[TLS] Re: [Rats] expat BoF proposal
Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de> Fri, 30 May 2025 10:20 UTC
Return-Path: <muhammad_usama.sardar@tu-dresden.de>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 6F1142EB376D; Fri, 30 May 2025 03:20:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -4.397
X-Spam-Level:
X-Spam-Status: No, score=-4.397 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=tu-dresden.de
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dvje4lCe__IE; Fri, 30 May 2025 03:20:22 -0700 (PDT)
Received: from mailout4.zih.tu-dresden.de (mailout4.zih.tu-dresden.de [141.30.67.75]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 952EA2EB3763; Fri, 30 May 2025 03:20:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=tu-dresden.de; s=dkim2022; h=Content-Type:In-Reply-To:From:References:CC:To :Subject:MIME-Version:Date:Message-ID:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=aeWtHDzyPJUgL3Djg0V6jjmz52Rvp1lVJmmjJdfYY0g=; b=Z/ot8NoyFeox5HcaCGbnvmzekk rlho/gHE/tyjPL8Cq7VCnK0qB8/CSTptV9UO6Onpj7orT3wCWK75yBq1Xi+sQapZ8Mqy5rm90Pj1V MDW0PjQE02cT6qtmbSsckIGIC6c4ItMFZwBg/0AGvqVy4QbVgGEmKU9lAxdcDUsq9Rk4XMJbJp7fY s1ARRyQwKiARFFX2PVZbbztYu18Nde8BOpmA5k/sZkisA8xIuari7usJEJ97WVRI4o0+JfL0isALo 8EpWUljsLkCnFH3mjjXj/iId9MS6eV7mz6a/hgQjRP6+XASvLmZ8vqcIYx97GV1MgdFoG+Rr/dGVt aLsASwzg==;
Received: from msx-t422.msx.ad.zih.tu-dresden.de ([172.26.35.139] helo=msx.tu-dresden.de) by mailout4.zih.tu-dresden.de with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <muhammad_usama.sardar@tu-dresden.de>) id 1uKwqb-006eyS-6z; Fri, 30 May 2025 12:20:21 +0200
Received: from [10.12.5.228] (81.201.156.93) by msx-t422.msx.ad.zih.tu-dresden.de (172.26.35.139) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1748.10; Fri, 30 May 2025 12:20:16 +0200
Message-ID: <786ac777-fbd4-48d2-8d36-6369197cee5a@tu-dresden.de>
Date: Fri, 30 May 2025 12:20:15 +0200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: rats@ietf.org
References: <zovg2wkhvfajkf54df2oexbe3iubb6eottsjqcl4cutig5xaoe@diksm4pgt5nx>
Content-Language: en-US
From: Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de>
In-Reply-To: <zovg2wkhvfajkf54df2oexbe3iubb6eottsjqcl4cutig5xaoe@diksm4pgt5nx>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-512"; boundary="------------ms030007010904070201020706"
X-ClientProxiedBy: MSX-L421.msx.ad.zih.tu-dresden.de (172.26.34.141) To msx-t422.msx.ad.zih.tu-dresden.de (172.26.35.139)
X-TUD-Virus-Scanned: mailout4.zih.tu-dresden.de
Message-ID-Hash: 456MJ2A7ZHDYICN6PBXRKZI4C7RDKEW5
X-Message-ID-Hash: 456MJ2A7ZHDYICN6PBXRKZI4C7RDKEW5
X-MailFrom: muhammad_usama.sardar@tu-dresden.de
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: saag@ietf.org, tls@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: [Rats] expat BoF proposal
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/tlfqmgSt9UmtLl4KinBqciiYV6A>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
To put some meat on top of this, the kind of open questions (as
discussed at RATS interim [1]) that the proposed WG aims to address for
Confidential Computing (CC) -- our main motivation -- are:
* What is the "long-term identity" of the CC workload? How is
"long-term identity" assigned to the CC workload? Which entity
supplies this "long-term identity"? How is that "Identity Supplier"
trusted?
* How is CA-certified Long-Term Key (LTK) injected in the CC workload
in the first place? Which entity generates the LTK and how is that
entity trusted?
* Can Cloud Service Provider (CSP) /really/ be out of Trusted
Computing Base (TCB)?
* What does "freshness" mean for highly dynamic and long-lived workloads?
* Does RATS Background-check model further complicates the problem
rather than solving it? In other words, how to verify the Verifier?
[1]
https://datatracker.ietf.org/meeting/interim-2025-rats-01/materials/slides-interim-2025-rats-01-sessa-identity-crisis-in-attested-tls-for-confidential-computing-01.pdf
- [TLS] expat BoF proposal Thomas Fossati
- [TLS] Re: [Rats] expat BoF proposal Muhammad Usama Sardar