* WGs marked with an * asterisk has had at least one new draft made available during the last 5 days

Teep Status Pages

Trusted Execution Environment Provisioning (Active WG)
Sec Area: Eric Rescorla, Benjamin Kaduk | 2018-Mar-09 —  

2018-03-21 charter

Trusted Execution Environment Provisioning (teep)


 Current Status: Active

     Dave Thaler <dthaler@microsoft.com>
     Nancy Cam-Winget <ncamwing@cisco.com>

 Security Area Directors:
     Benjamin Kaduk <kaduk@mit.edu>
     Eric Rescorla <ekr@rtfm.com>

 Security Area Advisor:
     Benjamin Kaduk <kaduk@mit.edu>

 Mailing Lists:
     General Discussion: teep@ietf.org
     To Subscribe:       https://www.ietf.org/mailman/listinfo/teep
     Archive:            https://mailarchive.ietf.org/arch/browse/teep/

Description of Working Group:

  The Trusted Execution Environment (TEE) is a secure area of a processor. The TEE provides security features such as isolated execution and integrity of Trusted Applications, along with provisions for maintaining the confidentiality of their assets. In general terms, the TEE offers an execution space that provides a higher level of security than a "rich" operating system and more functionality than a secure element. For example, implementations of the TEE concept have been developed by ARM and Intel, using the TrustZone and the SGX technology, respectively.

  To programmatically install, update, and delete applications in a TEE, the Trusted Execution Environment Provisioning protocol runs between a service within the TEE on a given device, a relay application or service access point on the device's network stack and a server-side infrastructure that interacts with and optionally maintains the applications. Some tasks are security sensitive and the server side requires information about the device characteristics in the form of attestation and the device-side may require information about the server.

  Privacy considerations have to be taken into account with authentication features and attestation.

  This working group aims to develop an a protocol providing TEEs with lifecycle management and security domain management for trusted applications.

  A security domain allows a service provider's applications to be isolated so that one security domain cannot be influenced by another domain, unless the domain exposes an API to allow inter-domain interactions.

  The solution approach must take a wide range of TEE and relevant technologies into account and will focus on the use of public key cryptography.

  The group will produce the following deliverables. The first document is on architecture, describing the involved entities, their relationships, assumptions, the keying framework, and relevant use cases. Second, a solution document that includes the above-described functionality in a protocol will be developed. The choice of encoding format(s) will be decided in the working group. The group may document several attestation technologies considering the different hardware capabilities, performance, privacy, and operational properties.

  The group will maintain a close relationship with the IETF SUIT working group, GlobalPlatform, Trusted Computing Group, and other relevant standards groups to ensure interoperability, compatibility, and proper use of existing TEE-relevant application layer interfaces.

Goals and Milestones:
  Mar 2018 - Adopt an Architecture document
  Mar 2018 - Adopt a solution document
  Aug 2018 - Progress Solution document to the IESG for publication
  Dec 2018 - Begin WGLC for Architecture document
  Jan 2019 - Progress Architecture document to the IESG for publication
  Jul 2019 - Begin WGLC for Solution document

All charter page changes, including changes to draft-list, rfc-list and milestones:

Generated from PyHt script /wg/teep/charters.pyht Latest update: 24 Oct 2012 16:51 GMT -