[Seat] Re: [WIMSE] Follow-up of meeting 122 presentation (Formal proof of insecurity of Intel's RA-TLS and draft-fossati-tls-attestation)

[Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de>]

[ +RATS because ownership of attestation lies with RATS and decisions 
related to attestation should be made in coordination ]

[ +SEAT because cleaning this up will help us address the long critique 
[0] on our draft (draft-mihalcea-seat-use-cases) ]

Dear Justin and Pieter,

If a draft defines "attestation" by citing RFC9334 and RFC9683 in 
terminology section, and then uses attestation in a different sense, I 
think many folks in RATS will get uncomfortable (to state the least). 
Let's not make attestation a marketing term within IETF, please.

Since most (if not all) WIMSE deployments use TLS and attestation of 
RFC9334 is in scope, I don't understand why you want to hide the known 
attacks.

I, therefore, kindly ask you to initiate the formal process. But since 
some WIMSE folks might not have had a chance to read it yet due to break 
period etc., please start it in a week or so.

Also, please see inline:

On 05.01.26 21:47, Justin Richer wrote:
> Just a quick reminder from your chairs: the IETF is built on rough consensus

The rough consensus from IETF meeting 123 [1] in my understanding was 
that attestation will be removed from the draft. Do you see Joe's smile 
there after my question? I think that says it all :)

Please let me know if I have missed some discussion which has changed 
that rough consensus.

> This means, among other things, that no one WG member
I really believe I am not the only one. Did you see Henk asking the same 
thing after me in [1]? Did you see Kathleen asking for clarification of 
attestation in her review as well [2]?
> has the ability to block a piece of work that is being progressed through the WG.

I did not block any work in any way. In fact, I have presented three 
concrete options [3]. For option 3, I offered to propose some text [4].

Since the discussion was moving in circles, I submitted the github issue 
and asked for discussion in next meeting. Please explain precisely in 
what sense you view it as blocking?

> If there is a need for a matter to be settled more formally, the chairs are happy to help call that process (as you’ve seen us do a number of times).
Thanks for this offer; please do.
> in fact it’s likely that the relevant work is best suited for other WG’s such as TLS and RATS as has been brought up in this thread.

Sure, the work is relevant to other WGs and as mentioned in the thread, 
TLS was informed in February [5] and it has been presented in several 
RATS meetings. But how does that relevance preclude the need to either 
remove/clarify attestation or mention the attacks in the WIMSE draft?

-Usama

[0] https://youtu.be/ic0K-S8Txvg?t=1338

[1] https://youtu.be/Mv4lgHLxOH4?t=2626

[2] https://mailarchive.ietf.org/arch/msg/wimse/WqJ_lIi4xjSB0uX3hLTZKLYtqTU/

[3] https://mailarchive.ietf.org/arch/msg/wimse/Vx8EPhjoiqSNv7LP5_iG0zptxU8/

[4] https://mailarchive.ietf.org/arch/msg/wimse/ClcE93iRUnElj5t8yPh82gZTw3A/

[5] https://mailarchive.ietf.org/arch/msg/tls/Jx_yPoYWMIKaqXmPsytKZBDq23o/