IETF Logo Mail Archive

[WIMSE] Re: [Rats] Re: [Seat] Re: Re: Follow-up of meeting 122 presentation (Formal proof of insecurity of Intel's RA-TLS and draft-fossati-tls-attestation)

Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de> Thu, 08 January 2026 20:24 UTC

Return-Path: <muhammad_usama.sardar@tu-dresden.de>
X-Original-To: seat@mail2.ietf.org
Delivered-To: seat@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 31418A4F9DBF; Thu, 8 Jan 2026 12:24:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.087
X-Spam-Level:
X-Spam-Status: No, score=-2.087 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_PDS_SHORTFWD_URISHRT_QP=0.01] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=tu-dresden.de
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hRCviyQT9HhE; Thu, 8 Jan 2026 12:24:33 -0800 (PST)
Received: from mailout7.zih.tu-dresden.de (mailout7.zih.tu-dresden.de [141.76.32.220]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id AFBEBA4F9DB5; Thu, 8 Jan 2026 12:24:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=tu-dresden.de; s=dkim2022; h=Content-Type:In-Reply-To:From:References:CC:To :Subject:MIME-Version:Date:Message-ID:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=w4V26Mrm8o8OmVF4SBzURcRw3gK6SuOlR5y/WnRzF6c=; b=tyQPtZiAzpe/BJcscJPIAh1465 LqUzcPVsMgZgc87i/c/g6Cvz9JdOv2rTbQaeB1M2HxQhI/5U4WXVp/+qInLOFAIrEYaD0n7jFjIZ2 b9i4lJ0qj3T/bpOqHCm3aBcHzxZtxsJ4RnK14UfIery/l5PqdaTwMMwo4Vbqmhxi7uJD9NDG9VeMm npT2N3lKG11s/ZXNuQZbtQaHBDh+2+khcQeAdV1PqQayWXN8QnVav3T+ToRKzTkcoG+6/jC8K8Cp4 qlDga10CK9nlQ3oX/7rUjml+6UFjCdLbIZHjVzCC6+crxK4xy4T6QQZuYHotDk0EYFea2LAYgNaQw Dz4Dpawg==;
Received: from msx-t422.msx.ad.zih.tu-dresden.de ([172.26.35.139] helo=msx.tu-dresden.de) by mailout7.zih.tu-dresden.de with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from <muhammad_usama.sardar@tu-dresden.de>) id 1vdwYU-003z3M-26; Thu, 08 Jan 2026 21:24:31 +0100
Received: from [10.12.5.228] (141.76.13.149) by msx-t422.msx.ad.zih.tu-dresden.de (172.26.35.139) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.35; Thu, 8 Jan 2026 21:24:17 +0100
Message-ID: <9fb598a0-a44c-44d3-914a-2208193bde30@tu-dresden.de>
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
References: <8ea21216-8819-4b5d-8526-7dc3ca75c854@tu-dresden.de> <1091A040-E13F-41C7-9344-03642A92258F@gmail.com> <97de370c-1f6d-43af-b80b-9850056cc567@tu-dresden.de> <9CE46048-084B-46CF-B0A5-1DAF7FE1FB07@gmail.com> <04151c27-ed12-41cd-93fd-6a20db315fbe@tu-dresden.de> <440F8274-35D6-49C7-AA11-9F2FDB20ABAF@gmail.com> <bcdd15c4-4d79-4dd6-818c-67a0000ccee9@tu-dresden.de> <80B45863-8DDB-4539-80DB-D6342B93CFCF@gmail.com> <890f353f-eae2-4bc8-bd6e-514526e73972@tu-dresden.de> <10E1AEB3-B425-4B3B-B201-D300A37B1FAC@mit.edu> <14295601-86df-4557-beb0-1e1845141417@tu-dresden.de> <CALtWOA20-CF4OJa9SKJG4rVtDKzrukVmwLRYbVMp72PgX_osKQ@mail.gmail.com> <IA0PR01MB8277FFF97ED4DFA5E6F6C3BFBD87A@IA0PR01MB8277.prod.exchangelabs.com> <dcbd8688-2e8c-4060-b9c2-6671596c5f78@tu-dresden.de> <FRWP195MB27649ED4F206519D0C8A4C78A987A@FRWP195MB2764.EURP195.PROD.OUTLOOK.COM> <78977005-5788-22ee-387c-e224222f0058@ietf.contact> <CAHbuEH7_FSbsc4izF6u+noxwJk-hnPw3i48avRqYZrgU=_qpJw@mail.gmail.com>
Content-Language: en-US
From: Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de>
In-Reply-To: <CAHbuEH7_FSbsc4izF6u+noxwJk-hnPw3i48avRqYZrgU=_qpJw@mail.gmail.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-512"; boundary="------------ms090902010004040005070704"
X-ClientProxiedBy: MSX-L414.msx.ad.zih.tu-dresden.de (172.26.34.134) To msx-t422.msx.ad.zih.tu-dresden.de (172.26.35.139)
X-TUD-Virus-Scanned: mailout7.zih.tu-dresden.de
X-MailFrom: muhammad_usama.sardar@tu-dresden.de
X-Mailman-Rule-Hits: max-recipients
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-size; news-moderation; no-subject; digests; suspicious-header
Message-ID-Hash: CXAUYTPSZ5HAZQSM4SVUSGZ4FU6VVRFF
X-Message-ID-Hash: CXAUYTPSZ5HAZQSM4SVUSGZ4FU6VVRFF
X-Mailman-Approved-At: Fri, 09 Jan 2026 10:43:02 -0800
CC: Yaron Sheffer <yaronf.ietf@gmail.com>, Justin Richer <jricher@mit.edu>, Pieter Kasselman <pieter@defakto.security>, "wimse-chairs@ietf.org" <wimse-chairs@ietf.org>, John Kemp <stable.pseudonym@gmail.com>, Sorin Dumitru <sorin@returnze.ro>, "wimse@ietf.org" <wimse@ietf.org>, "rats@ietf.org" <rats@ietf.org>, "seat@ietf.org" <seat@ietf.org>, Henk Birkholz <henk.birkholz@ietf.contact>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [WIMSE] Re: [Rats] Re: [Seat] Re: Re: Follow-up of meeting 122 presentation (Formal proof of insecurity of Intel's RA-TLS and draft-fossati-tls-attestation)
List-Id: WIMSE Workload Identity in Multi-Service Environment <wimse.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/wimse/-r4diowELmJJ9OvWkQt0gCnQrpQ>
List-Archive: <https://mailarchive.ietf.org/arch/browse/wimse>
List-Help: <mailto:wimse-request@ietf.org?subject=help>
List-Owner: <mailto:wimse-owner@ietf.org>
List-Post: <mailto:wimse@ietf.org>
List-Subscribe: <mailto:wimse-join@ietf.org>
List-Unsubscribe: <mailto:wimse-leave@ietf.org>
Date: Thu, 08 Jan 2026 20:24:35 -0000
X-Original-Date: Thu, 8 Jan 2026 21:24:16 +0100

Thank you Kathleen. Please see a few /important/ clarifications inline:

On 08.01.26 18:36, Kathleen Moriarty wrote:
> Hundreds of protocols and formats in the IETF use TLS, so it does not 
> make sense to RAT-hole on attestation whenever TLS comes up.

I don't really see how that is relevant to this discussion at all. As I 
pointed out in [0], it mentions *both* TLS and attestation and that 
clearly implies attested TLS.

> SEAT is a brand new working group and the concept is not fully 
> formalized or widely implemented and adopted. This means it is not 
> appropriate to place requirements on other evolving work to adopt use 
> of Attested TLS yet.

Seems there is a big misunderstanding here. I am not at all asking WIMSE 
to adopt attested TLS. In fact, my proposal # 1 was to remove 
attestation [1]. Some folks want to keep it, fair enough.

> My vote is to not block WIMSE on SEAT, SEAT is not ready for that and 
> it would hold up WIMSE work.

By no means, I am blocking or holding up WIMSE work. Speaking as author 
of draft-mihalcea-seat-use-cases: As mentioned upstream, 5-minutes long 
critique [2] building link with WIMSE was brought to us in Montreal and 
I have shared results of my analysis with WIMSE.

Speaking as author of draft-mihalcea-seat-use-cases and 
draft-fossati-seat-expat: My take-away for SEAT interim from this thread 
is that: WIMSE has very confusing notion of "attestation". Until WIMSE 
comes to a consensus to what exactly attestation means, I am unable to 
address the above critique. Sorry Mark!

-Usama

[0] https://mailarchive.ietf.org/arch/msg/wimse/gQsGLkw59Zsuj7TG7Phej6U-lfQ/

[1] https://mailarchive.ietf.org/arch/msg/wimse/I0YgR9AzKcA0zF_kG7Q6mWCc9ZY/

[2] https://youtu.be/ic0K-S8Txvg?t=1338

v2.38.3 | Report a Bug | By Email | System Status