Re: [lamps] [EXTERNAL] Re: Side meeting on PKIX key attestation format
Mike Ounsworth <Mike.Ounsworth@entrust.com> Mon, 10 April 2023 12:48 UTC
Return-Path: <Mike.Ounsworth@entrust.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4FC0CC15153C for <spasm@ietfa.amsl.com>; Mon, 10 Apr 2023 05:48:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.224
X-Spam-Level:
X-Spam-Status: No, score=-2.224 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URG_BIZ=0.573, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=entrust.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aNa3lPz2jvaX for <spasm@ietfa.amsl.com>; Mon, 10 Apr 2023 05:48:43 -0700 (PDT)
Received: from mx07-0015a003.pphosted.com (mx07-0015a003.pphosted.com [185.132.183.227]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B7558C151531 for <spasm@ietf.org>; Mon, 10 Apr 2023 05:48:42 -0700 (PDT)
Received: from pps.filterd (m0242864.ppops.net [127.0.0.1]) by mx08-0015a003.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 33AA0I0T004384; Mon, 10 Apr 2023 07:48:40 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=entrust.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=mail1; bh=RMM7sjsyY+rwv6kNqQ526bxv3Z3KKNUkme5ko8aVapw=; b=MQV1qU9uJcK8+gBlI3cQjJCMg1PZCFqqEu8OfQ1cig9SbZOC7Y4UohxHEAtHaGfTDx+S qu708ojEXL5mBBUTOFoYwbhKd1GRG2fyRZ7xA0OAKjytCZ90VdMdAExtMzo6dGYJRfmD AsHnZj32BdQkVowIuT9lhN/49N1k2880KdZ/NdcNceYpbJK043QmgMMBe/x0Ig1iUaDd V2+VzXapdxYOwfm5EQEv07KT3pTZiAsR1RbJKIIrDtbby3UXiyj+k1/Y1rkD/UeH9uQ5 wwbKSMgZFpX5k+N7tG7LvZqzBay/Vd9MR7ITVlz/g4vsU/fRwkRUi/KC8ofpmt4Mea6m xg==
Received: from nam10-dm6-obe.outbound.protection.outlook.com (mail-dm6nam10lp2104.outbound.protection.outlook.com [104.47.58.104]) by mx08-0015a003.pphosted.com (PPS) with ESMTPS id 3pu4y4ncn9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 10 Apr 2023 07:48:40 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=F0d6Ii13nqZiaPOKJa8aokfg2+Dbs2uwMasxxS6ZnyeXNJCAP5lESet5gN7KUgk/uyCpnQ/HmsfOb8xMTZhRzfgfVOYGAGy6zg1sqrAE4duTlNzAo9SqDssoQu2q7TKOs1Vk29ugQk1u0RgIE2BfhpAt00sWv9DqwnNPJx+Zo5pIc16Q5LQypsngyKZx1Fcl2Hj8hpZD5aBm5w4mjEm7Jasl9/XtTMcL94XBEevvU0Lykc7txyPmmCmgM3CBwQ8IlZ0fi25dT4UqHJU82ZHOcJhN4F3VcDHyRDeEOr/eC4Mw9a3kQJGQgRSOm/0QLyia7pexhjnIRslqp4dBzh7EMw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=RMM7sjsyY+rwv6kNqQ526bxv3Z3KKNUkme5ko8aVapw=; b=Stu1G1QTDOfK+15QQaLvGlvx9+ANi3/HKAMec1JwC20l9K5R6DqTv2NICK0NSb7FIg2OpdXpLoRxpKu7yKusINusRH18sFb+XZUjBqT+tpd/KZ12mIUSZPMY8zuPWTkueQtCJlyng9AoJOLVrzKlCso6wlJ4jdF49rLuxzBKkZ7igU5jK+LI0+Fa50Dzdm2LMvC9r9BqMUIHIww544JxWaKW8WpBQwjMzQRJdcnxYyeegesUyb/CFQ4xhaJLNLfv3XLKe5Ef57B8dI+AGLC9H+ZdIjeMT/6bSZiWQaJzeUjITvosiqmzaq38ZLTtBe26/t+uKcm6O3xMcwWLdrRrOg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=entrust.com; dmarc=pass action=none header.from=entrust.com; dkim=pass header.d=entrust.com; arc=none
Received: from CH0PR11MB5739.namprd11.prod.outlook.com (2603:10b6:610:100::20) by CY8PR11MB6820.namprd11.prod.outlook.com (2603:10b6:930:60::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6277.36; Mon, 10 Apr 2023 12:48:35 +0000
Received: from CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::59b6:d12:c274:857f]) by CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::59b6:d12:c274:857f%5]) with mapi id 15.20.6277.038; Mon, 10 Apr 2023 12:48:35 +0000
From: Mike Ounsworth <Mike.Ounsworth@entrust.com>
To: Michael StJohns <msj@nthpermutation.com>, "spasm@ietf.org" <spasm@ietf.org>
CC: Richard Kettlewell <Richard.Kettlewell@entrust.com>
Thread-Topic: [EXTERNAL] Re: [lamps] Side meeting on PKIX key attestation format
Thread-Index: Adlo8FVKf3aDMhBqT5qczPKIJ3q+xABY3ASAAFVsw9A=
Date: Mon, 10 Apr 2023 12:48:35 +0000
Message-ID: <CH0PR11MB57394BCC11C657148EA2598C9F959@CH0PR11MB5739.namprd11.prod.outlook.com>
References: <CH0PR11MB57397DE8A78F12D5779DC96D9F969@CH0PR11MB5739.namprd11.prod.outlook.com> <06a1fd2b-52e6-0359-5a63-05340faab69a@nthpermutation.com>
In-Reply-To: <06a1fd2b-52e6-0359-5a63-05340faab69a@nthpermutation.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CH0PR11MB5739:EE_|CY8PR11MB6820:EE_
x-ms-office365-filtering-correlation-id: db2f02ca-2594-4f3e-b0a0-08db39c1e641
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: YLm0KZ1KpKKIs9kPGMB1RUR+2+6/LCOr7xAsGt7T3a19v1nLY6PRh84X2DS2T6Iuj8bxXoAosWWk1F6QSsLp+2162bC7GFre+etq/jJpAQ6Alfm8Ar59eTtke1zze4x1zdU9y06ZO8duokZP48MmeAuyUAYJMI2NIQ8YzdQVqIkBng0FUIM8dBEWWuw6J023pf288Z2qPsrFnc6GoHrG3gWqdAEgdWpFvr8WlYjvyElb9OEUmIy8Mray1nLg75bpRqiUS0FWlDMxv5cYSSGJyk8kuM4ZtPC2auK5gWG6hX4H5B8+TLdwKggX/4Aq095hv2UjO/diKsjf9RtGU1PXm6GwCcmtvQYsYbU1qR/cDZR2Witte4s/O1IbgjognSZZGfDkrCp+GZPNND3rCTsqZG2SXXJMbpAVEC37WMtT0cU5c6DJzO8CysO2pMmLUeV94KiNkywOIo6gBiZscXvRcIZfJXtHc7e+JJlhyU97Mz2y+vg5IGqMKZtWkQ5UAHhHk0dJgsXYnEUZx6Ysb6tjDLgH+KhNvQ5K03JXCeem728RFfnYamBrQtbggOCIEJsZtxeu5Vvu29cBRJlSMxaQw4FXRDUUUUAvsugUbUzCvj0=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH0PR11MB5739.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(4636009)(396003)(39850400004)(346002)(366004)(136003)(376002)(451199021)(478600001)(7696005)(71200400001)(316002)(110136005)(53546011)(9686003)(6506007)(26005)(186003)(966005)(107886003)(2906002)(66556008)(4326008)(76116006)(66946007)(41300700001)(64756008)(8936002)(5660300002)(52536014)(66446008)(66476007)(8676002)(122000001)(38100700002)(38070700005)(86362001)(55016003)(33656002)(66574015)(83380400001)(66899021); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: SLPeetZeEZNDxwousUPAKgTU1nkl4Ow/fwkIwkrfoFYyDxUTXJUXo/u/his+82ARCBFr4xGbD/nlTbCr/nPkc+dgcNOSbwtT6HOF0IgndfBApUUXj8P0JbkOXa7PJuud5Ialu1m1STYfa6a7J5HKXr4qKAtSL0qcsxGauodT3LzgJmXis/cD8JVo6M6Y4LdxtpiJO/Sz47Dns0oAoQmvRyIB1c4x7xyn3KpmcD9W1ewwDGWgCkcY2vJAliT3ppP9tM4X0xwQPDx+mrgfLrCcRgASJiCpn5iHughWLH2Dords2C6kmndszYGw2UXZHTPI5sgFjRy6BxeAZG6IfIlZHRXqr+qdsapMPlfD6L6z0iOhfRXA43yoBqLAi/I5ls9U6dLbGgbHDAm8M2hZwfk0gKxdPP1DZFQVML/nmdCAsEhL45DFItP9ps4O9QP/HBan2n17Tl1K2/9zMPfpYQ5gk3A1lcyNPMvS4T5odKjbxsAOYNxuepWsb9iDOc3zC7KR0kDze8vp7iol3qjUvQkhbKqrCvsIOeFExNe1EfSzkl1yDs/nPukDIfAxNGvbe311HfXfwjcPkDQbMWixICCub8U8yuOJ7+OcR8kIciynJSewOgip0KDvuZUVJPNDNYvSmXnmwUlSq/V5TM01322QqbGwPbARAEndufNtDJTTHP9u7CFju1jJ8mAqTiH3SXsZ9q6mJV7S0Jrb/9fzUF9IHe2y3Lq69LCo2ZvlMJ3A7oYPnv8rVLKVBDjDTyFo59XAAo1IG6cc6DXJZLKcOwZMwVzBlfLrDeoNAn2d8rxLu9gL911QVOltO5zwV1vIMmgwBgpT1g5jkmBWLaxrdut9oJlBeJZoCCQqcOF0AgaJHnWCelAy+L4TbVC9t1nBeoeWP6hTlLSu9/J407tXUOq1hzHgRxerme3ejy9UccY46g/AMKg1g1MLWmL/27FJLFkYo+xPTaMSz/Y74PqasYo9+25egutH9E0jEJKlxzbYlAhqpNKwdOkXbFkcub0WopfXoY/09uHAoiX/Ejz9z2kHQj4x2ji1QOqoM2bGf1ypVK0skqxKcjmjIgB29D3A7LbK/RBL3QJ1/4tvLroIuv+XpleE+oQ8iGZwhzxGytl38d58f5gSEbvU4jBZtg4YAgfrIEDspL50K1V68FEM3EKdqnDbP9bEVZU6y1fecQEe2keLtFxHQh8292lOvD27ZaDanSvKhyteIfODGE7G7gAOkpK9s8a+OgM3P4C6KWLsWA5CEMDOhdO+VzwoVEchxfqcQVqYwrtqvvzBKp9ohX5zI8GFL71x7vlGWqq6IzpFoO5V3gjF5MHOD3vJpdAZtu3bENU92vtAFRZGULPJKjALQPiJqrakkjn+2HcWw1XVUoNHhBJS9tahmMMGg+6f9Qp4AAUa41kMmdA5ke1mgwrPYQXJjPs5iEcRKUNwULAiSXZ4aYbZD8lgA1ZgtZD19NgDiJp/5geY/1a3p+mEn+BiSKEZyGzGZacHUjMim0ixqP3c/sxiwvB6pSCcEHY20fFefSpgepuLlXZMY1EYcVIl4u1Xx5E167EnXqJLPKHvb2uAlDwQvxzhBjZ2d85udBrYuHbPXUpMRXjA5kgGp4Wnhw==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: entrust.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH0PR11MB5739.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: db2f02ca-2594-4f3e-b0a0-08db39c1e641
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Apr 2023 12:48:35.7415 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f46cf439-27ef-4acf-a800-15072bb7ddc1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: IGqi1F8QyYO1EIUb58F8sOK3QCxf2/TaKdnihqo12XBthySyAVzNylk38tfQh8V+U7MBPTV0GHOecpmAcxjk+fIGb7B8TINodYi6hwdDasc=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY8PR11MB6820
X-Proofpoint-ORIG-GUID: EaaOMYvijgT0gGCoJ6ZZeM9NOa_-9qNp
X-Proofpoint-GUID: EaaOMYvijgT0gGCoJ6ZZeM9NOa_-9qNp
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.942,Hydra:6.0.573,FMLib:17.11.170.22 definitions=2023-04-10_08,2023-04-06_03,2023-02-09_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 clxscore=1015 adultscore=0 mlxlogscore=999 phishscore=0 lowpriorityscore=0 priorityscore=1501 bulkscore=0 spamscore=0 impostorscore=0 mlxscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2303200000 definitions=main-2304100108
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/w54aG9gfBo96II7nQvjAgZJUV4k>
Subject: Re: [lamps] [EXTERNAL] Re: Side meeting on PKIX key attestation format
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Apr 2023 12:48:47 -0000
Hi Michael, > Task B - Specify a key attestation statement format for big iron HSMs. This is NOT necessarily an ASN.1 structure, and, functionally, probably mimics the contents of a Trusted Platform Module attestation statement (e.g. a TPMS_ATTEST structure containing a TPMS_CERTIFY_INFO paired with a TPMT_SIGNATURE and any externally provided qualifying data like a nonce). I have the references you gave me to the TPM attestation format: TPM2_Part2_Structures section 10.12, and TPM2_Part3_Commands section 18. I still need to give those a detailed read before Thursday, but I thank you for pointing us to very similar work that's already been done. I am hopeful that you will be able to attend Thursday's meeting to provide historical context on how and why that come to be the way it is. I agree with your summary if needs. I am not opposed to taking this work to another SDO, but I want to get this moving with some momentum before really grappling with that question in full. --- Mike Ounsworth -----Original Message----- From: Spasm <spasm-bounces@ietf.org> On Behalf Of Michael StJohns Sent: Saturday, April 8, 2023 2:53 PM To: spasm@ietf.org Subject: [EXTERNAL] Re: [lamps] Side meeting on PKIX key attestation format WARNING: This email originated outside of Entrust. DO NOT CLICK links or attachments unless you trust the sender and know the content is safe. ______________________________________________________________________ Since I'm the one that suggested that LAMPS might be the correct home for all of this, I wanted to provide a bit of clarification. As I see it there are actually 6 or so separate tasks being contemplated under the various drafts and needs: Task A - Specify a mechanism for the carriage of key attestation statements in Certificate Signing Requests (of various formats). As I see it, that's probably best done in LAMPS Task B - Specify a key attestation statement format for big iron HSMs. This is NOT necessarily an ASN.1 structure, and, functionally, probably mimics the contents of a Trusted Platform Module attestation statement (e.g. a TPMS_ATTEST structure containing a TPMS_CERTIFY_INFO paired with a TPMT_SIGNATURE and any externally provided qualifying data like a nonce). This would seem to me to be an HSM vendor task, and not necessarily or even desirably a CA/BF task, although the need for such is being driven by that group. Task C - Specify the pairing of the results of A and B - an actual instantiation of A with the contents of format specified by B. This could be done as part of B, or as a fairly simple LAMPS or independent stream submission, or as an IANA registration to get an OID for an external document. Finishing this task is Mike's actual goal (I believe) and is dependent on the first two tasks. Task D - Specify the pairing of A along with necessary encodings of various attestation statements necessary to support the Webauthn attestation requirements. That's somewhat the goal of Carl's document that's current a WG document. Task E - Specify the pairing of A along with any proprietary attestation statement formats - as they occur. Those would be the responsibility of the format owner, and could be a simple IANA registration of an external documentation. Only mentioned here because A has to support this model over time. Task F - Specify the pairing of A along with an non-IETF, but standardized, attestation statement formats - e.g. TPM and Android attestation statements spring to mind. Could be done in LAMPS, either stand-alone or included in the document from Task A, or by the originating standards bodies along the lines of Task E. Note that B-F can be done in parallel with A, and none of those require IETF participation. Mike On 4/6/2023 9:36 PM, Mike Ounsworth wrote: > Hi LAMPS! > > Meeting will be next Thursday, April 13 at 11:00 EST. I sent a calendar invite and Teams link to everyone who has contacted me with interest. If you would like an invite then please email me directly. > > I had been on the agenda of the LAMPS 116 meeting last week to present draft-ounsworth-pkix-key-attestation, but we ran out of time and I did not get to present. The slides I had planned to present are here. Given that this project is already late with respect to the new CA/Brower Forum Baseline Requirements going live on June 1, 2023, I am opting to start author's working sessions in advance of a LAMPS interim meeting. I hope that this time works for everyone. > > Meeting agenda > * Urgent business: > * Do the design goals below cover your product's needs? > * Short discussion on whether any existing key attestation formats meet the design goals (WebAuthn or TPM). > * Mike to give a short presentation on the proposed key attestation format > * Discuss the proposed key attestation format and CSR attribute with the goal of agreement between HSM and CA vendors so we can start implementing. > * Medium-term business: > * What about devices currently in the field with proprietary key attestation formats or no KA?Can they be bootstrapped into this key attestation format? > * Can HSM vendors provide CAs with command-line utilities to manually validate proprietary key attestation formats? > * Long-term business: > * There has been a suggestion that IETF/LAMPS is not the right home for this work. That maybe W3C/WebAuthn or CA/B F CSBRs would be more appropriate. > * I propose that in the interest if time, we focus first on agreeing on an implementable wire format first, and afterwards figure out which SDO to seek publication with. For the time being let's leave it with IETF/LAMPS as the official discussion forum for this work. > > Regulatory requirement > * Upcoming CA/Browser Forum Code Signing Baseline Requirements will be in force June 1, 2023 (see CSC 13, or CSBR v3.2 s. 6.2.7.3). They require CAs to verify that private keys are in a FIPS 140-2 L2 or CC EAL 4+ HSM (no TPMs). Keys must be non-exportable / non-recoverable and otherwise comply with the requirements of section 6.2.7.3. > > Design goals for a key attestation format > 1. From a CA's perspective, we want a standardized key attestation format that can be placed in a CSR and verified automatically to prove that the subscriber key complies with CA/B F CSBRs. > 2. From an HSM's perspective, we want a format that's easy to write an emitter for. Here, by "easy" we mean with minimal code changes from current functionality of the crypto module meaning fast time to a patch and an easy FIPS / CC re-cert. > > Existing key attestation formats > * W3C / WebAuthn 2, particularly those defined in section 8.4 > * TPM 2.0, particularly Part 2 section 10.12. > None of these appear to be a good fit for the design goals since they are either in encodings that cryptographic modules do not typically support today (such as CBOR), or they still resolve to a proprietary inside the envelope. However if the group of HSM vendors feels that one of the existing formats would be acceptable then that would be easier than defining a new one. > > Related CSR attribute > * IETF/LAMPS draft-ietf-lamps-key-attestation-ext proposed a CSR attribute to carry WebAuthn-formatted key attestations in order to support WebAuthn-over-ACME (draft-acme-device-attest). There is ongoing discussion at LAMPS about whether to modify that draft to support both WebAuthn-formatted as well as our key attestation, or to assign separate CSR attr OIDs for the different attestation formats. This group probably should have an opinion, but ultimately I think this is up to LAMPS to decide since they are the ones assigning the OIDs. > > > Thanks, and I look forward to a productive discussion, > --- > Mike Ounsworth > Software Security Architect, Entrust > > Any email and files/attachments transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system. > > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/spas > m__;!!FJ-Y8qCqXTj2!dLTJRqPsUcHs86dH6pd972d9HzUq51qVK3oG0MH6DhKc2ZVVL7E > Ynr3fFV9Vdx3Vgwfad9PhYQQn8Pzv7fRA0v7Sc2c$ _______________________________________________ Spasm mailing list Spasm@ietf.org https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/spasm__;!!FJ-Y8qCqXTj2!dLTJRqPsUcHs86dH6pd972d9HzUq51qVK3oG0MH6DhKc2ZVVL7EYnr3fFV9Vdx3Vgwfad9PhYQQn8Pzv7fRA0v7Sc2c$
- [lamps] Side meeting on PKIX key attestation form… Mike Ounsworth
- Re: [lamps] Side meeting on PKIX key attestation … Mike Ounsworth
- Re: [lamps] Side meeting on PKIX key attestation … Michael StJohns
- Re: [lamps] Side meeting on PKIX key attestation … Michael Richardson
- Re: [lamps] Side meeting on PKIX key attestation … Michael StJohns
- Re: [lamps] Side meeting on PKIX key attestation … Michael Richardson
- Re: [lamps] Side meeting on PKIX key attestation … Michael StJohns
- Re: [lamps] [EXTERNAL] Re: Side meeting on PKIX k… Mike Ounsworth
- Re: [lamps] [EXTERNAL] Re: Side meeting on PKIX k… Michael StJohns