I need access to peer_identity and handshake_data, and export_keying_material fns of the quinn::Connection to run some security assertions in the WebTransport handler, but I figured this low-level access could simpler be provided by exposing the whole quinn::Connection with the corresponding feature-flag enabled.
To provide some additional context: we want to tie the transport security to an AMD SEV-SNP attestation report.
For that, we'd want to use key material exports and pass them into the attestation reports alongside our own nonces.
The WebTransport-specific spec for this is still underway, but we can already use it at the QUIC level via quinn implementation.
You might want to implement WebTransport TLS Keying Material Exporter at wtransport too - I created https://github.com/BiagioFesta/wtransport/issues/155.
I need access to
peer_identityandhandshake_data, andexport_keying_materialfns of thequinn::Connectionto run some security assertions in the WebTransport handler, but I figured this low-level access could simpler be provided by exposing the wholequinn::Connectionwith the corresponding feature-flag enabled.To provide some additional context: we want to tie the transport security to an AMD SEV-SNP attestation report.
See AMD SEV SNP spec for more info.
For that, we'd want to use key material exports and pass them into the attestation reports alongside our own nonces. The WebTransport-specific spec for this is still underway, but we can already use it at the QUIC level via
quinnimplementation. You might want to implement WebTransport TLS Keying Material Exporter atwtransporttoo - I created https://github.com/BiagioFesta/wtransport/issues/155.