I need access to peer_identity and handshake_data, and export_keying_material fns of the quinn::Connection to run some security assertions in the WebTransport handler, but I figured this low-level access could simpler be provided by exposing the whole quinn::Connection with the corresponding feature-flag enabled.
To provide some additional context: we want to tie the transport security to an AMD SEV-SNP attestation report.
For that, we'd want to use key material exports and pass them into the attestation reports alongside our own nonces.
The WebTransport-specific spec for this is still underway, but we can already use it at the QUIC level via quinn implementation.
You might want to implement WebTransport TLS Keying Material Exporter at wtransport too - I created https://github.com/BiagioFesta/wtransport/issues/155.
I need access to
peer_identity
andhandshake_data
, andexport_keying_material
fns of thequinn::Connection
to run some security assertions in the WebTransport handler, but I figured this low-level access could simpler be provided by exposing the wholequinn::Connection
with the corresponding feature-flag enabled.To provide some additional context: we want to tie the transport security to an AMD SEV-SNP attestation report.
See AMD SEV SNP spec for more info.
For that, we'd want to use key material exports and pass them into the attestation reports alongside our own nonces. The WebTransport-specific spec for this is still underway, but we can already use it at the QUIC level via
quinn
implementation. You might want to implement WebTransport TLS Keying Material Exporter atwtransport
too - I created https://github.com/BiagioFesta/wtransport/issues/155.