[lamps] Re: About MSJ's proposal for the new Attestation OID Registry in draft-ietf-lamps-csr-attestation

Carl Wallace <carl@redhoundsoftware.com> Fri, 13 February 2026 01:55 UTC

Return-Path: <carl@redhoundsoftware.com>
X-Original-To: spasm@mail2.ietf.org
Delivered-To: spasm@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id CFEF3B6A8578 for <spasm@mail2.ietf.org>; Thu, 12 Feb 2026 17:55:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (1024-bit key) header.d=redhoundsoftware.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3_EMses43_Ll for <spasm@mail2.ietf.org>; Thu, 12 Feb 2026 17:55:02 -0800 (PST)
Received: from mail-qk1-x736.google.com (mail-qk1-x736.google.com [IPv6:2607:f8b0:4864:20::736]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id D7766B6A856D for <spasm@ietf.org>; Thu, 12 Feb 2026 17:55:02 -0800 (PST)
Received: by mail-qk1-x736.google.com with SMTP id af79cd13be357-8c70b5594f4so51466985a.1 for <spasm@ietf.org>; Thu, 12 Feb 2026 17:55:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhoundsoftware.com; s=google; t=1770947696; x=1771552496; darn=ietf.org; h=mime-version:in-reply-to:references:thread-topic:message-id:cc:to :from:subject:date:user-agent:from:to:cc:subject:date:message-id :reply-to; bh=S6ffvu15TuNv0+63kz/Hv9D9B8Gd2M2Ie4Tiy4kCJfg=; b=gd/NqQkj/MKE56xGZnnCpnBbViLvGWVX0iwLUEtnZcqCjA64EcI/18uTTrWPt8zvLl 6kHmaB8jvhnYcfhOckrzi5Nz21LkRTn3k8sIWQA1pz8M/8omFCnRMfOj4pXNtkVqfnVL D9ZgT+az8FFXOfjIPupQUZ//Yq2J8obXuj20Y=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770947696; x=1771552496; h=mime-version:in-reply-to:references:thread-topic:message-id:cc:to :from:subject:date:user-agent:x-gm-gg:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=S6ffvu15TuNv0+63kz/Hv9D9B8Gd2M2Ie4Tiy4kCJfg=; b=dGI6X5XVJdUdho+q+XHomDwCQFQTML6WIwFr5wPV/1Mq6FxtNfl5WYRsxATH4urw1K Fn1FwsZnh1utzZocz4HBW/zLekp9UmQlIpjpImH304/lojdlBx0FewTTrWfnbCX1bqVa Cu2/Pj84mhIADn8M8FEmiQ/EZYB+2OoPrIhZEa1GD5WkqYM1+3MZHfe1OGTrbqPRmEP2 5NTmBziTka1stS18VT9ec4mPyTIwThjrwqu4CgvdmrQQ02pG7Kqbj34YbjLLClJhRSJp 0WHO1URgOoICqHRt0qHW94YJ+zEolnLqQm1zbdRfChCxAAq/2Oh+COzTjNwJIlCrj8l5 2y8w==
X-Forwarded-Encrypted: i=1; AJvYcCWntMRx3MnFovTjkpRcmKZoZocvzcNc6x4G1QV6JPFy082z+DNoDJM1AaHJax9GDHp2e0KVCQ==@ietf.org
X-Gm-Message-State: AOJu0YxelcLXio7J1vL/P5rIo68G7k9258ElCkZVCxwEXVMbs46CYR4K tuxQSZn05SGwvqnH+iKRb0XDni6+nyU3BEGXxit0sLSRb1c9nha+NyQil7fE5GO7fSk=
X-Gm-Gg: AZuq6aIpQ2xFa0zOfGs1D4jBRz389u9b2UMI5GRdXbqDxUvfVOadc6yWkjJdcmY55ge k5DT4ePCH7VqjCoAPxBWJSDJ4zA3Vrmk01r3WJWlPtajP8K66M891w0DKDgv/3gFL3WjqjWbvq8 nwcEEGAImm+P1+7EU9Ac2JQk5H9Wl2ob6ZC/l4TzEQ7xHVi0xMmmZlRWTA4WlOxSzpEnUTVTMul CGFqzCaSXnlyLzF+2ap4CSb8feBkv4dEgxtsA2Bj1xK+O1O11OcmbVJlWlBPlgSiMQmYWF2yi0Y yMN3BVq7CDGo7K6BTMXcY8ZMMUuaUyxRV7vb8cSHLTw4iKQIHOGWCdCJaHAhs0YvECILnD5v6uC zqNGJXfn+NLDbPdLthTGyAIF2e6BgT2tbXWmvx0gjEG48TqbSMYHQCjPSLTbloX6w/d8h7NDX7L CNTdgHs5oyOHbMalJuv+q3AoBLR9zHGbgJwXAZSL6DqPtO3oNH/Y/MsnqrrnFB6MkCw1yuo1Cj8 wdc52f4NpWjDzBpQ1YKNw==
X-Received: by 2002:a05:620a:7108:b0:8a2:bff5:40e3 with SMTP id af79cd13be357-8cb4263535fmr33470485a.38.1770947695885; Thu, 12 Feb 2026 17:54:55 -0800 (PST)
Received: from [192.168.4.20] (pool-96-255-232-167.washdc.fios.verizon.net. [96.255.232.167]) by smtp.gmail.com with ESMTPSA id af79cd13be357-8cb2b1c7d7csm485377085a.27.2026.02.12.17.54.55 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 12 Feb 2026 17:54:55 -0800 (PST)
User-Agent: Microsoft-MacOutlook/16.106.26020821
Date: Thu, 12 Feb 2026 20:54:54 -0500
From: Carl Wallace <carl@redhoundsoftware.com>
To: Mike Ounsworth <ounsworth+ietf@gmail.com>, "Salz, Rich" <rsalz@akamai.com>
Message-ID: <7892E459-8971-405D-B311-151AE777B659@redhoundsoftware.com>
Thread-Topic: [lamps] Re: About MSJ's proposal for the new Attestation OID Registry in draft-ietf-lamps-csr-attestation
References: <CAKZgXHoQ7cLUvhVKL6A1NnOX_xyfn=PG5FcD4LX2L78HvPCY9Q@mail.gmail.com> <f0ccd2c0-ce1f-4d44-9f63-e469b7d643d7@nthpermutation.com> <CAKZgXHpay5Fw75twEbJciwFVi-+pMoFtowmhwD-j=pwmAzjTQg@mail.gmail.com> <4e010f62-dff5-4e2b-bb36-c18affaf5cc3@nthpermutation.com> <CAKZgXHrO_N_Ld7-cWg2=CCEGE5UbdX=pgABrBXGJnvujcSvU1w@mail.gmail.com> <6efce687-cf5d-4925-8f73-812e3ee7f9e4@nthpermutation.com> <MN2PR17MB4031B5B5FF956A29E3FC948ECD63A@MN2PR17MB4031.namprd17.prod.outlook.com> <ec67472c-c749-423c-8bfa-7b9e5320560f@nthpermutation.com> <MN2PR17MB40313ED447FE13B299536CF7CD60A@MN2PR17MB4031.namprd17.prod.outlook.com> <03209821-4c18-4c96-bb20-31b98c007e9f@nthpermutation.com> <CAKZgXHoK3GBFrGOzbVc-3pu2jYBEKw-hs7ETzxnybAKMOS3Ngg@mail.gmail.com> <64ee8812-c839-4f15-a805-d562bc85e703@nthpermutation.com> <D5E7B4CE-92E6-4065-BBA7-3BBCFA730BDE@redhoundsoftware.com> <CAKZgXHoAvniiMoo8Sf0gVmjN7NMjnj6WoJBU6b5sFmy2g6qwTA@mail.gmail.com> <08ABD79B-C42C-486D-A354-970DDC7AF8CD@redhoundsoftware.com> <MN2PR17MB4031328690E4ECF6DC0C13DDCD60A@MN2PR17MB4031.namprd17.prod.outlook.com> <CAKZgXHo=R7WXza1yYpoGKDfbadYGzn6SQ4kYnrOFnpaWBhy=gA@mail.gmail.com>
In-Reply-To: <CAKZgXHo=R7WXza1yYpoGKDfbadYGzn6SQ4kYnrOFnpaWBhy=gA@mail.gmail.com>
Mime-version: 1.0
Content-type: multipart/alternative; boundary="B_3853774495_233240578"
Message-ID-Hash: 4HWJ4LJIQYMIXWNNTAW35W5TOEOWCSTW
X-Message-ID-Hash: 4HWJ4LJIQYMIXWNNTAW35W5TOEOWCSTW
X-MailFrom: carl@redhoundsoftware.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-spasm.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Michael StJohns <msj@nthpermutation.com>, LAMPS WG <spasm@ietf.org>, Tim Polk <wtpolk@gmail.com>, Steve Hanna <Steve.Hanna@infineon.com>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [lamps] Re: About MSJ's proposal for the new Attestation OID Registry in draft-ietf-lamps-csr-attestation
List-Id: This is the mail list for the LAMPS Working Group <spasm.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/lWKxSCSMOjnCB7WObpMphxe3Oik>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Owner: <mailto:spasm-owner@ietf.org>
List-Post: <mailto:spasm@ietf.org>
List-Subscribe: <mailto:spasm-join@ietf.org>
List-Unsubscribe: <mailto:spasm-leave@ietf.org>

Replies inline. As a reminder, Tim sent a note to the list on 12/18 introducing the changes: https://mailarchive.ietf.org/arch/msg/spasm/HH3XBz0lDhreqwZnnmJ-G_KnmEE/.

 

From: Mike Ounsworth <ounsworth+ietf@gmail.com>
Date: Thursday, February 12, 2026 at 7:40 PM
To: "Salz, Rich" <rsalz@akamai.com>
Cc: Carl Wallace <carl@redhoundsoftware.com>, Michael StJohns <msj@nthpermutation.com>, LAMPS WG <spasm@ietf.org>
Subject: Re: [lamps] Re: About MSJ's proposal for the new Attestation OID Registry in draft-ietf-lamps-csr-attestation

 

Hi Carl,

 

<snip>

 

... just ... this seems overly complicated to me:

 

AttestationStatement ::= SEQUENCE {
   type   ATTESTATION-STATEMENT.&id({AttestationStatementSet}),
   bindsPublicKey [0] BOOLEAN DEFAULT TRUE,
   stmt   ATTESTATION-STATEMENT.&Type(
              {AttestationStatementSet}{@type}),
   attrs  [1] Attributes {{AttestAttrSet}} OPTIONAL
}

 

[CW] I think it is helpful to contrast the above with what preceded it (shown below), as much of the complexity is shared.

 

EvidenceStatement ::= SEQUENCE {

   type   EVIDENCE-STATEMENT.&id({EvidenceStatementSet}),

   stmt   EVIDENCE-STATEMENT.&Type({EvidenceStatementSet}{@type}),

   hint   IA5String OPTIONAL

}

 

where we have two CLASSes: AttestationStatementSet and AttestAttrSet.

We also have a field that is optional, but if absent MUST be considered to be True, which smells like a footgun for anyone implementing a custom parser for this.

 

[CW] Default values are a standard ASN.1 feature even in the older syntax. Anyone implementing a parser will need to be able to deal with defaults. 

 

This is not a simple struct; there are a lot of moving parts here.

 

Also where `Attributes` is defined in RFC 5912 as `SET OF Attribute{{ IOSet }}` where `Attribute` itself is a big complex definition meant to handle all the complexity of X.509 and CMS. That's a heavy definition to import. What are the concrete use cases for Attributes? 

 

[CW] This was included to allow a spot for the much-discussed validator “hint” to land once validators and corresponding protocols and data structures are more defined.

 

As I understood MSJ's use case; he has attestation data that comes with one core statement and a few bits of ancillary data (other than a cert chain) required to validate the core statement. One way or another the people producing that data need to define a way to serialize it; either specify a standalone serialization (which is probably what they want), or define a CSR-specific serialization for how you pack their various bits into CSR.AttestationStatement.attrs. The latter (the option represented in the current ASN.1 defn) requires every other implementer to bear the complexity cost of that (via having to support a more complex AttestationStatement structure) for, I believe, no complexity savings for even the people who need it.

 

[CW] The attrs are not intended to be attestation-specific and would contain something general purpose, like a hint or AIA-like construction if/when validators are defined.

 

So this is not really about 1988 vs 2002 syntax, but rather about why there is so much machinery here.

 

[CW] The source document contained basically the same machinery. The previous structure supported a list of attestations, not all of which would be key attestations as I understood it. The Boolean aimed to highlight which were bound to the key. The attributes was an alternative to an oddly specified “hint”. 

 

I'm also not entirely sure I understand the purpose of `bindsPublicKey`, or the text currently in the document about it. Under what conditions is that to be set to True / False? What is the CA supposed to do with that information? Like, what problem is this field trying to solve? What failure mode exists if this field isn't there?

 

[CW] It is indicating which attestation of a possible multitude is bound to the key that is the subject of the CSR (vs traversing the list). It could be dropped if list traversal is preferred. The failure mode is unchanged by the presence of that indicator. It’s not clear to me that a sequence of evidence statements is needed (but we left that as it was).

 

In general, the entity bundling together the CSR could be an openssl script or ACME bot that may not actually know the semantics of the attestation data that it's bundling, so I think if we're gonna add this `bindsPublicKey` field, we need some pretty clear implementation guidance for it. 

 

[CW] One might say the same thing about the “SEQUENCE SIZE (1..MAX) OF EvidenceStatement” in -21 and below. The key attestations I am familiar with do not need this, but if folks want platform attestations alongside key attestations that makes sense (hence the flag to single out the key attestations). One could require some ordering of the list but that’s not simpler. In any case, I don’t view the bindsPublicKey value as some critical element (and I doubt Tim or Steve would). If the consensus is that an indicator like this is unnecessary, then delete it.

 

And then I think we need to ask whether this implementation guidance is going to be possible to follow for all clients, or if we've created something that's unimplementable. 

 

[CW] I can’t see how the addition of a bool and refashioning a hint as Attributes changes much in terms of “unimplementability”, but that may be a good question to ask in general.

 

Also, do we need to specify any rules for the entity parsing the CSR based on whether this field is True or False? In summary: I don't understand the purpose of this, and the text currently in the document does not clear it up.

 

[CW] Maybe it should be described as a hint for verifiers only interested in key attestations and not platform attestations, etc.

 

Also, where did the Hint go? We had a real-world need for that. I assume that content should go into an Attribute now? The current document says:

"This specification does not define any Attribute instances."

... but shouldn't it? Shouldn't you have lifted our Hint stuff into an Attribute? Why is it gone? Was there a justified reason that the Design Team deleted all that?

 

[CW] As discussed during the interim in November, hint was underspecified and did not have consensus in -21 or before. We replaced it with an extensibility mechanism you could use to incorporate a hint attribute when verifier protocols and data structures are better defined.

 

Do we have a volunteer to generate samples that exercise this new functionality? Maybe seeing real-world examples of bindsPublicKey: True / False, and of Attributes would help me to understand their purpose?

 

[CW] I am not aware of a volunteer to generate samples.

 

Sorry it's taken me so long to formulate a response to the Design Team's work here, but I think my response is:

"I appreciate the effort that the Design Team has put into this, but I don't understand the changes that the Design Team made. Can they please do a presentation explaining the changes?".

Probably, we should have organized a presentation when the DT delivered their report, cause I honestly got a bit overwhelmed by the scope of the proposed changes.

Maybe the DT should take the speaking slot for this draft at 125?

 

[CW] I cannot attend. I have CC’ed Tim and Steve to see if they can attend. The bulk of the changes were subtractions.  None of those have been noted here, so that’s good. If the primary issues are with the bindsPublicKey and attrs fields we ought to be able to resolve that without a presentation.

 

I certainly don't feel like I can present this draft at 125 given that I don't understand it.

 

[CW] OK, though at the ASN.1 level the changes for “evidence” are minimal: a new Boolean field and an Attributes bucket where the hint used to be. As noted in the note to the list, “attestations the design team is currently aware of would all set the bindsPublicKey indicator to true and would not require the optional attributes.” Instances of that sort would look like the old struct without the optional hint. The changes were more about future proofing for when things like hints or evidence other than key attestations are desired.

 

 

 

On Thu, 12 Feb 2026 at 15:19, Salz, Rich <rsalz@akamai.com> wrote:

I will accept that 1988 syntax is no longer feasible, thanks for the semi-references :)

 

I still think this is way too complicated. Have any CAs said they want this or intend to implement it? The one notable party, Entrust, is no longer in that business, And I don’t mean just the WebPKI CAs, but even things like BouncyCastle, etc.