[saag] Re: [EXT] Interests on Initiating the standardization work related to "Zero Trust"?
Benfeng Chen <benfeng@gmail.com> Thu, 08 January 2026 05:46 UTC
Return-Path: <benfeng@gmail.com>
X-Original-To: saag@mail2.ietf.org
Delivered-To: saag@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 48CEDA4944D1 for <saag@mail2.ietf.org>; Wed, 7 Jan 2026 21:46:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EwgzghgSpQjW for <saag@mail2.ietf.org>; Wed, 7 Jan 2026 21:45:59 -0800 (PST)
Received: from mail-ed1-x531.google.com (mail-ed1-x531.google.com [IPv6:2a00:1450:4864:20::531]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id BC03CA4944CA for <saag@ietf.org>; Wed, 7 Jan 2026 21:45:59 -0800 (PST)
Received: by mail-ed1-x531.google.com with SMTP id 4fb4d7f45d1cf-6505cac9879so4771531a12.1 for <saag@ietf.org>; Wed, 07 Jan 2026 21:45:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767851159; x=1768455959; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=4xW7Ry+/vzG7OdTMC5l4PW7vbS1jHT0sl1sQ8By7KCY=; b=adTSZ30gbQ7QMNIQBhBy8ka9eMXjU7q6nGX4EU+aKI2qCkP7Mga9KfMq5RYzswWbfz /83EeLUqeg0O/UhbSn+5Ka6XvVJNdCJcRzeFOwFgWTSgMPDCRuLUZiWkQ+yrGYv+XGCQ DgONs7IpaVE3eI85ud34ne8AJpHsqbjZtDJvQ42ERiGabdw15xdkp/q0diFLFcEYauNA AFqcoDwmzILb5auN8P8zOagvEZGLBLL1TA2KpljmAlXgDaY5OOWnCS/oD/g0ZFtZAdPg ffk0HXwd3eXdfWFUL/6+Joz4+PL1jPud3P3zjGXqn3eUujcc9T/VoP9fg3X1IWUItEtr mefA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767851159; x=1768455959; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=4xW7Ry+/vzG7OdTMC5l4PW7vbS1jHT0sl1sQ8By7KCY=; b=Kwzh0TgbaffNmrgZspfZDvfh/ghuXH8LRobFHuIghF+IwRgxruqNKw+Dl7NpPwl0XQ 4wVHQEGW5Ysaw5O4S4yc0SsAif/8ThNTz5SzLsrTUwGB322qk4gNaRUIb1A3FMe/tpjV 5OGa6EjIZofHUO5M2d0h0QKwn+k+fWmdSUF9A4BOUNDbExSvH/Lkey88Q+GxDqJ0r2vr e46847YgHc3sEGm5T3/2TZz1+fRonniHIMU9keJkNPF/t/e0/BFg3vTHHt2lZLjDONNq GyPnMEu50pPUSgNnjX+VjvKxmphcMd47TR04TjDitxTI5t+1+Ch4bLoPJSst+Uc8TQ0r L8Fg==
X-Forwarded-Encrypted: i=1; AJvYcCWVZka91wkb+VGVihNRlgI8zErJolbB3IlTrITAe7TTbdqCYBd9bCFZyD5azjxGR9eKugCX@ietf.org
X-Gm-Message-State: AOJu0YxvP81ZQuyb4MT1mxWbw55Vf8XltDosk/tUsh7aqVw8SYHedZ/y bP+C/CCrz0x3v/jqcytiZEj/OqW5nCN6hJGg3fUdMXBKgWmqMFj0krJ46DrndluP6a7BEnblAYz nP2C0wktJNpqSC+5Kqqc6ZKHAFuV089Y=
X-Gm-Gg: AY/fxX6tx2/phNgYakuw3rB+WgVVRl26wpABGZ2cAFf7q+iAvaE8/7f9r8uP5vX2duH s/gbanIb7ljtT4uKk5J2CfcPJf9Ovewh6P+XHtPsPken4pW5puUG4jJ/zgeA7B6pVoRbnuRKlRH NDcvBqV6aWAYPNHX0KpAsaOiYdK0/8bQYAIQsMOrvWpwHhDbK+HIgOqH+4ZuEDcpdXwqFkEq87e rs+HZ8NcmHcMslm+Jz/GhMREAMcm/xJjeIYKlaxO2xjDXpM7CnhacbNdFpDZaxpjX1sDA==
X-Google-Smtp-Source: AGHT+IExe3xwpoDvJOfmJbQ5JeWXEba+t64KHEd/Wzp7+wV+7MYKn6sDWoc42BVb0r648WWPM9b9fW0Lba0FHSc5Jwc=
X-Received: by 2002:a05:6402:42d3:b0:64b:6dfc:dd34 with SMTP id 4fb4d7f45d1cf-65097cde534mr4271664a12.0.1767851158491; Wed, 07 Jan 2026 21:45:58 -0800 (PST)
MIME-Version: 1.0
References: <000001dc6ef7$8a09d570$9e1d8050$@tsinghua.org.cn> <BN0P110MB1419740E61C17FE8414F46AA90ABA@BN0P110MB1419.NAMP110.PROD.OUTLOOK.COM> <CAE1ny+6GdhuHu1=aPKvV7pMM5Xn3bz37wDv9xiUeGeuPN358Nw@mail.gmail.com> <CH2PR17MB402295AF8C63BA46AE1E6C45CDB0A@CH2PR17MB4022.namprd17.prod.outlook.com> <aVSwHvT86iRHJvzi@ubby> <003301dc7a1b$ea3a57b0$beaf0710$@tsinghua.org.cn> <CAPSJW7ANM5vBAg1Qhe4e_-Ca5q6pAhnKh4D_Y34q5gAou5NiMw@mail.gmail.com> <466bc0bd-ef4f-4b3d-936d-caa72cef5a9d@tu-dresden.de>
In-Reply-To: <466bc0bd-ef4f-4b3d-936d-caa72cef5a9d@tu-dresden.de>
From: Benfeng Chen <benfeng@gmail.com>
Date: Wed, 07 Jan 2026 21:45:47 -0800
X-Gm-Features: AQt7F2q3ca6FQCH0WbiLRRIbFD3YXSC8jcXZy_pXyDHn-fluZMzm-64005zUp5k
Message-ID: <CAPSJW7A=Oc8xFwQAgDpxg_p+OcMv6UUn=H31YGN=-TeAZtP5yA@mail.gmail.com>
To: Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de>
Content-Type: multipart/alternative; boundary="0000000000005155b00647d9ec55"
Message-ID-Hash: YMOWRIXQTRDYO3RCE6LGUBIQS6L22BPJ
X-Message-ID-Hash: YMOWRIXQTRDYO3RCE6LGUBIQS6L22BPJ
X-MailFrom: benfeng@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-saag.ietf.org-0; header-match-saag.ietf.org-1; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Aijun Wang <wangaijun@tsinghua.org.cn>, "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org>, "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>, saag@ietf.org, Erik Johnson <ejohnson@cloudsecurityalliance.org>, six1@chinatelecom.cn, liux15@pcl.ac.cn, Hillary Baron <hbaron@cloudsecurityalliance.org>, Aijun Wang <wangaj3@chinatelecom.cn>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [saag] Re: [EXT] Interests on Initiating the standardization work related to "Zero Trust"?
List-Id: Security Area Advisory Group <saag.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/NHSbslA2VhlyPtAIofXRqs9zCgk>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Owner: <mailto:saag-owner@ietf.org>
List-Post: <mailto:saag@ietf.org>
List-Subscribe: <mailto:saag-join@ietf.org>
List-Unsubscribe: <mailto:saag-leave@ietf.org>
Hi Usama: Thanks for the clarification. I’m not comparing Noise with TLS here, as that isn’t the focus of the discussion. Both WhatsApp and NHP initially chose the Noise protocol because it was considered secure and fast for their respective threat models. Meta’s later transition to attested TLS was driven by deployment and integration requirements for confidential computing, not by any identified weakness in Noise itself. Both documents describe the same user scenario and security objective: enabling server-side processing while preventing the service operator from accessing plaintext. The difference reflects an evolution in implementation, not a change in security assumptions. To clarify scope, NHP is not an attempt to standardize “Zero Trust.” It addresses a concrete protocol-level gap: network resources remain globally visible prior to authentication, enabling large-scale reconnaissance and pre-auth exploitation. As stated in *Section 4 (Security Considerations / Relationship to Existing Protocols)* of *draft-opennhp-saag-nhp <https://datatracker.ietf.org/doc/html/draft-opennhp-saag>*, NHP operates *below and alongside TLS*, and is *explicitly complementary to attested TLS rather than competing with it*. We appreciate the feedback and will keep the documentation aligned with current deployments. On Sun, Jan 4, 2026 at 3:19 PM Muhammad Usama Sardar < muhammad_usama.sardar@tu-dresden.de> wrote: > Thanks for sharing this. > On 04.01.26 09:21, Benfeng Chen wrote: > > > - > > A full open-source implementation is available under the Apache 2.0 > license: > https://github.com/OpenNHP/opennhp > > I am not sure how accurate and up-to-date this documentation is. The > current README claims Whatsapp uses Noise protocol citing a white paper > from 19 April, 2024, but Whatsapp has moved to attested TLS (see white > paper from 10 June, 2025 [0]). > > We are not proposing to standardize the term “Zero Trust,” > > Thanks very much! > > -Usama > > [0] > https://ai.meta.com/static-resource/private-processing-technical-whitepaper >
- [saag] Interests on Initiating the standardizatio… Aijun Wang
- [saag] Re: [EXT] Interests on Initiating the stan… Blumenthal, Uri - 0553 - MITLL
- [saag] Re: [EXT] Interests on Initiating the stan… Harry Halpin
- [saag] Re: Interests on Initiating the standardiz… six1@chinatelecom.cn
- [saag] Re: [EXT] Interests on Initiating the stan… Richard Barnes
- [saag] Re: [EXT] Interests on Initiating the stan… Paul Hoffman
- [saag] Re: [EXT] Interests on Initiating the stan… Michael Richardson
- [saag] 回复: Re: Re: [EXT] Interests on Initiating … six1@chinatelecom.cn
- [saag] Re: [EXT] Interests on Initiating the stan… Salz, Rich
- [saag] Re: [EXT] Interests on Initiating the stan… Nico Williams
- [saag] Re: [EXT] Interests on Initiating the stan… Aijun Wang
- [saag] Re: 回复: FW: Interests on Initiating the st… Muhammad Usama Sardar
- [saag] Re: [EXT] Interests on Initiating the stan… Benfeng Chen
- [saag] Re: Interests on Initiating the standardiz… Liuchunchi(Peter)
- [saag] Re: Interests on Initiating the standardiz… Eric Rescorla
- [saag] 回复: FW: Interests on Initiating the standa… Xueting Li
- [saag] Re: 回复: FW: Interests on Initiating the st… Eric Rescorla
- [saag] Re: [EXT] Interests on Initiating the stan… Muhammad Usama Sardar
- [saag] Re: [EXT] Interests on Initiating the stan… Benfeng Chen
- [saag] Re: [EXT] Interests on Initiating the stan… Muhammad Usama Sardar
- [saag] Re: [EXT] Interests on Initiating the stan… Michael P1
- [saag] Re: [EXT] Interests on Initiating the stan… Muhammad Usama Sardar
- [saag] Re: 回复: FW: Interests on Initiating the st… Xueting Li