Hi Thom,I agree with everything you said, except for one. Clarifying question inline for that:
On 18.11.25 10:26, Thom Wiggers wrote:
Main Secrets are not intended to be extracted from the TLS state machine. They have no user value. HSMs or TEE should not be involved with them.
I assume by Main Secrets, you mean the Main Secret and keys derived from it. So I am not sure why TEE should not be involved with Main Secret and its derivatives. One could have the whole network stack within the TEE, no? If the TEE does not protect the Main Secret, then what's the benefit of using TEE?
-Usama
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
