[TLS] Re: Public side meetings on identity crisis in attested TLS for Confidential Computing

[Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de>]

Hi all,

The secretariat made a mistake in trello. The side meeting link is:

https://ietf.webex.com/meet/ietfsidemeeting3

We are in room 3 on 7th floor and starting now.

Usama

On 06.03.25 16:14, Muhammad Usama Sardar wrote:
>
> (Note for TLS WG only: announcing with approval of chairs [0])
>
> Hi all,
>
> *TL;DR*: There will be a couple of /public side meetings/ on attested 
> TLS. For organizational purposes (e.g., to ask for a bigger room 
> [current room capacity: 20]), if you are interested in presenting or 
> attending /in-person/, please drop me a short email. Since some of the 
> attested TLS team members will be remote (and in Europe), we have 
> selected a time slot suitable for them. But if you are really 
> interested and this time does not work for you, please let me know and 
> we will seek alternatives. Also see call for presentations below.
>
> Date: 17th March (Monday) and 19th March (Wednesday)
>
> Time: Both meetings at 15:00 - 17:00
>
> Room: Meeting Room 3
>
> Relevant for:
>
>   * *RATS*: Design space to inject remote attestation into transport
>     protocols; and related security considerations
>   * *TLS*: Extension of TLS with remote attestation
>   * *WIMSE*: Identity crisis in confidential computing
>
> No prior knowledge is assumed but knowledge of TLS will be helpful.
>
> The current agenda is based on joint works with Arto Niemi, Hannes 
> Tschofenig, Thomas Fossati, Simon Frost, Ned Smith, Mariam Moustafa, 
> Tuomas Aura, Yaron Sheffer, Ionut Mihalcea and Jean-Marie Jacquet.
>
> *Draft agenda for first side meeting*:
>
> The first side meeting aims to bring everyone on the same page for 
> discussion of the open questions in the second side meeting. We plan 
> to cover the following topics (subject to changes dependent on the 
> interest and background of attendees):
>
>   * Network Security (TLS: RFC8446bis [1])
>       o Without client authentication
>       o With client authentication
>   * Endpoint Security (Remote Attestation (RA): including RFC9334 and
>     RFC9683)
>       o Disambiguate attestation and authentication
>   * Attested TLS (RA || TLS) including [4] and [5]
>       o Design Options
>           + Pre-handshake attestation
>           + Intra-handshake attestation
>           + Post-handshake attestation
>       o Protocols
>           + Server as Attester
>           + Client as Attester
>
> *Draft agenda and call for presentations for second side meeting*:
>
>   * Technical details of impersonation attacks [6]
>       o Attack1 in [6]
>       o Attack2 in [6]
>   * Proposed solution (Recommendation [6])
>   * Discussion of open questions [6]
>   * Other relevant open questions
>
> We aim to scope the side meetings to Confidential Computing and 
> welcome presentations around the theme of attacks mentioned here [6] 
> within this scope. If interested, please send me your topic and time 
> estimate until 10th March.
>
> Additional readings:
>
>   * Attested TLS [7]
>   * Attestation in Arm CCA and Intel TDX [8]
>
>
> We look forward to your perspectives and discussions during the side 
> meetings!
>
>
> Kind regards,
>
> Usama
>
>
> [0] https://mailarchive.ietf.org/arch/msg/tls/RHyArzvEJHimDi49b2bboPAUW_c/
>
> [1] https://datatracker.ietf.org/doc/draft-ietf-tls-rfc8446bis/
>
> [2] https://datatracker.ietf.org/doc/rfc9334/
>
> [3] https://datatracker.ietf.org/doc/rfc9683/
>
> [4] https://datatracker.ietf.org/doc/draft-fossati-tls-attestation/
>
> [5] 
> https://datatracker.ietf.org/doc/draft-fossati-tls-exported-attestation/
>
> [6] https://mailarchive.ietf.org/arch/msg/tls/Jx_yPoYWMIKaqXmPsytKZBDq23o/
>
> [7] https://ieeexplore.ieee.org/document/10752524
>
> [8] https://ieeexplore.ieee.org/document/10373038
>