IETF Logo Mail Archive

[Seat] draft-fossati-seat-early-attestation and the charter

Eric Rescorla <ekr@rtfm.com> Sat, 10 January 2026 01:24 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: seat@mail2.ietf.org
Delivered-To: seat@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 844B9A5A5F13 for <seat@mail2.ietf.org>; Fri, 9 Jan 2026 17:24:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20230601.gappssmtp.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZBGr-h2KVl6U for <seat@mail2.ietf.org>; Fri, 9 Jan 2026 17:24:45 -0800 (PST)
Received: from mail-yw1-x112f.google.com (mail-yw1-x112f.google.com [IPv6:2607:f8b0:4864:20::112f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 37786A5A5F0C for <seat@ietf.org>; Fri, 9 Jan 2026 17:24:45 -0800 (PST)
Received: by mail-yw1-x112f.google.com with SMTP id 00721157ae682-78c66bdf675so49233227b3.2 for <seat@ietf.org>; Fri, 09 Jan 2026 17:24:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20230601.gappssmtp.com; s=20230601; t=1768008279; x=1768613079; darn=ietf.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=Ew57quje9gAdS/2TVZhcXHoaD5fAai4bO7r7zKOm86Y=; b=ssR/FfGZ88QfQbXWkP1WYUuokefcCjBPTicImPC3GQ/M7twMXlWkX6hXLZT0q4su6q LKPg2krPdmTi70CInMed9Qj6E31X1IjV2JMeJDnl1Zpvm7EmBGWF7qr9TCrld+0vkzsW Kq3VVsfX7a1Q1HXCIYmzjrDimeysXTnMJrm2/Bg23btN1jeaD/wtpvo8d5Qe79Joul8r +2AitYZTDeZbUyW8a2vVfa/l1JcTaJWwZiq0YbjzvxsVgql1TFNyAvddMftMwAdbV0TB 8gz7fVETXwWZLhWFnqjlpKGN84vYI/x57N9f24NKovFKzopB2v3PlNDZqsqVWuma8aD4 StDg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768008279; x=1768613079; h=to:subject:message-id:date:from:mime-version:x-gm-gg :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Ew57quje9gAdS/2TVZhcXHoaD5fAai4bO7r7zKOm86Y=; b=gf/hyQoU5P3NrofpbNuulRpOBzdi7pve+40nv0VExRK2aSZ/LmEXuAOGmS+FuHlU3C gZDmBJprk7q314j+PJwQAWrhz7DE5HSsiOMSDEV6F+BZrXkZLfKcXlh2e0KNxzt7WfZD 20+u5GE76C6pYAmGXpn7GIiechxKN7VA0u76+cAVSjRLxtuh7DRT4cZHZYNCC5bi4tcq ZwngQgT9dqYr+FdP8iEDq1T33rwvDvT1Krfayrvs9E/ViQjhvz/TMqUQB38YBU0Bq1lg zk8qxXr6WTfn0UKtY6BNOoPTiUhAeO8b4dP5w/ZuG1ns3WUhn0XX2VtA6yRDzqQmT9oF f/tQ==
X-Gm-Message-State: AOJu0YwILdRtNJMjh6BkbraUSmICpH5jMjT5gQwhSCxfIALmt+JnHdUk LFBX/gKw7YMBXD8P6m7aPsHeGfMKZ3BbLYEZKqjNeiqK+H5ee9aiJAyDjBGC05R/5GiStFwaiXw 6adhhPoOM7BvVsyOBwDg3b942F/ZlzK9XaOym6gMF2zbymzxlAHZvYl4=
X-Gm-Gg: AY/fxX6dRIsP2rJnEKe5/kcf4pFvbaN/TRmubzcbKfEVqKf+cbuC+U8y8GIt/qbtePx ZqRUQaHXJy/C1E+xJ7iVpksFsFIYnz5bUqI0wYDz7FsasbFntv1qzo3fiE711Jj41pN2G3gKMsu S/DOmj6vwO0UfIFpNKVzuSuaqnZXG7Qh7g3QFQ/FYM+aVhUi2RW5/ACsS76KMEQ+U9i4R8+dxhz R8drh9yaQtvIVugS3EKOtLAFIIAqLLoKuaKHLwm6NNZC8Opnl3Sjz/UJoLztn6PjQlFqJ/AHEKL IlSxHGg5JP76jcRKh3VtecdgCjzvzl2EtH+SSbyBX/QCjyEVpXh+WMAyt0UqpyiXEYhOTFAC6qB 99hZHpEaBvQ==
X-Google-Smtp-Source: AGHT+IGPXSdoY0WHD+Z7EWGaIs5E6ssSXuscRXwytH265S8hkkS/A79g61Uob/w//I+sOKPbiesDEXVrezOGbXYk8SQ=
X-Received: by 2002:a05:690c:60c4:b0:786:6b92:b201 with SMTP id 00721157ae682-790b56bdffdmr108586557b3.13.1768008278711; Fri, 09 Jan 2026 17:24:38 -0800 (PST)
MIME-Version: 1.0
From: Eric Rescorla <ekr@rtfm.com>
Date: Fri, 09 Jan 2026 17:24:03 -0800
X-Gm-Features: AQt7F2qNwX4ISsjadXSAg5GhfnXL-ZJO7O83ecgjC2VYBpOl27-9q6wf0TW01Jg
Message-ID: <CABcZeBOrn_6_-2XB9e=48G0kq92-M4UAkPTsxOT9S2hVL452JA@mail.gmail.com>
To: seat@ietf.org
Content-Type: multipart/alternative; boundary="00000000000069afa10647fe81a0"
Message-ID-Hash: 3OQOSZ7U7II7OKCWA22NCZRHAQ5MHOUS
X-Message-ID-Hash: 3OQOSZ7U7II7OKCWA22NCZRHAQ5MHOUS
X-MailFrom: ekr@rtfm.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Seat] draft-fossati-seat-early-attestation and the charter
List-Id: "Secure Evidence and Attestation Transport (SEAT) WG" <seat.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/seat/-7g2IlmzQVcVfJc2nXW1h6Zbae0>
List-Archive: <https://mailarchive.ietf.org/arch/browse/seat>
List-Help: <mailto:seat-request@ietf.org?subject=help>
List-Owner: <mailto:seat-owner@ietf.org>
List-Post: <mailto:seat@ietf.org>
List-Subscribe: <mailto:seat-join@ietf.org>
List-Unsubscribe: <mailto:seat-leave@ietf.org>

Hi folks,

I took a quick look at this draft. I don't have an opinion
about the security of the mechanisms defined in this draft,
but it plainly violates the following clause in the charter:

   The attested (D)TLS protocol extension will not modify the (D)TLS
   protocol itself. It may define (D)TLS extensions to support its
   goals but will not modify, add, or remove any existing protocol
   messages or modify the key schedule.

This draft adds a new message (Attestation) and extends the
key schedule.

More broadly, the point of this text in the charter was to draw a
clear boundary between this WG and TLS proper, which means that you
need to restrict yourself to the normal TLS boundaries, in this case
extensions and exporters.

-Ekr

v2.43.4 | Report a Bug | By Email | System Status