IETF Logo Mail Archive

I-D Action: draft-ietf-lamps-csr-attestation-08.txt

internet-drafts@ietf.org Fri, 01 March 2024 15:28 UTC

Return-Path: <internet-drafts@ietf.org>
X-Original-To: i-d-announce@ietf.org
Delivered-To: i-d-announce@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 01170C14F5F5; Fri, 1 Mar 2024 07:28:43 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
Cc: spasm@ietf.org
Subject: I-D Action: draft-ietf-lamps-csr-attestation-08.txt
X-Test-IDTracker: no
X-IETF-IDTracker: 12.6.1
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: spasm@ietf.org
Message-ID: <170930692298.22107.13440631813938432265@ietfa.amsl.com>
Date: Fri, 01 Mar 2024 07:28:43 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/i-d-announce/S4HtIpKkbqZj4BuEugUy9EBSq5s>
X-BeenThere: i-d-announce@ietf.org
X-Mailman-Version: 2.1.39
List-Id: Internet Draft Announcements only <i-d-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i-d-announce>, <mailto:i-d-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i-d-announce/>
List-Post: <mailto:i-d-announce@ietf.org>
List-Help: <mailto:i-d-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i-d-announce>, <mailto:i-d-announce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Mar 2024 15:28:43 -0000

Internet-Draft draft-ietf-lamps-csr-attestation-08.txt is now available. It is
a work item of the Limited Additional Mechanisms for PKIX and SMIME (LAMPS) WG
of the IETF.

   Title:   Use of Remote Attestation with Certificate Signing Requests
   Authors: Mike Ounsworth
            Hannes Tschofenig
            Henk Birkholz
   Name:    draft-ietf-lamps-csr-attestation-08.txt
   Pages:   34
   Dates:   2024-03-01

Abstract:

   A PKI end entity requesting a certificate from a Certification
   Authority (CA) may wish to offer believable claims about the
   protections afforded to the corresponding private key, such as
   whether the private key resides on a hardware security module or the
   protection capabilities provided by the hardware.

   This document defines a new PKCS#10 attribute attr-evidence and CRMF
   extension ext-evidence that allows placing any Evidence data, in any
   pre-existing format, along with any certificates needed to validate
   it, into a PKCS#10 or CRMF CSR.

   Including Evidence along with a CSR can help to improve the
   assessment of the security posture for the private key, and the
   trustworthiness properties of the submitted key to the requested
   certificate profile.  These Evidence Claims can include information
   about the hardware component's manufacturer, the version of installed
   or running firmware, the version of software installed or running in
   layers above the firmware, or the presence of hardware components
   providing specific protection capabilities or shielded locations
   (e.g., to protect keys).

The IETF datatracker status page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-lamps-csr-attestation/

There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-ietf-lamps-csr-attestation-08.html

A diff from the previous version is available at:
https://author-tools.ietf.org/iddiff?url2=draft-ietf-lamps-csr-attestation-08

Internet-Drafts are also available by rsync at:
rsync.ietf.org::internet-drafts

v2.23.0 | Report a Bug | By Email