[Seat] Summary of informal gathering 05.01.
Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de> Mon, 05 January 2026 10:33 UTC
Return-Path: <muhammad_usama.sardar@tu-dresden.de>
X-Original-To: seat@mail2.ietf.org
Delivered-To: seat@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 4212BA2CDABA for <seat@mail2.ietf.org>; Mon, 5 Jan 2026 02:33:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: 0.603
X-Spam-Level:
X-Spam-Status: No, score=0.603 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, GB_SUMOF=5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=tu-dresden.de
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qdc_eaisg2No for <seat@mail2.ietf.org>; Mon, 5 Jan 2026 02:33:26 -0800 (PST)
Received: from mailout3.zih.tu-dresden.de (mailout3.zih.tu-dresden.de [141.30.67.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 13B51A2CDAAE for <seat@ietf.org>; Mon, 5 Jan 2026 02:33:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=tu-dresden.de; s=dkim2022; h=Content-Type:To:Subject:From:MIME-Version:Date :Message-ID:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=kVp6G+OnIEHzmrhk8JY5CY0ZoiUxyzUULXNCbNm5t/g=; b=q656DVTEHQEMFUnFx9zWxkuzwh 5RiZmd4L3D+/ifiOPVXsHjxd1g5i/chbY07Mvh6CpWQ4BUSzV5WKg0RqxRj9UH033mj1Hjv4nrBQ8 n5Wy0h7XP+DzKU6HZSxTmwZqKg9ibOI3TsTyN2Psx+fg1YVUqRrLZt82/CvnSF0eaWnjgScMRTpQk dZbS7fBhffzxleoVtoz2qyTVMUWIQRJG7XH69+EVKwk/Vu0QeyC02rCGfXJ8EgZZBGpb7A+dR079z nsgdeC84pjHiYEXqWfdGo2XIEKK1ftRH22Un8ed/Dd7J6K9tnvvD5fZK2zT+OWrvyWkUDqsYEu3gI aCnO428w==;
Received: from msx-t422.msx.ad.zih.tu-dresden.de ([172.26.35.139] helo=msx.tu-dresden.de) by mailout3.zih.tu-dresden.de with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <muhammad_usama.sardar@tu-dresden.de>) id 1vchts-00DHkb-GN for seat@ietf.org; Mon, 05 Jan 2026 11:33:25 +0100
Received: from [10.12.5.228] (141.76.13.165) by msx-t422.msx.ad.zih.tu-dresden.de (172.26.35.139) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.35; Mon, 5 Jan 2026 11:33:16 +0100
Message-ID: <e4563aaa-78e4-47a6-8bc4-11038bf03cb5@tu-dresden.de>
Date: Mon, 05 Jan 2026 11:33:15 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
From: Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de>
Content-Language: en-US
To: "seat@ietf.org" <seat@ietf.org>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-512"; boundary="------------ms010201080203010505090807"
X-ClientProxiedBy: MSX-L414.msx.ad.zih.tu-dresden.de (172.26.34.134) To msx-t422.msx.ad.zih.tu-dresden.de (172.26.35.139)
X-TUD-Virus-Scanned: mailout3.zih.tu-dresden.de
Message-ID-Hash: J5UQXT572RXT2UYJOWHTLMUNPFP5PNSA
X-Message-ID-Hash: J5UQXT572RXT2UYJOWHTLMUNPFP5PNSA
X-MailFrom: muhammad_usama.sardar@tu-dresden.de
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Seat] Summary of informal gathering 05.01.
List-Id: "Secure Evidence and Attestation Transport (SEAT) WG" <seat.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/seat/QHoKII446k5xyVlA4TJ2ttVI6zs>
List-Archive: <https://mailarchive.ietf.org/arch/browse/seat>
List-Help: <mailto:seat-request@ietf.org?subject=help>
List-Owner: <mailto:seat-owner@ietf.org>
List-Post: <mailto:seat@ietf.org>
List-Subscribe: <mailto:seat-join@ietf.org>
List-Unsubscribe: <mailto:seat-leave@ietf.org>
Hi all,
a summary of today's informal gathering follows:
(Attendees: Please feel free to correct me if I have misunderstood
something or add anything important that I may have missed.)
# *Attendees* (in alphabetic order)
Tiru, Usama
Apologies: Meiling and Yuning
# *Updates*
1. In addition to the lists mentioned in last two week's summary [0,1]
(where there is no issued raised), the paper [2] and artifacts [3]
on vulnerabilities in draft-fossati-tls-attestation have been shared
since then with wider security communities for their expert opinion:
* CFRG [4]
* An easy-to-access list of all communication is maintained at [5].
2. There was some discussion at WIMSE about attested TLS where they
use "attestation" in very broad sense.
# *Discussion summary*
We discussed:
1. Formal modeling and results of different "binding" mechanisms for
intra-handshake attestation:
1. Attestation nonce
2. Early exporter
3. Hash of server's public key
4. (Hypothetical) Binding the webPKI cert to the unique platform
identifier of the Attester: we discussed several issues here.
2. Formal modeling and results of most popular implementations of
intra-handshake attestation:
1. Cocos AI [6]: they are abusing the SNI extension to convey
attestation nonce.
2. CCC proof-of-concept [7]
3. Meta’s AI [8]
4. Edgeless Systems Contrast [9]: they were abusing the SNI
extension to convey attestation nonce, and currently abusing the
ALPN extension to convey attestation nonce.
5. GA4GH-SDK [10]
3. Request agenda slots for interim/topics to be covered: (note for
chairs: this is not an agenda request; this is summary of attendees'
discussion for preparation for that. We will reach out to you for
formal requests later after coordination with other authors)
1. On fairness grounds, I proposed we (proponents of post-handshake
attestation) limit the sum of our agenda requests to half of
meeting time in total giving opponents of post-handshake
attestation/proponents of intra-handshake attestation an equal
and fair opportunity to present/clarify their perspective.
2. We will prepare backup slides for detailed discussion for the
rest of half hour just in case nothing else comes up from the
opponents.
# *Questions for WG*
1. Could someone think of any other "binding" mechanisms for
intra-handshake attestation that is not listed in #1 in "Discussion
summary" above?
2. Is someone aware of any other implementation of intra-handshake
attestation that is missing in #2 in "Discussion summary" above?
3. Does someone have any opinion on the pending PRs [11,12,13]?
4. Would any one of you be willing to review our paper on above
mentioned modeling and give feedback until Jan 9?
5. Is there any other relevant list (that is missing in [6]) that I
should reach out to request review of [3] and [4]?
6. Does someone have any other use case that is not yet covered in use
cases draft?
*# Important note*
Authors of use cases and expat drafts meet every week according to the
schedule shared here [14], to which WG participants are very welcome.
Please note that these informal gatherings are meant to facilitate
discussion and they have no formal standing in the IETF standards
process. We will do our best to bring a summary to the WG for
opinion/discussion.
-Usama
[0] https://mailarchive.ietf.org/arch/msg/seat/cWOxXFIMeHMRMsi1iivjCqR_L3A/
[1] https://mailarchive.ietf.org/arch/msg/seat/0levZNcNWguwueqfIshM0IBqxow/
[2]
https://www.researchgate.net/publication/398839141_Identity_Crisis_in_Confidential_Computing_Formal_Analysis_of_Attested_TLS
[3] https://github.com/CCC-Attestation/formal-spec-id-crisis
[4] https://mailarchive.ietf.org/arch/msg/cfrg/61SpXcv--YhcLbAvlcRog2J9S5s/
[5]
https://github.com/CCC-Attestation/formal-spec-id-crisis/wiki/MailingLists
[6] https://docs.cocos.ultraviolet.rs/atls
[7] https://github.com/ccc-attestation/attested-tls-poc
[8]
https://ai.meta.com/static-resource/private-processing-technical-whitepaper
[9]
https://github.com/CCC-Attestation/meetings/blob/main/materials/MarkusRudy.contrast-atls-ccc-attestation.pdf
[10] https://github.com/elixir-cloud-aai/ga4gh-sdk
[11] https://github.com/tls-attestation/exported-attestation/pull/47
[12] https://github.com/tls-attestation/exported-attestation/pull/48
[13] https://github.com/tls-attestation/use-cases-and-properties/pull/22
[14] https://github.com/tls-attestation#meetings
- [Seat] Summary of informal gathering 05.01. Muhammad Usama Sardar