Protocol Action: 'RATS Conceptual Messages Wrapper (CMW)' to Proposed Standard (draft-ietf-rats-msg-wrap-22.txt)
The IESG <iesg-secretary@ietf.org> Mon, 08 December 2025 17:16 UTC
Return-Path: <iesg-secretary@ietf.org>
X-Original-To: ietf-announce@ietf.org
Delivered-To: ietf-announce@mail2.ietf.org
Received: from [10.244.8.105] (unknown [4.156.85.76]) by mail2.ietf.org (Postfix) with ESMTP id 74C1C977C0F8; Mon, 8 Dec 2025 09:16:12 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Subject: Protocol Action: 'RATS Conceptual Messages Wrapper (CMW)' to Proposed Standard (draft-ietf-rats-msg-wrap-22.txt)
X-Test-IDTracker: no
X-IETF-IDTracker: 12.54.0
Auto-Submitted: auto-generated
Precedence: bulk
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Message-ID: <176521417241.951912.3270788493248993298@dt-datatracker-5bd94c585b-wk4l4>
Date: Mon, 08 Dec 2025 09:16:12 -0800
Message-ID-Hash: OB2DGGAYBG5JLLIW33JNN33HKRNYKH2K
X-Message-ID-Hash: OB2DGGAYBG5JLLIW33JNN33HKRNYKH2K
X-MailFrom: iesg-secretary@ietf.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-ietf-announce.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: The IESG <iesg@ietf.org>, draft-ietf-rats-msg-wrap@ietf.org, ionut.mihalcea@arm.com, rats-chairs@ietf.org, rats@ietf.org, rfc-editor@rfc-editor.org
X-Mailman-Version: 3.3.9rc6
List-Id: "IETF announcement list. No discussions." <ietf-announce.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-announce/rkVENwdlbyPrqh-xB87CKfPKDL8>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-announce>
List-Help: <mailto:ietf-announce-request@ietf.org?subject=help>
List-Owner: <mailto:ietf-announce-owner@ietf.org>
List-Post: <mailto:ietf-announce@ietf.org>
List-Subscribe: <mailto:ietf-announce-join@ietf.org>
List-Unsubscribe: <mailto:ietf-announce-leave@ietf.org>
The IESG has approved the following document: - 'RATS Conceptual Messages Wrapper (CMW)' (draft-ietf-rats-msg-wrap-22.txt) as Proposed Standard This document is the product of the Remote ATtestation ProcedureS Working Group. The IESG contact persons are Paul Wouters and Deb Cooley. A URL of this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-rats-msg-wrap/ Technical Summary The Conceptual Messages introduced by the RATS Architecture (RFC9334) are protocol-agnostic data units that are conveyed between RATS roles during remote attestation procedures. Conceptual Messages describe the meaning and function of such data units within RATS data flows without specifying a wire format, encoding, transport mechanism, or processing details. The initial set of Conceptual Messages is defined in Section 8 of RFC9334 and includes Evidence, Attestation Results, Endorsements, Reference Values, and Appraisal Policies. This document introduces the Conceptual Message Wrapper (CMW) that provides a common structure to encapsulate these messages. It defines a dedicated CBOR tag, corresponding JSON Web Token (JWT) and CBOR Web Token (CWT) claims, and an X.509 extension. This allows CMWs to be used in CBOR-based protocols, web APIs using JWTs and CWTs, and PKIX artifacts like X.509 certificates. Additionally, the draft defines a media type and a CoAP content format to transport CMWs over protocols like HTTP, MIME, and CoAP. The goal is to improve the interoperability and flexibility of remote attestation protocols. By introducing a shared message format like the CMW, we can consistently support different attestation message types, evolve message serialization formats without breaking compatibility, and avoid having to redefine how messages are handled in each protocol. Working Group Summary Reviews and comments were received from many WG members, coming from many backgrounds (e.g., IoT, confidential computing, PKIX) through the IETF meetings, mailing list, and GitHub, resulting in lots of progress. This feedback has brought improvements to the security and privacy considerations, the design and semantics of newly proposed data structures, accuracy and correctness of sections written in formal languages (e.g., CDDL), alignment with other dependent drafts, and so on. There is strong consensus among interested participants. Document Quality The "Implementation Status" section of the document lists two existing implementation: a Go one [Veraison-Go] and a Rust one [Veraison-Rust] which cover all the features in the draft and are currently alpha-status. The ASN.1 module for the X.509 extension has been reviewed and validated using available tooling to check it compiles correctly [ASN1-check]. ASN.1 extension request has been verified by IANA Designated Expert [ASN1-request]. The CDDL and ABNF included in the draft, and the associated ABNF specification, have been reviewed and refined repeatedly, e.g. [ABNF-fix], [CBOR-tag-CDDL]. CDDL is validated on the draft repo CI (part of the `build` job in [CDDL-CI]), and the standalone module is published alongside the draft version it belongs to (e.g., [CDDL-module]). Media Type Registration Requested on 25 Aug 2025: https://mailarchive.ietf.org/arch/msg/media-types/VUzse4NM6yhSq8454bcGS5OsH2I/ Personnel The Document Shepherd for this document is Ionuț Mihalcea. The Responsible Area Director is Deb Cooley.