I-D Action: draft-ietf-lamps-csr-attestation-08.txt
internet-drafts@ietf.org Fri, 01 March 2024 15:28 UTC
Return-Path: <internet-drafts@ietf.org>
X-Original-To: i-d-announce@ietf.org
Delivered-To: i-d-announce@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 01170C14F5F5; Fri, 1 Mar 2024 07:28:43 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
Cc: spasm@ietf.org
Subject: I-D Action: draft-ietf-lamps-csr-attestation-08.txt
X-Test-IDTracker: no
X-IETF-IDTracker: 12.6.1
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: spasm@ietf.org
Message-ID: <170930692298.22107.13440631813938432265@ietfa.amsl.com>
Date: Fri, 01 Mar 2024 07:28:43 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/i-d-announce/S4HtIpKkbqZj4BuEugUy9EBSq5s>
X-BeenThere: i-d-announce@ietf.org
X-Mailman-Version: 2.1.39
List-Id: Internet Draft Announcements only <i-d-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i-d-announce>, <mailto:i-d-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i-d-announce/>
List-Post: <mailto:i-d-announce@ietf.org>
List-Help: <mailto:i-d-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i-d-announce>, <mailto:i-d-announce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Mar 2024 15:28:43 -0000
Internet-Draft draft-ietf-lamps-csr-attestation-08.txt is now available. It is a work item of the Limited Additional Mechanisms for PKIX and SMIME (LAMPS) WG of the IETF. Title: Use of Remote Attestation with Certificate Signing Requests Authors: Mike Ounsworth Hannes Tschofenig Henk Birkholz Name: draft-ietf-lamps-csr-attestation-08.txt Pages: 34 Dates: 2024-03-01 Abstract: A PKI end entity requesting a certificate from a Certification Authority (CA) may wish to offer believable claims about the protections afforded to the corresponding private key, such as whether the private key resides on a hardware security module or the protection capabilities provided by the hardware. This document defines a new PKCS#10 attribute attr-evidence and CRMF extension ext-evidence that allows placing any Evidence data, in any pre-existing format, along with any certificates needed to validate it, into a PKCS#10 or CRMF CSR. Including Evidence along with a CSR can help to improve the assessment of the security posture for the private key, and the trustworthiness properties of the submitted key to the requested certificate profile. These Evidence Claims can include information about the hardware component's manufacturer, the version of installed or running firmware, the version of software installed or running in layers above the firmware, or the presence of hardware components providing specific protection capabilities or shielded locations (e.g., to protect keys). The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-lamps-csr-attestation/ There is also an HTML version available at: https://www.ietf.org/archive/id/draft-ietf-lamps-csr-attestation-08.html A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-lamps-csr-attestation-08 Internet-Drafts are also available by rsync at: rsync.ietf.org::internet-drafts
- I-D Action: draft-ietf-lamps-csr-attestation-08.t… internet-drafts