CONCEPT Cited by 1 source

RA-TLS (Remote Attestation + TLS)¶

Definition¶

RA-TLS is the composition in which a TLS handshake carries (or piggybacks) a fresh remote attestation of the server TEE's binary digest + instance identity, and the client refuses to complete the handshake — and therefore refuses to release session key material — unless the attestation verifies against a known-good policy (typically a published binary-digest ledger).

The effect: the TLS session is bound to a specific binary running inside a genuine TEE, not just a server with a valid X.509 certificate. A compromised or swapped binary — even one holding the legitimate X.509 cert — fails the attestation check, and the client walks away.

Why the composition matters¶

Plain TLS binds a session to a server identity (the certificate's subject). But server identity is not the same as what code is running: a malicious operator with a valid cert can run a modified binary that exfiltrates plaintext. RA-TLS binds the session to server identity AND attested binary measurement, at the same handshake, so the operator cannot silently substitute a different image.

For server-side AI inference over E2EE data — where the client is effectively extending its trust boundary onto the server — this binding is load-bearing. Without it, the user's trust assumption reduces to "Meta promises it runs the right binary"; with it, the client mechanically verifies which binary is running before the ephemeral key is released.

Canonical wiki instance: WhatsApp Private Processing¶

The 2025-04-30 Meta post describes RA-TLS verbatim as the application session step, phase 4 of the six-phase flow:

"Private Processing establishes a Remote Attestation + Transport Layer Security (RA-TLS) session between the user's device and the TEE. The attestation verification step cross-checks the measurements against a third-party ledger to ensure that the client only connects to code which satisfies our verifiable transparency guarantee."

CVM-to-CVM communication inside Private Processing reuses the same RA-TLS primitive: "CVMs may communicate with other CVMs using the same RA-TLS connection clients use to complete processing." — meaning the inter-CVM trust boundary is also attested, not just the client ↔ CVM step.

Relationship to attestation before session key release¶

RA-TLS is the wire-protocol realisation of the patterns/attestation-before-session-key-release architectural pattern. The pattern describes the gate (don't release a key until attestation verifies); RA-TLS describes the composition (the gate lives inside the TLS handshake itself, so no higher-level app logic has to remember to check).

Seen in¶

sources/2025-04-30-meta-building-private-processing-for-ai-tools-on-whatsapp — named as the application-session-establishment primitive for Private Processing, and reused for CVM-to-CVM traffic. Canonical wiki instance.

concepts/remote-attestation — the hardware-rooted primitive RA-TLS composes with TLS.
concepts/trusted-execution-environment — the side being attested.
concepts/verifiable-transparency-log — the policy source RA-TLS's verifier checks against.
concepts/confidential-computing — the broader posture.
systems/cvm-confidential-virtual-machine, systems/whatsapp-private-processing.
patterns/attestation-before-session-key-release — the architectural pattern.