Return-Path: X-Original-To: seat@mail2.ietf.org Delivered-To: seat@mail2.ietf.org Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 5023AAB5B4E2 for ; Thu, 22 Jan 2026 00:27:51 -0800 (PST) X-Virus-Scanned: amavisd-new at ietf.org X-Spam-Flag: NO X-Spam-Score: -2.097 X-Spam-Level: X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (1024-bit key) header.d=zscaler.com Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q4uwfZSlWPFL for ; Thu, 22 Jan 2026 00:27:50 -0800 (PST) Received: from mail-vs1-xe2f.google.com (mail-vs1-xe2f.google.com [IPv6:2607:f8b0:4864:20::e2f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id F345DAB5B4DB for ; Thu, 22 Jan 2026 00:27:49 -0800 (PST) Received: by mail-vs1-xe2f.google.com with SMTP id ada2fe7eead31-5ecddf73062so399716137.1 for ; Thu, 22 Jan 2026 00:27:49 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1769070463; cv=none; d=google.com; s=arc-20240605; b=XH4Lry+nxGETNYtWjVv0ZQVa2lAUygVAFfLaNICskrxt77roziErKIuT9+diPLt5dX F4KwwMahLF4NSNSpv9GRijp8ahIEZm7aX+TvJB7D8lkmJoPUV/k7pf9+iEDAQJx2xowz byAGD364i32b32RY1ik/6Ry4YQgrI2hOwCr6QriI4DC0YR7hq+HZ7DaCkJjsYtWxcgHk gVw7n8ieckpAQ0KahDhzpspHX4Z2352OEgf2oVDuBkHSI2JlmI5xeh2Be1Bx+Ji3xUTr wXLdxnPkNKHVLiLA6uYpB6o4o3HWZp6yZmk97ncctx0bglXrfBSreWbAIjfwNeajVIzG j64w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=O05qaz3qg1v6e7CGwz9U5tPfTqf0ws5P4iy4j+ZJ5nY=; fh=ZF0dW/4RxiHfPjtOatT76H8Ly2jYzx9d01m8yy0KHlo=; b=XhOO5j5HrCYcctqzxQI63nJFsVzpE3S7BaxvmZGM8D14dRxYnXRTI+YJW/p68p15Qp 536Y6B+aZAeEIFRXs9dL3QiKr226XdNhhZtav5jSoD7d8G7PTUxa30oyCEORCPxzTdCh 9AexmGq4vS329iYMUAcF6DpyyaR6vTSc1uX9tmGEONtalJAGNqnR/lFaHio6jyRvvGsp s2eyGKdriE5fofTC1osZuMv5vvNihKM5mN1Muwi778zA49OomOXqugYnGM9vJfDpuodZ 0ccX69hx2G51A2334zREqAYLVlq1H8EIjeYpVVkI74RzUrCayHcoinm8Uyki5U9ShucQ xM9Q==; darn=ietf.org ARC-Authentication-Results: i=1; mx.google.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zscaler.com; s=google; t=1769070463; x=1769675263; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=O05qaz3qg1v6e7CGwz9U5tPfTqf0ws5P4iy4j+ZJ5nY=; b=WfDYB62SORFhZe02st6ALkO7ppEmrJ3zUvuJQv2vAg9fpRyY1r6pIQDsTG3IhuTKQh 6f8K/RTd0B1PusLxEUhq3SQqUyD16ol0pTDhhsHD9LEDBo/EBRX5+lb7VKE+g7LAIFb6 gbTJKdN6/FdAf0977QhYjyYhHjZ1jZwxEzEtM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1769070463; x=1769675263; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=O05qaz3qg1v6e7CGwz9U5tPfTqf0ws5P4iy4j+ZJ5nY=; b=P1F8EjQh4Vkn9Rxp0LkBIQ4OIcz4HGA+8uPlaIpsbj6WhFm8gWmiHwyVpYwnZVJjYh 5TCvqypfVsosezQUL5x4lIINrXYkmfl0r0xm6crUIRxubi18Jz5iyAA8qTBDZta67bpv /iuKkRLP6H1KyKDBj6M84ikW1mWp6wC8zdSlTag4I6j5BG4RmUVstjwA2yDlJLjuqw1w SUmlEPQUDkCAKtBDentcPRxmGM/YIIF7cTzqmxwqAI+51C3B5MOvcDCiInpO2csFtOZ1 Nw/jDQknEEcDvGbnElRfEDwxdk/nbwna4W8/XGzA7c5gl4glxBSHZosyAg50f9b7V2rM AzaQ== X-Gm-Message-State: AOJu0YxxrlAYtKH4SpdRzom4nCbcyA0Hhe36sfHWFMr6WNWSDpo3QFRY P4KbLQ6Cq6k7iBrHElrp8pRzzbFAlU4GIOfdoYibd+cXjkvBGTiWVj8XUpUfgCAA5KSWhSg+mtJ Ff9fzqwl58gMZaYqBcf0VcmdIJEQ/Ynry4l/ffuRQql+EBB9Fc9J13L3cda1XwjgKeymLk40A9I skDbFbfiM2g9Ifz/s5HiSwh5nfoQ== X-Gm-Gg: AZuq6aLokQABNcUBsaXd2t2IT5oWWweeto6HLrJDzNITmqNdWCpv7A67nwoLtmuBCOT cfEwKaixKjBHF0jAFX+UyVcIA2UKXivgB1EFRU2wobVSnk1NAV9uVtudMy74FkYhSran+YjmDMv SiaHki+MMW7Lkj0PSrYItVB6lyxWLmpZuVTWsoaSm6uQM9AiHJIVx28T0mIuAA5U6xg9uHnbNe7 vLRADcbQbq4ZffkpA1gLXkv4JU/1LMpp9iM4ZofJEJlTqN06USwZW1NVrsaZpci01brhgE= X-Received: by 2002:a05:6102:3914:b0:5db:dad4:840 with SMTP id ada2fe7eead31-5f532e912bdmr854534137.12.1769070463158; Thu, 22 Jan 2026 00:27:43 -0800 (PST) MIME-Version: 1.0 References: <176890236222.867028.3887971722243664931@dt-datatracker-865585c994-4fgh4> <651a244c-5c66-430e-a125-43d0161a06f7@tu-dresden.de> In-Reply-To: <651a244c-5c66-430e-a125-43d0161a06f7@tu-dresden.de> From: Yaroslav Rosomakho Date: Thu, 22 Jan 2026 15:27:32 +0700 X-Gm-Features: AZwV_QhtFBU7mnJwfkdcIayoHVmqowNcCAEg1on559GzzyiaAr_BEb4QhaOGeNM Message-ID: To: Muhammad Usama Sardar Content-Type: multipart/alternative; boundary="0000000000008a22970648f5d048" Message-ID-Hash: DHYYKHEPNUAVDZTF7AN7VIM5HIDD5HNF X-Message-ID-Hash: DHYYKHEPNUAVDZTF7AN7VIM5HIDD5HNF X-MailFrom: yrosomakho@zscaler.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: "seat@ietf.org" X-Mailman-Version: 3.3.9rc6 Precedence: list Subject: =?utf-8?q?=5BSeat=5D_Re=3A_Fwd=3A_New_Version_Notification_for_draft-usama-s?= =?utf-8?q?eat-intra-vs-post-02=2Etxt?= List-Id: "Secure Evidence and Attestation Transport (SEAT) WG" Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --0000000000008a22970648f5d048 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Usama. Here is my review as an individual contributor (not wearing any hats). Overall, I find the discussion useful and the concrete implementation feedback (such as latency measurements) very valuable. I do think a few conclusions are currently stated more strongly than the text supports. Section 3 (Pre-handshake attestation): The current dismissal seems to assume Evidence can be arbitrarily old relative to connection establishment. Many signed artifacts carry issuance time and validity constraints (e.g., JWT iat/exp [0], HTTP Message Signatures created/expires [1], SAML conditions [2]). A timestamp alone is not the same as freshness, but a short validity window plus a trustworthy time source can be an acceptable assurance mechanism in some deployments. Likewise, some schemes can provide stronger freshness via verifier-chosen challenges or monotonic counters. I suggest separating "not contemporaneous with this TLS connection" from "too old to be meaningful", and discussing under what threat models / deployment assumptions pre-handshake is insufficient. Section 3 does not currently mention potential benefits of pre-handshake (e.g., no modification of TLS, no changes to application protocols, potential caching/scalability advantages). Even if you ultimately judge these insufficient, listing them would make the draft more balanced. Section 4 (Intra-handshake attestation): I don't think "embedding evidence in the handshake" automatically guarantees freshness. Freshness typically depends on an unpredictable, single-use challenge and clear replay handling. If Evidence (or the challenge it is bound to) can be reused, the freshness property doesn't follow merely from being carried in handshake messages. More generally, the text would benefit from explicitly stating what is being bound to what (e.g., transcript hash, exporter, traffic secrets, application traffic secrets) and which concrete mechanisms provide that binding. Section 4.1.2 / 4.2.4 (Round trips and latency): The argument that avoiding an extra RTT is not a relevant goal may depend heavily on deployment topology (LAN vs same-region vs cross-continent). The data point you include is still helpful. Section 4.2.4 (high handshake latency) seems closely related to 4.1.2; you might consider merging them and broadening the analysis to include "baseline handshake costs" (including how PQ transition may change the baseline). Section 4.2.1 (Limited claims availability): I'm not convinced the limitation is specific to intra-handshake without a clearer definition. What exactly is meant by "limited claims"? Which claims are unavailable intra-handshake but available pre- or post-handshake, and why? Concrete examples (even a short list) would help. Section 4.2.2 (Invasive changes in TLS): It's not clear to me that intra-handshake attestation inherently requires modifications to the TLS key schedule. Could a design based on standard TLS extensions and explicit transcript/channel binding (via early exporters) satisfy the required security properties? If not, it would be useful to explain in the draft text which properties force more invasive changes. Section 5.1.4 (Latency placement): I don't think that moving latency related to attestation into after handshake is always a good thing. In some real-time and streaming applications, a spike after the session is established may be much more disruptive than paying a cost during the handshake. It would help to discuss this as a trade-off. Section 5.1.6 (Ease of implementation): A working demo is great, but I'm not sure it translates directly into "ease of implementation" for production deployments. Production-oriented examples (especially showing Exported Authenticators usage) would make this argument much more compelling. Section 5.2.1 (Impact on application layer): This is my biggest concern with the post-handshake approach as currently written. Exported Authenticators define a secure way to serialise and bind authenticators, but each application protocol still needs a way to negotiate, carry, and process those structures. So far, this has not been easy even for HTTP (HTTP working group is still focused only on unsolicited server-side authenticators [3]). I suggest expanding this section into a more concrete discussion of deployment paths, and what is realistically required in applications and/or infrastructure. The analysis appears to skip a potentially important design point: an explicit shim or gating layer that performs attestation after the TLS handshake completes but before any application data is exchanged. This is operationally distinct from both intra-handshake attestation and fully application-integrated post-handshake attestation. Such an approach could preserve standard TLS handshake behaviour and latency characteristics, avoid invasive TLS changes, and still prevent application data from flowing until attestation succeeds. It may also mitigate some of the application-layer complexity by localizing attestation handling to a well-defined enforcement point (e.g., a sidecar or connection gate) rather than requiring per-protocol integration. Is there a specific reason this design point was excluded? If not, it may be worth explicitly analysing it as a distinct option, or clarifying whether and why it is considered equivalent to "post-handshake" in the current text. Hope this helps. Best Regards, Yaroslav [0] https://www.rfc-editor.org/rfc/rfc7519.html#section-4.1.6 [1] https://www.rfc-editor.org/rfc/rfc9421.html#signature-params [2] https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf [3] https://datatracker.ietf.org/doc/draft-ietf-httpbis-secondary-server-certs On Tue, Jan 20, 2026 at 5:29=E2=80=AFPM Muhammad Usama Sardar < muhammad_usama.sardar@tu-dresden.de> wrote: > Hi, > > This version replaces our experiments with the experiments of Markus Rudy > as independent data point. It also addresses the feedback [0] from Mike > Bursell, the Executive Director of Confidential Computing Consortium (CCC= ). > Thanks both! > > I welcome WG feedback/thoughts/critique on the draft. In case of critique= , > please propose text and provide references, if possible, to support your > views. I request the same if you disagree with something. > > Looking forward to your ideas to mutually work to improve it. > Thanks! > > -Usama > > [0] https://lists.confidentialcomputing.io/g/attestation/message/276 > > -------- Forwarded Message -------- > Subject: New Version Notification for > draft-usama-seat-intra-vs-post-02.txt > Date: Tue, 20 Jan 2026 01:46:02 -0800 > From: internet-drafts@ietf.org > To: Muhammad Sardar > , Muhammad Usama Sardar > > > > A new version of Internet-Draft draft-usama-seat-intra-vs-post-02.txt has > been > successfully submitted by Muhammad Usama Sardar and posted to the > IETF repository. > > Name: draft-usama-seat-intra-vs-post > Revision: 02 > Title: Pre-, Intra- and Post-handshake Attestation > Date: 2026-01-20 > Group: Individual Submission > Pages: 18 > URL: https://www.ietf.org/archive/id/draft-usama-seat-intra-vs-post-02.tx= t > Status: https://datatracker.ietf.org/doc/draft-usama-seat-intra-vs-post/ > HTML: > https://www.ietf.org/archive/id/draft-usama-seat-intra-vs-post-02.html > HTMLized: > https://datatracker.ietf.org/doc/html/draft-usama-seat-intra-vs-post > Diff: > https://author-tools.ietf.org/iddiff?url2=3Ddraft-usama-seat-intra-vs-pos= t-02 > > Abstract: > > This document presents a taxonomy of extending TLS protocol with > remote attestation, referred to as attested TLS. It also presents > high-level analysis of benefits and limitations of each category, > namely pre-handshake attestation, intra-handshake attestation and > post-handshake attestation. > > > > The IETF Secretariat > > > _______________________________________________ > Seat mailing list -- seat@ietf.org > To unsubscribe send an email to seat-leave@ietf.org > --=20 This communication (including any attachments) is intended for the sole=20 use=C2=A0of the intended recipient and may contain confidential, non-public= ,=20 and/or=C2=A0privileged material. Use, distribution, or reproduction of this= =C2=A0 communication by unintended recipients is not authorized. If you received= =C2=A0 this communication in error, please immediately notify the sender and then= =C2=A0 delete all copies of this communication from your system. --0000000000008a22970648f5d048 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi Usama.

Here is my r= eview as an individual contributor (not wearing any hats).

Overall, I find the discussion useful and the concrete implementat= ion feedback (such as latency measurements) very valuable. I do think a few= conclusions are currently stated more strongly than the text supports.

Section 3 (Pre-handshake attestation):

<= div>The current dismissal seems to assume Evidence can be arbitrarily old r= elative to connection establishment. Many signed artifacts carry issuance t= ime and validity constraints (e.g., JWT iat/exp [0], HTTP Message Signature= s created/expires [1], SAML conditions [2]). A timestamp alone is not the s= ame as freshness, but a short validity window plus a trustworthy time sourc= e can be an acceptable assurance mechanism in some deployments. Likewise, s= ome schemes can provide stronger freshness via verifier-chosen challenges o= r monotonic counters. I suggest separating "not contemporaneous with t= his TLS connection" from "too old to be meaningful", and dis= cussing under what threat models / deployment assumptions pre-handshake is = insufficient.
Section 3 does not currently mention potential = benefits of pre-handshake (e.g., no modification of TLS, no changes to appl= ication protocols, potential caching/scalability advantages). Even if you u= ltimately judge these insufficient, listing them would make the draft more = balanced.

Section 4 (Intra-handshake attestation):=

I don't think "embedding evidence in the handshake&= quot; automatically guarantees freshness. Freshness typically depends on an= unpredictable, single-use challenge and clear replay handling. If Evidence= (or the challenge it is bound to) can be reused, the freshness property do= esn't follow merely from being carried in handshake messages.
More g= enerally, the text would benefit from explicitly stating what is being boun= d to what (e.g., transcript hash, exporter, traffic secrets, application tr= affic secrets) and which concrete mechanisms provide that binding.

Section 4.1.2 / 4.2.4 (Round trips and latency):

The argument that avoiding an extra RTT is not a relevant goal may dep= end heavily on deployment topology (LAN vs same-region vs cross-continent).= The data point you include is still helpful.
Section 4.2.4 (high handsh= ake latency) seems closely related to 4.1.2; you might consider merging the= m and broadening the analysis to include "baseline handshake costs&quo= t; (including how PQ transition may change the baseline).

Section 4.2.1 (Limited claims availability):

I'm = not convinced the limitation is specific to intra-handshake without a clear= er definition. What exactly is meant by "limited claims"? Which c= laims are unavailable intra-handshake but available pre- or post-handshake,= and why? Concrete examples (even a short list) would help.

<= /div>
Section 4.2.2 (Invasive changes in TLS):

It's not clear to me that intra-handshake attestation inherently requi= res modifications to the TLS key schedule. Could a design based on standard= TLS extensions and explicit transcript/channel binding (via early exporter= s) satisfy the required security properties? If not, it would be useful to = explain in the draft text which properties force more invasive changes.

Section 5.1.4 (Latency placement):

I do= n't think that moving latency related to attestation into after handsha= ke=C2=A0is always a good thing. In some real-time and streaming application= s, a spike after the session is established may be much more disruptive tha= n paying a cost during the handshake. It would help to discuss this as a tr= ade-off.

Section 5.1.6 (Ease of implementation):

A working demo is great, but I'm not sure it translates di= rectly into "ease of implementation" for production deployments. = Production-oriented examples (especially showing Exported Authenticators us= age) would make this argument much more compelling.

Section 5.2.1 (Impact on application layer):

This is my big= gest concern with the post-handshake approach as currently written. Exporte= d Authenticators define a secure way to serialise and bind authenticators, = but each application protocol still needs a way to negotiate, carry, and pr= ocess those structures. So far, this has not been easy even for HTTP (HTTP = working group=C2=A0is still focused only on unsolicited server-side authent= icators [3]). I suggest expanding this section into a more concrete discuss= ion of deployment paths, and what is realistically required in applications= and/or infrastructure.



<= div>The analysis appears to skip a potentially important design point: an e= xplicit shim or gating layer that performs attestation after the TLS handsh= ake completes but before any application data is exchanged. This is operati= onally distinct from both intra-handshake attestation and fully application= -integrated post-handshake attestation.=C2=A0Such an approach could preserv= e standard TLS handshake behaviour and latency characteristics, avoid invas= ive TLS changes, and still prevent application data from flowing until atte= station succeeds. It may also mitigate some of the application-layer comple= xity by localizing attestation handling to a well-defined enforcement point= (e.g., a sidecar or connection gate) rather than requiring per-protocol in= tegration.

Is there a specific reason this design = point was excluded? If not, it may be worth explicitly analysing it as a di= stinct option, or clarifying whether and why it is considered equivalent to= "post-handshake" in the current text.

<= br>
Hope this helps.

Best Regards,
=
Yaroslav


On Tue, Jan 20, 2026 at 5:29=E2=80= =AFPM Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de> wrote:
=20 =20 =20

Hi,

This version replaces our experiments with the experiments of Markus Rudy as independent data point. It also addresses the feedback [0] from Mike Bursell, the Executive Director of Confidential Computing Consortium (CCC). Thanks both!

I welcome WG feedback/thoughts/critique on the draft. In case of critique, please propose text and provide references, if possible, to support your views. I request the same if you disagree with something.

Looking forward to your ideas to mutually work to improve it.

Thanks!

-Usama

[0] https://lists.confidentialcomputing.io/g/attestat= ion/message/276

-------- Forwarded Message --------
Subject: New Version Notification for draft-usama-seat-intra-vs-post-02.txt
Date: Tue, 20 Jan 2026 01:46:02 -0800
From: internet-drafts@ietf.org
To: Muhammad Sardar <muhammad_usama.sardar@tu-dresden.de>, Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de>


A new version of Internet-Draft draft-usama-seat-intra-vs-post-02.txt has been
successfully submitted by Muhammad Usama Sardar and posted to the
IETF repository.

Name: draft-usama-seat-intra-vs-post
Revision: 02
Title: Pre-, Intra- and Post-handshake Attestation
Date: 2026-01-20
Group: Individual Submission
Pages: 18
URL: https://www.ietf.org/archive/id/draft-usama-= seat-intra-vs-post-02.txt
Status: https://datatracker.ietf.org/doc/draft-usama-seat= -intra-vs-post/
HTML: https://www.ietf.org/archive/id/draft-usama= -seat-intra-vs-post-02.html
HTMLized: https://datatracker.ietf.org/doc/html/draft-u= sama-seat-intra-vs-post
Diff: https://author-tools.ietf.org/iddiff?url2= =3Ddraft-usama-seat-intra-vs-post-02

Abstract:

This document presents a taxonomy of extending TLS protocol with
remote attestation, referred to as attested TLS. It also presents
high-level analysis of benefits and limitations of each category,
namely pre-handshake attestation, intra-handshake attestation and
post-handshake attestation.



The IETF Secretariat


_______________________________________________
Seat mailing list -- sea= t@ietf.org
To unsubscribe send an email to seat-leave@ietf.org


This communica= tion (including any attachments) is intended for the sole use=C2=A0<= span style=3D"color:rgb(69,84,100);font-family:SourceSansPro,"Helvetic= a Neue",Helvetica,Arial,sans-serif;font-size:12px">of the intended rec= ipient and may contain confidential, non-public, and/or=C2=A0privileged material. Use,= distribution, or reproduction of this=C2=A0communication by unintended recipients is = not authorized. If you received=C2=A0this communication in error, please immediately n= otify the sender and then=C2=A0delete all copies of this communication from your syste= m. --0000000000008a22970648f5d048--