On 20.02.25 13:36, Alicja Kario wrote:
It depends on how you define "system" here. If it is the hardware, sure you need to trust it in any case. If it is some parts of software too, then there is a whole field of "Confidential Computing" which claims that adversary (e.g., cloud provider) has complete access to several layers of software stack.if you can't trust the system you're running an application on, you *definitely* can't trust any network connections from it
sorry, but the threat model you're talking about is not realistic
I disagree with this. The threat model is realistic. See [1-2] and our new draft in progress [3] trying to tackle this threat model.
Usama [1] https://ieeexplore.ieee.org/document/10752524[2] https://www.ietf.org/archive/id/draft-fossati-tls-attestation-08.html#section-9.1
[3] https://hannestschofenig.github.io/exported-attestation/draft-fossati-rats-exported-attestation.html
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
