IETF Logo Mail Archive

[WIMSE] Re: Follow-up of meeting 122 presentation (Formal proof of insecurity of Intel's RA-TLS and draft-fossati-tls-attestation)

Yaroslav Rosomakho <yrosomakho@zscaler.com> Sun, 28 December 2025 16:12 UTC

Return-Path: <yrosomakho@zscaler.com>
X-Original-To: wimse@mail2.ietf.org
Delivered-To: wimse@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 973E1A00D5B0 for <wimse@mail2.ietf.org>; Sun, 28 Dec 2025 08:12:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (1024-bit key) header.d=zscaler.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V2P_Tm0mH0H3 for <wimse@mail2.ietf.org>; Sun, 28 Dec 2025 08:12:49 -0800 (PST)
Received: from mail-oo1-xc32.google.com (mail-oo1-xc32.google.com [IPv6:2607:f8b0:4864:20::c32]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 7E254A00D5A9 for <wimse@ietf.org>; Sun, 28 Dec 2025 08:12:49 -0800 (PST)
Received: by mail-oo1-xc32.google.com with SMTP id 006d021491bc7-65d1bff2abaso4321345eaf.1 for <wimse@ietf.org>; Sun, 28 Dec 2025 08:12:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zscaler.com; s=google; t=1766938363; x=1767543163; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=K13iCSfYVd7fOxjNELGTkUH8HpR+5yhan3Rjosa5+zg=; b=em3meKBOZHeX12FkUINCHdV+vBcuJTLKa3BwLKq9a9UAScB4KvHK6Qcxd9PVf2nQRH SwPSQtLc+NnP4AOUxoBEmcfDGZcYZnbcf3kk7LYVhID24FkVBEqAjUuXaL9MfJorknDw 7mQdXdNzBuiIN4U7MZquL7uKVXn2T2wRoFWyI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1766938363; x=1767543163; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=K13iCSfYVd7fOxjNELGTkUH8HpR+5yhan3Rjosa5+zg=; b=xOXOrAnIPSZsx23WUkmi7Rr84d8jjbzfMeVnySRI/ijYAUZtwVy6vh9r55BEx5sxam WtAsO9axXdiSB/DXbXZhXXjHyXFhxUNkSRkI4NL58QdEHzuB7G8GDzZ80KBUpXPgHM4M +qvDvLmtMGPviyUWosYIwEXD1dGvGRGCOtqkKlnlX0FjJSFahQ49hpAfpRf/FwBG94e/ 5UtkzVZ/I1wLb2sSfmBOHSt3O1mrxwEf4FDuvik85ViZQPwTN3I3oLQmq7H1rOZUU2tF iyNbO+DQcs5H3AOhGhoLLi37lRTU7OiNiVgHBgndVU5BQw1VReyfuKHo/fiPliMFO1gB lG+w==
X-Gm-Message-State: AOJu0Yy/zbCkqgECMfx6air/JE2CLyAQZnPdJExHdhpwdxWJpK1CfIAB O1sV/QlwWjokkPPfFVwasnAKEMJM9ebYwbiKc0YObOrxN6iObrKA1CXh7JhwUUabvIFtPBa4Ykk WeCOZpVGYYyI9+5Kieo1ivVQ3ytVtPcLtEtn3bu9FmGAJJ2bN09P80rjXId1jhUkSDT2NBNj8LM fIxRfFkkpgMl0JZg==
X-Gm-Gg: AY/fxX79GxLAK5yEe18daACXzNAmWSAJO/AZLCyGFnQDDnnBAKSiH8X5ptVbLi4zPM6 x5Z/uVoiDcE8dLc7rWKWIn4WJREr0S5njFRK36Ips74/bbAPSErdzXxFdYlUiPjrZD1v/rHd1UO Jqvz2bswsvyVmHWPzA4EZXieHFwxp+PVzRmhQjyhm1TQyFOhvA900Z2vEFDJggjg9oGc81rmkJy KGvGybc2ou3X9nUfe6TGiq05q5abCMkM04k9uh8ga8TF6WTNUmOh+MlkLHBsPxzoG1JVBpDNERs +aefLtfu4+SCbF6/z5yX5VlXfXBHaQ==
X-Google-Smtp-Source: AGHT+IG0JCbhBuk4NhUj7u+rjOASGQvy03fLz9lhIEGhv7o7nbD93FJZfY5cJ4Ov6UzYN5Op2hwbpyojraX+I+xvARw=
X-Received: by 2002:a05:6820:1691:b0:659:9a49:8eb7 with SMTP id 006d021491bc7-65d0eb81ba0mr12239016eaf.59.1766938362692; Sun, 28 Dec 2025 08:12:42 -0800 (PST)
MIME-Version: 1.0
References: <8ea21216-8819-4b5d-8526-7dc3ca75c854@tu-dresden.de>
In-Reply-To: <8ea21216-8819-4b5d-8526-7dc3ca75c854@tu-dresden.de>
From: Yaroslav Rosomakho <yrosomakho@zscaler.com>
Date: Sun, 28 Dec 2025 16:12:31 +0000
X-Gm-Features: AQt7F2rQfMBTHddctotJqQEUdF3vG6fwWV_13OUOfXXs7FWcMb4Vc7xUPX8iU5o
Message-ID: <CAMtubr2zprpqDLjTRqYHR9fgV13xoagU6GEJYoLrK6bdS-jyDA@mail.gmail.com>
To: Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de>
Content-Type: multipart/alternative; boundary="000000000000732d45064705659b"
Message-ID-Hash: F5C7E7AOMYDWBBMHWDIUWX5ZR636TFH2
X-Message-ID-Hash: F5C7E7AOMYDWBBMHWDIUWX5ZR636TFH2
X-MailFrom: yrosomakho@zscaler.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "wimse@ietf.org" <wimse@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [WIMSE] Re: Follow-up of meeting 122 presentation (Formal proof of insecurity of Intel's RA-TLS and draft-fossati-tls-attestation)
List-Id: WIMSE Workload Identity in Multi-Service Environment <wimse.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/wimse/_NNIGT8nxo8cvQVzstSqRy7lozw>
List-Archive: <https://mailarchive.ietf.org/arch/browse/wimse>
List-Help: <mailto:wimse-request@ietf.org?subject=help>
List-Owner: <mailto:wimse-owner@ietf.org>
List-Post: <mailto:wimse@ietf.org>
List-Subscribe: <mailto:wimse-join@ietf.org>
List-Unsubscribe: <mailto:wimse-leave@ietf.org>

// Speaking as WIMSE Architecture draft co-author.

I don't believe WIMSE architecture proposes or implies a specific mechanism
to deliver attestation. And I don't think this detail needs to be covered
in this reasonably high-level informational document.

Can you please explain in more detail why specifically you are "strongly
opposed" to draft-ietf-wimse-arch-06?

Best Regards,
Yaroslav

On Sun, Dec 28, 2025 at 10:40 AM Muhammad Usama Sardar <
muhammad_usama.sardar@tu-dresden.de> wrote:

> Hi,
>
> # *TL;DR*
>
> I am strongly opposed to any WIMSE draft (including
> draft-ietf-wimse-arch-06 and draft-lkspa-wimse-verifiable-geo-fence) which
> proposes or even implies attested TLS in pre-handshake or intra-handshake
> attestation.
>
>
> # *Details*
>
> I would like to follow up on my presentation at meeting 122 on the
> identity crisis [0], and the several mailing list discussions for
> draft-lkspa-wimse-verifiable-geo-fence.
>
> In our paper [1] (accepted at AsiaCCS), we (i.e., I, Mariam Moustafa and
> Tuomas Aura) provide a formal proof of insecurity of pre-handshake
> attestation (Intel's/Interoperable RA-TLS) as well as intra-handshake
> attestation (draft-fossati-tls-attestation). Formal proof is available at
> [2] under Apache-2.0 license.
>
> We would like to have your review and feedback on the pre-print [1] and
> proof [2]. If there is any objection/disagreement, please speak up, else
> please clean up your drafts.
>
> Based on follow-up research, we believe that it is not possible to make
> pre-/intra-handshake attestation secure in the general case, and that
> post-handshake attestation is the most secure solution.
>
> -Usama
>
>
> [0]
> https://datatracker.ietf.org/meeting/122/materials/slides-122-wimse-identity-crisis-00
>
> [1]
> https://www.researchgate.net/publication/398839141_Identity_Crisis_in_Confidential_Computing_Formal_Analysis_of_Attested_TLS
>
> [2] https://github.com/CCC-Attestation/formal-spec-id-crisis
>
>
> PS: Please keep me explicitly in To/CC. I am currently overwhelmed with
> SEAT work and currently not following this list.
> --
> WIMSE mailing list -- wimse@ietf.org
> To unsubscribe send an email to wimse-leave@ietf.org
>

-- 


This communication (including any attachments) is intended for the sole 
use of the intended recipient and may contain confidential, non-public, 
and/or privileged material. Use, distribution, or reproduction of this 
communication by unintended recipients is not authorized. If you received 
this communication in error, please immediately notify the sender and then 
delete all copies of this communication from your system.

v2.38.3 | Report a Bug | By Email | System Status