[Rats] Re: FW: New Version Notification for draft-reddy-rats-key-binding-01.txt
Nathanael Ritz <nathanritz@gmail.com> Mon, 08 June 2026 07:43 UTC
Return-Path: <nathanritz@gmail.com>
X-Original-To: rats@mail2.ietf.org
Delivered-To: rats@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 7600DFD32F54 for <rats@mail2.ietf.org>; Mon, 8 Jun 2026 00:43:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1780904596; bh=rZnisY9tfwaHJFDo3DvarnyN6w3PAvLGhtQcS3PieHc=; h=References:In-Reply-To:From:Date:Subject:To:Cc; b=Uv4KUY4zkuy7nVsspfwXxgb2GHZlZqSxLM3EIsipx9YM1aUt0YU9v96cfXfF0mAeS 4ssauZ07LhKrDY6WbzI965jzQFkxggwpUWxlmO2Npm/prffTR0myXWsGpYye67ZmUs R6Iq8HnI+j0wRfiuQRj6doVX1kcbaW2ZC0MzJpmw=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PT7IoQO-LEsP for <rats@mail2.ietf.org>; Mon, 8 Jun 2026 00:43:14 -0700 (PDT)
Received: from mail-dl1-x122a.google.com (mail-dl1-x122a.google.com [IPv6:2607:f8b0:4864:20::122a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 65BE6FD32F42 for <rats@ietf.org>; Mon, 8 Jun 2026 00:43:14 -0700 (PDT)
Received: by mail-dl1-x122a.google.com with SMTP id a92af1059eb24-13807d2f898so2687743c88.0 for <rats@ietf.org>; Mon, 08 Jun 2026 00:43:14 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1780904593; cv=none; d=google.com; s=arc-20240605; b=Qrs2n0N+ikHvZH8SAY2y+wLO1vkN9MBZHakkEAhGvOXgyMn1tqt/Ti6hjwDNzqYn4u o9KteWxoht8E6uUgwHl1EZme6rNDaFfi9lpJHFglik1Rud5/5apIoE1Ejv8bTEEeaKjy L6TSA9r4pY8ym9Wgp0cYrnWGNwli5mlKiSk5Ub43kJWaHRM3FW3R/A6/kt+D5Hxc7lbW xCyzQlQdQd91tBaRGc5/y9BxzQnR8Riw6wb2EBkjSiisfr2mS+B3oCuhC1cd4rTy+0/T f5LikMBfiThlq2j3p42B6mFDhjwpALZUmrm6rNRQ0bU4QCIdLX3pC90S+/s1AiJmfaUs 0oqw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=bYdCsvKLE5OIZXXag8wEvtIf6MswmQQiYXXZPTjr3EM=; fh=QQKTmOrQcD6kMRvabZvYh6+LCIUN/WOVcAECipjFQiM=; b=D7+G8HcoIO1dVBd1iHVtFSXiy9SMSPK7dQgk3d4CaM1P048zuZJPM27uOyIjfjFZgW MdulWg9QXSiQssTQVi7Ju3z5sqReSDpD7mBaS2O4FGpSqJ1P6jxtKXWW//lB1L+Ttzom ptxUddF2ZnhV/loCRqmmy9Aw4lLjEhCVwNwNkpa8Sc5L9UyBk0XVqbmJmj44qsgmuTGD HWkzn7wVPmyffyr/BnbYeM53zAxky+FegdduRzEsYTQKZbX0GYgtwLoeDAtI3LOjZtk5 K4rZO/wpODObZrMwlhEllxpTX/s0Cb5kCGeXff7S8DvoHJNbKQLe6FhM9rrW/lIukCYX jjyw==; darn=ietf.org
ARC-Authentication-Results: i=1; mx.google.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1780904593; x=1781509393; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=bYdCsvKLE5OIZXXag8wEvtIf6MswmQQiYXXZPTjr3EM=; b=Smp3HS39c0BGE58GxjDOnQUicS/nWfOYCS8oIjoNA5FSrYxKr56KezzypvPm0drobW G7a6M2twhNFP8ZDbUTSBIZiR8rKvTpvqfop5fDEBT3/BSZ+UmhVc2aRpzUQhIHSqs3Mf +gThu4hmFAYxqozCgbjH1L82LGyXw0uMlzoEuiku+EwVxRaAMc4BvfvvmyE4Gh3MOz92 ua6q/ugNH//Qy0ztgFxaC1UMGDm8fqII42rYHsiq1O/fMc0DhYHfbCFkEwq1qgjNpTRT TDZLOWp2T5c7bKKROitJZ6gD8eCw8RY09J76l7jyUUD67T4d0IyQoNSCPi22U+9d1Evm QSYQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780904593; x=1781509393; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=bYdCsvKLE5OIZXXag8wEvtIf6MswmQQiYXXZPTjr3EM=; b=YK7+7npHppBh9AsSAm2OEZ02ZaeaGuLzoyGs5qR9lx9vMmfQtJ/+9mCTIye4zicEq1 CN4Scf6fJ0119/7tA0KnSOJRjD3YkdKJLafiACotP7Ky7atokfEcmXTMfJxQ3DY4sXC7 L2bumCNegSRZIGnhIC7vVYRJfJ1tdF5GPCeJyYDyzxykV46g2u5QNwPL8apmwHKxWMkG rvxtJzTx2qVq7djYsz+frH0Va8BDkG8vyxz5/LlIIcVPRQA+GLoIWHIHDxcbGBvkfWEF 7di5An1EHdeLeWbwrspRyTHy33sIGYhgz45PsehHt6Eo8TwJntcid05HP+vKdKuDEfu5 5dvA==
X-Gm-Message-State: AOJu0YzNLV/Li3BucDku7CvT0ctDwflV6wkeuA3EG13QtBPbaN2yLELN yzFLSL3BXcH6991ShPM/YI0ewh10EthekI6wFAxGblXn30j0DrNxqf55qAIM3meALIDh59+8kIi 7tF5VpSnKoZL80Ma/CxJXxcIVcn6/bpk=
X-Gm-Gg: Acq92OG6b4U1SrknKY/+KmrlrT9qH1OCRIze0vZn2N56ANNHWmebVvbMhsltP3iZaX3 gUGfStdDaCLYlcvTJdCj4WvXdPv7UcJTcCT+EEQsyXaIZzDUpjx2BHQcgfmiXxor5M76M3oENBD nl8IyeljnaWdJXsnWlPqPNGSxUoFt4nQIz+AIlO5VIJoeeASdKEM6lKbOr5ZYzKbyKQMUgZ6jU7 l6QAYlbnXp1fjQwQLOMBm9wuB53y0Q6+WMHUQAfz2q4Ziq6y9MDCQKqOocU/BWrQWeVajB6D943 sR3ai3qOSm7MMUqZrQ==
X-Received: by 2002:a05:7022:1a83:b0:138:e4:c44d with SMTP id a92af1059eb24-138067200f7mr6028631c88.25.1780904593115; Mon, 08 Jun 2026 00:43:13 -0700 (PDT)
MIME-Version: 1.0
References: <178083833289.681442.6533944152767384674@dt-datatracker-6784c69984-gl6cv> <AMBPR07MB11383CB81128162D4125806A3AB1F2@AMBPR07MB11383.eurprd07.prod.outlook.com> <CAFpG3genw-z=YnnzGco4p-8V=b1NAYLT04HgdqVzxAwAnDbp0Q@mail.gmail.com>
In-Reply-To: <CAFpG3genw-z=YnnzGco4p-8V=b1NAYLT04HgdqVzxAwAnDbp0Q@mail.gmail.com>
From: Nathanael Ritz <nathanritz@gmail.com>
Date: Mon, 08 Jun 2026 01:43:01 -0600
X-Gm-Features: AVVi8CdkRThKvSM1VzLj4c0LvBgXzgrW3oKeeAHpoUInb1KOOQ-PGX0EpR69i-I
Message-ID: <CAHxYnaMeOVELqSNYvu2DEmkKVFTQ_h+FkQvyd+oa1Cce05x51w@mail.gmail.com>
To: tirumal reddy <kondtir@gmail.com>
Content-Type: multipart/alternative; boundary="000000000000a6cf9f0653b92906"
Message-ID-Hash: MZHQITOAV24M6BAYA6MVWDY3X3OR6SF5
X-Message-ID-Hash: MZHQITOAV24M6BAYA6MVWDY3X3OR6SF5
X-MailFrom: nathanritz@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-rats.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: rats@ietf.org, "seat@ietf.org" <seat@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Rats] Re: FW: New Version Notification for draft-reddy-rats-key-binding-01.txt
List-Id: Remote ATtestation procedureS <rats.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/5THY2Y4HfUyKuRsL228OT8cOEzE>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Owner: <mailto:rats-owner@ietf.org>
List-Post: <mailto:rats@ietf.org>
List-Subscribe: <mailto:rats-join@ietf.org>
List-Unsubscribe: <mailto:rats-leave@ietf.org>
Hi Tiru, all, Thanks for sharing this draft. I believe `draft-reddy-rats-key-binding-01` provides useful cryptographic vocabulary and operational modes that I can use to enhance my ongoing formal analysis of intra-handshake attestation as defined in `draft-fossati-seat-early-attestation` [0]. As I have already shared with the SEAT WG, I am investigating the properties of the novel binder construction defined in the Early I-D while simultaneously experimenting with RFC 9345 (TLS Delegated Credentials) [1, 2]. Combined, I believe these concepts provide complementary parts to a complete solution that directly supports your `key-binding profile`: * Operationalized architecture (RFC 9345): The long-term WebPKI identity key (`LTK`) signs a Delegated Credential, transferring TLS signing authority to a short-lived, ephemeral TLS Identity Key (`Ephemeral TIK`) generated directly inside the TEE. * The data model (draft-reddy): This details the Entity Attestation Token (EAT) profile, using `cnf` and `key-attributes` claims to cryptographically prove that specific keys are constrained inside the hardware. Currently, my most recent model for draft-fossati-seat-early-attestation-04 maps directly to the `Combined Model`. That is, a single `Attestation Key` (`AK`) signs one Evidence token binding both platform state and the `Ephemeral TIK` to the session simultaneously, although I think the `Split Model` should also work with the right adjustments to my work. Under the `Split Model`, the TEE-bound `Ephemeral TIK` acts directly as the `Subject Key`. RFC 9345 delegates TLS signing authority from the external `LTK` to the `Ephemeral TIK`; the `Combined Attestation Bundle` (`CAB`) then asserts the hardware security properties that make that delegation meaningful. The current model's `AK` plays the role of the `KAK` — it signs the Evidence token asserting the `Ephemeral TIK`'s protection properties as the `Subject Key`. I think lifting the platform attestation into a dedicated `PAT` should complete the transition to the `Split Model`. As such, I support the direction this draft is going. I am not sure if I'm in a direct position yet to actively advocate for referencing RFC 9345 for TLS+RA integration by way of this draft, but reviewing earlier feedback from the -00 draft of `draft-reddy-rats-key-binding` [3] actually inspired me to experiment with 9345. In any case, this is an early analysis, and I plan to update my current work-in-progress with the specific `Split Model`, `PAT`, and `KAT` details from the -01 revision to confirm the mechanics. I'll share any fresh feedback that builds on (or deviates from!) these comments if I find anything else substantive. Cheers, Nathanael [0] https://mailarchive.ietf.org/arch/msg/seat/yjm-i7-0uTyjiZqT3XuUwA13IdI [1] https://github.com/nathanaelritz/formal-spec-id-crisis/tree/main/TLS-a/fix [2] https://github.com/nathanaelritz/formal-spec-id-crisis/tree/main/TLS-a/README.md [3] https://mailarchive.ietf.org/arch/msg/seat/N0a95GUc6XN0LXc2fpxsKm3BbWg/ On Sun, 7 Jun 2026 at 22:46, tirumal reddy <kondtir@gmail.com> wrote: > Hi all, > > We have submitted a revised version of > https://datatracker.ietf.org/doc/draft-reddy-rats-key-binding/ to address > comments from the WG and to incorporate key aspects of draft-bft-rats-kat. > > This document defines an EAT profile and a new EAT claim that convey the > subject public key (e.g., the public key of an end-entity certificate) and > its protection properties within attestation evidence. Combined with > protocol-level proof of possession from the surrounding protocol such as > TLS, this establishes a cryptographic binding between a private key and an > attested execution environment. > > The key changes from the previous version are: > > * Added an Architecture section describing two deployment models: a > Combined Model (single EAT signed by the Attestation Key) and a Split Model > (separate Key Attestation Token (KAT) to attest the Subject Public Key, and > a Platform Attestation Token (PAT) that attests the Key Attestation Key > (KAK)). > > * Added a Split Model profile with a complete verification procedure, > where the PAT attests the KAK public key and its protection properties > binding the two tokens. > > Diff: > https://author-tools.ietf.org/iddiff?url2=draft-reddy-rats-key-binding-01 > > Further comments and suggestions are welcome. > > Best regards, > -Tiru > > > -----Original Message----- > From: internet-drafts@ietf.org <internet-drafts@ietf.org> > Sent: Sunday, June 7, 2026 6:49 PM > To: K Tirumaleswar Reddy (Nokia) <k.tirumaleswar_reddy@nokia.com>; Hannes > Tschofenig <Hannes.Tschofenig@gmx.net>; Hannes Tschofenig < > hannes.tschofenig@gmx.net>; Ionut Mihalcea <Ionut.Mihalcea@arm.com>; > Ionut Mihalcea <ionut.mihalcea@arm.com>; Thomas Fossati < > thomas.fossati@linaro.org>; K Tirumaleswar Reddy (Nokia) < > k.tirumaleswar_reddy@nokia.com> > Subject: New Version Notification for draft-reddy-rats-key-binding-01.txt > > > CAUTION: This is an external email. Please be very careful when clicking > links or opening attachments. See the URL nok.it/ext for additional > information. > > > > A new version of Internet-Draft draft-reddy-rats-key-binding-01.txt has > been successfully submitted by Tirumaleswar Reddy and posted to the IETF > repository. > > Name: draft-reddy-rats-key-binding > Revision: 01 > Title: Key Attestation for Entity Attestation Tokens (EAT) > Date: 2026-06-07 > Group: Individual Submission > Pages: 22 > URL: > https://www.ietf.org/archive/id/draft-reddy-rats-key-binding-01.txt > Status: https://datatracker.ietf.org/doc/draft-reddy-rats-key-binding/ > HTML: > https://www.ietf.org/archive/id/draft-reddy-rats-key-binding-01.html > HTMLized: > https://datatracker.ietf.org/doc/html/draft-reddy-rats-key-binding > Diff: > https://author-tools.ietf.org/iddiff?url2=draft-reddy-rats-key-binding-01 > > Abstract: > > This document defines an Entity Attestation Token (EAT) profile and a > new EAT claim that convey the subject public key and its protection > properties within attestation evidence. Combined with protocol-level > proof of possession from the surrounding protocol, this establishes a > cryptographic binding between a private key and an attested execution > environment. > > The subject public key is conveyed using the EAT cnf claim defined in > [RFC8747] and [RFC7800], and freshness uses the EAT eat_nonce claim > defined in [RFC9711]. The proof of possession of the subject key is > obtained from the surrounding protocol, such as TLS certificate-based > authentication or CSR signature verification. Because the EAT is > signed by a hardware-backed Attestation Key (AK), successful > verification of the EAT signature together with protocol-level proof > of possession establishes a cryptographic binding between the private > key and the attested platform state. This mechanism addresses key > substitution attacks that arise when attestation evidence and the > certificate private keys are validated independently. > > > > The IETF Secretariat > > > _______________________________________________ > RATS mailing list -- rats@ietf.org > To unsubscribe send an email to rats-leave@ietf.org >
- [Rats] FW: New Version Notification for draft-red… tirumal reddy
- [Rats] Re: FW: New Version Notification for draft… Nathanael Ritz