IETF Logo Mail Archive

[Seat] Re: [Rats] Re: Re: [WIMSE] Re: Follow-up of meeting 122 presentation (Formal proof of insecurity of Intel's RA-TLS and draft-fossati-tls-attestation)

Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Sat, 10 January 2026 17:22 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: seat@mail2.ietf.org
Delivered-To: seat@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 680CDA5D87FF for <seat@mail2.ietf.org>; Sat, 10 Jan 2026 09:22:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.206
X-Spam-Level:
X-Spam-Status: No, score=-1.206 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.1, MIME_HTML_ONLY_MULTI=0.001, MIME_QP_LONG_LINE=0.001, MPART_ALT_DIFF=0.79, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L9OvBHmlJU44 for <seat@mail2.ietf.org>; Sat, 10 Jan 2026 09:22:02 -0800 (PST)
Received: from mail-qt1-x835.google.com (mail-qt1-x835.google.com [IPv6:2607:f8b0:4864:20::835]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id E940FA5D87FC for <seat@ietf.org>; Sat, 10 Jan 2026 09:22:02 -0800 (PST)
Received: by mail-qt1-x835.google.com with SMTP id d75a77b69052e-4edb6e678ddso81849891cf.2 for <seat@ietf.org>; Sat, 10 Jan 2026 09:22:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1768065722; x=1768670522; darn=ietf.org; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :content-transfer-encoding:from:from:to:cc:subject:date:message-id :reply-to; bh=vB0yYLi1UfLTqvl4wg4cDb2OgAEuEiB0GcHmwdbzyIc=; b=E4jBQOutrk33yZWZiiK3NhXRfgwLPsHEQIt0IkoTqhaN2oj+yxwtXKcMs/AcnI6k1l lksZKCrKrK93S6VTINi4u23fR5MdCzx0S8yslyhToiRCM2AK18yuuhfGYEDvsIhjiZ9I 5v2u9o+0HbahzXxowbxL8yOWK8UEhk0fSl3nNvJUT+yfKIomJxca4qPZjiv8g+/LNnL9 KpfIo3TLlRW4gnFQp5WNtCA02cz0aJdsnu6lzbN05bWPUfyDQurebsTbAfwFfnwnS7oU n91yL8TWmFahUDJd+63M5MmBKDf5Odc6fb3c3zvGYb4UqNA9Nt1apVQ4fY86szV3JcbF rmKw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768065722; x=1768670522; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :content-transfer-encoding:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=vB0yYLi1UfLTqvl4wg4cDb2OgAEuEiB0GcHmwdbzyIc=; b=ABq319V7YX9kaM2TOGYkpwDm8BpCaoU5Wd6L3Oi7PNFCkn+4rNXiAS+KT7IuilojqD IHjPsVAUmXXUFdzeF0xinm2+eUlrIq1cAeCh0bJmKSBGi2os8RNouZjGtKvz0rDBBahK KeCwlNvpq2o3HRJNZxindYRQGgsQ+yrFmcLihwteR9Ntl3ERf59QVSkMO0DKjTRzcCaM K9TlVHsS88D6gqV2C8izDLHdYogAcDWqs6czNqWpMp3qaJBcfsQ82ORjvp8u7BS9jAXJ 7dqNRKWQnsojwp4vWdoIrlEbSzsvISDJJIpHUE4VNY2VzWfGp5MNkptWZy9Sl5BjEDax yVsQ==
X-Forwarded-Encrypted: i=1; AJvYcCVRwA1EnuxlL/440lXTGDASG0YKvIcO9asrhZgVfd/+qUrZU2HiwPJo4rGzAiM+kFp3r/En@ietf.org
X-Gm-Message-State: AOJu0Yyq1ilVymqVv6POfgDu4VDUa7p0T6hU7h0IjEB43kyYfrQ3MYn8 vUoe2In/unihMNOgK/mHLHummjOicv6wnnLr3lb2wEDo/vWiJsjcIhQL
X-Gm-Gg: AY/fxX5CXD30hEIctr9W4+RsIi0h4JQABRc1acW5k1FNtirTpeLdhuZDI1UDwEfELfv H/l0iOQHLW/cFVNEcUSXDp4LZTwrFfQNSo9dkHIYJ1b1loXML1mZSOKCNWl0lvCMruMXoe7QtxX 6JenYSeVm0pY0DBsSpW0T7zZrBcQ1vId+CLddM5maUelHjLuMQ9JXFEhvl8JG7AsAkcxL/VtyRe dGmvZrb8vcLDwMHMSTwhZT1m55BN47hHLOkVBuBgTrTtA2inKUvF30hTOtTnsDJDJLVVar6pohO yv/MwYlp6wz4Ewe6h42Quh4UVRGizO5GHZLee10t1om74hrdO3axaYK4GPVFYrffgQyGrdbBT1C xuuk02hnvGwBFOx/Y1kOrQbFBE7aVw4BKEaYSgI+5HSapTWptCQktT+ZvjMPbTNuV4lBEzp5wpu I+k+Ogor7qpxP7pM/dzOt8J+5LR7DttyRO39iNEEZgtCWA7NtXxyP7etateQ==
X-Google-Smtp-Source: AGHT+IGEo+uAZns8dKr+jmQNFniafaXnKptCFLhseXIP0h6twwN1SZ4CZQeGwXvtn3TTuv6TPYDR9w==
X-Received: by 2002:a05:622a:20e:b0:4f4:e15e:528f with SMTP id d75a77b69052e-4ffb49c7d3emr200739171cf.62.1768065722327; Sat, 10 Jan 2026 09:22:02 -0800 (PST)
Received: from smtpclient.apple ([2600:382:b405:fbc8:9589:8922:95e:e7cb]) by smtp.gmail.com with ESMTPSA id d75a77b69052e-4ffb75d7916sm82725231cf.7.2026.01.10.09.22.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 10 Jan 2026 09:22:01 -0800 (PST)
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
X-Google-Original-From: Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail-EFADB20B-4B4B-4CCB-AC35-4F63DFB38371"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (1.0)
Message-Id: <CBDD5425-01C7-4A2D-97F6-BF66C0E5A0FE@gmail.com>
References: <CAHu=PL2n26wwEtEECb1VqzshJBTJ+chhbcKTNbLeABmM_+eymg@mail.gmail.com>
In-Reply-To: <CAHu=PL2n26wwEtEECb1VqzshJBTJ+chhbcKTNbLeABmM_+eymg@mail.gmail.com>
To: Manu Fontaine <Manu@hushmesh.com>
X-Mailer: iPhone Mail (23B85)
X-MailFrom: kathleen.moriarty.ietf@gmail.com
X-Mailman-Rule-Hits: max-recipients
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-size; news-moderation; no-subject; digests; suspicious-header
Message-ID-Hash: 4WHGCTHKHY6DL273DAPSM3FKCFZOHJDK
X-Message-ID-Hash: 4WHGCTHKHY6DL273DAPSM3FKCFZOHJDK
X-Mailman-Approved-At: Sun, 11 Jan 2026 11:11:17 -0800
CC: Nathanael Ritz <nathanritz@gmail.com>, John Kemp <stable.pseudonym@gmail.com>, Henk Birkholz <henk.birkholz@ietf.contact>, Yaron Sheffer <yaronf.ietf@gmail.com>, Justin Richer <jricher@mit.edu>, Pieter Kasselman <pieter@defakto.security>, wimse-chairs@ietf.org, Sorin Dumitru <sorin@returnze.ro>, wimse@ietf.org, rats@ietf.org, seat@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Seat] Re: [Rats] Re: Re: [WIMSE] Re: Follow-up of meeting 122 presentation (Formal proof of insecurity of Intel's RA-TLS and draft-fossati-tls-attestation)
List-Id: "Secure Evidence and Attestation Transport (SEAT) WG" <seat.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/seat/SU9atUbwXOPaIexpriaMoEI8nzw>
List-Archive: <https://mailarchive.ietf.org/arch/browse/seat>
List-Help: <mailto:seat-request@ietf.org?subject=help>
List-Owner: <mailto:seat-owner@ietf.org>
List-Post: <mailto:seat@ietf.org>
List-Subscribe: <mailto:seat-join@ietf.org>
List-Unsubscribe: <mailto:seat-leave@ietf.org>
Date: Sat, 10 Jan 2026 17:22:03 -0000
X-Original-Date: Sat, 10 Jan 2026 12:21:50 -0500

Hi Manu,

I actually had this conversation offline separately with a few people and agree it would be good to address. However, we can start somewhere else and possibly run it separate from WIMSE. 

I’m planning to write a blog and can reach out with a draft. 

Yes, what you describe should be solved, and we’ll need to figure out where when we have more solid framing.

Best regards,
Kathleen 

Sent from my mobile device

On Jan 10, 2026, at 7:11 AM, Manu Fontaine <Manu@hushmesh.com> wrote:


Thanks Nathanael.

I was not insisting, I was just suggesting other possible words in response to Kathleen's and John's perspectives.

SPIFFE/SPIRE entered the CNCF Sandbox in 2018, and graduated in 2022. They were conceived and articulated from a "trusted CSP" perspective. We're now in 2026, and the need for hardware-backed assurances is fast becoming relevant for many types of workloads, across many industries and supply chains. Per its charter, WIMSE wants to "bridge the gaps and ambiguities in workload identity problems", so this is an opportunity for the IETF to disambiguate from a "better internet" perspective.

Evidence is only admissible in court through a verified unbroken chain of custody. Everything else is testimony, which depends on the credibility of the witness. Similarly, one can check or validate that claims, attributes, or assertions were signed with a certain key, but that doesn't verify anything about the provenance, quality, lifecycle, and security of the signing key (i.e. its chain of custody). It's only good enough if one believes it is.

My personal and professional perspective is that it is not counter-productive, nor a needless source of friction, for the IETF to start clearly distinguishing evidence vs. claims/attributes, attestation vs. assertion, and verification vs. validation, even if words have been used more loosely in the past or in the English language.

But again, this is just a suggestion. Thanks.

Best,
Manu



On Fri, Jan 9, 2026 at 5:56 PM Nathanael Ritz <nathanritz@gmail.com> wrote:
I think that if there is a way for a given subject to convey cryptographic evidence of a given expected state to the satisfaction of another party, then the use of “attester” and “verifier” make common sense. SPIFFE/SPIRE uses the concept of “node attestation” and insisting against that terminology in WIMSE feels counter-productive.

I do think there is value in being careful about the use of Attester, Verifier, Evidence and those kinds of words as proper nouns.  It makes sense to me that a draft should explain why, (and under what context) they are used as proper nouns if that happens to be the case. 

But to simply say “attestation is a loaded term, so avoid using it here unless you mean ____” is just going to be a needless source of friction. 

On Fri, Jan 9, 2026 at 3:06 PM Manu Fontaine <Manu@hushmesh.com> wrote:
Perhaps WIMSE could use "Assert / Assertion", and RATS could use "Attest / Attestation"?

Disambiguating the two is important because of the very different security and trust models. An assertion made by a software entity is not as "believable" (verifiable) as hardware-backed attestation.

Best,
Manu



On Fri, Jan 9, 2026 at 4:12 PM John Kemp <stable.pseudonym@gmail.com> wrote:
Hi Kathleen,

> El ene 8, 2026, a las 12:36 p.m., Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> escribió:
>
> WIMSE is not using the terms in this stricter verification sense in their drafts for its core work. There is mention of attesting properties used to create an identity from information about a workload and the host server, but they don't have in scope how those are defined and the attestation stated is not necessarily related to confidential computing or use of a TPM (or even a vTPM in a TEE). Since the identifiers are not defined and not in scope then it follows that attesting them is not in scope.

I will start by noting that well before RATS or TCG defined the term ‘attestation’, it also had a[t least one] broader English-language meaning:

"the action of formally witnessing or certifying something” (Oxford) or

"an act or instance of attesting something” ([MW])

WIMSE attestation certainly fits within this definition.

I also think that the way that RATS defines the term in RFC 9334 is sufficiently broad (I prefer that word to ‘vague’ in this case) to include WIMSE cases.

RATS says this about attestation (without explicitly defining it as a term):

"In Remote ATtestation procedureS (RATS), one peer (the "Attester") produces believable information about itself ("Evidence") to enable a remote peer (the "Relying Party") to decide whether or not to consider that Attester a trustworthy peer. Remote attestation procedures are facilitated by an additional vital party (the "Verifier”).”

I would argue that WIMSE could quite reasonably suggest that its own architectural entities could perform the roles of Attester, Verifier and Relying Party, so by the above definition, I would say we are covered.

In Henk’s prior message, I heard him suggest that we should use neither Attestation nor Evidence as terms in WIMSE.

I think we in WIMSE have some choices:

1. Remove the use of the term attestation and use a different term entirely. I think this would be difficult, because of the existence of the English-language term, which I do believe is appropriate and meaningful.
2. Use the term ‘attestation’ with its commonly-known English-language definition (although that may lead to at least some technical imprecision and some confusion with RATS)
3. Use the term and refer to RATS, re-using only the roles of the entities involved in the process, and not the technical means by which they achieve those roles.

Personally, I lean towards (2) with an explicit note to say that we _do not_ mean RATS attestation, even though we certainly have similar parties to the process of attestation (Attester, Verifier and Relying Party).

Regards, -johnk

[MW] https://www.merriam-webster.com/dictionary/attestation" rel="noreferrer nofollow" target="_blank">https://www.merriam-webster.com/dictionary/attestation

_______________________________________________
RATS mailing list -- rats@ietf.org
To unsubscribe send an email to rats-leave@ietf.org
_______________________________________________
RATS mailing list -- rats@ietf.org
To unsubscribe send an email to rats-leave@ietf.org

v2.43.4 | Report a Bug | By Email | System Status