[TLS] Public side meetings (and call for presentations) on Attested TLS for Confidential Computing

Muhammad Usama Sardar Wed, 09 Jul 2025 12:58:27 -0700

(Note for TLS WG only: announcing with off-list approval of chairs)


Hi all,

*TL;DR*: There will be two /public side meetings/ on attested TLS.

 * Since the first side meeting is at a very sensitive time (just
   before the attested TLS BoF), please apply for a slot only if you
   think your topic is absolutely relevant to the BoF, and share your
   draft slides with me until Monday, 14th July.
 * For the second side meeting, general presentations related to the
   topic are very welcome. Please drop me a short email with topic and
   time, and share your draft slides with me until Friday, 18th July.

If you are interested in the topic but time (for both side meetings) does not work for you, please let me know and I will be happy to meet you during the week at a time convenient to you.


*Details*:

/1st side meeting/:

    Date: 21st July (Monday)

    Time: 11:00 - 13:00

    Room: El Escorial [Capacity: 40]

/2nd side meeting/:

    Date: 23rd July (Wednesday)

    Time: 11:00 - 13:00

    Room: Segovia [Capacity: 16]

Relevant for:

 * *RATS*: Design space to inject remote attestation into transport
   protocols; and related security considerations
 * *TLS*: Extension of TLS with remote attestation
 * *WIMSE*: Solving identity crisis in confidential computing
 * *LAKE*: Extension of EDHOC with remote attestation (folks can
   hopefully benefit from our analysis of post-handshake vs.
   intra-handshake attestation options)
 * *Attested TLS*: of course ;)

No prior knowledge is assumed for first side meeting but knowledge of TLS or RATS will be helpful.

The current agenda is based on joint works with Arto Niemi, Hannes Tschofenig, Thomas Fossati, Simon Frost, Ned Smith, Mariam Moustafa, Tuomas Aura, Yaron Sheffer, Ionut Mihalcea, Jean-Marie Jacquet, Tirumaleswar Reddy K., Carsten Weinhold, Michael Roitzsch, Yogesh Deshpande, Henk Birkholz, Liang Xia, Weiyu Jiang, Jun Zhang and Houda Labiod.


*Draft agenda for first side meeting*:

The first side meeting aims to bring everyone on the same page for discussion in the BoF. We plan to cover the following topics (subject to changes dependent on the interest and background of attendees, e.g., may skip the introductory stuff on TLS and Remote Attestation if attendees are familiar enough):


 * Network Security (TLS: RFC8446bis [1])
     o Without client authentication
     o With client authentication
 * Endpoint Security (Remote Attestation (RA): including RFC9334 [2])
     o Disambiguate attestation and authentication
 * Attested TLS (RA || TLS)
     o Need for attested TLS
     o Use case
     o Design Options
         + Pre-handshake attestation
             # Replay attacks [3]
             # Diversion attacks [4]
             # Proposed solutions
         + Intra-handshake attestation (draft-fossati-tls-attestation [5])
             # Diversion attacks [4,6]
             # Proposed solutions [6,7]
         + Post-handshake attestation
           (draft-fossati-tls-exported-attestation [8])
             # Preliminary formal analysis
     o Protocols
         + Server as Attester
         + Client as Attester

*Draft agenda and call for presentations for second side meeting*:

 * Any left over items from first side meeting
 * Follow-up discussion of BoF and planning of next steps
 * Key negotiation and distribution [9]
 * How to get your protocols verified faster? [10]
     o Threat model
     o Informal security goals
     o Protocol diagram
 * Other relevant topics and open questions

We aim to scope the side meetings to Confidential Computing and welcome presentations around the theme of attested TLS within this scope. If interested, please send me your topic and time estimate until Monday, 14th July.


Additional reading:

 * Attestation in Arm CCA and Intel TDX [11]

We look forward to your perspectives and insightful discussions during the side meetings!



Kind regards,

Usama

[1] https://datatracker.ietf.org/doc/draft-ietf-tls-rfc8446bis/

[2] https://datatracker.ietf.org/doc/rfc9334/

[3] https://ieeexplore.ieee.org/document/10752524

[4] https://datatracker.ietf.org/meeting/interim-2025-rats-01/materials/slides-interim-2025-rats-01-sessa-identity-crisis-in-attested-tls-for-confidential-computing-01.pdf


[5] https://datatracker.ietf.org/doc/draft-fossati-tls-attestation/

[6] https://mailarchive.ietf.org/arch/msg/tls/Jx_yPoYWMIKaqXmPsytKZBDq23o/

[7] https://www.usenix.org/system/files/atc25-weinhold.pdf

[8] https://datatracker.ietf.org/doc/draft-fossati-tls-exported-attestation/

[9] https://datatracker.ietf.org/doc/draft-xia-rats-key-negotiation-integration/


[10] https://datatracker.ietf.org/doc/draft-usama-tls-fatt-extension/

[11] https://ieeexplore.ieee.org/document/10373038

smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]

[TLS] Public side meetings (and call for presentations) on Attested TLS for Confidential Computing

Reply via email to