* What is the "long-term identity" of the CC workload? How is "long-term identity" assigned to the CC workload? Which entity supplies this "long-term identity"? How is that "Identity Supplier" trusted? * How is CA-certified Long-Term Key (LTK) injected in the CC workload in the first place? Which entity generates the LTK and how is that entity trusted? * Can Cloud Service Provider (CSP) /really/ be out of Trusted Computing Base (TCB)? * What does "freshness" mean for highly dynamic and long-lived workloads? * Does RATS Background-check model further complicates the problem rather than solving it? In other words, how to verify the Verifier?
[1] https://datatracker.ietf.org/meeting/interim-2025-rats-01/materials/slides-interim-2025-rats-01-sessa-identity-crisis-in-attested-tls-for-confidential-computing-01.pdf
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
