IETF Logo Mail Archive

[WIMSE] Re: Follow-up of meeting 122 presentation (Formal proof of insecurity of Intel's RA-TLS and draft-fossati-tls-attestation)

Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de> Wed, 31 December 2025 14:00 UTC

Return-Path: <muhammad_usama.sardar@tu-dresden.de>
X-Original-To: wimse@mail2.ietf.org
Delivered-To: wimse@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 7F19BA10AD90 for <wimse@mail2.ietf.org>; Wed, 31 Dec 2025 06:00:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -4.398
X-Spam-Level:
X-Spam-Status: No, score=-4.398 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=tu-dresden.de
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xhTtEP7d9LWL for <wimse@mail2.ietf.org>; Wed, 31 Dec 2025 06:00:10 -0800 (PST)
Received: from mailout3.zih.tu-dresden.de (mailout3.zih.tu-dresden.de [141.30.67.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 7297CA10A9E0 for <wimse@ietf.org>; Wed, 31 Dec 2025 06:00:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=tu-dresden.de; s=dkim2022; h=Content-Type:In-Reply-To:From:References:CC:To :Subject:MIME-Version:Date:Message-ID:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=XjGkQ0HAfRwhTNr8v31l+Boqhxx0GP0qojyFg/m73d0=; b=VKHoS5qYEAMBmGjtS+0vIshoy5 69M86Fq14vKRBeNEolw0BUMWV5xui/uvpx181r1wWJYMEz+7qTXaagjeWH5/pX+5NusQuvv0Nkwfd 5H16kPsvLbwyHW1x0UIWtTiqPxgVJvCFojAB/sUMpbIdHobiI+WFUx0QiuldI9nTayrOVxSWCDCxB vT3nJsaDaAXpOREw4BZdzPqOVs2sg7Q1ck3xN4Pm9w1hJsbawjdKwNJAqKt2eybWtUWH+Od4fAQ15 c7SbOqExd5HUcpg4ScQC/X3hCK+zLaTJQ7MeK7av56bP5cjY6pnDK98KovUf8SDMIVM6XSNpPjEFl tnFigNjQ==;
Received: from msx-t422.msx.ad.zih.tu-dresden.de ([172.26.35.139] helo=msx.tu-dresden.de) by mailout3.zih.tu-dresden.de with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <muhammad_usama.sardar@tu-dresden.de>) id 1vawk7-006m8r-FN; Wed, 31 Dec 2025 15:00:04 +0100
Received: from [10.12.5.228] (141.76.13.165) by msx-t422.msx.ad.zih.tu-dresden.de (172.26.35.139) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.35; Wed, 31 Dec 2025 14:59:39 +0100
Message-ID: <890f353f-eae2-4bc8-bd6e-514526e73972@tu-dresden.de>
Date: Wed, 31 Dec 2025 14:59:38 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: John Kemp <stable.pseudonym@gmail.com>
References: <8ea21216-8819-4b5d-8526-7dc3ca75c854@tu-dresden.de> <CAMtubr2zprpqDLjTRqYHR9fgV13xoagU6GEJYoLrK6bdS-jyDA@mail.gmail.com> <810544c8-3169-4f38-b7de-2175ab55b9c5@tu-dresden.de> <372b6fab-20fa-4dfe-ae58-8655e11f46f7@returnze.ro> <23cb1733-c8c4-4dc8-bec2-6102a2971494@tu-dresden.de> <3df51010-820a-4615-af22-9722ab40a94e@returnze.ro> <0516f548-19e0-43a8-a1d4-02feb2da8b50@tu-dresden.de> <1091A040-E13F-41C7-9344-03642A92258F@gmail.com> <97de370c-1f6d-43af-b80b-9850056cc567@tu-dresden.de> <9CE46048-084B-46CF-B0A5-1DAF7FE1FB07@gmail.com> <04151c27-ed12-41cd-93fd-6a20db315fbe@tu-dresden.de> <440F8274-35D6-49C7-AA11-9F2FDB20ABAF@gmail.com> <bcdd15c4-4d79-4dd6-818c-67a0000ccee9@tu-dresden.de> <80B45863-8DDB-4539-80DB-D6342B93CFCF@gmail.com>
Content-Language: en-US
From: Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de>
In-Reply-To: <80B45863-8DDB-4539-80DB-D6342B93CFCF@gmail.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-512"; boundary="------------ms090900030908070205050302"
X-ClientProxiedBy: MSX-T414.msx.ad.zih.tu-dresden.de (172.26.35.134) To msx-t422.msx.ad.zih.tu-dresden.de (172.26.35.139)
X-TUD-Virus-Scanned: mailout3.zih.tu-dresden.de
Message-ID-Hash: MHBT3DJUZM3KHHMDDULAQ4B5ZBBTM3R5
X-Message-ID-Hash: MHBT3DJUZM3KHHMDDULAQ4B5ZBBTM3R5
X-MailFrom: muhammad_usama.sardar@tu-dresden.de
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Sorin Dumitru <sorin@returnze.ro>, wimse@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [WIMSE] Re: Follow-up of meeting 122 presentation (Formal proof of insecurity of Intel's RA-TLS and draft-fossati-tls-attestation)
List-Id: WIMSE Workload Identity in Multi-Service Environment <wimse.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/wimse/dX_2NBEeUamWfCgw9UuFHg6LstQ>
List-Archive: <https://mailarchive.ietf.org/arch/browse/wimse>
List-Help: <mailto:wimse-request@ietf.org?subject=help>
List-Owner: <mailto:wimse-owner@ietf.org>
List-Post: <mailto:wimse@ietf.org>
List-Subscribe: <mailto:wimse-join@ietf.org>
List-Unsubscribe: <mailto:wimse-leave@ietf.org>

For record, rather than repetition, I will respond in this thread only 
when I will see some new argument. What's been said is not acceptable to 
me and I stay in strong opposition of architecture draft (including 
John's recent PR).

John, answer to your question inline:

On 31.12.25 14:34, John Kemp wrote:
> 4. Have you submitted your concerns to the RATS WG - 
Yes, it was presented at RATS and pre-print was share recently [0].
> that would seem more appropriate than here since there is at least a 
> RATS draft on attested TLS specifically [fossati-09]?

If you carefully see the name of the draft [fossati-09], it was intended 
for TLS WG and not RATS WG. TLS WG was already informed about it in 
February [1].

-Usama

>
> [fossati-09] 
> https://datatracker.ietf.org/doc/draft-fossati-tls-attestation/

[0] https://mailarchive.ietf.org/arch/msg/rats/sLHnWMqKg2Jwu403vpgCIaVOYdE/

[1] https://mailarchive.ietf.org/arch/msg/tls/Jx_yPoYWMIKaqXmPsytKZBDq23o/

v2.38.3 | Report a Bug | By Email | System Status