IETF Logo Mail Archive

Re: [Acme] [EXTERNAL] Re: acme-device-attest expired

Mike Ounsworth <Mike.Ounsworth@entrust.com> Fri, 23 February 2024 17:56 UTC

Return-Path: <Mike.Ounsworth@entrust.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D6F32C14F5FE; Fri, 23 Feb 2024 09:56:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=entrust.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PqwZkTQxVRr4; Fri, 23 Feb 2024 09:56:32 -0800 (PST)
Received: from mx07-0015a003.pphosted.com (mx07-0015a003.pphosted.com [185.132.183.227]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AA0D6C14F690; Fri, 23 Feb 2024 09:56:12 -0800 (PST)
Received: from pps.filterd (m0242864.ppops.net [127.0.0.1]) by mx08-0015a003.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 41NE0YdM008063; Fri, 23 Feb 2024 11:56:01 -0600
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=entrust.com; h= from:to:cc:subject:date:message-id:references:in-reply-to :content-type:mime-version; s=mail1; bh=uCYwzLR8GxfYnMi9ecYla80H 9zq0kCYsvM1zMyppK9Y=; b=LRt9qsJMRZ4vO6oVDSC1ITH8wps1/QLspHw4+X4w nEsTLcS9mDpY/8hupHtUfk03P+weFziTGHR+fo0gHQWAShyOW1snILaswaeEe58n JGDAHuBn6ekohYFyljDtlYWBktW5mN2j7x2GP+neg7MWXUD635UTiTlX09eg8v9t 3NQ38Fao/KhX5jt/3TPH39YdVZVjjU7hFYmgws5JAPzEp/3zi1/Kov6goi/NTx/G IWxOdFr/vz/REkYy95ow59QB0IjWZCv5u+ccYR1dp/KYoe42JLk+lwEp7HGlKWN3 6pyc5TIkp859/ooGYTM/9VzoWeZvPeb2embrp+XdfnuVVA==
Received: from nam10-dm6-obe.outbound.protection.outlook.com (mail-dm6nam10lp2100.outbound.protection.outlook.com [104.47.58.100]) by mx08-0015a003.pphosted.com (PPS) with ESMTPS id 3wd200507f-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 23 Feb 2024 11:56:00 -0600 (CST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hicTMp0ohet68akkBaOQ97v9AJVc1zQlFB40oH08wtTkO068lFCSBINd5nC39eksHNVoW2Gsi9LU5AI69Z3jGkxKaSOeiYPKjhu+AJZWLb253mCodNZEJvRDUVQgC0hmNNKIj1TaO3RayTIFLvfEX4P8UIp3Wx4C+BAY3m2jdfxQ3Q/Yw3Us3MRIjLpfaWRrigwV8tLWdDV/JiWuJn3eTy2zDxFJqY+TcYbMELhNUum9G/mdiYiano/HNmKguv4uBdq2OkQeg9j0ixEZ3aeT0M7WeJI4+0iVvfE4DHAGi74kbhODCHFyXbTrMhcRXppcXK0RtNbS1O1em+XSiEY1nQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=OLV8Q98YOisASoIp+EKMn5/NGfH5U/PluVaYjdKvnFw=; b=ZIHGYfcrc71rC+SM17L9ENfhu3lLUha2qQk6NkaRq1N9oVfHklkV+X1XQpDvhzlQzmZNIGcV0OfzPgcSMG+AMUlnFDJS3atW4HDOI85diSuJYJ7ts9K6O18d9klpzo5HOwXEXkTDC4/bKHb1qld2gPLVOftReotEnXbbwm/RHfaox50gDPwL7uXx1Y5oTGOfYCBoygSYnlo2eNSp+v8kKWvFVlwoCErDNoN6XbsdNQ98DqiL85ETTqtD54LprnvxZem4m5IaFZn+5rkQ1aQ/qNF6x07SnTwD1KXE4W1liyINxOwNFxDZNQITnTgPIMn8t2pKTjkn2sQIyWCEPx4uRA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=entrust.com; dmarc=pass action=none header.from=entrust.com; dkim=pass header.d=entrust.com; arc=none
Received: from CH0PR11MB5739.namprd11.prod.outlook.com (2603:10b6:610:100::20) by CH0PR11MB8141.namprd11.prod.outlook.com (2603:10b6:610:18a::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7339.10; Fri, 23 Feb 2024 17:55:54 +0000
Received: from CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::e3f0:78e1:48fc:8a03]) by CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::e3f0:78e1:48fc:8a03%3]) with mapi id 15.20.7339.007; Fri, 23 Feb 2024 17:55:54 +0000
From: Mike Ounsworth <Mike.Ounsworth@entrust.com>
To: Brandon Weeks <bweeks=40google.com@dmarc.ietf.org>, Prachi Jain <prachi.jain1288@gmail.com>
CC: Mike Malone <mike@smallstep.com>, Deb Cooley <debcooley1@gmail.com>, Thomas Fossati <tho.ietf@gmail.com>, "acme@ietf.org" <acme@ietf.org>, "draft-acme-device-attest.authors@ietf.org" <draft-acme-device-attest.authors@ietf.org>
Thread-Topic: [Acme] [EXTERNAL] Re: acme-device-attest expired
Thread-Index: AQHaZdI5TaNGtZd3EEG20qQZEAG0B7EW50OAgAAJIYCAAUC1EIAABVtg
Date: Fri, 23 Feb 2024 17:55:53 +0000
Message-ID: <CH0PR11MB5739A0BE8758D8B08B2D0F699F552@CH0PR11MB5739.namprd11.prod.outlook.com>
References: <CAObGJnMnuZu6St4zZT27jgq6OnR6aSdCUy9RS_m-C0Fv1ta-nQ@mail.gmail.com> <CAA1-vB3tom_rEqSc+P7oQfNeYvKwPdp8mzVNKZrj+QSTW6tiAQ@mail.gmail.com> <CAGgd1Oe0U=WQPsgYQ76X4-bTkesPAd4ezPzLPEJf=gYO-qmLNQ@mail.gmail.com> <CAA1-vB184w6DVaxrD1dZCcaTJc9W_1D6Jv-cBGp1sVcZvDckiQ@mail.gmail.com> <CH0PR11MB5739186FCEF7D97A61D47EDD9F562@CH0PR11MB5739.namprd11.prod.outlook.com> <CAOEiZmHyrZZD3jqQtdNiYyxkLeCYjELRf4Mb5dhk2_m5Cnh2Tw@mail.gmail.com> <CAA1-vB0FAjjZ8qZCSw=+jnex4p_kM=LPYaWR1XMBGQZ_U-BAiQ@mail.gmail.com> <CAP+ZhPb3t9+BpV5HEWwJFMxAfvw2HRa3=XL9kQvG8EJGq4aY9g@mail.gmail.com> <CH0PR11MB5739D31D3FE472A6B9ED38869F552@CH0PR11MB5739.namprd11.prod.outlook.com>
In-Reply-To: <CH0PR11MB5739D31D3FE472A6B9ED38869F552@CH0PR11MB5739.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-Mentions: bweeks=40google.com@dmarc.ietf.org
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CH0PR11MB5739:EE_|CH0PR11MB8141:EE_
x-ms-office365-filtering-correlation-id: 011e8c65-a980-4839-49ca-08dc3498ae16
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: olfSrWVOuIt0U9m23RmnW339OmQ6ReqI6IkPJIQaSvJN8s2NRxarr7l6BtAQ9Ej3QvODbNOOGj+geOshlFo17WNk57p6g1tZwmYoDzEg1Yxh/i7HNUdK6/3NBI70+UTvafUgLySuVDwuk/Sun+vNLjh29GIveqm/1HeT1cbxKnSGgX2te9baSvZmrlF8mP7Fz5SzE1fIGsnqyeGOBRm5Lg0ACkDA32TgMwLWRTdJHEJYueZdByHkkbWW7UQDNUk5ZM3iU++gSKsP5bGO2fYwXr3lECpmhR0isX2ov8ZKNIYyNqUlODNimsLVrrlUN3Tp0P0XhqPXTqDqGLjOnc32OiHcTRnDVANfZg4fbDUZMwqqFC7QAyrJzVQH603kNuXePNZWWell2n9Keou95ljZp0Q9q07vt3orySBFT+EBavH8Qk/IyF71orLGfxX4mzxLR0AjEnxA8jV8NLb7j3fXf9dqgMXocmTWtC3bItmhAlaOyGixyWQVr9H2u1PvB06TBHSLINEIYXshEtoCrn0DhT/2DCRxYipkLTaGOP/sA0Uwba2gOJNr843FCryGoQ0TOHgqRimkcyc94Ukbx+S5fBLAKML6fma4glMGKJ7gqck=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH0PR11MB5739.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(230273577357003)(38070700009); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: Z/r+0r/kTNEkvEuzPy0kKsjCqBWdbMkdJL31QNV+SdP447PB4xjpWjGDBFgvV/tRTmIORKhKfoefaYrf7Y+L9vvx0c7Fb2wX2d9SjUIQXrdd88xTY80xAmriG32vmz18e550he0VbLTIN5lco0tUihbgClfYIiilkiIwZ4THrQw3ZdtIWpo6ujnYMliFQqVAIDW8ds0Z6SlNm3GnDCOygHkjYsNUS+aJDxmG3vmVlbdIsU5OwKCsPVU8Ah20JuNhnM8Zb9xG4IOo2y9k/5qIWd9NiuwWitysg0rzBHa9FdOij7pZgNEa55Vz4DoNao/xgICWLwFGViQklOcRx/Vl0kv+ATYhFCjvisxTXRTnBNSK65Hlr334N6ghUNp2qXP+X9Jel0871b13FMCOXSNuo7yiRNkSvgVijRhXuak1+AXbmFjMR0fy1wueE2w+REwOe80QwYQi3PsTcs7mxonLoLb3Vva4oxyuTluLX+HNbGFlZE1oj18prPKiRI5DdKhk+mkfQm1eVfr+RPv1k3j38228h8okZZ7ZipJqUt8usVrB6mzjUI8E3L6NiOmiJJn0ngkcVlliCO7oqteJlKvjLOZH51FPrCs/ePBHojlCusqP7IpYexIM86GoR1oljfNz1SEm1oGSdR6ispmcZz+ozD3qBa45WMNv5/LDslqOz9jNgqoIEb60lU4nji+rHB5aA7sQv6Do3EEgwClsZx8dyv5g2HZYTbOLPjynKCq3LAgEaqSTjQwhT5FfSMDbxhSjO33AoOqcED/+6ldweQ1Ouev9JimHSnpPZU1QQ/aWwnp246Q/gsZnpamDIENNSv3ZQrHdR3Y4eW/TIrI74DeVcm3c0GqKXoHyYPGBvgrwB8TJrn4sigznSDPufXDyiuqHzPp3k6q8C70YDjo0SjZvhdKmSEquknLbQbk32nur7AtPV6K2NYV4YPSEJymzBwL8BjneQp9v/5kXVoCpRwx6snlxWq87lRVkeVDGQp7zp9VC9YBt6TmkCaR8oW+/BHeA4dZScvNJwFH5JJlEKksw6KOEC55TQt5bo7hVCNmJ+xvoMrSov0BfF0seWQQjUeQxSch2YEizEGwWpd63jWG8Pzq1o8hPmQRIxwOHNSwn9boes6LqrwP2lCeXJCeYrqfK91/e+rV1GNMZ17yWub4o1tnHAYFxRbhEhWex7C8WiGhNzHRi+/7Pd0KVnJXMKa+e8Wqxbbocelfdbkvrwk2FvDpGtpuyQA7zaNJwxbXY2yGJ/Ukx33wOU4zAoOsVfu/DREoUE744QSrbCMVw78pctXC7YWohuiyHhjR+37g8FnKiZDcpDQYv5HmmnHrykcL39CamvGu+dKWHz4rWpQ53Za0puOVauIz9xNofI2EWl0kO48xkgiFejzWGVFJ3yk67b7DmR4E3c+hR9zInlFEOu0P74I7yT47bKTlyrvmYuRnf5pLWWJWRaPBiIbs9NAcAc9ru1pczahy+CrqtNyI/uP0sfU+hQjmQgC4NqqxuLUI7xZmadi7d8v5UiUgUXk+ybzcL2xD/iNLT7sMJLANUYimuJLxtTHXDbD2kox//22MPK25M19FbYCd3/r64HMnf/7cdMJtSC1H3mUbSTGrjTg==
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="2.16.840.1.101.3.4.2.1"; boundary="----=_NextPart_000_01CC_01DA664F.3FE9FE00"
MIME-Version: 1.0
X-OriginatorOrg: entrust.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH0PR11MB5739.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 011e8c65-a980-4839-49ca-08dc3498ae16
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Feb 2024 17:55:54.0060 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f46cf439-27ef-4acf-a800-15072bb7ddc1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: QOwa5S0OuT4oxJ5Wb7WYfazIQEKuMRkK7s9VV4kcQ2h20uRISXSEkmlMpr+nqM8CNCuJu/A0Wrw3y3aatN4ENRNIgoRYgTptst8H7/18jFc=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH0PR11MB8141
X-Proofpoint-ORIG-GUID: UCDNIGPLWcnRGbyPpA61P1Qs977Dk3U_
X-Proofpoint-GUID: UCDNIGPLWcnRGbyPpA61P1Qs977Dk3U_
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-02-23_04,2024-02-23_01,2023-05-22_02
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 adultscore=0 lowpriorityscore=0 spamscore=0 impostorscore=0 priorityscore=1501 mlxscore=0 clxscore=1015 mlxlogscore=999 phishscore=0 malwarescore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2402120000 definitions=main-2402230132
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/gwYR_tTGcz8yKcgCI81bdjplCEk>
Subject: Re: [Acme] [EXTERNAL] Re: acme-device-attest expired
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Feb 2024 17:56:36 -0000

 <mailto:bweeks=40google.com@dmarc.ietf.org> @Brandon Weeks – I wonder if acme-device-attest-01 could be broadened so that “attObj” is allowed to contain evidence other than WebAuthn – ie make WebAuthn an example rather than normative? I would suggest listing “EvidenceBundles” from draft-ietf-lamps-csr-attestation, and RATS ConceptualMessageWrapper from draft-ietf-rats-msg-wrap as other valid examples.

 

---

Mike Ounsworth

 

From: Mike Ounsworth 
Sent: Friday, February 23, 2024 11:48 AM
To: Brandon Weeks <bweeks=40google.com@dmarc.ietf.org>; Prachi Jain <prachi.jain1288@gmail.com>
Cc: Mike Malone <mike@smallstep.com>; Deb Cooley <debcooley1@gmail.com>; Thomas Fossati <tho.ietf@gmail.com>; acme@ietf.org; draft-acme-device-attest.authors@ietf.org
Subject: RE: [Acme] [EXTERNAL] Re: acme-device-attest expired

 

Here’s my 5-minute side-by-side of the two drafts.

 

draft-ietf-lamps-csr-attestation:

 

- whatever evidence blob your device can produce, stick it as an OCTET STRING (or whatever other ASN.1 type) inside a new CSR attribute called id-aa-evidence.

- Any cert chains required to validate the evidence blob also go inside id-aa-evidence.

- It’s the CA’s job to find a verifier that can parse whatever evidence data you gave it.

- Was written under the full generality of the RATS Architecture.

 

 

 

draft-acme-device-attest:

 

- Defines new SANs for use in CSRs: “permanent-identifier” and “hardware-module”.

- Defines a new ACME Challenge “device-attest-01”

- Expects the returned Evidence data to be in WebAuthn format.

"payload": base64url({

    "attObj": base64url(/* WebAuthn attestation object */)

- Was written specifically for Android, Chrome, and TPM attestations in WebAuthn format.

 

 

 

My first impression is that we should continue with both in parallel and not try to combine them.

 

lamps-csr-attest is more general in that it applies to things that are not WebAuthn, and will work anywhere that accepts CSRs.

acme-attest allows the client to send a cert req, and then the CA to decide whether or not to challenge for an attestation. It also has invested implementors.

 

---

Mike Ounsworth

 

From: Brandon Weeks <bweeks=40google.com@dmarc.ietf.org <mailto:bweeks=40google.com@dmarc.ietf.org> > 
Sent: Thursday, February 22, 2024 4:25 PM
To: Prachi Jain <prachi.jain1288@gmail.com <mailto:prachi.jain1288@gmail.com> >
Cc: Mike Malone <mike@smallstep.com <mailto:mike@smallstep.com> >; Mike Ounsworth <Mike.Ounsworth@entrust.com <mailto:Mike.Ounsworth@entrust.com> >; Deb Cooley <debcooley1@gmail.com <mailto:debcooley1@gmail.com> >; Thomas Fossati <tho.ietf@gmail.com <mailto:tho.ietf@gmail.com> >; acme@ietf.org <mailto:acme@ietf.org> ; draft-acme-device-attest.authors@ietf.org <mailto:draft-acme-device-attest.authors@ietf.org> 
Subject: Re: [Acme] [EXTERNAL] Re: acme-device-attest expired

 

Apologies for letting the draft expire. I've recently switched roles within Google and have been busy ramping up. My new team is responsible for Android Key Attestation[0], one of the attestation schemes included in the draft, which hopefully 



Apologies for letting the draft expire. I've recently switched roles
within Google and have been busy ramping up. My new team is
responsible for Android Key Attestation[0], one of the attestation
schemes included in the draft, which hopefully allows me to build a
production implementation of the draft.
 
I've incorporated one change from Thomas and updated the draft to version 2[1].
 
There hasn’t been much feedback on the draft during the ACME sessions
or on the mailing list, especially from implementers, so I’m really
excited to see all of the interest on this thread. I’d be more than
happy to incorporate any feedback received and present at IETF 120. If
reviewing the draft in a meeting would be helpful, please reach out to
me directly and I’d be happy to schedule time.
 
Thanks,
Brandon
 
[0] https://urldefense.com/v3/__https://developer.android.com/privacy-and-security/security-key-attestation__;!!FJ-Y8qCqXTj2!fu3SxMuwGtSlmeB62k3eNjvoS8g2HzC3XbRtn17d7Pf0WzL9Sze1JAQxH2FFJRr0gDTLP9ymFYYHCL6CLLTTf2oFs7yem9PC1YNe$ <https://urldefense.com/v3/__https:/developer.android.com/privacy-and-security/security-key-attestation__;!!FJ-Y8qCqXTj2!fu3SxMuwGtSlmeB62k3eNjvoS8g2HzC3XbRtn17d7Pf0WzL9Sze1JAQxH2FFJRr0gDTLP9ymFYYHCL6CLLTTf2oFs7yem9PC1YNe$> 
[1] https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-acme-device-attest/02/__;!!FJ-Y8qCqXTj2!fu3SxMuwGtSlmeB62k3eNjvoS8g2HzC3XbRtn17d7Pf0WzL9Sze1JAQxH2FFJRr0gDTLP9ymFYYHCL6CLLTTf2oFs7yem6-cnbGh$ <https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/draft-acme-device-attest/02/__;!!FJ-Y8qCqXTj2!fu3SxMuwGtSlmeB62k3eNjvoS8g2HzC3XbRtn17d7Pf0WzL9Sze1JAQxH2FFJRr0gDTLP9ymFYYHCL6CLLTTf2oFs7yem6-cnbGh$> 
 
 
On Thu, Feb 22, 2024 at 1:53 PM Prachi Jain <prachi.jain1288@gmail.com <mailto:prachi.jain1288@gmail.com> > wrote:
> 
> I plan to do a POC using this draft and potentially implement it based on the results. Thus very motivated to get this past the finish line.
> 
> @Mike Ounsworth, I haven't read draft-ietf-lamps-csr-attestation yet so I am going to give it a read and come back with my thoughts.
> 
> On Thu, Feb 22, 2024 at 3:00 PM Mike Malone <mike@smallstep.com <mailto:mike@smallstep.com> > wrote:
>> 
>> It's worth noting that Apple has already implemented this draft on macOS, iOS, iPadOS, and tvOS[1]. We've implemented the server side at Smallstep and can confirm that there is adoption. That shouldn't stop the evolution of this draft, of course, but could help inform it. Adoption is promising and it would be unfortunate to see this die at draft.
>> 
>> We don't have any experienced IETF authors here -- not sure what that entails -- but we are very interested in the outcome here and would be happy to help however we can. To start, I've shared this with a few contacts that I know will also be interested.
>> 
>> Mike
>> 
>> [1] https://urldefense.com/v3/__https://support.apple.com/lt-lt/guide/deployment/dep28afbde6a/web__;!!FJ-Y8qCqXTj2!fu3SxMuwGtSlmeB62k3eNjvoS8g2HzC3XbRtn17d7Pf0WzL9Sze1JAQxH2FFJRr0gDTLP9ymFYYHCL6CLLTTf2oFs7yem_caMV21$ <https://urldefense.com/v3/__https:/support.apple.com/lt-lt/guide/deployment/dep28afbde6a/web__;!!FJ-Y8qCqXTj2!fu3SxMuwGtSlmeB62k3eNjvoS8g2HzC3XbRtn17d7Pf0WzL9Sze1JAQxH2FFJRr0gDTLP9ymFYYHCL6CLLTTf2oFs7yem_caMV21$> 
>> 
>> On Thu, Feb 22, 2024 at 12:21 PM Mike Ounsworth <Mike.Ounsworth=40entrust.com@dmarc.ietf.org <mailto:Mike.Ounsworth=40entrust.com@dmarc.ietf.org> > wrote:
>>> 
>>> At the risk of adding another draft to my plate, I am the lead author on draft-ietf-lamps-csr-attestation, so I suppose it is reasonable for me to volunteer to work on this one also.
>>> 
>>> 
>>> 
>>> I wonder if the design of acme-device-attest should change in light of the existence of draft-ietf-lamps-csr-attestation? But I admit to not having read acme-device-attest in a while :/
>>> 
>>> 
>>> 
>>> ---
>>> 
>>> Mike Ounsworth
>>> 
>>> 
>>> 
>>> From: Acme <acme-bounces@ietf.org <mailto:acme-bounces@ietf.org> > On Behalf Of Prachi Jain
>>> Sent: Thursday, February 22, 2024 6:03 AM
>>> To: Deb Cooley <debcooley1@gmail.com <mailto:debcooley1@gmail.com> >
>>> Cc: Thomas Fossati <tho.ietf@gmail.com <mailto:tho.ietf@gmail.com> >; acme@ietf.org <mailto:acme@ietf.org> ; draft-acme-device-attest.authors@ietf.org <mailto:draft-acme-device-attest.authors@ietf.org> 
>>> Subject: [EXTERNAL] Re: [Acme] acme-device-attest expired
>>> 
>>> 
>>> 
>>> Thank you for the update, Deb. I am more than willing to work as an author on this draft and help out :) On Thu, Feb 22, 2024 at 5: 28 AM Deb Cooley <debcooley1@ gmail. com> wrote: I know Brandon has been busy, but I don't know his plans
>>> 
>>> Thank you for the update, Deb.
>>> 
>>> 
>>> 
>>> I am more than willing to work as an author on this draft and help out :)
>>> 
>>> 
>>> 
>>> On Thu, Feb 22, 2024 at 5:28 AM Deb Cooley <debcooley1@gmail.com <mailto:debcooley1@gmail.com> > wrote:
>>> 
>>> I know Brandon has been busy, but I don't know his plans for this draft.  Maybe his use case has changed?  I've cc'd him on this message.
>>> 
>>> 
>>> 
>>> Note:  acme is a 'working group', to get a draft through the process people have to be willing to work on the draft (vice merely following).  Also drafts can certainly have multiple authors, perhaps an offer of helping as an author might work.
>>> 
>>> 
>>> 
>>> Deb
>>> 
>>> 
>>> 
>>> On Tue, Feb 20, 2024 at 11:01 AM Prachi Jain <prachi.jain1288@gmail.com <mailto:prachi.jain1288@gmail.com> > wrote:
>>> 
>>> Hello,
>>> 
>>> I have been closely following this document as well and would like to know the status of the same.
>>> 
>>> Thanks,
>>> Prachi
>>> 
>>> 
>>> 
>>> On Sun, Feb 18, 2024 at 1:57 AM Thomas Fossati <tho.ietf@gmail.com <mailto:tho.ietf@gmail.com> > wrote:
>>> 
>>> Hi, all,
>>> 
>>> The acme-device-attest draft is expired.
>>> 
>>> Just checking: what are the plans?
>>> 
>>> cheers, thanks!
>>> 
>>> _______________________________________________
>>> Acme mailing list
>>> Acme@ietf.org <mailto:Acme@ietf.org> 
>>> https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/acme__;!!FJ-Y8qCqXTj2!fu3SxMuwGtSlmeB62k3eNjvoS8g2HzC3XbRtn17d7Pf0WzL9Sze1JAQxH2FFJRr0gDTLP9ymFYYHCL6CLLTTf2oFs7yem67ft2Ds$ <https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/acme__;!!FJ-Y8qCqXTj2!fu3SxMuwGtSlmeB62k3eNjvoS8g2HzC3XbRtn17d7Pf0WzL9Sze1JAQxH2FFJRr0gDTLP9ymFYYHCL6CLLTTf2oFs7yem67ft2Ds$> 
>>> 
>>> _______________________________________________
>>> Acme mailing list
>>> Acme@ietf.org <mailto:Acme@ietf.org> 
>>> https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/acme__;!!FJ-Y8qCqXTj2!fu3SxMuwGtSlmeB62k3eNjvoS8g2HzC3XbRtn17d7Pf0WzL9Sze1JAQxH2FFJRr0gDTLP9ymFYYHCL6CLLTTf2oFs7yem67ft2Ds$ <https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/acme__;!!FJ-Y8qCqXTj2!fu3SxMuwGtSlmeB62k3eNjvoS8g2HzC3XbRtn17d7Pf0WzL9Sze1JAQxH2FFJRr0gDTLP9ymFYYHCL6CLLTTf2oFs7yem67ft2Ds$> 
>>> 
>>> _______________________________________________
>>> Acme mailing list
>>> Acme@ietf.org <mailto:Acme@ietf.org> 
>>> https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/acme__;!!FJ-Y8qCqXTj2!fu3SxMuwGtSlmeB62k3eNjvoS8g2HzC3XbRtn17d7Pf0WzL9Sze1JAQxH2FFJRr0gDTLP9ymFYYHCL6CLLTTf2oFs7yem67ft2Ds$ <https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/acme__;!!FJ-Y8qCqXTj2!fu3SxMuwGtSlmeB62k3eNjvoS8g2HzC3XbRtn17d7Pf0WzL9Sze1JAQxH2FFJRr0gDTLP9ymFYYHCL6CLLTTf2oFs7yem67ft2Ds$>

v2.29.0 | Report a Bug | By Email | System Status