On Friday, 21 February 2025 22:15:06 CET, Muhammad Usama Sardar wrote:
On 20.02.25 13:36, Alicja Kario wrote:
if you can't trust the system you're running an application on, you
*definitely* can't trust any network connections from it
It depends on how you define "system" here. If it is the
hardware, sure you need to trust it in any case. If it is some
parts of software too, then there is a whole field of
"Confidential Computing" which claims that adversary (e.g.,
cloud provider) has complete access to several layers of
software stack.
You need to have at least partial trust for everything running below
the application that will be affected by SSLKEYLOGFILE; be it the kernel,
container environment, VM, or CPU (actual hardware).
If you can't be sure that the attacker didn't mess with your environment
variables then you don't have a trustworthy system.
sorry, but the threat model you're talking about is not realistic
I disagree with this. The threat model is realistic. See [1-2]
and our new draft in progress [3] trying to tackle this threat
model.
Usama
[1] https://ieeexplore.ieee.org/document/10752524
[2]
https://www.ietf.org/archive/id/draft-fossati-tls-attestation-08.html#section-9.1
[3]
https://hannestschofenig.github.io/exported-attestation/draft-fossati-rats-exported-attestation.html
--
Regards,
Alicja Kario
Principal Quality Engineer, RHEL Crypto team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00, Brno, Czech Republic
_______________________________________________
TLS mailing list -- tls@ietf.org
To unsubscribe send an email to tls-le...@ietf.org
