Where can a TA add attestation or trust signals in a TLS session?

Attestation and trust signals are addressed as part of establishing trust in the TLS session and can remain bound to the session after it’s established. The handshake is where identity is proven through certificates, the chain is validated, and the cryptographic keys for the session are created. Within this phase you can attach attestation data or trust signals to the session itself—by binding attestation to the session state, or by including proofs via extensions—so the established channel carries that trust context. Once the session is up and running, those signals aren’t lost; you continue to rely on them by rechecking the peer’s certificate chain, applying pinning if needed, and you can exchange additional attestation information in application data or through supported post-handshake mechanisms. This capability exists across TLS versions, not just in TLS 1.3, so it isn’t limited to a particular version.