ietf-teep / architecture

TEEP architecture draft
5 stars 9 forks source link

Intdir comments: TAM trust by public key elaboration with constraints #244

Closed mingpeiwk closed 1 year ago

mingpeiwk commented 2 years ago

Bob Halley commented:

In the section 4.1 definition of Trusted Application Manager, it says

  The TAM is trusted by a device if the TAM's public key is, or
  chains up to, an authorized Trust Anchor in the device.

If you have read carefully and remember the definiton of Trust Anchor, you realize this means the TAM is trusted subject to the constraints on its authority, but it might be good to reiterate this point here, as it reads like "is unconditionally trusted" if you don't remember the definition. Also, it was not clear if the chaining process could have further restricted the scope of the TAM, e.g. due to additional restrictions on certificates beneath the trust anchor.

mingpeiwk commented 2 years ago

Agreed. How about the following revision?

The TAM is trusted by a device if the TAM's public key is, or chains up to, an authorized Trust Anchor in the device, and conforms with all constraints defined in the Trust Anchor.