tls-attestation / draft-tls-attestation

7 stars 1 forks source link

Assess the possibility of parallelizing computations #53

Open ionut-arm opened 6 months ago

ionut-arm commented 6 months ago

Some of the attestation-specific addons to the TLS handshake can be quite a performance drain. In order to allow some performance improvements, at least in the context of mutual authentication via attestation, one could consider approaches in which the two entities generate and verify attestation evidence in parallel.

For example, if both peers use the same channel binder and both have access to all the necessary data (encrypted extensions have been exchanged both ways), then the two can perform evidence generation in parallel, followed by the server sending its evidence in the Certificate message, and so on.

Similarly, if the client sends its evidence before starting the verification process for the server's evidence (NOTE: possible privacy issue), verification can happen in parallel.