Brussels / 3 & 4 February 2024


Increasing Trust and Preserving Privacy: Advancing Remote Attestation

The growing trend towards confidential computing has presented a significant challenge: making remote attestation, a crucial technology for establishing trust in confidential workloads, easily accessible to application developers. Ideally, leveraging the added transparency and security guarantees of attestation as an authentication mechanism should be simple. However, the current ecosystem often requires engineers to integrate remote attestation at the application layer of the network stack. This task is not only burdensome, diverting attention from core business logic, but also poses privacy risks. Developers are compelled to navigate a complex maze of security protocols, with the ever-present danger of accidentally exposing sensitive information about the devices running these workloads.

Developing secure and easy-to-use building blocks requires a collaborative effort between the open-source and standards communities. The IETF is working on various specifications, which are being complemented by prototypes and formal verification of innovative features. Several Internet protocols, such as TLS, OAuth, ACME, Netconf, and CSR/EST, are already incorporating attestation, and others will follow. A key focus of our work is to integrate privacy-preserving techniques that can mitigate the risks inherent in remote attestation, ensuring that this crucial technology can be utilized in a manner that is both user-friendly and privacy-conscious.

In this presentation, we aim to provide a comprehensive overview of the current standardization and open-source implementation initiatives. The goal is to make it easier for the broader community to access and engage in this new development, which is crucial for the advancement of the remote attestation infrastructure in general and the utilization of confidential computing in particular.


Ionut Mihalcea
Thomas Fossati