Hi Muhammad, > Op 18 nov 2025, om 18:58 heeft Muhammad Usama Sardar > <[email protected]> het volgende geschreven: > > Hi Thom, > > I agree with everything you said, except for one. Clarifying question inline > for that: > > On 18.11.25 10:26, Thom Wiggers wrote: >> Main Secrets are not intended to be extracted from the TLS state machine. >> They have no user value. HSMs or TEE should not be involved with them. > > I assume by Main Secrets, you mean the Main Secret and keys derived from it. > So I am not sure why TEE should not be involved with Main Secret and its > derivatives. One could have the whole network stack within the TEE, no? If > the TEE does not protect the Main Secret, then what's the benefit of using > TEE? >
Yeah if you run the whole thing in a TEE then of course it’s in there. I meant “involved with them” in the sense of any kind of storage. And indeed, what applies to the Main Secret applies to the other “internal” keys just as well. Cheers, Thom > -Usama > _______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
