Trusted Execution Environment Provisioning (teep)

WG Name Trusted Execution Environment Provisioning
Acronym teep
Area Security Area (sec)
State BOF
Charter charter-ietf-teep-00-01 Internal review
Dependencies Document dependency graph (SVG)
Additional URLs Wiki
Issue tracker
Personnel Chairs Dave Thaler
Nancy Cam-Winget
Area Director Kathleen Moriarty
Mailing list Address
To subscribe
Jabber chat Room address

Charter for Working Group

The Trusted Execution Environment (TEE) is a secure area of a processor. The TEE provides security features such as isolated execution, integrity of Trusted Applications along with confidentiality of their assets. In general terms, the TEE offers an execution space that provides a higher level of security than a "rich" operating system and more functionality than a secure element. For example, implementations of the TEE concept have been developed by ARM, and Intel using the TrustZone and the SGX technology, respectively.

To programmatically install, update, and delete applications in a TEE, this protocol runs between a service within the TEE, a relay application or service access point on the device's network stack and a server-side infrastructure that interacts with and optionally maintains the applications. Some tasks are security sensitive and the server side requires information about the device characteristics in the form of attestation and the device-side may require information about the server.

Privacy considerations have to be taken into account with authentication features and attestation.

This working group aims to develop an application layer protocol providing TEEs with a lifecycle management of trusted applications and security domain management.

A security domain allows a service provider's applications to be isolated so that one security domain cannot be influenced by another, unless it exposes an API to allow it.

The solution approach must take a wide range of TEE and relevant technologies into account and will focus on the use of public key cryptography.

The group will produce the following deliverables. The first draft is an architecture document describing the involved entities, their relationships, assumptions, the keying framework and relevant use cases. Second, a solution document that describes the above-described functionality will be developed. The choice of encoding format(s) will be decided in the working group. The group may document several attestation technologies considering the different hardware capabilities, performance, privacy, and operational properties.

The group will maintain a close relationship with the IETF SUIT working group, GlobalPlatform, Trusted Computing Group, and other relevant standards to ensure proper use of existing TEE-relevant application layer interfaces.


Date Milestone
Feb 2019 Submit "TEEP Protocol" to the IESG for publication as a Proposed Standard.
Jul 2018 Calendar item: 2nd interoperability event (at IETF #102).
Jul 2018 Submit "TEEP Architecture" to the IESG for publication as an Informational RFC.
Mar 2018 Calendar item: 1st interoperability event (at IETF #101).
Feb 2018 Submit "TEEP Protocol" document as WG item.
Dec 2017 Submit "TEEP Architecture" document as WG item.
Nov 2017 Calendar item: IETF #100 Hackathon to work on TEEP protocol prototype implementations.