Revised OTrP Draft #16
Conversation
Uploading draft without version number in the filename to better track progress over time.
will become an extension to the main spec
.... because it is already described in the architecture draft
Removed text related to transport. Propose to include JSON/JOSE-related text in a future version.
mingpeiwk
left a comment
mingpeiwk
left a comment
There was a problem hiding this comment.
-
TA update API removal. TA personalization data update MAY need an “TrustedAppUpdate” API for safer handling of existing instance data. “Install” may or may not retain existing data while we try to do so for “upgrade” case of a TA binary.
-
TEEP Broker APIs. Architecture doc will call out the component but the exact APIs may not be detailed in that doc. TEEP Broker to OTrP Agent interface should be the same if there is another “protocol” in future. I feel that there needs some verbiage for the OTrP Agent in OTrP. This is an action item to touch on both architecture and protocol doc, I think.
-
Supported algorithms. We previously explicitly call out what OTrP will mandate and support. They could be the same as what architecture doc mandates but the protocol may need to state what it supports and complies.
-
Understood that we will add “sample / example messages” later in Appendix.
-
The protocol may be said "between an OTrP Server" and an OTrP Broker in TEE which relays messages to an OTrP Agent" where the agent runs in TEE. Currently it says "a protocol
for communicating between an OTrP server (as part of a TAM) and an OTrP client
(which is a client-side component running in the REE).
mingpeiwk
left a comment
mingpeiwk
left a comment
There was a problem hiding this comment.
We may need to rephrase in this protocol document that OTrP Agent is present, and expects to support the API requests that an TEEP Broker will send.
mingpeiwk
left a comment
mingpeiwk
left a comment
There was a problem hiding this comment.
Typo in section "TA Binary":
a varity of --> variety
digitial signatures --> digital signatures
"This data is also protected by a SUIT manifest."
On TA binary and personalization data, the prior draft mandates encryption using a device's public key. The current version seems to leave that to a configurable choice, is it?
Section "OTrP Broker":
Information in the manifest
ensures that the OTrP Agents are protected against such
downgrading attacks.
It was previously based on "pre-image" hash for OTrP Agent to detect whether a request is expected. Try to see how manifest deliver this protection. Can we add some elaboration here? Is it possible to have "Install, Delete, Install" to become "install, install, and delete"?
Two "CA Compromise" sections. The first one may be changed to "TAM certificate revocation status". It is about the end-entity certificate, not the CA.
mingpeiwk
left a comment
mingpeiwk
left a comment
There was a problem hiding this comment.
Need to add sample messages back later with name changes and SD API set removal.
| <t> | ||
| <list hangIndent="2" style="hanging"> | ||
| <t hangText="Type name:"> application</t> | ||
| <t hangText="Subtype name:"> otrp+json</t> |
There was a problem hiding this comment.
did you mean "otrpv2+json"? Currently this line contradicts line 650
3 participants
Uploading draft without version number in the filename to better track progress over time.