any local error occurs where the OTrP/HTTP Client cannot get a
buffer (empty or not) back from the TEEP Agent, the TEEP Broker message buffer (empty or not) back from the OTrP implementation, the
deletes its session state, and informs its client (e.g., the OTrP/HTTP Client deletes its session state, and informs its caller
application installer) of a failure. (e.g., the application installer) of a failure.
If any HTTP request results in an HTTP error response or a lower If any HTTP request results in an HTTP error response or a lower
layer error (e.g., network unreachable), the TEEP Broker calls the layer error (e.g., network unreachable), the OTrP/HTTP Client calls
TEEP Agent's "ProcessError" API, and then deletes its session state the OTrP implementation's "ProcessError" API, and then deletes its
and informs its client of a failure. session state and informs its caller of a failure.
6. TAM Broker Behavior 6. OTrP/HTTP Server Behavior
6.1. Receiving an HTTP POST request 6.1. Receiving an HTTP POST request
When an HTTP POST request is received with an empty body, the TAM When an HTTP POST request is received with an empty body, the OTrP/
Broker invokes the TAM's "ProcessConnect" API. The TAM will then HTTP Server invokes the TAM's "ProcessConnect" API. The TAM will
pass back a (possibly empty) message buffer. then pass back a (possibly empty) message buffer.
When an HTTP POST request is received with a non-empty body, the TAM When an HTTP POST request is received with a non-empty body, the
Broker calls the TAM's "ProcessOTrPMessage" API to pass it the OTrP/HTTP Server calls the TAM's "ProcessOTrPMessage" API to pass it
request body. The TAM will then pass back a (possibly empty) message the request body. The TAM will then pass back a (possibly empty)
buffer. message buffer.
6.2. Getting an empty buffer back from the TAM 6.2. Getting an empty buffer back from the OTrP implementation
If the TAM passes back an empty buffer, the TAM Broker sends a If the OTrP implementation passes back an empty buffer, the OTrP/HTTP
successful (2xx) response with no body. Server sends a successful (2xx) response with no body.
6.3. Getting a message buffer from the TAM 6.3. Getting a message buffer from the OTrP implementation
If the TAM passes back a non-empty buffer, the TAM Broker generates a If the OTrP implementation passes back a non-empty buffer, the OTrP/
successful (2xx) response with a Content-Type header with the OTrP HTTP Server generates a successful (2xx) response with a Content-Type
media type in use, and with the message buffer as the body. header with the OTrP media type in use, and with the message buffer
as the body.
6.4. Error handling 6.4. Error handling
If any error occurs where the TAM Broker cannot get a message buffer If any error occurs where the OTrP/HTTP Server cannot get a message
(empty or not) back from the TAM, the TAM Broker generates an buffer (empty or not) back from the OTrP implementation, the OTrP/
appropriate HTTP error response. HTTP Server generates an appropriate HTTP error response.
7. Sample message flow 7. Sample message flow
The following shows a sample OTrP message flow that uses application/ The following shows a sample OTrP message flow that uses application/
otrp+json as the Content-Type. otrp+json as the Content-Type.
1. An application installer determines (e.g., from an app manifest) 1. An application installer determines (e.g., from an app manifest)
that the application has a dependency on TA "X", and passes this that the application has a dependency on TA "X", and passes this
notification to the TEEP Broker. The TEEP Broker picks an TEEP notification to the TEEP Broker. The TEEP Broker picks a TEE
Agent (e.g., the only one available) based on this notification. (e.g., the only one available) based on this notification, and
passes the information to the OTrP/HTTP Cient for that TEE.
2. The TEEP Broker calls the TEEP Agent's "RequestTA" API, passing 2. The OTrP/HTTP Client calls the OTrP implementation's "RequestTA"
TA Needed = X. API, passing TA Needed = X.
3. The TEEP Agent finds that no such TA is already installed, but 3. The OTrP implementation finds that no such TA is already
that it can be obtained from a given TAM. The TEEP Agent passes installed, but that it can be obtained from a given TAM. The
the TAM URI (e.g., "https://example.com/tam") to the TEEP TEEP Agent passes the TAM URI (e.g., "https://example.com/tam")
Broker. (If the TEEP Agent already had a cached TAM certificate to the OTrP/HTTP Client. (If the OTrP implementation already
that it trusts, it could skip to step 9 instead and generate a had a cached TAM certificate that it trusts, it could skip to
GetDeviceStateResponse.) step 9 instead and generate a GetDeviceStateResponse.)
4. The TEEP Broker sends an HTTP POST request to the TAM URI: 4. The OTrP/HTTP Client sends an HTTP POST request to the TAM URI:
POST /tam HTTP/1.1 POST /tam HTTP/1.1
Host: example.com Host: example.com
Accept: application/otrp+json Accept: application/otrp+json
Content-Length: 0 Content-Length: 0
User-Agent: Foo/1.0 User-Agent: Foo/1.0
5. The TAM Broker receives the HTTP POST request, and calls the 5. On the TAM side, the OTrP/HTTP Server receives the HTTP POST
TAM's "ProcessConnect" API. request, and calls the OTrP implementation's "ProcessConnect"
API.
6. The TAM generates an OTrP message (typically 6. The OTrP implementation generates an OTrP message (where
GetDeviceStateRequest is the first message) and passes it to the typically GetDeviceStateRequest is the first message) and passes
TAM Broker. it to the OTrP/HTTP Server.
7. The TAM Broker sends an HTTP successful response with the OTrP 7. The OTrP/HTTP Server sends an HTTP successful response with the
message in the body: OTrP message in the body:
HTTP/1.1 200 OK HTTP/1.1 200 OK
Content-Type: application/otrp+json Content-Type: application/otrp+json
Content-Length: [length of OTrP message here] Content-Length: [length of OTrP message here]
Server: Bar/2.2 Server: Bar/2.2
Cache-Control: no-store Cache-Control: no-store
X-Content-Type-Options: nosniff X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'none' Content-Security-Policy: default-src 'none'
Referrer-Policy: no-referrer Referrer-Policy: no-referrer
[OTrP message here] [OTrP message here]
8. The TEEP Broker gets the HTTP response, extracts the OTrP 8. Back on the TEEP Agent side, the OTrP/HTTP Client gets the HTTP
message and calls the TEEP Agent's "ProcessOTrPMessage" API to response, extracts the OTrP message and calls the OTrP
pass it the message. implementation's "ProcessOTrPMessage" API to pass it the
message.
9. The TEEP Agent processes the OTrP message, and generates an OTrP 9. The OTrP implementation processes the OTrP message, and
response (e.g., GetDeviceStateResponse) which it passes back to generates an OTrP response (e.g., GetDeviceStateResponse) which
the TEEP Broker. it passes back to the OTrP/HTTP Client.
10. The TEEP Broker gets the OTrP message buffer and sends an HTTP 10. The OTrP/HTTP Client gets the OTrP message buffer and sends an
POST request to the TAM URI, with the OTrP message in the body: HTTP POST request to the TAM URI, with the OTrP message in the
body:
POST /tam HTTP/1.1 POST /tam HTTP/1.1
Host: example.com Host: example.com
Accept: application/otrp+json Accept: application/otrp+json
Content-Type: application/otrp+json Content-Type: application/otrp+json
Content-Length: [length of OTrP message here] Content-Length: [length of OTrP message here]
User-Agent: Foo/1.0 User-Agent: Foo/1.0
[OTrP message here] [OTrP message here]
11. The TAM Broker receives the HTTP POST request, and calls the 11. The OTrP/HTTP Server receives the HTTP POST request, and calls
TAM's "ProcessOTrPMessage" API. the OTrP implementation's "ProcessOTrPMessage" API.
12. Steps 6-11 are then repeated until the TAM passes no data back 12. Steps 6-11 are then repeated until the OTrP implementation
to the TAM Broker in step 6. passes no data back to the OTrP/HTTP Server in step 6.
13. The TAM Broker sends an HTTP successful response with no body: 13. The OTrP/HTTP Server sends an HTTP successful response with no
body:
HTTP/1.1 204 No Content HTTP/1.1 204 No Content
Server: Bar/2.2 Server: Bar/2.2
14. The TEEP Broker deletes its session state. 14. The OTrP/HTTP Client deletes its session state.
8. Security Considerations 8. Security Considerations
Although OTrP is protected end-to-end inside of HTTP, there is still Although OTrP is protected end-to-end inside of HTTP, there is still
value in using HTTPS for transport, since HTTPS can provide value in using HTTPS for transport, since HTTPS can provide
additional protections as discussed in Section 6 of additional protections as discussed in Section 6 of
[I-D.ietf-httpbis-bcp56bis]. As such, Broker implementations MUST [I-D.ietf-httpbis-bcp56bis]. As such, OTrP/HTTP implementations MUST
support HTTPS. The choice of HTTP vs HTTPS at runtime is up to support HTTPS. The choice of HTTP vs HTTPS at runtime is up to
policy, where an administrator configures the TAM URI to be used, but policy, where an administrator configures the TAM URI to be used, but
it is expected that real deployments will always use HTTPS TAM URIs. it is expected that real deployments will always use HTTPS TAM URIs.
9. IANA Considerations 9. IANA Considerations
This document has no actions for IANA. This document has no actions for IANA.
10. References 10. References
skipping to change at page 10, line 23 skipping to change at page 13, line 19
[I-D.ietf-httpbis-semantics] [I-D.ietf-httpbis-semantics]
Fielding, R., Nottingham, M., and J. Reschke, "HTTP Fielding, R., Nottingham, M., and J. Reschke, "HTTP
Semantics", draft-ietf-httpbis-semantics-05 (work in Semantics", draft-ietf-httpbis-semantics-05 (work in
progress), July 2019. progress), July 2019.
[I-D.ietf-teep-opentrustprotocol] [I-D.ietf-teep-opentrustprotocol]
Pei, M., Atyeo, A., Cook, N., Yoo, M., and H. Tschofenig, Pei, M., Atyeo, A., Cook, N., Yoo, M., and H. Tschofenig,
"The Open Trust Protocol (OTrP)", draft-ietf-teep- "The Open Trust Protocol (OTrP)", draft-ietf-teep-
opentrustprotocol-03 (work in progress), May 2019. opentrustprotocol-03 (work in progress), May 2019.
[I-D.tschofenig-teep-otrp-v2]
Pei, M., Tschofenig, H., and D. Wheeler, "The Open Trust
Protocol (OTrP) v2", draft-tschofenig-teep-otrp-v2-00
(work in progress), July 2019.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, <https://www.rfc- DOI 10.17487/RFC2119, March 1997, <https://www.rfc-
editor.org/info/rfc2119>. editor.org/info/rfc2119>.
[RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818,
DOI 10.17487/RFC2818, May 2000, <https://www.rfc- DOI 10.17487/RFC2818, May 2000, <https://www.rfc-
editor.org/info/rfc2818>. editor.org/info/rfc2818>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
skipping to change at page 10, line 46 skipping to change at page 13, line 47
10.2. Informative References 10.2. Informative References
[I-D.ietf-httpbis-bcp56bis] [I-D.ietf-httpbis-bcp56bis]
Nottingham, M., "Building Protocols with HTTP", draft- Nottingham, M., "Building Protocols with HTTP", draft-
ietf-httpbis-bcp56bis-08 (work in progress), November ietf-httpbis-bcp56bis-08 (work in progress), November
2018. 2018.
[I-D.ietf-teep-architecture] [I-D.ietf-teep-architecture]
Pei, M., Tschofenig, H., Wheeler, D., Atyeo, A., and D. Pei, M., Tschofenig, H., Wheeler, D., Atyeo, A., and D.
Liu, "Trusted Execution Environment Provisioning (TEEP) Liu, "Trusted Execution Environment Provisioning (TEEP)
Architecture", draft-ietf-teep-architecture-02 (work in Architecture", draft-ietf-teep-architecture-03 (work in
progress), March 2019. progress), July 2019.
Author's Address Author's Address
Dave Thaler Dave Thaler
Microsoft Microsoft
EMail: dthaler@microsoft.com EMail: dthaler@microsoft.com
 End of changes. 64 change blocks. 
201 lines changed or deleted 314 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/