[TLS] Public side meetings on identity crisis in attested TLS for Confidential Computing
Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de> Thu, 06 March 2025 09:14 UTC
Return-Path: <muhammad_usama.sardar@tu-dresden.de>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 8EFD981A152; Thu, 6 Mar 2025 01:14:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -4.397
X-Spam-Level:
X-Spam-Status: No, score=-4.397 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=tu-dresden.de
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AoqjAKj-04Hr; Thu, 6 Mar 2025 01:14:30 -0800 (PST)
Received: from mailout3.zih.tu-dresden.de (mailout3.zih.tu-dresden.de [141.30.67.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 5588881A134; Thu, 6 Mar 2025 01:14:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=tu-dresden.de; s=dkim2022; h=Content-Type:CC:To:Subject:From:MIME-Version: Date:Message-ID:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=/PC9T862mOqY2nnLB2A+Ay5TUvigUq9Rnpno7TB0UW0=; b=wwZeHdBwClssbxabwGPDTePaVC Gnn4LJjWOnIO/iHyZ7gIy2czndnyoWMrXwa1ulUGJHXJroJBS5LWiSdHKMfZImWgeNU9K6iBQfJ5g Mh0UdowZhiPO6q3jGmIOlLgan0pcIVbj1RA5V5TXSz/d7Vo9XEeQNSz/2vMAepEU2iyuLCafD9yT7 OrEbCeA6HxdTu5KFq+8luM6RN3YlGe+lVclr/aFYbci8P40e8Au3eBmdSmHqB6Z7nnRM/2wf44N9X 4MmEAlXkE7lV3MN7JnRemvfa44uVIo8f+ve2Heccp7s+m0RYNK4ipm7km8KhKGmnmiaMAVz5w63wj pSmzIJ3A==;
Received: from [172.26.35.139] (helo=msx.tu-dresden.de) by mailout3.zih.tu-dresden.de with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <muhammad_usama.sardar@tu-dresden.de>) id 1tq7J5-00DvIf-1m; Thu, 06 Mar 2025 10:14:19 +0100
Received: from [10.12.5.228] (81.201.156.93) by msx-t422.msx.ad.zih.tu-dresden.de (172.26.35.139) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.14; Thu, 6 Mar 2025 10:14:14 +0100
Message-ID: <289e5201-d318-4cfd-b465-a12047092451@tu-dresden.de>
Date: Thu, 06 Mar 2025 10:14:13 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-US
From: Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de>
To: "TLS@ietf.org" <tls@ietf.org>, "rats@ietf.org" <rats@ietf.org>, wimse@ietf.org
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-512"; boundary="------------ms090006010800090006080604"
X-ClientProxiedBy: MSX-L421.msx.ad.zih.tu-dresden.de (172.26.34.141) To msx-t422.msx.ad.zih.tu-dresden.de (172.26.35.139)
X-TUD-Virus-Scanned: mailout3.zih.tu-dresden.de
Message-ID-Hash: 4IXM5XWOVBAS2LDX5AFW5HPMTIT4QTSL
X-Message-ID-Hash: 4IXM5XWOVBAS2LDX5AFW5HPMTIT4QTSL
X-MailFrom: muhammad_usama.sardar@tu-dresden.de
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: 122attendees@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Public side meetings on identity crisis in attested TLS for Confidential Computing
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/HXvxdRF7A2pa-JG4AvPuzMs7TkM>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
(Note for TLS WG only: announcing with approval of chairs [0])
Hi all,
*TL;DR*: There will be a couple of /public side meetings/ on attested
TLS. For organizational purposes (e.g., to ask for a bigger room
[current room capacity: 20]), if you are interested in presenting or
attending /in-person/, please drop me a short email. Since some of the
attested TLS team members will be remote (and in Europe), we have
selected a time slot suitable for them. But if you are really interested
and this time does not work for you, please let me know and we will seek
alternatives. Also see call for presentations below.
Date: 17th March (Monday) and 19th March (Wednesday)
Time: Both meetings at 15:00 - 17:00
Room: Meeting Room 3
Relevant for:
* *RATS*: Design space to inject remote attestation into transport
protocols; and related security considerations
* *TLS*: Extension of TLS with remote attestation
* *WIMSE*: Identity crisis in confidential computing
No prior knowledge is assumed but knowledge of TLS will be helpful.
The current agenda is based on joint works with Arto Niemi, Hannes
Tschofenig, Thomas Fossati, Simon Frost, Ned Smith, Mariam Moustafa,
Tuomas Aura, Yaron Sheffer, Ionut Mihalcea and Jean-Marie Jacquet.
*Draft agenda for first side meeting*:
The first side meeting aims to bring everyone on the same page for
discussion of the open questions in the second side meeting. We plan to
cover the following topics (subject to changes dependent on the interest
and background of attendees):
* Network Security (TLS: RFC8446bis [1])
o Without client authentication
o With client authentication
* Endpoint Security (Remote Attestation (RA): including RFC9334 and
RFC9683)
o Disambiguate attestation and authentication
* Attested TLS (RA || TLS) including [4] and [5]
o Design Options
+ Pre-handshake attestation
+ Intra-handshake attestation
+ Post-handshake attestation
o Protocols
+ Server as Attester
+ Client as Attester
*Draft agenda and call for presentations for second side meeting*:
* Technical details of impersonation attacks [6]
o Attack1 in [6]
o Attack2 in [6]
* Proposed solution (Recommendation [6])
* Discussion of open questions [6]
* Other relevant open questions
We aim to scope the side meetings to Confidential Computing and welcome
presentations around the theme of attacks mentioned here [6] within this
scope. If interested, please send me your topic and time estimate until
10th March.
Additional readings:
* Attested TLS [7]
* Attestation in Arm CCA and Intel TDX [8]
We look forward to your perspectives and discussions during the side
meetings!
Kind regards,
Usama
[0] https://mailarchive.ietf.org/arch/msg/tls/RHyArzvEJHimDi49b2bboPAUW_c/
[1] https://datatracker.ietf.org/doc/draft-ietf-tls-rfc8446bis/
[2] https://datatracker.ietf.org/doc/rfc9334/
[3] https://datatracker.ietf.org/doc/rfc9683/
[4] https://datatracker.ietf.org/doc/draft-fossati-tls-attestation/
[5] https://datatracker.ietf.org/doc/draft-fossati-tls-exported-attestation/
[6] https://mailarchive.ietf.org/arch/msg/tls/Jx_yPoYWMIKaqXmPsytKZBDq23o/
[7] https://ieeexplore.ieee.org/document/10752524
[8] https://ieeexplore.ieee.org/document/10373038
- [TLS] Public side meetings on identity crisis in … Muhammad Usama Sardar
- [TLS] Re: [Wimse] Public side meetings on identit… John Kemp
- [TLS] Re: [Wimse] Public side meetings on identit… Muhammad Usama Sardar
- [TLS] Re: Public side meetings on identity crisis… Muhammad Usama Sardar
- [TLS] Re: Public side meetings on identity crisis… Muhammad Usama Sardar