Clarification regarding Data Protection

[hannestschofenig]

The protocol between TEEP Agents and TAMs similarly is responsible for securely providing integrity and confidentiality protection against adversaries between them. Since the transport protocol under the TEEP protocol might be implemented outside a TEE, as discussed in Section 6, it cannot be relied upon for sufficient protection. The TEEP protocol provides integrity protection, but confidentiality must be provided by payload encryption, i.e., using encrypted TA binaries and encrypted attestation information. See [I-D.ietf-teep-protocol] for more discussion.

Re-work the text to clarify that this is a design choice whether to terminate TLS inside the TEE or outside. Different solutions have taken a different approach here and the architecture should be agnostic to it.

[dthaler]

What is the issue? The text says "might be implemented outside a TEE" so it already implies it's a design choice. Hence to me it's already clear enough and agnostic to it.

Also, as an aside, that paragraph is transport protocol agnostic, so if there were a binding over something other than TLS (e.g., DTLS or OPC UA's security protocol) it would still be correct.

I'd propose resolving this as wont fix.

[hannestschofenig]

Here is my proposal: https://github.com/ietf-teep/architecture/pull/229

[hannestschofenig]

The issue is that I see others coming with different solutions that fit the same architectural description and problem statement.

Reading through the draft I noticed that there are a few places where we go the step from the architecture to the solution details. This is not really necessary and hence I wanted to make it a bit more generic

[dthaler]

Fixed in draft -15