[Seat] Re: draft-fossati-seat-early-attestation and the charter
Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de> Sat, 10 January 2026 16:13 UTC
Return-Path: <muhammad_usama.sardar@tu-dresden.de>
X-Original-To: seat@mail2.ietf.org
Delivered-To: seat@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 23332A5D477E for <seat@mail2.ietf.org>; Sat, 10 Jan 2026 08:13:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -4.397
X-Spam-Level:
X-Spam-Status: No, score=-4.397 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=tu-dresden.de
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KGSzLaLmodFN for <seat@mail2.ietf.org>; Sat, 10 Jan 2026 08:12:59 -0800 (PST)
Received: from mailout3.zih.tu-dresden.de (mailout3.zih.tu-dresden.de [141.30.67.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id E5764A5D4774 for <seat@ietf.org>; Sat, 10 Jan 2026 08:12:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=tu-dresden.de; s=dkim2022; h=Content-Type:In-Reply-To:References:CC:To: Subject:From:MIME-Version:Date:Message-ID:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=mKQQkdY5ZS2eUCRYhB0+BjgD7OtmfNeKM8mBNq9ONKU=; b=Vam4EJ+hzCf6W4VvWoeAVjgGc8 qk8gh8Iy7lZHsp8s9b8a2UQgxe6/Bf84pgTIq5NbkvhMZNGIuTdTYFfjnxhGEc6FI+gMbwZP/8cxc HdQ1rIV9EJVouSGUhBnxW9zMIBmU7NacjiKF/XAAsfOrduL3JdwJt8UEnnrtFj7srpG2WFmtyjZQm XeYxLWJUevOpLpLOttlniQxhhU9N8ETy20EDas3zvon8S8RIjKCPus90K1UEpYsmXEVmZqF8cxJXC ogT9Rsjip3gZWKyyUPFQCDpw1UwE/XlroT23pyWvnfWCwp+S0c8Ru3YW83StZwS0jnaTDhyE7apAz yBYZ/qyQ==;
Received: from msx-t422.msx.ad.zih.tu-dresden.de ([172.26.35.139] helo=msx.tu-dresden.de) by mailout3.zih.tu-dresden.de with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <muhammad_usama.sardar@tu-dresden.de>) id 1vebaC-002CH6-Mh; Sat, 10 Jan 2026 17:12:57 +0100
Received: from [10.12.5.228] (141.76.13.149) by msx-t422.msx.ad.zih.tu-dresden.de (172.26.35.139) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.35; Sat, 10 Jan 2026 17:12:55 +0100
Message-ID: <8e773931-ef0d-4df5-bce1-bf51b627a762@tu-dresden.de>
Date: Sat, 10 Jan 2026 17:12:54 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
From: Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de>
To: Yaron Sheffer <yaronf.ietf@gmail.com>
References: <CABcZeBOrn_6_-2XB9e=48G0kq92-M4UAkPTsxOT9S2hVL452JA@mail.gmail.com> <FRWP195MB27644B41AA34B85158D6BEC1A983A@FRWP195MB2764.EURP195.PROD.OUTLOOK.COM>
Content-Language: en-US
In-Reply-To: <FRWP195MB27644B41AA34B85158D6BEC1A983A@FRWP195MB2764.EURP195.PROD.OUTLOOK.COM>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-512"; boundary="------------ms070800040302090701080307"
X-ClientProxiedBy: MSX-L422.msx.ad.zih.tu-dresden.de (172.26.34.142) To msx-t422.msx.ad.zih.tu-dresden.de (172.26.35.139)
X-TUD-Virus-Scanned: mailout3.zih.tu-dresden.de
Message-ID-Hash: PL7GUKVZHJYEBRLY4JLUUXNRA3HXXLY4
X-Message-ID-Hash: PL7GUKVZHJYEBRLY4JLUUXNRA3HXXLY4
X-MailFrom: muhammad_usama.sardar@tu-dresden.de
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Eric Rescorla <ekr@rtfm.com>, "seat@ietf.org" <seat@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Seat] Re: draft-fossati-seat-early-attestation and the charter
List-Id: "Secure Evidence and Attestation Transport (SEAT) WG" <seat.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/seat/LcQrSGf1Enmk5JyWQVVthgfGQdg>
List-Archive: <https://mailarchive.ietf.org/arch/browse/seat>
List-Help: <mailto:seat-request@ietf.org?subject=help>
List-Owner: <mailto:seat-owner@ietf.org>
List-Post: <mailto:seat@ietf.org>
List-Subscribe: <mailto:seat-join@ietf.org>
List-Unsubscribe: <mailto:seat-leave@ietf.org>
Hi Yaron,
I wholeheartedly agree with Ekr. We -- as WG -- should follow our
charter and respect our agreement with TLS WG. In particular, please
note [0] and the following discussion where we explicitly discussed
addition of messages and modifications of key schedule at chartering
time. Anyway, I have proposal within the scope of charter in
post-handshake attestation which I believe is quite secure. Do you see a
possibility to make intra-handshake attestation secure /within the scope
of charter/? If you have proposals in intra-handshake attestation
/within the scope of charter/, I am happy to verify it for you as well.
We should mutually work on refining the proposals within the scope of
charter.
About the current draft: Even within the TLS WG, there is no draft to my
knowledge which has gone to the extent of adding a new message to the
handshake. On top of that, modifying the key schedule is another source
of complexity which requires /computational/ security analysis in
addition to /symbolic / security analysis.
Speaking as a contributor to the TLS WG and someone who has been doing
the formal proofs for TLS WG to get drafts through the FATT process:
Unfortunately, this draft is proposing an immense amount of complexity
-- a blender of everything from PAKE to EKU to adding messages to key
schedule modifications -- and may break most (if not all) existing
formal proofs done for TLS. Who will redo all the proofs?
On 10.01.26 11:56, Yaron Sheffer wrote:
> I fully agree with your specific point and the broader point you are
> raising: the charter was crafted specifically to preclude this kind of
> solution.
Now that it has been established that it is out of scope of charter,
please focus on proposing solutions within the charter.
> Having said that, I believe a post-handshake solution for the SEAT use
> cases would require a re-development at the application level of both
> the TLS handshake message structure (which arguably is what RFC 9261
> is doing), as well as the TLS record protocol. The latter IMO is
> needed if we are to provide freshness/re-attestation for long running
> connections.
Why do you need TLS record protocol at application level? I believe
security should hold even if there is no record protocol. Please show me
a concrete attack on my post-handshake attestation proposal.
> So even if a post-handshake solution can be made to work, I don’t
> think it’s the better option from either an engineering or a security
> perspective.
You may be right from engineering perspective, but I strongly disagree
from security perspective. We have a formal proof that post-handshake
attestation provides the strongest level of binding.
> Lastly, please read Sec. 3.2 of the draft [1] which tries to clarify
> why this proposal is logically an overlay on top of the TLS handshake
> rather than a change to it. In other words, even if the protocol fails
> to deliver on attestation, at worst our security reduces to a plain
> TLS handshake.
Sec. 3.2 is mostly making strawman claims. The very first sentence is
wrong. Adding new message and changing key schedule is not
"lightweight". As mentioned above, it's one of the most significant
changes to TLS that I am aware of. Even for PQ, TLS WG didn't go towards
adding new messages. From a formal perspective, calling it
"lightweight", "minimal integration" and "minimal impact" is just
immensely wrong.
2 fine points on Sec. 3.2:
1. /Independent handshake messages/: Does transcript hash not cover the
Attestation message? If it does, the "independence" claim is
trivially wrong. To justify your claims, please describe the
property formally and show me an independence proof.
2. /Independent key derivation/: To justify your claims, please
describe the property formally and show me an independence proof.
Thanks.
-Usama
[0] https://mailarchive.ietf.org/arch/msg/seal/wTFq1w13d6Y7nl9KPDiwNQLbO6k/
- [Seat] draft-fossati-seat-early-attestation and t… Eric Rescorla
- [Seat] Re: draft-fossati-seat-early-attestation a… Yaron Sheffer
- [Seat] Re: draft-fossati-seat-early-attestation a… Eric Rescorla
- [Seat] Re: draft-fossati-seat-early-attestation a… Muhammad Usama Sardar
- [Seat] Re: draft-fossati-seat-early-attestation a… Michael Richardson
- [Seat] Re: draft-fossati-seat-early-attestation a… Muhammad Usama Sardar
- [Seat] Re: draft-fossati-seat-early-attestation a… Eric Rescorla